Help Requested with Pop Ups -- Logs Attached

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ewallace18, May 24, 2009.

  1. ewallace18

    ewallace18 Private E-2

    Thanks for your help in advance.

    I have recently been seeing more and more pop ups while browsing in IE. I use Vista Home 64-bit as my OS. This has been going on for a month or two. As weird as it seems I seem to see most of them when I am navigating on newspaper sites. They usually appear when I click a link on the home page to open up a page with details of a story. Basically all of the pop ups are from casalemedia.

    I carefully ran the entire malware removal guide as described before posting. I think I did it right as I have a little better than average computer knowledge. I did not run combofix because the instructions said not to with a 64-bit system. All of the other programs seemed to run ok.

    The three logs are attached.

    Any help would be great.

    Thanks,
    Eric Wallace
     

    Attached Files:

    ewallace18, May 24, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Your logs show no signs of malware. Are you sure that you are not just getting popups related to the websites you are accessing? For example, are you getting popups while coming here to Major Geeks. CasaleMedia is most frequently found as a cookie which is not a problem. What browser are you using?

    Please uninstall Viewpoint Media Player as requested in step 1 of the READ & RUN ME.

    What is VideoToolkit01 that you have installed and when did you install it?


    Now let's just cleanup some caches and miscellaneous junk, but I don't think you are having malware problems.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

    After clicking Fix, exit HJT.




    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!


    Now let's flush the Java Cache
    • Click Start > Settings > Control Panel
    • Double click the Java icon (be patient, it may take a while to open)
    • Now click the General tab and under the Temporary Internet File area
    • Click the Settings button and then click the Delete Files... button.
    • In the next popup click OK.
    If you have multiple Java plugin icons in Control Panel follow the above to clear all their caches.


    Now let's flush the Internet Explorer Cache




    To flush your Internet Explorer Cache:
    • click Tools
    • Internet Options
    • Now on the General tab and click Delete Files and select Delete all Offline content too
    • Click OK.
    • When it finishes Click OK.
    Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Users\Eric\AppData\Local\Temp


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).




    Then attach the below log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, May 25, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds