Finished Read Me First -- is Computer clean?

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.

 

You are running more than once anti virus which is never a wise idea! You have both of the below installed, you need to uninstall one of them beforre we continue.

1. Avira AntiVir Personal - Free Antivirus
2. McAfee SecurityCenter

Also Ad-Aware SE Personal is out of date and ineffective now so you might as well uninstall that as well.

What are these files seen directly on the root folder of your Windows Boot drive?

• C:\)(2).DLL
• C:\A(2)

Important Notice: A new version of SUPERAntiSpyware is available.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this log later.

Now use windows explorer to find and delete the below bold folder, remnants from Viewpoint Media:

Go to TDSSKiller and Download TDSSKiller.zip to your Desktop

• Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
• Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -v

• Follow the instructions to type in "delete" when it asks you what to do when if finds something.
• When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Be sure to let me know how the machine is running now. Are you still experiencing redirects?

Don't forget to attach the new log from SAS.

 

Yes and answer my questions about those files. we'll deal with Mcafee after if you wish to ditch it.

 

Do you see the TDSSKiller.exe file on your Desktop? If not, then you did not extract the file to your Desktop. The EXE file itself must be right on your Desktop and not anywhere else, not even in a folder that is on the Desktop.

 

To get rid of Mcafee:

Please go to Add/Remove programs and uninstall the following software:

• McAfee SecurityCenter

Use the Mcafee Removal Tool:

Please download the McAfee Consumer Product Removal Tool

Run this > Reboot your machine > and Run it again to get rid of remnants of McAfee.

Delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).

• C:\Documents and Settings\Owner\Local Settings\temp
• C:\WINDOWS\TEMP

Use windows explorer to find and delete the below remnants from viewpoint media.

• C:\Program Files\Viewpoint
• C:\Documents and Settings\All Users\Application Data\Viewpoint

How is the machine behaving? If you are no longer having any malware issues then I will be giving you final steps soon.

 

I believe so yes. You can always check in software if unsure.

Yes. You will need a third party firewall installed on both machines.

They're legit do not worry.

No worries, you're welcome Safe surfing.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

It was still installed and should have been uninstall while running step 5 of the READ & RUN ME.

 

Not really. More of a reminder to Kestrel13! that is was installed and showing in your logs and should have been uninstalled before deleting files and folders.

Yes AOL is constantly reinstalling this junk that no one wants, needs, or uses without asking permission. Anytime you install or update any AOL software (including AIM) they will likely force this down you throat. So just keep an eye out for it, and periodically you will just have to uninstall it until you dump all the AOL software which is highly recommended.

 

:-D As I stated before, highly recommended.