Hello and welcome to
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the
shift key down while inserting the USB storage device for about
10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
***********************************************
Please do not attach the logs unless absolutely necessary. Copy and paste them in your reply.I strongly recommend that you remove
Ask from your computer because it;
•Promotes its toolbars on sites targeted to kids.
•Promotes its toolbars through ads that appear to be part of other companies' sites.
•Promotes its toolbars through other companies' spyware.
•Installs without any disclosure whatsoever and without any consent whatsoever.
•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See
Here for more info.
If you choose to follow my recommendation then please go to
Start > Control Panel > Add/Remove Programs and remove the following programs if present.
•
AskBarDis or anything related to Ask
Then please find and delete this folder in bold (if present):
C:\Program Files\
AskBarDis. or anything related to Ask.
***************************************************
Open
HijackThis and select
Do a system scan onlyPlace a check mark next to the following entries: (if there)
O2 - BHO: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll (file missing)
O4 - HKCU\..\Run: [ihzbjgg] rundll32 "C:\Users\computer 1\AppData\Roaming\vaultclie.dll",upjkmpImportant: Close all open windows except for
HijackThis and then click
Fix checked.Once completed, exit
HijackThis.*************************************************
Download
ComboFix by sUBs from one of the below links. Be sure to save it to the
Desktop.link # 1Link # 2If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting
ComboFix.Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click
this link to see a list of security programs that should be disabled and how to disable them.
Right-click
combofix.exe and select
Run as Administrator and follow the prompts.
When finished,
ComboFix will produce a log for you.
Post the
ComboFix log and a new
HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.Remember to re-enable your
anti-virus and
anti-spyware protection when
ComboFix is complete.