Still infected Ran all scans (help pls)

Welcome to Majorgeeks!

Let's see if we can find out the problem! I'm going to assume you installed it similarly to ShowNew. Which means that I assume you put it into a folder named: "C:\Program Files\GetRunKey"

So based on that assumption, here is what I want you to do.

• Click Start, Run, and enter cmd and click OK. This will open a command prompt window.
• At the command prompt enter the below commands (include the quotes)
  • cd "C:\Program Files\GetRunKey"
  • GetRunKey.bat
• Tell me what error messages if any that you see.
• If you do get error messages, check them against the ones on the download page .

Also do the below so we can get a start on your cleanup!

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
MediaTickets by OIN <-- should have been uninstalled in step 0 of the READ ME
Mozilla Firefox (1.5.0.8)

Then install the current version of FireFox from: Mozilla Firefox

Make sure viewing of hidden files is enabled (per the tutorial).

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete (if found):
C:\Program Files\ipwins <--- the whole folder
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe

Now run Ccleaner.

Now reboot in normal mode
Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

 

Please copy the GetRunKey.bat file into the same folder as ShowNew.bat

Then get a new log from ShowNew.bat and try running GetRunKey.bat again.

Note: The backups folder you saw is valid! HijackThis creates backups of things it fixes. That is another reason that our directions insist on it being installed properly. In not properly extracted from the ZIP file, you will not get backups.


How are things running?

 

Those are all files from GetRunKey! It is starting to run but dying at some point. I'm trying to figure out why it is having a problem on your system. Now that we have your malware fixed, you can help me debug this. I cannot debug it on my own system because I have tried it myself on at least 20 PCs using all Windows Operating Systems and it always works. Also hundreads of people run it here each week in the forum. Most have no problems running it other than not extracing it from the ZIP file. Normally problems like this mean something is missing or misconfigured on the PC where the tool is being run. There could be a problem in your environment path. It does not look correct. There appears to be a double semicolon at one point and their also appear to be a carriage return in the middle of the path. Did you edit this newfiles.txt log in and form when it came up? It sure looks like it base on some of the lines being wrapped around! You can compare it to your previous log and you will see what I mean. Does it pop up in notepad? You should just close the window without doing anything (not even a save) and then attach the file>

What I would like to do is post a different version of GetRunKey.bat (in a ZIP file) for you to download and extract (please extract to the ShowNew folder). I will try to put some debug information into the program so I can see where it is getting to before it stops. This may help us determine why it cannot run.

I will attach a debug version as soon as I can get a chance to make some modifications.

 

I'm attaching a file named GRKDeb.zip. Download it and extract the GRKdeb.bat file into the ShowNew folder. Then run the GRKdeb.bat file by double clicking on it. After it runs, look for c:\GRKdebug.txt and upload it here as an attachment.