Kenny94

Okay, move on to exeHelper as in my instructions and Update and Run Malwarebytes.

Hi lmb, It's me again. Okay, I know you ran unhide.exe, but remove it and download unhide again: Please download and run in normal mode UnHide.exe by Grinler. Once finished let me know if (desktop items and others) are back? Next We need to look at some information about what is going on in your computer: Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pif [*]Double click on the DDS icon, allow it to run. [*]A small box will open, with an explanation about the tool. [*]When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt [*] Save both reports to your desktop. [*] The instructions here ask you to attach the Attach.txt. [*]Instead of attaching, please copy/past both logs into your Thread [*]Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

This infection is giving us a hard time. Well, there is more than one way to skin a cat, as we say. Please do the following

Hi theliteratesims and Welcome to Malwarebytes! Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com) There are two different versions. If one of them won't run then download and try to run the other one. Vista and Windows 7 users need to right-click and choose Run as Administrator You only need to get one of them to run, not both of them. Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com) There are two different versions. If one of them won't run then download and try to run the other one. Vista and Windows 7 users need to right-click and choose Run as Administrator You only need to get one of them to run, not both of them. eXplorer.exe - WiNlOgOn.exe Note: If your security software warns about Rkill, please ignore and allow the download to continue. Once you've gotten one of them to run then try to immediately run the following: Please download exeHelper from one of the two links. Link 1 Link 2 Double-click on exeHelper.com or exeHelper.scr to run the fix. A black window should pop up, press any key to close once the fix is completed. Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com) Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file). Next Update Run Malwarebytes Launch Malwarebytes' Anti-Malware If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please copy and paste this post to a new text document or print it for reference later. Please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select Safe Mode with Networking and press Enter. ILogin as the same user you were previously logged in at. Download TDSSKiller and run it in safe mode with-networking.Please post this log in your next reply.

Did ComboFix run at any point? Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory.

Download ComboFix from below: Combofix download * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. ---------------------------------------------------------------------------------------------

Hi cmfitzgerald We need to look at some information about what is going on in your computer: Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pif [*]Double click on the DDS icon, allow it to run. [*]A small box will open, with an explanation about the tool. [*]When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt [*] Save both reports to your desktop. [*] The instructions here ask you to attach the Attach.txt. [*]Instead of attaching, please copy/past both logs into your Thread [*]Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

The reviews by the users gives Clickfree a good rating. I use the Seagate below: http://www.seagate.com/www/en-us/products/external/freeagent/portable-hard-drive/ For backups. I see it's on sale for $69.99.

Hi mrsingh and Welcome to Malwarebytes! We need to look at some information about what is going on in your computer: Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pif [*]Double click on the DDS icon, allow it to run. [*]A small box will open, with an explanation about the tool. [*]When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt [*] Save both reports to your desktop. [*] The instructions here ask you to attach the Attach.txt. [*]Instead of attaching, please copy/past both logs into your Thread [*]Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt Next Please Download Rootkit Unhooker Save it to your desktop. extract RKUnhooker to your desktop Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file - you can get a free one from here - http://www.7-zip.org/ Now double-click on RKUnhookerLE.exe to run it. Click the Report tab, then click Scan. Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK. Wait till the scanner has finished and then click File, Save Report. Save the report somewhere where you can find it. Click Close. Copy the entire contents of the report and paste it in a reply here. Note** you may get this warning it is ok, just ignore "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?" "just click on Cancel, then Accept". In your next reply, please include these log(s): 1.DDS.txt 2.Attach.txt 3.RKU log

This PC is fine. Be sure to remove Adobe Reader and Java. Install the latest. Like you did with your other PC.

I strongly recommend you to remove Ask from your computer because it; Promoting its toolbars on sites targeted to kids. Promoting its toolbars through ads that appear to be part of other companies' sites. Promoting its toolbars through other companies' spyware. Installing without any disclosure whatsoever and without any consent whatsoever. Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link. Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit. See Here for more info. If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present. AskBarDis Then please find and delete this folder in bold (if present): C:\Program Files\AskBarDis Note: You should removeFrostWire. P2P (peer-to-peer) using P2P software is very risky, because it makes you very susceptible to infection, attack, exposure of personal or company information. But this is up to you to remove FrostWire. Click Start Go to Control Panel Go to Add/Remove Programs Find and click Remove for the following (if present): Ask Toolbar FrostWire 4.20.9 Search Toolbar Restart the computer,then: Update Run Malwarebytes Launch Malwarebytes' Anti-Malware If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Hi julez and Welcome to Malwarebytes! When you come back please do the following. By the way, we'll keep your topic open for the next 10 days... Please download aswMBR from here Save aswMBR.exe to your Desktop Double click aswMBR.exe to run it Click the Scan button to start the scan as illustrated below Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Once the scan finishes click Save log to save the log to your Desktop Copy and paste the contents of aswMBR.txt back here for review

"if so, do i first need to click on the 100 or so update hyperlinks for IE per secunia's scan?" It best that you do. You should be able to update http://www.windowsupdate.com Without the IE updates. I received your donation. Again, thank you..

There are some older versions of Java and Adobe Acrobat Reader on your computer. These can be a source of the infection/infections. Go to Start > Control Panel > Add/Remove Programs. Please remove these entries from Add/Remove Programs in the Control Panel Adobe Reader 7.0 Java 2 Runtime Environment, SE v1.4.2_03 Java

Defraggler is a good one to! Not really since you use firefox. Some of my friends use windizupdate and/or addon/windowsupdate add on: https://addons.mozilla.org/en-us/firefox/addon/go-to-windizupdate/#reviews https://addons.mozilla.org/en-us/firefox/addon/windowsupdate/ I don't use firefox. I mainly use Google Chrome. So I never tried these add ons...

I would change any financial site passwords. To be on the safe side. ATF cleaner and CCleaner are similar. As for Combofix. Please do the below: To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer: Save it to your Desktop. Double click OTC.exe. Click the CleanUp! button. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

You might want to use ATF for firefox: Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. By the way, You might want to remove the Registry cleaners you have installed... They are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance. For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great. Further reading: XP Fixes Myth #1: Registry Cleaners http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

As for Firefox. What happens when you open it?

dllhost.exe is fine in your case. Dial-A-Fix and the clean up replaced some of the windows files that was missing. We'll deal with firefox and Acorbat Reader in the next post. The one file is in System restore. We'll Flush your System Restore points. Your Computer is Clean Some final items: Follow these steps to uninstall Combofix and tools used in the removal of malware Please press the Windows Key and R on your keyboard. This will bring up the Run... command. Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /) Please follow the prompts to uninstall Combofix. You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself. This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again. Here are some additional links for you to check out to help you with your computer security. Browsers Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust) NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Additional Security Measures Secunia software inspector & update checker Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash. Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer. Visit My Blog for Malware and Spyware Tips

Your fine with Java. How is your PC doing?

Looks much better! You can install AVG. If your not happy with AVG? I use: Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support. There are some older versions of Java on your computer. These can be a source of this infection. [ Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop. Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 25 - Click the Download button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u125 -windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets Trace and Log Files [*]Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. [*]Click OK to leave the Temporary Files Window [*]Click OK to leave the Java Control Panel. To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml When all is well, you should see Java Version: 1.6.0_25 from Sun Microsystems Inc. ------------------------------------------------------------------- Next Delete your copy of DDS from you desktop. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pif [*]Double click on the DDS icon, allow it to run. [*]A small box will open, with an explanation about the tool. [*]When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt [*] Save both reports to your desktop. [*] The instructions here ask you to attach the Attach.txt. [*]Instead of attaching, please copy/past both logs into your Thread [*]Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Please use the ADD REPLY button when replying, thanks Smile we are getting closer. Good job you done there... Dial-A-Fix might give you a lot errors, just ignore them and continue. Then run CFScript, but after you run Dial-A-Fix first. Please download Dial-A-Fix from one of the following mirrors:Primary Mirror Secondary Mirror [*]Extract the zip file to your desktop. [*]Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click to continue. [*]Press the green double checkmark box (Looks like this: [*]UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this: [*] [*]Click on Go [*]Wait for Dial-A-Fix to finish (All the checks marks will be all gone) [*]Close Dial-A-Fix Next Run CFScript Close any open browsers. Open Notepad by click start Click Run Type notepad into the box and click enter Notepad will open Copy and Paste everything from the Code box into Notepad: KILLALL:: Driver:: bfastfao File:: c:\docume~1\PAULRU~1\LOCALS~1\Temp\bfastfao.sys Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] ReglockDel:: [HKEY_USERS\S-1-5-21-2533880093-1066840779-2804358638-1006\Software\Microsoft\SystemCertificates\AddressBook*] Save the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply. Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Download AppRemover and run it. Click Next >> Ensure "Remove Security Application" is collected and click Next >> AppRemover will scan all the security applications on your PC Select Any AVG entries from the applications offered and click Next >> twice. Follow any further on-screen instructions. If asked to reboot,please do so. Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

Hi Okay, we still have some work to do. Download ComboFix from below: Combofix download * IMPORTANT !!! Place combofix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. ---------------------------------------------------------------------------------------------