Malware Problems

Hi,

I came home to my parent's computer for winter break and found that it was infested with lots of malware. No matter what search engine I use, the search result links give me a bunch of ad sites. Though this problem seems to only occur when using my parent's windows user account (btw, I'm running XP SP3). I've gone ahead and did the run through of the Windows XP Cleaning Procedure. SUPER Antispyware and Malwarebytes logs are posted below. Spybot found only tracking cookies, which I removed.

In between these 3 being run and combofix/MGtools being run, my parents used the computer for a bit, hopefully they didn't mess anything up.

When I got the computer back, I tried to run combofix.exe, It was running well, and then when it got to creating the log part. I suddenly get a windows notification saying catchme.cfexe has failed to initialize because windows is shutting down. And when I click ok, my computer restarted. Once done restarting and I log back on, the Combofix command prompt window is still up but it's stuck on the "preparing log report. do not run any programs until Combofix has finished" screen. I waited for about an hour and nothing happened so I force closed the command prompt. My clock still seems messed up even after restarting, probably meaning the program never got back to fixing it.

I tried rerunning combofix, but now it fails to startup. I had the same problem the first time I tried running it, but after rebooting a few times it worked the first time around. This time when I rebooted it still didn't work. I double click the combofix.exe and the progress bar will go across, but then after the progress bar is full and disappears, nothing happens.

I then ran MGTools, and it got stuck on adding: GetUnkey.txt (188 bytes security) (88% deflated). I let it sit there for 20 min, but nothing happened so I closed it. Then I tried rerunning this program too, but after uncompressing the MGTools, it just stalls on a blank command prompt. I waited for about 10 minutes and then I forced exit the command prompt. I renamed the MGTools folder which I ran the first time to a different name, so that it wouldn't rewrite, and found a GetUnkey.txt file which hopefully is of some use.

I also tried running GetRunKey.bat to try to get a log file out and then maybe post them without it being zipped, but it failed. No log files were created, it stalls on the running scan and note to ignore registry error screen, and never gets anymore. I look in the folder and it created a temp folder with some txt files, but no runkeys.txt file to be seen.

I ran all these programs from my my own windows user account (also an admin), not from my parent's infested user account, if that makes any difference.

I know this means there might not be sufficient logs to analyze the matter. So if you know of a different way in which to acquire these logs I'm willing to give it a try.

 

Here are the logs that I could acquire.

 

I ran HJT (analyse.exe) from the MGTools, and could get a log from that.
I also ran shownew.bat from the MGTools, but it didn't finish. It sat on "Looking for new Vundo type infection. Be patient while scan runs" for about an hour before I force closed it. There was an incomplete newfiles.txt file created which I've attached which hopefully is of some use.

If It's suppose to take over an hour to run these bat files then I'm sorry for any inconvenience as I clearly had no idea what I was doing, and I'll rerun these.

 

hey chaslang,

Thanks for the reply. I actually just ended up reformating, since it seemed quicker and safer. I didn't want my parents accidently doing anything to give away personal information in the time it took to fix the problem. Thanks anyways though!