Yes, long story , you can just delete it
C:\32788R22FWJFW
How are things running now ?
Yes, long story , you can just delete it
C:\32788R22FWJFW
How are things running now ?
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
So much better thanks! I don't remember when my laptop used to run as fast as it does now! And no more crazy pop-up ads! Love your work
Great
ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.
Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.
Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system
- Click START then RUN
- Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- When shown the disclaimer, Select "2"
The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Reset System Restore.
Now to remove most of the tools that we have used in fixing your machine:
- Make sure you have an Internet Connection.
- Download OTC to your desktop and run it
- A list of tool components used in the cleanup of malware will be downloaded.
- If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
- Click Yes to begin the cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
- How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.- Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
- WhattheTech
- Grinler BleepingComputer
- GeeksTo Go
- Dslreports
Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
- Spybot Search and Destroy 1.6
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.- Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
- Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
- IE-Spyad
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.- Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Safe Surfn
Ken
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
You are awesome, thanks!
I actually just ran a Spybot Search & Destroy scan and it came up with this:
Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
Fraud.Sysguard: [SBI $F3B45CE7] Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\avsoft
Fraud.Sysguard: [SBI $F3B45CE7] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\avsoft
Fraud.Sysguard: [SBI $F4F42B59] Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\avsuite
Fraud.Sysguard: [SBI $F4F42B59] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\avsuite
MediaPlex: Tracking cookie (Internet Explorer: sisi) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: sisi) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: sisi) (Cookie, fixed)
Right Media: Tracking cookie (Internet Explorer: sisi) (Cookie, fixed)
Statcounter: Tracking cookie (Internet Explorer: sisi) (Cookie, fixed)
WebTrends live: Tracking cookie (Firefox: sisi (default)) (Cookie, fixed)
Tradedoubler: Tracking cookie (Firefox: sisi (default)) (Cookie, fixed)
Tradedoubler: Tracking cookie (Firefox: sisi (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: sisi (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: sisi (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: sisi (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: sisi (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: sisi (default)) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-05-27 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi (*)
2010-05-25 Includes\AdwareC.sbi (*)
2010-01-26 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-05-25 Includes\DialerC.sbi (*)
2010-01-26 Includes\HeavyDuty.sbi (*)
2009-05-27 Includes\Hijackers.sbi (*)
2010-05-25 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-05-25 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-05-25 Includes\Malware.sbi (*)
2010-05-25 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-05-18 Includes\PUPSC.sbi (*)
2010-01-26 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-05-25 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-05-25 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-05-26 Includes\Trojans.sbi (*)
2010-05-25 Includes\TrojansC-02.sbi (*)
2010-05-25 Includes\TrojansC-03.sbi (*)
2010-05-25 Includes\TrojansC-04.sbi (*)
2010-05-25 Includes\TrojansC-05.sbi (*)
2010-05-25 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
One of the registry values couldn't be fixed or something?
Reboot and run it again. Looks like just some leftover registry entries plus some tracking cookies
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Just did another scan and all is fine thanks so much for all your help Ken, you have been amazing! All the best in your endeavours thanks:
Your very welcome,
ken
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.