Random commercials playing on my laptop

[jayichi]

Some program on my computer is playing commercials and adds on my laptop. I have tried over and over again to download all the programs you have but they do not load up at all. I'm guessing what ever i have on my laptop is blocking the installation of the programs. I have and run CC cleaner and my own firewall program and cleaned a few thigs, but this problem still exists.

[jayichi]

OK i was able to get MGtools to work but it didnt make a .zip log for me. I am attatching the hijackthis file that it made though. I'm very sorry for not having all the logs it's just that i can't get them to work. Found a zip.exe file i uploaded it im not sure if this is what you needed from MGTOOLS

[jayichi]

sorry got ROOT repeal to work some how also

[jayichi]

last one for the night i promise (wish i could edit my posts) Found the MGlogs.zip

[chaslang]

You are WAY out of date with your copy of MGtools. You must always make sure you download and use the one linked to in the cleaning procedure. We will update it while doing the below.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Please double-click the RootRepeal.exe previously downloaded.

• Select File then Scan
• On the Select Drives form select drive C by "ticking" the box for drive C and click OK
• When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
  • C:\WINDOWS\system32\uacinit.dll
  • C:\WINDOWS\system32\UAChjochunyao.dll
  • C:\WINDOWS\system32\UACjdqpsbpmkl.dll
  • C:\WINDOWS\system32\UACkjgakmcivk.dll
  • C:\WINDOWS\system32\UAClsmowulqbi.dat
  • C:\WINDOWS\system32\UACpsabobrpjn.dll
  • C:\WINDOWS\system32\UACqjgviijyiw.dll
  • C:\WINDOWS\system32\UACyvkayvpigi.db
  • C:\WINDOWS\Temp\UACd030.tmp
  • C:\WINDOWS\system32\drivers\UACxjsykdulvy.sys
  • C:\Documents and Settings\John Lassiter\Local Settings\Temp\UACb605.tmp
• After Wiping all files, immediately reboot your pc!

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [juwidemili] Rundll32.exe "C:\WINDOWS\system32\yamiyuse.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [juwidemili] Rundll32.exe "C:\WINDOWS\system32\yamiyuse.dll",s (User 'NETWORK SERVICE')
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
After clicking Fix, exit HJT.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Quote:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SVCHOST.EXE"=-

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

Quote:

Drivers to delete:
UACxjsykdulvy.sys
uacd.sys

Files to delete:
C:\WINDOWS\system32\juzigeso.dll
c:\windows\system32\lasozodi.dll
c:\windows\system32\hisozega.dll
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\yamiyuse.dll
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\system32\UAChjochunyao.dll
C:\WINDOWS\system32\UACjdqpsbpmkl.dll
C:\WINDOWS\system32\UACkjgakmcivk.dll
C:\WINDOWS\system32\UAClsmowulqbi.dat
C:\WINDOWS\system32\UACpsabobrpjn.dll
C:\WINDOWS\system32\UACqjgviijyiw.dll
C:\WINDOWS\system32\UACyvkayvpigi.db
C:\WINDOWS\Temp\UACd030.tmp
C:\WINDOWS\system32\drivers\UACxjsykdulvy.sys
C:\Documents and Settings\John Lassiter\Local Settings\Temp\UACb605.tmp
C:\WINDOWS\SYSTEM32\DRIVERS\85F5D27D.SYS
Folders to delete:
C:\Program Files\Viewpoint

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce\approvedbyregrun2\antirepl
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce\approvedbyregrun2\antirepl\0
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce\approvedbyregrun2\antirepl\1

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\TEMP
C:\Documents and Settings\John Lassiter\Local Settings\Temp

Now try to run SUPERAntiSpyware, Malwarebytes and ComboFix per the cleaning instructions.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• the logs from SUPERAntiSpyware, Malwarebytes and ComboFix if they ran
• C:\MGlogs.zip

Make sure you tell me how things are working now!

[jayichi]

OK i have run and done almost everything you asked and everything seems to be running smooth again. I was not able to run Combofix because the link on the website wouldn't work for me. I also couldn't give you an Avenger log because after the reboot i would get the error blue screen while booting up. All of the other logs are attached as asked. Thank you very much for your help in this matter.

[chaslang]

Quote:

Originally Posted by jayichi

I was not able to run Combofix because the link on the website wouldn't work for me..

Most likely because you still did not download the current version. Try again. You also did not follow my instructions for downloading and running the current version of MGtools. Please do this properly and attach the new log.