Pop ups and slow computer

[search_junkie]

I just wanted to say thank you very much for your time. It is invaluable!

[tetonbob]

Looking much better.

Of the items found by Kaspersky, many are in System Resore points, which we'll address later.

A couple are in Windows One Care Quarantine. Since I've never used it, I can't advise on how exactly to finally remove the items from quarantine, but there should be a way to access that feature from within the application.

Something like:

Click Change OneCare Settings in the Main OneCare user interface
Click on the Viruses & Spyware Tab
And then click on the Quarantine button

There should be some sort of option to finally remove items from quarantine. If you can't find it, don't worry, as items in quarantine have been rendered harmless, I'm just being tidy.

Other items are in Spybot's quarantine:

When files found by other scanners are in the Recovery directory inside the Spybot-S&D directory, it is only a backup. It is no longer of any harm there, as the file won't be loaded from there. But once you are sure you don't need the backup, go to the Recovery section inside Spybot-S&D and purge the files.

1. Open Spybot.
If you have a shortcut on your desktop, double click it.
or
Click Start, then All Programs, then Spybot - Search & Destroy and then Spybot - Search & Destroy.
2. On the left side, click "Recovery".
3. Select (place a check) beside ALL the backup files that contain quarantined items.
4. Click on the Purge Selected Items button.
5. A dialog will appear, stating that the backup will be removed. Click Yes.
6. When the Recovery window is empty, Exit Spybot.


Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

My Way Search Assistant

See here:

http://www.bleepingcomputer.com/unin...Assistant.html

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

Close HijackThis now.

---------------------------------------------------------------------------------------------

Delete this folder if it exists:

C:\Program Files\MyWaySA

Let me know how the machine is behaving, and if you had any troubles with the last steps.

[search_junkie]

before you started dialog with me, I had uninstalled spybot...please let me know if I have now caused drama.

in running hijackthis to fix the selected, the only ones I could find were the 2nd and 3rd items on your list. also, there was no mywaysa in the program files on the C drive.

I was also able to remove the quarantine items from microsoft onelive. please let me know what free antivirus/spyware software you recommend.

I will let you know how the computer runs in a sec

[tetonbob]

I see now that Spybot is not installed. No, no drama, since it's uninstalled, you can delete this entire folder where the quarantined items are held:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

As far as free AntiVirus and AntiSpyware applications, you can click the link in my signature, "PC Safety and Security--What Do I Need?" I also give final protection instructions when we're done.

You have Windows Live OneCare, which is supposed to be all that. If you intend on using a different AntiVirus application, be sure to uninstall OneCare. Having more than one AV can be detrimental to the system performance and security.

[search_junkie]

Thank you so much for all your help. I removed the spybot directory and I will address a different AV program when live one care expires.

If you don't mind answering another question, how do you feel about accepting updates or upgrades for things like dell support and IE, etc?

[tetonbob]

IE should get updated as often as they come out. Dell, well, that's up to you. I don't have a Dell, and I'm not sure what their support does for you. If it's related to keeping your system secure, it should probably be fine to accept.


Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• FIREWALL
  Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here
  
  Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.