view.atdmt.com, bane of my existence.

Welcome to Major Geeks!

Is this a Dell PC? If yes, you more than likely have something like Browser Address Error Redirector or URL Assistent (or something like this) installed and they could be the cause of your problems. Before I bother having you run our full malware cleaning process, please run MGtools per the instructions in the below link and then attach the MGlogs.zip file that is requested.

Using MGtools

 

You log is too incomplete to be useful. Shutdown Avast which has false detection issues with MGtools and run it again. Then attach the new MGlogs.zip file. Make sure you let it finish running.

 

Your logs are still incomplete but one log shows that Avast was still running and it is probably the reason why MGtools.exe is not running properly. It is not even expanding all the files it needs into the C:\MGtools folder. You need to get the Avast's protection shutdown and then run MGtools.exe. If you try again and the MGlogs.zip file is still only about 13K in size, that means it did not run properly.

You could also try booting into safe mode and running MGtools which may help to bypass some of what Avast is doing.

 

This is a company/work PC and people are playing all these games on it???????


Looks like you have at least one malware item trapped in MSconfig. I'm not sure this has anything to do with why you are having the problems you mentioned though. However we need to run a full cleaning process in order to verify. So please run the below in Normal Boot Mode and make 100% sure that you are not using MSconfig to control any startups as you will see requested in step 1 of the below.

READ & RUN ME FIRST. Malware Removal Guide

Note: When you get to the MGtools step, do not download and run MGtools again. Just do the below which will create a new log.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• SuperAntiSpyware log
• Malwarebytes log
• C:\ComboFix.txt
• RootRepeal log
• C:\MGlogs.zip

 

Please try again. Use another PC to download it if necessary. Also make sure you have shutdown Avast since it is frequently getting in the way of malware removal by interferring with valid programs like ComboFix and MGtools. In fact, it may even be better to uninstall Avast for now to make sure it is not causing us problems. It has cause enough problems already for MGtools.

Also DO NOT delete previous MGlogs.zip files like you did. The program will automatically overwrite what it needs to in the ZIP file. I know you deleted it because at least one log that was in it previously is missing now.

Your problems may not be malware. It could be something setup on the PC like a firewall or similar that is blocking access to certain websites, cookies, or advertisements.


Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
• It will create a folder named HostsXpert in whatever folder you extract it to.
• Run HostsXpert.exe by double clicking on it.
• Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
• Click Restore Microsoft's Hosts File and then click OK.
• Click the X to exit the program

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080107
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080107
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

After clicking Fix, exit HJT.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\temp
C:\Documents and Settings\Travis\Local Settings\temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Not sure how you think the info will get compromised or what you think is so revealing. We can delete all of your logs when finished, but if you ever come back to discuss anything related to what we did on this PC, all our history and info will be gone and we will not be able to help you.

You did not address my request about trying ComboFix again but if you are sure everything is working okay and you do not need anymore help then don't bother running it. Just tell me that everything is still fine and I will give you final instructions.