Am i being paranoid????

Hi. You helped me with a wareout infection a week ago and everything was fine until yesterday when my wife had warnings from avg and microsoft anti spyware. She stopped what she was doing and asked for my help and it seemed as if avg had stopped anything from reaching our computer. However I decided to run spybot SD and it was dead slow and we're being erdirected to other internet searches etc, in other words everything was just as the infection last week. Therefore i've followed all your read me and run first instructions and also I've ran fixwareout. All log files are attached so please can you help or am I being paranoid as spybot and adware and avg show no infections. Many thanks.

 

1. Download and Install CCleaner
   • Note that, when asked to run CCleaner, you should run ONLY the default scan (Windows Tab). Do Not “Scan For Issues”!
   
   
2. Download FixWareout by Lonny and save it to your Desktop.
   
   
   
3. Download & Install Ewido Security Suite
   • Be sure to uncheck Install background guard and Install scan via context menu when you Install Ewido.
   • After installing EWIDO, please update it’s definitions by Clicking the Update Button > Start.
   • Just leave it for now. You'll be running it shortly
   
   
4. Please locate your download of FixWareout and INSTALL it.
   • Be sure that Run fixit is checked.
   • Click Finish to begin the fix.
   • Follow the prompts and Reboot when asked to do so.
   • Upon Reboot, follow the prompts and HijackThis should open.
   
   
5. After HJT opens, Click Scan and then Check the boxes for the following, if they should remain:
   
   O17 - HKLM\System\CCS\Services\Tcpip\..\{12DA6479-F89B-4B48-A2D6-1543A1959EDC}: NameServer = 85.255.116.67,85.255.112.178
   O17 - HKLM\System\CCS\Services\Tcpip\..\{47EFA1C3-418E-457D-8E9E-ED0270E8D043}: NameServer = 85.255.116.67,85.255.112.178
   O17 - HKLM\System\CCS\Services\Tcpip\..\{7E829DA7-2AFF-47C3-AA2D-894735F92869}: NameServer = 85.255.116.67,85.255.112.178
   O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1EE92E-91ED-4338-91FC-8DF85B643DBD}: NameServer = 85.255.116.67,85.255.112.178
   O17 - HKLM\System\CCS\Services\Tcpip\..\{E8BB67B6-8275-4507-B464-A923EDC103BC}: NameServer = 85.255.116.67,85.255.112.178
   O17 - HKLM\System\CS2\Services\Tcpip\..\{12DA6479-F89B-4B48-A2D6-1543A1959EDC}: NameServer = 85.255.116.67,85.255.112.178
   O17 - HKLM\System\CS3\Services\Tcpip\..\{12DA6479-F89B-4B48-A2D6-1543A1959EDC}: NameServer = 85.255.116.67,85.255.112.178
   
   
   
6. Now, run CCleaner, Be sure you only run the Default Scan (Windows Tab) and select Run Cleaner. Do not run any other options from other tabs.
   
   
   
7. Please Boot to Safe Mode!
   • Open Ewido and Select Scanner. Click Settings, make sure ALL boxes are checked under How to Scan & Unwanted Software and that Scan Every File has been selected.
   • When EWIDO has been configured correctly, click OK.
   • Click Complete System Scan to begin the scan. Allow EWIDO to clean all that it finds and then save the log to where you can find it easily.
   
   
8. After ALL of the above has been completed, please REBOOT to normal Windows, scan with HijackThis and ATTACH that log. Please save and attach the logs from the EWIDO scan, and the log found at C:\fixwareout\report.txt as well.

Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

 

Hi. All instructions have been followed, and the items listed in HJT needed checking and fixing. All requested reports have been attached. Everything seems to be running ok at the moment!!!

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Finally, I would like you to Flush your System Restore Points. Please follow the instructions in this link --->Disable and Re-enable System Restore

• First, turn OFF System Restore to flush any bad Restore Points.
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above, reboot and attach a fresh HJT log and let me know how things are running.

 

Hi. Everything done as requested and all seems to be working ok. Attached is the HJT report. many thanks.

 

Your HJT log is clean, are you having any problems?

 

Hi. Everything seems to be working ok, with no obvious problems. Many thanks for your time and effort.

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!