Kenny94

Hi anyrain Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system. Download ComboFix from below: Combofix download * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log (C:\ComboFix.txt) in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. ---------------------------------------------------------------------------------------------

Looking better! Download ComboFix from below: Combofix download * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log (C:\ComboFix.txt) in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. ---------------------------------------------------------------------------------------------

Okay, we'll have you fixed up soon. I'll be out of town on Sunday and Monday, but we should be finished by then. Re-run aswMBR.exe Click [scan] On completion of the scan Click the [Fix] for TDL4 (MBRoot): Once you are done with that, please do the following: Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. Vista/Windows 7 users right-click and select Run As Administrator. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory. In your next reply, please include these log(s): 1.aswMBR log 2.TDSSKiller log

Hi anyrain Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Please download and run UnHide.exe by Grinler.Double-click unhide.exe to run the program. After running it, your files should reappear. Please let us know the result. Can you post the Attach.txt of the DDS scan tool?

How are things now emilywvu82? Please run this online scan to help look for remnants. ESET Online Scanner Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here. Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. [*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! [*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. [*]Copy and paste that log as a reply to this topic. Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

One of the new methods of malware, is to use the types of malware which may be lurking in temp/user account folders. As they know (the bad guys) most users don't clean temporary files on a daily/weekly basis.... Your Computer is Clean Are you having any other problems? If not, we have just a couple of last steps to perform and then you're all set. Some final items: To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer: Save it to your Desktop. Double click OTC.exe. Click the CleanUp! button. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. Here are some additional links for you to check out to help you with your computer security. Browsers Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust) NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Additional Security Measures Secunia software inspector & update checker Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash. Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer. Visit My Blog for Malware and Spyware Tips

There was a error in my script. Drag OTM.exe icon into the recycle bin. Download another copy. Please download the OTM by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Services :Reg :Files C:\combo\SmitfraudFix.exe C:\combo\SmitfraudFix\Process.exe C:\combo\SmitfraudFix\restart.exe C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\0\3512c40-29009769 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\0\6685d300-129f5d0a C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-28fb456d C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\18\6f47d292-4a6002cb C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\29\42947d9d-106a4b7f C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\30\3b7a5a1e-5a452156 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-72d164b2 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\35\2a57d1a3-1d174144 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\36\46b18364-2c169d83 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\4\473a5bc4-53c93992 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\4\4b83f3c4-75b224ff C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\43\6d1b776b-515ecfc2 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-203d09cf C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-149511db C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\53\42441975-3c4b9f22 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\55\56b104b7-5a541556 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-7522ba68 C:\SDFix\apps\Process.exe :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [Reboot] Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTM If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Hi hubertlim and Welcome to Malwarebytes! Sorry or the delay, but this forum has been super busy. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper. --------------------------------------------------------------------------------------------- Please download aswMBR from here Save aswMBR.exe to your Desktop Double click aswMBR.exe to run it Click the Scan button to start the scan as illustrated below Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Once the scan finishes click Save log to save the log to your Desktop Copy and paste the contents of aswMBR.txt back here for review

You're Welcome Julez.... Your Computer is Clean Some final items: Follow these steps to uninstall Combofix and tools used in the removal of malware To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer: Save it to your Desktop. Double click OTC.exe. Click the CleanUp! button. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. Here are some additional links for you to check out to help you with your computer security. Browsers Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust) NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Additional Security Measures Secunia software inspector & update checker Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash. Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer. Visit My Blog for Malware and Spyware Tips

I'm sure it will! Your Computer is Clean Some final items: Follow these steps to uninstall Combofix and tools used in the removal of malware To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer: Save it to your Desktop. Double click OTC.exe. Click the CleanUp! button. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. Here are some additional links for you to check out to help you with your computer security. Browsers Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust) NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Additional Security Measures Secunia software inspector & update checker Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash. Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer. Visit My Blog for Malware and Spyware Tips

How are things now?

Right-click TDSSKiller and select Run As Administrator. If TDSSKiller still does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension. Example: runme.com

You're Welcome.

How is your computer doing Jule?

Hi, The one below: Java Platform, Standard Edition -Java SE 6 Update 25

Were almost done here! Nice Job! Please download the OTM by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Services :Reg :Files ipconfig /flushdns /c C:\combo\SmitfraudFix.exe C:\combo\SmitfraudFix\Process.exe C:\combo\SmitfraudFix\restart.exe C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\0\3512c40-29009769 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\0\6685d300-129f5d0a C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-28fb456d C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\18\6f47d292-4a6002cb C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\29\42947d9d-106a4b7f C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\30\3b7a5a1e-5a452156 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-72d164b2 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\35\2a57d1a3-1d174144 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\36\46b18364-2c169d83 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\4\473a5bc4-53c93992 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\4\4b83f3c4-75b224ff C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\43\6d1b776b-515ecfc2 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-203d09cf C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-149511db C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\53\42441975-3c4b9f22 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\55\56b104b7-5a541556 C:\Documents and Settings\Retro\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-7522ba68 C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir Win32/PrcView application C:\SDFix\apps\Process.exe :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [Reboot] Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTM If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

When you have ComboFix.exe in your flash drive. Then copy ComboFix.exe to your husband's user account on to the desktop. Then run ComboFix....

I'm sorry Jule. I left out vir in the CFScript. Let's do it one more and the last time.... ..... Run CFScript Close any open browsers. Open Notepad by click start Click Run Type notepad into the box and click enter Notepad will open Copy and Paste everything from the Code box into Notepad: KILLALL:: Dequarantine:: C:\Qoobox\Quarantine\C\BMWScan140\BMWScan140.exe.vir Quit:: Save the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply. Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Let's do this. Run ComboFix on your husband's account. Please do the following

Running ComboFix was a good thing. As it disinfected one more driver. Okay, If you want that file back. For BMW Scanner and so forth. Please do the following Run CFScript Close any open browsers. Open Notepad by click start Click Run Type notepad into the box and click enter Notepad will open Copy and Paste everything from the Code box into Notepad: KILLALL:: Dequarantine:: C:\Qoobox\Quarantine\c:\bmwscan140\BMWScan140.exe Quit:: Save the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK. If not, reboot your PC You can remove DeFogger. Your Computer is Clean Some final items: Follow these steps to uninstall Combofix and tools used in the removal of malware Please press the Windows Key and R on your keyboard. This will bring up the Run... command. Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /) Please follow the prompts to uninstall Combofix. You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself. This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again. Here are some additional links for you to check out to help you with your computer security. Browsers Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust) NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Additional Security Measures Secunia software inspector & update checker Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash. Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer. Visit My Blog for Malware and Spyware Tips

Please run this online scan to help look for remnants. ESET Online Scanner Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here. Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. [*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! [*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. [*]Copy and paste that log as a reply to this topic. Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

We'll Dequarantine that file in ComboFix. In the next post. We're almost done here... Please download the OTM by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Services :Reg :Files ipconfig /flushdns /c C:\SDFix\apps\Process.exe C:\WINDOWS\erukukasegadav.dll C:\WINDOWS\system32\cmdow.exe :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [Reboot] Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTM If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

There are some older versions of Java and Adobe Acrobat Reader on your computer. These can be a source of the infection/infections. Go to Start > Control Panel > Add/Remove Programs. Please remove these entries from Add/Remove Programs in the Control Panel Adobe Reader 9.4.4 Java

Your PC had a rootkit that has replaced your ide driver volsnap.sys file with malware. Let's make there's no rootkit. Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory.