at wit's end. Does ANYONE know anything about cookingluck?

Welcome to Major Geeks!

Yes it did. It is right where the READ & RUN ME told you it would be. Check again. But you also did not allow the program to properly finish running. I can see this from the newfile.txt log which reveals the scan was terminated before finishing. Thus your logs are incomplete. Also note that you did not follow the instructions on downloading MGtools.exe to your C:\ folder. You ran it directly from the website download link (i.e., you Opened it rather than Saved it).

How did you spend $75 dollars following our instructions? Everything we have you run is free.

What are the below items that you put in your C:\Program Files folder? They should not be here in this folder.

Code:

 
 
2008-01-23 20:59 256 ----a-w C:\Program Files\pool.bin
2007-11-07 02:49 2,629 ----a-w C:\Program Files\upgrade.log
2007-01-24 13:54 101 ----a-w C:\Program Files\iloptcfg.cfg
2007-01-19 00:03 958,591 ----a-w C:\Program Files\Synchronize.dll
2007-01-19 00:03 389,203 ----a-w C:\Program Files\CE.dll
2007-01-19 00:03 139,264 ----a-w C:\Program Files\WebLink.dll
2007-01-19 00:03 1,609,728 ----a-w C:\Program Files\SwitchMediaCardWizard.exe
2007-01-19 00:02 884,736 ----a-w C:\Program Files\LoaderLauncher.dll
2007-01-19 00:02 585,728 ----a-w C:\Program Files\MultimediaManager.dll
2007-01-19 00:02 2,142,208 ----a-w C:\Program Files\product.dll
2007-01-19 00:02 1,212,416 ----a-w C:\Program Files\DesktopMgr.exe
2007-01-19 00:01 774,144 ----a-w C:\Program Files\rim_media_manager.exe
2007-01-19 00:01 618,634 ----a-w C:\Program Files\rim_hh.dll
2007-01-19 00:01 462,848 ----a-w C:\Program Files\backuprestore.dll
2007-01-19 00:01 352,256 ----a-w C:\Program Files\DeviceOptions.dll
2007-01-19 00:01 348,299 ----a-w C:\Program Files\rim_asci.dll
2007-01-19 00:01 270,336 ----a-w C:\Program Files\DeviceSwitch.dll
2007-01-19 00:01 229,514 ----a-w C:\Program Files\RIMCXLServer.dll
2007-01-19 00:01 11,012 ----a-w C:\Program Files\desktopapi.tlb
2007-01-19 00:01 1,605,632 ----a-w C:\Program Files\RIMShellExt.dll
2006-11-10 19:06 70,312 ----a-w C:\Program Files\BlackBerry_Desktop_Software_Help.chm
2006-10-18 16:49 49,152 ----a-w C:\Program Files\Inetwh32.dll
2006-10-18 16:49 401,408 ----a-w C:\Program Files\toc_updt.exe
2006-10-18 16:49 4,178 ----a-w C:\Program Files\conn_install.cfg
2006-10-18 16:49 39,116 ----a-w C:\Program Files\ILSYNC.HLP
2006-10-18 16:49 28,887 ----a-w C:\Program Files\DESKTOP.HLP
2006-10-18 16:49 2,506 ----a-w C:\Program Files\ConnectorToXlatorMaps.txt
2006-10-18 16:49 10,871 ----a-w C:\Program Files\desktop.cnt
2006-10-18 16:49 1,743 ----a-w C:\Program Files\ilsync.cnt
2002-07-27 00:02 153,088 ----a-w C:\Program Files\UNWISE.EXE

What is the below doing in your Windows folder?

Code:

"C:\WINDOWS\"
SEARCH~1 Feb 25 2008 "Search And Destroy"
search~1.txt Feb 25 2008 6658 "Search And Destroy Setup Log.txt

I will give you some things to do based on your current logs but as I stated, the logs were incomplete.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Uninstall the below old versions of software:
Java(TM) 6 Update 3

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SearchAndDestroyMFC] C:\Program Files\Search And Destroy\Search And Destroy.exe
O15 - Trusted Zone: http://www.manhunt.net
O15 - Trusted Zone: http://www.msworld.org
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O21 - SSODL: SetupComponent - {66c03315-6d68-4e30-812d-461342def19b} - C:\WINDOWS\Installer\{66c03315-6d68-4e30-812d-461342def19b}\SetupComponent.dll

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Make sure you allow it to finish running this time.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

But these are not programs that were part of the READ & RUN ME and thus as I was pointing out, you did not spend this money due to running the READ ME. Neither of these are recommended in the READ ME. And in fact I even question the validity of Search & Destroy since it is trying to capitalize on the fame of the program that we did ask you to run which is Spybot Search & Destroy which is freeware. Note that you also are using Spybot - Search & Destroy 1.3 which is four years out of date and is not what we ask you to use in the READ ME.

[EDIT] In fact I just downloaded and installed this Search and Destroy program. It is junk / a rogue tool. It is showing non-existent registry keys and problems on my PC. Get your money back A.S.A.P. If you used a credit card, put a stop on the purchase now before they get you money because you may have problems getting it back otherwise.


You need to uninstall the below as requested in step 1 of the READ ME:
Viewpoint Manager (Remove Only)
Viewpoint Media Player

You also need to uninstall more old Sun Java versions as was also requested in the READ ME:
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

 

The more I looked at what this totall rogue tool is generating the more ridiculous it becomes. It is a totally fabricating non-existent problems. This Search and Destroy tool is a total fake and needs to now be added to our list of things to uninstall as it is a rogue program.

 

Don't let them try to tell you their program is valid and try to talk you out of uninstalling it (which they are sure to try). Also if on your credit card, put a stop payment on it.

Did you uninstall the 1.3 version of Spybot Search & Destroy? And did you download and install the latest version from the link in the READ ME? If not please do this.

Also you should install the below which just came out today:

SpywareBlaster 4.0


If you are not having any other malware problems, it is time to do our final steps:

1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN
   • Now type combofix /u in the runbox and click OK.
   • Note: The space between the X and the /U, it must be there.
2. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
3. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
5. If you are running Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
6. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Yes that is for fixing WareOut infections.

I have been having some great laughs about Search and Destroy. It is totally absurd what infections it is inventing. It is even giving infections on drives that do not exist, in folders that do not exist, mention files and registry keys that do not exist and much more. It such a piece junk! Just another tool to add to the 350 or so rogue tools that exist.

You're welcome and surf safely!

 

Don't feel too bad. Thousands of people have fallen for these advertisements and professionally looking websites (in some cases). See this list which is lagging behind (it has not been updated for over a year):

http://www.spywarewarrior.com/rogue_anti-spyware.htm

You're welcome. And remember to check here first the next time you have malware problem.