have just started...

I started at the beginning, where i belong, to clean my machine. I removed, uninstalled some unused programs as suggested. no problem. next i used the CCleaner Slim, as recommended. but this program failed. i downloaded and ran it and it ran for some time till it stopped. the message was 'program not responding'. CCleaner was dead in the water. The very same thing happens with my AdAware program, it runs till it gets to 96000 units then freezes.
seems to me some malware is stopping these programs from completing their tasks.
so what should i do next?

 

Hello jobin,

Please continue to follow the instructions in the below link and attach the requested logs when you finish these instructions.

• READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.

• Do not assume that because one step does not work that they all will not.

Notes:

1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

have located on the 'control panel' a program called 'Windows XP Service pack 2' and wonder if this is the malware identified as 'Windows SR 2' in the instructions page. what to do: remove or not. thanks

 

John, please do not remove or change anything at this point in time except for what is listed in the README instructions. Chances are that is the legit uninstall entry for Windows XP SP2.

 

hi ripchain,,

here's what happenin...Finished step 1, all OK.
Step 2,..OK.
Step 3..trouble. Downloaded Super antispy..OK
.. But SpyBot i was not able to download so i tried the Driver Agent, maybe some new stuff for me. i have SpyBot on my machine and use it 2x month. The Driver Agent software ran to 40% of complete, then stopped entirely. My machine would not respond, tried Alt/Cont/ Delete but no action, the mouse was dead. I pushed the off switch.
i have a similar problem with AdAware, also on my machine. it runs to 96K files then stops.
Now what to do?

 

Please just run what you can, then post the logs from the programs you were able to run.

 

hi ripchain,

have uploaded 3 scans, i think. computer working better now. did have some problems finishing the Combo fix program so maybe the scan is not complete, ?? cannot find spybot scan files on my machine i will keep searching for it. kindly look over these scans and i welcome your reply.
thanks.

 

Hello jobin,

There is just one more log I would like to see from you real quick before we begin.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Attach the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

here is the mbam log:

Malwarebytes' Anti-Malware 1.26
Database version: 1116
Windows 5.1.2600 Service Pack 2

2008-09-07 06:49:39
mbam-log-2008-09-07 (06-49-39).txt

Scan type: Quick Scan
Objects scanned: 44797
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Hello jobin,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe


http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

hi rip chain,

am sending attachment with big log from combofix; hope it is done correctly.

jobin

 

Hello jobin,

That's the log I asked you to create in notepad, did you drag it into combofix and run it? Did Combofix produce a different log for you?

 

oops, stupid me. sorry.

let's try this one, a Word doc with the scan , although i think i could also find and send the Notepad, if that screen appearance is better for your reading.

 

here is the log.txt of the recent combofix scan

 

Hello jobin,

Your logs are looking better, but there are still a couple of things that seem to want to play things stubborn.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below log:

• C:\MGlogs.zip

 

here is log, i think.

 

Hello jobin,

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply.

 

hello ripchain,

i am unable to download F-secure online scanner. either too big or my download rate too slow...etc. i am in china so often find problems like this with big downloads. i could continue to try but can give no assurance at all of success.

any alternatives or other advices?
thanks

jobin

 

Hello jobin,

I just always like to run one last full system scan as a precaution, but I think we'll be ok without it in this case.

How is your computer running right now?

 

hi rip chain,

well, things are very much better now. seems like lots of pop-ups, which are blocked, and these slow the window openings, etc. no particular problems with any program, including the internet. i do wonder now which new security programs to run and how often??
thanks for the help.
jobin

 

Hello jobin,

Does this happen just when you visit certain websites, or does this happen frequently whenever you're online?

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

"cannot import, not a registry script, only import binary registry files from within the registry editor"

no success on this

mostly the popups on heavy ad sites, nytimes other news outlets,

i notice on the file you sent something about 'kazaa', a music sharing site? i did have 'bear share' but removed it. some sites do give me hidden maljunk i don't want but i am unable to learn in advance if site is loaded with hidden junk.

so, what's next?

 

Hello jobin,

Usually when that error appears something didn't process quite right somewhere between my post and you trying to merge the file with the registry. Let's try it one more time.

Open notepad and copy (Ctrl C) and paste (Ctrl V) the following text in the quote:

Code:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

Save it to your drive C:\ as fix131.reg and as Type "All files"


Double click on fix131.reg and allow when prompted to let it merge with the registry.

This seems normal enough, I think your computer is pretty good to go then. Assuming we get that registry fix to work, that is.

 

hello ripchain,

i did as requested and the item was incorporated into the registry. but nothing happened after that. was does that small file do?

so all is OK now? what about weekly inspections with one or more of my new tools-superspyware, adaware, malwarebytes, ccleaner, etc.

thanks

jobin

 

Hello jobin,

It resets certain values and settings in the registry back to the way they were before Combofix was run.

It's up to you whether or not you keep those programs, but I would recommend at least keeping MalwareBytes and CCleaner, and perhaps running them weekly.

Please follow the directions in this topic, starting with: Step 4: Toggle System Restore.