Welcome to MalwareRemoval.com, What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
If you cannot find Weather Bug Gadget in your list of installed programs then please do not perform the steps obtained from EHow.com but rather continue on with Steps III – VI (OTL fix through end) of my instructions.
The only issue that comes up is the occasional pop up "AVG has detected high memory usage by Firefox." Do you think this is normal and that the memory sizes I mentioned in my last post are normal? Nothing else has shown up. Again, it looks like we will be finishing up soon, so I have 2 questions:
1. Let me know when I can download the latest AVG virus updates and Windows Updates? I have not downloaded anything and I am waiting until we are done.
2. I am ready to make a monetary donation to this Malware Removal site because of how happy I am with your help, so can I do that?
Log below. Cheerio, NH
All processes killed ========== PROCESSES ========== ========== OTL ========== Prefs.js: "Search Results" removed from browser.search.defaultenginename Prefs.js: "Search Results" removed from browser.search.order.1 Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found. Registry value HKEY_USERS\S-1-5-21-3721252062-802896268-3220788300-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | 0 /E : value set successfully! ========== FILES ========== C:\Users\David2\AppData\Roaming\Mozilla\Firefox\Profiles\g2tki269.default\searchplugins\Search_Results.xml moved successfully. C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml moved successfully. C:\Program Files\WI371A~1 folder moved successfully. ========== COMMANDS ==========
NH wrote:The only issue that comes up is the occasional pop up "AVG has detected high memory usage by Firefox." Do you think this is normal and that the memory sizes I mentioned in my last post are normal?
I use Firefox as my primary browser. The memory usage that you reported seems normal for Firefox.
NH wrote:Let me know when I can download the latest AVG virus updates and Windows Updates? I have not downloaded anything and I am waiting until we are done.
You can go ahead and perform those updates after executing the steps below. While you're doing that, please also bring both Internet Explorer and Firefox up to date as well.
NH wrote:I am ready to make a monetary donation to this Malware Removal site because of how happy I am with your help, so can I do that?
Yes you can and thank you for the kind words.
------------------------------
Your computer appears to be clear of malware. Good job.
Please stay with me a bit longer because there are a few important things that we still need to do to cleanup and make sure that you don't get infected again.
Please print these instructions because you will need to close this browser window in a step below.
Create a System Restore Point
Go to Start, right-click on Computer and select Properties.
In the left pane under Tasks, click System protection.
If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
Select System Protection ...then choose Create.
In the System Restore dialog box, type a description for the restore point (e.g., All Clean) and click Create again.
A window should pop up with "The Restore Point was created successfully" message.
Click OK and close the System Restore dialog.
Note: If the message window was not displayed stating that the system restore point was created successfully then STOP - Do not continue with the steps below but rather reply to let me know what happened.
Delete old System Restore Points We can now remove any old System Restore Points that may be infected. Note: This step should not be done regularly but rather only as a Special Case after the removal of malware or changes in the Restore settings.
Click Start > All Programs > Accessories > System Tools > Disk Cleanup.
If provided with the option, select the appropriate drive letter (usually C:).
A progress window will be displayed while the program scans files. Please be patient because this can take a few minutes.
Click the Clean up system files button. Another progress window will be displayed while the program scans files.
If provided with the option, again select the appropriate drive letter (usually C:).
Click the More Options tab.
In the System Restore and Shadow Copies section click the Clean up button.
Click Delete when asked Are you sure you want to delete all but the most recent restore point?
Click the OK button in the Disk Cleanup window and then click the Delete Files button in the confirmation window.
Reboot your computer after the files have been deleted.
Cleanup with OTL
Close all windows/applications.
Right-click the OTL icon on your Desktop and select Run As Administrator.
Click the CleanUp button in the OTL window. The cleanup will begin after which a dialog will be displayed indicating that a reboot is required.
Click the OK button in the message window. The system will reboot.
Stay clean The important thing now is to actively do things that will help keep you from getting infected in the future.
Keep Antivirus and applications updated This is the MOST IMPORTANT thing that you can do to keep from becoming infected.
Keep Microsoft products up-to-date with the latest security patches. Either
Enable some level of Automatic Updates
ClickStart > Control Panel. The Control Panel window will be displayed.
Click the Windows Update entry. The Windows Update frame will be displayed.
Click the Change setting link in the left column of the window. The Choose how Windows can install updates frame will be displayed.
Select the option which best fits your needs.
Or click Start > All Programs > Windows Update on a regular basis and follow the instructions to install all important updates.
I personally use and recommend the freeSecunia Personal Software Inspector (PSI). This program will keep you aware of software that is installed on your computer that contains security vulnerabilities for which security patches exist. I have mine set to automatically scan my computer weekly.
All updates are important but pay particular attention to updates for all browsers as well as Microsoft, Java and Adobe products. These are widely-used products that Malware writers frequently target.
There are a number of free programs that you can install to improve your computer's security: Many people feel that having a "layered" protection scheme is beneficial. You will have to decide what works best for your situation. Here are a few you may want to look into.
SiteAdvisor SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website. You can find more information and download it from here
WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit here
MVPS Hosts You can learn about and download the MVPS Hosts Filehere The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. You can Find the Tutorial here
Yes, I did receive and read this email. I hope to follow your steps in the next couple of days. Again, many many thanks for fixing my computer! I will make a donation to this site because I am so happy for your help which was really a Yeoman's job!
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.