25 replies to this topic

[Satchfan]

Sorry for the delay Belinda.

It seems that your daughter’s computer is OK but before we tidy up, just a couple more scans.


Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below.
 

CMD: ipconfig /flushdns
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
• run FRST then click Fix just once and wait
• it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

• save it to your Desktop.
• double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Satchfan

 

 

[devonrexcatz]

Thank you!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-11-2014

Ran by Rachael at 2014-11-03 20:39:27 Run:2

Running from E:\User Data\Rachael\Downloads

Loaded Profiles: UpdatusUser & Rachael (Available profiles: UpdatusUser & Rachael & Administrator)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

CMD: ipconfig /flushdns

EmptyTemp:

*****************

 

 

=========  ipconfig /flushdns =========

 

 

 

Windows IP Configuration

 

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========= End of CMD: =========

 

EmptyTemp: => Removed 3.1 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 

Results of screen317's Security Check version 0.99.89  

 Windows XP Service Pack 3 x86   

 Internet Explorer 6 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Please wait while WMIC is being installed.d 

i 

s 

p 

l 

a 

y 

N 

a 

m 

e 

ECHO is off.

A 

V 

G 

ECHO is off.

A 

n 

t 

i 

V 

i 

r 

u 

s 

ECHO is off.

F 

r 

e 

ECHO is off.

E 

d 

i 

t 

i 

o 

n 

ECHO is off.

2 

0 

1 

4 

ECHO is off.

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 SUPERAntiSpyware     

 Adobe Flash Player 15.0.0.152  

 Adobe Reader XI  

 Google Chrome 38.0.2125.104  

 Google Chrome 38.0.2125.111  

````````Process Check: objlist.exe by Laurent````````  

 AVG avgwdsvc.exe 

 AVG avgrsx.exe 

 AVG avgnsx.exe 

 AVG avgemc.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:: 2% 

````````````````````End of Log`````````````````````` 

 

[Satchfan]

Hi Belinda

 

I am leaving to drive to Cornwall, (UK), and it will take a couple of hours so will send the clean-up instructions etc later.

 

Sorry for the delay but family birthday!!!

 

Thanks

 

Satchfan

[Satchfan]

Hi Belinda; your daughter’s computer appears to be clean.

Now that it’s free from malware, as long as the computer seems to be running well, please follow these simple steps to tidy up and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

• double click on adwcleaner.exe to run the tool
• click on Uninstall
• confirm with Yes.

===================================================

Download & run Delfix

• download Delfix from here to remove many of the tools we've used during the cleaning process.
• ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:

o    Create registry backup
o    Purge system restore

• click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete. Eset can be uninstalled through Add and Remove Programs in the Control Panel.

===================================================

Firewall

You're using the Windows Firewall which is not adequate protection. The main reason you should use a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop Outgoing signals (possibly ones that could intrude your privacy) from sending information to the Internet or to other networks. That means if malware happens to compromise your PC again, it will be able to SEND OUT your credit card data and any other personal information.

I suggest you install a more robust third party firewall that filters both incoming and outgoing traffic.

Download and install one of the following freeware firewalls from below:

Sygate Personal Firewall Free Edition:
Comodo Personal Firewall:

NOTE only install one firewall. Having more than one could cause many programs to stop working altogether. Also, the firewalls may get in each others' way and cause some security holes that would not be there with just one firewall.

When you have done that:

Disable Windows firewall:

• Click on Start, Settings and then Control Panel
• click on the Security Center icon.
• click on the Windows Firewall icon
• click Off (not recommended) and then click OK.

You should take the time to read Understanding and Using Firewalls

===================================================

Update installed programs

Your versions of Internet Explorer is out-of-date. Version 8 is the latest that is compatible with Windows XP and is faster, more private, and more secure.

Download it here.

When you have installed it, you can download the Update for Internet Explorer 8 for Windows XP

===================================================

Recommended programs

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

 

===================================================

IMPORTANT

Please be aware that Microsoft stopped supporting Windows XP/SP3 on April 8, 2014.

That means your operating system will no longer have updates and patches to prevent infections.

Any XP machine that accesses the Internet after that date can expect to become infected repeatedly and any information on is capable of being stolen.

If/when that happens there will be no real remedy. Criminals were reportedly making extra preparations for the date that XP support ended.

See this link from ESET :

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 

[devonrexcatz]

Hope you enjoyed the birthday get-together! Rach has been able to use the computer so there has been no rush to fix it but thanks for your concern. Anyway, I'll complete the latest steps and get back to you.

[devonrexcatz]

Hi Satchfan

 

I couldn't install the IE update...says incompatible with the system.  Here is the last log created.

 

 

# DelFix v10.8 - Logfile created 04/11/2014 at 13:21:31

# Updated 29/07/2014 by Xplode

# Username : Rachael - RACHAEL-PC

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\avenger.txt

Deleted : C:\Documents and Settings\Rachael\Desktop\Addition.txt

Deleted : C:\Documents and Settings\Rachael\Desktop\AdwCleaner[S0].txt

Deleted : C:\Documents and Settings\Rachael\Desktop\FRST.txt

Deleted : C:\Documents and Settings\Rachael\Desktop\JRT.txt

Deleted : C:\Documents and Settings\Rachael\Desktop\hijackthis.log

Deleted : E:\User Data\Rachael\Downloads\Addition.txt

Deleted : E:\User Data\Rachael\Downloads\esetsmartinstaller_enu.exe

Deleted : E:\User Data\Rachael\Downloads\Fixlog.txt

Deleted : E:\User Data\Rachael\Downloads\FRST (1).exe

Deleted : E:\User Data\Rachael\Downloads\FRST (2).exe

Deleted : E:\User Data\Rachael\Downloads\FRST (3).exe

Deleted : E:\User Data\Rachael\Downloads\FRST (4).exe

Deleted : E:\User Data\Rachael\Downloads\FRST (5).exe

Deleted : E:\User Data\Rachael\Downloads\FRST (6).exe

Deleted : E:\User Data\Rachael\Downloads\FRST (7).exe

Deleted : E:\User Data\Rachael\Downloads\FRST.exe

Deleted : E:\User Data\Rachael\Downloads\FRST.txt

Deleted : E:\User Data\Rachael\Downloads\JRT.exe

Deleted : E:\User Data\Rachael\Downloads\HiJackThis.exe

Deleted : E:\User Data\Rachael\Downloads\hijackthis.log

Deleted : E:\User Data\Rachael\Downloads\SecurityCheck.exe

Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

 

~ Creating registry backup ... OK

 

Thank you!

[Satchfan]

Hope you enjoyed the birthday get-together!

 

 

Thank you Belinda. The birthday is today and we're off for lunch soon then returning back home, (to Devon!), later.

 

 

I see that amongst those deleted was Avenger.txt. I hope that this was on there from previous expert help as that tool should only ever be used with the guided help of an expert; otherwise it could wreck your computer. It is a very dangerous program to run without instruction from someone who knows what they are doing.

That said, see this page to see if it helps with installing Internet Explorer 8.
 

It may be easier to ask in our Browsers, Internet and email forum where they will know more about this than I do.

 

Satchfan

[devonrexcatz]

Hi Satchfan
Yes I imagine the Avenger.txt would have been the result of a shop fix some time ago (which actually caused additional problems) so it was never used by us. I'll get onto the IE problem and report back to you regarding the results. Thanks again and obviously you have arrived home safely to Devon

[devonrexcatz]

Hi

I am going to have to move to the forum regards the IE 8 issue. Thanks for all your help with our computer problems Satchfan

All the best

Belinda

[Satchfan]

_{You're welcome.}

 

_Satchfan

[Satchfan]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.