Hello,
I have 3 computers and I think all 3 have the same exact problem. They are all running slow. We fixed the first one here, thank you soo much!
I did the scans on the 2nd one… Here they are.
Do you see anything?
Hello,
I have 3 computers and I think all 3 have the same exact problem. They are all running slow. We fixed the first one here, thank you soo much!
I did the scans on the 2nd one… Here they are.
Do you see anything?
removers are notified, check back later today
Okay, thank you
Hi and Welcome!!
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I’d be grateful if you would note the following:
[] The fixes are specific to your problem and should only be used for the issues on this machine.
[] It’s often worth reading through these instructions and printing them for ease of reference.
[] If you don’t know or understand something, please don’t hesitate to say or ask!! It’s better to be sure and safe than sorry.
[] Please reply to this thread. Do not start a new topic.
[] If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
[]Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
Let me look these over and I will get back as quick as I can.
Hi,
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
IE - HKLM\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm238^YY^us&si=CD6891&ptb=A0E86070-9BCE-4A3A-93C8-8953F594CDB4&ind=2013051418&n=77fcba1a&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1935655697-57989841-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130626,19855,0,8,0
IE - HKU\S-1-5-21-1935655697-57989841-682003330-1003\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm238^YY^us&si=CD6891&ptb=A0E86070-9BCE-4A3A-93C8-8953F594CDB4&ind=2013051418&n=77fcba1a&psa=&st=sb&searchfor={searchTerms}
[2013/06/27 14:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Tag\Start Menu\Programs\NetAssistant
[2013/06/24 06:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\SearchDonkey
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2013/03/23 19:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Tag\Application Data\GetRightToGo
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
[resethosts]
[start explorer]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
Attach the new log made by OTL and let me know how your system is running now.
Hey Jeff!!
Thank you soooo much for your help. I’ve attached the logs as requested. Why the DNS flush? I’m no techy, just curious…
It seems to be running much smoother… At least so far!! Do you see anything else? Any recommendations? Wish I knew where this malware comes from.
Oh and I have, in my add remove programs, yahoo toolbar that I’ve tried to uninstall several times. When I click uninstall, it just sits there forever, nothing happens. All though I do not see it installed in IE. Any clues on that? Should I just leave it and not worry about it?
Thanks Again Jeff, You Rock!!
Hi,
Glad to hear your system is running better. The reason for the DNS flush is really just a bit of tidying up on the system.
Remind me later about the toolbar and we will come back to that ok?
When you ran OTL was there a log created named Extras.txt. Could you attach that please?
Hmmm no, no Extras.txt. I even did an all files and folders search and nothing??
Ok no problem…
Please open OTL.
[*]Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, click the None button near the top (it may looked greyed out)
[*]In the Extra Registry section change it to All
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
There we go!!
Good…
http://i1224.photobucket.com/albums/ee380/jeffce74/java-1.jpg
Java
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
http://i1224.photobucket.com/albums/ee380/jeffce74/java-1.jpg
See this page for instructions on how to clear java’s cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
[*]Under Temporary Internet Files, click the Delete Files button.[*]There are three options in the window to clear the cache - Leave ALL 3 Checked
Downloaded Applets
Downloaded Applications
Installed Applications and Applets[*]Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Java Control Panel.
http://i1224.photobucket.com/albums/ee380/jeffce74/mbam-3.jpg
Malwarebytes
ESET Online Scanner
Alrighty Jeff!
Apparently no threats found with either mbam or eset.
Here’s the mbam log, It seems eset only creates one if there are threats.
Great! Any other malware related problems?
Everything seems fine Jeff. Thank you sooo much for your help!!!
Sounds great!!
Providing there are no other malware related problems…
http://i149.photobucket.com/albums/s64/mxyzptlk1214/Vegeta.gif
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN
http://i1224.photobucket.com/albums/ee380/jeffce74/OTL.jpg
Clean up with OTL:
[*]Right-click and Run as Administrator OTL.exe to start the program.
[*]Close all other programs apart from OTL as this step will require a reboot
[*]On the OTL main screen, press the CLEANUP button
[*]Say Yes to the prompt and then allow the program to reboot your computer.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
[*]From within Internet Explorer click on the Tools menu and then click on Options.
[*]Click once on the Security tab
[*]Click once on the Internet icon so it becomes highlighted.
[*]Click once on the Custom Level button.
[*]Change the Download signed ActiveX controls to Prompt
[*]Change the Download unsigned ActiveX controls to Disable
[*]Change the Initialize and script ActiveX controls not marked as safe to Disable
[*]Change the Installation of desktop items to Prompt
[*]Change the Launching programs and files in an IFRAME to Prompt
[*]Change the Navigate sub-frames across different domains to Prompt
[*]When all these settings have been made, click on the OK button.
[*]If it prompts you as to whether or not you want to save the settings, press the Yes button.
[*]Next press the Apply button and then the OK to exit the Internet Properties page.
2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free
5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6. WOT (Web of Trust) As “Googling” is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT’s color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
7. Finally, I strongly recommend that you read Miekiemoes’ great advice How to prevent malware.