deltalima

Hi wubster, Welcome to the forum. My nickname is deltalima and I will be helping you with your malware issue. The logs can take some time to research, so please be patient with me. Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Please note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Please Note: The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator. Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program. When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator Download and run OTL Download OTL by Old Timer and save it to your Desktop. Right click on OTL.exe and select: Run as Administrator. Under Output, ensure that Minimal Output is selected. Under Extra Registry section, select Use SafeList. Click the Scan All Users checkbox. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. OTL.txt <-- Will be opened Extras.txt <-- Will be minimized [*]Please post the contents of these 2 Notepad files in your next reply. Please download GMER Rootkit Scanner from here. Right click the .exe file and select: Run as Administrator.. If asked to allow gmer.sys driver to load, please consent If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO. Run Gmer again and click on the Rootkit tab. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All". Click on the "Scan" and wait for the scan to finish. Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply. Note: If you have any problems, try running GMER in SAFE MODE Important! Please do not select the "Show all" checkbox during the scan.. Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Checking your log - back soon.

Hi sjt, Now that you are clean, please follow these steps in order to keep your computer clean and secure. You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions. All versions numbered lower than 9.4 are vulnerable. Go HERE , UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader. After it completes the Installation, close the Download Manager. Update Java Runtime You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 22. Download the latest version of Java Runtime Environment (JRE) 6 Here Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)" Click the orange Download JRE button to the right Select the Windows platform from the dropdown menu Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh Click on the link to download Windows Offline Installation & save the file to your desktop Close any programs you may have running - especially your web browser Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions Reboot your computer once all Java components are removed Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version DeFogger To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK Remove GMER Delete the GMER icon from your desktop. Clean up with OTL Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CleanUp! button Say Yes to the prompt and then allow the program to reboot your computer. Create a new, clean System Restore point which you can use in case of future system problems: Press Start >> All Programs >> Accessories >>System Tools >> System Restore Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close Now remove old, infected System Restore points: Next click Start >> Run and type cleanmgr in the box and press OK Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required. Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt Press OK and Yes to confirm Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will enhance your safety MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software Also, please read this great article by Tony Klein So How Did I Get Infected In First Place Happy surfing and stay clean!

Hi sjt, Now that you are clean, please follow these steps in order to keep your computer clean and secure. You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions. All versions numbered lower than 9.4 are vulnerable. Go HERE , UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader. After it completes the Installation, close the Download Manager. Update Java Runtime You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 22. Download the latest version of Java Runtime Environment (JRE) 6 Here Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)" Click the orange Download JRE button to the right Select the Windows platform from the dropdown menu Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh Click on the link to download Windows Offline Installation & save the file to your desktop Close any programs you may have running - especially your web browser Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions Reboot your computer once all Java components are removed Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version DeFogger To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK Remove GMER Delete the GMER icon from your desktop. Clean up with OTL Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CleanUp! button Say Yes to the prompt and then allow the program to reboot your computer. Create a new, clean System Restore point which you can use in case of future system problems: Press Start >> All Programs >> Accessories >>System Tools >> System Restore Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close Now remove old, infected System Restore points: Next click Start >> Run and type cleanmgr in the box and press OK Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required. Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt Press OK and Yes to confirm Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will enhance your safety MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software Also, please read this great article by Tony Klein So How Did I Get Infected In First Place Happy surfing and stay clean!

Thanks, Please post the GMER log when ready.

Hi sjt, Run OTL Script Double-click OTL.exe to start the program. Copy and Paste the following code into the textbox. Do not include the word Code :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 0 "AntiVirusOverride" = 0 :commands [REBOOT] Then click the Run Fix button at the top. Click . OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply. Now please run a quick scan with Malwarebytes and post the log in your next reply and let me know how the computer is running now.

Hi sjt, TDSSKiller Please Download TDSSKiller.zip and save it on your desktop. Extract (unzip) its contents to your Desktop. Double-click the TDSSKiller Folder on your desktop. Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop. Important!: Run this fix once and once only. Double click the TDSSKiller icon on you're desktop then click Start scan. A box will appear saying System scan completed. If any Malicious objects are found click Cure > Continue > Reboot now. A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010. To find the log click Start > Computer > C:. Please post the contents of that log in your next reply.

Hi sjt, Welcome to the forum. My nickname is deltalima and I will be helping you with your computer problems. The logs can take some time to research, so please be patient with me. Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Please note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Download and run OTL Download OTL by Old Timer and save it to your Desktop. Double click on OTL.exe to run it. Under Output, ensure that Minimal Output is selected. Under Extra Registry section, select Use SafeList. Click the Scan All Users checkbox. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. OTL.txt <-- Will be opened Extras.txt <-- Will be minimized [*]Please post the contents of these 2 Notepad files in your next reply.

Hi toddtcas, Welcome to the forum. My nickname is deltalima and I will be helping you with your computer problems. The logs can take some time to research, so please be patient with me. Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Please note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Please reboot into normal mode. Rkill Please download Rkill from one of the following links and save to your Desktop: One, Two,Three or Four Double click on Rkill. A command window will open then disappear upon completion, this is normal. A notepad windows will open, please post the contents in your next reply This log can also be found at C:\rkill.log Please leave Rkill on the Desktop until otherwise advised. Note: If your security software warns about Rkill, please ignore and allow the download to continue. Download and run OTL Download OTL by Old Timer and save it to your Desktop. Double click on OTL.exe to run it. Under Output, ensure that Minimal Output is selected. Under Extra Registry section, select Use SafeList. Click the Scan All Users checkbox. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. OTL.txt <-- Will be opened Extras.txt <-- Will be minimized [*]Please post the contents of these 2 Notepad files in your next reply. Please download GMER Rootkit Scanner from here. Double click the .exe file. If asked to allow gmer.sys driver to load, please consent If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO. Run Gmer again and click on the Rootkit tab. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All". Click on the "Scan" and wait for the scan to finish. Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply. Note: If you have any problems, try running GMER in SAFE MODE Important! Please do not select the "Show all" checkbox during the scan.. Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Checking your log - back soon.

OK, let me know how you get on.

Hi JRRJ, Please go here and click download to download the Windows XP Service Pack 2 Network Installation Package and save the file. If any of these instructions are unclear please ask before continuing. Now use Windows Explorer to create a folder called sp2 in the root of drive C: Move the service pack install file into that folder Open a command prompt widow (start - run - cmd) At the command prompt Type C: and press enter Type cd \sp2 and press enter Type WindowsXP-KB835935-SP2-ENU.exe -x: c:\sp2 and press enter This should now extract the service pack files into that folder, if it tries to do anything else cancel and let me know. Type cd i386 and press enter Type expand ws2_32.dl_ ws2_32.dll and press enter Type exit and press enter to close the command console ComboFix - CFScript WARNING ! This script is for THIS user and computer ONLY! Using this tool incorrectly could damage your Operating System... preventing it from starting again! You will not have Internet access when you execute ComboFix. All open windows will need to be closed! Please open Notepad and copy/paste all the text below... into the window: FCOPY:: c:\windows\system32\ws2_32.dll | c:\ws2_32.dll c:\sp2\i386\ws2_32.dll | c:\windows\system32\ws2_32.dll Save it to your desktop as CFScript.txt Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below: This will cause ComboFix to run again. Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash. Do Not touch your computer when ComboFix is running! When finished... Notepad will open ... ComboFix will produce a log file called "log.txt". Please copy/paste the contents of log.txt... in your next reply. ** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Hi JRRJ, Download SystemLook and save it to your Desktop. Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind ws2_32.dl* Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt

Hi JRRJ, OK that would explain it. Run Combofix Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix. Download ComboFix from here to your Desktop. For more information about Combofix please see here. Close all programs. Double click combofix.exe and follow the prompts. If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it

OK. the file may have already been removed, we can check later. Please let me know what happened with Combofix and if McAfee was disabled when it was run.

Hi JRRJ, Please do not run any scans or make any changes to the system other than the ones I ask for. Upload a File to Virustotal Please go to Virustotal Copy/paste this file and path into the white box at the top: Press Submit - this will submit the file for testing. Please wait for all the scanners to finish then copy and paste the results in your next response. It seems that Combofix has been run unsuccessfully on this computer, please let me know what happened when it ran and if you disabled McAfee before running it.

Hi JRRJ, Create a batch file Open Notepad. Copy/paste the following text into the empty Notepad window. @echo off schtasks /query /fo LIST /v >> results.txt start notepad results.txt Del %0 Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*. Double click the file xxx.bat to execute. results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response. Run OTL Script Double-click OTL.exe to start the program. Copy and Paste the following code into the textbox. Do not include the word Code :otl IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll () IE - HKU\S-1-5-21-1202660629-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mozilla.com O1 - Hosts: 127.0.0.1 www.mozilla.com O1 - Hosts: 127.0.0.1 firefox.com O1 - Hosts: 127.0.0.1 www.firefox.com O1 - Hosts: 127.0.0.1 www.firefox2.com O1 - Hosts: 127.0.0.1 firefox2.com O1 - Hosts: 127.0.0.1 ftp.saix.net O1 - Hosts: 127.0.0.1 download.mozilla.com O4 - HKLM..\Run: [combofix] C:\ComboFix\CF8341.cfx File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found :commands [EMPTYTEMP] [RESETHOSTS] [REBOOT] Then click the Run Fix button at the top. Click . OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply. Scan With RKUnHooker Please Download Rootkit Unhooker Save it to your desktop. Now double-click on RKUnhookerLE.exe to run it. Click the Report tab, then click Scan. Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK. Wait till the scanner has finished and then click File, Save Report. Save the report somewhere where you can find it. Click Close. Copy the entire contents of the report and paste it in a reply here. MBRCheck Please download MBRCheck.exe to your desktop. Double-click on MBRCheck.exe to run it. It will show a Black screen with some information. if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice. If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop. Please post the contents of that file in you're next reply.

Hi JRRJ, Welcome to the forum. My nickname is deltalima and I will be helping you with your computer problems. The logs can take some time to research, so please be patient with me. Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Please note the following: I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Download and run OTL Download OTL by Old Timer and save it to your Desktop. Double click on OTL.exe to run it. Under Output, ensure that Minimal Output is selected. Under Extra Registry section, select Use SafeList. Click the Scan All Users checkbox. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. OTL.txt <-- Will be opened Extras.txt <-- Will be minimized [*]Please post the contents of these 2 Notepad files in your next reply. Please download GMER Rootkit Scanner from here. Double click the .exe file. If asked to allow gmer.sys driver to load, please consent If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO. Run Gmer again and click on the Rootkit tab. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All". Click on the "Scan" and wait for the scan to finish. Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply. Note: If you have any problems, try running GMER in SAFE MODE Important! Please do not select the "Show all" checkbox during the scan.. Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Hi diver dan, Run OTL Script Double-click OTL.exe to start the program. Copy and Paste the following code into the textbox. Do not include the word Code :files c:\windows\uliyukejubetov.dll Then click the Run Fix button at the top. Click . OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Hi diver dan, Now that you are clean, please follow these simple steps in order to keep your computer clean and secure Remove GMER Delete the GMER icon from your desktop, it will be named 7u086ve0.exe Clean up with OTL Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CleanUp! button Say Yes to the prompt and then allow the program to reboot your computer. Create a new, clean System Restore point which you can use in case of future system problems: Press Start >> All Programs >> Accessories >>System Tools >> System Restore Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close Now remove old, infected System Restore points: Next click Start >> Run and type cleanmgr in the box and press OK Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required. Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt Press OK and Yes to confirm Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will enhance your safety MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software Also, please read this great article by Tony Klein So How Did I Get Infected In First Place Happy surfing and stay clean!

Hi diver dan, Before I answer your questions I would like to do a few further checks to make sure everything is clean. Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present): O4 - HKCU\..\Run: [Fweyip] rundll32.exe "C:\WINDOWS\kSouinab.dll",Startup Now close all other open windows and then click on Fix Checked. Close HijackThis. Now reboot. Malwarebytes Anti-Malware Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and select then follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please post that log in your next reply. The log can also be found here: Launch Malwarebytes' Anti-Malware Click on the Logs radio tab. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. The rootkit is known as TDL3 or TDSS See here for more information. There are several ways, please click on the UNITE link in my signature and follow the link to UNITE schools.

Hi diver dan, OK, good. Thanks for the update.

Hi diver dan, TDSSKiller Please Download TDSSKiller.exe and save it on your desktop. Important!: only run this fix once. Double click TDSSKiller.exe to run it. a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 13.06.2010 To find the log click Start > Computer > C:. Please post the contents of that log in your next reply. Please let me know how the computer is running now.

Hi diver dan, If the GMER scan fails to complete then please run this alternative scan. Scan With RKUnHooker Please Download Rootkit Unhooker Save it to your desktop. Now double-click on RKUnhookerLE.exe to run it. Click the Report tab, then click Scan. Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK. Wait till the scanner has finished and then click File, Save Report. Save the report somewhere where you can find it. Click Close. Copy the entire contents of the report and paste it in a reply here.

Hi diver dan, You posted Extras.txt twice. Please post OTL.txt .