Malware and othe rissues

Here is my original post to see how my isues started. I ended up loading windows XP to a different partion(d:winxp).

http://forums.majorgeeks.com/showthread.php?t=182361

Then ran through clean-up procedure. However, I inadvertantly ran mgtools prior to Combofix, if my scan needs to be redone due to this let me know and I will.
Regrdless, I am going to post my logs.

Thanks for any assistance

Mike

 

Continuation of post to submit fourth log

 

http://www.majorgeeks.com/images/grenade.gifWelcome! to MajorGeeks.com!http://www.majorgeeks.com/images/grenade.gif


Pre-Instructions:

1. First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.
   
2. Print out these instructions or save them to a text file so that you can operate with All Browser Windows CLOSED.

Step 1:

Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed.

Step 2:

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Again, make sure ALL browser windows are closed when you click FIX.​

Step 3:

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.​

Step 4:

Default Security Settings

To Default Security Settings:
For Internet Explorer 6 users:
Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up navigate to the Security Tab and click Default Level for the following:

• Internet
• Local Intranet
• Trusted Sites
• Restricted Sites.

Click OK to exit.

For Internet Explorer 7 users:
Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up, navigate to the Security Tab and simply click the "Reset all zones to default level" button. Click OK to exit.

NOTE: If it's "grey" then it's already at the default level.​

Step 5:

Please download ATF-Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: ATF-Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF-Cleaner menu to close the program.​

Step 6:

Next I would like you to install the current version of Sun Java: Sun Java Runtime Environment​

Step 7:

Finally, run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

​

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Hello,
Thank you for your assistance. I have posted the logs below. As my original post stated, I have other issues, so let me know if I did not do this correctly.
While running "getlogs", ath the end i received an error
"application failed to initialize properly (0xc0000135). Click to OK to terminate the application.

If I may add, I don't know if you read the link to my original post in the Hardware/ software section about a windows BSOD user32.dll error. I ended up reinstalling window xp to a new partition (D:\winxp). I thought it was original disk for this computer whicj is Media edition, but it was the one from my laptop. Computer is working OK and I have had to update drivers for this computer through dell and my service tag.

One issue is when I ran "analyse this", I did not see any of the registry tags you suggested I remove, and when I used ad/remove, I could not see the Java files you asked me to remove.
This appears to be above an beyond the "malware removal" listed, but let me know if I should post tha tpart somewhere else

Thanks again and sorry for the long post

MIke

 

First, please do not do anything I don't request because now things are different since you have reinstalled the OS.

Let's start over, download a fresh copy of ComboFix & MGtools from the below links. Run ComboFix first, once complete run MGTools and attach the new logs to your next post.

ComboFix

Running MGTools

 

Attached are the two files you requested.

I did not load anything after we had posted. The OS change was done before the read me run me because I had the BSOD for user32.dll error.

The MGlogs.zip file is from the d: drive because that is where I loaded the new OS with the hope of not over writing files.

Should the mglog.exe be run on the c:drive as well? I still cannot get into the Windows media edition due to the user32.dll is missing BSOD.

Thanks for your help

Mike