TheDarkKnight

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Good morning Jedarius, Good to hear! Please download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Hello fishtaco254, So this popup you are seeing is appearing in what browsers?

Hey fishtaco254, Please download to your Desktop SystemLook by jpshortstuff from here. Double-click SystemLook.exe and copy and paste the content of the following codebox (starting with :filefind) into the main textfield and click the Look button to start the scan: :filefind TdkLib64.sys When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt.

Hello Jedarius, Great!

Good evening Kirbett, Yes, or they may have been removed by one of the tools. You and the owner are most welcome. I am glad I could be of assistance. Fingers crossed!

Good afternoon Woe_is_Me_n_myPC, Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable. Please follow the instructions below to update Java: Please go to the below link and download the latest Windows 7 version: http://www.java.com/en/download/manual.jsp Save it to your Desktop. Please go to Start>Control Panel>Programs. Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: Select Uninstall. Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed. ===== Next, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it: Please go to Start>All Programs>Adobe Reader. Open Adobe Reader and navigate to Help>Check for Updates. Please follow the prompts to install the latest version. Also, your version of Adobe Flash Player is out of date. Please follow these instructions to update to the latest version: Go to the Adobe Global Notifications Update website here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager05.html#118377 A small box to the right within the window should load. Please select how often you would like Adobe to check for a new update for its Flash Player. Note: This has to be done separately for Firefox and IE. If a new version is found: Please tick the License Agreement. Click Install. Note: If you are running Mozilla Firefox all of its windows will need to be closed.Click Done. Note: In future if an update is available Adobe will notify you on your Desktop via the Adobe Download Manager. ===== In your reply please let me know how the updates go and how your computer is running.

Good afternoon fishtaco254, To do this, please set Win7 to show hidden/system files and folders so that you can find them: Please click Start and open My Computer. On the Organize tab, click on Folder and search options. On the View tab, uncheck Hide file extensions for known file types. Also uncheck Hide protected operating system files (Recommended) and click Yes on the warning message. Under Hidden files and folders, check Show hidden files, folders, or drives. Click Apply. Click OK and close My Computer. I will give you instructions for hiding them again after it looks like your computer is clean. Now try to find it.

Good afternoon aryama, Your scans have not indicated malware is present. A little housekeeping to uninstall ComboFix: Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK: ComboFix /uninstall To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe. Click the CleanUp button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. Right-click the Recycle Bin and please select Empty Recycle Bin. ===== Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup: IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure. As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program. Please consider installing and running the following program (there is a free version available): SpywareBlaster A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here. Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here: http://www.spywarewarrior.com/rogue_anti-spyware.htm A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options. Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates. Please also read Tony Klein's excellent article: How did I get infected in the first place. Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

Good evening Woe_is_Me_n_myPC, To do this, please set Win7 to show hidden/system files and folders so that you can find them: Please click Start and open My Computer. On the Organize tab, click on Folder and search options. On the View tab, uncheck Hide file extensions for known file types. Also uncheck Hide protected operating system files (Recommended) and click Yes on the warning message. Under Hidden files and folders, check Show hidden files, folders, or drives. Click Apply. Click OK and close My Computer. I will give you instructions for hiding them again after it looks like your computer is clean. ===== Now, pleas navigate to these files and delete them: C:\Users\Christian\AppData\Local\Microsoft\Windows Live Mail\Gmail (kare 49c\[Gmail]\Spam\51EC592E-000026B2.eml C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.5-g[1].exe C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.5-g[1].exe ===== Yes, I think that is a good idea. While it has reset some things like this, do not be concerned. Good idea. ===== Please download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Hello aryama, That only found cookies. I think maybe it is hardware related. Please make a topic here: http://forums.malwarebytes.org/index.php?showforum=6 And provide a link to this topic. If you are happy to do that then I will give you some advice on how to stay safe and how to cleanup the tools used.

Hey Jedarius, Please monitor MBAM for the next day and see how it goes.

Howdy fishtaco254. Please go to http://www.virustotal.com, click on Choose File, and upload the following file for analysis: You will only be able to have one file scanned at a time. C:\Users\Swag\AppData\Local\Temp\ExtactTemp\TdkLib64.sys Then click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see. Note: If a message appears saying the file has already been analysed, please resend the file.

Hello Jedarius, I have an idea. Please follow these instructions to remove the remaining malicious entries: Please close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open Notepad and copy/paste the text in the quotebox below into it: Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail. Save this as CFScript.txt, in the same location as ComboFix.exe. Referring to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the ComboFix.txt in your next reply. Now try MBAM please.

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingc...to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. **Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.** **Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.** Please include the C:\ComboFix.txt in your next reply for further review.

Hello aryama, Can you please post the contents of the .xlm file.

Good evening Kirbett, A little housekeeping to uninstall ComboFix: Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK: ComboFix /uninstall Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. And AdwCleaner: Please double click on adwcleaner.exe to run the tool. Click on Uninstall. Confirm with Yes. Right-click the Recycle Bin and please select Empty Recycle Bin. ===== Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup: IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure. As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program. Please consider installing and runningthe following program; it has a free version: SpywareBlaster A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here. A software firewall will help increase your computer security. Free versions are available for the below firewalls: COMODO Online Armor Outpost Please visit this tutorial for further information on firewalls. Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here: http://www.spywarewarrior.com/rogue_anti-spyware.htm A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options. Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates. Please also read Tony Klein's excellent article: How did I get infected in the first place. Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

Jedarius, Please re-run SystemLook with this command: :filefind WinLive.dll

Hello Woe_is_Me_n_myPC, Because you have MSE installed (silly me!) then yes Windows Defender can be disabled. You may like to try reinstalling IE and seeing if that helps. I am not familiar with this happening with the tool; I would have to check with the developer. ===== Please run a free online scan with the ESET Online Scanner. Note: You can use Internet Explorer or Mozilla Firefox for this scan. Tick the box next to YES, I accept the Terms of Use. Click Start. When asked, allow the ActiveX control to install. Click Start. Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked. Click Scan. Wait for the scan to finish. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt. Copy and paste that log as a reply to this topic.

No worries.

Good afternoon fosternguyen, I didn't see any evidence of any nasty infections, so it should be fine.

Good morning fosternguyen, A little housekeeping to uninstall ComboFix: Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK: ComboFix /uninstall And AdwCleaner: Please double click on adwcleaner.exe to run the tool. Click on Uninstall. Confirm with Yes. To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe. Click the CleanUp button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. Right-click the Recycle Bin and please select Empty Recycle Bin. ===== Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup: IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure. As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program. Please consider installing and running the following program (there is a free version available): SpywareBlaster A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here. Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here: http://www.spywarewarrior.com/rogue_anti-spyware.htm A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options. Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates. Please also read Tony Klein's excellent article: How did I get infected in the first place. Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

Hello aryama, Well those scans came back clean. Please download HitmanPro. For 32-bit Operating System - . This is the mirror - For 64-bit Operating System - This is the mirror - Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select Run as administrator). Click on the next button. You must agree with the terms of EULA. Check the box beside "No, I only want to perform a one-time scan to check this computer". Click on the next button. The program will start to scan the computer. The scan will typically take no more than 2-3 minutes. When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!! on the next button. Click on the "Export scan results to XML file". Save that file to your Desktop and zip and attach it in your next reply.