I was born 4/19/1942 so now I don't know if I should call you sir or sonny? Only the Jax location in the profile information.
Let's move on, before we uninstall combofix there are files I was sure were bad that did not get removed by CFScript? At least it removed AWF and for that I am greatful.
The files are 15 that are marked as hidden files and they all look like this:
C:\WINDOWS\TEMP\Perflib_Perfdata_100.dat <<< this is just one, they are different numbers.
What I need to do is find out what they are, being Temp files, there should be no reason why we can not delete them.
Make sure you can view all files and folders here:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Now use one or more of these free online scanners to find out what they are:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/
You do not need to scan them all, scan two or three at random, that will be enough so you will know if they are malware or not. Post that information for me to view. If the ones you scan are malware obviously, then delete them all. I can not tell when they were created, but you should be able to by right clicking and looking at properties. You may delete everything in that Temp folder. A few old files put there by Windows may not delete, but all recent files should, expecially anything put there by the malware.
uninstall list <<< I look for malware and security issues only, and I will not know them all.
Here is a small free tool that lets you know when something needs an update if you are interested:
https://psi.secunia.com/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
Adobe Reader 7.0 <<< out of date and being exploited by hackers
http://www.filehippo.com/download_adobe_reader/
J2SE Runtime Environment 5.0 Update 2 <<< please see the information in this link:
Java(TM) 6 Update 2
http://forums.spybot.info/showpost.php?p=12880&postcount=2
(posted earlier in instructions)
SpywareBlaster v3.5.1 <<< a good program, but out of date. to update you must turn off the old program.
1) Open the interface and DISABLE ALL PROTECTION
2) Close the program and uninstall it in Add Remove Programs
3) Dolwnload v4.1 here: http://www.javacoolsoftware.com/spywareblaster.html
4) Make sure you update and then enable all protection
Merlin Snipe program <<< is that this:
http://www.pctechzone.com/merlin/ad/
Here is more information about AWF:
http://www.google.com/search?hl=en&q=trojan+AWF&btnG=Google+Search
This is a file infector trojan and if you look at the code box for CFScript you will see:
C:\Program Files\PC TechZone\AuctionMagic7\bak\Snipe.exe <<< the clue it was infected
That program was infected and replaced by the trojan. Though combofix does try to fix the problem, it may be you will have to install the program again.
When the hyper-links do not work, do you get any error message I can research?
Here is some generic informaton at Google:
http://www.google.com/search?hl=en&q=hyper-links+do+not+work&btnG=Search
Jim, let's see if we can get that far this time. I would not do a lot of online activites until we are sure you are clean and I have posted information to help you harden your defense.
Thanks
Phil from Clearwater
