Random commercials playing on my laptop

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jayichi, Aug 10, 2009.

  1. jayichi

    jayichi Private E-2

    Some program on my computer is playing commercials and adds on my laptop. I have tried over and over again to download all the programs you have but they do not load up at all. I'm guessing what ever i have on my laptop is blocking the installation of the programs. I have and run CC cleaner and my own firewall program and cleaned a few thigs, but this problem still exists.
     
  2. jayichi

    jayichi Private E-2

    OK i was able to get MGtools to work but it didnt make a .zip log for me. I am attatching the hijackthis file that it made though. I'm very sorry for not having all the logs it's just that i can't get them to work. Found a zip.exe file i uploaded it im not sure if this is what you needed from MGTOOLS
     

    Attached Files:

  3. jayichi

    jayichi Private E-2

    sorry got ROOT repeal to work some how also
     

    Attached Files:

  4. jayichi

    jayichi Private E-2

    last one for the night i promise (wish i could edit my posts) Found the MGlogs.zip
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are WAY out of date with your copy of MGtools. You must always make sure you download and use the one linked to in the cleaning procedure. We will update it while doing the below.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Please double-click the RootRepeal.exe previously downloaded.
    • Select File then Scan
    • On the Select Drives form select drive C by "ticking" the box for drive C and click OK
    • When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
      • C:\WINDOWS\system32\uacinit.dll
      • C:\WINDOWS\system32\UAChjochunyao.dll
      • C:\WINDOWS\system32\UACjdqpsbpmkl.dll
      • C:\WINDOWS\system32\UACkjgakmcivk.dll
      • C:\WINDOWS\system32\UAClsmowulqbi.dat
      • C:\WINDOWS\system32\UACpsabobrpjn.dll
      • C:\WINDOWS\system32\UACqjgviijyiw.dll
      • C:\WINDOWS\system32\UACyvkayvpigi.db
      • C:\WINDOWS\Temp\UACd030.tmp
      • C:\WINDOWS\system32\drivers\UACxjsykdulvy.sys
      • C:\Documents and Settings\John Lassiter\Local Settings\Temp\UACb605.tmp
    • After Wiping all files, immediately reboot your pc!

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O4 - HKUS\S-1-5-19\..\Run: [juwidemili] Rundll32.exe "C:\WINDOWS\system32\yamiyuse.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [juwidemili] Rundll32.exe "C:\WINDOWS\system32\yamiyuse.dll",s (User 'NETWORK SERVICE')
    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
    After clicking Fix, exit HJT.

    Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\TEMP
    C:\Documents and Settings\John Lassiter\Local Settings\Temp

    Now try to run SUPERAntiSpyware, Malwarebytes and ComboFix per the cleaning instructions.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\avenger.txt
    • the logs from SUPERAntiSpyware, Malwarebytes and ComboFix if they ran
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  6. jayichi

    jayichi Private E-2

    OK i have run and done almost everything you asked and everything seems to be running smooth again. I was not able to run Combofix because the link on the website wouldn't work for me. I also couldn't give you an Avenger log because after the reboot i would get the error blue screen while booting up. All of the other logs are attached as asked. Thank you very much for your help in this matter.
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Most likely because you still did not download the current version. Try again. You also did not follow my instructions for downloading and running the current version of MGtools. Please do this properly and attach the new log.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds