I did the read me run me first and still nothing

Discussion in 'Malware Help (A Specialist Will Reply)' started by YOURCONNEXX, Feb 9, 2010.

  1. YOURCONNEXX

    YOURCONNEXX Private E-2

    Im having the problem where my browser is being redirected and i cant get into safe mode using f8 during start up. i can run Super anti spyware and malwarebytes BUT I CANT run combo fix. combo fix just tries to load up for about 5 minutes and then just goes away. i did the bit defender online scan and it even admitted my pc was still infected. it found and removed 19 threats tho

    here are my latest logs ... and the combofix log is from 2 6 2010 ... it was before this infection tho. i just uploaded it because maybe it can help. like i said earlier, i ran super antispyware but it found nothing. i can run it again and give you the log if you want. thanks in advance to anyone that can help
     

    Attached Files:

    YOURCONNEXX, Feb 9, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Feb 10, 2010
    #2
  3. YOURCONNEXX

    YOURCONNEXX Private E-2

    yeah i read it ... i may have gotten it from turbo tax home and business. but actually i think it happened before that. i got an automatic windows update back in late oct. it crashed my whole windows, and i just went to the recovery console and started over. so ever since then ive turned off automatic updates but i never did reinstall avg 8 (its avg 9 now tho). i didnt even have my firewall on ... i just wanted to get back up to speed with my drivers and everything

    those logs in my first post are from yesterday morning. when i ran the scans, i didnt restart because i was running late for work. i ran all the scans (except bit defender, which you guys didnt ask me to run) again last night. malware bytes detected nothing this time .. but here are the logs

    there is no combo fix log because combofix wont run. im amazed that they've actually found a way to defeat combo fix. i didnt think it would ever happen

    thanks for your help and your time. i really appreciate it
     

    Attached Files:

    YOURCONNEXX, Feb 10, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to run CCLeaner and then make sure this folder is empty:
    C:\Documents and Settings\Compaq_Owner\Local Settings\temp\

    Uninstall your old Java:
    J2SE Runtime Environment 5.0 Update 17"
    J2SE Runtime Environment 5.0

    Now tell me if you know what these are:
    C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\MXoRr4K
    C:\32788R22FWJFW
    C:\32788R22FWJFW.0.tmp
    C:\32788R22FWJFW.1.tmp
    C:\WINDOWS\system32\aasboc.dkt
    C:\WINDOWS\system32\aascud.dkt
    C:\WINDOWS\system32\aascyc.dkt
    C:\WINDOWS\system32\aascyd.dkt
    C:\WINDOWS\system32\aaselc.dkt
    C:\WINDOWS\system32\aaslia.dkt
    C:\WINDOWS\system32\aasmaa.dkt
    C:\WINDOWS\system32\aaspla.dkt
    C:\WINDOWS\system32\aaspyd.dkt
    C:\WINDOWS\system32\assspd.dkt

    You can right click each to try to get a clue, but if you don't know, delete them.

    What issues are you now still having?
     
    TimW, Feb 11, 2010
    #4
  5. YOURCONNEXX

    YOURCONNEXX Private E-2

    im still being redirected (mainly if i do a google search)
    havent seen any pop ups yet
    cc cleaner didnt clean out the temp folder completely ...... there were still alot of txt files and one dll file named Iadhide5
    Iadhide5 and like one or two of the txt files cant be deleted manually (access denied or file is in use by another program message)

    i havent restarted yet to see if i can get into safe mode yet tho ... ill try it and let you know the result
     
    YOURCONNEXX, Feb 11, 2010
    #5
  6. YOURCONNEXX

    YOURCONNEXX Private E-2

    ok

    started my pc up this morning.
    still cant get into safe mode
    so i just came into windows normally ... opened up IE to come to this forum, i got three or four pop ups already.
    i wont try to rerun any scans or try to run combo fix ... ill just wait for your next instruction
     
    YOURCONNEXX, Feb 12, 2010
    #6
  7. YOURCONNEXX

    YOURCONNEXX Private E-2

    wow ... i just noticed that the virus corrupted malware bytes. the icon turned into that windows default icon with the blue top and white backdrop. so i double clicked just to see if it could get to the welcome screen, and sure enuff malware bytes will not load up
     
    YOURCONNEXX, Feb 12, 2010
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please do this:

    * Please download TDSSKiller to your Desktop
    * Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    * Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -v

    * Follow the instructions to type in "delete" when it asks you what to do when if finds something.
    * When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\TDSSKiller log
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Feb 13, 2010
    #8
  9. YOURCONNEXX

    YOURCONNEXX Private E-2

    well after the reboot ... im no longer getting redirected. i got like two pop ups which is way less than before. my pc isnt moving so slow anymore at start up either. still havent tried to go to safe mode tho. but the way my pc restarted i dont think it will go into safemode. its still showing the set up menu for like 3 seconds before it goes into windows ( by set up menu i mean the screen that pops up when you press f8 and it asks you if you want to go to safe mode etc etc or start windows normally. it goes to that screen and at the bottom it says "windows will start normally in: 25 seconds [and continues to count down] but it goes to normal windows in about 3 seconds anyway, and never finishes the countdown)

    the logs are attached
     

    Attached Files:

    YOURCONNEXX, Feb 13, 2010
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good, we are making progress.

    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract+ avenger.exe from the Zip file and save it to your desktop

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    * Run avenger.exe by double-clicking on it.
    * -Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\Avenger.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Feb 15, 2010
    #10
  11. YOURCONNEXX

    YOURCONNEXX Private E-2

    i havent done the latest step u have given me yet. i came in from work today and tried to sign up for free webhosting before i went on to continue ur instructions. the host requires that u browse with mozilla firefox (because it supposedly has a control panel not compatible with IE) so i download mozilla from mozillas home page, install it and then open it. i go to google (in mozilla) to find the webhost instead of typing their address in manually. so google brings up the link to their site, i click on it and BOOM!!! i get hit with all kinds of spyware, programs downloading themselves, my desktop background got changed and now says "your machine has been infected", and to top it off my pc now restarts outta no where!!!

    so i put it in safe mode (which is where it is now) and the spyware is still running. but my pc is not connected to the internet. its still in safe mode and hasnt restarted by itself yet.

    im going to attempt to go to windows normally and continue to your next step. but this is crazy. im tempted to run combo fix in safe mode. ive never had a virus this bad ..... smh

    by the way im on my laptop as of now
     
    YOURCONNEXX, Feb 16, 2010
    #11
  12. YOURCONNEXX

    YOURCONNEXX Private E-2

    well ... i started to do the instructions you gave but i never got past the hijack this part (which is the first action in your instructions)

    none of the lines you gave me were on there. there are similar lines, but no exact matches to the lines u said. ill just let you see the log that im faced with.

    maybe this latest attack changed things or something. i appreciate your help, so im not gonna do anything u didnt ask me to. since the lines on hijack this arent the same as your post, ill just wait for further instruction

    oh yeah the name of the program that installed itself on my pc is SECURITY ESSENTIALS 2010. Thats the attack from my previous post
     

    Attached Files:

    YOURCONNEXX, Feb 16, 2010
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Just skip the previous fix that TimW gave you and run this one instead.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Now download LSP - Fix

    Run LSP-Fix.

    Check the Box labeled "I know what I'm doing" and then click on the helpers32.dll file (in the “Keep” section) to select it.

    Then, Select the >> button to move helpers32.dll into the Remove section.

    Now, click the Finish Button. When the Repair Summary box appears, click OK.
    If it is already in the Remove section, just click Finish.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
    O2 - BHO: (no name) - {c64ddb28-b756-440b-98e0-3d625b047c36} - peyumupo.dll (file missing)
    O4 - HKLM\..\Run: [siretikaf] Rundll32.exe "c:\windows\system32\tinonere.dll",a
    O4 - HKLM\..\Run: [lijojajaho] Rundll32.exe "jiwofehu.dll",s
    O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
    O4 - HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
    O15 - Trusted Zone: http://*.buy-security-essentials.com
    O15 - Trusted Zone: http://*.download-soft-package.com
    O15 - Trusted Zone: http://*.download-software-package.com
    O15 - Trusted Zone: http://*.get-key-se10.com
    O15 - Trusted Zone: http://*.is-software-download.com
    O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
    O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
    O21 - SSODL: ditowoyij - {c7e8d4cf-9e71-4e44-a71d-41d78aec4c24} - c:\windows\system32\tinonere.dll
    O22 - SharedTaskScheduler: gahurihor - {c7e8d4cf-9e71-4e44-a71d-41d78aec4c24} - c:\windows\system32\tinonere.dll

    After clicking Fix, exit HJT.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Feb 16, 2010
    #13
  14. YOURCONNEXX

    YOURCONNEXX Private E-2

    ok i ran your procedure.

    everything ran pretty much as you said. but when i ran hijack this, the following werent on the log
    im assuming that one is windows messenger and the other is the file we removed with LSPfix

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O10 - Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll

    after running avenger, i got a check fat screen for drive k. im thinking that probably was my
    digital camera.(i was using it as a flash drive to put the files u just gave me so i didnt have to connect
    my infected pc to the internet again. last time it was connected it would reboot at random times)

    so after the reboot, i got quite a few "error loading dll" messages

    error loading jiwofehu.dll
    error loading c:\windows\system32\tinonere.dll
    the specified module could not be found

    and quite a few of these too

    windows - no disk
    exception processing message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c


    ccleaner ran god
    getlogs.bat ran well too

    i cant change my desktop background tho, its just a green background with a black square that says
    "YOUR MACHINE IS INFECTED"


    All the constant pop ups and warning messages from security essentials are gone tho
     

    Attached Files:

    YOURCONNEXX, Feb 17, 2010
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please don't rename and save copies of older MGlogs.zip files. It is not necessary nor desirable because our cleanup process will not find them later. RE:
    Code:
    "C:\"
1stmgl~1.zip  Feb  9 2010      138010  "1stMGlogs.zip"
2ndmgl~1.zip  Feb 13 2010      140828  "2nd MGlogs.zip"
    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {c64ddb28-b756-440b-98e0-3d625b047c36} - peyumupo.dll (file missing)
    O4 - HKLM\..\Run: [siretikaf] Rundll32.exe "c:\windows\system32\tinonere.dll",a
    O4 - HKLM\..\Run: [lijojajaho] Rundll32.exe "welatili.dll",s
    O21 - SSODL: ditowoyij - {c7e8d4cf-9e71-4e44-a71d-41d78aec4c24} - c:\windows\system32\tinonere.dll (file missing)
    O22 - SharedTaskScheduler: gahurihor - {c7e8d4cf-9e71-4e44-a71d-41d78aec4c24} - c:\windows\system32\tinonere.dll (file missing)

    After clicking Fix, exit HJT.

    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Feb 18, 2010
    #15
  16. YOURCONNEXX

    YOURCONNEXX Private E-2

    still got those same errors after the avenger reboot. not as many this time tho ... didnt get the dll errors tho. my background is still the same, the green background with a black box that says " your machine is infected"

    got the logs tho

    once again i really appreciate the help
     

    Attached Files:

    YOURCONNEXX, Feb 18, 2010
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You missed the below that I asked you to fix.


    O4 - HKLM\..\Run: [lijojajaho] Rundll32.exe "welatili.dll",s


    Run the fix again and don't miss anything. Then attach new logs.
     
    chaslang, Feb 18, 2010
    #17
  18. YOURCONNEXX

    YOURCONNEXX Private E-2

    i must have deleted something else then because im sure hijack this wanted me to confirm that i wanted to delete 5 items

    i went back and erased the file tho ... still the same as my last post, but here are the logs
     

    Attached Files:

    YOURCONNEXX, Feb 18, 2010
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay, HijackThis is not deleting it. We will have to do this differently.

    Also a question, why is this PC being used with no protection??



    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Feb 18, 2010
    #19
  20. YOURCONNEXX

    YOURCONNEXX Private E-2

    well what happened was i got an automatic windows update that ruined everything back in late october. all my pc would do is go to the boot screen and then resart. so i did a system recovery to get all my files, then i did another one to just start all over again. little by little i was getting my programs etc back on to my pc. i never did reinstall avg tho, which is what i was using before the crash. i cant remember what site i was on but when i first started seeing symptoms in december. i ran ur read me run me first and everything seemed to go away. so i continued on for a little while longer and here i am today.

    i did the latest steps. still getting the error messages at start up but the "your system is infected" background is gone. now its just a blue background but it cant be changed in desktop/right click/ properties. it has some kind of html or internet file called "warnings" in the selection area. but everything is greyed out except for the color option

    here are the latest logs
     

    Attached Files:

    YOURCONNEXX, Feb 18, 2010
    #20
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There is no reason showing for getting any error message now at startup. At least not based on the logs you just attached. However there is still something hiding because Avenger cannot delete a particular file which means something is protecting it.

    Please reboot your PC into safe mode and see if you can run ComboFix. Then reboot into normal mode and attach the log from ComboFix. Also if you get any error messages at startup, tell me exactly what they say.
     
    Last edited: Feb 18, 2010
    chaslang, Feb 18, 2010
    #21
  22. YOURCONNEXX

    YOURCONNEXX Private E-2

    didnt get any error messages, and the desktop is back to normal

    right now all my icon are highlighted blue tho. even if i click one they all stay highlighted. i dont know if that means anything. maybe it will go away during the next restart. i can navigate thru the icons normally tho

    oh yeah when i went into safe mode it didnt load up the same. usually it put a whole bunch of coding up on the screen but this time it had a status bar type deal ... but it did go into safe mode at a normal speed with no problems
     

    Attached Files:

    YOURCONNEXX, Feb 18, 2010
    #22
  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    ComboFix helped us find many more hidden items and it removed a few already. But more remain. See if you can do the below in Normal Boot mode. If not, do it in safe mode.

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now at this point, make sure you are in normal boot mode before continuing.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Feb 18, 2010
    #23
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try the below.


    To fix a problem where your Desktop icons are all highlighted in blue (like they are selected):
    • Right click My Computer and select the Advanced tab.
    • Under Performance area, click Settings.
    • In the Performance Options dialog box, make sure the second to last option which is called Use drop shadows for icon labels on the desktop has a check mark on it. Then click Apply.
    • This should remove the blue Highlighted Icons effect which makes them all look like they are selected.
     
    chaslang, Feb 18, 2010
    #24
  25. YOURCONNEXX

    YOURCONNEXX Private E-2

    things are looking pretty normal. combofix didnt have any problems. i dont see anything out of the ordinary. so i guess u would know better if there's anything
     

    Attached Files:

    YOURCONNEXX, Feb 18, 2010
    #25
  26. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean. Now you need to finish ALL of the below quickly so that you get properly protected which is covered in the link.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Feb 18, 2010
    #26

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds