Malware Doctor [malware] Removal? PC shutting down when I use start menu

[Frank E]

My PC was infected with this the other day and I'm not sure I have got rid of it or have a secondary/super infection.

I downloaded Malware bytes, saved as winlogin.exe
Started in safe mode and cleared a bunch of malware files.

The general advice feom the web was to use Regtweaker to clean the registry after running malwarebytes. I can't afford the Regtweaker licence as I'm out of work just now so used Regcleaner, Regclean, Registry Mecahnic. There are still about 2700 erroneous registry entries which I can;t fix. There seems to be a lot of errors in menu locations.

I've done this for a several iterations and eventually the last two sweeps of malwarebytes have been clean.

I still have the following problems
PC is shutting down when I try to start anythig from Start menu. Cooling is OK
Opening google hits opens spurious pages particularly when search term is anythin malware related.
IP address has been changed (can see IPconfig.exe processes running on start up
Mail clinet Turnpike V6 log saying IP address is wrong but will collect mail (incluing spam) if left running.
Unable to use mailwasher
Spurious windows opening with ad sites malware removal sites.
Windows Security Control Centre disabled.
When enabled alerts that AVG is out of date (which I don't even have installed)
Windows update will not run.

I can still use the web and access websites from favourites or by typing in URL

Is my PC still infected?

Is it safe to continue using the web? Will this malware evolve and do anything severe like wipe files from my PC?

Are there any free/ fully functional free to try registry repair apps available which could sort out about 2700 registry errors Regcleaner doesn't detect?
Are there any free tools to remove this and repair?

Any advice would be most welcome.

[ManniX]

Your biggest problem with registry cleaners are that they usually for optimisation rather than specific virus related key removal.

Ipconfig running at startup sounds little fishy. Have you checked msconfig for erroneous entries? Try autoruns from sysinternals too.

The usual line is to run Hijackthis for your BHOs and Combofix for any lingering infections that standard AV can't clean up. If it's a persistant problem with the registry you might be better off doing a system restore or a windows repair.

This is why registry backups are just as important as data.

[Frank E]

Many thanks

I still have a problem with PC shutting down instantaneously when I use the Windows start menu.
Nothing in event viewer.
The regtweaker had loads of results saying thing s in menues were in the wrong place so maybe I'm hovering over a shut down menu item in the wrong place? It's fre version though so no repair.

Internet apps are working OK now though, Mail news, web.
I ran Combofix which removed some files including the enemies list, used by the malware. Malware bytes possibly missed them (unless CF cleared them from MB quarantine folder)
Mailwasher was being blocked by Zonealarm, there is nowhere to configure safe apps/ports in this new version so guess I've had my time of using it free.
Couldn't see anything iffy in MSconfig and IP address is set correctly in Network connections. Hosts file is OK. The Mail collection client has the following

Sun, 18 Jul 2010 17:27:58 Started, using connection which already exists
Sun, 18 Jul 2010 17:27:58 Local address [192.168.254.200] does not match reported address [xx.xxx.xxx.xx]
Sun, 18 Jul 2010 17:28:01 Connecting to registration server olr-rs.server.ispname.net
Sun, 18 Jul 2010 17:28:02 Connection to registration server closed

I wil l probably do a fresh installation soon, when I can afford a new HDD, theis one is nearly full 6G of 60G free.
I don't have anything I can back up files to, though I saved my registry to CD. Old HP T1000e Travan drive and tapes can't be used in XP. Main partition is 60G, which is probably beyond what an Internet back up sites will take, dunno haven't looked into it..
I'm probably pushing my luck but my budget is pushed further.

[Frank E]

Repaired.
I reinstalled XP.

[wasteoid]

For future reference the FAQ at majorgeeks.com will sort this out.

C.