Hello again lenny1250,
Eset Online Scan found nothing, that is good news.
Now we can get rid of the tools we used and the logs that they created from your computer.
Please follow my next set of steps:
- VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
- Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
o *If it is not on your Desktop, the below will not work.
- Click on your Start Menu, then Run....
- Now copy & paste the green bolded text in the run-box and click OK.
<Notice the space between the "x" and "/".> <--- It needs to be there
Windows vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall
- Please advise if this step is missed for any reason as it performs some important actions:
"This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".
Step 2. Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.
To help you with this chores do the following:
- Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
- Then Click the big button.
- You will get a prompt saying "Begin Cleanup Process". Please select Yes.
- Restart your computer when prompted.
OTL will delete itself and any logs that any of the tools produced.
I recommend keeping Malwarebyte's Anti-Malware to scan your computer regularly.
You can also delete JavaRa and the log it created from your desktop.If you don't plan to use ESET OnlineScan again, then you can uninstall it through Add/Remove Programs.
If you have done all of the above, Your Computer should be Clean of Malware.
Are things running okay? Do you have any more questions?
System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
The following can help speed up your computer:
Defragment files (Drive C) Defragmenting is a must.
It's one of the large reasons for system slowdowns. I use JkDefrag to defragment. You can use it forever. I recommend installing it and defragmenting as soon as possible
To improve performance I recommend to check this LINK.
OK...lenny1250, I'm not skilled at mincing words but I believe that by now you already figure it out how you got infected. So, especially for you I will use my long version of my "All Clean Canned Speech".
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.:
Please take the time to read below to secure your machine and take the necessary steps to keep it Clean, some of the following you may already have, So. just disregard them.
- Make sure that you keep your anti-virus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your anti-virus program to provide you with the best possible protection from malicious software.
Note: You should only have one anti-virus installed at a time. Having more than one anti-virus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
- Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
- If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
- Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector
- I suggest that you run it at least once a month.
Bottom line: the software you use every day is the biggest source of danger to your personal information. Keeping your software up to date is your best defense. You cannot afford to let vulnerabilities go unpatched.
- Make Internet Explorer more secure
You are using Internet Explorer, Therefore please read and follow the recommendations at this SITE
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- Backup regularly.
You never know when your PC will become unstable or get infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.
Alternatively, you can use 3rd-party programs to back up your data. It can be found at Bleeping Computer.
To help protect your computer in the future I would recommend the download and installation of some or all of the following free programs (if not already present), and the updating of them on a regular basis:.
- WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
*Green to go
*Yellow for caution
*Red to stop
WOT has an addon available for both Firefox and IE.
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
- McAfee Site Advisor --free version.
To give you an indication of which sites may contain bad links or suspect downloads. It loads an icon to the taskbar of your browser (versions for IE and Firefox), As you browse, a small button on your browser toolbar changes color based on SiteAdvisor's safety results indicating the trustworthiness of the site you are on. Green for safe and Red for suspicious. Click on the icon to access details that SiteAdvisor has about the site. It also gives the same colour indications in the results page when you do a Google search, making it easier to decide which sites are safe to visit. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. Safety ratings from McAfee SiteAdvisor appear next to search results. Works with Google, Yahoo!, Live Search, AOL or ASK.
This is a utility that can be downloaded and installed it from: HERE
SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
- ERUNT (Emergency Recovery Utility NT):
This utility allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
You can get this utility from: HERE and instructions how to Practice "Safe Computer" with regular automated Registry Backups with ERUNT from: HERE
- Hosts File - Hosts file is one such file that can be used to replace the Hosts file on your computer and help you to avoid accidentally visiting known nasty web sites.
For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:
Prevention: Stop and Disable the DNS Client Service
Go to Start, Run
and type Services.msc
and click OK
Under the Extended Tab, Scroll down and find this service. DNS Client
Right-Click on the DNS Client
Service. Choose Properties
Select the General
tab. Click on the Stop
Click the Arrow-down tab on the right-hand side at the Start-up Type
From the drop-down menu, click on Manual
Click the Apply
tab, then click OK
The Hosts file can be made read only and monitored for changes, or attempted changes. Programs such as >WinPatrol< do this very well.
If your Hosts file becomes infected, it can be reset by installing >HostsXpert<.
- Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
- Double-click HostsXpert.exe to run the program.
- Click "Make Hosts Writable?" in the upper right corner (If available).
- Click "Restore Microsoft's Hosts file" and then click "OK".
- Click the X to exit the program.
- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
- Use an alternative Internet Browser
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
To find out more information about how you got infected in the first place? and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.
To learn more about how to protect yourself while on the internet read this guide How did I get infected in the first place ?
Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.
Stay clean and be safe
That's it, happy surfing!
***If ComboFix tool helped you***, please kindly consider a donation to it's author, As you just experienced for yourself, ComboFix is a very effective tool. Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via:
I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!
I'd be grateful if you could reply to this post so that I know you have read it and if you've no other questions, the thread can be closed.