Unable to complete Read & Run Me First steps

Welcome to Major Geeks!

You need to finish ALL steps as stated in the READ & RUN ME. The very first page stated the below:

Thus you need to finish the rest of the instructions and attach the logs from what you can run.

 

First you must disable Spybot's Teatimer as requested in the READ & RUN ME. See this: How to disable Spybot's TeaTimer

Uninstall the below software:
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME



Now download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
• It will create a folder named HostsXpert in whatever folder you extract it to.
• Run HostsXpert.exe by double clicking on it.
• Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
• Click Restore Microsoft's Hosts File and then click OK.
• Click the X to exit the program

Now run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKCU\..\Run: [A00F20E8F27F.exe] C:\DOCUME~1\Me\LOCALS~1\Temp\_A00F20E8F27F.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.100,85.255.112.197
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.100,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.100,85.255.112.197
O18 - Filter: x-sdch - (no CLSID) - (no file)

After clicking Fix, exit HJT.




Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Me\Local Settings\Temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Now open up one browser Window from Internet Explorer (just leave this one open if you are reading with IE) and keep it open while the below scan with MGtools is running.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

After you run MGtools.exe, goto the C:\MGtools folder and locate the RunMB.bat file and double click on it to run it. This will attempt to make a renamed copy of the Malwarebytes program (named mgmb.exe) and then it will attempt to run this renamed version. If this runs, it will try to perform a QuickScan. Allow it to finish, then fix all the malware it finds. Then save the log. Attach this log if it does run.

 

Goto Add/Remove programs and uninstall Spybot now. If for some reason you cannot uninstall it, just continue on anyway.

• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run this Running RootRepeal


Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Then attach the below logs:

• C:\avenger.txt
• the log from RootRepeal
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You must remember to download MGtools.exe to your C:\ folder. You having been running (or Opening) it from the internet rather than downloading it. You must be sure to follow instructions to avoid problems. I can tell you ran it from the download link because it shows up like the below in your process list which means it was run from Internet Explorer:

C:\Documents and Settings\Me\Local Settings\Temporary Internet Files\Content.IE5\8W02CF3T\MGtools[1].exe

Make sure you do this properly this time since we are going to be downloading another new version at the end of this fix.

• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now see if you can run SUPERAntiSpyware, Malwarebytes, and ComboFix as requested in the READ & RUN ME. If they run, attach the logs

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Then attach the below logs:

• C:\avenger.txt
• attach logs from SUPERAntiSpyware, Malwarebytes, and ComboFix if they ran
• C:\MGlogs.zip

Make sure you tell me how things are working now!