I pressed the wrong button

Yes this was stated in the instructions. You need to save MGtools to the Windows Boot Driver and run it from there. So copy it from your thumb drive to drive C and then run it.

You also need to tell us what you malware problem is. "I pressed the wrong button" is not helpful.

 

Shutdown ALL browsers and then uninstall the below programs:
Ask Toolbar
My Way Search Assistant
Viewpoint Media Player

Now reopen your browser to continue, then run the below.



Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• JRT.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome. Just continue on.

 

They are both still there. We will remove the remaining things below.

Shutdown McAfee before trying to do the below.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

I'm not sure exactly what you mean by this. Does this mean that Internet Explorer will not even run? Or does it mean that it will run but that you cannot connect to any websites with it? I see network connectivity based on your logs.

What happens if you shutdown McAfee first ( make sure to shut all of it down including the firewall )?

 

Does it do this in Safe Mode with Networking too?

Can you try installing another browser like Firefox and see if it works? Obviously you will have to get it from another PC.

I have to wonder about the below 2GB partition on your hard disk.

Code:

Partition 3    Unknown           2816 MB    72 GB

 

May not be a malware issue. You have have to work this in the software forum, but try this >> http://support.microsoft.com/fixit/

Did you install the full version or only the portable version ? Based on you saying it is not in Add/Remove Programs, it sounds like the portable version.

Was not in the last logs you attached.


Let's cleanup some more junk.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKUS\S-1-5-18\..\RunOnce: [SSAWrapper] C:\WINDOWS\TEMP\sg_rd.bat (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSAWrapper] C:\WINDOWS\TEMP\sg_rd.bat (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeatycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab

After clicking Fix, exit HJT.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

 

Okay because my next suggestion since you went back to IE7 now would be to UNINSTALL McAfee and see what happens.

There are no problems in your logs for us to fix.

No we don't, but thanks for asking.

And note that I see Mozilla Firefox 17.0 (x86 en-US) installed.

 

The only item of question that had remained was this that I mentioned

Code:

Partition 3    Unknown           2816 MB    72 GB

However I doubt it has anything to do with SAS not installing. I would only suggest fixing/removing the above partition as a last resort if real malware problems were occurring. Sometimes removing these partitions winds up in the PC no longer booting.

You may want to try what is mentioned here >> http://www.superantispyware.com/supportfaqdisplay.html?faq=48

 

You're welcome. Glad to hear you have it fixed.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!