Went through all Read Me steps - Bugs / Virus Exists

Hello, Gary U


You need to attach (See: HOW TO: Attach Items To Your Post ) the remaining logs created while running the requested scans

• SASlog.txt log from SuperAntiSpyware.
• Malwarebytes Anti-Malware log
• ComboFix.txt (normally C:\ComboFix.txt)
• Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.

 

Hello, Gary U

The below fixes are specific to your problem and should only be used for issue(s) on this machine. Also, please do not install any other software while we are still working with you unless instructed. Once we have given you the all clean and final instructions you will be free to install what you want.


A few questions:

* Did you receive any error messages while running MGTools.exe?
* Did you try re-naming Malwarebytes' Anti-Malware before saving the download and running it?

Referring to: Your IE 6 problems

* Did you open any attachments or click on any links in an e-mail?
* Have you tried removing all add-ons & toolbars to see if the problem still occurs?
* Does this happen with other browsers?
* Have you tried installing IE 7 and turning on the anti-phishing filter? <--- Do NOT import anything from IE 6 .

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed

Step 2:
Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Step 3:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 4:
Using Windows Explorer - navigate to and delete the following:
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}



Step 5:
Click Start > Run and type in cmd

* Click OK.
* This will open a command prompt.
* Type or copy and paste the following line in the command window:
ipconfig /flushdns
* Hit Enter
* Exit the command window

Step 6:
Running HostXpert to Reset Default Hosts File
Download HostsXpert and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

Step 7:
Run Ccleaner

Step 8:
Now install the latest Sun Java Runtime Environment


Step 9:
Using this link ---> Using MGTools: Error Message Type 1

• Download and run "XPHomeFix"

Step 10:
Please make another attempt to get Malwarebytes Anti-Malware 1.33 downloaded/updated and ran.

Step 11:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

Then attach the below logs to your next reply:

• C:\MGlogs.zip
• re-named Malwarebytes Anti-Malware log

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

dr.m

 

Gary U


Some more questions:

1. Do you mean the PayPal link is legit but when you sign in you get redirected to a non-valid link?
   [*]Are you trying to create a new account or use an existing one?
   [*]If you already have an account what happens when you use another PC to connect to PayPal?
   [*]Instead of using the link you posted, what happens if you just enter https://www.paypal.com/

Step 1:
First - we need to dis-able Spybot's TeaTimer
How to disable Spybot's TeaTimer

Step 2:
There has been an update to MGTools.exe. Please use the below link and install the new release over your current version.
Windows XP Cleaning Procedure

Step 3:
Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Step 4:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 5:
Run Ccleaner and re-boot your pc

Step 6:
As a test - please install this browser and let me know if you still experience re-directs.
Mozilla Firefox 3 3.0.6


Step 6:
**SPECIAL INSTRUCTIONS**

Step 6:



Then attach the below logs to your next reply:

• C:\MGlogs.zip

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

dr.m

 

Ok, Gary U

Let's see if we can get some complete logs with this:

Please download this MGbeta.zip file to the C:\MGtools folder. Then extract the two files from it overwriting the current GetRunKey.bat and ShowNew.bat programs you have. Then double-click on the GetLogs.bat file in the C:\MGtools folder. When it finishes running, attach the new C:\MGlogs.zip file.

http://forums.majorgeeks.com/attachment.php?attachmentid=107805&d=1234855075

dr.m

 

Gary U

Please refer back to post #7 and answer my questions -

Step 6:
**SPECIAL INSTRUCTIONS**

 

You're Welcome!

If you are not having any other malware problems, it is time to do our final steps:

Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif