Help with badly infected computer!

Discussion in 'Malware Help (A Specialist Will Reply)' started by BillMc, Oct 26, 2010.

  1. BillMc

    BillMc Private E-2

    Hi,

    I am trying to clean up a computer for a friend, and am having a lot of trouble.

    The computer has an obvious Antivirus8 infection, there are popups on booting, and constantly while working. The computer is also going to the blue screen a lot right after booting, this will happen 4 out of 5 times. Also, going to any web page will result in a virus message in the browser. I can bypass the message most of the time, but not for almost any site offering advice for virus removal. Although I could get to majorgeeks!

    I have been trying to go through the read and run me first, but have had varying success with the scans.

    With Super Anispyware, it will shut down during the registry scan. It will complete a file scan, or a memory scan. I was able to pause the registry scan and capture a log of it at some point before it shut down, but I doubt the log is complete. I have attached 3 Super Antispyware logs, one for the memory, one for the registry, and one for the files.

    Next, I had no luck running Malware bytes at all. The scan would be halted immediatly after a scan would start.

    I did not have much luck with combofix either. It would start, and the first progress bar would appear, but the program would be halted right after the first progress bar completed.

    I have a rootrepeal file log attached. I'm not sure how complete this is. I let it run overnight, and it never finished. I stopped the scan at this point and grabbed the log.

    MGTools ran without much trouble, the zip is attached.

    Thank you very much in advance for any help you can give me with this.
    - Bill
     

    Attached Files:

    BillMc, Oct 26, 2010
    #1
  2. BillMc

    BillMc Private E-2

    Here is the MGlogs.zip file
     

    Attached Files:

    BillMc, Oct 26, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download OTM by Old Timer and save it to your Desktop.




    Code:
    :Processes
explorer.exe

:Files
C:\Users\Tricia\Desktop\Antivirus8.lnk
C:\Program Files\AV8

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AV8"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AV8"=-
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[start explorer]
[Reboot]

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * OTM log
    * C:\MGlogs.zip
     
    TimW, Oct 26, 2010
    #3
  4. BillMc

    BillMc Private E-2

    Thank you for the quick reply!

    I downloaded the file to the desktop, and followed the instructions. When I clicked the MoveIt! button, the application was terminated. When I try and run it again I get the message:

    "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

    When I navigate to the path for the log file (C:\_OTM\MovedFiles), I see a folder named 10262010_192242, but it is empty.

    I did not run MGTools since this step did not complete.

    Thank for your help.
    - Bill
     
    BillMc, Oct 26, 2010
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Just to keep things moving:

    Now download The Avenger by Swandog469, and save it to your Desktop.

    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Oct 26, 2010
    #5
  6. BillMc

    BillMc Private E-2

    OK, Progress, maybe?

    I manually did the following:

    Deleted the files indicated below.
    Deleted the registry keys using Regedit (I also had to delete a debugger key in order for explorer.exe to launch)

    I can now boot without antivirus8 getting in the way (yea!)

    I tried to run C:\MGtools\GetLogs.bat, but now I'm getting the following error several times:

    C:\Windows\System32cmd.exe
    C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\. A temporary file needed for initialization could not be created or could not be written to. Make sure that the directory path exists, and disk space is available. Chose 'Close' to terminate the application.

    The path does exist, and I have 193GB of free space.

    Any ideas?
     
    BillMc, Oct 26, 2010
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Can you run the C:\MGTools\Getlogs.bat in safe mode?
     
    Kestrel13!, Oct 26, 2010
    #7
  8. BillMc

    BillMc Private E-2

    Nope, same problem in safe mode :(

    Thanks for the help!
     
    BillMc, Oct 26, 2010
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The red is merely informational.

    cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

    Did they run? Have you a new C:\MGLogs.zip?
     
    TimW, Oct 27, 2010
    #9
  10. BillMc

    BillMc Private E-2

    OK here goes:

    cd \MGtools
    GetRunKey
    Here, I get a pop-up window, 2x, with this message:

    16 bit MS-DOS Subsystem
    Administrator: C:\Windows\system32\cmd.exe - GetRunKey
    C:\Windows\system32\\config\SYSTEM~1\AppData\Local\Temp. A
    temporary file needed for initialization could not be created or could not be
    written to. Make sure that the directory path exists, and disk space is
    available. Choose 'Close' to terminate the application.

    ShowNew
    Here, I get the same message a couple dozen times. On the cmd window, it says "The process cannot access the file because it is being used by another process." once for each message. After that it lists a lot of "Finding copies of" messages, but then seems to move along normally. I've attached the new mglogs.zip, although there is really nothing in it :(

    I had to go through this 3x as the first time the pc went to a blue screen in the middle of the scan after running ShowNew and getting by the errors. The final time the PC just rebooted with no warning.

    Thank you again for all your help, it is greatly appreciated.
     

    Attached Files:

    BillMc, Oct 27, 2010
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This is puzzling. Please uninstall MGTools.exe and the MGTool folder. Run CCleaner. Then download another copy of MGTools here --> MGtools and save it to your root folder.
    Now see if it will run properly.
     
    TimW, Oct 27, 2010
    #11
  12. BillMc

    BillMc Private E-2

    No luck, same results.

    I also get the same error if I just type command from start/run.

    I think this error will happen anytime I try and run a 16bit dos program. I have no idea how to get around this.
     
    BillMc, Oct 27, 2010
    #12
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download OTL to your desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.
     
    Kestrel13!, Oct 27, 2010
    #13
  14. BillMc

    BillMc Private E-2

    OK, I did as asked. As soon as I hit the Run Scan button, the application terminated. Now, if I try to run it again, I'm told "Windows cannot access the specified device, path, or file. You may not have the approprate permissions to access the item."

    I about to do a complete restore from the windows CD. I'm not sure if you guys have any other ideas, I can't even get any logs for you to ask for help with.

    Thanks again for all your help.
     
    BillMc, Oct 28, 2010
    #14
  15. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    We can try...!

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click and choose Run as Administrator

    You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    1. Rkill.exe
    2. Rkill.com
    3. Rkill.scr
    4. Rkill.pif
    Once you've gotten one of them to run then try to immediately run the following.

    Now download and Run exeHelper from Raktor
    • Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file named log.txt will be created in the directory where you ran exeHelper.com
    • Attach the log.txt file to your next message.
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Now run this: Using Malwarebytes Anti-Malware

    Now run this: Using MGtools


    Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans
    • exeHelper log
    • Malwarebytes Anti-Malware log
    • MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
     
    Kestrel13!, Oct 28, 2010
    #15
  16. BillMc

    BillMc Private E-2

    I do appreciate it!

    This did not help with running malewarebytes, but I did get a log out of mgtools! (although I did still get the 16-bit msdos error a bunch of times)

    I've attached the exehelperlog, rkill, and mglogs.

    Thanks again (very much)
     

    Attached Files:

    BillMc, Oct 28, 2010
    #16
  17. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Badly infected is an understatement! I am working up a fix though. :) But it might take a while.
     
    Kestrel13!, Oct 28, 2010
    #17
  18. BillMc

    BillMc Private E-2

    Thanks, I appreciate your help! Very much!
     
    BillMc, Oct 28, 2010
    #18
  19. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    You also have a DNS infection but let's get this part of the fix out of the way first.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Last edited by a moderator: Oct 29, 2010
    Kestrel13!, Oct 28, 2010
    #19
  20. BillMc

    BillMc Private E-2

    Getting closer, the desktop now looks like a vista desktop.

    I've attached the avenger log and the new mglogs.zip

    Thanks so much for your help
     

    Attached Files:

    BillMc, Oct 29, 2010
    #20
  21. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The avenger log you posted appears to be from when you ran that fix back in post #5. Plus the Reg.fix did not work.

    Do you still have ComboFix on your desktop? If so, rename it to abc.com and see if it will run.

    Also try it in safe mode.
     
    TimW, Oct 30, 2010
    #21
  22. BillMc

    BillMc Private E-2

    No luck with combofix.

    It starts up, but right after the first progress bar fills the PC goes to a blue screen. I tried this in safe mode 3 times with the same results.

    Thanks for continuing to try...
     
    BillMc, Oct 30, 2010
    #22
  23. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download OTM by Old Timer and save it to your Desktop.




    Code:
    :Processes
explorer.exe

:Files
C:\Windows\system32\config\systemprofile\AppData\Local\nsrdel.dll
C:\Windows\system32\m3v4lzsi.dll
C:\Windows\Temp\Dhr.exe
C:\Windows\system32\sshnas21.dll
C:\Windows\Temp\qbxwd.exe
C:\Windows\win.exe
C:\Windows\system.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\wininst.exe
C:\Windows\hexdump.exe
C:\Windows\user.exe
C:\Windows\mdm.exe
C:\Windows\gdi32.exe
C:\Windows\smss.exe
C:\Windows\cmd.exe
C:\Windows\Temp\gdi32.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\hexdump.exe
C:\Windows\nvsvc32.exe
C:\Windows\Temp\sysedit.exe
C:\Windows\avp32.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\smss.exe
C:\Windows\Temp\iexplarer.exe
C:\Windows\Temp\taskmgr.exe
C:\Windows\Temp\winamp.exe
C:\Windows\Temp\setup.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\setup.exe
C:\Windows\install.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\smss.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\sysedit.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\hexdump.exe
C:\Windows\avp.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\iexplarer.exe
C:\Windows\Temp\s3scq13z.exe
C:\Program Files\Zango\bin\10.0.341.0\ZangoSA.exe
C:\Windows\system32\m3v4lzsi.dll
C:\Program Files\Zango\bin\10.0.341.0\OEAddOn.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\wininst.exe
C:\Windows\setup.exe
C:\Windows\nvsvc32.exe
C:\Windows\mdm.exe
C:\Windows\hexdump.exe
C:\Windows\install.exe
C:\Windows\gdi32.exe
C:\Windows\cmd.exe
C:\Windows\avp32.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\wininst.exe
C:\Windows\TEMP\gdi32.exe
C:\Windows\TEMP\sysedit.exe
C:\Windows\TEMP\setup.exe
C:\Windows\TEMP\iexplarer.exe
C:\Windows\TEMP\taskmgr.exe
C:\Windows\TEMP\winamp.exe
C:\Windows\TEMP\s3scq13z.exe
C:\Windows\Temp\gdi32.exe
C:\Windows\Temp\sysedit.exe
C:\Windows\Temp\setup.exe
C:\Windows\Temp\iexplarer.exe
C:\Windows\Temp\taskmgr.exe
C:\Windows\Temp\winamp.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\setup.exe
C:\Windows\system32\config\systemprofile\AppData\Local\esihiciqu.dll
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\smss.exe
C:\Windows\debug.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\hexdump.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\smss.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\hexdump.exe
C:\Windows\avp.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\sysedit.exe
C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\iexplarer.exe
C:\windows\smss.exe 

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Stowim"=-
"uPc+kt0NcjZCxl"=-
"MqmnfTc"=-
"U36VRSFLG6"=-
"Metropolis"=-
"DnE"=-
"Mqva"=-
"Mquxe"=-
"MqmxLpnxvofeefntg"=-
"Mque"=-
"Mqrtc"=-
"MqsZ"=-
"MqrMc"=-
"Mqug"=-
"MqqZ"=-
"MqmnZP"=-
"Mqtw+"=-
"Mqmnxb"=-
"MqpSc"=-
"Mqmntpf"=-
"Mqmnsd"=-
"Mqmnrc"=-
"Mquvc"=-
"Mqmnwe"=-
"MqmxLpnxvofeefnwe"=-
"Mqrta"=-
"Mqvalla"=-
"MquxLpfRWZkfgrg"=-
"Mqqoc"=-
"MquxLpfRWZkfgotc"=-
"MqmxLpnxvofeefnxc"=-
"MqmxLpnxvofeefnqg"=-
"Mqpe"=-
"MquxLpfRWZkfgrtc"=-
"MquxLpfRWZkfgouqc"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"MqmnfTc"=-
"uPc+kt0NcjZCxl"=-
"ZangoSA"=-
"ZangoOE"=-
"Mqva"=-
"MquxLpfRWZkfgsre"=-
"MquxLpfRWZkfgrvc"=-
"Mquxe"=-
"Mquvc"=-
"Mqug"=-
"Mque"=-
"Mqtw+"=-
"MqsZ"=-
"Mqrtc"=-
"Mqrta"=-
"MqrMc"=-
"MqqZ"=-
"MqpSc"=-
"MqmxLpnxvofeefntg"=-
"MqmPZP"=-
"MqmPxb"=-
"MqmPwe"=-
"MqmPtpf"=-
"MqmPsd"=-
"MqmPrc"=-
"MqmPfTc"=-
"MqmnZP"=-
"Mqmnxb"=-
"Mqmnwe"=-
"Mqmntpf"=-
"Mqmnsd"=-
"Mqmnrc"=-
"MqmxLpnxvofeefnwe"=-
"Nluvamuxudipotaf"=-
"Mqvalla"=-
"MquxLpfRWZkfgrg"=-
"Mqqoc"=-
"MquxLpfRWZkfgotc"=-
"MqmxLpnxvofeefnxc"=-
"MqmxLpnxvofeefnqg"=-
"Mqpe"=-
"MquxLpfRWZkfgrtc"=-
"MquxLpfRWZkfgouqc"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Stowim"=-
"uPc+kt0NcjZCxl"=-
"MqmnfTc"=-
"DnE"=-
"Mqva"=-
"Mquxe"=-
"MqmxLpnxvofeefntg"=-
"Mque"=-
"Mqrtc"=-
"MqsZ"=-
"MqrMc"=-
"Mqug"=-
"MqqZ"=-
"MqmnZP"=-
"Mqtw+"=-
"Mqmnxb"=-
"MqpSc"=-
"Mqmntpf"=-
"Mqmnsd"=-
"Mqmnrc"=-
"Mquvc"=-
"Mqmnwe"=-
"MqmxLpnxvofeefnwe"=-
"Mqrta"=-
"Mqvalla"=-
"MquxLpfRWZkfgrg"=-
"Mqqoc"=-
"MquxLpfRWZkfgotc"=-
"MqmxLpnxvofeefnxc"=-
"MqmxLpnxvofeefnqg"=-
"Mqpe"=-
"MquxLpfRWZkfgrtc"=-
"MquxLpfRWZkfgouqc"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters]
"NameServer"=""

[HKEY_LOCAL_MACHINE\system\controlset002\services\tcpip\parameters]
"NameServer"=""

[HKEY_LOCAL_MACHINE\system\controlset003\services\tcpip\parameters]
"NameServer"=""

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{aac2b86c-bb9f-4b8a-92b2-a9fe65915153}]

[-HKEY_LOCAL_MACHINE\system\controlset002\services\tcpip\parameters\interfaces\{aac2b86c-bb9f-4b8a-92b2-a9fe65915153}]

[-HKEY_LOCAL_MACHINE\system\controlset003\services\tcpip\parameters\interfaces\{aac2b86c-bb9f-4b8a-92b2-a9fe65915153}]
:Commands
[purity]
[ResetHosts]
[createrestorepoint]
[emptytemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * OTM log.
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Oct 30, 2010
    #23
  24. BillMc

    BillMc Private E-2

    Thanks Tim,

    But OTM won't run for me. It starts up fine, but as soon as I click MoveIt the application is terminated.

    This happens in safe mode as well. I even tried running Rkill, and exeHelper first, but this did not help.
     
    BillMc, Oct 30, 2010
    #24
  25. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    AArrgghhh!!!
    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    * Run avenger.exe by double-clicking on it.
    * -Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\Avenger.txt
    * C:\MGlogs.zip
     
    TimW, Oct 30, 2010
    #25
  26. BillMc

    BillMc Private E-2

    Thanks,

    I did all this in safe mode. I tried running MG Tools in normal mode after running fixMe and avenger, but it would not work. I was able to get the log in safe mode, although I do still get the ms-dos 16 bit error a bunch of times while it is running.

    The fixMe.reg ran OK and gave a message about succesfully updating the registry.

    I received a number of errors running avenger, they are all in the log i think.

    mglogs and avenger.txt are attached.

    Thanks again for all your help
     

    Attached Files:

    BillMc, Oct 30, 2010
    #26
  27. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Nothing was removed and avenger seems to not have tried to remove any of the files. Your NewFiles log is virtually empty. Please see this thread regarding the errors you are getting with MGTools.
    Using MGtools
     
    TimW, Oct 30, 2010
    #27
  28. BillMc

    BillMc Private E-2

    I think I'm giving up, I'm going to try and re-install windows. I've already backed up all of the personal files.

    The error I'm getting is not exactly the same as the error in the thread you supplied, mine has to do with temp files. Searches I've done for this error have not been hopeful.

    Thanks for all your help, I can't express how much I appreciate you giving your time to trying to help me.

    Thanks,
    - Bill
     
    BillMc, Oct 30, 2010
    #28
  29. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Considering all the fixes and all the programs we have tried to use to fix this system, I think you are probably making the right choice in this matter. I wish you good luck. Do let us know if you are successful with a reinstall. And you are very welcome. Too bad we aren't having any luck solving this one.
     
    TimW, Oct 31, 2010
    #29
  30. BillMc

    BillMc Private E-2

    Yes, the re-install worked great. Good thing was there was not too much on the computer that needed to be backed up.

    Thanks again
     
    BillMc, Nov 9, 2010
    #30
  31. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know. Safe surfing. :)
     
    TimW, Nov 10, 2010
    #31

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds