Smitfraud, Rootkits and no fun

Please do not change text log files into PDFs to attach. The text logs are automatically created by each scan and that is what we need you to attach.

You copy of SUPERAntiSpyware is way out of date. You need to uninstall it and then download, install, update, and run the current version given in the READ & RUN ME just to be safe.

Now put this PC into Normal Startup mode with MSconfig as requested in step 4 of READ & RUN ME and then rerun MGtools and attach a new log.

Did you knowingly install the PDFforge Toolbar which hijacks/changes search settings? While some people like this software, many consider it malware/adware.

Power down problems may not be due to malware

 

Other than the items already removed, your logs are clean. And there is nothing in the logs that would explain/account for shutdown problems. It is more likely just something that is being run.

Also slow startup appears to just be due to all the unnecessary toolbars, browser helper objects, and unnecessary startup processes including PDFforge ( which ComboFix broke since SearchSettings is a fairly well known search hijacker ).

You may want to try working problems in the Software Forum if you are still looking to avoid a reinstall.


Since you do not appear to have remaining malware problems, it is time to do our final steps. I'm not having you toggle System Restore since this may still be an option you wish to use.

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Re: Smitfraud, Rootkits and no fun - IGNORE LAST POST

Yes I know which is why I ignored them.

There is a lot of other unnecessary stuff that can be removed. Look at the startup list seen in the O4 lines of the HijackThis log in MGlogs.zip file that was attached. Below is a list of things for you to investigate why you need them. Many can just be used when needed and I would not install all the toolbars. I would uninstall every one of them.