Some Help please

Welcome to Major Geeks!



You need to attacht the other log files that were requested in the READ & RUN ME. Attach the logs from the below:

• SUPERAntiSpyware
• Malwarebytes Anti-Malware
• MGtools (this is the C:\MGlogs.zip file as stated in the instructions).

Note that UiPopupHidden may not have anything to do with malware. It may be from some software you have installed. In fact it may be related to the security suite that you installed from your ISP.

 

You need to attach the C:\MGlogs.zip file which is supposed to contain 6 logs. If it does not contain 6 logs, you did not get it to run properly. Thus you will have to run it again and make sure you let it finish running.

But note what I already stated, your popup message is most likely due to the software you install from your ISP.

 

No it was just one file that you were supposed to attach. The C:\MGlogs.zip file as requested in the procedure. These 6 logs are already inside of the ZIP.

At anyrate it does not matter. Your logs are clean. As I stated a couple times already. You are not having malware problems. The popup you are referring to is related to the software you got from your ISP.

You do need to uninstall the below as requested in the READ & RUN ME in step 1:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Viewpoint Media Player

Now we need to cleanup some items from running ComboFix.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix.
4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
8. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

No! It was installed while using MGtools. It has nothing to do with ComboFix.

Odds are they will not be able to help you anyway and will more than likely just tell you that you have malware because they will not really know what the problem is.

It is not a hijacker and it is not a security problem. It is an issue with how the security software that you got from your ISP is being shutdown/terminated when Windows is shutdown.

 

You're welcome.

Either live with it or see if uninstalling all the software you installed from your ISP will fix it. It may or may not. I see all of the below which is from your ISP. I'm not sure it you have just one main program that will uninstall everything or not. I'm just listing what I see:

Authentium AntiVirus SDK - 2
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Virgin Broadband advisor 1.5.14
Virgin Broadband PCguard

This is not a malware problem so you will have to decide how you wish to address it.

 

This is not a malware problem and we really should not be working it in this forum; but here is what I suggest that you do.

Uninstall ALL of their software!!!!! And then attach a new log from MGtools so I can verify that it all was removed. I will then give you some free tools to use to replace the antivirus, antispyware, and firewall.

 

WHY??? Everyone is going to tell you that those logs do not belong there. They are going to tell you to post in the Malware Forum. I already told you what I believe the problem is and what to do. You are supposed to be attaching the MGlogs.zip file and only this file here in this thread not in a new thread in the Software Forum. Please attach the correct log here now. I know I said it was not a malware problem, but I did give you something to try. Also note this problem is know to occur with certain ISP software. See another example here:http://www.castlecops.com/pstp372446-.html

Are you still having that popup at shutdown after uninstalling all of that software?

 

Yes but I also said

And in addition why do you keep posting the individual files rather than the MGlogs.zip file that is requested. You don't need to look in the C:\MGtools folder unless we ask you to do so.

So then as I stated, the problem was due to your ISPs software.

You need to work thru the below now to get yourself properly protected:

How to Protect yourself from malware!

 

That is what we asked for.

Yes and that is why I gave you the link in messages # 18 & 7.

 

Yes you can just use the steps given for removing it in message # 7.

 

You're welcome. Surf safely!

 

Don't delete anything we did not ask you to delete. Thumbs.db is a Windows system file. You just did not see it in the past because you had files hidden. Now after running the READ & RUN ME, you don't have anything hidden which is better because you do not give malware an easy place to hide. If it bothers you that much, then undo those steps in the READ & RUN ME step 1 or just use the below registry patch to set things back to default.


Copy the bold text below to notepad. Save it as hide.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

You're welcome. Surf safely!