# urls redirected to Tazinga.com, Blinkx.com, etc.



## Ramjet (Apr 6, 2006)

My Windows Vista computer has a virus that redirects most browser URLs to a Tazinga.com, Blinkx.com and a variety of other sites. Not sure how to remove. When I first got it, my desktop was wiped clean of icons and the fonts and styles of windows looked different. After a couple of days, my desktop is back to normal but still getting redirected in Mozilla and Internet Explorer. Here is my Hijack this Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:50 AM, on 5/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\ConvertHelper\cvhelper.exe
C:\Program Files\ConvertHelper\ffmpeg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/small...n&client=dell-usuk&channel=us-smb&ibd=3080209
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} (Remote200 Control) - http://24.14.100.23:85/RemoteWeb.cab
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} (CViewerControl Object) - http://24.14.100.23:85/VideoViewer.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\program files\common files\protexis\license service\psiservice_2.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10099 bytes


----------



## NeonFx (Oct 22, 2008)

Hello there  Welcome to the TSG Forums. 
My name is *NeonFx*. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please refrain from doing any fixing of your own while I am assisting you with this problem. I need to keep track of what is going on as the order in which we do things can often be important.
If this is a company owned system or a work computer let me know.
Please reply to this thread. Do not start a new topic.

*Step 1*

Download *OTS* to your Desktop


Close *ALL OTHER PROGRAMS*.
Double-click on *OTS.exe* to start the program.
Check the box that says *Scan All Users*
Under Basic Scans please change the radio button under *Registry* from Safe List to *All*.
Under Additional Scans check the following:
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - NetSvcs
Reg - Shell Spawning
Reg - Uninstall List
File - Lop Check
File - Purity Scan
Evnt - EvtViewer (last 10)

Please paste the contents of the following codebox into the *Custom Scans* box at the bottom


```
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
```

Now click the *Run Scan* button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete *Notepad* will open with the report file loaded in it.
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it.
Please *attach* the log in your next post. To do so click on the blue *"Reply"* button or *"Go Advanced"* and click on the "*Manage Attachments*" button

*Step 2*








*GMER Rootkit Scanner* 
Please download *GMER* from one of the following locations and save it to your desktop:
Main Mirror
_This version will download a randomly named file (Recommended)_
Zipped Mirror
_This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop._

Disconnect from the Internet and close all running programs. Make sure you disable your security programs as well, as they may interfere with the program. 
Double-click on the *randomly named* GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
_Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe._










GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. _(do not use the computer while the scan is in progress)_
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click *NO*.
Now click the *Scan* button. If you see a rootkit warning window, click OK.
When the scan is finished, click the *Save...* button to save the scan results to your Desktop. Save the file as *gmer.log*.
Click the *Copy* button and paste the results into your next reply.
Exit GMER and re-enable your security programs when done.

If you have trouble running GMER, please try running it in Safe Mode. To get to Safe Mode you'll need to repeatedly tap the F8 key on your keyboard as you turn your computer on until a black and white menu appears with the option.

If you continue to have trouble with it, try running it without the "Files" scan checked.

Again, if the results are really long, please *attach* them using the instructions I gave you at the end of step 1. This is to avoid having to scroll down the page too much and make the space cleaner.


----------



## Ramjet (Apr 6, 2006)

Thanks NeonFx! I went through the steps as directed and attached the OTS and GMER logs. Again thank you for all the help!!


----------



## NeonFx (Oct 22, 2008)

Alright. Let's do this:

*NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


*Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. *Note*: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : *Disabling Security Programs*
Double click on ComboFix.exe & follow the prompts.

*Note:* Combofix will run without the Recovery Console installed.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

*Notes:*

1.* Do not mouse-click Combofix's window while it is running. That may cause it to stall.*
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of *ALL* CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea. 
4. *CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.*

Also, what is the make and model of your router? The infection may very well lie there and we might have to try resetting it to its defaults to check for that.


----------



## Ramjet (Apr 6, 2006)

I think you solved the problem! Internet browsing seems to work perfectly now! 
Here's the make and model of my router.


NETGEAR WGR614 54 Mbps 802.11g Wireless Router


----------



## NeonFx (Oct 22, 2008)

That's great  Let's do this now:

*STEP 1*

Run OTS


Under the *Paste Fix Here* box on the right, paste in the contents of following code box


```
[Unregister Dlls]
[Files/Folders - Modified Within 30 Days]
NY ->  18 C:\Users\Tony\AppData\Local\Temp\*.tmp files -> C:\Users\Tony\AppData\Local\Temp\*.tmp
NY ->  12 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in *C:\_OTS\MovedFiles\<date>_.log* where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally. 
If it seems to get stuck, give it some time. It's probably still working.

*STEP 2*








Please run Malwarebytes' Anti-Malware


Update it by clicking on the Update tab and then on the button. 
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*. Scan all of your harddrives.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*

*STEP 3*

Using Internet Explorer or Firefox, visit *Kaspersky Online Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions.

*2.* To *optimize scanning time* and produce a more sensible report for review: 

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click *HERE* to see how to disable the most common antivirus programs.
*3.* Click *Run* at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download. 

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

[*]Spyware, adware, dialers, and other riskware
[*]Archives
[*]E-mail databases

Click on *My Computer* under the green *Scan* bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click *View report...* at the bottom.
Click the *Save report...* button.









Change the *Files of type* dropdown box to *Text file (.txt)* and name the file *KasReport.txt* to save the file to your desktop so that you may post it in your next reply


----------



## Ramjet (Apr 6, 2006)

Here are the 3 logs. Let me know what you think. You rock!!


----------



## NeonFx (Oct 22, 2008)

That's great  How's the computer running?


----------



## Ramjet (Apr 6, 2006)

Computer is running slower than I'd like but that's probably just Vista and my memory etc. Do you have any tips on what programs should be running in the background at start up ? I've got about 69 processes going in the task mgr. If that's normal, I think we are as good as we can get it. You really helped me a ton!!!! Lot's of stress at work was compounded by the computer issues but you helped me solve it painlessly, I can't thank you enough!!


----------



## NeonFx (Oct 22, 2008)

Excellent. Let's cleanup.

You can use WinPatrol (in my speech below) to control which programs you want running automatically with your system. That'll certainly speed it up. You can typically disable everything under the "Startup Programs" tab except for what you think might be useful like your security programs and such.

*STEP 1*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

(If you use Vista or 7 just paste it into the text box that appears next to your start button)

*ComboFix /Uninstall*

Note: If you have trouble and it doesn't want to uninstall using the method described above, you can rename ComboFix.exe to Uninstall.exe and double click on it to uninstall it.

*STEP 2*

To clean up OldTimer's tools, along with a few others, do the following:


Run OTS.exe by double clicking on it
Click on the *"CleanUp"* button on the top.
You will be asked if you wish to reboot your system, select *"Yes"*

*STEP 3*

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the *Shift* key, and select *"Delete"* by clicking on it. This will delete the files without sending them to the RecycleBin.

You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (The Control Panel is different in different versions of Windows. It will be Programs and Features in Vista and Programs > Uninstall a Program in 7)

You might want to keep MalwareBytes AntiMalware though and that's fine  Make sure you update it before you run the scans in the future.

*All Clean*

Congratulations!,







, *your system is now clean*. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

*Microsoft Windows Update*
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to *(Start) > (All) Programs > Windows Update*
To update Office
Open up any Office program.
Go to *Help > Check for Updates*

*Install WinPatrol*
Download it HERE
You can find information about how WinPatrol works HERE and HERE

Note: This program will work alongside all other security programs without conflicts. It might ask you to allow certain actions that security programs perform often, but if you tell Scotty to remember the action by checking the option, the alerts will lessen.

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

*Setting up Automatic Updates*
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this. See HERE for Windows 7.

*Read further information* HERE, HERE, and HERE on how to prevent Malware infections and keep yourself clean.

Please mark this thread as Solved by clicking on the button at the top of this page. Let me know if you need anything else.


----------

