Here are my logs attached/Problem with PC soung:(

Try again to attach the C:\MGlogs.zip, perhaps using another browser.

Otherwise upload the whole zip to Mediafire.com and share the link with me.

 

You have attached the whole folder instead of just the MGLogs.zip hence you had issues uploading to our forums.

Please attach the C:\MGlogs.zip as requested.

 

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.

Got a C:\MGLogs.zip now?

 

Just try double clicking on the C:\MGTools.exe (it has to be right click and run as admin for vista/win7 users) See if the program then runs and produces the very much needed C:\MGlogs.zip, if it does NOT then you will need to use a similar tool because I need to gather inmformation before I can help you.

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

 

You can uninstall the below as they are garbage.

• ParetoLogic PC Health Advisor
• Ask Toolbar

You should definately uninstall this if you want my help.

• NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)

Warning about Porn, Keygens, Cracks, and other Illegal Software

Run OTL again and attach the log.

 

Try Revo Uninstaller.
Choose the option on the bottom of the list (#4). Be very careful while deleting the bolded registry items ONLY!! This software will create a system restore point for you as well prior to uninstalling a software program.

 

Rename C:\MGTools.exe so you have C:\sc7y.com instead. (Make sure you have hidden files and folders set to show before hand so you do not end up with a double file extension such as sc7y.exe.com )

To display hidden files and folders


Does it run now? Try in safe mode if necessary.
Let me know.

 

Also run this even if MGTools does not run

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run

 

Run OTL again and attach the log.

 

I think the version of TDSSKiller you ran was outdated! I need to be away from the computer for a little while so get rid of the version you have and redownload. ( Note: To make it easier for you make sure you download the TDSSKiller.exe file and not TDSSKiller.zip )

 

You badly need to clean out this temp folder:

• C:\Documents and Settings\YOUR USERNAME\Local Settings\Temp

Delete everything that you are able to in there.

Tell me what is inside of this folder please.

• C:\Documents and Settings\Administrator\Local Settings\Application Data\.#

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=-

:files
C:\WINDOWS\nod32fixtemdono.reg
C:\WINDOWS\System32\D7FE86
C:\WINDOWS\system32\6AAE8F
C:\Documents and Settings\Administrator\Local Settings\Temp\dcnl.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nhml.exe
C:\WINDOWS\system32\E32BF6

:Commands
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

How about now? Any improvement?

Run OTL again and attach the log please.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  rundll32.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Run this and attach the results.

Using ESET's Online Scanner

 

What is this?

C:\fkfi.exe

Does this file exist?

C:\WINDOWS\system32\rundll32.exe

Is it really missing?


We need to run an OTL Fix

• Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
• Copy and Paste the following code into the Image textbox. Do not include the word Code

Code:

:OTL

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O33 - MountPoints2\{32e70ff0-9d91-11e0-9a75-00195b692f6b}\Shell\AUToplAy\COMMand - "" = F:\auhl.pif
O33 - MountPoints2\{32e70ff0-9d91-11e0-9a75-00195b692f6b}\Shell\AutoRun\command - "" = F:\auhl.pif
O33 - MountPoints2\{32e70ff0-9d91-11e0-9a75-00195b692f6b}\Shell\expLorE\CommaND - "" = F:\auhl.pif
O33 - MountPoints2\{32e70ff0-9d91-11e0-9a75-00195b692f6b}\Shell\oPen\cOMmaNd - "" = F:\auhl.pif
O33 - MountPoints2\{32e70ff1-9d91-11e0-9a75-00195b692f6b}\Shell\AUtoplAy\commANd - "" = G:\rfjpjo.exe
O33 - MountPoints2\{32e70ff1-9d91-11e0-9a75-00195b692f6b}\Shell\AutoRun\command - "" = G:\rfjpjo.exe
O33 - MountPoints2\{32e70ff1-9d91-11e0-9a75-00195b692f6b}\Shell\explorE\CoMMANd - "" = G:\rfjpjo.exe
O33 - MountPoints2\{32e70ff1-9d91-11e0-9a75-00195b692f6b}\Shell\open\comMaNd - "" = G:\rfjpjo.exe
O33 - MountPoints2\{57af89d0-9121-11e0-9a4e-00195b692f6b}\Shell\aUToPLay\comManD - "" = F:\yqdt.exe
O33 - MountPoints2\{57af89d0-9121-11e0-9a4e-00195b692f6b}\Shell\AutoRun\command - "" = F:\yqdt.exe
O33 - MountPoints2\{57af89d0-9121-11e0-9a4e-00195b692f6b}\Shell\exPLoRe\ComMand - "" = F:\yqdt.exe
O33 - MountPoints2\{57af89d0-9121-11e0-9a4e-00195b692f6b}\Shell\opeN\COmMand - "" = F:\yqdt.exe
O33 - MountPoints2\{f3f5c891-903e-11e0-9a42-00195b692f6b}\Shell\aUtopLaY\CommaNd - "" = F:\vpbsv.exe
O33 - MountPoints2\{f3f5c891-903e-11e0-9a42-00195b692f6b}\Shell\AutoRun\command - "" = F:\vpbsv.exe
O33 - MountPoints2\{f3f5c891-903e-11e0-9a42-00195b692f6b}\Shell\expLORe\CoMmAnD - "" = F:\vpbsv.exe
O33 - MountPoints2\{f3f5c891-903e-11e0-9a42-00195b692f6b}\Shell\open\cOmMAnd - "" = F:\vpbsv.exe

:files
C:\Documents and Settings\Administrator\Local Settings\Temp\winmterja.exe 
C:\Documents and Settings\Administrator\Local Settings\Temp\winooybgp.exe 
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ЎЎЎЎЎЎ.lnk
:commands
[RESETHOSTS]
[REBOOT]

• Then click the Run Fix button at the top.
• Click Image.
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. ATTACH that report in your next reply.

Open OTL again to run it and attach the log in your next reply.

How are things running?

 

You have a Sality infection.

For additional info, see W32/Sality.ai also see the below. There are many forms of Sality:

Virus:Win32/Sality.R

Virus:Win32/Sality.AT


These types of infections frequently require a reinstall to properly removal all traces and to fix the damage it causes.

You can try the below tools but I have never seen them work properly:

http://free.avg.com/us-en/win32-sality

http://support.kaspersky.com/viruses/solutions?qid=208279889

 

The infection you managed to pick up is so severe that you are better off with reinstalling. Not much more can be done apart from that. I dug and dug and then the ESET scan showed me the bad news.

 

It will fix it, yes. Have you got important data backed up? You can further discuss all of this in the software forum if you need to.

 

Any further questions you may have can be asked in the software forum regarding reformatting etc.