Please Verify I'm clean

I'm looking over your logs Klepton and will reply.

dr.m

 

You should not be using MSconfig to control startups - please run MSconfig and put your PC into normal startup mode as requested.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall this undesired program:
Viewpoint Media Player

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Please download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe and select Run as administrator to run it.
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Files
C:\WINDOWS\Temp\*.*
C:\Documents and Settings\User\Local Settings\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}][/b]

:Commands
[purity]
[EMPTYTEMP]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

With all devices that were previously connected when you ran the READ ME FIRST guide, please run the following online scan -
Using ESET's Online Scanner

Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the below logs to your next reply:

• C:\MGlogs.zip
• C:\_OTM\MovedFiles log
• ESETScan.txt

 

Personally, I regard ESET higher.
Re: ESET scan results
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent9.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined <-- found in Spybot's quarantined folder
C:\MGtools\Process.exe Win32/PrcView application cleaned by deleting - quarantined <-- a False Detection which you were advised of in the "Using ESET's Online Scanner" link

Re-read the first sentence in that link!

*Let's see if anything remains from CouponPrinter-

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach the JRT.txt to your next message.

Be sure to tell me how the pc is running.

 

"Antivirus software can't 'clean' a worm or a trojan, because there is nothing to clean - the entire file IS the worm or trojan. Quarantine plays a nice middle ground, because it moves the file to safe storage under control of the antivirus program - so it can't harm your system." It is prevented from executing any commands or functions by Spybot... but is still detected being present on your hard-drive by ESET.

To empty SpyBot's Quarantine
Quarantine can be either launched via the Start Center or can also be found in SDTray’s program list.
Just right click on the Spybot – Search & Destroy icon in your traybar beside the Windows clock and navigate to “Basic Tools“ → “Quarantine“. Once “Quarantine“ has been started just hit the purge selected button.

Noted - "Thanks".

_______________________________

* If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. It provides no "real-time" protection unless you purchase it and does not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. Go back to step 4 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
3. If running Vista or Win 7, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
4. Go to add/remove programs and uninstall HijackThis.
5. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove, you can delete these files now.
7. Any other miscellaneous tools we may have had you install or download can be uninstalled and/or deleted.
8. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work through the below link:
   • How to Protect yourself from malware!

Safe surfing!

 

Using Windows Explorer, manually delete these folders if still present:
C:\ProgramData\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

 

Yes

 

If I had the need to use one, it would be CCleaner's... bearing in mind all of the precautionary advice chaslang gives in this post:

http://forums.majorgeeks.com/showpost.php?p=1692149&postcount=74