Something sinister?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by buzzkilt, Jan 8, 2013.

  1. buzzkilt

    buzzkilt Private E-2

    Hello. I've recently asked a couple questions from the members here, and they've have been really great with their responses, so here I am again. Only this time with something that may be a bit more ominous.

    In the past couple of days I had started to notice some strange files showing up in some of my system folders. Things like NTUSER.DAT, ntuser notepad's, the desktop.ini and .recently-used.xbel. Now these were showing up in my Administrator folders, User folders, Documents folder, Pictures, Video .. etc.

    Now knowing that I had made no changes whatsover to my system, I became somewhat intrigued/paranoid. I ran my anti-virus program, malware scan and TDSSkiller. I was only able to locate 2 low-level malware infections from a couple of years ago (which I removed).

    I then turned back on hidden files and folders and hide protected files (why they were off, I have no clue) and looked to see if the exposed files above were still showing. They were. I went through regedit and made sure that the hide key #'s were correct. They were, and the files above were still showing. So only then by right-clicking and switching them to read-only and hidden, did they go hidden again.

    The .recently-used.xbel had been modified a couple of days ago, but not by me. And, again, I did not switch my hidden settings off to expose the above files. They were set to keep all files hidden.

    Does this sound like it could be a possible keylogger?

    Any help appreciated.

    I do have a Hijack This report log, if someone would like to see it.
     
    Last edited: Jan 8, 2013
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    None of those files you mentioned are malware and it doesn't "smell" of malware at all but if you would like for me to rule that out you will need to follow the below instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
  3. buzzkilt

    buzzkilt Private E-2

    Okay, here are my logs and thank you for your help.
     

    Attached Files:

  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these 8 detections:

    • [RUN][SUSP PATH] HKLM\[...]\Run : DvhhCCFbLujqW.exe (C:\Documents and Settings\All Users\Application Data\DvhhCCFbLujqW.exe) -> FOUND
    • [RUN][SUSP PATH] [ON_E:Default User.WINDOWS1]HKCU[...]\Run : (C:\WINDOWS1\TEMP\hkhwpxs.exe) -> FOUND
    • [RUN][SUSP PATH] [ON_E:Default User.WINDOWS1]HKCU[...]\Run : Windows Resurections (C:\WINDOWS1\TEMP\hkhwpxs.exe) -> FOUND
    • [RUN][ROGUE ST] [ON_E:Default User.WINDOWS1]HKCU[...]\Run : Diagnostic Manager (C:\WINDOWS1\TEMP\15057346.exe) -> FOUND
    • [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : reader_s (C:\Documents and Settings\User\reader_s.exe) -> FOUND
    • [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : (C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe) -> FOUND
    • [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : Windows Resurections (C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe) -> FOUND
    • [RUN][ROGUE ST] [ON_E:User]HKCU[...]\Run : Diagnostic Manager (C:\DOCUME~1\User\LOCALS~1\Temp\640057346.exe) -> FOUND
    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    • R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
    • O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
    • O4 - HKLM\..\Run: [DvhhCCFbLujqW.exe] C:\Documents and Settings\All Users\Application Data\DvhhCCFbLujqW.exe

    After clicking Fix exit HJT.


    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    :Files
    C:\Documents and Settings\All Users\Application Data\DvhhCCFbLujqW.exe
    C:\WINDOWS1\TEMP\hkhwpxs.exe
    C:\WINDOWS1\TEMP\15057346.exe
    C:\Documents and Settings\User\reader_s.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\640057346.exe
    C:\Documents and Settings\User\Local Settings\Application Data\couponamazing
    C:\Program Files\Common Files\Spigot
    C:\Documents and Settings\All Users\Application Data\DvhhCCFbLujqW.exe
    C:\Documents and Settings\All Users\Application Data\blekko toolbars
    C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
    C:\WINDOWS\Tasks\ParetoLogic Registration.job
    
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
    "SearchSettings"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}]
    
    :Commands
    [emptytemp]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.



    Now give Hitman a rerun and have it delete Malware Remnants and Potential Unwanted Programs.

    Please give Ccleaner a run, not the registry scanner, just the cleaner itself, to be rid of many temp files.

    Go to this MGTools and download the new version of MGtools.exe. Overwrite your previous MGtools.exe file with this one.

    Run the new MGTools.exe and attach the new MGlogs.zip

    Re run RogueKiller once more, just a scan and attach log please.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
  5. buzzkilt

    buzzkilt Private E-2

    Before I go any further, during the process of running OTM it moved 6 processes under the title of "Processes Killed". Then the program just sat there. There was no prompt to reboot or any indication that it was done, other than the hour glass timer turned into an I type slash. I gave it an hour to see if something else would happen, but it did not. So I had to reboot the pc by switching off the power. Everything then started up fine, but there was no .log file to be found in the _OTM heirarchy of folders. I did manage, however, to jot everything down by hand before I manually restarted the computer.

    Should I proceed to the next step?
     
    Last edited: Jan 9, 2013
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please.. :)
     
  7. buzzkilt

    buzzkilt Private E-2

    Problems incurred -

    - during the run of MG Tools, I could not locate O4 - HKLM\..\Run: [DvhhCCFbLujqW.exe] C:\Documents and Settings\All Users\Application Data\DvhhCCFbLujqW.exe to fix it. It wasn't listed.

    - OTM created no data log in the C:\_OTM\MovedFiles folder hierarchy (attached is a txt of what I jotted down before restarting the pc)

    - Hitman Pro showed 5 remnants (one I believe was my anti-virus definitions list, even though it is disabled), but wouldn't allow me to delete anything. It said I had to register & purchase.

    Improvements are that the speed of the pc is quick and responsive again. I no longer see two quick black boxes in the upper left of the desktop screen upon start-up. They would briefly flash when the pc was first initializing. They were titled C\Windows\32cmd.exe or something to that effect. I would have listed this problem from the beginning, but it just started yesterday, after my initial post.

    I'm not sure if I missed something with regards to HitmanPro. I dl'ed it from this site, and from the listing in the Malware Guide.
     

    Attached Files:

  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Seems like you did not run Ccleaner as I requested. ;) Please do so. And some of our last fix failed, let's try again.


    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these 5 detections:

    • [RUN][SUSP PATH] [ON_E:Default User.WINDOWS1]HKCU[...]\Run : (C:\WINDOWS1\TEMP\hkhwpxs.exe) -> FOUND
    • [RUN][PREVRUN] [ON_E:User]HKCU[...]\Run : reader_s (C:\Documents and Settings\User\reader_s.exe) -> FOUND
    • [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : (C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe) -> FOUND
    • [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : Windows Resurections (C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe) -> FOUND
    • [RUN][ROGUE ST] [ON_E:User]HKCU[...]\Run : Diagnostic Manager (C:\DOCUME~1\User\LOCALS~1\Temp\640057346.exe) -> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.

    Download The Avenger by Swandog469, and save it to your Desktop.

    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.



    Re run Hitman and have it delete Malware remnants please.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  9. buzzkilt

    buzzkilt Private E-2

    Thank you for your continued patience with me.

    Alas, I found the HitmanPro trial license agreement LOL and was able to have it delete the found remnants. I've attached the log from after the HitmanPro deletion process.
     

    Attached Files:

  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run RogueKiller again, just a scan please, and attach the log. :)
     
  11. buzzkilt

    buzzkilt Private E-2

    When I ran this before, not this time (as I only scanned), I noticed that two of the entries became listed as error when deleting.
     

    Attached Files:

  12. buzzkilt

    buzzkilt Private E-2

    The last attached RKReport was done with my files set back to hidden.

    This is the report with the windows files not hidden. Sorry about that.
     

    Attached Files:

  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please download Combofix to your desktop. Please refer to these instructions prior to running.

    Attach log once done.
     
  14. buzzkilt

    buzzkilt Private E-2

    ComboFix log.
     

    Attached Files:

    • log.txt
      File size:
      14.3 KB
      Views:
      5
  15. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Now we need to use ComboFix by sUBs

    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::
    
    Driver::
    BFYQA
    
    File::
    c:\docume~1\User\LOCALS~1\Temp\BFYQA.exe
    C:\WINDOWS1\TEMP\hkhwpxs.exe
    C:\Documents and Settings\User\reader_s.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\640057346.exe
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      [​IMG]

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.


    Now rerun RogueKiller and attach that log too.
     
  16. buzzkilt

    buzzkilt Private E-2

    Logs -
     

    Attached Files:

  17. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Dammit. Run Ccleaner (not the reg scanner just the cleaner itself) and then rerun RogueKiller again after reboot and attach the new log please.
     
  18. buzzkilt

    buzzkilt Private E-2

    Edit. I didn't reboot. I'll be right back.
     

    Attached Files:

  19. buzzkilt

    buzzkilt Private E-2

    Okay, redid the process. Ccleaner > reboot > RKiller > log

    Just tell me where & when to run Ccleaner.
     

    Attached Files:

  20. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download OTL to your desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.

    Also...


    Run this and attach the results.

    Using ESET's Online Scanner
     
  21. buzzkilt

    buzzkilt Private E-2

    The online scanner doesn't work for me. After loading the virus definitions, the page reads "an unexpected error has occured" and only gives me the option of selecting the back tab. I tried it four times, anti-virus program off and nothing running.
     

    Attached Files:

  22. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I do not understand why the RogueKiller fixes we are doing have been failing. I don't think antivirus is blocking them or anything like that. I need to seek advice, hang in there. :)
     
  23. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:


    • [RUN][SUSP PATH] [ON_E:Default User.WINDOWS1]HKCU[...]\Run : (C:\WINDOWS1\TEMP\hkhwpxs.exe) -> FOUND
      [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : reader_s (C:\Documents and Settings\User\reader_s.exe) -> FOUND
      [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : (C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe) -> FOUND
      [RUN][SUSP PATH] [ON_E:User]HKCU[...]\Run : Windows Resurections (C:\DOCUME~1\User\LOCALS~1\Temp\ry6628uo.exe) -> FOUND
      [RUN][ROGUE ST] [ON_E:User]HKCU[...]\Run : Diagnostic Manager (C:\DOCUME~1\User\LOCALS~1\Temp\640057346.exe) -> FOUND
    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Do not reboot your computer yet.

    Now re-run RogueKiller and attach that new log as well.
     
  24. buzzkilt

    buzzkilt Private E-2

    New RK logs -
     

    Attached Files:

  25. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    While I am waiting on advices and further thinking about how to go about this, let's try doing the same fix again that Tim gave you but in SAFE MODE. Then as he said, rerun Rogue Killer (but in normal mode then) and attach the log. It probably will not work but I want to see if perhaps safe mode might work because something is blocking the fix in normal mode.
     
  26. buzzkilt

    buzzkilt Private E-2

    1 & 2 - safe mode/scan and delete scan
    3 - safe mode/scan only
    4 & 5 - normal mode/scan and delete scan
     

    Attached Files:

  27. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What is your E drive?
     
  28. buzzkilt

    buzzkilt Private E-2

    I'm not quite sure how to answer that. It's basically like the C drive, only much smaller. It consists of 75 GB of total space, of which 60 is being used. I use it for storage of files, I suppose.

    It does have WINDOWS, WINDOWS1 & an engine32 folder in it. I never created it and believe it was always setup this way.
     
  29. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    We need to have you boot from the E drive and run that RogueKiller fix please.
     
  30. buzzkilt

    buzzkilt Private E-2

    Okay, my original boot sequence was as follows:

    1 FLOPPY DISK
    2 HARD DISK
    3 CDROM

    I switched floppy disk to 2 and hard disk to 1. The scan results are RK1 & 2.

    I then switched the order to CDROM 1, HARD DISK 2 and FLOPPY to 3. The scan results are RK3 & 4.

    A couple of notes - since we changed/rewrote some of the windows script back on page 1, when rebooting I initially get a BIOS screen asking me to select what method to start the computer with. This lasts only a couple of seconds (the default selection being Windows XP) and then switches to the windows screen. The screen then lasts (windows is booting, I assume) about 90 seconds and then the pc starts. Originally, before we started this whole process, the windows boot time was just a few seconds.

    The next note is, when I went to re-assign which drive to start on, (the very first time I have rebooted in a day or two) I got the BIOS screen saying 'Floppy Disk(s) Fail (40)'. I ingnored it, and went ahead and did the initail re-assign of the drives. I then restarted, got the same BIOS screen reading 'Floppy Disk(s) Fail (40)', and again ignored and re-assigned the drives to start as the second entry above. I haven't rebooted since, as I thought I'd mention it to you guys.
     

    Attached Files:

  31. buzzkilt

    buzzkilt Private E-2

    Alright, now we may be getting somewhere. I'm not completely ignorant when it comes to pc's, but I'm not quite "all there" either. Most of this stuff, I've never messed with before.

    The BIOS screen gave me an option to switch the hard drives. So I did. Upon start-up, the system freaked, threw up a bunch of cannot boot diagnostics and reset my clock, date and time (all the way back to Sept 2005). It did give me an option to restart the pc. So I did.

    During the restart, and since the pc automatically goes to the BIOS "Floppy Disk(s) Fail (40)" screen now/everytime, I switched the drives back. The pc started fine, albeit the 90 second windows boot, and so I started another RK scan. This time it worked, kinda.

    The same five usual suspects showed, and I selected them and pushed delete. When the scan was over, this time I hit scan again without exiting the program. It scanned, and only the two ERROR instances remained. So again, I entered a scan without closing RK. Again, the two ERROR instances showed, but the other 3 are now gone. So I closed RK, and then started it again. The two ERROR instances still remain, but the others are now gone.

    I've attached the delete scan from when the 3 instances were deleted and the logs from the last scan that I took.
     

    Attached Files:

    Last edited: Jan 14, 2013
  32. buzzkilt

    buzzkilt Private E-2

    UPDATE -

    I was able to move a copy of RKiller over to the E drive. I rebooted the pc to start on the E drive. The first log is from that scan.

    I then rebooted the pc to start on the C drive. Ran a RKiller scan. The last two logs are from that scan.

    I apologize for my inconsistency here. I haven't had much time the past 2 days to stay with it. If these aren't the logs that you need, please let me know.
     

    Attached Files:

  33. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please download autoruns Run it from the E drive if possible. See if you can click on the "Everything" tab and identify what RogueKiller is hitting on. Let me know.
     
  34. buzzkilt

    buzzkilt Private E-2

    I ended up reinstalling windows. It sucked.

    Would you kindly take a look at this RK log from the new install? Thanks!
     

    Attached Files:

  35. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You need to try and do what I said in post #33. :)
     
  36. buzzkilt

    buzzkilt Private E-2

    I went to run autoruns on the E drive the other day, and the Windows on that drive was whacked-out. I said screw it and nuked it today, placing a fresh new install of Windows on that drive. About a week ago I reinstalled Windows on the C drive, aswell. I did keep some gaming files through the process by switching them to the drive that wasn't being scrubbed. I don't know if they were contaminated.

    Attached is a RK scan from the C drive. The old E drive is now D, and hasn't been messed with at all, other than the fresh install of Windows. No programs added, no internet accessed, etc .. RKiller only detects one trace now.
     

    Attached Files:

  37. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Much better. :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Press and hold the Windows key [​IMG] and then press the letter R on your keyboard. This opens the Run dialog box.
      • Copy and paste the below into the Run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove, you can delete these files now.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
  38. buzzkilt

    buzzkilt Private E-2

    Kestrel13 and TimW - Thank you both for your help & guidance. Muchly appreciated! :wine
     
  39. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Most welcome. :) Safe surfing!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds