Question Prior to Posting Logs Please

Discussion in 'Malware Help (A Specialist Will Reply)' started by grc123, May 24, 2009.

  1. grc123

    grc123 MajorGeek

    I was instructed to run SAS & MBAM on each User Account prior to posting my logs. Would that be the "Full Scans", or would the Quick/Fast/short scans suffice, please?

    Thanks in advance ....
     
    grc123, May 24, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Quick
     
    TimW, May 24, 2009
    #2
  3. grc123

    grc123 MajorGeek

    Thanks ........
     
    grc123, May 24, 2009
    #3
  4. grc123

    grc123 MajorGeek

    Trouble in mid-'R&R Me 1st'?

    Having trouble knowing HOW to save these different tools in different places. Specifically, at the moment, how to save MGTools (even though I believe that it's still on this PC from downloading it a year ago?).

    When I go to save it, it (the pop-up box/window) is set to save in the Desktop by default (and yes, I've already changed that to; "Ask me where to save files", in Firefox>Tools>Options).

    When I click-on the drop-down box to try to save it elsewhere, the drop-down box is bare ... empty ... nothing else there ... no other option(s).

    Can you advise please?
     
    grc123, May 25, 2009
    #4
  5. grc123

    grc123 MajorGeek

    I'm "Stuck" in Run & Read Me...again

    Ok.

    I am still in the "Read & Run Me". I am stuck at the point/page (http://forums.majorgeeks.com/showthread.php?t=127217) where it says: "otherwise skip to the next main step about getting the log from SUPERAntiSpyware:"

    Where might I find this "main next step" please?

    All that is remaining on this page is the: "Repair broken Network Connection (WinSock LSP Chain)" instructions ...


    Thanks in advance ..............
     
    grc123, May 25, 2009
    #5
  6. grc123

    grc123 MajorGeek

    Re: I'm "Stuck" in Run & Read Me...again

    Please disregard ... answered in the software forum.

    I "must be tired and need a break" .....................................?
     
    grc123, May 25, 2009
    #6
  7. grc123

    grc123 MajorGeek

    PRE-emptive Post - prior to running ComboFix

    One of the reason I am here (in Malware, doing Read & Run me) is because of an inability to use a printer on this PC ... ANY printer (of the four tried - at least one of which is the same make/brand as the PC [=Dell]).

    I cannot "print" the instructions for ComboFix, and in so much as my eyeballs are doing cartwheels at this point in the operation/process (I simply can not look at a screen for this length of time), I don't think I can write-down all of the instructions.

    I'll have to wing-it ..........thanks .................................
     
    grc123, May 25, 2009
    #7
  8. grc123

    grc123 MajorGeek

    Question RE: Proper MGtools Operation

    I knew this was going to be a nightmare.

    ComboFix won't run (I read that you want to know that 'later', but since I am here with yet another question, I'll tell you now) - ComboFix="C:\32788R22FWJFW\hidec.exe > The handle is invalid" (??).

    Now, should I have AV & AS disabled while running MGTools?? I see no where that it says so - but I see no where that it says not so either ... please?
     
    grc123, May 25, 2009
    #8
  9. grc123

    grc123 MajorGeek

    "R&R Me First" Logs?

    ?

    I can not seem to attach the SAS log. I can "find" it (saved as a notepad txt doc.), but I don't know how to attach a notepad doc. (?) Of the (two) "SAS things" that "may be" attached, one was attached mistakenly, the other was clicked-on mistakenly - and once they're "in there", there seems to be no taking them back out.

    I don't know if the other logs are correctly attached or not (MGtools and mb.exe)?

    I'm sure this is all not correct. I am (and have been) doing the absolute very best that I know how to do. I don't understand what else is needed.

    I could not run ComboFix, I got an error saying "The handle is invalid". I posted that (the complete error message = "C:\..." somewhere on this forum, but can't seem to find that, here either, at the moment.

    Hoping someone will advise.

    Thanks in advance ..........
     
    grc123, May 25, 2009
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your 7 threads in the Malware Forum were merged into 1. Please stay in one thread. Posting additional threads does not get you help any sooner and just wastes our time.
     
    Last edited: May 26, 2009
    chaslang, May 26, 2009
    #10
  11. grc123

    grc123 MajorGeek

    "R&R Me First" Logs?

    ?

    I can not seem to attach the SAS log. I can "find" it (saved as a notepad txt doc.), but I don't know how to attach a notepad doc. (?) Of the (two) "SAS things" that "may be" attached, one was attached mistakenly, the other was clicked-on mistakenly - and once they're "in there", there seems to be no taking them back out.

    I don't know if the other logs are correctly attached or not (MGtools and mb.exe)?

    I'm sure this is all not correct. I am (and have been) doing the absolute very best that I know how to do. I don't understand what else is needed.

    I could not run ComboFix, I got an error saying "The handle is invalid". I posted that (the complete error message = "C:\..." somewhere on this forum, but can't seem to find that, here either, at the moment.

    Hoping someone will advise.

    Thanks in advance ..........
     

    Attached Files:

    grc123, May 26, 2009
    #11
  12. grc123

    grc123 MajorGeek

    Thanks. I really am GREATLY appreciative. I do understand very well that posting extra threads (and/or bumping) does not get me helped faster - I was merely trying to follow ALL of the directions/instructions, and to convey complete information (ask questions when I didn't understand something) as I went-along.

    As I went-along, and had different issues and questions, they didn't seem to "fit" under the same title of my previous postings/threads/messages (whatever they're called) so I thought (as in the Software Forum) that I was supposed to start another thread?

    I greatly appreciate the help, but this is all very confusing ... switching back and forth, to & from multiple tabs to try to "follow" the Read & Run me. Saving different things in different places and in different ways. It's a very difficult (confusing) process.

    Maybe it's that my eyes just can't take it for this long (all day), I'm not sure, but I found this process (which I seriously doubt that I completed "successfully" - after what, close to 12 hours?) to be as difficult as it was a year ago when I tried going-through it. And it shouldn't have been. I have another year of "playing" with these machines, and I still really don't understand why things have to be as complicated as they are (especially the switching back and forth between tabs to complete the Read and Run me.

    Please don't get me wrong - I just don't know how anyone can possibly stare at (read from) these screens for hours and hours on end, and not get headaches, heartburn and immense frustration (ANGER)? This is insane.

    Thanks for the help.
     
    Last edited: May 26, 2009
    grc123, May 26, 2009
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    There is nothing wrong with your system. The reason you are having difficulties with the Administrator account is that you have it disabled:

    Yes | Administrator (Disabled)

    I would suggest you do one of two things. Either enable the Admin account and leave things alone, or do a complete reformat and a new installation and set only the user accounts you want and only install the programs you need.

    Now we can remove the things you downloaded:


    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, May 26, 2009
    #13
  14. grc123

    grc123 MajorGeek

    Well that much is good news - thank you very much for that.

    I will work on figuring-out how (exactly) to enable the admin account, though I don't (at all, really) understand how it's possible for it to be disabled?

    If I can't get it, I'll ask in the Software Forum.

    I will follow the instructions for removal of all we installed here, except for SAS & MBAM (which I will continue to keep for backup-scanning/removal only - I completely understand there is no real-time protect. w/o purchase. I have another product installed and running for real-time assistance).

    Vista is certainly different (in too many "poor" ways) from XP.

    Thanks again.
     
    Last edited: May 26, 2009
    grc123, May 26, 2009
    #14
  15. grc123

    grc123 MajorGeek

    Shocker. I'm receiving an error trying to "uninstall" ComboFix ("IF" it is actually "IN-stalled"??).

    There IS a ComboFix icon on the Desktop.

    When I copy/paste "%userprofile%\Desktop\combofix" /u into Run, I get this message (again): "C:\32788R22FWJFW\hidec.exe - The handle is invalid". It took three (3) clicks of "ok" to lose (close) the message (the message appeared a total of three times).

    Please advise - how am I to proceed please? .................
     
    Last edited: May 26, 2009
    grc123, May 26, 2009
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that were created.
     
    TimW, May 26, 2009
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds