malware, virus/ problems

Either you did not allow MGTools to run to completion or the malware is blocking it.

Please put Combofix on the root folder rather than the desktop:
C:\ComboFix

Please go to start / run / type "cmd" without quotes.

When the command prompt opens type:

This should start Combofix. It may reboot your system.

Once it has run, then again go to start / run/ and now type:
C:\win32kdiag.exe -f -r

Then please re-run MGTools,exe and let it run till it tells you it is finished.

Attach both the C:\Combofix.txt and the C:\MGLogs.zip

 

Continue on with the instructions please.

After doing this:

Then run Combo and attach that log as well as the new MGLogs/zip

 

Please attach the log from running windiag32.

 

Please do the below to make a copy of the good system file into the root folder of your hard disk so that we can use it to fix your problem.

1. Click on the Start button, then click on Run...
2. In the empty "Open:" box provided, type cmdand press Enter
   • This will launch a Command Prompt window (looks like DOS).
3. Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).
   copy C:\WINDOWS\system32\logevent.dll C:\ /y
4. In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
5. Press Enter.
   • When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
     NOTE: If you didn't get this message, stop and tell me first. Executing The Avenger script below will not work if the file copy was not successful.
6. Exit the Command Prompt window.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now do the following (make sure you redownload the file. Do not use the old copy.):

• Download this Win32kDiag(If on your desktop - Right click and choose copy / then Open my computer, click on the C drive and in the window paste it there) and save to C:\Win32kDiag.exe. You must save it here!!!!
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

C:\win32kdiag.exe -f -r

Alternative:
* Please save Win32kDiag file to your desktop.
* Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished,
there will be a log called Win32kDiag.txt on your desktop. Please attach this log

"%userprofile%\desktop\win32kdiag.exe" -f -r

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Then attach the below logs:

• C:\avenger.txt
• the new log from Win32kDiag
• C:\MGlogs.zip

Make sure you tell me how things are working now!