getting popups in Firefox

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.

• Do not assume that because one step does not work that they all will not.

Notes:

1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

Just attach the logs when you are finished.

 

You should be doing what I already asked you to do if you want to get this properly and completely removed.

 

Unlikely unless you have very little on this PC. Most people do not realize what a proper reinstall will entail especially if you want to make sure that malware does not survive the reinstall.

It's your choice on what approach you prefer to take.

But a new install involves more than you may think. Especially to get back to a level of where your system is at. You have to consider all of the below:

• you have to backup all you own data, settings, configurations etc and first you have to know what/where all of these are. And you have to have the medium (burnable media, second hard drive, tape drive [yuck] )
• then you must make sure you have the necessary disks to reinstall not just your OS but all other software you use especially protection before going online
• then delete your partitions, recreate partitions, format, reinstall the OS
• now reinstall all your software especially protection
• get online (requires some setup and config that novices have problems with)
• download updates for OS
• download updates for protection software
• download updates for all other software
• tweak all software back the way you like it. Including Desktop settings, icons etc.
• create all the folders that you use for everything in your normally routines
• re-load from your backups to get data back, to get settings, Favorites,.....etc back
• now over the next two weeks you will realize that you forgot to backup some stuff and also you will keep finding something else that you need to reinstall.

 

I need the log.

I also need the log from ComboFix.

I cannot help you without the MGlogs.zip file. If you do not think you need anymore help, then just do the below.

Now we need to cleanup some items from running ComboFix.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix.
3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

I repeat!

 

I'm not sure what you think is so critical in the logs but you can email it to me at majorgeeks.com. Do realize that any fixes that I may need to post (assuming anything needs to be fixed) will contain info from those logs.

 

The log is totally incomplete. You need to run MGtools again and make sure you accept the HijackThis license agreement and that you allow it to finish running.

Also it looks like you are getting errors while running it. See the error messages and fixes on the using MGtools download page.

 

The new log you sent me is complete and there are no remaining malware issues to be concerned with. There was also no reason to worry about attach your logs in the forum as I saw nothing to worry about in the logs.

You should however attach the below SUPERAntiSpyware log as you ran in multiple times and perhaps this would address your statement about it breaking one of your programs:

Code:

"C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~2.log  Aug 28 2008       36067  "SUPERAntiSpyware Scan Log - 08-28-2008 - 20-21-15.log"

And you are correct that ComboFix appears to have removed some files and registry keys from ZoneAlarm Security Suite. I'm not sure why it would do this as I have not seen it do this before.

 

You're welcome but I still recommend that you attach that SAS log so that they can look at it to see if they are deleting something they should not be.