26 replies to this topic

[ken545]

OK, sometimes programs are flagged good or bad and SparkTrust was iffy, I saw those gotomypc files marked for removal, it sometimes is flagged as a virus

 

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

Click the button.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.

Double click on the icon on your desktop.

Check

Click the button.

Accept any security warnings from your browser.

Check

Make sure that the option "Remove found threats" is Unchecked

Push the Start button.

ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.

When the scan completes, push

Push , and save the file to your desktop using a unique name, such as

ESETScan. Include the contents of this report in your next reply.

Push the button.

Push

Please make sure you include the following items in your next post:

The log that was produced after running ESET Online Scanner.

[jabrooksy]

35 total threats.  Here is the log:

.

C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249693.dll    Win32/Toolbar.MyWebSearch.W potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249694.exe    Win32/Toolbar.MyWebSearch.X potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249695.dll    a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249696.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249697.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249698.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249699.exe    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249700.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249701.dll    a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249702.dll    a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249703.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249704.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249705.dll    a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249706.exe    Win32/Toolbar.MyWebSearch.W potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249707.exe    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249708.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249709.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249710.dll    a variant of Win32/Toolbar.MyWebSearch potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249711.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249712.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249713.dll    a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249714.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249715.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249716.dll    a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249717.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249718.exe    Win32/Toolbar.MyWebSearch.W potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249719.exe    a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249720.dll    a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249721.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2408\A0249723.dll    Win32/Toolbar.MyWebSearch.T potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2409\A0249846.dll    a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2409\A0249847.exe    Win32/Toolbar.MyWebSearch.W potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2409\A0249848.dll    Win32/Toolbar.MyWebSearch.AA potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2409\A0249849.dll    a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{23D5B224-2498-4ECA-B34B-CBCE834BFBA8}\RP2409\A0250127.dll    a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application    deleted - quarantined
 

[ken545]

Good, there could be more in System Restore so lets clean it all out by turning off System Restore, rebooting your system and then turning it back on again and creating a new restore point

 

 

 

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

 

Turn off System Restore.

 

•  

• Right-click My Computer.

• Click Properties.

• Click the System Restore tab.

• Check Turn off System Restore on all Drives.

• Click Apply, and then click OK.

 

 

Reboot your computer

 

Turn ON System Restore.

 

•  

• Right-click My Computer.

• ClickProperties.

• Click the System Restore tab.

• UN-Check Turn off System Restore on all Drives.

• Click Apply, and then click OK.

 

 

Create a new Restore Point <-- Very Important

 

•  

• Go to Start> All Programs> Assesories> System Tools> System Restore and create a New Restore Point

 

System Restore Tutorial <-- If you need it

 

 

 

How do you feel your system is behaving now, any better ??

[jabrooksy]

Okay created new restore point.  Concerned what I should do about last scan that had 35 errors.  Did those get fixed somehow?  Also after this last restart it took a good minute or two for firefox to open.  Is this normal after what we just went thru?  Other than that eveything seems to be 100 percent better.  Let me know if there is anything else I need to do.............JB

[ken545]

If you followed my instructions for System Restore, not just creating a new restore point but turning it off, rebooting and turning it back on will remove all those entries

 

Sometimes when you make changes to your system it takes 3 or 4 reboots to get it back to normal

[jabrooksy]

Okay.  then should be okay.  Just now firefox opened right up.  Let me check a couple of sites and see how they load real quick......yeah all seems okay now.  Thank you!  Now what would you recommend.  Should I junk Spark Trust and stick with Microsoft Security Essentials for virus and Firewall and Malware Bytes for general computer issues?  These other programs you had me download to I keep them and run them from time to time or should I be deleting them? 

[ken545]

As far as SparkTrust, Microsoft recommends just one AntiVirus program , keep it updated and run regular scans. I have not used Sparktrust myself so dont know much about it, actually your the first one that i have seen with it in a very long time, I think I would remove it

 

 

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.

Click Yes when asked are you sure you want to uninstall.

Both AdwCleaner.exe, its folder and all logs will be removed.

 

 

==========================================================

 

 

Please download DelFix and save the file to your Desktop.

 

 

Windows XP Double Click DelFix.exe to run the program. 

Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 

Checkmark " Remove Disinfection Tools"

Click the Run button

 

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually

 

 

 

==========================================================

 

 

 

How did I get infected in the first place ?    

Read these links and find out how to prevent getting infected again.

Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.

WhattheTech

Grinler BleepingComputer 

GeeksTo Go

Dslreports

 

 

Safe Surfn

Ken

[jabrooksy]

Okay Ken.  All done I guess.  SparkTrust doesn't show up in add/remove programs.  Went to C:\Program Files and tried to delete folder but it wouldn't let me.  I deleted the two shortcuts off my desktop.  Now I will work on getting my 24.95 back.  Good luck with that right LOL.  Thanks for the help..............JB

[ken545]

As far as Sparktrust, I have never been a big fan of a program that you download for free but have to buy it to remove the threats, buts thats me. If you paid for it already then just let it be but if you want to remove it you can try this app, it will search your pc for security programs, you can see if it can find SparkTrust. The review I read for them is iffy

 

 

Run AppRemover  

 

Vista , Win 7 users, right click on the icon and select "run as administrator"

 

Please download AppRemover and save it to your desktop.

Double click on AppRemover.exe to run it.

Uncheck "Enable anonymous usage statistics. No personal data will be recorded."

Click on the Next button.

Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. 

Click on the Next button.

A scan begins, please wait. Once done, click on the Next button.

Now you should have a list of your installed security programs, choose the one  you want to uninstall and click on the Next button.

Follow the last step and reboot if asked to do so.

[jabrooksy]

It doesn't show up on the scan so guess we dont have to worry about it.  Spybot, Malware Bytes and Security Essentials is all that came up.

[ken545]

Your ok then

 

Take care,

 

Ken

[ken545]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.