03-31-2011, 07:00 PM
- Step 5
System Restore maintains a backup of your programs however it may also backup infections therefore constant flushing is required to create a clean Restore Point.
- On the Desktop, right-click My Computer > Properties > System Restore tab.
- Check Turn off System Restore.
- Click Apply > Yes.
- Please wait a few moments to let it clear.
- After doing so, remove the check from Turn off System Restore.
- Click Apply > OK.
- System Restore will be working again and will have a new Restore Point.
- On the Desktop, right-click My Computer > Properties > System Restore tab.
- Step 6
My analysis shows me that you have Ask Toolbar installed in your system.
I strongly recommend you remove the program from your system for the following reasons:
- It promotes its toolbars on sites targeted at kids.
- It promotes its toolbars through ads that appear to be part of other companies' sites.
- It promotes its toolbars through other companies' spyware.
- It is installed without any disclosure whatsoever and without any consent from the user whatsoever thereby considering it as foistware.
- It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
- It makes confusing changes to user's browsers - increasing Ask Toolbar's revenues while taking users to pages they didn't intend to visit.
You can view more of that from 'this' site. Another recommended read would be 'this' article.
Now in accordance to these facts, I will now present to you the proper way of removal.- It promotes its toolbars on sites targeted at kids.
- Click Start > Control Panel > Add or Remove Programs.
- Locate and select AskBarDis or Ask Toolbar on the list and click the Remove button.
- Follow the on-screen steps which concerns the removal.
- Now delete the following folder C:\Program Files\AskBarDis or C:\Program Files\AskToolbar and empty your Recycle Bin.
- Click Start > Control Panel > Add or Remove Programs.
- Step 7
Looking at your log, I have seen that you have the program(s) below installed. I highly suggest a removal through Add or Remove Programs or Programs and Features. I am asking you this for I have seen negative feedback from users. Should the program(s) in question be utterly clean, no such comment should be seen. Take this as a pre-cautionary measure. Better safe than sorry.
The list below shows the program(s) with poor or flawed reputation that you currently have installed in your system:
- DVDVideoSoftTB Toolbar
- Messenger Plus! Live
- MyShoppingGenie
- Registry Reviver
Please respond back if you encounter difficulties uninstalling the program(s).- DVDVideoSoftTB Toolbar
- Step 8
Please run HijackThis as Administrator. Click 'Do a system scan only' and place a check next to the following line(s) if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf&s={searchTerms}&f=4
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mnumsg.exe] C:\Program Files\MyShoppingGenie\mnumsg.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.
- Step 9
Please download the OTM File Mover from 'here'. Please click the Go (Arrow Button) or press Enter in the URL address bar to start the download.- Save it to your Desktop.
- Please double-click OTM.exe to run it.
- Copy the lines inside the Code box below to the Clipboard by highlighting all of the content and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code::Processes
explorer.exe
:Files
c:\windows\system32\roboot.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
- Save it to your Desktop.
- Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
- Click the red MoveIt! button.
- Copy everything in the Results window to the Clipboard by highlighting all of the content and by pressing CTRL + C (or, after highlighting, right-click and choose Copy).
- Paste it in your next reply.
- Close OTM.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad) and click File > Open. In the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present. Copy and paste the contents of that document back here in your next post.- Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
- In your next post, please provide the following:
- A Fresh HijackThis (HJT) Log
- Deckard's System Scanner (DDS) Logs
- DDS.txt
- Attach.txt
- DDS.txt
- A Fresh HijackThis (HJT) Log
- Format of Response
Code:[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Link To Requested Logs:[/b][/color]