help..!!! Trojan.JS.Redirector.ar

Hi i was wondering if someone can help me get rid of this virus that i have it says Trojan.JS.Redirector.ar please help i would appreciate it sooo much...thanks

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

Cheetah-Anti-Rogue v1.2.4
by DragonMaster Jay

Microsoft Windows [Version 6.0.6000]
Date: 01/25/2010 - Time: 11:14:55 - Arch.: x86


-- Malware tools check --
Malwarebytes' Anti-Malware


-- Known infection --

(HEUR:::AntiVir.RGE)


Extra message: Detection only.


EOF

Oh ok.

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.44
Database version: 3636
Windows 6.0.6000
Internet Explorer 8.0.6001.18882

1/25/2010 11:34:35 AM
mbam-log-2010-01-25 (11-34-35).txt

Scan type: Quick Scan
Objects scanned: 118564
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 20
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\EvenMoreMegaSwellAdsForYou\EvenMoreMegaSwellAdsForYou.dll (Adware.EvenMoreMegaSwellAdsForYou) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{92f11f92-3d21-4da5-cf1d-ef228fb116a1} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{734e0875-865a-4287-dd87-2a9564e09db2} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb692fe4-6873-09e0-c127-95e8ba2f94ff} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb692fe4-6873-09e0-c127-95e8ba2f94ff} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb692fe4-6873-09e0-c127-95e8ba2f94ff} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb692fe4-6873-09e0-c127-95e8ba2f94ff} (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\evenmoremegaswelladsforyou.evenmoremegaswelladsforyou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\evenmoremegaswelladsforyou.evenmoremegaswelladsforyou.1 (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\EvenMoreMegaSwellAdsForYou.DLL (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Delete on reboot.

Files Infected:
C:\Program Files\EvenMoreMegaSwellAdsForYou\EvenMoreMegaSwellAdsForYou.dll (Adware.EvenMoreMegaSwellAdsForYou) -> Delete on reboot.
C:\Program Files\Fast Browser Search\IE\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\EvenMoreMegaSwellAdsForYou\uninstall.exe (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.

it said i had to restart so i did

Hi again. Please do these steps in order.

1. Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

2. Please re-open Malwarebytes, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

5. Post the following in your next reply:

• MBAM log
  
• SAS log
  
• ESET log

And, please tell me how your computer is doing.

Malwarebytes' Anti-Malware 1.44
Database version: 3636
Windows 6.0.6000
Internet Explorer 8.0.6001.18882

1/25/2010 2:09:47 PM
mbam-log-2010-01-25 (14-09-47).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 305381
Time elapsed: 1 hour(s), 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

do i still have to do steps 3,4,5???

C:\programdata\ParetoLogic (ParetoLogic.RGE) i have scanned with cheetah and this is my scan report

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/25/2010 at 03:09 PM

Application Version : 4.33.1000

Core Rules Database Version : 4515
Trace Rules Database Version: 2327

Scan type : Complete Scan
Total Scan Time : 00:41:13

Memory items scanned : 919
Memory threats detected : 0
Registry items scanned : 8370
Registry threats detected : 21
File items scanned : 31789
File threats detected : 0

Browser Hijacker.Deskbar
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version

Please post the ESET log. Also, please do the following:

Please download V-Tool, and save to your Desktop.

• Double-click on vtool.zip, and extract the file to your Desktop.
  
• Double-click on vtool.cmd to start.
  
• !! IMPORTANT !!::: At each prompt ("Press any key to continue..."), wait 10 seconds before pressing a key. This tool needs time to process each prompt.
  
• It will finish eventually and launch a log. Do NOT exit the tool. Allow it to finish. (vtool.txt)
  
• Post the contents of it in your next reply.