trojans and BSOD's in safemode.

Without seeing the logs I cannot help you, so soon as you attach them we can make a start.

 

Why am I not seeing any AV software on this system?

Please boot into normal mode. If you can't do this in normal mode, do it in safe mode.

Download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\Avenger.txt
* C:\MGlogs.zip

 

Your BSOD issues would be best addressed in the software forum. But let me see a new MGLogs.zip.

 

Right click C:\Documents and Settings\Steve\Local Settings\Temp and choose properties. Then click on the security tab and tell me if you can add your profile to give you user permissions.

I am currently having some issues with my computer so I will have to get back to you on further fixes.

 

Weird ..... but I am back up and running properly. Do this while I check some things for you.

Go to start / run / and type:
%temp%
delete all that it will let you remove.

 

What is this:?
C:\32788R22FWJFW

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\Avenger.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

It is a temp folder created by ComboFix. Check the list of items cleaned up by MGclean.bat.

 

TimW forgot you were running a 64 bit system. Avenger will not run on 64 bit systems.

Are you currently having any malware problems? The below files still show in your logs:

Code:

----a-w   61,440 2011-02-03 01:14:53  C:\Windows\SysWOW64\drivers\imimfd.sys
----a-w   61,440 2011-02-02 00:02:17  C:\Windows\SysWOW64\drivers\paoj.sys
----a-w   61,440 2011-02-02 00:36:34  C:\Windows\SysWOW64\drivers\xcfmb.sys

 

Tell me exactly what it found. The entire path. I am not seeing any malware in your logs. But since you were able to do them in normal mode, let's have you run an online scan:

eSet Online Scan.

 

Ok, that found one thing. Keep an eye on how things are running and let me know what problems you may have. We can wait till tomorrow to do the final cleanup when we are sure you are working properly.