MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 05-23-08, 20:12
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Vista machine w/mediaplex

I'm working on a computer for someone and ran through all the steps. I still have mediaplex and another that are being reported on Spybot. I'm don't know how to deal with this.
Here are the logs. Thanks!
Attached Files
File Type: txt combofix.txt (27.8 KB, 2 views)
File Type: txt mbam-log-5-23-2008 (14-02-18).txt (7.2 KB, 3 views)
File Type: zip MGlogs.zip (50.4 KB, 4 views)
Reply With Quote
Sponsored links
  #2  
Old 05-23-08, 20:16
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

Here is the SAS log.
Attached Files
File Type: log SUPERAntiSpyware Scan Log - 05-22-2008 - 15-55-08.log (10.1 KB, 3 views)
Reply With Quote
  #3  
Old 05-24-08, 11:56
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

Chaslang,
I received a message from you stating that you were moving these logs to my orginal post. I don't see your post. However, these are 2 different machines, which perhaps you saw and that is why this post is not dead.
I did not realize that 2 posts were an issue, and I will not post again in this one until the other one is resolved.

Regards,
Panda
Reply With Quote
  #4  
Old 05-24-08, 14:22
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,381
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: Vista machine w/mediaplex

Quote:
Originally Posted by Bad Panda View Post
Chaslang,
I received a message from you stating that you were moving these logs to my orginal post. I don't see your post. However, these are 2 different machines, which perhaps you saw and that is why this post is not dead.
I did not realize that 2 posts were an issue, and I will not post again in this one until the other one is resolved.
Yes when I saw this I thought it was in response to what I asked you to do in the other thread. Then I realized that it was really another computer. It is not a problem to work multiple PCs (each having a different thread), it is just less confusion for all if you don't work them at the same time since sooner or later someone will get confused.

I will post a fix (in another message) for this new PC but it would be good if you first complete the other thread 100% (still waiting for the results of the fix that was given) and then continue this one.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #5  
Old 05-24-08, 14:47
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,381
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: Vista machine w/mediaplex

It appears that you forgot to accept the license agreement for HijackThis that pops up when running MGtools. Goto C:\MGtools and right click on analyse.exe and select Run As Administrator. Accept the license agreement (you may have to click twice) and then just run a scan. Don't bother saving a log right now. Then just exit HijackThis.

Also it appears that GetRunKey.bat did not run properly. Did you have any problems or error messages while running MGtools? Was UAC disabled and did you reboot after disabling? Was Spy Sweeper's protection disabled??? It may be causing problems. Is this copy of Spy Sweeper a paid version or free trial. If trial, uninstall it now.

You also did not put this PC into normal startup mode with MSconfig. You must do this now as requested in step 1 of the READ ME and why woud the user want to break the protect of Avast by not allowing it to startup?


Uninstall the below software as requested in step 1 of the READ ME:
Ask Toolbar
BearShare MediaBar
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Viewpoint Media Player

Do you know what the below folder and .bat file are for?
Code:
2008-04-27 11:17 . 2008-05-21 12:28 <DIR> d--hs---- C:\Users\Owner\!
2008-04-27 11:17 . 2008-04-27 11:17 433 --a------ C:\Users\Owner\584.bat
Now we need to use ComboFix to remove a bunch of malware files.
  • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below quote box into it:
Quote:
KILLALL::


File::
C:\WINDOWS\privacy_danger\index.htm

Folder::
C:\Program Files\alot
C:\Program Files\AskSBar

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"852EBF20-A95D-4F1F-B9C2-B2CD24350F3EXXX"=-
"SunJavaUpdateSched"=-
"Reminder"=-
"QuickTime Task"=-
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below
Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Quote:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-
Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:
  • C:\ComboFix.txt
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #6  
Old 05-25-08, 11:39
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

Regarding the normal startup; it isn't allowing me to put it into normal mode. I enable it, but it goes back to a selective configuration where an item was removed from the startup. The only thing not showing up part of Avast. Any suggestions on how I might correct this?
Reply With Quote
  #7  
Old 05-25-08, 11:44
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

Oh, I did not see any errors on the Getrunkey.bat when it ran.
I sprained my ankle friday so I won't be getting on this issue...probably until tuesday. Hope that isn't a problem.
Reply With Quote
  #8  
Old 05-25-08, 19:26
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,381
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: Vista machine w/mediaplex

Quote:
Originally Posted by Bad Panda View Post
Oh, I did not see any errors on the Getrunkey.bat when it ran.
You did not address all of my questions. Like whether UAC was disabled and had you rebooted after disabling. Was Spy Sweeper disabled? Is Spy Sweeper a paid vversion? Also I commented about the license agreement for HijackThis.

Quote:
Originally Posted by Bad Panda View Post
I sprained my ankle friday so I won't be getting on this issue...probably until tuesday. Hope that isn't a problem.
Sorry to hear this. No problem. Just get back to us when you can.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #9  
Old 05-27-08, 18:08
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

Quote: You did not address all of my questions. Like whether UAC was disabled and had you rebooted after disabling. Answer: UAC was disabled and I had rebooted.

Q: Was Spy Sweeper disabled? A: No.
Q: Is Spy Sweeper a paid vversion? A: Yes. It is a full, apparantly ineffective, version.
Q: Also I commented about the license agreement for HijackThis. A: I don't remember seeing the license agreement window. More than likely I did not run the program as administrator and didn't see any errors.
Q: Do you know what the below folder and .bat file are for?
Code:
2008-04-27 11:17 . 2008-05-21 12:28 <DIR> d--hs---- C:\Users\Owner\!
2008-04-27 11:17 . 2008-04-27 11:17 433 --a------ C:\Users\Owner\584.bat
Answer: The directory c:\users\owner\! holds multiple avi files. This is the batch text
Echo off
:A
Del C:\Users\Owner\services.exe
If Exist C:\Users\Owner\services.exe Goto A
:B
Del C:\Users\Owner\csrss.exe
If Exist C:\Users\Owner\csrss.exe Goto B
:C
Del C:\Users\Owner\smss.exe
If Exist C:\Users\Owner\smss.exe Goto C
:D
Del C:\Users\Owner\svchost.exe
If Exist C:\Users\Owner\svchost.exe Goto D
:E
Del C:\Users\Owner\winlogon.exe
If Exist C:\Users\Owner\winlogon.exe Goto E
Del C:\Users\Owner\584.bat


Considering that I am unable to get it into normal startup mode, what should my next steps be? As you mentioned in your post, Avast is not starting up with all options enabled. This is not by my choice. Should I follow your steps that started with running Combofix?
Reply With Quote
  #10  
Old 05-28-08, 01:07
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,381
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: Vista machine w/mediaplex

Quote:
Originally Posted by Bad Panda View Post
Q: Was Spy Sweeper disabled? A: No.
Spy Sweeper can and will get in the way of malware removal steps. Can you uninstall this for now? Will it let you uninstall it in safe mode? If you can, uninstall in safe mode, see if you can uninstall the 5 other items I requested a few messages back.

Quote:
Originally Posted by Bad Panda View Post
Q: Also I commented about the license agreement for HijackThis. A: I don't remember seeing the license agreement window. More than likely I did not run the program as administrator and didn't see any errors.
You must follow the instructions. When you run MGtools (or GetLogs.bat from MGtools) or analyse.exe (which is HijackThis.exe) you must right click and select run as administrator.

Quote:
Originally Posted by Bad Panda View Post
QAnswer: The directory c:\users\owner\! holds multiple avi files.
Okay but who put them there. Do they belong to the owner?

Quote:
Originally Posted by Bad Panda View Post
This is the batch text
Echo off
:A
Del C:\Users\Owner\services.exe
If Exist C:\Users\Owner\services.exe Goto A
:B
Del C:\Users\Owner\csrss.exe
If Exist C:\Users\Owner\csrss.exe Goto B
:C
Del C:\Users\Owner\smss.exe
If Exist C:\Users\Owner\smss.exe Goto C
:D
Del C:\Users\Owner\svchost.exe
If Exist C:\Users\Owner\svchost.exe Goto D
:E
Del C:\Users\Owner\winlogon.exe
If Exist C:\Users\Owner\winlogon.exe Goto E
Del C:\Users\Owner\584.bat
Looks like someone was trying to use a batch file to constantly loop on fixing some malware files. Do you know who? Delete this batch file as it is not needed.


Quote:
Originally Posted by Bad Panda View Post
Considering that I am unable to get it into normal startup mode, what should my next steps be?
I need to know more about this issue. When you set it to normal startup are you saying it immediately goes right back to selective startup or are you saying it reverts when you do the reboot? Please post the contents of the C:\boot.ini file here. This is a hidden file. It could have a /SAFEBOOT in it which is stuck and forcing you back to safe boot mode.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #11  
Old 05-29-08, 11:56
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

Spysweeper and all 5 programs have been uninstalled. I have not installed the updated version of Java yet, but has MGTools has been ran as Admin. AVI files have been deleted; the owner believes her brother put them on. The owner had no idea what a batch file was or how it got on the system. It has been deleted.
Here is something odd. I only see a file boot.ini.saved. boot.ini is not to be found (yes, hidden files are shown.) The text of the .saved file reads:

;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /NOEXECUTE=OPTIN /FASTDETECT

Normal startup question: your description of the symptom is correct. When I set it to normal startup, it returns to selective.
I'll run CF from earlier step and post requested logs & put Java on while waiting for any reply. Thanks for everything!!!
- - - - -
Quote:
Originally Posted by chaslang View Post
Spy Sweeper can and will get in the way of malware removal steps. Can you uninstall this for now? Will it let you uninstall it in safe mode? If you can, uninstall in safe mode, see if you can uninstall the 5 other items I requested a few messages back.

You must follow the instructions. When you run MGtools (or GetLogs.bat from MGtools) or analyse.exe (which is HijackThis.exe) you must right click and select run as administrator.

Okay but who put them there. Do they belong to the owner?

Looks like someone was trying to use a batch file to constantly loop on fixing some malware files. Do you know who? Delete this batch file as it is not needed.


I need to know more about this issue. When you set it to normal startup are you saying it immediately goes right back to selective startup or are you saying it reverts when you do the reboot? Please post the contents of the C:\boot.ini file here. This is a hidden file. It could have a /SAFEBOOT in it which is stuck and forcing you back to safe boot mode.
Reply With Quote
  #12  
Old 05-29-08, 13:32
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

I ran this and thought you might want the updated version... I'll stop messing around with this until I hear from you.
Attached Files
File Type: zip MGlogs.zip (54.7 KB, 2 views)
Reply With Quote
  #13  
Old 05-30-08, 12:52
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,381
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: Vista machine w/mediaplex

Quote:
Originally Posted by Bad Panda View Post
Here is something odd. I only see a file boot.ini.saved. boot.ini is not to be found (yes, hidden files are shown.) The text of the .saved file reads:

;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.-
Yes I forgot for the moment that this was Vista which does not have boot.ini.

Are you sure you are in safe boot mode??? Your last MGlogs.zip file shows you were in normal boot mode. This is seen in the hijackthis.log file inside of the ZIP file. It showed this
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:44 AM, on 5/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
In MSconfig, if you select the Boot tab, what options are checked on the page. Look at all options and report back on them. Did someone check the option to make all boot options permanent? If yes, uncheck it. Also if the /SAFEBOOT box is checked, uncheck it.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O24 - Desktop Component 0: (no name) - http://www.google.com/images/x2.gif
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 2: (no name) - http://video.google.com/url?vidurl=h...Ml9-Gwb3oIbqjw

After clicking Fix, exit HJT.

Now reboot!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #14  
Old 05-30-08, 13:16
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

I'm going to reply regarding the startup first, then run the MGT and post the logs in a seperate post.
When I started the system, the window showing that "MSCONFIG has been used to alter startup options...blah, blah" came up. I ran msconfig and it shows the following:
Selective Startup with LOAD SYSTEM SERVICES checked and LOAD STARTUP OPTIONS blocked.
Boot tab - nothing checked.
Under the SERVICES tab, all are checked.
Under the STARTUP tab, all are checked with the exception of Avast Antivirus. I think something is preventing it from starting. Perhaps it is the McAfee that shows on startup but mentions something about compatibility with Vista? Even though the program never actually launches, maybe it recognizes Avast as a competing AV for resources and disables it?
If I uninstalled Avast, I bet that would eliminate the Normal Startup problem. I can always reinstall it.
I will run what you requested and post the logs immediately.
Regards,
Panda
Reply With Quote
  #15  
Old 05-30-08, 13:39
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

Here are the logs:
As far as improvement, the computer is better but not performing as it should. Of course, it is Vista, so you never know what is going to cause it to freeze up.
Oh, that start up program from McAffee I mentioned was Spamkiller, and should have nothing to do with affecting Avast.
Attached Files
File Type: zip MGlogs.zip (54.4 KB, 1 views)
Reply With Quote
Sponsored links
  #16  
Old 05-30-08, 22:31
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,381
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: Vista machine w/mediaplex

Quote:
Originally Posted by Bad Panda View Post
As far as improvement, the computer is better but not performing as it should.
You are going to have to be alot more specific. What are you comparing it too? And exactly what are the problems you are experiencing.

I suggest that you uninstall SUPERAntiSpyware now since we don't need it anymore. You don't have any malware.

Also uninstall Avast antivirus now. Then reboot. After reboot, do the below.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Quote:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avast!]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000
Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now reinstall Avast.

Now please download and use the current version of MGtools and attach a new log. It gives us some additional info that may be helpful.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #17  
Old 06-02-08, 11:03
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

My complaint about Vista performance on this machine is most likely caused by the hardware/operating system, not necessarily by any malicious software.
Registry edit went flawlessly.
With Avast removed I was still not able to put into NORMAL startup mode. I installed AVG instead of AVAST to see if there was a difference; there isn't.
Included is the log.
Reply With Quote
  #18  
Old 06-02-08, 12:17
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,381
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: Vista machine w/mediaplex

Quote:
Originally Posted by Bad Panda View Post
I installed AVG instead of AVAST to see if there was a difference; there isn't.
I really did not want you to install anything else at this time. I wanted to see if any applications are getting in the way. Installing AVG just complicates things. Please uninstall AVG if still installed and then get a new MGlogs.zip file and attach it. You forgot it last time anyway but I want one with no antivirus applications installed.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #19  
Old 06-02-08, 13:10
Bad Panda Bad Panda is offline
Private First Class
 
Join Date: Sep 2007
Posts: 92
Thanks: 5
Thanked 0 Times in 0 Posts
Default Re: Vista machine w/mediaplex

That's the 3rd time I've uploaded the log and it hasn't gone through. It did show in the post when I sent it...bizarro.
Anyway, NORMAL mode is functioning now. Here are the updated logs (hopefully.)
Attached Files
File Type: zip MGlogs.zip (100.4 KB, 3 views)
Reply With Quote
  #20  
Old 06-02-08, 22:33
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,381
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: Vista machine w/mediaplex

Okay so now that you can boot in normal mode are you having any real malware issues?

If not then reinstall your antivirus program and then continue on with the below.

If you are not having any other malware problems, it is time to do our final steps:
  1. You can uninstall SUPERAntiSpyware now.
  2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
  3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\cf" /u
      • Notes: The space between the cf" and the /u, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    • Delete the C:\cf folder from combofix.
  4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
  5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
  6. If we had you run Avenger, you can delete all files related to Avenger now.
  7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  8. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  9. Go to add/remove programs and uninstall HijackThis.
  10. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
  11. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  12. After doing the above, you should work thru the below link:
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
New HijackThis log from a Vista machine vectrex2k4 Malware Removal 1 05-07-08 21:17
Installing XP on a Vista machine natetaylor1435 Software 9 03-03-08 16:45
Problem sharing file on a Vista machine franklyorange Hardware 3 02-28-08 00:22
Adrevolver, Casalemedia, Mediaplex, Zedo Jud149 Malware Removal 6 12-14-06 12:10
help with altfarm.mediaplex.com/ad/ck/ tbarr Malware Removal 3 03-13-06 16:18


All times are GMT -5. The time now is 05:17.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger