Not sure how bad i am now...I think I got rid of all the bad stuff
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.
1. Start> Run> msconfig> enter> Selective Startup Startup tab> UNCHECK all Ask- related processes> Apply> OK.
2. Control Panel> Add/Remove Programs> UNINSTALL all Ask-related entries.
3. Remove ALL of the following from the Trusted Zone:
Open Internet Explorer> Tools> Internet Options> Security tab> Trusted Sites> Sites> find each of the following processes> click to highlight> Remove
When through, reboot into Normal Mode: NOTE: you will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.
Update and scan with Malwarebytes again.
* Download SDFix HERE and save it to your Desktop.
* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Boot into Safe Mode
* Restart your computer and start pressing the F8 key on your keyboard.
* Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Rescan with HijackThis when through. Attack reports and log.
Also I got an error message trying to remove askbar from the control panel
Error loading C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll
The specified module could not be found
Never got the nag message when rebooting
You have to UNCHECK the entries on the startup menu before you can uninstall it. But I don't see any processes from Ask loading.
IF you don't change anything, you don't get the nag message,
Did you remove these from the Trusted Zone?
Remove then again, then put each on in the Restricted Zone. type in exactly like it is above: for instance, type this in *.virusremover2008.com
Run one more HijackThis scan and attach the log. If those URLs in Safe Mode have been handled, we will remove the cleaning tools
There are no Ask processes to check.
When I go in to explorer it does not show any of those as trusted sites(I did remove them all before) When I try to add them to the restricted list I get a message saying The site you specified already exists in another zone. Please romove the site from that zone before adding it to the current zone.
But like I said its does not show up on the trusted sites list.
Okay, let see if they're hiding:
Control Panel> Folder options> View tab> CHECK 'show hidden files and folders'> Apply> OK.
Now go to Trusted Sites and see if they show. We need to find them because they should not have Trusted Zone privileges. If we can't find them, I'll see if one of our code writers can assist. If you are able to remove from Trusted then put in Restricted, when through, go back and re-hide the files and folders.
That didn't work
Any more help?
Like all mortals can ,I fell ill. I have been away from the computer for over 3 weeks. Sorry no one else came to help.
Please update and run Malwarebytes again, follow with new scan with HijackThis. Attach both logs.
you need to run smith fraud fix bobbye should be able to help you with that
Sorry this post may be classed as unrelated to topic, but...
Bobbye, I really was worried (ie BD went then you?)
Sorry to hear you were ill, I hope you are either ok now, or on the mend :grinthumb
Really hoping we do see more of your excellent and highly appreciated support posts
Pretty sure you're the best here at Virus\Malware removal help
I'm sorry to hear that you were ill......I feel like an *** now.......sorry
Here they are
Well nothing bad in HJT log
Bu Malwarebytes (updated :grinthumb) was only run for 4mins - quick scan
This program runs for 10 mins And it's very good at catching undetected malware, please run this:
Lots of info on its use h e r e
Direct download h e r e
Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log
Save this log file to be attached to a new reply
I think I have this right
Can you give this a shot?
You have a lot of Spyware protecting programs installed
I'll name a few that I can see:
Could be more, but you should uninstall the lot. Except leave Avira and Malwarebytes installed only
Then run the AVG8 removal tool
Then update Avira
Then run a full scan
ok did all that
here is the log file
Start->Run-> combofix /u
Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
It seems to be clean, but do this anyway
CCleaner to remove all temp files (by the way this program has just updated, download and run install again)
CCleaner and click the Registry button (on far left in the program) "Scan for issues" Fix all, no backup necessary
Then do the "Scan for issues" again, Fix all, and keep doing this until clean
Then download Kcleaner
Default settings is good, but I actually select all items (therefore all is good)
Start that, and remove more temp stuff
Then report on findings
Everything seemed to go as you told me it would.....nothing had log files so I guess I am clean?
I inherited a toshiba satellite m305 running vista. Should I run the same steps on this too?
I haven't seen the HJT log, but if all has come up clean then that's good
Yes you could start from the start on the new computer and do the above
Obviously the specific issues will be different, but good idea to run the scans
Here is my log
All of a sudden you have Bittorent installed (this was not in your original log)
Bittorent is a filesharing program and basically allows insecurity to your system, plus it is usually used by many younger (and sometimes older) individuals, to download software and music\movies etc from other individuals. Which usually carries malware (or should I say always, or just about always)
So therefore I cannot see you ever being "clean" with this installed
Your choice of course, but there's no use me continuing on with this installed.
You also have RelevantKnowledge installed. This was installed with Kcleaner I recommended. There may have been some confusion when I said default settings - I meant when the program is initially running and you are given the options on what to tick and untick. But during the installation of Kcleaner, RelevantKnowledge was not required (it was stated as OPTIONAL install)
No issue, just uninstall it
But you will need to run Malwarebytes again (update it manually first) then do a full scan. It should remove the remaining RelevantKnowledge entries
I have since reworded my try Kcleaner to say uncheck RelevantKnowledge during install, actually I even created a Pic (It needs a little work still )
Thanks kimsland for helping. Got home from hospital yesterday, it will take a bit to get up to speed.
massguy, when you are cleaning malware from a system, you shouldn't be adding programs or updates, unless the person helping is specifically telling you to. I looked over the HijackThis logs and see new processes in each. Follow Kim's help. You have a lot of unnecessary processes running and I also agree, overkill in security programs.
I found this "Askbar Removal Tool". It is hard to find and remove all it's entries. I haven't used this removal so let us know how it works for you.
When the system is clean, we have you remove all the cleaning tools and old restore points.