I am in need of "MAJOR" help

Please disable all anti-virus and anti-spyware programs while we do the following:

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download The Avenger by Swandog469, and save it to your Desktop.
* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Be sure to tell us how things are running.

 

Looks good...just remove your old Java. Yes you can have us look at the other computers...just start a separate thread for each one and be sure to identify them as different systems.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
2.
* Click START then RUN
* Now type combofix /u in the runbox and click OK.
* Note: The space between the X and the /U, it must be there.
3. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
4. If you are running Windows XP or Windows ME, do the below:
* Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
* Then reboot and Enable System Restore to create a new clean Restore Point.
5. After doing the above, you should work thru the below link:
How to Protect yourself from malware!

 

Yes you can attach a new MGLogs.zip and ComboFix log, but I suspect this is not malware related.

 

I thought you wanted to attach new logs? Are you saying everything is running OK?

These old Java files:
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 3

And turning off system restore, rebooting and then turning it back on will flush your old restore points that may have some infected files in them.

 

Your logs are clean ....though I see you have an "e" partition. Have you run malware scans on that drive?

I would suggest you post in the software section for further assistance as this does not appear to be malware related.

 

Combo found a bunch on that partition ...so yes, run it on each as well as the SASpyware program to cover ALL drives.

 

Your logs are clean ...are you having any other problems?

 

Sorry...I meant that you had a bunch of new garbage that showed up on your ComboFix log that had previously either been removed or was new.

We need to re-run ATF Cleaner and also remove these:

* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

 

You can use windows explorer to find and delete:
C:\WINDOWS\unins000.dat Mar 1 2008 2548 "unins000.dat"
C:\WINDOWS\unins000.exe

Otherwise, I don't see any problems.

 

You are welcome .....12 machines? For personal use? Rather overkill, eh?

If you want to learn...you might consider going to :
malwareremoval.com

 

No harm meant or caused .....we have had users in the past who have been running a business and using our limited resources to facilitate their repairs. It can be aggravating, to say the least.

This is why some explanations before hand can be of benefit, as we are more than happy to support community and esp. childress programs. Chas was concerned as he is the one that handles the majority of the threads and also this forum, so it was a legit question, and not meant to be accusatory.

You can sign up at that site and become a student, as well as just read the threads here and look at the logs to see what is being removed.

 

You're most welcome.....