Desltop virus plz help

We require logs from:

• RogueKiller
• Hitman Pro
• MGTools

 

Why are you trying to run instructions for Windows 98? You have Windows XP.

 

How did you get on? :confused

 

Fix item using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate this detection:

• [Suspicious.Path] HKEY_USERS\S-1-5-21-1177238915-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run | smoother : C:\Documents and Settings\GoodZ2\Application Data\SmootherWeb\SmootherWeb-Installer.exe -> Found

Place a checkmark next to this item, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.

• Re run Hitman and allow it to remove all that it finds.
• Re run Malware Bytes and attach log.
• Where is the missing MGlogs.zip?? I need to see that too please, it's most important.

 

Is this what RogueKiller didn't like? Let's fix it please...


Fix item using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate this detection:

• [PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1

Place a checkmark next to this item, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.




Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the area. Do not include the word Code.

Code:

:Files
C:\Documents and Settings\GoodZ2\Local Settings\Application Data\globalUpdate
C:\WINDOWS\system32\MyOSProtect.dll
C:\Documents and Settings\All Users\Application Data\Systweak
C:\Documents and Settings\GoodZ2\Application Data\systweak
C:\Documents and Settings\GoodZ2\Local Settings\Application Data\RocketTab
C:\Documents and Settings\GoodZ2\Application Data\10019
C:\Documents and Settings\GoodZ2\Application Data\AFJDR
C:\Documents and Settings\GoodZ2\Application Data\SmootherWeb
C:\Documents and Settings\GoodZ2\Application Data\systweak
C:\Documents and Settings\GoodZ2\Application Data\YXHLC
C:\Documents and Settings\GoodZ2\Local Settings\Application Data\com
C:\Documents and Settings\All Users\Application Data\Systweak
C:\Program Files\globalUpdate
C:\Program Files\predm
C:\Program Files\Super Optimizer

:reg   
[-HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}]
[-HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}]
[-HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}]
[-HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}]
[-HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}]
[-HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
[-HKU\S-1-5-21-1177238915-823518204-682003330-1003\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

• Reboot the machine again. Re run Hitman Pro. Does it still find anything? If so attach log.
• Re run RogueKiller (just a scan) and attach log.
• Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
• Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

AVG 2012 <<< This is out of date now, surely??

Do you feel comfortable about going into the Windows Registry yourself and deleteing it?

HKU\S-1-5-21-1177238915-823518204-682003330-1003\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113}


Download The Avenger by Swandog469, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

Skip the Registry step, do this instead.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

That's great, much better. How are things running? Ready for final steps?

 

Yes see how it runs and let me know. I would indeed like a screenshot of what you described. Thanks.

Also do this in the mean time:

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

 

There's still another log from OTL you need to attach please.

 

You attached extra's but not the other one. That's the one I need please!

 

Okay, regarding the screenshot you supplied me with... it's normal by the looks. https://support.mozilla.org/en-US/questions/1025706

Now...you keep attaching an avenger log!! I need a log from OTL please. Not the extras log (you already attached that) I need OTL.txt please.

 

Not seeing anything else to do but for you to delete these:

• C:\Documents and Settings\All Users\Application Data\ParetoLogic
• C:\Documents and Settings\GoodZ2\Application Data\ParetoLogic

So if you are still having issues please explain.

 

I quite agree... LOL

Okay, I'm going to post final steps, so you can follow them as soon as possible unless something else is wrong.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
   
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
   
   
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!