deltalima

Hi cllackie, Update Java Runtime You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 19. Download the latest version of Java Runtime Environment (JRE) 6 Here Scroll down to where it says "JDK 6 Update 19 (JDK or JRE)" Click the orange Download JRE button to the right Select the Windows platform from the dropdown menu Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh Click on the link to download Windows Offline Installation & save the file to your desktop Close any programs you may have running - especially your web browser Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions Reboot your computer once all Java components are removed Then from your desktop double-click on jre-6u19-windows-i586-p.exe to install the newest version Now that you are clean, please follow these simple steps in order to keep your computer clean and secure Remove GMER Delete the GMER icon from your desktop, it will be named gdvqqrb4.exe Uninstall ComboFix Click START then RUN Now type Combofix /Uninstall in the runbox and click OK Clean up with OTL Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CleanUp! button Say Yes to the prompt and then allow the program to reboot your computer. Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will enhance your safety MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software Also, please read this great article by Tony Klein So How Did I Get Infected In First Place Happy surfing and stay clean!

Hi gaffer61 No problem, we can check the fix worked with another OTL scan. Look's like we still have another infection to find. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Now please run another OTL scan and post OTL.txt and the log from the Kaspersky scan and let me know how the computer is running now.

Hi gaffer61 Run OTL Script Double-click OTL.exe to start the program. Copy and Paste the following code into the textbox. Do not include the word Code :otl O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found. :commands [EMPTYTEMP] Then click the Run Fix button at the top. Click . OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply. Now please open Malwarebytes and run a quick scan then copy and paste the results in your next reply along with the report from OTL and let me know how the computer is running now.

Hi gaffer61 TDSSKiller Download the file TDSSKiller.zip and save it on your desktop Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop Next double-click the tdsskiller Folder on your desktop. Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop. Highlight and copy the text in the codebox below. "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt" Click Start, click Run... and paste the text above into the Open: line and click OK. Wait for the scan and disinfection process to be over. Open tdskiller.txt on your desktop and post the contents in your next reply

Hi cllackie, Run OTL Script Double-click OTL.exe to start the program. Copy and Paste the following code into the textbox. Do not include the word Code :otl O2 - BHO: (no name) - {22a30381-78f8-420f-a1ce-af28d8b70858} - No CLSID value found. O2 - BHO: (no name) - {EA7C7D50-DBA5-4B54-92E0-3513D4C688F9} - No CLSID value found. Then click the Run Fix button at the top. Click . OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply. Please try to run Firefox now and let me know if there are any problems.

Hi gaffer61 Welcome to the forum. My nickname is deltalima and I will be helping you with your computer problems. The logs can take some time to research, so please be patient with me. Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Please note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Download and run OTL Download OTL by Old Timer and save it to your Desktop. Double click on OTL.exe to run it. Under Output, ensure that Minimal Output is selected. Under Extra Registry section, select Use SafeList. Click the Scan All Users checkbox. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. OTL.txt <-- Will be opened Extras.txt <-- Will be minimized [*]Please post the contents of these 2 Notepad files in your next reply. Please download GMER Rootkit Scanner from here. Double click the .exe file. If asked to allow gmer.sys driver to load, please consent If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO. Run Gmer again and click on the Rootkit tab. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All". Click on the "Scan" and wait for the scan to finish. Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply. Note: If you have any problems, try running GMER in SAFE MODE Important! Please do not select the "Show all" checkbox during the scan.. Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Hi cllackie, Please run another scan with OTL and post just the OTL.txt log. Please also let me know how the computer is running now.

Hi cllackie, Run OTL Script Double-click OTL.exe to start the program. Copy and Paste the following code into the textbox. Do not include the word Code :otl O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKLM..\Run: [rqooljdrv] File not found O4 - HKLM..\Run: [urrqqrsys] File not found O4 - HKU\.DEFAULT..\Run: [ljihifdrv] File not found O4 - HKU\.DEFAULT..\Run: [rqpmlksys] File not found O4 - HKU\S-1-5-18..\Run: [ljihifdrv] File not found O4 - HKU\S-1-5-18..\Run: [rqpmlksys] File not found O4 - HKU\S-1-5-21-606747145-1454471165-682003330-1003..\Run: [byyaawdrv] File not found [REBOOT] Then click the Run Fix button at the top. Click . OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply. I notice that Malwarebytes log you posted was dated 3/5/2010 2:21:27 AM, please run a new scan and ensure the product is updated to version 1.45, run a quick scan and post the log in your next reply. Please let me know the result from the previous runs of Combofix on this computer.

Hi bricktechsup, This rootkit is being constantly modified with several different versions released most days in an attempt to avoid detection. The best way to avoid this would be to remove local admin rights from the users and have them run as a limited user. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure Remove GMER Delete the GMER icon from your desktop. Delete the TDSSKiller zip file, icon and folder from your desktop. Clean up with OTL Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CleanUp! button Say Yes to the prompt and then allow the program to reboot your computer. Create a new, clean System Restore point which you can use in case of future system problems: Press Start >> All Programs >> Accessories >>System Tools >> System Restore Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close Now remove old, infected System Restore points: Next click Start >> Run and type cleanmgr in the box and press OK Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required. Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt Press OK and Yes to confirm Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will enhance your safety MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software Also, please read this great article by Tony Klein So How Did I Get Infected In First Place Happy surfing and stay clean!

Hi cllackie, Run Combofix: Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix. Download ComboFix from here to your Desktop. For more information about Combofix please see here. Close all programs. Double click combofix.exe and follow the prompts. If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it

Hi bricktechsup, Please reboot one more time and then run Malwarebytes Antimalware, update and then run a quick scan. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log, the log from Malwarebytes and a new HijackThis log in your next reply and also let me know how your computer is running now.

Hi bricktechsup, That's good, we removed the rootkit, please reboot if not done so. You may notice that Internet access stops working until after the next step. Run OTL Script Double-click OTL.exe to start the program. Copy and Paste the following code into the textbox. Do not include the word Code :otl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 :commands [EMPTYTEMP] [RESETHOSTS] Then click the Run Fix button at the top. Click . OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Hi bricktechsup, OK we will remove later. TDSSKiller Download the file TDSSKiller.zip and save it on your desktop Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop Next double-click the tdsskiller Folder on your desktop. Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop. Highlight and copy the text in the codebox below. "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt" Click Start, click Run... and paste the text above into the Open: line and click OK. Wait for the scan and disinfection process to be over. Open tdskiller.txt on your desktop and post the contents in your next reply

Hi bricktechsup, The following sites a1.review.zdnet.com d1.reviews.cnet.com reviews.riverstreams.co.uk reviews.download.com review.2009softwarereviews.com reviews.pcmag.com reviews.pcadvisor.co.uk reviews.techradar.com reviews.pcpro.co.uk www.reevoo.com toptenreviews.com have their IP addresses mapped to 69.10.51.38 in the hosts file. Are you aware of any reason for this ?

Hi cllackie, multiple Anti Virus programs It looks like you are operating your computer with multiple Anti Virus programs running in memory at once: Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them. Ensure that the one you choose to keep is registered to receive updates Reboot once the program has been removed. TFC Please download TFC to your desktop, Save any unsaved work. TFC will close all open application windows. Double-click TFC.exe to run the program. Click the Start button in the bottom left of TFC If prompted, click "Yes" to reboot. Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply.

Hi bricktechsup, The GMER scan would be useful as I suspect a rootkit infection. Let's try another method. Custom OTL scan Double click on OTL.exe to run it. Under the Custom Scan box paste this in netsvcs %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys nvraid.sys /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When done, two Notepad files will open. OTL.txt <-- Will be opened Extras.txt <-- Will be minimized [*]Please post the contents of these 2 Notepad files in your next reply. Please also let me know if you know f any reason for those entries in the host file.

Hi bricktechsup, Welcome to the forum. My nickname is deltalima and I will be helping you with your computer problems. The logs can take some time to research, so please be patient with me. Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Please note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Please run scans and fixes on just one of the infected systems until we have eliminated the problems. Download and run OTL Download OTL by Old Timer and save it to your Desktop. Double click on OTL.exe to run it. Under Output, ensure that Minimal Output is selected. Under Extra Registry section, select Use SafeList. Click the Scan All Users checkbox. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. OTL.txt <-- Will be opened Extras.txt <-- Will be minimized [*]Please post the contents of these 2 Notepad files in your next reply. Please download GMER Rootkit Scanner from here. Double click the .exe file. If asked to allow gmer.sys driver to load, please consent If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO. Run Gmer again and click on the Rootkit tab. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All". Click on the "Scan" and wait for the scan to finish. Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply. Note: If you have any problems, try running GMER in SAFE MODE Important! Please do not select the "Show all" checkbox during the scan.. Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply. Please also let me know if there is a reason for the following host file entries 69.10.51.38 reviews.pcadvisor.co.uk 69.10.51.38 reviews.download.com Etc.

Hi cllackie, Welcome to the forum. My nickname is deltalima and I will be helping you with your computer problems. The logs can take some time to research, so please be patient with me. Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Please note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Download and run OTL Download OTL by Old Timer and save it to your Desktop. Double click on OTL.exe to run it. Under Output, ensure that Minimal Output is selected. Under Extra Registry section, select Use SafeList. Click the Scan All Users checkbox. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. OTL.txt <-- Will be opened Extras.txt <-- Will be minimized [*]Please post the contents of these 2 Notepad files in your next reply. Please download GMER Rootkit Scanner from here. Double click the .exe file. If asked to allow gmer.sys driver to load, please consent If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO. Run Gmer again and click on the Rootkit tab. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All". Click on the "Scan" and wait for the scan to finish. Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply. Note: If you have any problems, try running GMER in SAFE MODE Important! Please do not select the "Show all" checkbox during the scan.. Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Hi Chomper Harris, Now that you are clean, please follow these simple steps in order to keep your computer clean and secure Remove GMER Delete the GMER icon from your desktop. Delete TDSSKiller and DDS from your desktop. Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will enhance your safety MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software Also, please read this great article by Tony Klein So How Did I Get Infected In First Place Happy surfing and stay clean!

Hi Chomper Harris, Update Java Runtime You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 19. Download the latest version of Java Runtime Environment (JRE) 6 Here Scroll down to where it says "JDK 6 Update 19 (JDK or JRE)" Click the orange Download JRE button to the right Select the Windows platform from the dropdown menu Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh Click on the link to download Windows Offline Installation & save the file to your desktop Close any programs you may have running - especially your web browser Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions Reboot your computer once all Java components are removed Then from your desktop double-click on jre-6u19-windows-i586-p.exe to install the newest version Now please run Malwarebytes Antimalware, update and run a quick scan and post the log in your next reply and let me know how the computer is running now.

Hi Chomper Harris, Welcome to the forum. My nickname is deltalima and I will be helping you with your computer problems. The logs can take some time to research, so please be patient with me. Please note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. TDSSKiller Download the file TDSSKiller.zip and save it on your desktop Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop Next double-click the tdsskiller Folder on your desktop. Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop. Highlight and copy the text in the codebox below. "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt" Click Start, click Run... and paste the text above into the Open: line and click OK. Wait for the scan and disinfection process to be over. Open tdskiller.txt on your desktop and post the contents in your next reply

Hi steviewilson, It's looking good, as a final check, please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply and also let me know how your computer is running now.

Hi steviewilson, Please post the log from the last Malwarebytes scan.

Hi steviewilson, Yes, go ahead and delete the hidden service.

Hi steviewilson, TDSSKiller Download the file TDSSKiller.zip and save it on your desktop Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop Next double-click the tdsskiller Folder on your desktop. Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop. Highlight and copy the text in the codebox below. "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt" Click Start, click Run... and paste the text above into the Open: line and click OK. Wait for the scan and disinfection process to be over. Open tdskiller.txt on your desktop and post the contents in your next reply