Infected again or still or not at all?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Phlegmbot, Jan 24, 2009.

  1. Phlegmbot

    Phlegmbot Private First Class

    Hi. I was JUST through this Malware forum, given a clean bill of health by the very helpful TimW who then sent me over to software, but based on info given to me there, I'm wondering if I may still be infected.

    MBAM, HiJackThis, and others say I'm clean, and, over in Software, it was suggested I use the site ProcessLibrary.com to determine which startup processes I can remove...

    Removing some processes, and also some recent WinXP updates, SOLVED the problem...that is, until I rebooted. According to my software, I'm STILL clean. Basically, at this point, I need an answer to the following. Please, please only respond if you can help me with the following list.

    Thanks to everyone for the support!

    1. How do I permanently disable dlactrlw.exe
    2. Keeping in mind that I've done full scans w/several programs, including Kapersky, MBAM, and Avast!, how do I know if lsass.exe is the correct version or a Trojan? (Processlibrary.com has many trojan reports on this process but says it could also be a valid part of the list.)
    Same question for:
    4. svchost.exe (listed as both a NETWORK SERVICE and SYSTEM)
    5. services.exe
    6. winlogon.exe
    7. csrss.exe
     
    Phlegmbot, Jan 24, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    None of those processes you listed are malware. svchost.exe, services.exe, winlogon.exe and csrss.exe are required system files/proceseses. If you deleted them, you would no longer be able to run Windows. And dlactrlw.exe is for your Sonic software. Also not malware. Sonic's Drive Letter Access is software which enables you to drag and drop files from Windows Explorer straight onto the drive letter corresponding to your CD/DVD-Writer, or to save files directly onto CD/DVD from within Windows programs.

    In message # 4 of your malware thread Tim said
    I don't think you ever corrected this since a follow up HJT log ( which you should never be posting) showed that you did not. If you want us to know what your current real status it, then download the current new version of MGtools and run it. Then attach a new MGlogs.zip file. But if you still have multiple antivirus programs installed, the first thing I'm going to tell you is to uninstall ALL but one and then get me a new log. So save yourself some time and make sure only one antivirus program is installed before running MGtools. Also if you are still using Threatfire, you may want to uninstall it for the time being since it can be getting in the way of any cleanup/removal.
     
    Last edited: Jan 26, 2009
    chaslang, Jan 26, 2009
    #2
  3. Phlegmbot

    Phlegmbot Private First Class

    Hey, Chas!

    I know the files I listed are system files, what I'm trying to find out is how to determine if any of them are possibly trojans/viruses (b/c my computer is still running like it is infected) as some trojans hide with those names.

    Also, that multiple A-V software issues was indeed corrected -- AVG continued to appear in my registry after removal and that too has been cleaned.

    The A-V programs I have are MBAM, SAS, HiJackThis, Spyware Blaster and, the ONLY one running in real time, Avast!

    As I've stated numerous times, the slowdown began BEFORE I had any of these programs on my computer. For the last two+ years I was using Symantec, without incident, as my sole A-V program...then, one night when I ran IE w/out add-ons, everything went haywire.

    If you've thoughts for next steps, since you only wan ted teh MGTools log if I had more than one A-V program running, please let me know. Also, if you know of someway to FOR SURE determine if any of those system files are sneaky trojans, please let me know that too.
     
    Phlegmbot, Jan 26, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If they were infected our scans and a scan with Avast would be telling you.

    Please attach the new log from MGtools as requested so we can be sure that all were removed properly. Many often do not go away easily. Some of your problems may also be residual effects due to having installed 3 to 4 antivirus programs at the same time which should never ever be done because it can cause problems that cannot be corrected without a reinstall. In addition, you also have ThreatFire complicating matters. Make sure that you have uninstalled it as requested before getting the new MGtools log. ThreatFire also has been known to be problematic in uninstalling.

    These are not antivirus program. MBAM and SAS are after the fact antispyware/malware scanners with no protection unless you purchases tem. SpywareBlaster is not a scanner for anything and just provides so misc non-realtime protection from malicious active-x scripts and restricts access to potentially dangeorus websites.

    HijackThis is not a malware scanner either. It is just a tool that shows various running processes and shows a bunch of misc registry entries. It is up to an expert to decide if anything shown is a problem or not. This is the same for MGtools. It reports way way more than HJT but it is not a malware scanner. It is an information collector that we use in our manual searh for malware and other problems.

    Avast is and antivirus. You do still need a realtime anti-malware protection program. Are you forgetting that you had the below "junk" installed?

    AOL Spyware Protection

    Do you need to use AOL software to connect to the internet? Are they your ISP? If not, I would uninstall all of it ASAP. You do not need all this on your PC just to us an email account from them.

    And hopefully you have real firewall and are not counting on the Windows firewall which is not adequate.

    Just because you had "no incidents", it does not mean you were not infected or having problems. Most people coming here who have Symantec have dozens of malware problems that Symantec does not find and often when it does find some malware, it does not remove it.


    I doubt they are but you can run the below System File Checker which will automatically replace corrupted or missing system files.

    Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System Rile Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.
     
    Last edited: Jan 27, 2009
    chaslang, Jan 27, 2009
    #4
  5. Phlegmbot

    Phlegmbot Private First Class

    Hay, Chas!

    You seemed to request it solely if I had those other programs (hence my query in the previous post). Will post it later tho' for sure!

    This is definitely not the issue. The problem I'm having is the SAME EXACT issue in the SAME EXACT way at the SAME EXACT times that I've had since before Avast! found and (purportedly) deleted the virus I had. I have also done numerous registry cleanings and a defrag (not w/Windows defrag), both after removing some excess programs and files.

    Threatfire was uninstalled about 2 weeks ago -- I see what you mean about it being problematic in uninstalling. I did another run of Ccleaner the other night, perhaps that deleted it from the Registry finally.

    No, no, I know that, but I didn't know the proper name for those. I just meant, those are the programs I currently have to help battle viruses.

    What do you recommend for real-time anti-malware?

    No, but I DO indeed need the software: AOL has the best offline mail management system I've seen. (Although, admittedly, I've not checked the newest Mozilla version.) Nothing I can find beats the AOL Filing Cabinet. If you've a suggestion, I'm very open to it!

    Uhhh....yes! Yes I do! (OK, I'm lying.)

    OK, good point, but I've not had any slowdown issues or software problems until around Jan 2...and Symantec, AOL, and so on, have been on my computer for upwards of 2 years. (That is, they're not the problem...although, perhaps an AOL updated caused all this?)

    Whatever this problem is, it's recent, it's perhaps connected to the virus(es) I had, and I THINK was something I got either running IE w/out add-ons OR perhaps Firefox, as I do recall some kind of weird ActiveX thing suddenly DLing in the Add-Ons update window of Firefox. Seemed legit. I dunno tho'.

    Oh, OK. I did that a little over a week ago.

    Thx again. Will try and get that MGTools log up later tonight.
     
    Phlegmbot, Jan 27, 2009
    #5
  6. Phlegmbot

    Phlegmbot Private First Class

    Heya, Chas!

    Did you help create MG Tools? I saw your name in one of the text files. That's pretty cool!

    Is the program supposed to create a ZIP file? It didn't, so I've attached some files that I saw in another thread in this forum that you requested of someone. Let me know if you need some others.

    I did notice this is one of the logs:
    Locating new files in C:\WINDOWS\inf Some malware is saving things here.

    "C:\WINDOWS\inf\"
    branches.pnf Jan 19 2009 4676 "branches.PNF"
    infcache.1 Jan 19 2009 1592784 "INFCACHE.1"
    mymusic.pnf Jan 24 2009 7856 "mymusic.PNF"

    3 items found: 3 files, 0 directories.
    Total of file sizes: 1,605,316 bytes 1.53 M


    Thanks for the continued help!!

    PBot
     

    Attached Files:

    Phlegmbot, Jan 28, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No I didn't help..... I created all of it. ;)

    Yes it did. It is right where the procedures tell you it will be. C:\MGlogs.zip please attach it.
     
    chaslang, Jan 30, 2009
    #7
  8. Phlegmbot

    Phlegmbot Private First Class

    That's very cool that you created it.

    I looked in C: for the ZIP file before, must've just missed it (was sleepy).

    THANKS!
     

    Attached Files:

    Phlegmbot, Jan 30, 2009
    #8
  9. Phlegmbot

    Phlegmbot Private First Class

    Hey, Chas!

    I restarted earlier tonight, and I couldn't get into Windows.

    It just stopped at the Windows Welcome screen. Since Windows has been VERY slow to start-up, I let it sit there for about 10 minutes before holding down the power the button to shut it off.

    I started it back up and got in, but I'm clearly running even slower.

    Please let me know if you see anything in MGTools results. Thx!
     
    Phlegmbot, Jan 31, 2009
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There is still no malware showing in your logs. All I see is a left over service from Threatfire which can be removed with HijackThis.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

    After clicking Fix, exit HJT.

    You need to install a software firewall as stated here: How to Protect yourself from malware!


    And also I see all the below TCP connections which were open when you ran MGtools. Why did you have all of this connections open? Is your ISP = Teleglobe? Do you need to have AOL running?
    Code:
    TCP Statistics for IPv4
  Active Opens                        = 15147
  Passive Opens                       = 10233
  Failed Connection Attempts          = 19
  Reset Connections                   = 2689
  Current Connections                 = 60
  Segments Received                   = 804343
  Segments Sent                       = 746993
  Segments Retransmitted              = 153
Active Connections
  Proto  Local Address          Foreign Address        State
  TCP    Laptop:3360            localhost:3361         ESTABLISHED
  TCP    Laptop:3361            localhost:3360         ESTABLISHED
  TCP    Laptop:3364            localhost:3365         ESTABLISHED
  TCP    Laptop:3365            localhost:3364         ESTABLISHED
  TCP    Laptop:4188            localhost:12080        ESTABLISHED
  TCP    Laptop:4222            localhost:12080        ESTABLISHED
  TCP    Laptop:4225            localhost:12080        ESTABLISHED
  TCP    Laptop:4226            localhost:12080        ESTABLISHED
  TCP    Laptop:4230            localhost:12080        ESTABLISHED
  TCP    Laptop:4232            localhost:12080        ESTABLISHED
  TCP    Laptop:4265            localhost:12080        ESTABLISHED
  TCP    Laptop:4273            localhost:12080        ESTABLISHED
  TCP    Laptop:4286            localhost:12080        ESTABLISHED
  TCP    Laptop:4288            localhost:12080        ESTABLISHED
  TCP    Laptop:4290            localhost:12080        ESTABLISHED
  TCP    Laptop:4292            localhost:12080        TIME_WAIT
  TCP    Laptop:4297            localhost:12080        TIME_WAIT
  TCP    Laptop:4301            localhost:12080        ESTABLISHED
  TCP    Laptop:4309            localhost:12080        ESTABLISHED
  TCP    Laptop:4313            localhost:12080        TIME_WAIT
  TCP    Laptop:4317            localhost:12080        TIME_WAIT
  TCP    Laptop:4323            localhost:12080        TIME_WAIT
  TCP    Laptop:4340            localhost:12080        ESTABLISHED
  TCP    Laptop:4342            localhost:12080        ESTABLISHED
  TCP    Laptop:4343            localhost:12080        ESTABLISHED
  TCP    Laptop:4345            localhost:12080        ESTABLISHED
  TCP    Laptop:4346            localhost:12080        ESTABLISHED
  TCP    Laptop:4350            localhost:12080        TIME_WAIT
  TCP    Laptop:4355            localhost:11535        TIME_WAIT
  TCP    Laptop:5152            localhost:3363         CLOSE_WAIT
  TCP    Laptop:11526           localhost:4296         TIME_WAIT
  TCP    Laptop:11526           localhost:4336         TIME_WAIT
  TCP    Laptop:11526           localhost:4338         TIME_WAIT
  TCP    Laptop:11526           localhost:4354         TIME_WAIT
  TCP    Laptop:11526           localhost:4356         TIME_WAIT
  TCP    Laptop:11535           localhost:4308         TIME_WAIT
  TCP    Laptop:11535           localhost:4337         TIME_WAIT
  TCP    Laptop:11535           localhost:4339         TIME_WAIT
  TCP    Laptop:11535           localhost:4357         TIME_WAIT
  TCP    Laptop:12080           localhost:4188         ESTABLISHED
  TCP    Laptop:12080           localhost:4222         ESTABLISHED
  TCP    Laptop:12080           localhost:4225         ESTABLISHED
  TCP    Laptop:12080           localhost:4226         ESTABLISHED
  TCP    Laptop:12080           localhost:4230         ESTABLISHED
  TCP    Laptop:12080           localhost:4232         ESTABLISHED
  TCP    Laptop:12080           localhost:4265         ESTABLISHED
  TCP    Laptop:12080           localhost:4273         ESTABLISHED
  TCP    Laptop:12080           localhost:4286         ESTABLISHED
  TCP    Laptop:12080           localhost:4288         ESTABLISHED
  TCP    Laptop:12080           localhost:4290         ESTABLISHED
  TCP    Laptop:12080           localhost:4299         TIME_WAIT
  TCP    Laptop:12080           localhost:4301         ESTABLISHED
  TCP    Laptop:12080           localhost:4309         ESTABLISHED
  TCP    Laptop:12080           localhost:4311         TIME_WAIT
  TCP    Laptop:12080           localhost:4332         TIME_WAIT
  TCP    Laptop:12080           localhost:4334         TIME_WAIT
  TCP    Laptop:12080           localhost:4340         ESTABLISHED
  TCP    Laptop:12080           localhost:4342         ESTABLISHED
  TCP    Laptop:12080           localhost:4343         ESTABLISHED
  TCP    Laptop:12080           localhost:4345         ESTABLISHED
  TCP    Laptop:12080           localhost:4346         ESTABLISHED
  TCP    Laptop:12080           localhost:4352         TIME_WAIT
  TCP    Laptop:2268            ats-mcc.dial.aol.com:5190  ESTABLISHED
  TCP    Laptop:2291            205.188.12.128:5190    ESTABLISHED
  TCP    Laptop:4223            c2.7e.374a.static.theplanet.com:http  CLOSE_WAIT
  TCP    Laptop:4227            c2.7e.374a.static.theplanet.com:http  CLOSE_WAIT
  TCP    Laptop:4229            c2.7e.374a.static.theplanet.com:http  CLOSE_WAIT
  TCP    Laptop:4231            c2.7e.374a.static.theplanet.com:http  CLOSE_WAIT
  TCP    Laptop:4287            www3.match.com:http    ESTABLISHED
  TCP    Laptop:4289            www3.match.com:http    ESTABLISHED
  TCP    Laptop:4291            match.com:http         ESTABLISHED
  TCP    Laptop:4295            match.com:http         TIME_WAIT
  TCP    Laptop:4302            66.198.156.153:http    ESTABLISHED
  TCP    Laptop:4303            dyna-aus2.nslb.sj.mozilla.com:https  TIME_WAIT
  TCP    Laptop:4310            match.com:http         ESTABLISHED
  TCP    Laptop:4315            yo-in-f99.google.com:http  CLOSE_WAIT
  TCP    Laptop:4316            yo-in-f103.google.com:http  CLOSE_WAIT
  TCP    Laptop:4320            majorgeeks.com:http    TIME_WAIT
  TCP    Laptop:4331            yw-in-f127.google.com:http  CLOSE_WAIT
  TCP    Laptop:4341            match.com:http         ESTABLISHED
  TCP    Laptop:4344            66.198.156.162:http    ESTABLISHED
  TCP    Laptop:4347            66.198.156.162:http    ESTABLISHED
  TCP    Laptop:4348            66.198.156.162:http    ESTABLISHED
  TCP    Laptop:4349            66.198.156.162:http    ESTABLISHED
     
    chaslang, Feb 3, 2009
    #10
  11. Phlegmbot

    Phlegmbot Private First Class

    My ISP is Time-Warner...I don't know what any of that other stuff is. The negative to AOL is that it's ALWAYS running. Even when I'm not in there, it doesn't shut off unless you open task manager and stop it.

    With that said, AOL has never caused any major slowdown on my machine (and the way it runs now, it's far less of a system hog than it was 3 years ago) and the important question is: could having those TCP connections open be causing this major slowdown?

    Again, this slowdown is constant, it takes several minutes to get into Windows, I CAN'T get into windows if I have ANYTHING plugged into the USB ports (just discovered this last night); the mouse slows down/skips across the screen, and video and any audio plays at about half-speed and is all sort of echo-y, like "Y-y-y-you'vvvve g-o-o-o-t mmmmmma-a-a-ailllll." (That's just an example -- it's ALL video and ALL audio, whether it's Windows SFX or an MP3 or anything.)

    Thx for everything, Chas!
     
    Phlegmbot, Feb 3, 2009
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you fix the ThreatFire service with HijackThis yet? If not please do so immediately.

    What is the below startup process/service supposed to be for and do you need this???
    O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

    As far as I know this is unnecessary bloatware that should be uninstalled. Consider uninstalling it via Add/Remove Programs where you will find: getPlus(R) for Adobe


    What is on your E drive? It is almost full.
    Code:
    Drive E: 
Description Local Fixed Disk 
Compressed No 
File System NTFS 
Size 55.65 GB (59,748,401,152 bytes) 
Free Space 3.54 GB (3,799,371,776 bytes) 
Volume Name SQ003982P01 
Volume Serial Number A0C59D42 
[Disks]
    Are you absolutely sure about every item??? Some of them you definitely should recognize. Check again and be sure to scroll the box down since there are many more listed.

    Then stop loading AOL at startup and only run it when you want it. I would look into using Outlook for email. AOL is loading all of the below when you startup:
    It still should not be running when you don't need it. They even have services running. And with each version change of any software program, things can change making it cause problems that you did not have before. It happens all the time.....even with Windows itself.

    Yes potentially. It could also make surfing very slow if those connections were sending or receiving lots of packets.

    How long exactly from the time you press the power button to the time your Desktop icons FIRST appear?

    Try the below just for the heck of it.

    Click Start, Run, and enter services.msc and click OK. This will bring up the Services form. Look for ATI Hotkey Poller in the list of services. When found, double click on it. Change the Service status to Stopped by click the Stop button. Then set the Startup type: to Disabled. Then click Apply and then OK. Now reboot your PC and see if there is any change.


    Did you install a firewall yet? If not, download and install this now Jetico Personal Firewall v.1


    Then goto this link Using MGtools and download the new version of MGtools.exe from the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

    Now make 100% sure that you have absolutely NO BROWSER windows open and then do the below ( so read it first since you need to close this browser you are reading down too ).



    Run MGtools.exe then attach the below log:
    • C:\MGlogs.zip
    Now open your browser to come back here and attach the log. Make sure you tell me how things are working now!
     
    Last edited: Feb 3, 2009
    chaslang, Feb 3, 2009
    #12
  13. Phlegmbot

    Phlegmbot Private First Class

    I have no idea what that stuff is, and there is NO getPlus-Adobe (or Adobe getPlus) in my add/remove programs. There's an Adobe AIR.

    My E drive is my external drive, and it's almost full b/c I'm moving everything over there so I can wipe my C: drive. It's usually pretty steady at about half-full (I mostly store some videos I've made on there and backups of my AOL, Firefox, and MS Word stuff and that's about it)

    I see that the list has this site and Match.com (yeah, yeah) on there. So, sure, I recognize those of course. I DO have Bitlord, so maybe that explains the rest? But I've only run Bitlord once in the last 6 weeks if that means anything.

    OK.

    Yeah, I know AOL's a pain. I despise Outlook. Again, AOL's filing cabinet is superior and more convenient than any other Mail program I've seen.


    Normal is about 2 minutes...lately, the average is about 6 minutes.

    Before I do that:
    That's not the same as my Fn keys is it? I use the Fn quite a bit to change the brightness of the screen depending on what I'm working on.

    I also expand my screen to TWO screens frequently (I do that by clicking Display then the Properties Tab) -- this won't hinder that either, right?

    OK, will get this up later on.

    Thx, Chas!
     
    Phlegmbot, Feb 3, 2009
    #13
  14. Phlegmbot

    Phlegmbot Private First Class

    I realized I should wait on posting the new MGZip until I know what to do about those open packets, getPlus, and the ATI Hotkey thing.

    If these alterations don't work, I see no point in running MGTools again, and I'll just wipe my drive and start over.

    Let me know if I'm wrong w/this approach.
     
    Phlegmbot, Feb 3, 2009
    #14
  15. Phlegmbot

    Phlegmbot Private First Class

    Chas,

    Two strange things I've noticed in the last week:

    1. About a week ago I started noticing, during start-up, BEFORE getting into Windows, a b&w DOS screen comes on ever so briefly which gives me a choice of 2 things before getting into Windows. Now, it goes by too quickly to get a good look at it but i THINK the choices are:

    1. Windows Recovery Console
    2. Enter Windows Normally (or something like that)​

    The latter is automatically highlighted and it just continues along into Windows. There's also some test before the list and after it, but I've no idea what any of that says.

    2. The other thing, I just realized yesterday that a program that I'm pretty sure I removed, Final Draft, exists again.

    So I'm wondering if my slowdown is somehow related to a Recovery Console corruption from the Trojan that i DID have (but no longer have).

    Thoughts?
     
    Phlegmbot, Feb 4, 2009
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It shows in your uninstall list. See the newfiles.txt log inside your last MGlogs.zip file.

    Okay so if you are going to format your C drive exactly why am I waisting time on this?


    You don't have any malware problems so I suggest at this point you either reinstall as you state you are planning to do. Or I suggest that you post in the Software Forum.
     
    chaslang, Feb 7, 2009
    #16
  17. Phlegmbot

    Phlegmbot Private First Class

    Chas, the whole point is that I WOULDN'T have to do that, but since it seems no one is able to discern the problem, I'm not going to have much of a choice.

    No need for an attitude.
     
    Phlegmbot, Feb 7, 2009
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm just going by what you stated
    As I stated earlier you did not have any malware for us to work on so there is nothing more we can do for you. Whatever your problems are right now, they are not being caused by any malware.
     
    chaslang, Feb 8, 2009
    #18
  19. Phlegmbot

    Phlegmbot Private First Class

    Hey, Chas,

    SO, OK, I did a repair w/the WinXP disc. Last time I did this (that is, the last time I had a virus), it locked me out of Windows (hence the reason for the backup to the E drive), but it seems to have fixed the issue.

    Now I just need to remove MGTools, and some of the other things I've got here that were just to track down Malware and the like. Then I'll do another overall cleaning of the HDD, and I should be good to go.

    A few things needed to be reinstalled; IE7, WMP, & AOL so far.

    I can post this question in software if you think I should, but: Have you any other closing tips?

    And thank you for the help throughout this.

    P-Bot.
     
    Phlegmbot, Feb 8, 2009
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Any non-malware related questions should be posted in the appropriate forum.

    Just the normal ones.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    5. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    7. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    8. Go to add/remove programs and uninstall HijackThis.
    9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    10. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    11. After doing the above, you should work thru the below link:
     
    chaslang, Feb 10, 2009
    #20
  21. Phlegmbot

    Phlegmbot Private First Class

    Thank you! Will get to work on all that!!
     
    Phlegmbot, Feb 11, 2009
    #21
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Feb 12, 2009
    #22

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds