Oriental Writing in Starup Programs?

Hi

If you have not installed any applications that are from China, Japan or Asia countries then possibly, do you have similar text in Add/Remove?


But to be safe and to rule out malware then you will need to follow the below, and attach the requested logs, then out malware experts will review them and if malware is found they will reply to you with some further removal instructions to follow.


So logs that you will get to attach are:

MGlogs.zip (which has 5 logs inside it, including Hijackthis, just attach the whole Zip )
MalwareBytes log
Superantispyware log


Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide plus a guide on how to attach the logs HOW TO: Attach Items To Your Post

 

You need to attach the other two requested logs from SUPERAntiSpyware and Malwarebytes Anti-Malware.

Then you need to re-run MGtools taking care to follow the instructions for it exactly. It did not run properly. You must make sure that you do not stop it before it finishes. See the thumbnail on the using MGtools download page that shows you what it looks like when it is finished. Make sure that you also check for any of the error messages given on this same download page.

 

You just attached this log. I assume you meant MGtools?

 

First let's remove a left over service from having Symantec on your PC.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Symantec Lic NetConnect service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, Rght click C:\MGtools\analyse.exe and select Run As Administrator. This really HijackThis, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteCLTNetCnService into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Uninstall the below old versions of software:
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6

Rght click C:\MGtools\analyse.exe and select Run As Administrator. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [?????????] ??????????????e

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.
After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now reboot your PC.
Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.

Make sure you tell me how things are working now!

 

No it did not do anything and thus it did not fix your problem. You have another issue in that you have lost a Windows File Association for registry files. Let's try to fix this.


Now Copy the bold text below to notepad. Save it as RegFix.reg to your desktop. Be sure the "Save as" type is set to "all files". Then Click Start, Run, and enter regedit and click OK. This will open the Registry Editor.

In the Registry Editor click File and Import. Navigate to the RegFix.reg patch you saved on your Desktop and double click on it. Click OK at the prompt to add to the registry. Do you get a success message for this?

Now you need to reboot your PC.

After reboot try double clicking on the fixme.reg patch and see if it now asks you about adding it to the registry. Make sure you say yes. Also tell me if you receive a success message. Make sure that you do not allow Windows Defender or Spybot to block the changes to the registry since they may try to.

 

Well first do you still see those entries however you were looking for them? If not, we are finished other than final steps. If you do still see them, attach a new MGlogs.zip file.

 

Okay then we are ready for the below.


If you are not having any other malware problems, it is time to do our final steps:

2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. If we had you run Avenger, you can delete all files related to Avenger now.
4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!