Neighbors Computer - fake antivirus

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll
O2 - BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll
O2 - BHO: WiseConvert - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll
O3 - Toolbar: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll

After clicking Fix, exit HJT.

Now uninstall the below software:
RegCure Pro
UnfriendApp
WiseConvert Toolbar



Now please download OTM by Old Timer and save it to your Desktop.

• Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe
 
:Files
C:\$recycle.bin\S-1-5-18\$42912af19d569c4110b9cbb16e3ba4fb\@
C:\$recycle.bin\S-1-5-21-523376744-1997939498-2749181460-1000\$42912af19d569c4110b9cbb16e3ba4fb\@
C:\$recycle.bin\S-1-5-18\$42912af19d569c4110b9cbb16e3ba4fb\U
C:\$recycle.bin\S-1-5-21-523376744-1997939498-2749181460-1000\$42912af19d569c4110b9cbb16e3ba4fb\U
C:\$recycle.bin\S-1-5-18\$42912af19d569c4110b9cbb16e3ba4fb\L
C:\$recycle.bin\S-1-5-21-523376744-1997939498-2749181460-1000\$42912af19d569c4110b9cbb16e3ba4fb\L
C:\$recycle.bin\S-1-5-18\$42912af19d569c4110b9cbb16e3ba4fb
C:\$recycle.bin\S-1-5-21-523376744-1997939498-2749181460-1000\$42912af19d569c4110b9cbb16e3ba4fb
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\RegCure Pro.job
C:\ProgramData\6o4v7yr6ikfw18072u
C:\ProgramData\ParetoLogic
C:\Program Files (x86)\ParetoLogic
C:\Program Files (x86)\PC Speed Maximizer
C:\Program Files (x86)\UnfriendApp
C:\Program Files (x86)\WiseConvert
C:\Program Files (x86)\Common Files\ParetoLogic
C:\Users\KevinAmy\AppData\Local\Temp\*.*
 
:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3DFEA064-B262-41BA-9E75-4E36ADDDF2D0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\s]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.


Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• the C:\_OTM\MovedFiles log
• the JRT.TXTlog
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

It is gone now.

The only problem I am noticing currently is that AVG Free will not update. It says the connection with the update server has failed.[/QUOTE] Uninstall it using the below:

http://www.majorgeeks.com/files/details/avg_remover.html

Then reboot.

Then redownload and reinstall from the below link:

http://www.majorgeeks.com/files/details/avg_antivirus_free_edition.html


Is it working okay now?