Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Help Maybe infected
#13
  • Step 5

    System Restore maintains a backup of your programs however it may also backup infections therefore constant flushing is required to create a clean Restore Point.

    1. On the Desktop, right-click My Computer > Properties > System Restore tab.
    2. Check Turn off System Restore.
    3. Click Apply > Yes.
    4. Please wait a few moments to let it clear.
    5. After doing so, remove the check from Turn off System Restore.
    6. Click Apply > OK.
    7. System Restore will be working again and will have a new Restore Point.
  • Step 6

    My analysis shows me that you have Ask Toolbar installed in your system.

    I strongly recommend you remove the program from your system for the following reasons:
    • It promotes its toolbars on sites targeted at kids.
    • It promotes its toolbars through ads that appear to be part of other companies' sites.
    • It promotes its toolbars through other companies' spyware.
    • It is installed without any disclosure whatsoever and without any consent from the user whatsoever thereby considering it as foistware.
    • It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
    • It makes confusing changes to user's browsers - increasing Ask Toolbar's revenues while taking users to pages they didn't intend to visit.

    You can view more of that from 'this' site. Another recommended read would be 'this' article.

    Now in accordance to these facts, I will now present to you the proper way of removal.
    • Click Start > Control Panel > Add or Remove Programs.
    • Locate and select AskBarDis or Ask Toolbar on the list and click the Remove button.
    • Follow the on-screen steps which concerns the removal.
    • Now delete the following folder C:\Program Files\AskBarDis or C:\Program Files\AskToolbar and empty your Recycle Bin.
  • Step 7

    Looking at your log, I have seen that you have the program(s) below installed. I highly suggest a removal through Add or Remove Programs or Programs and Features. I am asking you this for I have seen negative feedback from users. Should the program(s) in question be utterly clean, no such comment should be seen. Take this as a pre-cautionary measure. Better safe than sorry.

    The list below shows the program(s) with poor or flawed reputation that you currently have installed in your system:
    • DVDVideoSoftTB Toolbar
    • Messenger Plus! Live
    • MyShoppingGenie
    • Registry Reviver

    Please respond back if you encounter difficulties uninstalling the program(s).
  • Step 8

    Please run HijackThis as Administrator. Click 'Do a system scan only' and place a check next to the following line(s) if present:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf&s={searchTerms}&f=4
    O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [mnumsg.exe] C:\Program Files\MyShoppingGenie\mnumsg.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')


    Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.
  • Step 9

    Please download the OTM File Mover from 'here'. Please click the Go (Arrow Button) or press Enter in the URL address bar to start the download.
    • Save it to your Desktop.
    • Please double-click OTM.exe to run it.
    • Copy the lines inside the Code box below to the Clipboard by highlighting all of the content and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes
      explorer.exe

      :Files
      c:\windows\system32\roboot.exe

      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
    • Click the red MoveIt! button.
    • Copy everything in the Results window to the Clipboard by highlighting all of the content and by pressing CTRL + C (or, after highlighting, right-click and choose Copy).
    • Paste it in your next reply.
    • Close OTM.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad) and click File > Open. In the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present. Copy and paste the contents of that document back here in your next post.
  • In your next post, please provide the following:
    • A Fresh HijackThis (HJT) Log
    • Deckard's System Scanner (DDS) Logs
      • DDS.txt
      • Attach.txt
  • Format of Response

    Code:
    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Link To Requested Logs:[/b][/color]
Reply


Messages In This Thread
Help Maybe infected - by Veran - 03-28-2011, 01:22 PM
RE: Help Maybe infected - by RDCA - 03-28-2011, 01:39 PM
RE: Help Maybe infected - by GrammarPhreak - 03-28-2011, 02:25 PM
RE: Help Maybe infected - by Veran - 03-28-2011, 02:31 PM
RE: Help Maybe infected - by h4yr0 - 03-28-2011, 03:11 PM
RE: Help Maybe infected - by RDCA - 03-28-2011, 03:57 PM
RE: Help Maybe infected - by Veran - 03-28-2011, 04:13 PM
RE: Help Maybe infected - by RDCA - 03-28-2011, 04:16 PM
RE: Help Maybe infected - by Quintus - 03-29-2011, 06:47 AM
RE: Help Maybe infected - by Veran - 03-29-2011, 10:40 AM
RE: Help Maybe infected - by Quintus - 03-29-2011, 07:23 PM
RE: Help Maybe infected - by Veran - 03-30-2011, 05:25 PM
RE: Help Maybe infected - by Quintus - 03-31-2011, 07:00 PM
RE: Help Maybe infected - by Veran - 04-01-2011, 10:51 AM
RE: Help Maybe infected - by AceInfinity - 04-01-2011, 12:07 PM
RE: Help Maybe infected - by Veran - 04-01-2011, 12:17 PM
RE: Help Maybe infected - by AceInfinity - 04-01-2011, 12:26 PM
RE: Help Maybe infected - by Veran - 04-01-2011, 05:37 PM
RE: Help Maybe infected - by Quintus - 04-01-2011, 05:56 PM
RE: Help Maybe infected - by Veran - 04-02-2011, 04:29 AM
RE: Help Maybe infected - by AceInfinity - 04-01-2011, 08:32 PM
RE: Help Maybe infected - by Quintus - 04-02-2011, 08:08 AM
RE: Help Maybe infected - by Veran - 04-03-2011, 05:41 AM
RE: Help Maybe infected - by Alex Last - 04-03-2011, 06:17 AM
RE: Help Maybe infected - by Veran - 04-03-2011, 06:57 AM
RE: Help Maybe infected - by Quintus - 04-03-2011, 10:23 AM
RE: Help Maybe infected - by Veran - 04-03-2011, 02:11 PM
RE: Help Maybe infected - by Quintus - 04-04-2011, 07:40 AM
RE: Help Maybe infected - by Veran - 04-04-2011, 09:06 AM
RE: Help Maybe infected - by Quintus - 04-05-2011, 03:56 AM
RE: Help Maybe infected - by Veran - 04-05-2011, 08:59 AM
RE: Help Maybe infected - by Quintus - 04-06-2011, 07:50 AM
RE: Help Maybe infected - by Veran - 04-07-2011, 10:03 AM
RE: Help Maybe infected - by Quintus - 04-08-2011, 03:56 AM
RE: Help Maybe infected - by Veran - 04-08-2011, 12:48 PM
RE: Help Maybe infected - by Quintus - 04-09-2011, 05:50 AM
RE: Help Maybe infected - by Veran - 04-09-2011, 06:54 AM
RE: Help Maybe infected - by Quintus - 04-10-2011, 10:05 AM
RE: Help Maybe infected - by Veran - 04-12-2011, 11:51 AM
RE: Help Maybe infected - by Quintus - 04-13-2011, 10:06 AM
RE: Help Maybe infected - by Mammoth - 04-13-2011, 10:37 AM
RE: Help Maybe infected - by Quintus - 04-13-2011, 10:45 AM
RE: Help Maybe infected - by Quintus - 04-18-2011, 08:19 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
  I am Infected Give some good suggestions heartylover 11 4,700 03-12-2015, 03:19 AM
Last Post: TobyCordova
  Infected - Can't Start System Restore srcstcbstrd 2 1,734 08-17-2014, 11:39 PM
Last Post: Autopost
  [Think You're Infected?! LOOK HERE] Infested Cleaner [White Hat Heper] Infested Terran 11 5,196 02-08-2012, 08:39 PM
Last Post: AceInfinity
  Help. Infected with Adware.Toolbar.Dealio Resistance 3 3,702 11-27-2011, 11:47 AM
Last Post: Resistance
  i may be infected can you analyze this otl log please helpplease 6 3,181 11-23-2011, 08:58 PM
Last Post: Brandenx781

Forum Jump:


Users browsing this thread: 25 Guest(s)