Finding and fixing computer viruses etc (1 Viewer)

[mlbnfl]

I know there have been multiple threads of people asking for help with computer issues but when I type in computer virus or just virus etc none of these threads come up so I figured I would have to go this route. I have a computer that I believe may have some serious issues (I dont use it personally but its very slow, has the virus trying to sell you virus protection etc; clearly infected with something). I was looking for a little guidance as to seeking out what its infected with (I know theres specific programs for this where it gives you a log that you can post to see what issues youre having but I just dont remember what) and then attempting to rid the computer of these issues. Without being long winded I will leave it at that and hope that the collective minds can try to help me through the process. Thanks.

 

[Bri]

Hijack This I think is the one that allows copy and paste easily.

Combofix and AdWareCleaner from (only) BleepingComputer.com also offer a txt file for results.

Forticlient, Avira, and Panda I believe can't be copied and pasted but you can see it and type up the text

 

[VA703]

malware bytes

avg

those two alone usually fix most problems

 

[Bri]

Some of those ransomware viruses are quite evil as they are written to make it where it infects everything pretty quickly. I've struggled with the restart option of some scans and how it infects things on reboot. If it's ransomware, now I scan with everything I can and when they all say reboot then I do.

I would strongly suggest rootkit too from bleepingcomputer to get a ransomware one.

Usually the virus is triggered in the browser like some bad cookie or addon. I use aviator off a jump drive to download anything before I can get into browser setting and undo things there. If you could put all these antivirus tools on a jump drive, you're better off, than using a browser.

DNS hijack almost every time I've had one. In Network settings, change yours to 8.8.8.8. You can put it back to your ISPs after if you need to. 8.8.8.8 is google's

Good luck

 

[JaxBill]

Hijack This I think is the one that allows copy and paste easily.

Combofix and AdWareCleaner from (only) BleepingComputer.com also offer a txt file for results.

Forticlient, Avira, and Panda I believe can't be copied and pasted but you can see it and type up the text

Personally I would run Malwarebytes, then Hijackthis, then open a post over at the BleepingComputer forum

http://www.bleepingcomputer.com/forums/t/182397/am-i-infected-what-do-i-do-how-do-i-get-help-who-is-helping-me/

Combofix is a powerful tool but would wait for direction to use it.

 

[mlbnfl]

Thanks for the suggestions so far all. Going to try to run malwarebytes and then Ill run hijackthis and probably post here and the other site suggested. THanks.

 

[Jack White]

Next time you invest in a new computer, get Kaspsersky Pure.

I haven't had any virus or malware issues in the five or six years I've been running Kaspersky.

 

[Da Guru]

My wife was tricked into an Adobe upgrade..when she clicked on it loaded Blinkland or something like that. It was a redirect virus and changed her homepage and made it impossible to get out of their homepage that looked somewhat like Google. Eventually she used Norton "Rootkill" . Seems to be gone but you never know.

 

[Jayrod]

Thanks for the suggestions so far all. Going to try to run malwarebytes and then Ill run hijackthis and probably post here and the other site suggested. THanks.

Good plan. We just had an IT pro come in and clean up everyone's laptop. Out of 6, I was the only one without a virus. I will periodically run malwarebytes and hijackthis scans and it seems to get rid of almost everything.

 

[mlbnfl]

Well Ive run malwarebytes and just finished Hijackthis. Hijackthis told me to click analyze this and then post the log for knowledgeable people. I have the log and am posting that here and the other site mentioned but when I clicked analyze this it says no internet connection available (when there is) and so it does nothing. Guessing thats not great.

 

[mlbnfl]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:51 AM, on 2/24/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Webroot\Security\current\framework\WRTray.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TSleepSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [best Buy pc app] "C:\Users\Owner4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms"
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://search.genieo.com
O15 - Trusted IP range: 127.0.0.1
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11395 bytes

 

[mlbnfl]

Posted that ugly log at bleepingcomp, we shall see.

 

[3C's]

On a quick browse through that I didn't see anything too bad but could have missed something. Let the experts at bleeping help, but what I do notice is several different AV scanner types running. That would definitely kill performance. All the entries that say "file missing" can be removed. Personal preference, I'm not a fan of toolbars.

 

[Bri]

Run AdwCleaner from bleeping computer. It'll kill probably a third of that.

Reboot

then go to glarysoft.com and download glaryutilities and run "1 click maintenance"

reboot

then open glary again and go into "startup manager" and kill whatever is left that isn't reasonable on startup. Keep in mind drivers should already be installed so make those hangups go away and you want programs to run when you open them not usually at startup...same with updates. I don't see any program that is OMG I have to have the latest update, so kill each of those.

Both programs mentioned are used by millions and millions and well trusted

 

[Hastur]

I'll throw my hat in the ring with my endorsement of the three following programs(all free):

Malwarebytes

Advanced System Care

CCleaner

 

[NewlyRetired]

Another vote to use either www.bleepingcomputer.com or http://forums.whatthetech.com/

The latter has helped me fix numerous problems with computers. The people who donate their time and brains are fantastic. I thought some problems were so bad they could never be fixed but once they engage with you they never let go until it is working again.

 

[JohnnyU]

I'll throw my hat in the ring with my endorsement of the three following programs(all free):

Malwarebytes

Advanced System Care

CCleaner

These are good, but ever since I started using Norton's firewall instead of windows firewall about 7 years ago I've not had ANY viruses. I use CCleaner (Crap Cleaner) for daily cleanups to prevent adware and malware, but it's the Norton firewall that prevents most of the viruses.

 

[gmbacm]

Honestly, if you are at all comfortable with computers it is generally faster, and better results, to do a wipe and reinstall of the OS, especially if it's a system with factory restore option. Backup documents, bookmarks etc first and make sure you have installation files and keys for software you use. It might sound painful, but will get rid of virus/malware and probably improve performance too and you don't have to #### around with making sure system is clean again.

 

[Bri]

Honestly, if you are at all comfortable with computers it is generally faster, and better results, to do a wipe and reinstall of the OS, especially if it's a system with factory restore option. Backup documents, bookmarks etc first and make sure you have installation files and keys for software you use. It might sound painful, but will get rid of virus/malware and probably improve performance too and you don't have to #### around with making sure system is clean again.

If he follows the directions I gave, it'll be 20 minutes

Do you personally save registration info for when you reload the OS? I used to have a bad habit of saving it electronically then feeling dopey, now it's all in my gmail

 

[Mister CIA]

Autoruns fan.

ETA: I think it's high time we start an ***official*** PC best practice thread. I'd do it myself but I'm pretty busy mod-ing the dog pic thread these days.

 

[Maelstrom]

Honestly, if you are at all comfortable with computers it is generally faster, and better results, to do a wipe and reinstall of the OS, especially if it's a system with factory restore option. Backup documents, bookmarks etc first and make sure you have installation files and keys for software you use. It might sound painful, but will get rid of virus/malware and probably improve performance too and you don't have to #### around with making sure system is clean again.

Negative. If you are at all comfortable with computers, you should be able to clean your computer (and then maintain a clean computer going forward). It can take me days to get everything set back up the way I like it after a fresh re-install, and there are always programs 3 months down the line that I forgot to install and have to go grab, setup, etc. Maintenance will almost always prove simpler than rebuilding, except for a very few situations.

For the OP, didn't see anything outrageous in the log file posted, although there is a fair number of toolbars and extra crap running. I would disable Java in the browser, and only enable it when you absolutely know you want to use it (and then immediately disable it again). That is the source of quite a few malware exploits in browsers.

 

[Mister CIA]

Honestly, if you are at all comfortable with computers it is generally faster, and better results, to do a wipe and reinstall of the OS, especially if it's a system with factory restore option. Backup documents, bookmarks etc first and make sure you have installation files and keys for software you use. It might sound painful, but will get rid of virus/malware and probably improve performance too and you don't have to #### around with making sure system is clean again.

Negative. If you are at all comfortable with computers, you should be able to clean your computer (and then maintain a clean computer going forward). It can take me days to get everything set back up the way I like it after a fresh re-install, and there are always programs 3 months down the line that I forgot to install and have to go grab, setup, etc. Maintenance will almost always prove simpler than rebuilding, except for a very few situations.

For the OP, didn't see anything outrageous in the log file posted, although there is a fair number of toolbars and extra crap running. I would disable Java in the browser, and only enable it when you absolutely know you want to use it (and then immediately disable it again). That is the source of quite a few malware exploits in browsers.

Personally I'm a big fan of the cathartic release I get from reloading my computer from scratch, but if I was at all worried about the safety of the content of the computers in my household, absolutely nothing could be easier and cheaper that using clonezilla with an external USB drive.

 

[Maelstrom]

Honestly, if you are at all comfortable with computers it is generally faster, and better results, to do a wipe and reinstall of the OS, especially if it's a system with factory restore option. Backup documents, bookmarks etc first and make sure you have installation files and keys for software you use. It might sound painful, but will get rid of virus/malware and probably improve performance too and you don't have to #### around with making sure system is clean again.

Negative. If you are at all comfortable with computers, you should be able to clean your computer (and then maintain a clean computer going forward). It can take me days to get everything set back up the way I like it after a fresh re-install, and there are always programs 3 months down the line that I forgot to install and have to go grab, setup, etc. Maintenance will almost always prove simpler than rebuilding, except for a very few situations.

For the OP, didn't see anything outrageous in the log file posted, although there is a fair number of toolbars and extra crap running. I would disable Java in the browser, and only enable it when you absolutely know you want to use it (and then immediately disable it again). That is the source of quite a few malware exploits in browsers.

Personally I'm a big fan of the cathartic release I get from reloading my computer from scratch, but if I was at all worried about the safety of the content of the computers in my household, absolutely nothing could be easier and cheaper that using clonezilla with an external USB drive.

I'm not sure I follow the clonezilla reference - I know what it does, and I suppose for someone like me who has quite a few specific programs I need, I should run something like that right after I get everything setup but before I start "using" the PC, so I have a good base drive to go back to. But that really doesn't account for changing tastes in programs over time, upgrades to existing programs, new (and better) options being released, etc. So while it can be a useful tool I'm not sure it really is what I need. I did just recently try to use it to transfer my drive data from my laptop 128 to 512 SSD, but ended up just live-booting a linux CD and using the linux terminal to copy the drive partitions - Clonezilla couldn't handle the drive.

 

[Mister CIA]

Honestly, if you are at all comfortable with computers it is generally faster, and better results, to do a wipe and reinstall of the OS, especially if it's a system with factory restore option. Backup documents, bookmarks etc first and make sure you have installation files and keys for software you use. It might sound painful, but will get rid of virus/malware and probably improve performance too and you don't have to #### around with making sure system is clean again.

Negative. If you are at all comfortable with computers, you should be able to clean your computer (and then maintain a clean computer going forward). It can take me days to get everything set back up the way I like it after a fresh re-install, and there are always programs 3 months down the line that I forgot to install and have to go grab, setup, etc. Maintenance will almost always prove simpler than rebuilding, except for a very few situations.

For the OP, didn't see anything outrageous in the log file posted, although there is a fair number of toolbars and extra crap running. I would disable Java in the browser, and only enable it when you absolutely know you want to use it (and then immediately disable it again). That is the source of quite a few malware exploits in browsers.

Personally I'm a big fan of the cathartic release I get from reloading my computer from scratch, but if I was at all worried about the safety of the content of the computers in my household, absolutely nothing could be easier and cheaper that using clonezilla with an external USB drive.

I'm not sure I follow the clonezilla reference - I know what it does, and I suppose for someone like me who has quite a few specific programs I need, I should run something like that right after I get everything setup but before I start "using" the PC, so I have a good base drive to go back to. But that really doesn't account for changing tastes in programs over time, upgrades to existing programs, new (and better) options being released, etc. So while it can be a useful tool I'm not sure it really is what I need. I did just recently try to use it to transfer my drive data from my laptop 128 to 512 SSD, but ended up just live-booting a linux CD and using the linux terminal to copy the drive partitions - Clonezilla couldn't handle the drive.

Clonezilla is not necessarily something you do once and you're done. Clone once a month; if the train jumps the tracks, set aside 30 minutes to restore from the most recent clone - or alternatively, google your way out of a mess.

 

[IC FBGCav]

I had one of my businesses held for ransom...............no fix

 

[IC FBGCav]

http://www.pcworld.com/article/2111520/new-bitcrypt-ransomware-variant-distributed-by-bitcoin-stealing-malware.html

 

[3C's]

I had one of my businesses held for ransom...............no fix

Read a thread somewhere of a guy who was fixing these ransomware PC's for half price (covered his time and expense). I think he basically would get some info from the victim then hack into the ransomware server and steal the decrypt keys. Pretty interesting reading the back and forth as it was pissing the criminals off.

 

[Tanner9919]

I agree with other recommendations, use bleepingcomputer.com.

those notes that the FBI is going to come down on you unless you pay $$$ are typically easy to solve if you follow their recommendations on bleepingcomputer.com.

long term answer, instead of re-installing Windows, just get a Linux OS.most are free to download..problem solved.

then, use Apache Open Office instead of MS Office, it's 100% compatible.and it's free.

or Solaris x86-64- it's free. it will also run OpenOffice.

or Mac OS X.

most malware is written for Windows. I've never once had a person tell me there linux/unix/solaris/Mac machine has a virus.

you can do so much more with Linux that you can with windows.