Scan logs??

bonezz777 · Mar 29, 2013

tdsskiller wont open,says{tdsskiller not a win32 application},by the way Hi,I'm Tim,and need some help please,I'm green,and dont even know if I sent my scan logs correctly?? thanks for any help,oh-all I have is dial-up...thanks,TimW.

chaslang · Apr 1, 2013

Welcome to Major Geeks!

You did not even tell us what problems you are having! That said, I do see some junk to remove and we will do that below.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below software:
Ask Toolbar
Please download OTM by Old Timer and save it to your Desktop.

Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Services
mfevtp
 
:Files
C:\Program Files\SearchPredict
C:\Program Files\PricePeep
C:\Documents and Settings\User\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\User\Application Data\DefaultTab
C:\Program Files\Ask.com
C:\Program Files\Common Files\McAfee
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\hpwebreg_CN2B828HM205D2.job
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\temp\*.*
C:\Documents and Settings\User\Local Settings\temp\*.*

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"HP Software Update"=-
"ApnUpdater"=-
[HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\run]
"MSMSGS"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E32D05F6-B1BB-4F2F-A045-042144FCD2E0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"=-
"{DAB35D68-1CDC-4375-8333-D7BBCEE3C0A0}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{0FB24E1F-D247-4F4E-8DDD-9E18EA10829F}"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A30A15D3-F98E-4F8B-9B31-FD9F99D9FFEA}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FC956EF3-5FEE-4D53-9E31-CA55B450CECA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PricePeep.PricePeepBho.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PricePeep.PricePeepBho]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}]
[-HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PricePeep.PricePeepBho.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PricePeep.PricePeepBho]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep]
[-HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\Software\AppDataLow\Software\PricePeep]
[-HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Ask.com\Updater\Updater.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]
[-HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\Software\Ask.com]
[-HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\Software\AskToolbar]
[-HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
[-HKEY_USERS\S-1-5-21-1606980848-926492609-1177238915-1003\Software\Softonic]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
) and choose Paste.
Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

the C:\_OTM\MovedFiles log
C:\MGlogs.zip

Make sure you tell me how things are working now!

bonezz777 · Apr 1, 2013

Re: MovedFiles/MG logszip

Thank You for responding;I've Probably messed up life as we know it? But here goes;What's happening is:freeze ups/slow/hang-ups/rerouts some times/error msgs/[expl] page cannot be found,cannot display web page..??spyware?maleware?virus? or just a bunch of Junk???-or-Reg.errors..I Know the WORK Y'all do is hard and time consumming,and I thank Y'all very much for any assistance,"I only have Basic[very little] knowledge of a coputer and it's funtuions; Once I erased my whole comp. some how?? Ihope I done this right this time..Thanks,TimW.

chaslang · Apr 1, 2013

Re: MovedFiles/MG logszip

You're welcome.

You are doing a bunch of things on your own that I did not request. And in the READ & RUN ME FIRST we clearly stated not to make any changes to your PC that we do not request.

You downloaded and ran OTL which I did not request and we do not need.

I asked you to uninstall:
Ask Toolbar

But you also uninstalled:
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
COMODO Internet Security

And then you installed the below new programs which I did not request.
Advanced SystemCare Ultimate 6
Optimizer XP

However all that said, you are not having malware problems. You did not have any spyware, malware, or virus issues. You just had some junk that we removed in my last fix with OTM. If you still have issues, I suggest that you stop with the tweaking programs and post in the Software Forum.

Since you do not appear to have malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.

Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.

If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Log in or Sign up

Scan logs??

bonezz777 Private E-2

Attached Files:

MGlogs.zip

RKreport[1]_S_03282013_02d0728.txt

mbam-log-2013-03-28 (08-42-12).txt

HitmanPro_20130328_1014.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

bonezz777 Private E-2

Attached Files:

MGlogs.zip

Extras.Txt

OTL.Txt

04012013_094954.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member