help needed

Please follow these instructions:

READ & RUN ME FIRST. Malware Removal Guide

 

Are you intentionally using a proxy?

Rerun RogueKiller and have it fix these items:

Code:

¤¤¤ Scheduled tasks : 3 ¤¤¤
[Suspicious.Path] [URL="file://\\RunAsStdUser"]\\RunAsStdUser[/URL] Task -- C:\Users\pajni\AppData\Local\Oxy\Application\oxy.exe (--app=chrome-extension://cgeglcjaapbfihfpfmamaoipnbocnjkl/index.html#q="Survey Bypasser EVO Version 101") -> FOUND
[Suspicious.Path] [URL="file://\\{03E9A65F-09AE-4C6A-BC39-B5DC53D5D08C"]\\{03E9A65F-09AE-4C6A-BC39-B5DC53D5D08C[/URL]} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\pajni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDCRZHRQ\sp41377[1].exe" -d C:\Users\pajni\Desktop) -> FOUND
[Suspicious.Path] [URL="file://\\{7B2D4711-2DCF-4D1C-812A-0895CB58083D"]\\{7B2D4711-2DCF-4D1C-812A-0895CB58083D[/URL]} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\pajni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WE42X1M\sp41377[1].exe" -d C:\Users\pajni\Desktop) -> FOUND
¤¤¤ Files : 1 ¤¤¤
[Forged][File] 0675142drv.sys -- C:\Windows\System32\drivers\0675142drv.sys -> FOUND

Then rerun Hitman and have it fix everything it finds.

Reboot and rescan with both RogueKiller and Hitman.

Tell me exactly what happens with MGTools. Did you turn off your protection programs?

 

TimW asked you about a proxy. Let him know.

 

Please click Start, All Program, Accessories and you will see ( among other things ) a Command Prompt entry.

• Right click the Command Prompt entry and select Run As Administrator.
  • It is critical that you run it this way.
• If you do this properly, a command prompt window will open with a title of Administrator Command Prompt.
• Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple/brown is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.

 

I am not finding any malware in those logs. What issues are you still having, if any?

 

Rerunn both RogueKiller and Hitman and attach the new logs. I am suspecting that MBAM is giving you false positives.

 

Your logs are clean. RogueKiller would have reported the infection. So, set AVG to ignore those findings. What else is happening?

 

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

 

MBAM log reported it and it was not fixed according to the log. Running a scan and not fixing what it finds does not remove the infection.

 

Just rerun MBAM and have it fix what it finds. Then attach a new log.

 

Yes, it sounds as though MBAM did the trick. What issues are you still having, if any?

 

I am going to suggest you post in the software forum for your issues with slowness.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.