Help With Malware: Can't Burn Dvds And Cds And Computer Now Running Slow

Hi there okos,

I would still like to see the log from Hitman Pro, even though the trial has expired, it will still produce a log to show what it finds. Please attach it.
Your MGlogs.zip are very incomplete... do this:

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

• cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
• nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
• GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
• ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
• analyse <-- this attempts to run HijackThis. Be sure to click the Accept button twice in the license agreement popup or it will just sit there and wait.

Now look for the C:\MGlogs.zip file and attach it no matter what happened while doing the above.

 

You typed ed or cd? Let me know...

With Hitman you don't need to actually buy it in order to run a scan.... I just want to see what it finds. I can deal with what it finds another way. So run a scan with it and attach the log please.

Do not run anything unless I advise you to. Thanks.

You too!

Run this....
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version for your PC. Only the correct version will work.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Happy Christmas

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode. Any other mode is primarily used for troubleshooting and diagnostic purposes. You should look into some third party software to control start up's.


Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Tasks tab and locate these detections:

• [Suspicious.Path] %WINDIR%\Tasks\AbundDiscov57.job -- C:\Users\Charles Smart\AppData\Local\HaltiLocke7\Hasegment.exe -> Found
• [Suspicious.Path] %WINDIR%\Tasks\SkillCraftin600.job -- C:\Users\CHARLE~1\AppData\Local\HALTIL~1\Hamaximum.exe -> Found
• [Suspicious.Path] \AbundDiscov57 -- C:\Users\Charles Smart\AppData\Local\HaltiLocke7\Hasegment.exe -> Found
• [Suspicious.Path] \SkillCraftin600 -- C:\Users\CHARLE~1\AppData\Local\HALTIL~1\Hamaximum.exe -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

...and the same for these on the files tab please...

• [PUP][Folder] C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1} -> Found
• [Hj.Name][File] C:\$Recycle.Bin\S-1-5-21-513130945-461643082-857407046-1000\$RNG3F1I.exe\Chameleon\Windows\rundll32.exe -> Found
• [Hj.Name][File] C:\$Recycle.Bin\S-1-5-21-513130945-461643082-857407046-1000\$RNG3F1I.exe\Chameleon\Windows\svchost.exe -> Found
• [Hj.Name][File] C:\$Recycle.Bin\S-1-5-21-513130945-461643082-857407046-1000\$RNG3F1I.exe\Chameleon\Windows\winlogon.exe -> Found

When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.
Download Fixlist.txt

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Then attach the below log:

• Fixlog.txt

Also at this point, I want to double check the status of things by having you run another scan with FRST like in my last message and attach the new FRST.txt and Addition.txt logs.


Re run RogueKiller (just a scan) and attach that log, too.
Explain how things are running.

 

AutoRuns should take care of start up's quite nicely.

 

Re run RogueKiller again, save the latest log and upload it here.

 

Re run RogueKiller, on the files tab have it remove this entry:

• [PUP][Folder] C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1} -> Found

I'd also like you to run Ccleaner (not the reg scanner) just the cleaner itself to be rid of a chunk of temp files.

Once done, ensure the machine has had a reboot, and once again run a scan with RogueKiller. Save a log and upload it here.

 

Good morning
Please uninstall avast before we continue, it might be hindering the fixes.....
Follow my instructions in post #4 for running a fresh scan with FRST. Upload log once done.

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.
Download Fixlist.txt

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please upload this new log to your next reply

Then upload the below log:

Fixlog.txt

• 
  
  • 
    Fix items using RogueKiller.
    
    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:
    • [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FULG (C:\Users\CHARLE~1\AppData\Local\Temp\FULG.exe) -> Found
    • [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FULG (C:\Users\CHARLE~1\AppData\Local\Temp\FULG.exe) -> Found
    • [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FULG (C:\Users\CHARLE~1\AppData\Local\Temp\FULG.exe) -> Found
    
    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.
    
    
    
    
    
    SystemLook
    
    Please download SystemLook from one of the links below appropriate for your operating system and save it to your Desktop.
    Download 32 Bit
    Download 64 Bit
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      
      Code:

      :filefind
      FULG
      :regfind
      FULG

    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    
    
    
    http://img225.imageshack.us/img225/760/blitzblank.gif Please download BlitzBlank to your desktop.
    • Double-click BlitzBlank.exe to open (Vista/7 right-click and select Run as Administrator)
    • Press OK at the warning prompt.
    • Click the Script tab
    • Copy the text inside the code box below and paste it into the text-field.
    Code:

    DeleteFile:
    C:\Users\CHARLE~1\AppData\Local\Temp\FULG.exe

    • Now click the Execute Now button.
    • The fix will require a reboot in order to complete successfully.
    • Upon reboot, locate C:\blitzblank.log and attach this log to your next message. (How to attach)
    
    Re run RogueKiller, and upload latest log.

 

Yes.

 

Same way you have done so twice before...click on the fixlist.txt at the end of my post #18 and save the file.

 

OK, despite all the problems you ran into, it's looking good.

Address this:

Run Autoruns again, do those items still show? I want to be sure....

 

That's good. How are things running?

 

Delete this:
C:\Users\Charles Smart\Desktop\EasyTech PC Health Check.mht

Is there anywhere else you are seeing signs of EasyTech?

Cookies can be cleared away with the likes of Malware Bytes and Superantispyware. They are not problems. What is GOK?

You are very welcome.

 

You are most welcome for the assistance.
I'm afraid the issue with the CD burner will have to be posted about in the software forum, that is not topic for this forum. Best of luck!

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!