Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FunMoods Removal - Help! [Solved]


  • This topic is locked This topic is locked

#16
DailyDose

DailyDose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
The same thing still happens in firefox. Chrome and IE are still good.

Here's the log from Combofix

ComboFix 12-08-05.02 - Fred Chang 08/05/2012 14:36:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.3216 [GMT -7:00]
Running from: c:\users\Fred Chang\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ReadOnlyInstaller.msi
c:\programdata\uninstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 21:39 . 2012-08-05 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 17:46 . 2012-08-05 17:46 -------- d-----w- C:\_OTL
2012-08-05 09:19 . 2012-08-05 09:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-04 02:07 . 2012-08-04 02:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-04 02:05 . 2012-08-04 02:05 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-08-04 02:05 . 2012-08-04 02:05 -------- d-----w- c:\program files\DivX
2012-08-04 02:05 . 2012-08-04 02:05 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-08-04 02:04 . 2012-08-04 02:05 -------- d-----w- c:\program files (x86)\DivX
2012-08-04 02:02 . 2012-08-04 02:06 -------- d-----w- c:\programdata\DivX
2012-08-04 02:01 . 2012-08-04 02:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-04 02:01 . 2012-08-04 02:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-04 02:01 . 2012-08-04 02:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-04 02:01 . 2012-08-04 02:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-04 02:01 . 2012-08-04 02:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-04 02:01 . 2012-08-04 02:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-04 02:01 . 2012-08-04 02:01 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-04 02:01 . 2012-08-04 02:01 -------- d-----w- c:\program files (x86)\QuickTime
2012-08-04 02:01 . 2012-08-04 02:01 -------- d-----w- c:\programdata\Apple Computer
2012-08-04 02:00 . 2012-08-04 02:00 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-04 02:00 . 2012-08-04 02:00 -------- d-----w- c:\programdata\Apple
2012-08-04 02:00 . 2012-08-04 02:00 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-04 01:58 . 2012-08-04 01:58 -------- d-----w- c:\program files\WinRAR
2012-08-04 01:54 . 2010-01-11 01:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-08-04 01:54 . 2010-01-11 01:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-08-03 23:49 . 2012-08-03 23:49 -------- d-----w- c:\program files\Microsoft Silverlight
2012-08-03 23:49 . 2012-08-03 23:49 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-08-03 22:38 . 2012-08-03 22:38 -------- d-----w- c:\program files (x86)\ERUNT
2012-08-03 09:46 . 2012-08-03 09:53 -------- d-----w- c:\program files\Logitech
2012-08-03 09:42 . 2012-08-03 09:53 -------- d-----w- c:\programdata\Logitech
2012-08-03 09:42 . 2012-08-03 09:42 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-08-03 09:42 . 2012-08-03 09:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-03 09:41 . 2012-08-03 09:53 -------- d-----w- c:\programdata\Logishrd
2012-08-03 09:41 . 2012-08-03 09:53 -------- d-----w- c:\program files\Common Files\Logishrd
2012-08-03 09:24 . 2012-08-03 09:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-08-03 09:24 . 2012-08-03 09:24 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-03 09:23 . 2012-08-03 09:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-08-03 09:23 . 2012-08-03 09:23 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-03 04:27 . 2012-08-03 04:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-03 04:27 . 2012-08-03 04:27 -------- d-----w- c:\programdata\Malwarebytes
2012-08-03 04:27 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 04:18 . 2012-08-03 05:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 04:18 . 2012-08-03 05:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 04:18 . 2012-08-03 04:18 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-03 04:18 . 2012-08-03 04:18 -------- d-----w- c:\windows\system32\Macromed
2012-08-03 02:48 . 2012-08-03 02:48 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-03 02:45 . 2012-08-03 02:45 -------- d-----w- c:\programdata\ATI
2012-08-03 02:45 . 2012-08-03 02:45 -------- d-----w- c:\programdata\AMD
2012-08-03 02:45 . 2012-08-03 02:45 -------- d-----w- c:\program files (x86)\AMD AVT
2012-08-03 02:45 . 2012-08-03 02:45 -------- d-----w- c:\program files (x86)\AMD APP
2012-08-03 02:44 . 2012-08-03 02:44 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-08-03 02:44 . 2012-08-03 02:44 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-08-03 02:42 . 2012-08-03 02:42 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-08-03 02:42 . 2012-08-03 02:44 -------- d-----w- c:\program files\ATI Technologies
2012-08-03 02:42 . 2012-08-03 02:42 -------- d-----w- c:\program files\ATI
2012-08-03 02:42 . 2012-08-03 02:42 -------- d-----w- C:\AMD
2012-08-03 02:36 . 2012-08-03 02:36 -------- d-----w- c:\windows\SysWow64\Wat
2012-08-03 02:36 . 2012-08-03 02:36 -------- d-----w- c:\windows\system32\Wat
2012-08-03 02:35 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-08-03 02:35 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-08-03 02:35 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-08-03 02:25 . 2012-08-03 01:34 -------- d-----w- c:\windows\Panther
2012-08-03 02:16 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-03 02:08 . 2012-07-03 10:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-08-03 02:07 . 2012-08-03 02:07 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-03 02:07 . 2012-08-03 04:16 -------- d-----w- c:\programdata\WeCareReminder
2012-08-03 02:05 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-03 02:05 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-03 02:05 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-03 02:05 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-03 02:05 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-03 02:05 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-03 02:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-03 02:03 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-03 02:03 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-03 02:03 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-08-03 02:03 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-08-03 02:03 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-08-03 02:03 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-08-03 02:01 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-08-03 02:01 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-08-03 02:01 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-08-03 02:01 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-08-03 02:01 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-08-03 02:01 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-08-03 02:01 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-08-03 01:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-08-03 01:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-08-03 01:53 . 2012-08-03 01:53 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-03 01:53 . 2012-08-03 01:53 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-03 01:53 . 2012-08-03 01:53 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-03 01:53 . 2012-08-03 01:53 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-03 01:52 . 2012-08-03 01:52 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-03 01:52 . 2012-08-05 17:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-03 01:52 . 2012-08-03 01:57 -------- d-----w- c:\programdata\AVG2012
2012-08-03 01:52 . 2012-08-03 01:52 -------- d-----w- C:\$AVG
2012-08-03 01:51 . 2012-08-03 01:51 -------- d-----w- c:\program files (x86)\AVG
2012-08-03 01:45 . 2012-08-05 17:35 -------- d-----w- c:\programdata\MFAData
2012-08-03 01:45 . 2012-08-03 01:45 -------- d--h--w- c:\programdata\Common Files
2012-08-03 01:45 . 2012-08-03 01:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-03 01:44 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-03 01:44 . 2012-07-06 05:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-03 01:44 . 2012-08-03 01:44 -------- d-----w- c:\program files (x86)\Java
2012-08-03 01:44 . 2012-08-03 01:44 -------- d-----w- c:\programdata\McAfee
2012-08-03 01:38 . 2012-08-05 17:40 -------- d-sh--w- c:\windows\Installer
2012-08-03 01:37 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-03 01:37 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-08-03 01:37 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-03 01:35 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-03 01:35 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-03 01:35 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-03 01:35 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-03 01:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-03 01:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-03 01:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-03 01:34 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-03 01:34 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-03 01:34 . 2012-08-04 05:37 -------- d-----w- c:\users\Fred Chang
2012-08-03 01:34 . 2012-08-03 01:34 -------- d-----w- C:\Recovery
2012-08-03 01:27 . 2012-08-03 01:27 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 09:32 . 2012-07-04 09:32 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-04 09:32 . 2012-07-04 09:32 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-04 09:32 . 2012-07-04 09:32 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-04 09:31 . 2012-07-04 09:31 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-04 09:31 . 2012-07-04 09:31 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-04 09:31 . 2012-07-04 09:31 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-04 09:30 . 2012-07-04 09:30 13008384 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-04 09:30 . 2012-07-04 09:30 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-04 09:30 . 2012-07-04 09:30 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-04 06:59 . 2012-07-04 06:59 11922944 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-04 06:52 . 2012-07-04 06:52 26016256 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-04 06:35 . 2012-07-04 06:35 19586048 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-04 06:27 . 2012-07-04 06:27 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-04 06:27 . 2011-04-20 09:09 918528 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-04 06:25 . 2011-04-20 09:07 1081856 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-04 06:21 . 2012-07-04 06:21 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-04 06:21 . 2012-07-04 06:21 514048 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-04 06:20 . 2012-07-04 06:20 238080 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-04 06:19 . 2012-07-04 06:19 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-07-04 06:19 . 2012-07-04 06:19 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-04 06:19 . 2012-07-04 06:19 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-07-04 06:19 . 2012-07-04 06:19 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-07-04 06:18 . 2012-07-04 06:18 6811648 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-07-04 05:57 . 2009-07-13 21:59 7510528 ----a-w- c:\windows\system32\atidxx64.dll
2012-07-04 05:36 . 2012-07-04 05:36 1053696 ----a-w- c:\windows\system32\atiumd6v.dll
2012-07-04 05:36 . 2012-07-04 05:36 69632 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll
2012-07-04 05:36 . 2012-07-04 05:36 1960960 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-07-04 05:35 . 2012-07-04 05:35 4261376 ----a-w- c:\windows\system32\atiumd6a.dll
2012-07-04 05:35 . 2009-07-13 21:59 6245888 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-04 05:28 . 2009-07-13 21:59 4749312 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-07-04 05:24 . 2012-07-04 05:24 7477760 ----a-w- c:\windows\system32\atiumd64.dll
2012-07-04 05:11 . 2012-07-04 05:11 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-07-04 05:11 . 2012-07-04 05:11 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-07-04 05:11 . 2012-07-04 05:11 535552 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-07-04 05:11 . 2012-07-04 05:11 364544 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-07-04 05:11 . 2012-07-04 05:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-07-04 05:11 . 2012-07-04 05:11 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-07-04 05:10 . 2012-07-04 05:10 359936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-04 05:10 . 2011-04-20 08:21 55296 ----a-w- c:\windows\system32\atiuxp64.dll
2012-07-04 05:09 . 2012-07-04 05:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-07-04 05:09 . 2011-04-20 08:21 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-07-04 05:09 . 2011-04-20 08:21 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-07-04 05:09 . 2012-07-04 05:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-04 05:04 . 2012-07-04 05:04 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-07-04 05:04 . 2012-07-04 05:04 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-07-04 05:04 . 2012-07-04 05:04 15827456 ----a-w- c:\windows\system32\aticaldd64.dll
2012-07-04 04:59 . 2012-07-04 04:59 13402112 ----a-w- c:\windows\SysWow64\aticaldd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Fred Chang\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-03 1147488]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Fred Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-03 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-03 31080]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-03 830048]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 05:03]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476969139-465768082-2317167955-1001Core.job
- c:\users\Fred Chang\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 01:40]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476969139-465768082-2317167955-1001UA.job
- c:\users\Fred Chang\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 01:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 166680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.fr
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Fred Chang\AppData\Roaming\Mozilla\Firefox\Profiles\1bukvxvz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 14:43:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 21:43
.
Pre-Run: 721,648,291,840 bytes free
Post-Run: 720,992,686,080 bytes free
.
- - End Of File - - 1584BA5C15268F8E855B4B0C5874FBC4
  • 0

Advertisements


#17
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

The same thing still happens in firefox

OK I propose we actually reset FireFox to default settings etc then afterwards perform a in-depth search to ensure nothing FunMoods related is still on the system.

Reset FireFox:

  • Click on Start(Windows 7 Orb) >> Run...(or via depressing the Windows key and R together) to bring up the Run box).
  • Enter the following command:
    firefox.exe -safe-mode
  • Click on OK.
  • In the open window, select Reset all preferences to default Firefox.
  • Click on Make the changes and restart.
Once FireFox restarts >> now on the extreme right next to the Home-Page button you will see a small search bar named Search >> click on the drop down menu arrow >> Manage Search Engines...

Now click once on Search(if present) to highlight >> Remove >> OK >> restart FireFox.

Scan with SystemLook:

Please download SystemLook from one of the links below and save it to your desktop.

Download Mirror #1
Download Mirror #2

  • Right-click on SystemLook.exe and select Run as Administrator.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *funmoods*
    *funmoods.com*
    
    :folderfind
    *funmoods*
    *funmoods.com*
    
    :Regfind
    funmoods
    funmoods.com
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your desktop entitled SystemLook.txt
  • 0

#18
DailyDose

DailyDose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I think setting firefox back to default settings and getting rid of the "Search" search engine did the trick because firefox no longer shows funmoods when searching through the main bar.


Here's the log from SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 02:45 on 06/08/2012 by Fred Chang
Administrator - Elevation successful

========== filefind ==========

Searching for "*funmoods*"
C:\Users\Fred Chang\AppData\Roaming\Microsoft\Windows\Recent\funmoods.lnk --a---- 2491 bytes [18:01 05/08/2012] [18:10 05/08/2012] 9617D935CBBCCF30DED4B20194B707DE
C:\Users\Fred Chang\Pictures\funmoods.jpg --a---- 361957 bytes [18:01 05/08/2012] [18:01 05/08/2012] E7F7F6EC642BF6F863AA47561843389B

Searching for "*funmoods.com*"
No files found.

========== folderfind ==========

Searching for "*funmoods*"
No folders found.

Searching for "*funmoods.com*"
No folders found.

========== Regfind ==========

Searching for "funmoods"
[HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]
"path"="C:\Users\FREDCH~1\AppData\Local\funmoods-speeddial.crx"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="C:\Users\Fred Chang\Pictures\funmoods.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]
"path"="C:\Users\FREDCH~1\AppData\Local\funmoods.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]
"path"="C:\Users\FREDCH~1\AppData\Local\funmoods-speeddial.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]
"path"="C:\Users\FREDCH~1\AppData\Local\funmoods-speeddial.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetupV2_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetupV2_RASMANCS]
[HKEY_USERS\S-1-5-21-1476969139-465768082-2317167955-1001\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]
"path"="C:\Users\FREDCH~1\AppData\Local\funmoods-speeddial.crx"
[HKEY_USERS\S-1-5-21-1476969139-465768082-2317167955-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="C:\Users\Fred Chang\Pictures\funmoods.jpg"

Searching for "funmoods.com"
No data found.

-= EOF =-
  • 0

#19
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I think setting firefox back to default settings and getting rid of the "Search" search engine did the trick because firefox no longer shows funmoods when searching through the main bar.

Good, lets proceed as follows shall we...

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:Files
C:\Users\Fred Chang\AppData\Local\funmoods-speeddial.crx

:Reg
[-HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetupV2_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetupV2_RASMANCS]
[-HKEY_USERS\S-1-5-21-1476969139-465768082-2317167955-1001\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]

:Commands
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Eset Log.

  • 0

#20
DailyDose

DailyDose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Computer seems fine and firefox no longer shows funmoods when searching through the main bar.

Here is the OTL Log from the custom script:


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\Fred Chang\AppData\Local\funmoods-speeddial.crx not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetupV2_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsSetupV2_RASMANCS\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1476969139-465768082-2317167955-1001\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fred Chang
->Temp folder emptied: 208601 bytes
->Temporary Internet Files folder emptied: 7822243 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60093730 bytes
->Google Chrome cache emptied: 90469167 bytes
->Flash cache emptied: 610 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18372 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 134252287 bytes

Total Files Cleaned = 279.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08062012_105801

Files\Folders moved on Reboot...
C:\Users\Fred Chang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Fred Chang\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...


However, there is no ESET log. Nothing showed up after the scan and it's not where you said it would be located on the C: drive

I did however copy the scan results and removed them:

C:\Users\Fred Chang\Documents\Mytouch\flashrec-1.1.3-20091107-2.apk multiple threats
C:\Users\Fred Chang\Documents\Mytouch\SuperOneClickv1.6.5-ShortFuse\psneuter Android/Exploit.Lotoor.AK trojan
C:\Users\Fred Chang\Documents\Mytouch\SuperOneClickv1.6.5-ShortFuse\rageagainstthecage Android/Exploit.RageCage.A trojan
C:\Users\Fred Chang\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application
C:\Users\Fred Chang\Music\Shwayze - Shwayze (2008)\11 Lazy Susain.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\_OTL\MovedFiles\08052012_104605\C_ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
  • 0

#21
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Computer seems fine and firefox no longer shows funmoods when searching through the main bar.

Good.

However, there is no ESET log. Nothing showed up after the scan and it's not where you said it would be located on the C: drive

Not a problem. You may have chose to uninstall after the scan and if so the log would not be present.

I did however copy the scan results and removed them

If you actually mean deleted what was flagged by the scan, fair play. However there was no need to delete the OTL related as that would have been fully removed when OTL was removed via its clean up feature...No harm done though in the great scheme of things as they say.

Now if you have deleted the scan results proceed to the below and or just inform myself...

Uninstall ComboFix:

  • Click on Start(Windows 7 Orb) >> Run...(or via depressing the Windows key and R together) to bring up the Run box).
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image
Clean up with OTL:

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-

  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

  • Next click Start(Windows 7 Orb) >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
    cleanmgr
  • in the box and press OK.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:-
System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.
Next:

Let myself know when completed the above and I in turn will provide some advice about online safety etc.
  • 0

#22
DailyDose

DailyDose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Alright, all done
  • 0

#23
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Alright, all done

OK...Congratulations your computer appears to be malware free!

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, AVG12 automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Consider installing WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Check your third party software is up-to date:

Via the visiting the Secunia Online Software Inspector periodically.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0

#24
DailyDose

DailyDose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Dakeyras, Thank you so much for your assistance.
  • 0

#25
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
You're most welcome! :)
  • 0

Advertisements


#26
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP