# A Lot of missing files in the Hijack this log.



## Chilled Chaos (Jun 14, 2009)

Was just curious as to what may cause this, and if I try and remove one, it comes back when it scans again.

Currently I have about maybe 20 or so things that say missing file next to it.
Not sure if this is contributing to my CPU and RAM being taxed when nothing is running at times, but would definitely like to know if anyone has experience with this.

It also says Ad-aware is a running process...but I dont even see it anywhere, I uninstalled it a while ago
If anyone has some free time, thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:10 PM, on 1/9/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: dlcc_device - - C:\Windows\system32\dlcccoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6638 bytes


----------



## NeonFx (Oct 22, 2008)

Hello there  Welcome to the TSG Forums. 
My name is *NeonFx*. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please refrain from doing any fixing of your own while I am assisting you with this problem. I need to keep track of what is going on as the order in which we do things can often be important.
If this is a company owned system or a work computer let me know.
Please reply to this thread. Do not start a new topic.

HijackThis doesn't work very well in 64bit machines and that's the reason it is reporting the files as "missing" even though they are there. Let's get a better look at the system with a more modern solution:

*Step 1*

Download *OTS* to your Desktop


Close *ALL OTHER PROGRAMS*.
Double-click on *OTS.exe* to start the program.
Check the box that says *Scan All Users*
Make sure* Include 64 bit scans* is selected
Under Basic Scans please change the radio button under *Registry* from Safe List to *All*.
Under Additional Scans check the following:
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - NetSvcs
Reg - Shell Spawning
Reg - Uninstall List
File - Lop Check
File - Purity Scan
Evnt - EvtViewer (last 10)

Please paste the contents of the following codebox into the *Custom Scans* box at the bottom


```
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
```

Now click the *Run Scan* button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete *Notepad* will open with the report file loaded in it.
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it.
Please *attach* the log in your next post. To do so click on the blue *"Reply"* button or *"Go Advanced"* and click on the "*Manage Attachments*" button


----------



## Chilled Chaos (Jun 14, 2009)

Here you go, thank you


----------



## NeonFx (Oct 22, 2008)

Could you have this file scanned for me?


Make sure to use Internet Explorer for this
Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"* box on the top of the page:
*C:\Windows\SysWOW64\drivers\ArcHlp.sys*​
Click on the *Upload* button
If a pop-up appears saying the file has been scanned already, please select the *ReScan* button.
Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.


----------



## Chilled Chaos (Jun 14, 2009)

VirSCAN.org Scanned Report :
Scanned time : 2010/06/02 14:48:08 (EDT)
Scanner results: Scanners did not find malware!
File Name : ArcHlp.sys
File Size : 143872 byte
File Type : PE32+ executable for MS Windows (native)
MD5 : 966e54b00f9a34cc45e2dc359a6a6876
SHA1 : ba74a6a0d4ed406771bbcf454eb826f400c50240
Online report : http://virscan.org/report/bcd533d9f29810cd16345f523d50c41b.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100602070120 2010-06-02 0.31 -
AhnLab V3 2010.06.03.01 2010.06.03 2010-06-03 1.37 -
AntiVir 8.2.2.4 7.10.7.245 2010-06-02 0.27 -
Antiy 2.0.18 20100602.4613711 2010-06-02 0.02 -
Arcavir 2009 201006021537 2010-06-02 0.03 -
Authentium 5.1.1 201006021346 2010-06-02 1.35 -
AVAST! 4.7.4 100602-1 2010-06-02 0.01 -
AVG 8.5.793 271.1.1/2913 2010-06-02 0.24 -
BitDefender 7.90123.6120772 7.31984 2010-06-03 3.86 -
ClamAV 0.96.1 11119 2010-06-02 0.03 -
Comodo 3.13.579 4980 2010-06-01 0.84 -
CP Secure 1.3.0.5 2010.06.02 2010-06-02 0.07 -
Dr.Web 5.0.2.3300 2010.06.03 2010-06-03 7.64 -
F-Prot 4.4.4.56 20100602 2010-06-02 1.27 -
F-Secure 7.02.73807 2010.06.02.02 2010-06-02 6.93 -
Fortinet 4.1.133 12.12 2010-06-02 0.14 -
GData 21.281/21.93 20100602  2010-06-02 7.60 -
ViRobot 20100601 2010.06.01 2010-06-01 0.38 -
Ikarus T3.1.01.84 2010.06.02.75982 2010-06-02 6.54 -
JiangMin 13.0.900 2010.06.02 2010-06-02 1.21 -
Kaspersky 5.5.10 2010.06.02 2010-06-02 0.08 -
KingSoft 2009.2.5.15 2010.6.2.19 2010-06-02 0.73 -
McAfee 5400.1158 6001 2010-06-02 16.05 -
Microsoft 1.5802 2010.06.02 2010-06-02 6.65 -
Norman 6.04.12 6.04.00 2010-06-01 4.01 -
Panda 9.05.01 2010.06.01 2010-06-01 2.27 -
Trend Micro 9.120-1004 7.214.12 2010-06-02 0.00 -
Quick Heal 10.00 2010.06.02 2010-06-02 1.52 -
Rising 20.0 22.50.02.04 2010-06-02 0.20 -
Sophos 3.07.1 4.54 2010-06-03 3.38 -
Sunbelt 3.9.2424.2 6394 2010-06-02 8.20 -
Symantec 1.3.0.24 20100602.002 2010-06-02 0.06 -
nProtect 20100602.01 8543406 2010-06-02 7.75 -
The Hacker 6.5.2.0 v00292 2010-06-02 0.33 -
VBA32 3.12.12.5 20100602.1100 2010-06-02 2.62 -
VirusBuster 4.5.11.10 10.126.63/1995584 2010-06-02 2.33 -


----------



## NeonFx (Oct 22, 2008)

I'm not seeing anything else. Let's clean up a bit and run a couple more scans:

*STEP 1*

Run OTS


Under the *Paste Fix Here* box on the right, paste in the contents of following code box


```
[Unregister Dlls]
[Empty Temp Folders]
[EmptyFlash]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in *C:\_OTS\MovedFiles\<date>_.log* where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally. 
If it seems to get stuck, give it some time. It's probably still working.

*STEP 2*








Please run Malwarebytes' Anti-Malware


Update it by clicking on the Update tab and then on the button. 
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*. Scan all of your harddrives.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*

*STEP 3*

Using Internet Explorer or Firefox, visit *Kaspersky Online Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions.

*2.* To *optimize scanning time* and produce a more sensible report for review: 

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click *HERE* to see how to disable the most common antivirus programs.
*3.* Click *Run* at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download. 

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

[*]Spyware, adware, dialers, and other riskware
[*]Archives
[*]E-mail databases

Click on *My Computer* under the green *Scan* bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click *View report...* at the bottom.
Click the *Save report...* button.









Change the *Files of type* dropdown box to *Text file (.txt)* and name the file *KasReport.txt* to save the file to your desktop so that you may post it in your next reply


----------



## Chilled Chaos (Jun 14, 2009)

Hey, there is nothing bad that can come out of unregistering DLL's right? 

Just want to make sure that this is not going to mess things up for the future, because I see a lot of people talking in here about registry files and not to edit or "clean them", and wasn't sure what this entails

Thanks Neon


----------



## NeonFx (Oct 22, 2008)

It doesn't unregister all dlls. It only does so for whatever dlls it tries to remove in any of the other steps, like when cleaning out the temporary files.


----------



## Chilled Chaos (Jun 14, 2009)

Ok, Have done all three...they sure took a while

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4162

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/2/2010 4:18:28 PM
mbam-log-2010-06-02 (16-18-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 294251
Time elapsed: 43 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------------------
All Processes Killed
[Empty Temp Folders]

User: All Users

User: Chilledchaos
->Temp folder emptied: 1642316 bytes
->Temporary Internet Files folder emptied: 6067157 bytes
->Java cache emptied: 28404279 bytes
->FireFox cache emptied: 91199969 bytes
->Flash cache emptied: 128260 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-CHILLEDCHAOS-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 94477 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3992994 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 2753022575 bytes

Total Files Cleaned = 2,751.00 mb

[EMPTYFLASH]

User: All Users

User: Chilledchaos
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-CHILLEDCHAOS-PC

User: Public

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.31.2 fix logfile created on 06022010_153022

Files\Folders moved on Reboot...
C:\Users\Chilledchaos\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

-------------------------------------------------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, June 2, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, June 02, 2010 15:43:27
Records in database: 4196305
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 170261
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:00:07

File name / Threat / Threats count
C:\Users\Chilledchaos\Downloads\LemonadeTycoon2Setup.exe Infected: Trojan-Dropper.Win32.Delf.fqn 1

Selected area has been scanned.


----------



## NeonFx (Oct 22, 2008)

Apart from that one file it looks like the system is completely clean. How's it running?

Please delete this file:

C:\Users\Chilledchaos\Downloads\LemonadeTycoon2Setup.exe


----------



## Chilled Chaos (Jun 14, 2009)

It seems pretty good, Some random times when the cpu will jump to like 5 or 6 percent when nothing is running and I cant figure out why.

But I guess if it is clean its clean, thank you for the help sir!


----------



## NeonFx (Oct 22, 2008)

There are other things that happen in the background like it checking for updates, system restore, clearing the pagefile, your antivirus scanning something, etc.

Let's cleanup.

*STEP 1*

To clean up OldTimer's tools, along with a few others, do the following:


Run OTS.exe by double clicking on it
Click on the *"CleanUp"* button on the top.
You will be asked if you wish to reboot your system, select *"Yes"*

*STEP 2*

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the *Shift* key, and select *"Delete"* by clicking on it. This will delete the files without sending them to the RecycleBin.

You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (The Control Panel is different in different versions of Windows. It will be Programs and Features in Vista and Programs > Uninstall a Program in 7)

You might want to keep MalwareBytes AntiMalware though and that's fine  Make sure you update it before you run the scans in the future.

*All Clean*

Congratulations!,







, *your system is now clean*. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

*Microsoft Windows Update*
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to *(Start) > (All) Programs > Windows Update*
To update Office
Open up any Office program.
Go to *Help > Check for Updates*

*Install WinPatrol*
Download it HERE
You can find information about how WinPatrol works HERE and HERE

Note: This program will work alongside all other security programs without conflicts. It might ask you to allow certain actions that security programs perform often, but if you tell Scotty to remember the action by checking the option, the alerts will lessen.

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

*Setting up Automatic Updates*
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this. See HERE for Windows 7.

*Read further information* HERE, HERE, and HERE on how to prevent Malware infections and keep yourself clean.

Please mark this thread as Solved by clicking on the button at the top of this page. Let me know if you need anything else.


----------

