Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17
  1. #11
    Member
    Join Date
    May 2011
    Location
    Los Angeles County
    Posts
    11
    Points
    0

    Post Should I move on?

    Just trying to figure out whats going on? The logs were posted on the 16th. Im trying hard but to listen and not do anything else. I just need to know if I should move on.

    Thanks

  2. #12
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Hi abeachguy, I'm really sorry for the delay. In answer to your PM to me, no I have not taken over the logs here in the Spyware Forum. I am not qualified to do logs .. our expert has been called away as his job is with disaster services, either the big floods or the tornado. At present we only have one expert, occasionally another friend of Help2Go lends a hand, so hopefully he will pop in from time-to-time. We are all volunteers here and give what time we can to Help2Go. I'll forward this to him and hopefully he will be available soon. Your patience is appreciated. We cannot guarantee when he (they) will return and understand should you wish to post at another site.
    Last edited by Canuck; 05-25-2011 at 02:02 PM.


  3. #13
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi there

    Sorry for missing your topic........I will post new instructions in a few minutes.....thanks for waiting........at the same time please tell me what kind of issues you are having with your computer........

    Kind Regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  4. The Following User Says Thank You to Net_Surfer For This Useful Post:


  5. #14
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi again

    Here are the next set of steps to follow:

    Step 1.

    Update Adobe Reader

    Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
    • Go to Start > Control Panel > Add/Remove Programs (<<-- XP), Programs and Features if Vista/Win7.
    • Remove ALL instances of Adobe Reader
    • Re-boot your computer as required.
    • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader.


    Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >>here<< Foxit Reader has fewer add-ons therefore loads more quickly.

    NOTE: Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
    ============


    Step 2.
    Let's fix some issues with OTL by doing the following:

    Double click on the Icon at your desktop to run it.
    (Vista users right click and run as an Admin.)
    Copy the lines in the codebox below. (make sure that :Otl is on the first line ) just highlight everything in the code box (starting with :Otl ) and copy and paste it into the 'Custom scan/fix' box on OTL.
    Code:
    :otl
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
    
    :Files
    ipconfig /flushdns /c
    %systemroot%\prefetch\*.*
    
    :commands
    [PURITY]
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [REBOOT]
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    • Click the red Run Fix button.

    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.


    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles



    Step 3.

    * ESET Online Scan

    Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
    Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
    .

    You can use either Internet Explorer or Mozilla FireFox for this scan.
    NOTE:This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
    To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu
    .
    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    NOTE: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
    If you did not save the ESETScan log, click Start > Run..., then type or copy and paste everything inside the code box below into the Open dialogue box:

    Code:
    C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Click Ok and the scan results will open in Notepad.
    • Copy and paste the contents of log.txt in your next reply.


    In some instances if no malware is found there will be no log produced.

    Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
    ~~~~~~~~~~~~~

    Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    Summary of the logs I will need in your next reply:
    • The report log of OTL
    • The report log of Eset Online Scan.

    And a description of any remaining problems.

    How are things your end ???.


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  6. #15
    Member
    Join Date
    May 2011
    Location
    Los Angeles County
    Posts
    11
    Points
    0

    Post OTL and Esent Online scan logs

    Here are the logs you have requested. First will be the OTL log.


    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
    Starting removal of ActiveX control {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
    ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Owner\Desktop\cmd.bat deleted successfully.
    C:\Users\Owner\Desktop\cmd.txt deleted successfully.
    C:\Windows\prefetch\ADOBEAIRINSTALLER.EXE-2AD72092.pf moved successfully.
    C:\Windows\prefetch\ADOBEUPDATER.EXE-D873744E.pf moved successfully.
    C:\Windows\prefetch\AgAppLaunch.db moved successfully.
    C:\Windows\prefetch\AgCx_S1_S-1-5-21-358316690-759560210-1472429137-1000.snp.db moved successfully.
    C:\Windows\prefetch\AgCx_SC1.db moved successfully.
    C:\Windows\prefetch\AgCx_SC1.db.trx moved successfully.
    C:\Windows\prefetch\AgGlFaultHistory.db moved successfully.
    C:\Windows\prefetch\AgGlFgAppHistory.db moved successfully.
    C:\Windows\prefetch\AgGlGlobalHistory.db moved successfully.
    C:\Windows\prefetch\AgGlUAD_P_S-1-5-21-358316690-759560210-1472429137-1000.db moved successfully.
    C:\Windows\prefetch\AgGlUAD_S-1-5-21-358316690-759560210-1472429137-1000.db moved successfully.
    C:\Windows\prefetch\AgRobust.db moved successfully.
    C:\Windows\prefetch\APPCRASHVIEW.EXE-7EB9A8EF.pf moved successfully.
    C:\Windows\prefetch\ARH.EXE-CAB74BF0.pf moved successfully.
    C:\Windows\prefetch\ATBROKER.EXE-FF58B71D.pf moved successfully.
    C:\Windows\prefetch\AUTORUNS.EXE-B55E7477.pf moved successfully.
    C:\Windows\prefetch\AU_.EXE-15161777.pf moved successfully.
    C:\Windows\prefetch\AVCENTER.EXE-087DA68F.pf moved successfully.
    C:\Windows\prefetch\AVCONFIG.EXE-25BB6BD8.pf moved successfully.
    C:\Windows\prefetch\AVSCAN.EXE-1FDA38F3.pf moved successfully.
    C:\Windows\prefetch\AVWSC.EXE-877F4F63.pf moved successfully.
    C:\Windows\prefetch\BLUESCREENVIEW.EXE-456AD97B.pf moved successfully.
    C:\Windows\prefetch\CCLEANER.EXE-CC440CDB.pf moved successfully.
    C:\Windows\prefetch\CHECKT.EXE-E99D2731.pf moved successfully.
    C:\Windows\prefetch\CMD.EXE-89305D47.pf moved successfully.
    C:\Windows\prefetch\CONSENT.EXE-65F6206D.pf moved successfully.
    C:\Windows\prefetch\CONTROL.EXE-9459D5A0.pf moved successfully.
    C:\Windows\prefetch\CREDWIZ.EXE-A06CE87B.pf moved successfully.
    C:\Windows\prefetch\CSCRIPT.EXE-E4C98DEB.pf moved successfully.
    C:\Windows\prefetch\CSRSS.EXE-8C04D631.pf moved successfully.
    C:\Windows\prefetch\DDS.SCR-855CB756.pf moved successfully.
    C:\Windows\prefetch\DEFRAG.EXE-7E9BCAB4.pf moved successfully.
    C:\Windows\prefetch\DFRGNTFS.EXE-4F838A89.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-7D2183B8.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-7EA5E62D.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-893DDF55.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-8F28AB0E.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-928474CF.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-C5C55E89.pf moved successfully.
    C:\Windows\prefetch\DLLHOST.EXE-D59299D2.pf moved successfully.
    C:\Windows\prefetch\DRVINST.EXE-5F8E77CD.pf moved successfully.
    C:\Windows\prefetch\DWM.EXE-AEABE78B.pf moved successfully.
    C:\Windows\prefetch\ECLEA2_0.EXE-A9F12930.pf moved successfully.
    C:\Windows\prefetch\EXPLORER.EXE-7A3328DA.pf moved successfully.
    C:\Windows\prefetch\FIND.EXE-162DFE58.pf moved successfully.
    C:\Windows\prefetch\FINDSTR.EXE-4176B665.pf moved successfully.
    C:\Windows\prefetch\FLASHUTIL10N_ACTIVEX.EXE-D33C8447.pf moved successfully.
    C:\Windows\prefetch\FREECELL.EXE-5A876790.pf moved successfully.
    C:\Windows\prefetch\GETPLUSPLUS_ADOBE.EXE-7D104664.pf moved successfully.
    C:\Windows\prefetch\GETPLUSPLUS_ADOBE_REG.EXE-3FB9D36F.pf moved successfully.
    C:\Windows\prefetch\GMER.EXE-49B8EBCB.pf moved successfully.
    C:\Windows\prefetch\GOOGLECRASHHANDLER.EXE-ED0BF623.pf moved successfully.
    C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_EN32_S-554CC277.pf moved successfully.
    C:\Windows\prefetch\GOOGLETOOLBARMANAGER_223E2B8E-33BF5638.pf moved successfully.
    C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-B3E65CF6.pf moved successfully.
    C:\Windows\prefetch\GOOGLEUPDATE.EXE-73D1F510.pf moved successfully.
    C:\Windows\prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf moved successfully.
    C:\Windows\prefetch\GOOGLEUPDATERSERVICE.EXE-600E0B48.pf moved successfully.
    C:\Windows\prefetch\GOOGLEUPDATERSERVICE_5898FABC-52C691DD.pf moved successfully.
    C:\Windows\prefetch\GOOGLEUPDATESETUP_08959B9F761-6F5EE954.pf moved successfully.
    C:\Windows\prefetch\GRPCONV.EXE-CAFD68AE.pf moved successfully.
    C:\Windows\prefetch\HELPPANE.EXE-D1016F9E.pf moved successfully.
    C:\Windows\prefetch\HPHC_SERVICE.EXE-B8B935C8.pf moved successfully.
    C:\Windows\prefetch\IEINSTAL.EXE-6C8EA198.pf moved successfully.
    C:\Windows\prefetch\IEXPLORE.EXE-1B894AFB.pf moved successfully.
    C:\Windows\prefetch\IPCONFIG.EXE-62724FE6.pf moved successfully.
    C:\Windows\prefetch\JAVA.EXE-066C5985.pf moved successfully.
    C:\Windows\prefetch\Layout.ini moved successfully.
    C:\Windows\prefetch\LOGONUI.EXE-1BEE4A84.pf moved successfully.
    C:\Windows\prefetch\MBAM.EXE-CD3441D7.pf moved successfully.
    C:\Windows\prefetch\MBR.DAT-EA3D3628.pf moved successfully.
    C:\Windows\prefetch\MINITOOLBOX.EXE-B585152D.pf moved successfully.
    C:\Windows\prefetch\MMC.EXE-348AF965.pf moved successfully.
    C:\Windows\prefetch\MMC.EXE-D880093C.pf moved successfully.
    C:\Windows\prefetch\MSCORSVW.EXE-FAA88858.pf moved successfully.
    C:\Windows\prefetch\MSIEXEC.EXE-B5AFA339.pf moved successfully.
    C:\Windows\prefetch\NET.EXE-1DF3A2F6.pf moved successfully.
    C:\Windows\prefetch\NET1.EXE-B8A8247B.pf moved successfully.
    C:\Windows\prefetch\NETPLWIZ.EXE-23BBB05C.pf moved successfully.
    C:\Windows\prefetch\NETSH.EXE-3DD790C5.pf moved successfully.
    C:\Windows\prefetch\NOTEPAD.EXE-EB1B961A.pf moved successfully.
    C:\Windows\prefetch\NSLOOKUP.EXE-0E49F32A.pf moved successfully.
    C:\Windows\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
    C:\Windows\prefetch\NVVSVC.EXE-261BA731.pf moved successfully.
    C:\Windows\prefetch\PERFMON.EXE-F629ACAE.pf moved successfully.
    C:\Windows\prefetch\PEV.DAT-7E25024F.pf moved successfully.
    C:\Windows\prefetch\PEV.DAT-EAEA2192.pf moved successfully.
    C:\Windows\prefetch\PfSvPerfStats.bin moved successfully.
    C:\Windows\prefetch\PING.EXE-B29F6629.pf moved successfully.
    C:\Windows\prefetch\PRESENTATIONSETTINGS.EXE-6F4C5E34.pf moved successfully.
    C:\Windows\prefetch\RACAGENT.EXE-722E4A9C.pf moved successfully.
    C:\Windows\prefetch\REG.EXE-26976709.pf moved successfully.
    C:\Windows\prefetch\REGSVR32.EXE-55A4EE79.pf moved successfully.
    C:\Windows\prefetch\ROUTE.EXE-AA5DBD7E.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-0D7CEE19.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-1D3414A4.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-2C9F3483.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-3835B2A2.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-58F995EB.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-8AD2F179.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-905D47B9.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-C0B31836.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-C0B4A35C.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-CE557EE2.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-E447C111.pf moved successfully.
    C:\Windows\prefetch\RUNDLL32.EXE-E7E324B2.pf moved successfully.
    C:\Windows\prefetch\RUNONCE.EXE-E33ED995.pf moved successfully.
    C:\Windows\prefetch\SCHTASKS.EXE-2DE769BF.pf moved successfully.
    C:\Windows\prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf moved successfully.
    C:\Windows\prefetch\SEARCHINDEXER.EXE-77D27BAC.pf moved successfully.
    C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf moved successfully.
    C:\Windows\prefetch\SEARCHWITHGOOGLEUPDATE_6805C1-2766BA13.pf moved successfully.
    C:\Windows\prefetch\SED.DAT-11E1B1D7.pf moved successfully.
    C:\Windows\prefetch\SED.DAT-A51C9294.pf moved successfully.
    C:\Windows\prefetch\SMSS.EXE-1DCD0EB1.pf moved successfully.
    C:\Windows\prefetch\SNDVOL.EXE-783DCB11.pf moved successfully.
    C:\Windows\prefetch\SORT.EXE-CDAF7663.pf moved successfully.
    C:\Windows\prefetch\SVCHOST.EXE-135A30D8.pf moved successfully.
    C:\Windows\prefetch\SVCHOST.EXE-42F5CAB0.pf moved successfully.
    C:\Windows\prefetch\SVCHOST.EXE-7488A139.pf moved successfully.
    C:\Windows\prefetch\SVCHOST.EXE-8FD92526.pf moved successfully.
    C:\Windows\prefetch\SVCHOST.EXE-E2D30E5C.pf moved successfully.
    C:\Windows\prefetch\SWREG.DAT-904263FB.pf moved successfully.
    C:\Windows\prefetch\SYNTPHELPER.EXE-4B6F43CF.pf moved successfully.
    C:\Windows\prefetch\TASKENG.EXE-5BAF290C.pf moved successfully.
    C:\Windows\prefetch\TASKMGR.EXE-72398DC0.pf moved successfully.
    C:\Windows\prefetch\TRACERPT.EXE-FFFB06FC.pf moved successfully.
    C:\Windows\prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf moved successfully.
    C:\Windows\prefetch\UNINSTALLER.EXE-5DB045C8.pf moved successfully.
    C:\Windows\prefetch\UNSECAPP.EXE-CD982D99.pf moved successfully.
    C:\Windows\prefetch\USERINIT.EXE-F39AB672.pf moved successfully.
    C:\Windows\prefetch\VDS.EXE-AD27F0DC.pf moved successfully.
    C:\Windows\prefetch\VDSLDR.EXE-85F9A1C6.pf moved successfully.
    C:\Windows\prefetch\VERCLSID.EXE-4D95F5A7.pf moved successfully.
    C:\Windows\prefetch\VSSVC.EXE-04D079CC.pf moved successfully.
    C:\Windows\prefetch\WERFAULT.EXE-B7E27BE5.pf moved successfully.
    C:\Windows\prefetch\WERMGR.EXE-2A1BCBC7.pf moved successfully.
    C:\Windows\prefetch\WINLOGON.EXE-8163EECC.pf moved successfully.
    C:\Windows\prefetch\WMIADAP.EXE-369DF1CD.pf moved successfully.
    C:\Windows\prefetch\WMIPRVSE.EXE-43972D0F.pf moved successfully.
    C:\Windows\prefetch\WSCRIPT.EXE-65A9658F.pf moved successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 30316180 bytes
    ->Temporary Internet Files folder emptied: 11013734 bytes
    ->Java cache emptied: 52 bytes
    ->Flash cache emptied: 2831327 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 78677 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 42.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 05252011_215125
    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\Temporary Internet Files\Low\Content.IE5\OXWS2HWY\108010-hijackthis-log-file-now-what[1].html moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    Registry entries deleted on Reboot...

    Here is the Eset online scan.


    C:\Documents and Settings\Owner\AppData\LocalLow\Retrogamer_2z\bar\setups\RetrogamerAuto.exe probably a variant of Win32/Toolbar.MyWebSearch.L application
    C:\Program Files\Retrogamer_2zEI\Installr\1.bin\2zEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
    C:\Users\Owner\AppData\LocalLow\Retrogamer_2z\bar\setups\RetrogamerAuto.exe probably a variant of Win32/Toolbar.MyWebSearch.L application

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6522
    # api_version=3.0.2
    # EOSSerial=154875ae05c67a4a83db0fc0bc314f1e
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-05-26 07:26:59
    # local_time=2011-05-26 12:26:59 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=5892 16776573 100 100 0 142995007 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=172751
    # found=3
    # cleaned=0
    # scan_time=7339
    C:\Documents and Settings\Owner\AppData\LocalLow\Retrogamer_2z\bar\setups\RetrogamerAuto.exe probably a variant of Win32/Toolbar.MyWebSearch.L application (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Retrogamer_2zEI\Installr\1.bin\2zEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Owner\AppData\LocalLow\Retrogamer_2z\bar\setups\RetrogamerAuto.exe probably a variant of Win32/Toolbar.MyWebSearch.L application (unable to clean) 00000000000000000000000000000000 I

    It said it found 3 W32toolbar variants maybe. Its all there but I just remembered I didnt disable Windows Defender. Im going to run the scan again with out Windows Defender.


    Thanks so much.







  7. #16
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hi

    update malwarebytes and then run a quick scan.......run S&D Toolbar tool again.....and do another virus scan this time use Kaspersky, or house call :

    Let's do another online scan but this time we will use Kaspersky.

    Please perform an online scan with: Kaspersky WebScanner.
    (Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
    • The program will launch and fill in the Information section ... on the left.
    • Read the "Requirements and Limitations" then press... the ...button.
    • The program will begin downloading the latest program and definition files.
      It takes a while... please be patient and let it finish.
    • Once the files have been downloaded, click on the ...button.
      In the scan settings make sure the following are selected:
      • Detect malicious programs of the following categories:
        Viruses, Worms, Trojan Horses, Rootkits
        Spyware, Adware, Dialers and other potentially dangerous programs
      • Scan compound files (doesn't apply to the File scan area):
        Archives
        Mail databases
        By default the above items should already be checked.
      • Click the ...button, if you made any changes.
    • Now under the Scan section on the left:
      • Select My Computer
    • The program will start and scan your system. This will run for a while, be patient... let it run.
      Once the scan is complete, it will display if your system has been infected.
    • Save the scan results as a Text file ... save it to your desktop.
    • Copy and paste the saved scan results file in your next reply.

    **Note**
    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan.


    Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    You can also use Trend Micro HouseCall and ensure that you select the version for your os:

    Think your PC is infected? HouseCall can quickly identify and fix a wide range of threats including viruses, worms, Trojans, and spyware. It is now faster, more powerful and browser independent!

    WHAT'S NEW?- Full scan and custom scan options, in addition to Quick Scan.

    - Support for 64-bit, Windows 7, and Windows 7 SP1.
    HouseCall 7.1 Download HouseCall 7.1 (32-bit) | download icon Download HouseCall 7.1 (64-bit)

    HouseCall - Free Online Virus Scan - Trend Micro USA
    ==============================================================
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  8. #17
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello again

    After you had run the other online virus scan post the logs and complete the following steps.

    It's time to clean up all of the tools we used and the logs they created.

    Please Follow my next set of final instructions and read how to secure and speed up your computer:

    Clean-up & Prevention:

    Please follow my next set of steps:

    Step 1.

    Uninstall Combofix
    • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
    • Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
      o *If it is not on your Desktop, the below will not work.
    • Click on your Start Menu, then Run....
    • Now copy & paste the green bolded text in the run-box and click OK.

      ComboFix /Uninstall

      <Notice the space between the "x" and "/".> <--- It needs to be there
      Windows vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall
    • Please advise if this step is missed for any reason as it performs some important actions:

    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".


    Note: If you have trouble and it doesn't want to uninstall using the method described above, you can rename ComboFix.exe to Uninstall.exe and double click on it to uninstall it.


    Step 2.

    Restart MBAM.

    Click on the Quarantine tab
    Make sure everything is selected and then click Delete All.

    Close MBAM.

    Step 3.

    Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

    To help you with this chores do the following:


    • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
    • Then Click the big button.
    • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
    • Restart your computer when prompted.


    OTL will delete itself and any logs that any of the tools produced.

    Step 4.

    Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin.

    You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (The Control Panel is different in different versions of Windows. It will be Programs and Features in Vista and Programs > Uninstall a Program in 7)

    You might want to keep MalwareBytes AntiMalware though and that's fine Make sure you update it before you run the scans in the future.

    • Use Control Panel, Add or Remove Programs (if Windows Xp, Win7 and Vista: Programs and Features) and Uninstall any entry related to an On-Line scanner we may have used. If you find any files or folders created during this cleanup operation remaining, please feel free to delete them.
    • Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
    • If I asked you to Disable something like TeaTimer or another malware blocker, please go ahead an re-enable them if you wish.



    Step 5.

    Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    The easiest and safest way to do this is:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then use Disk Cleanup to remove all but the most recently created Restore Point.
    • Go to Start > Run and type: Cleanmgr
    • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
    • Click the "More Options" tab, then click the "Clean up" button under System Restore.
    • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
    • Click Yes, then click Ok.
    • Click Yes again when prompted with "Are you sure you want to perform these actions?"
    • Disk Cleanup will remove the files and close automatically.
    Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

    Windows 7 follow this instructions to delete old restore points and how to create a new one:
    Click on Start... Control Panel... System and Maintenance... System
    Click on System Protection in the left-hand task list.
    Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.

    When you uncheck a disk you will be presented with a screen.
    You should click on the Turn System Protection Off button.
    Click Apply and then OK.

    Reboot your computer.

    Now:
    Click on Start... Control Panel... System and Maintenance... System
    Click on System Protection in the left-hand task list.
    Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
    Click Apply and then OK.

    Your System restore will now be active again... starting with a new restore point.

    If you have done all of the above, Your Computer should be Clean of Malware.
    CONGRATULATIONS.



    Are things running okay? Do you have any more questions?

    System Still Slow?

    Is your computer running slower? You may have too many startup programs bogging it down. It's easy to address this problem by tweaking the startup programs on your computer.

    Follow these steps on the following tutorial to help speed up your computer.

    >> How to Change Startup Programs on Your Computer manually or using WinPatrol <<

    Choose between doing this manually or with the help of a program. Either way, you need to look up what you can disable and what you need to keep enabled. Keep in mind there are many programs written to make this task easier, using a program might save you some time.

    Simply download WinPatrol tool from: HERE to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

    If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

    The following can also help speed up your computer:

    Defragment files (Drive C) Defragmenting is a must.

    It's one of the large reasons for system slowdowns. I use > JkDefrag < to defragment. You can use it forever. I recommend installing it and defragmenting as soon as possible

    To improve performance I recommend to check this LINK.

    Windows7: Optimize Windows 7 for better performance Go to this page

    Having trouble with your computer?

    Even if you don't know a computer language (or want to), you can solve several common PC problems on your own.

    Read this Tutorial: (In this article= F1 is magic: Get help on your PC, The basics, Locating the problem, Software errors, Internet Connectivity, Hardware trouble, System failure)

    >> Fix common PC problems <<

    Is Your Wireless Network Safe?

    The purposes of wireless security is to keep unauthorized parties from using the wireless Internet access that you pay for, and to keep unauthorized parties from accessing the computers on your wireless network. For home and small business wireless network operators, "unauthorized parties" are usually not mastermind cybercriminals but casual freeloaders.

    Your wireless network's range is a few hundred yards, at most. That means the people most likely to "hack" into your WiFi network are your neighbors and transient passersby. Fortunately, it does not take much to deter such gate-crashers. A few easy, free tweaks to your WiFi router's settings are enough.


    See this tutorial: How can I make sure that nobody can secretly access my computers through a wireless connection. By: Bob Rankin.


    ---------------------------^--------------------------------



    Prevention:

    Take the following steps to help prevent infection on your computer:

    Use an AntiVirus Software

    It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

    Use up-to-date antivirus software
    Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software, such as Microsoft Security Essentials, that is updated with the latest signature files.
    For more information, see Windows 7: Consumer security software providers.

    To assist in the prevention of malicious software intrusion and infections:

    Please remember to keep antivirus software on board and always use it's real time protection feature. Run a complete system scan at least once a week...preferably in Safe mode.

    If your antivirus program is a licensed version that is about to expire, you can consider using one of these available free on the public domain:

    Microsoft Security Essentials
    AntiVir Personal Edition Classic
    Avast! 6 Free Home Edition

    Those of us in the online safety/security community have tried and tested these programs to determine their abilities. Having in mind, nothing is ever a guarantee regarding computer security, these programs nevertheless, combined with the rest of these recommendations are certain to have an impact in helping to keep your system running free and clear. I personally have been completely satisfied from having tested and used each one of those at one time or another.

    Windows Vista and Windows 7 have a software firewall built in and activated by default. And, just as with Windows XP, it's not quite the best defense, although it is a little better than it's predecessor.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:
    Sunbelt Personal Firewall

    *** Zone Alarm Beware This download includes the Ask Toolbar...The ZoneAlarm Spy Blocker toolbar is powered by "Ask.com". The "Ask" search engine will cause "targeted" ads to be presented to you based upon the content of the web pages you visit, any personally identifiable information you have provided to "Ask.com", or keywords appearing in your search queries. Many security experts consider this type of behavior offensive...Windows 2k/XP/Vista

    Outpost Free

    Comodo...I highly recommend this firewall, but it may just be best suited for advanced users.


    Enable a firewall on your computer:

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

    Use a third-party firewall product or turn on the Microsoft Windows Internet Connection Firewall.
    Visit Microsoft's Windows Update Site Frequently

    It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    Get the latest computer updates
    Updates help protect your computer from viruses, worms, and other threats as they are discovered. It is important to install updates for all the software that is installed in your computer. These are usually available from vendor websites.

    You can use the Automatic Updates feature in Windows to automatically download future Microsoft security updates while your computer is on and connected to the Internet.
    ==============***============

    Recommended Programs:

    To help protect your computer in the future I would recommend the download and installation of some or all of the following free programs (if not already present), and the updating of them on a regular basis:
    .
    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      *Green to go
      *Yellow for caution
      *Red to stop
      WOT has an addon available for both Firefox and IE.
    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit > HERE <.
    • McAfee Site Advisor --free version.
      To give you an indication of which sites may contain bad links or suspect downloads. It loads an icon to the taskbar of your browser (versions for IE and Firefox), As you browse, a small button on your browser toolbar changes color based on SiteAdvisor's safety results indicating the trustworthiness of the site you are on. Green for safe and Red for suspicious. Click on the icon to access details that SiteAdvisor has about the site. It also gives the same colour indications in the results page when you do a Google search, making it easier to decide which sites are safe to visit. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. Safety ratings from McAfee SiteAdvisor appear next to search results. Works with Google, Yahoo!, Live Search, AOL or ASK.
      This is a utility that can be downloaded and installed it from: > HERE <
    • SpywareBlaster
      SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see > HERE <. You can download SpywareBlaster from HERE.
    • ERUNT (Emergency Recovery Utility NT):
      This utility allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
      You can get this utility from: > HERE < and instructions how to Practice "Safe Computer" with regular automated Registry Backups with ERUNT from: > HERE <
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera
      If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
    • MVPs hosts file.
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on the hosts file, and what it can do for you, please consult the Tutorial on the Hosts file.



    Limit user privileges on the computer:
    Starting with Windows Vista and Windows 7, Microsoft introduced User Account Control (UAC), which, when enabled, allowed users to run with least user privileges. This scenario limits the possibility of attacks by malware and other threats that require administrative privileges to run.

    You can configure UAC in your computer to meet your preferences:

    Secure Your Software: Update Non-Microsoft Programs by using PSI Secunia Personal Software Inspector:

    Microsoft isn't the only company whose products can contain security vulnerabilities.

    Is your computer really secure?
    If you have antivirus software, malware scanners and a firewall, you might think you'e safe from hackers, crackers and identity thieves. But chances are, you're missing one critical piece of the security puzzle. Read on to learn how to secure your software and truly lock down your computer:

    What's the Missing Link in Computer Security?

    You may feel safe behind a firewall and anti-virus software. But you're not. Bad guys can still get to your personal information stored on your computer, and even take over your computer and run it as if it was their own. The gap in your armor? It's the application software you use every day. Let's look at just one recent example.

    Do you ever read Adobe PDF files, in your browser or with Adobe Reader after downloading? Tens of millions of people do; PDF is one of the most widely used file formats. In July 2009, hackers found a way to embed malware in PDF files using the equally popular Adobe Flash animation format. Even anti-virus software developers like Symantec were caught off-guard by this obscure vulnerability. New vulnerabilities are discovered in application software every hour, it seems.

    Software developers issue patches and updates that close these doors to hackers in a never-ending game of Whack-A-Mole. Vulnerability pops up here, hit it with a patch. Another pops up over there, hit it with another patch. Developers provide the patches, but it's up to you, the end user, to whack the moles.
    Staying on Top of Application Security

    It's vital to keep all your software up to date with the latest patches and upgrades. But the average computer holds about 80 application programs! How can you keep up with it all?

    _First, concentrate on the programs that are most often targeted by bad guys. They are the most commonly used programs: Microsoft Office, Adobe Reader, Internet Explorer, etc. The more people there are using a program, the more targets there are for a hacker's arrows. Naturally, the hacker goes after the biggest potential "market" for his malware.

    _Second, activate automatic update
    features when they are available. Then your software will check its home site for patches and upgrades every day, or week, or whatever. It can download and install updates without bothering you at all, or tell you when updates are available and give you the choice of when to install them.

    Some security experts tell you to turn off automatic updates because a connection to a server is an open line through which hackers can invade your computer. But turning off auto-update closes one door while leaving untold numbers of others wide open. Who are you kidding? You're not going to remember to check for updates manually on a regular basis. You'll let it slide until your software is so outdated it contains dozens of vulnerabilities. Leave auto-update on and let the software remember for you.

    _Third, you can check all the software on your computer for vulnerabilities using something like the >> Secunia Personal Software Inspector << (PSI). This free program comes from a trusted security site, and scans your software for known vulnerabilities. It will tell you which programs need updating and provide links to sites where you can download patches.

    I ran PSI while researching the issue of software security, and I was very surprised by the results. I have security software in place, and I thought I was keeping up with all my patches. I felt pretty confident about the security of my computer. But PSI flagged Adobe Reader, Flash, Skype, iTunes, QuickTime, Java and a few others as needing updates. At least SIX of the vulnerabilities were marked Critical, meaning that under certain circumstances, an Evil Hacker could exploit them to gain complete control over my computer. Yikes.


    Bottom line... the software you use every day is the biggest source of danger to your personal information. Keeping your software up to date is your best defense. You cannot afford to let vulnerabilities go unpatched.


    Use caution when opening attachments and accepting file transfers:
    Exercise caution with email and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources.

    Use caution when clicking on links to web pages:
    Exercise caution with links to web pages that you receive from unknown sources, especially if the links are to a webpage that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in your computer simply by visiting a webpage with harmful content.

    Avoid downloading pirated software:
    Threats may also be bundled with software and files that are available for download on various torrent sites. Downloading "cracked" or "pirated" software from these sites carries not only the risk of being infected with malware, but is also illegal. For more information, see 'The risks of obtaining and using pirated software'.

    Protect yourself from social engineering attacks:
    While attackers may attempt to exploit vulnerabilities in hardware or software to compromise a computer, they also attempt to exploit vulnerabilities in human behavior to do the same. When an attacker attempts to take advantage of human behavior to persuade the affected user to perform an action of the attacker's choice, it is known as 'social engineering'. Essentially, social engineering is an attack against the human interface of the targeted computer. For more information, see 'What is social engineering?'.

    Use strong passwords:
    Attackers may try to gain access to your Windows account by guessing your password. It is therefore important that you use a strong password one that cannot be easily guessed by an attacker. A strong password is one that has at least eight characters, and combines letters, numbers, and symbols.
    For more information, see Strong Passwords | Microsoft Security.
    The top 50 passwords you should never use

    To protect yourself against malware and reduce your chance of reinfection in the future, I strongly recommend you have a look at following links (giving some advice and tips), (Tip of the hat to htv8):If you are interested in learning more and joining the fight against malware please visit the Malware Removal Trainning Program thread.

    Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

    Stay clean and be safe

    That's it!!!

    Happy surfing!

    Cheers
    Net_Surfer



    ***If ComboFix tool helped you***, please kindly consider a donation to it's author, As you just experienced for yourself, ComboFix is a very effective tool. Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via:


    I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

    I'd be grateful if you could reply to this post so that I know you have read it and if you've no other questions, the thread can be closed.
    =========
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

Page 2 of 2 FirstFirst 12