Axephilic

Happy Birthday to all 3 of you!

Note: Never install more than 1 anti-virus or firewall. Anti-Virus(pick one): AntiVir Anti-Virus Personal (free)Avast! Anti-Virus Free Firewalls(pick one): Webroot Desktop Firewall (Now Free!)Comodo Firewall Free ZoneAlarm Free Edition Here's a few tips: Keep your system updated Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly. Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed. To update Windows and office Go to Start > All Programs > Microsoft Update Alternatively, you can visit the link below to update Windows and Office products. Microsoft Update I also recommend, if it's not already on, to enable Automatic updates. It will notify you whenever there are new updates available. Here's how: Go to Start > Control Panel > Automatic UpdatesSelect Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates. Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too. Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week. Surf safely Many of the exploits are directed to users of Internet Explorer and Firefox. Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it. If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer. For Internet Explorer 6 Open Internet Explorer. Click on Tools > Options. Click on the Security tab. Click on the Internet icon. Click on the Custom Level button. Under Download signed ActiveX controls, select Prompt. Under Download unsigned ActiveX controls, select Disable. Under Initialize and script ActiveX controls not marked as safe, select Disable. Under Installation of desktop items, select Prompt. Under Launching programs and files in an IFRAME, select Prompt. Under Navigate sub-frames across different domains, select Prompt. Under Allow paste operations via script, select Disable. Click OK to apply these settings. If it prompts you as to whether or not you want to save the settings, press the Yes button. Press OK to exit the Internet Properties page. For a pictorial guide, please refer to this article. For Internet Explorer 7 Please read this article to configure Internet Explorer 7 properly. Backup regularly You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups. Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer. Avoid P2P P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one. Prevent a re-infection Winpatrol Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here. You can get a free copy of Winpatrol or use the Plus version for more features. You can read Winpatrol's FAQ if you run into problems. Hosts File A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website. Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1. Here are some Hosts files: MVPS Hosts File Bluetack's Hosts File Bluetack's Host Manager hpHosts A tutorial about Hosts File can be found at Malware Removal. Spybot Search and Destroy Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week. Spybot Search & Destroy can be downloaded from here. If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer. Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it. SiteHound Toolbar SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only. Regards, Adam

Hello, THREE DAY BUMP! It has been three days since my last post. Do you still need help with this? Do you need more time? Are you having problems following my instructions? If after 48 hours you have not replied to this thread, then it will have to be closed! Regards, Adam

It doesn't seem to be removing. This will be very tough to remove. You have a VERY serious infection known as a rootkit. Rootkits are specialist programs designed to patch the Windows kernel with the intention of hiding themselves from Windows. What does this mean? Rootkits hide files. And really good rootkits hide really bad files. We do have tools to detect rootkits, but the problem with these is that they still require Windows to operate, and an exceptionally advanced rootkit might therefor have patched the Windows kernel in such a way that even our specialist tools are fooled - because in the end, they're nothing more than kernel-privileged (= highest permissions possible) applications. Don't worry - most rootkits don't exhibit this type of behaviour. They only patch the userland mode - which means that normal programs such as Windows Explorer will not detect them, but higher privileged kernel programs will. However, we have also identified a small number of kernel rootkits. They completely patch the kernel, which is, in fact, the very essence of Windows. So they can potentially fool every scanner we have because of there high privileges. Because of these functions, you should consider reformatting and reinstalling the operating system. The thing is, Windows is now lying to you. And we can never be sure how deep this goes. Not all rootkits can be detected. Every rootkit can and will impair your computer's normal behaviour and stability, one way or another. We can somehow detect rootkits, but as all rootkit detectors need Windows to operate, we can't be sure they're not being lied to as well. In any case involving rootkits, I cannot guarantee anything. The best course of action would be reformatting and reinstalling the operating system. Let me know how you wish to proceed.

Please post the MBAM logs from before too. Then do a new Full scan and post that log. Regards, Adam

Fix HijackThis lines Run HijackThis! Click on Do a System Scan only Place a tick next to the following lines: O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: (no name) - {8567edfa-408c-43e9-b929-4c25c04f5003} - (no file) O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) Close all open windows and click on Fix checked and when you get a popup window click on Yes. Update your Adobe Reader Your version of Adobe Reader is old and may contain security leaks. Please first uninstall the older version, then download and install the newest version from here. In your next reply, please include: How is it running now? A new HijackThis log Regards, Adam

Fix HijackThis lines Run HijackThis! Click on Do a System Scan only Place a tick next to the following lines: O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: (no name) - {8567edfa-408c-43e9-b929-4c25c04f5003} - (no file) Close all open windows and click on Fix checked and when you get a popup window click on Yes. Run ComboFix 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the codebox below into it: Folder::c:\documents and settings\Brandon\Application Data\FrostWirec:\program files\FrostWireRegistry::HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\Program Files\\FrostWire\\FrostWire.exe"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"20448:TCP"=-"20448:UDP"=-Driver::drvdrvSave this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Kaspersky Online Scanner Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. In your next reply, please include: ComboFix log Kaspersky report A new HijackThis log Regards, Adam

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc. This allows hackers to remotely control your computer, steal critical system information and Download and Execute files I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards. Should you have any questions, please feel free to ask. If you do want to attempt to clean it, the please do this: Download and Run ComboFix Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix Save it to your desktop. Double click on ComboFix.exe & follow the prompts. As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes to continue scanning for malware. When finished, a log will be produced. Please post this log in your next reply. Do not mouse click on Combofix while it is running. That may cause it to stall. In your next reply, please include: ComboFix log A new HijackThis log Regards, Adam

Welcome to the MalwareBytes forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start: If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks! Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem. Try this: RSIT Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) If that doesn't work then please try to download HJT, rename the installer, install it, rename the HijackThis.exe to something like hjttt.exe and then try to run the scan. Regards, Adam

Hi there Rich, I recommend you follow these instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573 It kind of sounds like you have a goored infection, but the symptoms are a bit different; so it could just be something to do with google or firefox or it could be malware. It's better to find out and be on the safe side. Regards, Adam

Welcome to the MalwareBytes forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start: If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks! Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem. Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc. This allows hackers to remotely control your computer, steal critical system information and Download and Execute files I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards. Should you have any questions, please feel free to ask. Please let us know what you have decided to do in your next post. Regards, Adam

Your welcome. The best tips that I could possibly give you are in this article.

I dislike any P2P programs (including BitComet, Limwire, BitTorrent, etc.). You never know if you are downloading from an infected machine and that is why so many people get infected from P2P. I highly recommend that you stay away from Limewire and all P2P programs. Regards, Adam

All of your logs are clean, so this is not a malware issue anymore. You may refer to this article to find some steps to help speed up your computer. Update Adobe Reader Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9. Please uninstall all old versions of Adobe Reader and then you can download the newest version from http://www.adobe.com/products/acrobat/readstep2.html If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition. Since you have Acrobat 6.0, you should use that for creating and editing PDF's and Adobe Reader 9 for reading them. This will ensure your security. Update Java Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 12. Click on Start > Control Panel and double click on Add/Remove Programs. Locate any entries that are java (such as Java X update X) and click on Change/Remove to uninstall them. Click here to visit Java's website. Select Windows from the drop-down list for Platform. Select Multi-language from the drop-down list for Language. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue. Click on jre-6u12-windows-i586-p.exe link to download it and save this to a convenient location. Run this installation to update your Java. Congratulations, you are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them. If after 48 hours you have not responded to this, then I will assume you have no questions and have the topic closed. First, lets uninstall ComboFix: Click START then RUN Now type Combofix /u in the runbox and click OK Flush the system restore points Right click on My Computer and select Properties. Select the System Restore tab. Check (tick) Turn off system restore on all drives box. Click Apply. Uncheck (untick) Turn off system restore on all drives box. Click OK. Restart your computer. Note: Do this only ONCE, don't flush it regularly. Keep your system updated Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly. Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed. To update Windows and office Go to Start > All Programs > Microsoft Update Alternatively, you can visit the link below to update Windows and Office products. Microsoft Update I also recommend, if it's not already on, to enable Automatic updates. It will notify you whenever there are new updates available. Here's how: Go to Start > Control Panel > Automatic UpdatesSelect Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates. Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too. Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week. Surf safely Many of the exploits are directed to users of Internet Explorer and Firefox. Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it. Backup regularly You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups. Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer. Avoid P2P P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one. Prevent a re-infection Winpatrol Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here. You can get a free copy of Winpatrol or use the Plus version for more features. You can read Winpatrol's FAQ if you run into problems. Hosts File A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website. Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1. Here are some Hosts files: MVPS Hosts File Bluetack's Hosts File Bluetack's Host Manager hpHosts A tutorial about Hosts File can be found at Malware Removal. Spybot Search and Destroy Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week. Spybot Search & Destroy can be downloaded from here. If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer. Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it. SiteHound Toolbar SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only. Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference! The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. Happy surfing and stay clean! Regards, Adam

Hello, Run ComboFix 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the codebox below into it: Registry::[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\Program Files\\LimeWire\\LimeWire.exe"=-Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. In your next reply, please include: ComboFix log Please tell me how your computer is running now A new HijackThis log Regards, Adam

Hello, Run ComboFix 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the codebox below into it: File::C:\Documents and Settings\Michael Optis\My Documents\LimeWire\Incomplete\Preview-T-3545425-common - the people.mp3C:\Documents and Settings\Michael Optis\My Documents\LimeWire\Saved\Common - The Corner.mp3C:\Documents and Settings\Michael Optis\Shared\cartman gets an anal probe - greatest hits.mp3C:\Documents and Settings\Michael Optis\Shared\fligh high dj starskream.mp3C:\Documents and Settings\Michael Optis\Shared\flobots - handlebars.mp3C:\Documents and Settings\Michael Optis\Shared\mercenaries oh no you didnt 192kb.mp3C:\Documents and Settings\Michael Optis\Shared\ratatat - falcon jab.mp3C:\Documents and Settings\Michael Optis\Shared\Red Hot Chili Peppers - Breaking the girl.mp3C:\Documents and Settings\Michael Optis\Shared\Willa Ford - I Wanna Be Bad (Remix).mp3Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. In your next reply, please include: ComboFix log How is your computer running now? A new HijackThis log Regards, Adam

Please post the MBAM scan when it finishes and when it is done post a new HijackTHis log. What are you going to do about AVG7? Please also follow these instructions: Eset Online Scanner Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX. Check (tick) this box: YES, I accept the Terms of Use. Click on the Start button next to it. When prompted to run ActiveX. click Yes. You will be asked to install an ActiveX. Click Install. Once installed, the scanner will be initialized. After the scanner is initialized, click Start. Uncheck (untick) Remove found threats box. Check (tick) Scan unwanted applications. Click on Scan. It will start scanning. Please be patient. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply. Regards, Adam

Hello, Run ComboFix 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the codebox below into it: File::c:\windows\system32\drivers\ggemrk.sysSave this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. I see that you have AVG7. AVG7 is out-of-date and will not recieve any more updates. You should get AVG8 or another free anti-virus that recieves updates to keep your system more secure. Note: Never install more than 1 anti-virus or firewall. AntiVir Anti-Virus Personal (free)Avast! Anti-Virus Free AVG8 Free Scan with Malwarebytes' Anti-Malware Double click on the Malwarebytes' Anti-Malware icon on your desktop. Once the program has loaded, click on the Update tab and click on Check for Updates. Click on the Scanner tab. Select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. please copy and paste the log into your next reply. If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Kaspersky Online Scanner Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. In your next reply, please include: ComboFix log MBAM log Kaspersky report A new HijackThis log Regards, Adam

Hello, Upload a file to VirusTotal Please visit Virustotal Click the Browse.. button Navigate to the file c:\windows\system32\drivers\ggemrk.sys Click the Open button Click the Send button Copy and paste the results into a new reply in this thread please. Please repeat that process for the following file: C:\lvsen.exe Download HijackThis Download HJTInstall.exe to your desktop and run it. Following the on-screen prompts. After the installation has finished, browse to C:\Program Files\Trend Micro Now start HijackThis. Click Do a system scan and save a log file. Post the log file here. (Notepad will automatically open with the log file once HijackThis! has finished scanning). Do not attach the log file. In your next reply, please include: Virustotal results HijackThis log Regards, Adam

Hi there, Download and Run ComboFix Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix Save it to your desktop. Double click on ComboFix.exe & follow the prompts. As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes to continue scanning for malware. When finished, a log will be produced. Please post this log in your next reply. Do not mouse click on Combofix while it is running. That may cause it to stall. Regards, Adam

Welcome to the MalwareBytes forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start: If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks! Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem. I will post back soon with my first fix for you. Regards, Adam

A progress bar would be a nice additional feature, but I think that the team should keep up their great job focusing on their definitions and improving the other aspects of the program rather than adding the small things like that. Just my two cents. Regards, Adam