Help With Malware Removal

i have a maleware that's taken over my .lnk shortcut files that i'm trying to get rid of, from what i can tell it's very similiar to the issue in this thread only different names: https://forums.majorgeeks.com/threads/help-removing-malware-was-sent-here-from-other-forum.315679/

but i'm not familiar enough with stuff to know if i'm fixing/deleting the correct files via mgtools/otm or not and could use some help.

 

i tried that first, but didn't have permission to post in that section =/

here's the ADWcleaner files (sorry didn't notice they got missed) i'm running a second mbam scan now but it'll take a while =/ (the first 1 took over 24 hours, but probably because i told it to scan for rootkits and all my various drives, if you think this is overkill please let me know )
the scans are prior to my second cleaning (which i'm doing now/still doing) but i will run a new one once MBAM finishes.

 

FYI In the Malware Help - MG (A Specialist Will Reply) Forum you must start a new thread and only post in that thread.
As a specialist has already look at your logs, continue in this thread.

 

yeah, where the "start new thread" button normally is it just stated "you do not have sufficient privileges to post here" i assume it's probably because i've never actually posted/create a thread before (this was my first) , i'll try making one over there now though (i'll wait for my virus scans to finish first so i have new info i can add to it )

 

No!

 

opps =/ sorry i didn't see this til after i had already made the thread

if you can feel free to delete it?

in any case here is the newest files,


i'm currently also still running another malware bytes scan, i have "search for rootkits" enabled which seems to make malware bytes go from 1-2 hours to 24-32 hours to scan, which is making it a little slow to do steps since i have to wait around for malware bytes to finish

also to help shed light on the situation (not sure if it helps or not but no such thing as too much information??? )

whenever i open chrome (or any of my other internet browsers) and try to pin it to my taskbar, or open a 2nd window, first off the icon to open a second window is for a completely different program, the icon to open a new chrome window is for blizzards battle.net application, when opening it i'm getting the error "the item exe.rehcnual.ten.elttab.bat that this shortcut refers to has been moved or changed...."

previously the icon was for a different application (called crossout) and the error/file name was "exe.erolpxei.bat" by right clicking on the shortcut in the taskbar i discovered the file is apparently located in ....\appdata\roaming\browsers but when i go to my roaming i can find no folder titled "browsers" so what i tried doing was to create my own folder called browsers and created a fake exe.erolpxei.bat file with the words "do nothing" saved inside it then run a virus scan... this seems to have resolved the crossout and exe.erolpxei.bat problem, except every time i do this it's then replaced with a different applications .lnk shortcut file and the .bat file name changes. i've done this about 2-3 times until i got to the current .bat file ("exe.rehcnual.ten.elttab.bat") at which point this resolution i've been doing seems to have stopped working

 

still having the same problem: exe.rehcnual.ten.elttab.bat & the battle.net icon instead of chrome

 

so i tried creating the folder and the .bat file manually again, and then ran a virus scan, both roguekiller and malwarebytes identified it as a PUP and then i removed it via maleware bytes and tried launching chrome again, but still same result

no luck

 

update: i just tried renaming my chrome from "chrome.exe" to "gchrome.exe" and the icon changed to my star wars the old republic icon.

 

should i link this thread in the software help section?

 

is it possible that the virus might have changed/edited my registry settings for my .lnk files and it's just not being noticed ?

i checked my registry via reg edit and under my classic roots i found a folder in my lnk titled "{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}" not sure if this is normal or not, but i know from experience that most viruses or harmful files tend to hide in alpha-numerically named folders...... i don't know enough about registry keys to know if this is normal or how to check if it's normal or not though

 

OMFG I FIXED IT!!!

went to regedit > Computer\HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command the command line was :"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "0" -1% or something along those lines (i deleted the part after the .exe and forget exactly what it was but it was very close to "0" %-1% ) and it's working again now!

any insights on what happened or what is "0" -1" thing might have been? (i know it was 0 -1 with symbols around it i forget if they were " " or % or both =/ sorry