Hello and welcome to
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the
shift key down while inserting the USB storage device for about
10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
***********************************************
I strongly recommend that you remove
Ask from your computer because it;
•Promotes its toolbars on sites targeted to kids.
•Promotes its toolbars through ads that appear to be part of other companies' sites.
•Promotes its toolbars through other companies' spyware.
•Installs without any disclosure whatsoever and without any consent whatsoever.
•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See
Here for more info.
If you choose to follow my recommendation then please go to
Start > Control Panel > Add/Remove Programs and remove the following programs if present.
•
AskBarDis or anything related to Ask
Then please find and delete this folder in bold (if present):
C:\Program Files\
AskBarDis. or anything related to Ask.
*****************************************************
Open
HijackThis and select
Do a system scan onlyPlace a check mark next to the following entries: (if there)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.exe (file missing)Important: Close all open windows except for
HijackThis and then click
Fix checked.Once completed, exit
HijackThis.*******************************************
Download
Security Check by screen317 from one of the following links and save it to your desktop.
Link 1Link 2* Unzip
SecurityCheck.zip and a folder named
Security Check should appear.
* Open the
Security Check folder and double-click
Security Check.bat* Follow the on-screen instructions inside of the black box.
* A
Notepad document should open automatically called
checkup.txt* Post the contents of that document in your next reply.
Note: If a security program requests permission from
dig.exe to access the Internet, allow it to do so.
********************************************************
Malwarebytes' Anti-Malware (MBAM)
If you already have Malwarebytes be sure to check for updates before scanning!Download
Malwarebytes Anti-Malware and save it to your desktop.
Alternate download link•Double-click
mbam-setup.exe and follow the prompts to install the program.
•Be sure a
checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware, then click
Finish.•
If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
•If an update is found, it will download and install the latest version.
•Once the program has loaded, select
Perform Quick Scan, then click
Scan.•When the scan is complete, click
OK, then
Show Results to view the results.
•Be sure that everything is
checked, and click
Remove Selected.•When completed, a log will open in
Notepad. Save it to a convenient location like the Desktop.
•The log is also automatically saved and can be viewed later by clicking the
Logs tab in
MBAM.•
Copy and Paste the contents of the report in your reply.
•Exit
MBAM..
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.