System Care Antivirus & password problems

[sweets]

I did the following steps as suggested here to get rid of Sysyem Care Antivirus :
STEP 1: Start your computer in Safe Mode with Networking
STEP 2: Run RKill to terminate System Care Antivirus malicious processes
STEP 3: Remove System Care Antivirus virus with Malwarebytes Anti-Malware Free
STEP 4: Remove System Care Antivirus rootkit with RogueKiller
STEP 5: Remove System Care Antivirus infection with HitmanPro

Using one of your above programs I "possibly" removed something essential to remaining logged into my email accounts

So even though I want to thank you for helping me to remove System Care Antivirus from the affected computer since then and only then I have had difficulty using my passwords to remain logged into my email accounts

In fact I couldnt even register for your forum with the affected computer. I had to register using another PC. I kept getting an error msg stating my passwords did not match even though I know they did.

Is it possible RK_Quarantine\LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_NewStartPanel_{20D04FE0-0.reg
currently sitting on my Desktop in quarantine is essential and should be restored?

 

[Fiery]

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
First, I would like a diagnostic of your PC.

Download OTL by Old Timer from here and save it to your Desktop.

• Double click on OTL.exe to run it.
• Click the Scan All Users checkbox.
• Check the boxes beside LOP Check and Purity Check
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

 

[sweets]

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
First, I would like a diagnostic of your PC.

Download OTL by Old Timer from here and save it to your Desktop.

• Double click on OTL.exe to run it.
• Click the Scan All Users checkbox.
• Check the boxes beside LOP Check and Purity Check
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

6/26/13 6:30 am:
I have attached the two OTL files as you requested from a floppy I made from the affected computer at 6:30 this morning Eastern Time
I hope you will be able to help me soon with this password issue thanks

 

[Fiery]

Hi,

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
MOD - [2013/06/25 05:07:33 | 000,222,208 | -H-- | M] () -- C:\WINDOWS\system32\conion05.dll
O36 - AppCertDlls: lsasdump - (C:\WINDOWS\system32\conion05.dll) - C:\WINDOWS\system32\conion05.dll ()
[2013/06/25 05:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\44ABD68830F27439000044AB91E07812
[2013/06/25 05:07:33 | 000,222,208 | -H-- | M] () -- C:\WINDOWS\System32\conion05.dll

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

 

[sweets]

Hi,

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
MOD - [2013/06/25 05:07:33 | 000,222,208 | -H-- | M] () -- C:\WINDOWS\system32\conion05.dll
O36 - AppCertDlls: lsasdump - (C:\WINDOWS\system32\conion05.dll) - C:\WINDOWS\system32\conion05.dll ()
[2013/06/25 05:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\44ABD68830F27439000044AB91E07812
[2013/06/25 05:07:33 | 000,222,208 | -H-- | M] () -- C:\WINDOWS\System32\conion05.dll

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

REPLY:

I ran OTL as suggested copying & pasting everything under the "Quote:" including "OTL:" and placed it in the box under "custom scan/fixes". However when the PC rebooted I got a msg stating the logfile could not be found. So I just ran the other scans AdCleaner and Rogue Killer. Here are their logfiles:

# AdwCleaner v2.303 - Logfile created 06/27/2013 at 06:44:32
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - TABBY
# Boot Mode : Normal
# Running from : A:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://my.netzero.net/s/search?r=minisearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://my.netzero.net/s/search?r=minisearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Par défaut)] = hxxp://my.netzero.net/s/search?r=minisearch --> Empty data

*************************

RogueKiller V8.6.1 [Jun 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 06/27/2013 07:00:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll [x] ->
[SUSP PATH][WHITELIST] explorer.exe -- C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll [x] ->

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[31] : NtConnectPort @ 0x805879EB -> HOOKED (Unknown @ 0xE1A26350)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380011A +++++
--- User ---
[MBR] d64885077066c862b6e082528b06d99f
[BSP] 4db7c11a94cddcf4000bfe8e0f802026 : Legit.B MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 4569 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 9359280 | Size: 71738 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_06272013_070030.txt >>


Do you want me to run OTL again? Im still having the same issue: Im forced to sign into my email accounts constantly despite not signing out.
Thank you.

 

[Fiery]

Yes, run the OTL script again.

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download Malwarebytes' Anti-Malware from here to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

 

[sweets]

Firstly I should tell you that I am no longer experiencing problems when I go to my Yahoo & Gmail email accounts. I am finding that I'm remaining logged onto those accounts as I had previously before I had the issue with System Care Antivirus. Thank you for that very much!
Secondly and I should've mentioned this yesterday, I'm running OTL with the scripts from a floppy not from my Desktop. I ran it again today as you requested. I believe these are the notepad files from yesterday & today with the scripts:

Yesterday 5/27/13:

All processes killed
========== OTL ==========
Releasing module C:\WINDOWS\system32\conion05.dll
C:\WINDOWS\system32\conion05.dll moved successfully.
Releasing module C:\WINDOWS\system32\conion05.dll
C:\WINDOWS\system32\conion05.dll moved successfully.
Releasing module C:\WINDOWS\system32\conion05.dll
C:\WINDOWS\system32\conion05.dll moved successfully.
Releasing module C:\WINDOWS\system32\conion05.dll
C:\WINDOWS\system32\conion05.dll moved successfully.
Releasing module C:\WINDOWS\system32\conion05.dll
C:\WINDOWS\system32\conion05.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\lsasdump deleted successfully.
C:\WINDOWS\system32\conion05.dll moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\44ABD68830F27439000044AB91E07812\ not found.
C:\WINDOWS\system32\conion05.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 376832 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 100358 bytes

User: name

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 82094976 bytes
->Temporary Internet Files folder emptied: 586297 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2867 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102005 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1167235 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06272013_062946

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll moved successfully.
File move failed. C:\Documents and Settings\Owner\Local Settings\Temp\JavaDeployReg.log scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF4F80.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF4F99.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF5485.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF5490.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF54C9.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF54D4.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\38L5M1JM\Thread-System-Care-Antivirus-password-problems[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Today 5/28/13:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\lsasdump not found.
C:\WINDOWS\system32\conion05.dll moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\44ABD68830F27439000044AB91E07812\ not found.
File C:\WINDOWS\System32\conion05.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: name

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 153448 bytes
->Temporary Internet Files folder emptied: 15951188 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 232 bytes

Total Files Cleaned = 15.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06282013_075945

There were folders created above each of these texts on the OTL floppy I used with a number matching these notepad texts containing "MovedFiles", I dont know if you want the info too.

I'm going to follow your next steps and post them on my next reply.

Again I cant thank you enough.

 

[sweets]

Yes, run the OTL script again.

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download Malwarebytes' Anti-Malware from here to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

REPLY:

My first scan with Malwarebytes Anti-Rootkit was unsuccessful. "The System Volume seems to be inaccessible or encrypted. Scan cant continue"
However I perservered, closed some windows and retried... successfully.

Results for both Malwarebytes: Anti-Rootkit and Anti-Malware

Anti-Rootkit:

I found system-log.text but not mbar-log.txt :

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.200000 GHz
Memory total: 469221376, free: 154492928

Downloaded database version: v2013.06.28.03
Initializing...
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.200000 GHz
Memory total: 469221376, free: 275648512

Downloaded database version: v2013.06.28.04
Initializing...
------------ Kernel report ------------
06/28/2013 09:31:01
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
viaide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
fasttx2k.sys
\WINDOWS\System32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
viaagp1.sys
SISAGPX.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
nv_agp.sys
Mup.sys
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\System32\DRIVERS\amdk7.sys
\SystemRoot\System32\DRIVERS\vtmini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\AGRSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\System32\Drivers\AFS2K.SYS
\SystemRoot\System32\Drivers\MxlW2k.SYS
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ALCXSENS.SYS
\SystemRoot\System32\DRIVERS\fetnd5b.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\PS2.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\??\c:\Program Files\Norton AntiVirus\SAVRT.SYS
\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
\??\C:\Program Files\Symantec\SYMEVENT.SYS
\??\c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\SYMTDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\srvkp.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\vtdisp.dll
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\SYMREDRV.SYS
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20031218.019\NavEx15.Sys
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20031218.019\NAVENG.Sys
\SystemRoot\System32\DRIVERS\asyncmac.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR6
Upper Device Object: 0xffffffff84a38390
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xffffffff84e2aea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff84d6eab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff84ed5ac0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff84bae258
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff84edc768
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff84d0f030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff84ba0468
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84f1b030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-1b\
Lower Device Object: 0xffffffff84f8fd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84f1b030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84f0eac8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84f1b030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84f8fbe0, DeviceName: \Device\00000065\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84f8fd98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-1b\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F806F806

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 9359217

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 9359280 Numsec = 146921040
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff84d0f030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84bb1218, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84d0f030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84ba0468, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff84bae258, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84a0f020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84bae258, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84edc768, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff84d6eab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84d09970, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84d6eab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84ed5ac0, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff84a38390, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84d63ab0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84a38390, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84e2aea0, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_9359280_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.200000 GHz
Memory total: 469221376, free: 246935552

=======================================




Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.28.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: TABBY [administrator]

6/28/2013 10:21:34 AM
mbam-log-2013-06-28 (10-21-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241168
Time elapsed: 8 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

It appears my system is clean. Once again thanks
I do notice I have log into malwaretips.com every time I come to this site. Not sure if thats unusual.
Any suggestions for this issue or how to keep my sytem clean are appreciated
Any further instructions?

 

[Fiery]

What browser is this happening in? It sounds like your browser is not accepting cookies which keeps you logged in onto sites.

 

[sweets]

What browser is this happening in? It sounds like your browser is not accepting cookies which keeps you logged in onto sites.

Reply:
I'm using Internet Explorer 8, my Operating System is Windows XP SP 3.
I'm using a dialup connection with Netzero. So my downloads need to be small.

I should tell you Im having no problems staying logged into my Yahoo & Gmail email accounts now.

When I go offline and come back online again I have to log back into malwaretips.com. However that does not appear to be anything wrong!
While remaining online, if I go to another site and come back to this one I remain logged on. And that happens with my other computer as well which wasnt affected by System Care Antivirus.

Is the system clean now?

What regimen should I follow to keep it that way?

Thanks for all your help!

 

[Fiery]

One more scan. Afterwards, I will make recommendations to keep your PC safe and updated.

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
• The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

 

[sweets]

Im having a great deal of difficulty trying to get the ESET online scanner to load on the popup. After agreeing to the terms and clicking Start. It takes several minutes for the popup to load to where I'm prompted to allow ActiveX Controls to download. I right click to allow the ActiveX Control download but keep getting the message, "To display the webpage again Internet Explorer needs to resend the information you've previously submitted. If you were making a purchase, you should click Cancel to avoid a duplicate transaction. Otherwise click Retry to display the webpage again." I tried clicking Retry and Cancel but I can never get the scanner to load.

 

[sweets]

REPLY:

Im having a great deal of difficulty trying to get the ESET online scanner to load on the popup. After agreeing to the terms and clicking Start. It takes several minutes for the popup to load to where I'm prompted to allow ActiveX Controls to download. I right click to allow the ActiveX Control download but keep getting the message, "To display the webpage again Internet Explorer needs to resend the information you've previously submitted. If you were making a purchase, you should click Cancel to avoid a duplicate transaction. Otherwise click Retry to display the webpage again." I tried clicking Retry and Cancel but I can never get the scanner to load.
I made sure to disable my anti virus too. Did I mention I have a dialup connection?

 

[Fiery]

Ok, we will use another tool then.

Download Kaspersky Virus Removal Tool <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">from here</a></> <em>(Download Version 11. You'll have to enter your email address and name)</em>
<ol>
<li>Double-click the file and follow the on-screen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Computer</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
</ul>
</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>

 

[sweets]

I perservered and was able to run the ESET Online Scanner. The scan found 3 threats:
Target Threat
C:\Documents and Settings\Owner\Desktop\KeyFinderIn... Win32/OpenCandy application
C:\Documents and Settings\Owner\Desktop\Magical Jell... MSIL/Solimba.Q application
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of
Win32/Adware.Toolbar.Visicom...

Here is the logfile you requested for

C:\Program Files\ESET\Eset Online Scanner\log.txt

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6846d699540d5c4ea43a8dae40daa1a3
# engine=14212
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-30 04:08:24
# local_time=2013-06-30 12:08:24 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3586 16769021 100 98 6604614 796903704 0 7258104
# scanned=74558
# found=3
# cleaned=0
# scan_time=4265
sh=468DE5D77ACB5C81065B05852C3C3FA3CB5F69E9 ft=1 fh=b49088e24536a2a6 vn="Win32/OpenCandy application" ac=I fn="C:\Documents and Settings\Owner\Desktop\KeyFinderInstaller.exe"
sh=465632AF7A9C79E6AF193D2E57A5934246E1FA28 ft=1 fh=0cbbf74409cab1c3 vn="MSIL/Solimba.Q application" ac=I fn="C:\Documents and Settings\Owner\Desktop\Magical Jelly Bean Keyfinder.exe"
sh=E67352147573FF2CC7DA9B6B2878DBB0F48EB20E ft=1 fh=f1a4c990d854564c vn="probably a variant of Win32/Adware.Toolbar.Visicom.AB application" ac=I fn="C:\Program Files\Common Files\Real\Toolbar\RealBar.dll"

What do you make of those found threats? Do they need to be removed?

 

[Fiery]

Do you recognize these files? They are on your desktop. If not, delete them.

C:\Documents and Settings\Owner\Desktop\KeyFinderInstaller.exe
C:\Documents and Settings\Owner\Desktop\Magical Jelly Bean Keyfinder.exe

The third one is fine. How is your PC?

 

[sweets]

A couple weeks ago I got locked out of my Microsoft Word files. This system came with "Microsoft Office Standard Edition 2003" which had a trial version installed that I was unaware of and the expiration date was reached. I was unable to open my Word files unless I had a license key. I googled the license key for it and came up with :

C:\Documents and Settings\Owner\Desktop\KeyFinderInstaller.exe
C:\Documents and Settings\Owner\Desktop\Magical Jelly Bean Keyfinder.exe

Somehow one of these programs above provided me with a limited use license key that allows a limited number of times to open my Word files. I have since installed Microsoft Word with another CD that i use to open and add to my Word files. I dont open "Microsoft Office Standard Edition 2003"

However I'm afraid to uninstall the trial version of "Microsoft Office Standard Edition 2003" for fear of losing all my Word files. So it just remains on my system taking up HDD space.

I keep the key finder apps on my Desktop thinking I may need them one day to get into my files. Are they dangerous to my system? Are they responsible for problems with my computer? How would I know? Should I delete them? If I had up to date ant-virus protection I guess i could right-click and scan them?

I would like to get rid of "Microsoft Office Standard Edition 2003" but am afraid too.

I have several issues with this computer one of which is expired Norton 10 A-V which doesnt update any longer. I would like to totally remove Norton and install a free small A-V program. I'm using a dialup connection.

To answer your question my computer is running ok now thanks to your help. Aside from the fact I have to sign into malwaretips.com every time I return to the forum (which I dont believe is unusual) I no longer have to log onto my gmail or yahoo email accounts constantly as was the issue when I came here for your help. Again thanks for that.

I await your suggestions...

 

[Fiery]

Uninstalling Microsoft office won't delete your word files. If you are afraid, you can back them up onto a USB or external hard drive first.

The "key finders" usually come with malware and viruses. It is a common method hackers use to trick users into downloading the file. I would recommend you to uninstall them.

If you need a license key but don't want to purchase one, you can try a free open source software called OpenOffice. It can open Microsoft word documents and save files with .doc extension.

Everytime you exit the browser, you'll have to relogin onto this site. This site doesn't have a "remember me" option.

I would recommend you to uninstall norton and install one of the free antivirus listed below.

If you are no longer experiencing any other issues, your PC is now clean!

Double click on OTL to run it

• Click on the Cleanup button at the top.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
• This will remove itself and other tools we may have used.

Also, open adwCleaner and click Uninstall

---

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

---

Keep your system updated
Please go to control panel and uninstall the following:

Adobe Reader 6.0


Currently, the following programs on your PC are outdated:

• Adobe reader - Update Adobe Reader here

Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:

• Download and install Update Checker. It will notify you if any of your programs require an update.
• Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
• Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

---

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

• avast! 8 Free Antivirus
• Avira AntiVir Personal
• Microsoft Security Essentials

Other steps that you may want to do to further protect your system/files:

• Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
• Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.

---

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

• KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
• AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
• NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
• Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

• AdBlock

---

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

• CCleaner
• Malwarebytes Anti-Malware

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
​

 

[sweets]

Uninstalling Microsoft office won't delete your word files. If you are afraid, you can back them up onto a USB or external hard drive first.

The "key finders" usually come with malware and viruses. It is a common method hackers use to trick users into downloading the file. I would recommend you to uninstall them.

If you need a license key but don't want to purchase one, you can try a free open source software called OpenOffice. It can open Microsoft word documents and save files with .doc extension.

Everytime you exit the browser, you'll have to relogin onto this site. This site doesn't have a "remember me" option.

I would recommend you to uninstall norton and install one of the free antivirus listed below.

If you are no longer experiencing any other issues, your PC is now clean!

Double click on OTL to run it

• Click on the Cleanup button at the top.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
• This will remove itself and other tools we may have used.

Also, open adwCleaner and click Uninstall

---

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

---

Keep your system updated
Please go to control panel and uninstall the following:

Adobe Reader 6.0


Currently, the following programs on your PC are outdated:

• Adobe reader - Update Adobe Reader here

Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:

• Download and install Update Checker. It will notify you if any of your programs require an update.
• Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
• Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

---

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

• avast! 8 Free Antivirus
• Avira AntiVir Personal
• Microsoft Security Essentials

Other steps that you may want to do to further protect your system/files:

• Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
• Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.

---

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

• KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
• AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
• NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
• Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

• AdBlock

---

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

• CCleaner
• Malwarebytes Anti-Malware

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
​

---

---

---

---

---

Reply:
Are you quite certain if I uninstall Microsoft Office Standard Edition 2003 that came with this system, my Word files created wont disappear?
I have dozens of files and to send them to USB or memory card individually would be quite tedious. Since I got locked out a couple of weeks ago I did install a separate Microsoft Word file program that doesnt require a license key. I use that program not the original every time I go to Word. So I have two Microsoft Word programs installed. However I'm in fear that if I remove the original Microsoft Office Standard program that came with the computer I might lose my files. Its happened before for other issues. Can I somehow make sure if I delete the original Word Edition that the newly installed Word will work by default ?

The computer is slow but i use a dialup connection with Netzero, so I dont have all the necessary updates required. Im still using Windows XP and IE 8 and everything seems to require later versions to work properly. So i just want to do what keeps me working and safe. Thank you.

The computer is back to its usual slow self which is to say after being online any length of time everything slows down. I can hear alot of clicking going on in the computer itself, this is an HP Pavilion, my previous Dell Dimension never made any noise. By slowing down I mean any email I want to open or reply to takes forever to open. Pages take forever to open or close. I cant even open more than one window at a time without it creeping along ever so slowly. There was a time several years ago when dialup connections and Windows XP zipped along nicely but not anymore. This computer was set up several months ago, so even though its from 2004 it was brand new never used and I noticed this slowness occurring right away. Possibly because Im using Windows XP or a dialup connection I dont know if anything can be done about it. After I do all that you say in your last reply, Im going to post this problem again, unless you want to address this here and now. Thank you very much for all your help.

 

[Fiery]

Are you quite certain if I uninstall Microsoft Office Standard Edition 2003 that came with this system, my Word files created wont disappear?
I have dozens of files and to send them to USB or memory card individually would be quite tedious. Since I got locked out a couple of weeks ago I did install a separate Microsoft Word file program that doesnt require a license key. I use that program not the original every time I go to Word. So I have two Microsoft Word programs installed. However I'm in fear that if I remove the original Microsoft Office Standard program that came with the computer I might lose my files. Its happened before for other issues. Can I somehow make sure if I delete the original Word Edition that the newly installed Word will work by default ?

What is the version of Microsft Word are you using currently?

Your files won't get deleted but the file associations will change. Your former Word document will become generic files until you install another program to restore the file associations.

Possibly because Im using Windows XP or a dialup connection I dont know if anything can be done about it.

Your computer has just the bare minimum configuration to run windows XP.

447.48 Mb Total Physical Memory | 184.05 Mb Available Physical Memory | 41.13% Memory free
1.03 Gb Paging File | 0.79 Gb Available in Paging File | 76.38% Paging File free

447MB of memory is no where close to being enough to have a smooth running PC. Perhaps you should consider adding more memory to your PC by buying some memory sticks.

Also you can try increasing your virtual memory to more than 1GB. Try increasing it to 3-5 GB by following the instructions here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sysdm_advancd_perform_change_vmpagefile.mspx?mfr=true