Please check my malware removal work

I ran through the recommended procedures and also ran the smitfix since previous steps mentioned Zlob.DNSChanger. Other malware mentioned...

MediaPlex
MyWebSearch

I've attached the latest MGlogs. If you want other logs just let me know.

Thanks for the help.

 

Hi mstupak,
Welcome to Major Geeks!

Please attach the logs for combofix, MalwareBytes and SuperAntiSpyware.

Thanks.
abri

 

posting requested logs

heres the logs you requested.

thanks.

-mike

 

Hi mike,

Please do the following:


1) Go to add/remove programs and uninstall the below:

- Ask Toolbar


2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


3) Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After checkkmarking them, close all your open browser windows and click on FIX:

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"


Do the following belong to programs you know or want to keep? If not, please fix them as well.


O16 - DPF: {10DE6CF7-3E36-445B-985D-07603082B36B} (FormLoader.Loader) - hxxps://forms.orefonline.com/OLF/Runtime/FormLoader_RMLS.CAB

After you click fix, just close hijackthis.



4) Download and install Erunt. Use it to create a backup of your registry.

5) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the File Type is set to "all files" Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

6) If the following folder remains, please delete it:


C:\Program Files\AskSBar


7) Now run CCleaner at the default setting with the Windows tab as the top one.

8) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Seems to be fixed.

Thanks for all your work on this forum abri. I greatly appreciate the help.

Attached is a hopefully clean MGTools log (we didnt run avenger).

-Mike

 

Hi mstupak,

Please go to C:\Documents and Settings\The Vandermeer's\Local Settings\Temp\
and delete any of the files Windows will allow you to delete.

If it won't let you delete them today, please try again tomorrow.

Then I would like for you to go through the final clean-up instructions:

abri