Rockettab malware removal disables internet browsing

Just continue on with the other procedures, and once we have all the logs, we will decide what to do.

 

So just skip the Malware Bytes part for now and do everything else.

 

You would need to run a new scan! And fix what it finds. Then save a new log to attach. But since you say it disables the internet, just skip it for now.

Your log from MGtools is very incomplete. Did you have a problem running it? Did you shutdown protection software before running it and did you wait for it to tell you it was finished running before grabbing the log to attach? We need this complete log to continue properly.

 

It is still incomplete. The window only closes on its own when something goes wrong. Otherwise it will prompt you to hit a key after it tells you where the log is.

Did you shutdown protections first?
Did you disable UAC as requested ?
Did you use right click and select Run As Administrator ( if running Vista, Win 7, or Win 8) ?

 

Interesting! Let's try the below.


Please download OTL by OldTimer.

• Save it to your desktop.
• Double-click on the OTL icon on your desktopto run it. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator)
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the text-field.
  
  Code:

  activex
  netsvcs
  drives
  

• Now click the button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Please begin by uninstalling Avast temporarily. I think it could be causing the problems with running MGtools and also your internet connection issues. We will reinstall it later when finished with your cleanup.

[b} You need to free up space on drive C as shown by the below. I recommend always having greater than 10% free space.[/b]
Drive C: | 170.74 Gb Total Space | 6.20 Gb Free Space | 3.63% Space Free | Partition Type: NTFS

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.

• Double-click OTL.exe to run. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator)
• Copy the text in the code box below and paste it into the text-field.

Code:

:OTL
MOD - [2014/09/20 14:47:45 | 001,422,048 | ---- | M] () -- C:\Program Files (x86)\RocketTab\Client.exe
IE - HKU\S-1-5-21-785746635-2831294751-3954034908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-785746635-2831294751-3954034908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49352;https=127.0.0.1:49352
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
[2014/09/20 15:25:53 | 000,000,000 | ---D | C] -- C:\Users\Cubicle\AppData\Local\RocketTab
[2014/09/20 15:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketTab


:Files
C:\Program Files (x86)\RocketTab
C:\Users\Cubicle\AppData\Local\RocketTab
C:\Users\Cubicle\AppData\Local\Temp\ct2504091
C:\Windows\System32\Tasks\RocketTab Update Task
C:\Users\Cubicle\AppData\Local\Temp\SopCast.zip
C:\Windows\System32\Tasks\RocketTab
C:\Users\Cubicle\AppData\Local\Temp\*.*

ipconfig /flushdns /c


:Reg
[-HKEY_USERS\S-1-5-21-785746635-2831294751-3954034908-1001\Software\APN PIP]
[-HKEY_USERS\S-1-5-21-785746635-2831294751-3954034908-1001\Software\Conduit]
[-HKEY_USERS\S-1-5-21-785746635-2831294751-3954034908-1022\Software\APN PIP]
[-HKEY_USERS\S-1-5-21-785746635-2831294751-3954034908-1022\Software\Conduit]
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]
[REBOOT]

• Now click the button.
• If the fix needed a reboot please do it.
• Click the OK button (upon reboot).
• When OTL is finished, Notepad will open. Close Notepad.
• A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
• Attach this log to your next message. (See: How to attach)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the log from OTL
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Why are you using a proxy? It actually looked like you had malware for a proxy which is why I removed it. If you need it then you may have to reinstall it.

 

Download and run Autoruns and keep the Everything tab selected, then slowly scroll down thru the Image Path column. Do you see anything related to this Rocket Tab startup showing up? If you do, you should be able to right click on it and select Delete to stop that error from showing at startup.

ChrisPC Proxy is not considered malware. But personally I would not want all of my data going thru some one else's networks. You could be routing your data thru who knows where.​

 

Not a malware problem. You have some issue with Glary Utilities. You can discuss in the Software Forum but perhaps a reinstall will help.

Just final instructions since malware cleanup is finished.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!