Redirects and pop-ups

I've been getting a lot of redirects and pop-ups (even on your site; pop-up windows for Bing, by "Vibrant") Could it be FsUsbExService.Exe? I think this process just showed up recently. I checked through the various processes running under Task Manager and that was the only one that seemed really suspicious.
Anyway, I ran through the Malware Removal Procedure. Only problem was ComboFix caused a crash(?!) I don't think it created a log before the crash..if so, I can't find it.
I'm attaching the other logs.
Thanks much!

P.S. This is my first post because up until now I've been able to solve any problems just by following your GREAT guides/instructions!

 

Welcome to MajorGeeks!

You missed this step. Updating Sun Java


Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.



Now try running ComboFix again. Please download a new copy first. http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Ran thru all the steps (sorry - I'd initally skipped the Sun Java part cause it didn't sound like a program I had - duh).

All went well until I ran Combofix. It crashed Windows again. It makes it thru all 50 stages then goes to the blue screen of death with the message "BAD_POOL_HEADER" ??

Thanks for helping!

 

Please run the C:\MGtools\GetLogs.bat file by double clicking on it. Attach the new C:\MGlogs.zip file that will be created.

 

Here it is...

 

Did you completely turn off Windows OneCare?

Windows OneCare is soon to be discontinued by Microsoft. They have replaced it with Microsoft Security Essentials. I do suggest switching as soon as possible.

I'm not seeing anything in the other logs and am not sure what's stopping ComboFix.

Turn off your antivirus and firewall.

Copy the below red text.

"%userprofile%\desktop\combofix.exe" /killall

Go to Start > Run > then paste in the the text you copied into the run box then click OK

ComboFix should now run. Please post the log it creates.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

If that does not work try running it in Safe Mode.

 

I turned off both the anti-virus and firewall in WindowsOneCare. The icon is still in the system tray (not sure how to get rid of it). Is that a problem? What if I added ComboFix to WindowsOneCare's "allowed programs"?

I have a network router connected to this computer... but when I check Network Connections, it "knows" the firewall is turned off.

Also, I have SuperAntiSpyware, but it's not set to "enable real time protection".

Running Combofix with the "red text" command didn't work (another blue screen - "Bad_Pool_Header"). And when I tried to run it in Safe Mode, it couldn't find ComboFix.

Whenever I reboot after a crash I "send an error report" to Microsoft just for the heck of it. The Windows Error Reporting page has been telling me to "troubleshoot a problem with a driver device". The last time I "sent" a report they said it was a "corrupted error report"...?!
Nearing major crash time???

I haven't yet tried to use System Restore, to go back a couple weeks... should I?

Thanks- and sorry for the trouble!

 

Is that the entire error message?

 

No - here it is (link: http://wer.microsoft.com/responses/...SGD=49473ef3-ee0e-4545-8be1-93d87c7f9d13#here )

Corrupted error report
Unfortunately, the error report you submitted is corrupted and can't be analyzed. Corrupted error reports are rare. They can be caused by hardware or software problems, and usually indicate a serious problem with your computer.

To troubleshoot this problem, follow these steps:

Scenario 1: Click here if this is the first corrupted error report for this computer

Note any programs you have recently added your computer. To check for recently added programs:

Click Start, click Control Panel, and then click Add or Remove Programs.

In the Sort by drop-down box, select Date Last Used, and then select Show updates.

The Last Used On date typically shows when you installed a program. If you installed an update to a program, you will see an Installed on date.

Note any hardware you have recently added to your computer, including random access memory (RAM), video cards, sound cards, or hard drives.

Make sure that you have a good backup copy of your files. To make a backup of your files, you can use Backup or Restore Wizard.

To start Backup or Restore Wizard:

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup.

Follow the wizard to back up your files.

Scenario 2: Click here if the corrupted error reports are persistent on this computer

Note any changes made to your computer, including both hardware devices and software programs, that preceded the onset of crashes and persistent error reports.

To check for recently added programs:

Click Start, click Control Panel, and then click Add or Remove Programs.

In the Sort by drop-down box, select Date Last Used, and then select Show updates.

The Last Used On date typically shows when you installed a program. If you installed an update to a program, you will see an Installed on date.

Run any diagnostic tests supplied by the hardware manufacturer to verify that recently added hardware devices are operating properly. This is especially important if you recently added or changed random access memory (RAM) in your system. New or changed memory should also be tested with the Windows memory diagnostic test after using the manufacturer's test.

If there are recent software changes to your computer, you can use System Restore to restore your computer's system files to an earlier point in time. This provides a way to undo system changes to your computer without affecting your personal files, such as e-mail, documents, or photos.

To run the System Restore wizard:

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

Follow the directions in the wizard.

 

Hello mkwojo.

I sincerely apologize for not replying sooner. I did not get the email notification of your reply.

If you still need help please download a new copy of MGtools and attach the MGlogs.zip. Using MGtools

Also please give me a brief explanation of how the computer is running.

 

Actually, things seem to be going pretty well. Hmmm...
Maybe Combofix really fixed something before it crashed?

Anyway, I'm still wondering about using System Restore. Do you guys ever recommend it (It's saved my butt with other computers before...) ?

Thanks!

 

System Restore is good for some things but as a cure for malware it is not sufficient.

Run the MGtools scan and I will have a look at how the computer is now.

 

Here you go - thanks!

 

I don't see anything to indicate a malware issue. But there are some things to take care of.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.



You are using Microsoft Windows Live OneCare and this is soon to be discontinued (if not already) by Microsoft so your computer is at risk.

Please uninstall everything that says Microsoft Windows Live OneCare from Add/Remove Programs. Restart the computer and then install a new antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 // MSE 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo HopSurf..", Ask.com search provider" and "Make Comodo HopSurf.com Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition



If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Note: Be sure to go to Microsoft Windows Update and get all critical security updates, including XP SP3. (you will need to use Internet Explorer to do this)