Win32/Patched.FM (FL) detected

You should NEVER follow instructions given for someone else!! Different machine, different fix!!

I still need to see the C:\Mglogs.zip from running C:\MGTools.exe

 

Run Combofix again by double clicking it's icon on your desktop. Attach the resulting log ---> C:\combofix.txt

 

Please run a scan with this: Norman Malware Cleaner

Then after another reboot, see if you are still having problems. Also se if you can get a log from Norman to attach. Ignore any messages about items in the QooBox folder (from ComboFix) or in the MGtools folder being infected.

 

Now run this:
Using ESET's Online Scanner

Then run combofix again. Attach logs from each.

 

Sorry for the bad link. Edited but yes, as you say, you cannot run it anyway

Try this
How to recover from a corrupted registry that prevents Windows XP from starting

 

Let's see if the problem is due to the infected winlogon.exe file being deleted by Norman.

Boot back into the Recovery Console and run the below steps. The below steps will assume that your CD drive is D so change this to the appropriate drive letter if yours is different.

Once you are back to the C:\Windows> prompt of the Recovery Console, input the below brown bold font commands one at a time each followed by the enter key. Read the notes further down which comment on these commands.

cd system32
copy D:\i386\winlogon.ex_ winlogon.exe
exit



NOTES:

• the first command should cause the prompt to change to C:\windows\system32>
• the second command should copy the compressed winlogon.ex_ file ( yes the underscore is the correct file name ) from the i386 folder of your CD into the system32 folder and rename it to winlogon.exe, the file will automatically be uncompressed. Notice the space after the copy and after the ex_
• the third command should reboot your PC. Remove the CD and see if Windows will boot.

If Norman deleted winlogon.exe, it may have also take the incorrect action of deleting explorer.exe too and it will have to be replace. If Windows boots up this time but you have no Desktop then explorer.exe was deleted and similar steps to the above can be performed to restore it. However you don't need to run the cd system32 command since explorer.exe belongs in the C:\windows folder. Just skip to the second command and replace each case of winlogon with explorer

 

LOgs didn't attach. Please re-try.

 

Almost done... now do this:

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

 

Looks good, so just to have one final sweep, run ComboFix again just by double clicking it, and then do this:

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome!

Tell me which programs?

 

Sounds to me like you ran the line that Kestrel13! gave in message # 10. If you did this and used a restore point from a time where any of these programs were not installed or from before various updates to those programs, you have lost all information about them in the registry. A possible solution would be to run System Restore and restore your system to a point in time just before you got infected or just before you came here. Otherwise all these programs you are having problems with may need to be reinstalled. However do note, if you already completed the Final Instructions given, then you will not have any restore points to use because you will have already delete them.

Even if you become reinfected due to the reinstall, we can always reclean it.

 

Yes!

You will have to debug in the Software Forum. This is not likely a malware issue. Possibly problems with software you are using or Windows system corruption. You could see if it happens in safe boot mode. If not, then check what you load in normal boot mode vs safe mode.

Also try running the below.

Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.