Adzgalore Ahhhhhhhhh!

OK, so from what I can tell, Adzgalore pop-ups, seem to be an idividual fix for each computer. Can Somebody please give me some step by step instructions?

I am seriously lost on this one!

Thanks in advance for your help!!!

 

Hi mwilkens,
Welcome to Major Geeks!

Please go through the instructions in the READ & RUN ME FIRST and attach the requested logs. Usually you will find some relief from the symptoms as you work through these procedures and afterwards the logs which are produced will give us more information about what files still remain on your computer.

Thanks.
abri

 

I think that got rid of everything. What a greatly detailed guide. It takes a while, and I am really tired and have to go to work in a few hours, but I am happy with how everything worked out! Thanks!!

 

Hi mwilkens,

Glad things are working better!

At the first opportunity, maybe after you get back from work, please attach the logs which were produced by all the work you did. Then we can look at them to see if there are any files left over that need to be removed manually. If they aren't removed, all the malware can come back again. The logs we are looking for are Combofix, MalwareBytes, SuperAntiSpyware and MGlogs.zip. If you got all four to run, you'll need two posts to upload them since you can only upload three max per post.

Thanks.
abri

 

Abri,

I will do that when I get home from work tonight around 6 central time. Thanks again!

 

here are two

 

Here are the other two. When I booted up after I got home, I had another ad come up with adzgalore. I even had installed all of the stuff you recomended to protect me. Please help!!!!!

 

Hi mwilkens,

1) Please go to this folder and delete anything Windows allows you to delete:

C:\Users\matthew.wilkens\AppData\Local\Temp\

2) Go to add/remove programs and uninstall the below:

Viewpoint Media Player
MySidesearch Search Assistant Adzgalore

If you are unable to uninstall MySidesearch, please tell me.

3) Next I would like for you to run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:

O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

Does the following program need to load at startup?? If not, please fix them as well.

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

After you click fix, just close hijackthis.

4) Now run CCleaner at the default setting with the Windows tab as the top one.


5) When you've completed the above, I would like for you to go to Running GMER to detect rootkits. In your Combofix log, GMER lists two hidden files, but doesn't show what they are. It's possible they could belong to parental control features, but I would like to check for sure.


6)When you finish the above, please attach the GMER log and let me know how everything else went. Are the Adzgalore still there? If so, we will have to remove the files manually.

abri

 

Abri,

Thanks again for your help, and I appologize for my delay in my response. Attached you will find the rootkit scan on my computer. I also followed the instructions that you gave me in your last post.

I havent been getting any adzgalor pop-ups lately, but they are few since the last scans and the programs that I had installed.

Lastly, if everything looks good to you, please let me know if there is a place that I can donate for your help.

Thanks again!

 

Hi mwilkens,

No donations today, but please go through the final cleanup instructions in which we'll have you remove all the tools and logs you got on your computer from your work here. Also, we'll have you set a clean restore point, but will ask you to wait a bit to do that until it appears all is going well after the uninstallations. Here are those instructions:

abri