MGTools ProcessDLL.exe message

Just attach the 3 requested logs. MGlogs.zip will sill exist even if Processdll.exe did not run properly.

 

You forgot to attach the other logs that were requested. I need the ComboFix and SUPERAntiSpyware logs.

Are the below settings valid?
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evko.biz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.evko.biz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.evko.biz

O24 - Desktop Component 0: (no name) - http://images.google.com/images?q=t...awire.com/prfiles/2005/06/19/253024/Trick.jpg
O24 - Desktop Component 1: (no name) - http://images.google.com/images?q=t...et/wp-content/upload/happytreefriends_com.jpg
O24 - Desktop Component 2: (no name) - http://images.google.com/images?q=t...xbox.com/wallpapers/halo2wallpaper02_1280.jpg




Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {064A2B01-9990-CE44-E82F-E4ABB239B4CA} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [irssyncd] C:\WINNT\system32\irssyncd.exe
O21 - SSODL: SysTray.Exsl - {6368D5FC-6F5C-4f5b-B164-E67214F67859} - (no file)
O23 - Service: Microsoft Time server - Unknown owner - C:\WINNT\system32\timesrv.exe (file missing)

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::
DirLook::
C:\WINNT\system32\VXSITE
File::
C:\WINNT\system32\irssyncd.exe
C:\Documents and Settings\E\Local Settings\Temp\MAR6.tmp
C:\Documents and Settings\E\Local Settings\Temp\MAR7.tmp
C:\Documents and Settings\E\Local Settings\Temp\MAR8.tmp
C:\Documents and Settings\E\Local Settings\Temp\MAR9.tmp
C:\Documents and Settings\E\Local Settings\Temp\SSUPDATE.EXE
C:\Documents and Settings\E\Local Settings\Temp\STS13.tmp
C:\Documents and Settings\E\Local Settings\Temp\STSD.tmp

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Do you see the below files on your PC? If so, delete them.

Code:

2006-05-23 22:43 0 ----a-w C:\Program Files\xkikup.exe
2005-01-14 18:27 271 ---h--w C:\Program Files\desktop.ini
2005-01-14 18:27 21,952 ---h--w C:\Program Files\folder.htt

I just noticed that you are using an out of date version of MGtools. Please download and use the current version of MGtools.exe and create a new log.

Question: Did you notice that many files and folders on your PC are dated 1/14/2014? Did you have your clock messed up while installing things in the past?

You also forgot to tell me how things are working.

 

Don't worry about this. We don't need this log anyway since you do not have any infections to worry about.

Uninstall SUPERAntispyware now since we are finished with it. That may speed up startup. You need to get an antivirus and firewall installed which are an absolute must. They will slow down start up but this is a necessary evil.


It is time to do our final steps:

1. Uninstall COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN
   • Now type cf /u in the runbox and click OK.
   • Note: The space between the cf and the /U, it must be there.
2. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
3. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome. Surf safely!