Need help have followed the steps in Readme still stuck

Hi, would appreciate some help.

I've followed the steps by I seem to have a persistent issue with all by browsers where random advts. keep popping up on sites where there are none from the bottom of the browser window.

I'm on a 64bit win7 machine, and hence couldn't run the RootRepeal.

Your help is greatly appreciated. Below image shows the problem I'm facing.



If image doesn't display it can be accessed here https://skydrive.live.com/redir.asp...D3732C2EC2DB4C9!1814&authkey=!AGpXtFGAWSkx3oo


Thanks in advance.

 

Just realised that I added an incomplete version of the Mglogs file, so re-attaching it here. Apologies for any inconvenience.

 

Hi and welcome to Major Geeks, sanjayshetty!

I want you to read and follow these instructions: TDSSKiller - How to run

Please download aswMBR to your desktop.

• Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
• Select No when asked "Would you like to download latest Avast! virus definitions?"
• Click the [Scan] button.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)

Please download RogueKiller to your desktop.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
When it is finished, there will be a log on your desktop called: RKreport[1].txt
Attach RKreport[1].txt to your next message. (How to attach)

 

Thank you for taking the time to help. Really apreciate it.

I think Rogue killer found something in the registry. I've attached the reports.

 

Rescan with aswMBR and click the FixMBR button.
Then save and attach the newest aswMBR.txt log

 

Here's the log from aswMBR

 

Not so certain that worked, are you still experiencing problems?

 

As of now looks like it worked, however, after one of the earlier scans it felt the same. But the damn thing reappeared after about 15 minutes of randome browsing. So I'll revert back in a bit again. Thank you so much.

 

Nope it's back again! Any other ideas?

Just noticed something. Everytime I hit refresh on a page, the ad pops up again. Don't know if that's useful.

 

Ok keep me posted. There's really not any obvious malware in your logs. There are a few things we could remove just to be sure but pretty much all of it is NOT malware related.

By the way, the TortoiseSVN software you have installed, is this software you are aware of and would like to keep?

 

Yep TortoiseSVN I use regularly.

 

From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 29 (outdated)

Delete registry items detected in RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
When the scan is complete, press the Delete button
When it is finished, there will be a log on your desktop called: RKreport[3].txt
Attach RKreport[3].txt to your next message. (How to attach)

Do you have your Windows 7 Disc? We should attempt to restore a clean MBR that way.

 

Is it always advertising Norton?

When did this start?

Provide some examples of sites that this ad appears on.

I would also like you to boot into Safe Mode with Networking and test your internet there. Do these ads appear while there too?

 

Scan attached. Will hunt for the install disc, the laptop came pre-installed with Win7.

It started about 3,4 days ago. The ad appears on any site, including this site... note it's not from the site for sure, it's being served from joister.com It advertises hosting companies and some other stuff... not just norton. I tried one thing earlier, i.e. adding a host entry for joister.com to localhost 127.0.0.1 that didn't stop the pop from coming, just did not display the advt. :cry

 

Code:

[BSP] 90acae200d2eb8d39671d6897273d66c : Windows 7 MBR Code

Looks like aswMBR was able to restore a Windows 7 MBR after all

Let's run this too just to double-check:

Please download MBRCheck by clicking here and save it to your desktop.

• Double-click on the file to run it. (Vista/7 right-click and select Run as Administrator)
• A window will open on your desktop.
• If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
• If nothing unusual is found just press Enter.
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
• Attach this file to your next message. (How to attach)

 

I noticed none of the MGlogs.zip contained a HJT log. Please run the below:

Please download OTL by OldTimer.

• Save it to your desktop.
• Double click on the OTL icon on your desktop. (Vista/7 right-click and select Run as Administrator)
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the text-field.
  
  Code:

  netsvcs
  /md5start
  explorer.exe
  mshtml.dll
  regedit.exe
  services.exe
  svchost.exe
  userinit.exe
  winlogon.exe
  /md5stop
  

• Now click the button.
• Two reports will be created:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Attach both OTL.txt and Extras.txt to your next message. (How to attach)

 

ok I've done the checks, did MBRCheck after running OLT.

 

Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the text-field.

Code:

[COLOR="DarkRed"]:otl[/COLOR]
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3288561065-1393614363-2427677879-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3288561065-1393614363-2427677879-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKU\S-1-5-21-3288561065-1393614363-2427677879-1003..\Run: [Facebook Update] C:\Users\sanjayshetty\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3288561065-1393614363-2427677879-1003..\Run: [HSIAAccessManager] C:\Program Files\TATA\Photon+\hsiam.exe (EpiValley)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
[2012-02-03 01:00:49 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{C0D362B4-49A2-423F-8ED9-45F84FAD7A2A}
[2012-02-03 01:00:35 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{553F8B02-FC7D-4DD0-8107-4B244B4C4210}
[2012-02-02 23:33:29 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{703B5286-64F2-4B15-BCDB-F792792E3B5D}
[2012-02-02 23:33:15 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{79047B41-CB32-43DD-82D6-9C08033F602C}
[2012-02-02 20:56:47 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{465FBB00-0AF7-489C-8175-F193622B4125}
[2012-02-02 20:56:34 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{158B7B79-D4C5-4BE9-AEBF-14C084F3D8BE}
[2012-02-03 00:42:07 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{69D10BE9-2129-48E3-8932-D3633FC35A7C}
[2012-02-02 19:14:04 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{45CF96B1-B58C-4A05-8F13-586ECF63DF6B}
[2012-02-02 18:51:12 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{EAA70F4C-2AAF-432E-A3C1-2B812F8DD9D5}
[2012-02-02 18:37:31 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{4F3DCA4E-10D5-4FCE-85DA-4F2D17A04D8C}
[2012-02-02 18:37:17 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{EBF5254C-C1B8-4608-ADA8-EE1CF30F7E6D}
[2012-02-02 15:53:52 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{AA08A995-2CDC-403B-A0F9-1BB120B948B1}
[2012-02-02 15:53:37 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{3C8D9025-4855-489B-978B-621326493474}
[2012-02-02 01:22:17 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{F226B162-1174-4261-91F9-64038A26CC4B}
[2012-02-02 01:22:05 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{FD73E1CC-C97E-44CC-A8DE-B7C9A939E4D7}
[2012-02-01 12:40:52 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{BD6327CF-9068-45CA-95D6-5EE32FAD48A3}
[2012-02-01 12:40:39 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{788197F6-B97D-4229-B529-B182D049A3C5}
[2012-01-31 08:51:58 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{E38F465F-DA71-4D9C-97F7-7FF8FDEDE756}
[2012-01-30 16:24:20 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{0E3C9034-31AF-40D4-9685-B291DA100F94}
[2012-01-30 16:24:02 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{7190C76F-68FE-417E-A4CB-77D503DF0995}
[2012-01-30 08:54:41 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{F0180DFA-F93C-4D5C-9FF5-FA31A4761B04}
[2012-01-29 14:43:59 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{53383455-BCAF-4876-8F2F-A095B7CBFB79}
[2012-01-29 14:43:47 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{6DE84BC8-D0DF-4235-A815-57EC1CA2794D}
[2012-01-27 18:08:39 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{FCF9161E-A194-44C1-BEC1-9B1BFA3FB965}
[2012-01-27 18:08:28 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{50928174-B62B-46E7-9DED-DAE3F1E25273}
[2012-01-26 02:07:15 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{5A4ABA30-BA3F-478B-B805-1D90D93BE74B}
[2012-01-25 12:34:21 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{5CA654C3-1076-4EB0-9E81-7978556B3F87}
[2012-01-25 00:33:45 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{52A1C85E-4545-4F6B-9C36-34566192937A}
[2012-01-24 09:43:12 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{3E409CEA-72DC-4CEF-82FE-39106816BF75}
[2012-01-24 09:42:59 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{D2F97669-9F47-484E-B6C7-967554946AF5}
[2012-01-23 21:42:45 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{49B2262D-13CF-4B2F-AC44-F3DEF040E59D}
[2012-01-23 21:42:31 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{0095AF28-EF4D-464C-AD61-654025C591A1}
[2012-01-23 09:42:17 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{F0120E3B-CB5C-4DB5-81FB-75BDED9F6979}
[2012-01-23 09:42:05 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{FBDC1FA4-AD47-4249-916A-D21FCAE90791}
[2012-01-22 20:29:41 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{CCC263B8-E317-44BF-815B-673CFAE0FD4F}
[2012-01-22 20:29:26 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{2F0E29B5-77CA-4A71-A9FE-D05AF0AE8191}
[2012-01-21 11:04:45 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{2483CC33-36A9-45DA-A509-7E71889ECEA3}
[2012-01-21 11:03:48 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{4F3D732B-FB1E-425A-A112-51E6E78E2470}
[2012-01-20 12:00:35 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{ABD38800-4EB1-4EA5-B3D0-F8B235CE9A93}
[2012-01-20 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{1BC54490-FF61-486E-B896-C7B9D4D48429}
[2012-01-19 12:27:36 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{7A0CBB5E-161E-438F-B8F6-2E0CE730EBD4}
[2012-01-19 00:27:19 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{960E0F38-AF5D-4B03-9E8C-779DC0ED2749}
[2012-01-19 00:27:06 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{08BCC403-5A0E-4485-9A26-A27FDB73AD38}
[2012-01-18 12:26:53 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{1F899B7D-78D2-4A11-A4F5-AEEB334842C5}
[2012-01-18 12:26:42 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{EC2B8119-AC9B-4171-B09A-7CF05E5F62A4}
[2012-01-18 12:26:31 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{23BEBC22-DDEF-4897-8C00-341353823630}
[2012-01-18 12:26:19 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{A9E6B12A-07C8-4F70-AAF5-F09D6AD1A2F1}
[2012-01-18 00:26:02 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{414EC5AB-13C7-4A53-BDEA-97F5F7A83BBD}
[2012-01-18 00:25:49 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{7C917D39-1D9A-4413-AB88-742DE6BCDF67}
[2012-01-17 12:25:33 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{01812852-25D4-49C4-8852-329522B2E4A6}
[2012-01-17 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{B82B1643-EDAB-45D7-BEDC-ED56361038AD}
[2012-01-17 00:25:03 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{D6EADA93-3EC5-4AE2-9999-8F5A25521B77}
[2012-01-17 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{27B6C903-C518-48AD-BAC1-171404E24CBE}
[2012-01-16 12:24:31 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{A6837352-F851-49CC-9173-E43C25102988}
[2012-01-16 12:24:17 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{FE92C6AA-309A-42BF-805C-E3B7EC71E6A8}
[2012-01-16 00:17:12 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{3545D49F-A82C-478E-AA9C-07F86E6DE256}
[2012-01-16 00:17:00 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{90065041-F7C0-46DA-8BC8-6E4C90FF732C}
[2012-01-15 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{8EBC8933-77AD-4EFE-B682-2A8DFE72F004}
[2012-01-15 09:09:48 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{EE2BDC2C-1950-4D9C-81AA-05D0951039FB}
[2012-01-14 19:52:34 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{6CB997A1-37F5-4616-A340-9701D20C78D7}
[2012-01-14 19:52:19 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{2B7A0F92-F98C-4943-B866-6099C225ED88}
[2012-01-14 07:52:01 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{203E4886-D84E-4B0D-88EE-9BFE27DE7D89}
[2012-01-14 07:51:48 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{C3FC3BCE-3A06-4219-B308-06CF3F051E47}
[2012-01-13 19:51:36 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{901CFD8A-E7F9-49D7-B16C-245A3F2253F5}
[2012-01-13 19:51:25 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{43142A09-F9EC-405C-86C0-BDDAD604F2B1}
[2012-01-11 11:10:40 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{8BD786C8-98AC-4528-BA65-76FD7395280C}
[2012-01-11 11:00:59 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{739BF94C-630D-4D3A-BB86-E93C15A9818C}
[2012-01-10 12:23:12 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{429026B2-0FA4-445A-9F08-6676AD1DE32F}
[2012-01-09 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{7DB52D57-870F-44AA-887D-A72BCD35094E}
[2012-01-05 11:50:14 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{ED4EE619-69D5-407A-AE4B-81DBA9B9573E}
[2012-01-05 11:50:02 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{921E8B97-1784-4748-8AF1-80B1C432965C}
[2012-01-04 23:24:26 | 000,000,000 | ---D | C] -- C:\Users\sanjayshetty\AppData\Local\{7B45F751-060A-4347-BA2D-900B6A474B9F}
[2012-02-03 11:35:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012-02-03 11:33:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012-02-03 11:02:07 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3288561065-1393614363-2427677879-1003UA.job
[2012-02-03 11:02:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3288561065-1393614363-2427677879-1003Core.job
[2012-02-03 09:25:55 | 000,001,307 | ---- | M] () -- C:\Users\sanjayshetty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[COLOR="DarkRed"]:files[/COLOR]
ipconfig /flushdns /c
C:\TEMP\*.flv
C:\TEMP\*.txt
dir /s "C:\Users\sanjayshetty\Documents\Temp\" /c
[COLOR="DarkRed"]:reg[/COLOR]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-
[COLOR="DarkRed"]:commands[/COLOR]
[purity]
[emptytemp]
[resethosts]

Now click the button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

Now download the latest MGtools.exe to the root of your c: drive.

• Replace your existing MGtools.exe with this one.
• Now run this new MGtools.exe by double-clicking it. (Vista/7 right-click and select Run as Administrator)
• When it is finished, attach c:\MGlogs.zip to your next message. (How to attach)

 

Just noticed one thing, have been running in safe mode now for a good 15-20 mins. No popups coming. I'll run OLT and MGTools and revert in a few minutes.

Question: Should I run these two tools in safe mode?

 

Ok that's good to know.

You can run the OTL Fix from Safe Mode. However, MGtools must be run from Normal Mode.

 

ok did the tests with a few mis-steps downloaded MGTools to the desktop instead of C:\, then forgot to put of the anti-virus.

So did it all over again. Attached the logs.

The funny thing is when I ran MGTools the first time with anti-virus on, it gave no error, next time round after shutting anti-virus it gave an error, weird.

 

Here's something strange after the last two steps, I forgot to put the anti-virus back on, and the annoying ad pop up seems to have disappeared.

I'm now going to put the anti-virus(Microsoft Security Essentials) on and report after some time.

 

Ok, looks like the pesk is gone.
I've also re-booted and have been browsing various sites for a while, no sign of it.

This is such a relief, I really appreciate "thisisu" for taking the time to help me. Don't know how I can repay the time and effort you've put into helping me. I go by the same id I use here on various other sites as well, feel free to shout out if I can be of any help anytime. I'm also willing to voulnteer some time on these forums if needed. Though it's not my area of expertise. I'd be happy to do housekeeping, updating docs etc. if needed.

I'm so curious to understand what finally solved this problem. I'm guessing it had something to with OLT.

I'll also report back in a few days just to keep you updated, if you prefer.

One last thing, any ideas on how I got this pesk? Or what I could do in the future to avoid this?

Thanks for your help.

P.s. I guess I should now un-install or remove all the tools I've downloaded.

 

Glad to hear it. Is everything still OK?

You're welcome

We help because we like to. You can recommend us to your friends if you'd like.

I'm not sure to be honest.

How to Protect yourself from malware!

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe