Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: malware removal

Unread postby MTP » November 29th, 2010, 12:19 pm

ah-ha,i think this is what you requested,eset log...



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ae4b333567aa85479a7a281771453b04
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-27 04:17:23
# local_time=2010-11-27 10:17:23 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1527460 1527460 0 0
# compatibility_mode=1797 16775141 100 93 313946 27291023 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=91193
# found=25
# cleaned=0
# scan_time=4980
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139415.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139416.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139418.DLL Win32/Toolbar.MyWebSearch.B application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139419.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139420.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139421.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139424.DLL Win32/Toolbar.MyWebSearch.D application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139427.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139428.DLL Win32/FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139481.dll a variant of Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143743.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143744.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143745.DLL Win32/Toolbar.MyWebSearch.B application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143746.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143753.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143754.DLL Win32/Toolbar.MyWebSearch.D application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143758.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143759.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143764.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143769.DLL Win32/FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1306\A0162883.dll a variant of Win32/Toolbar.MyWebSearch.A application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1306\A0162888.dll probably a variant of Win32/Toolbar.MyWebSearch.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1306\A0162889.dll probably a variant of Win32/Toolbar.MyWebSearch.B application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1306\A0162896.dll a variant of Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\WINDOWS\pss\PowerReg Scheduler.exeStartup Win32/PowerReg application 00000000000000000000000000000000 I
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ae4b333567aa85479a7a281771453b04
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-27 06:37:13
# local_time=2010-11-27 12:37:13 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1535669 1535669 0 0
# compatibility_mode=1797 16775141 100 93 322155 27299232 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=91203
# found=25
# cleaned=0
# scan_time=5165
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139415.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139416.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139418.DLL Win32/Toolbar.MyWebSearch.B application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139419.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139420.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139421.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139424.DLL Win32/Toolbar.MyWebSearch.D application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139427.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139428.DLL Win32/FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1250\A0139481.dll a variant of Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143743.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143744.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143745.DLL Win32/Toolbar.MyWebSearch.B application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143746.DLL Win32/Adware.FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143753.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143754.DLL Win32/Toolbar.MyWebSearch.D application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143758.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143759.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143764.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1252\A0143769.DLL Win32/FunWeb application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1306\A0162883.dll a variant of Win32/Toolbar.MyWebSearch.A application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1306\A0162888.dll probably a variant of Win32/Toolbar.MyWebSearch.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1306\A0162889.dll probably a variant of Win32/Toolbar.MyWebSearch.B application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP1306\A0162896.dll a variant of Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\WINDOWS\pss\PowerReg Scheduler.exeStartup Win32/PowerReg application 00000000000000000000000000000000 I
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ae4b333567aa85479a7a281771453b04
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-28 06:06:16
# local_time=2010-11-28 12:06:16 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1625200 1625200 0 0
# compatibility_mode=1797 16775141 100 93 0 27388763 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=2832
# found=0
# cleaned=0
# scan_time=202



ill wait for your reply to see if this is it.
MTP
Regular Member
 
Posts: 26
Joined: October 30th, 2010, 2:18 pm
Advertisement
Register to Remove

Re: malware removal

Unread postby muppy03 » November 30th, 2010, 4:57 am

You have done well, and what ESET found will be cleaned,. Before we do that, how is the computer running, are you still getting the ”webpage won’t connect” message?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: malware removal

Unread postby MTP » November 30th, 2010, 11:42 am

sometimes when a page loads,it will say (done but with errors) and sometimes when i close a page it will say (program not responding) then after it finally closes it will say (send report , dont send ) and i always click (dont send). other than that, my computer seems to be running great. ,or should say real good.its nice to be able to use my computer again.i have been the only one using my computer while you been helping me clean it.when you feel comfortable,can you explain how to download and run my anti-virus on it before i open it.is that how its done? im not trying to rush you , only when you feel the time is right.there is alot i have to learn before i can get the most out of my computer.thank you so much!!!
MTP
Regular Member
 
Posts: 26
Joined: October 30th, 2010, 2:18 pm

Re: malware removal

Unread postby muppy03 » December 1st, 2010, 4:56 am

sometimes when a page loads,it will say (done but with errors) and sometimes when i close a page it will say (program not responding) then after it finally closes it will say (send report , dont send ) and i always click (dont send). other than that, my computer seems to be running great. ,or should say real good.its nice to be able to use my computer again.i have been the only one using my computer while you been helping me clean it.

I am glad it is working better for you. I think the remaining problems will be corrected if you manage to get more RAM.

when you feel comfortable,can you explain how to download and run my anti-virus on it before i open it.is that how its done? im not trying to rush you , only when you feel the time is right.there is alot i have to learn before i can get the most out of my computer.thank you so much!!!


The Antivirus is running when the computer is on. To confirm that you should see a RED icon in your taskbar with a picture of an umbrella on it. The Umbrella should be OPEN, this shows that it is working. It should update daily on its own. If for some reason it doesn’t you will get a warning saying “your computer might be at risk, click this balloon to correct”. You can then update manually. To do this , double click on the umbrella, a new window will open showing Avira’s control screen. You can click on the “Start update and it will manually update. When finished the Umbrella should be open.

Ok we still have a couple of jobs to do. :) Take your time and follow the instructions.

Please create a new Restore Point
To to this
  • Click Start -> All Programs -> Accessories -> System Tools -> System Restore
  • Choose the Create a restore point option then click on next
  • You can name your restore point something like All clean then select create
  • Once the Restore Point has been created you can hit close

Since we have created a New and Clean Restore Point, I would like you to remove all the Old Restore Points as some of these are infected and if used would re-infect your computer.

To do this
  • Click Start then click on My Computer Right Click Local Disk c:then select Properties
  • Click on Disk Cleanup a box shall open scanning you files. This could take a few minutes.
  • Once the scan is complete another window will appear. Select the More Options Tab
  • Under System Restore select clean up this will remove all System Restore points except for the most recent one. The one we created earlier.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Let me know when you have done what is above:)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: malware removal

Unread postby MTP » December 1st, 2010, 11:41 am

first of all, i thank you for your very detailed instructions, that seemed so hard but you made that so easy. you was right, i do sometimes have to start my anti-virus mannually,is this fixed now?i have complied with all you have asked of me this time.thank you so much and ill wait for your reply.
MTP
Regular Member
 
Posts: 26
Joined: October 30th, 2010, 2:18 pm

Re: malware removal

Unread postby muppy03 » December 2nd, 2010, 7:30 am

first of all, i thank you for your very detailed instructions, that seemed so hard but you made that so easy.

You are welcome.
i do sometimes have to start my anti-virus mannually,is this fixed now?

The Avira updater has been struggling as of late, but as long at you manually update when it doesn’t do it itself you should be fine.
i have complied with all you have asked of me this time.thank you so much and ill wait for your reply.

You have done very well. I am loathe to advise you regarding other products with your RAM so low, but be aware there is NO Antivirus that will protect you from all that is out there. Be wary on what you download, or what attachments you click on. (even if sent from someone you know) double check first, I always do.

Remember to update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

I think we are done for now, stay safe and if any problems you are welcome to ask, or start another thread if need be. :thumbright:
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: malware removal

Unread postby MTP » December 2nd, 2010, 10:24 am

i am so pleased.i cant thamk you enough.ill do as you say and hopefully ill be out of your hair for good,thanka again.
MTP
Regular Member
 
Posts: 26
Joined: October 30th, 2010, 2:18 pm

Re: malware removal

Unread postby muppy03 » December 3rd, 2010, 8:41 am

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 76 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware