Not sure if completely clean

Hello, multimedia.

I'll review your logs in the morning and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m

 

multimedia

Step 1:
To fix your file associations - please download from file-asso-fixes-for-windows-7 the EXE fix. *See the Instructions listed there.

Step 2:
Now download Sophos Anti-Rootkit 1.5 and save to a location you will be able to find such as your desktop

1. Run sar_15_sfx by double clicking on it.
2. Click Accept to agree to the EULA
3. Click Install (if you wish to change the default installation location do so here but remember where you install to, the default is C:\SOPHTEMP)
4. Once it finishes copying files, exit the installer

Running the scan

1. Navigate to the location that you installed the software to (Default: C:\SOPHTEMP)
2. Run the sargui Application by double clicking on it. (Note: if using Vista or Windows 7, use right click and select Run As Administrator).
3. Ensure that all three of the options are checked
4. Click Start Scan
5. Once the scan is complete, close Sophos Anti-Rootkit by closing the scan window and clicking Exit in the main window

*Do NOT click 'Clean up Checked Items' or attempt to have Sophos AntiRootkit fix anything unless I specifically instruct you.

Finding the logs

1. Click on Start --> Run
2. Type in %TEMP%\sarscan.log and press enter
3. The log file will open in the default editor (probably Notepad)
4. Click File --> Save As and save the file to your desktop or other location for easy retrieval.

Step 3:
Please download OTL by OldTimer, saving it to your desktop:

• Close all open windows on the Task Bar. Double-click the OTL icon to start the program and let it run uninterrupted.
• When the windows appears, underneath Output at the top - change it to Minimal Output.
• Under the Standard Registry box, change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Now click the Run Scan button at Top left and let the program run - the scan may take 5-10 minutes.
• Do not TOUCH your keyboard until the scan completes!
  • It will produce two (2) logs on your desktop, one will pop up called OTL.txt and the other - Extras.txt. These logs are saved normally directly under your C:/ directory.
  • Now exit Notepad.
  • Exit OTL by clicking the [X] at top right.

Please attach these logs to your next reply:

• sarscan.log
• OTListIt.txt and Extras.txt logs

 

Hello, multimedia

The scans took care of DefenseCenter and I only see a few things to tidy up.

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and continue on.

Step 2:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 3:
Using Windows Explorer - find and delete this folder:
C:\Users\User\AppData\Local\{5BCEF215-5CF1-4751-B619-D05E6E7A74EB}

Step 4:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Step 5:
Now install the latest Sun Java Runtime Environment

Step 6:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the new C:\MGlogs.zip file to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

 

Your logs look good! It is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif

 

You're welcome!