Kenny94

Yes you can install AVG. ESET Online Scanner Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here. Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. [*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! [*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. [*]Copy and paste that log as a reply to this topic. Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

No concerns for these. As they are in the chest. Most of the object is in Combofix quarantine, the other in system restore, so none of them is active. ESET Online Scanner Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here. Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. [*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! [*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. [*]Copy and paste that log as a reply to this topic. Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Drag TDSSKiller icon into the recycle bin. Download a updated copy. Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory.

Yes continue with ComboFix ignore any wanrnings.

Yes or use the site below: http://www.avg.com/us-en/download-tools

ComboFix will not run until AVG is uninstalled as a protective measure. This is an issue with AVG. Use the uninstaller below: Please download AppRemover to your Desktop. Double-click AppRemover.exe. Untick Enable anonymous usage statistic. Click Next>>. Select AVG to remove and click Next>>. By clicking Next>> again, AppRemover will start the uninstall process. This may take a few minutes. Once completed you may be prompted to restart your system. Please do so. Restart your computer completes removal of AVG Antivirus. You can install AVG after we clean your PC. Or I have another free Antivirus that you can install. Next Download ComboFix from below: Combofix download * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. ---------------------------------------------------------------------------------------------

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later. Please download Dial-A-Fix from one of the following mirrors:Primary Mirror Secondary Mirror [*]Extract the zip file to your desktop. [*]Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click to continue. [*]Press the green double checkmark box (Looks like this: [*]UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this: [*] [*]Click on Go [*]Wait for Dial-A-Fix to finish (All the checks marks will be all gone) [*]Close Dial-A-Fix Next Close any open browsers. Open Notepad by click start Click Run Type notepad into the box and click enter Notepad will open Copy and Paste everything from the Code box into Notepad: KILLALL:: DDS:: uInternet Settings,ProxyServer = 123.123.123.123:8080 Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"=- "5800:TCP"=- "5500:TCP"=- Save the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply. Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Can you post what AVG finds and can't remove? We need to look at some information about what is going on in your computer: Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pif [*]Double click on the DDS icon, allow it to run. [*]A small box will open, with an explanation about the tool. [*]When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt [*] Save both reports to your desktop. [*] The instructions here ask you to attach the Attach.txt. [*]Instead of attaching, please copy/past both logs into your Thread [*]Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Hi retroap Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper. --------------------------------------------------------------------------------------------- Please use AVG Removal tool, for the leftovers of AVG at: http://www.avg.com/us-en/download-tools Select: AVG Remover(32bit) 2011 (Version 2011.1322) Click on Run on the box that pops up and follow the prompts. Restart your computer completes removal of AVG. Next Download ComboFix from below: Combofix download * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. ---------------------------------------------------------------------------------------------

You can run IEFix without the CD. IEFix will continue with DLL registration part with no Windows CD... Also, try the following: Please visit the links HERE and HERE first to read about this new Microsoft tool! Then you can download and use: Microsoft Fix it Center Online Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist! It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you. Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones. Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support. Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report. Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions. Let me know after you had run all the troubleshooters on your pc if it corrected your problem.

Hi VirusPain and Welcome to Malwarebytes! Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper. --------------------------------------------------------------------------------------------- Please run the BitDefender QuickScan Beta You can use either Internet Explorer or Mozilla FireFox and Google Chrome for this scan. Accept the plug-in installation by clicking the bar above. From the contextual menu please choose 'Install ActiveX" control and you will be prompted to install the application. Once done, press the View Report link. Post that log in your next reply. Next Update Run Malwarebytes Launch Malwarebytes' Anti-Malware If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. In your next reply, please include these log(s): 1.BitDefender Report 2.MBAM log

As for the boot file? I have no ideal why it change the time frame. There are some older versions of Java and Adobe Acrobat Reader on your computer. These can be a source of the infection/infections. Go to Start > Control Panel > Add/Remove Programs. Please remove these entries from Add/Remove Programs in the Control Panel Adobe Reader 8.2.5 Java 6 Update 22 Restart your computer. Please go to the link below to update. Adobe Reader Uncheck Include in your download (optional Free McAfee Security Scan Plus or any other program. ) Next [ Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop. Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 25 - Click the Download button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Then from your desktop double-click on jre-6u125 -windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets Trace and Log Files [*]Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. [*]Click OK to leave the Temporary Files Window [*]Click OK to leave the Java Control Panel. To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml When all is well, you should see Java Version: 1.6.0_25 from Sun Microsystems Inc. ------------------------------------------------------------------- Malwarebytes should update and run now. That the infection is gone. Update Run Malwarebytes Launch Malwarebytes' Anti-Malware If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Try the below on your husband account. You'll be ask for your Windows CD. Also, . From a clean computer download the following tools to a flash drive. Or Copy to a USB/CD or other media to use on your husband account. 1. Download IEFix, unzip it to your Desktop, and run it. 2. Click the Apply button. 3. You'll be prompted for the Operating System CD or the Service Pack Files location: If you're using Windows XP, insert the Operating System CD. For OEM systems, point to the Operating System source path when prompted. If you've applied a Service Pack separately, you need to insert the Slipstreamed Operating System CD (if you have one) or point the installer to the ServicePack source path when prompted (see the image below). Mention the path as "C:\Windows\ServicePackFiles\i386" or "C:\Windows\ServicePackFiles" If you don't have the Windows installation CD, and if the installation source files are not present in the hard disk, you may click Cancel when you see a dialog similar to the image below. IEFix will continue with DLL registration part. Restart Windows.

DeFogger Download DeFogger by jpshortstuff from here & save it to your desktop. Right click DeFogger then choose Run as Administrator Or you can double-click to run the tool The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A Finished! message will appear Click OK DeFogger will now ask to reboot the machine - click OK. If not reboot your PC IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop. Do not re-enable these drivers until otherwise instructed. Next Run ComboFix as you did the first time. Allow it to update if it requests to do so. When finished, it shall produce a log for you. Post that log in your next reply.

Please remove these entries from Add/Remove Programs in the Control Panel (if present) J2SE Runtime Environment 5.0 Update 11 Java SE Runtime Environment 6 Update 1 With that done. Please let me how your computer is doing?

Regarding this entry in the log: There's a very good chance we'll need your Windows XP disc. ntfs.sys is a critical system core file. If we remove it, then your PC won't boot. So we need to replace this file with a clean copy. Let me know if you have Windows XP disc? Use your browser to go here at Virustotal website Click the Browse button and then navigate to c:\windows\system32\epmntdrv.sys then click the Submit button. The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply. Next Run CFScript Close any open browsers. Open Notepad by click start Click Run Type notepad into the box and click enter Notepad will open Copy and Paste everything from the Code box into Notepad: KILLALL:: SRPeek:: c:\windows\system32\drivers\ndis.sys TDL:: c:\windows\system32\drivers\ndis.sys RenV:: c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\ESET\ESET Smart Security\egui .exe c:\program files\Malwarebytes' Anti-Malware\mbam .exe c:\program files\Microsoft ActiveSync\wcescomm .exe c:\program files\PowerISO\PWRISOVM .exe c:\program files\Synaptics\SynTP\SynTPEnh .exe c:\windows\system32\rundll32 .exe c:\windows\system32\TCtrlIOHook .exe Save the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

One is part of frostwire and your ESET might was set to ignore any frostwire entries and the other is in System restore. We'll flush System restore points with OTM. As for Java. We'll deal with it in next post. We are almost done here. You have done a great job!!!! Please download the OTM by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Services :Reg :Files C:\Documents and Settings\Chris\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.3.windows.exe :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [Reboot] Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTM If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Combofix log resides in your C: Drive. Look for ComboFix.txt and post it please.

We still have some work to do with your PC. Download ComboFix from below: Combofix download * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. ---------------------------------------------------------------------------------------------

Dial-A-Fix had some errors, but your fine. You need to visit microsoft update site to install the latest patches and updates. When we are done... I strongly recommend you to remove Ask from your computer because it; Promoting its toolbars on sites targeted to kids. Promoting its toolbars through ads that appear to be part of other companies' sites. Promoting its toolbars through other companies' spyware. Installing without any disclosure whatsoever and without any consent whatsoever. Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link. Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit. See Here for more info. If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present. AskBarDis Then please find and delete this folder in bold (if present): C:\Program Files\AskBarDis There are some older versions of Java and Adobe Acrobat Reader on your computer. These can be a source of the infection/infections. Go to Start > Control Panel > Add/Remove Programs. Please remove these entries from Add/Remove Programs in the Control Panel Adobe Reader 9.4.4 Ask Toolbar Java 6 Update 23 Java 6 Update 5 Java 6 Update 7 Restart your computer. Please go to the link below to update. Adobe Reader Uncheck Include in your download (optional Free McAfee Security Scan Plus ) Next Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop. Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 25 - Click the Download button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Then from your desktop double-click on jre-6u125 -windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets Trace and Log Files [*]Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. [*]Click OK to leave the Temporary Files Window [*]Click OK to leave the Java Control Panel. To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml When all is well, you should see Java Version: 1.6.0_25 from Sun Microsystems Inc. ------------------------------------------------------------------- Next ESET Online Scanner Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here. Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. [*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! [*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. [*]Copy and paste that log as a reply to this topic. Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

No problem Jule... Just the C: drive is fine. At this point. Re-Run aswMBR Click Scan On completion of the scan Click the Fix for TDL4 Save the log as before and post in your next reply. Once you are done with that, please do the following: Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory. In your next reply, please include these log(s): 1.aswMBR log 2.TDSSKiller log

Your log is showing a lot of missing update windows files. Please download Dial-A-Fix from one of the following mirrors:Primary Mirror Secondary Mirror [*]Extract the zip file to your desktop. [*]Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click to continue. [*]Press the green double checkmark box (Looks like this: [*]UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this: [*] [*]Click on Go [*]Wait for Dial-A-Fix to finish (All the checks marks will be all gone) [*]Close Dial-A-Fix When your done with Dial-A-Fix. Run combofix again and post a fresh log please.

The leftovers of this is giving us a hard time, but we'll nip it... Copy everything inside the Code box below and paste it into Notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files". Save it as Firefox.bat on your desktop. @echo off set DataDir=C:\Users\%Joshua.Saliba%\AppData\Local\Mozilla\Firefox\Profiles del /q /s /f "%DataDir%" rd /s /q "%DataDir%" for /d %%x in (C:\Users\%Joshua.Saliba%\AppData\Roaming\Mozilla\Firefox\Profiles\*) do del /q /s /f %%x\*sqlite Locate Firefox.bat file on your Desktop and double-click on it A DOS box should open and close quickly, this is normal. Next Please click here to download Kaspersky Virus Removal Tool. Double click on the file you just downloaded and let it install. It will install to your desktop. After that leave what is selected and put a check next to My Computer. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails. Then click on Start Scan. Before it is done it may prompt for action regardless of the setting so choose delete if prompted. When the scan is done no log will be produced. Click on the bottom where it says Report to open the report. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad. You can save this on the desktop. Post the contents of the document in your next reply. Note: This tool will self uninstall when you close it so please save the log before closing it.

Well, there is more than one way to skin a cat, as we say. Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Click Exit on the Main menu to close the program. Next To clear your Java Cache. Click Start > Control Panel. In the Control Panel, double-click the "Java" icon in the control panel. The Java Control Panel then appears. Under the header "Temporary Internet Files", select the "Settings" button. Don't change any of the settings, then click "Delete Files". Next, the Delete Temporary Files dialog box appears. Make sure both boxes are ticked, and hit the OK button. Next Flush the DNS cache: Click the Start logo in the bottom left corner of the screen Click on Run In the command window copy/paste the following: ipconfig /flushdns Then hit enter. Exit the command window. Next. Restart your computer. Then do the following: Run CFScript Close any open browsers. Open Notepad by click start Click Run Type notepad into the box and click Enter Notepad will open Copy and Paste everything from the Code box into Notepad: FireFox:: FF - ProfilePath - c:\users\Joshua.Saliba\AppData\Roaming\Mozilla\Firefox\Profiles\pl383oqk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below. This will start ComboFix again. It may ask to reboot. Post the contents of ComboFix.txt in your next reply. Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Smile we are getting closer. Good job you done there! Please download the OTM by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Services :Reg :Files C:\Users\Joshua.Saliba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3bfa29c8-1a37d366 C:\Users\Joshua.Saliba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5a187610-2fb16efa C:\Users\Joshua.Saliba\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\2d85064e-4f34eedc C:\Users\Joshua.Saliba\AppData\Local\Mozilla\Firefox\Profiles\pl383oqk.default\Cache\F\DD\E3BFFd01 ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [Reboot] Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTM If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.