Cannot run all the Removal Steps, still having problems

Welcome to Major Geeks!

You don't need to run it to attach the log. The log is already save to the below location. Just attach it.

Code:

"C:\Documents and Settings\Gary.CHLOEII.001\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
Sep 27 2009 1073 "SUPERAntiSpyware Scan Log - 09-27-2009 - 12-11-22.log"

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now we need to reset the permissions altered by the malware on some files.

• Download this tool and save it to your Desktop: Inherit.exe
• It must be in your Desktop or the below fix will not work!

Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). While this is running, you will get several/many popups that have a title FInish and say OK. Just click the OK button each time. This is an indication that it has found a file and has attempted to fix permissions. Depending on how many files that need to be fixed, you could get only a few or many of these popups.

Now see if you can run scans with Malwarebytes and SUPERAntiSpyware.


Now attach the below logs:

• C:\ComboFix.txt
• logs from Malwarebytes and SUPERAntiSpyware if they ran
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Please only do what is requested. For example, I did not ask you to reinstall SUPERAntiSpyware nor Spybot. Doing things we do not ask for will most frequently cause more problems and will delay getting finished.

When you ran FixPerm.bat, did you get lots of popups to OK?

Try the below:

• Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

C:\win32kdiag.exe -f -r

 

Now download and Run exeHelper

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Also please try running the below online scan:

http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. See if you can save a log with it.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the log.txt file from exeHelper
• a log from the online scan if you could get one
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Back in message # 4 I requested the below

Why have you now deleted inherit.exe from you Desktop that was previously downloaded? We may not really be finished using.

Also in my last instructions I asked you to run C:\MGtools\GetLogs.bat, but you ran C:\Documents and Settings\Gary.CHLOEII.001\Desktop\Anti-Malware stuff\MGtools.exe

This file does not even belong on your Desktop ( it should be C:\MGtools.exe ) and I did not ask you to run it. Please delete it now and please follow instructions properly and only do what is requested.

Now download and run the below AVG Removal Tool

AVG Remover(32bit)

After running it, it should ask you to reboot. Make sure you immediately reboot your PC.

After reboot, download, install and update AVG from this:AVG AntiVirus Free Edition

Does it run properly now?

 

Which is why I previously said, "Please only do what is requested." Which was also stated in the READ & RUN ME.

Yes it said the below

C:\ is the root folder of your hard disk. Root means the highest level folder where everything traces back from (i.e, roots ). If you did a search on root folder you would get many many hits so I'm not sure how you searched. Just look at the output from the below:

http://www.google.com/search?q=root%20folder

C:\MGtools is a folder link directly to the root folder. I guess your problems stems from the fact that you do not know how to use Windows Explorer (the Windows file manager) which some people mistakenly also call MyComputer since it is one way of seeing Windows Explorer. If you are going to use Windows, you need to learn how to use Windows Explorer. There are many ways to open up Windows Explorer from which you can navigate thru files and folders on your PC. Here are a few examples besides double clicking My Computer:

• press the and hold the Windows key on your keyboard and then hit the "e" key (for Windows Explorer)
• right click Start and select Explore
• click Start, Run, and enter explorer into the run box and click OK.

When Windows Explorer opens up navigate to Local Disk (C and expand the contents by clicking the plus sign. You will see in the list of folders the C:\MGtools folder appears. If you click on MGtools, you will notice the right window pane will list the contens of the MGtools folder. In this folder you will see many files, one of them is the GetLogs.bat file that my instructions had asked you to double click on. If you do this now, you will see that it will run.

Yes your paid version had more features that you may want. I just wanted to make sure we could resolve your problem. I suggest that you now use Add/Remove Programs to uninstall AVG Free and then run the removal tool again to make sure all is removed. Then reboot your PC and reinstall your paid version to make sure it works properly.


Are you having any more malware problems?

 

You're welcome. Your logs are clean.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Uninstall Spybot!

Then boot into safe mode and see if you can delete the C:\program files\Spybot Search and Destroy folder. If not, try using inherit.exe which we previously used and drag the folder ontop of inherit.exe Then see if you can delete it.

And don't install Teatimer!

 

You're welcome. Surf safely!