Advanced Defender Trojan

Discussion in 'Malware Help (A Specialist Will Reply)' started by Horseman, Feb 18, 2010.

  1. Horseman

    Horseman Private E-2

    I got a trojan called Advanced Defender. It took over my task manager and desktop, etc; told me my computer was infected. Could not start any programs to clean, SAS, CCLeaner; Mcafee crashed while installing.

    I have gotten back to my desktop, run all of the above programs. Something strange though - My Mcafee icon on the task bar is more like a police badge/sheild instead of the box with an "M" in it.

    The biggest problem I can see is a file that has attached itself to SAS.
    The file is located at:

    C:\WINDOWS\SYSTEM32\DRIVERS\KVKPLEH.SYS

    I tried to delete the file and received the following message:

    CANNOT DELETE: CANNOT READ FROM SOURCE FILE OR DISK

    I searched REGEDIT and found it here:

    SUPERANTISPYWARE.COM
    SUPERANTISPYWARE
    IN-USE-FILES

    I searched my REGEDIT on my other computers and this file was not found anywhere.

    DO YOU KNOW ANYTHING ABOUT THIS FILE AND SHOULD I REMOVE IT - IF SO HOW?

    I cannot make changes to my desktop appearance either. I think this file is causing it.

    I have disconnected this computer from the internet while I am trying to remove this trojan.
     
    Horseman, Feb 18, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read ALL of this message including the notes before doing anything.

    Please follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.
    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:
    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    chaslang, Feb 19, 2010
    #2
  3. Horseman

    Horseman Private E-2

    Started Friday eve.

    Could not complete running all steps.

    Ran SAS and Malware Bytes. Logs are attached.

    Started Combofix.
    Got error message: Real time scanner is active: mcafee.

    I had previously removed Mcafee (since I could not connect to the internet) with Add and Remove Programs. I went into Windows Explower and found:

    C:\Programs\McafeeMBOK and deleted the entire file.

    I also terminated a process called mcupdate in Task manager.

    Combofix said Mcafee was still active. I knew it wasn't Mcafee so I clicked continue. Got a dos screen then a windows pop up:

    Version_10-02-03.04
    Current date is 2010-10-19 Combofix has expired.
    Click YES to run in "REDUCED FUNCTIONALITY" mode.

    I clicked "NO" to exit.

    I had to leave for the evening.

    Sat A.M. - Started computer, checked processes in task manager. Found mcupdate_12661866.exe. I googled this could not find any reference to it on line so I stopped the process.

    I also found that I had not been running in NORMAL STARTUP, selected this and rebooted.

    Before shutting down, I got the END PROGRAM window: IAAMONITOR NOTIFY APP. It would not terminate on its own, so I terminated it.

    On reboot I got the following pop ups:

    Error loading C:\windows\system32\typ9mt6rf.dll
    The specified module could not be found.

    Error loading fedavive.dll
    The specified module could not be found.

    Then I started the XP Cleaning Procedure.

    Ran SAS Root Repeal and Malware Bytes - logs are attached.

    Combofix would not run - "Registry Editor has been disabled by your Administrator".

    Skipped Combofix.

    Started MGTools.exe. Would not run at all.

    I had installed MGTools previously and had the folder C:\MGTools.

    I will send the other Malwarebytes Scan in another reply.

    Again, I am leaving tomorrow for the Middle East. I may have to have my wife mail me her computer to continue working on it. No one else here can do it. If you can help quickly, I will be very grateful.

    Horseman
     

    Attached Files:

    Horseman, Feb 20, 2010
    #3
  4. Horseman

    Horseman Private E-2

    Here is the last Malware bytes scan log.

    As a note: When I finished SAS, I followed you instructions to repair my Network connections - still cannot connect to the internet. I currently have the internet / network cable disconnected. I don't want anything exle invading the computer.
     

    Attached Files:

    Horseman, Feb 20, 2010
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Since you already ran MGtools but it did not finish, the folder for it most likely already exists. So we can do the below.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [advanceddefender] C:\Program Files\Advanced Defender\advanceddefender.exe
    O4 - HKCU\..\Run: [McAfee Update] C:\DOCUME~1\Debbie\LOCALS~1\Temp\mcupdate_1266618666.exe /syncfin C:\DOCUME~1\Debbie\LOCALS~1\Temp\mcupdate_1266618666.ini
    O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] c:\docume~1\debbie\locals~1\temp\hgjmcv4 .exe
    O4 - HKCU\..\Run: [Remote System Protection] rundll32.exe C:\WINDOWS\system32\typ9mt6rf.dll, HUI_proc
    O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Documents and Settings\Debbie\Local Settings\Temp\smss.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O20 - AppInit_DLLs: app_dll.dll
    O23 - Service: MOBCleanup - Unknown owner - C:\DOCUME~1\Debbie\LOCALS~1\Temp\MOBCleanup.exe (file missing)

    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.



    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\TEMP
    C:\Documents and Settings\Debbie\Local Settings\Temp

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
    If you still have network connection issues, try seeing if the below is the cause:
    Proxy Server - Changing Settings
     
    chaslang, Feb 20, 2010
    #5
  6. Horseman

    Horseman Private E-2

    Thank you somuch for replying so quickly.

    Both of the logs are attached.
    ------------------------------------------------------------------
    I have copied and indicated on the files below the action taken:

    Files to delete:
    C:\Documents and Settings\Debbie\Local Settings\Temp\smss.exe (DID NOT DELETE - I DELETED AFTERWARDS)

    C:\Program Files\Advanced Defender\advanceddefender.exe (I HAD PREVIOUSLY DELETED)

    C:\DOCUME~1\Debbie\LOCALS~1\Temp\mcupdate_1266618666.exe(DID NOT DELETE - I DELETED AFTERWARDS)

    C:\DOCUME~1\Debbie\LOCALS~1\Temp\mcupdate_1266618666.ini (DELETED BY AVENGER)

    c:\docume~1\debbie\locals~1\temp\hgjmcv4 .exe (DID NOT DELETE - I DELETED AFTERWARDS)

    C:\WINDOWS\system32\app_dll.dll (DELETED BY AVENGER)

    C:\WINDOWS\system32\typ9mt6rf.dll (DELETED BY AVENGER)

    Folders to delete:
    C:\Program Files\Advanced Defender (I HAD PREVIOUSLY DELETED)

    Registry values to replace with dummy:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
    -------------------------------------------------

    My Desktop display originally came up close to normal. On the reboot, it is stll locked up an a weird shade of green. I saw in Malwarebytes in the repair section where I could "unlock" the desktop. Should I do this. I have not done anything that I have not been directed to do by you and won't!

    Also, I still cannot connect to the internet.

    My computers are all on a LAN. I have always used "Automatically detect settings" I do not know anything about "Proxy Servers" or what to put in the fields for the proxy server.

    Thanks again for all of your help!
     

    Attached Files:

    Horseman, Feb 20, 2010
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you using Netware Distributed Printing Client from Novell ?

    My question is being asked because of the below startup processes:
    O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE

    And the reason I'm asking is that files with the same size are appearing all over the place on your hard disk and they have different file names.


    You are years out of date with your version of MBAM. You need to download and install the current version given in the READ & RUN ME. Also see the link for using it which will give you a method for downloading a file for manual updates to the databases. You are a couple thousand versions (yes thousands) out of date. Run a new scan with the new version and attach the new log.

    I was not telling you to use a Proxy Server. All I was saying is that you MUST check to make sure you settings have not been changed to use one if you don't use one. Malware will change this on you to force you to go thru their server and when the malware is removed from your PC, you would then have no internet access because the Proxy setting is still in place but the malware is gone. You need to verify that this a specifically tell me that it is set properly now.

    I also suggest that you uninstall Ad-Aware 2007 which is way out of date and not very effective anyway.

    In addition, many of your startups are still infected from the Vundo infection. All of the below with the space before the .exe have been corrupted
    Now uninstall the below to help us remove some of the infections:
    Google Toolbar for Internet Explorer
    SUPERAntiSpyware


    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything inside the Code box below, and paste it into the Input script here: part of the window. Be sure to scroll all the way thru the code box to get everything.
    Code:
    Drivers to delete:
kvkpleh
kvkpleh.sys
 
Folders to delete:
C:\Program Files\Autoruns
 
Files to delete:
C:\Documents and Settings\Debbie\Local Settings\Application Data\av.exe
C:\Documents and Settings\Debbie\Local Settings\Application Data\GGru612642m
C:\Program Files\81493640.dat
C:\nwtray .exe
C:\nwtray.exe
C:\rundll32.exe
C:\rundll32 .exe
C:\Program Files\Internet Explorer\js.mui
C:\Program Files\Internet Explorer\wmpscfgs.exe
C:\Documents and Settings\Debbie\Desktop\nwtray.exe
C:\WINDOWS\explorers.exe
C:\WINDOWS\microsoftdefend.dll
C:\WINDOWS\Qsewo.bin
C:\WINDOWS\regp.exe
C:\WINDOWS\secureit.com
C:\WINDOWS\spoos.exe
C:\WINDOWS\system32\ES15.exe
C:\WINDOWS\system32\helpers32.dll
C:\WINDOWS\system32\OLD10E.tmp
C:\WINDOWS\system32\OLD6.tmp
C:\WINDOWS\system32\settings.dat
C:\WINDOWS\system32\warnings.html
C:\WINDOWS\system32\winscent.exe
C:\WINDOWS\system32\WORK.DAT
C:\WINDOWS\system32\drivers\kvkpleh.sys
C:\WINDOWS\Temp\f201500 .exe
C:\WINDOWS\Temp\RedboxLog.txt
C:\WINDOWS\Temp\REGSCRIPT.REG
C:\WINDOWS\Temp\SSUPDATE.EXE
C:\WINDOWS\Temp\wmpscfgs.exe
C:\Documents and Settings\Debbie\Local Settings\Temp\REGSCRIPT.REG
C:\Documents and Settings\Debbie\Local Settings\Temp\SSUPDATE.EXE
C:\Documents and Settings\Debbie\Local Settings\Temp\wmpscfgs.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run | PDVDDXSrv
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run | HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run | Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run | ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run | ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run | GrooveMonitor
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    See if you can run ComboFix now per our instructions in the READ & RUN ME.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Then attach the below logs:
    • the new log from an updated Malwarebytes
    • C:\avenger.txt
    • the C:\combofix.txt log if it ran
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Feb 21, 2010
    #7
  8. Horseman

    Horseman Private E-2

    Chas -

    Sorry not to respon sooner. I had to leave Sunday for the Navy, but due to a blood count thing in my physical, I will be home for a 10 or so more days.

    Yes, I am using a Novel product. I don't know much about it but, a company I purchansed accounting software from about 6 years ago installed it. It serves as my network hub for Quickbooks and excess storage.

    I know it has to bog me down. Quickbooks runs so slowly it's almost unbearable.

    I updated Malwarebytes and removed Ad Aware.

    Started the cleaning process - realized I wasn't in Normal Startup and started over.

    The logs are attached. I don't remember why I had two avenger logs. Seems like I did another one when I reset to start on Normal Startup. I will have to send two threads to send both avenger logs.

    The computer is running really well - a little slow on closing programs, but otherwise, it's pretty fast.

    I still cannot connect to the internet with this particular computer. I tried the Repair Internet Connection a couple of times but it didn't work.

    I can't tell you how much I appreciate all of your help!
     

    Attached Files:

    Horseman, Feb 27, 2010
    #8
  9. Horseman

    Horseman Private E-2

    Attached are the two avenger logs.
     

    Attached Files:

    Horseman, Feb 27, 2010
    #9
  10. Horseman

    Horseman Private E-2

    Chas -

    I found it! My DNS Server was not specified in the network properties. Internet connection has been restored!

    Thanks for all of your help. If I have more problems with this one, I'll let you know!!!!!:)

    Now I've got to finish the other 6 computers!
     
    Horseman, Feb 27, 2010
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's great news, but you still have work to do to finish cleaning up the damage from these infections.

    First download and save the current version of combofix.exe to your Desktop overwriting your old version.


    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below code box into it:
    Code:
    KILLALL::
Drivers to delete:
MOBCleanup
 
RenV::
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Analog Devices\Core\smax4pnp .exe
c:\program files\ATI Technologies\ATI.ACE\clistart .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\CyberLink\PowerDVD DX\pdvddxsrv .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\HP\HP Software Update\hpwuschd2 .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\QuickTime\qttask         .exe
c:\program files\QuickTime\qttask        .exe
c:\program files\QuickTime\qttask       .exe
c:\program files\QuickTime\qttask      .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Roxio\Drag-to-Disc\drgtodsc .exe
c:\program files\Skype\Phone\skype .exe
c:\windows\system32\spool\drivers\w32x86\3\e_s4i2k1 .exe

 
Folder::
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
C:\Program Files\SUPERAntiSpyware
 
File::
C:\Program Files\46031.dat
C:\WINDOWSNWLogRes.tmp
 
FileLook::
C:\WINDOWS\system32\nwtray.exe
C:\Qoobox\Quarantine\C\WINDOWS\system32\dpmw32 .exe.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\nwtray .exe.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\rundll32 .exe.vir
 
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Adobe_Reader"=-
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
"DisableNotifications"=-
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Feb 28, 2010
    #11
  12. Horseman

    Horseman Private E-2

    Attached are the logs you requested.

    Windows seems to be running fine.

    When the computer went to reboot after combofix ran, I could not log onto my network. The login screen just kept waiting and never logged in.

    I manually rebooted the computer and did not connect to the network.

    Combofix came up, finished running. I ran MGTools - GetLogs.bat file and here it is.

    Thanks again for all of your help. I didn't know I needed more help after my last thread!

    One other thing, I turned everything off in Mcafee that I could find to turn off. While Combofix was running (before the reboot), Mcafee popped up saying that it had found a trojan: GenericDownloader.x!dap

    Is this part of Combofix? I couldn't believe Mcafee resurrected itself and was running.
     

    Attached Files:

    Horseman, Mar 1, 2010
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Most likely, but I would need to know the name and location of the file. Infection names are almost worthless. I would not worry about it now. Your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Mar 3, 2010
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds