kevinf80

CKScanner log is not correct, four (4) entry lines are missing. Post full log please....

We continue: 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the Codebox below into it: ClearJavaCache:: Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Let me see those logs, give an update on any current issues or concerns... If these logs are clean we can go for SP3 update.. Kevin...

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, Make sure that everything is checked, and click Remove Selected on any found items. Post the produced log Next, Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe Important - Save it to your desktop. Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7). Give permission if necessary, and click Search For Files. After a very short time, when the cursor hourglass disappears, click Save List To File. A message box will verify the file saved. Please run the program once only. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply. Let me see those logs.. fixlist.txt

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Double click zip file and extract to your Desktop: you will now have 3 versions of the tool on the Desktop: Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open: Copy and paste the following script from the code box and paste into the field. Chromelook;CHRdefaults;autoclean;emptyclsid; Select the "Run Script" tab. The following window will open: Please be patient and do not use the PC when the scan is in progress. When complete you maybe asked to re-boot your PC, if so please do Post the produced log in your next reply…..

Can you follow the instructions here: https://support.google.com/chrome/answer/113907?hl=en for Google Chrome extension removal Remove two of the extensions I posted, leave the one you trust... Restart Chrome see if that make any difference

These extensions are present in Chrome, do you recognize or need them? CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Users\Shaggy\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx CHR HKLM\...\Chrome\Extension: [jgceplfonlgodadnpognljgdjlcnpjnh] - C:\Program Files\NetRatingsNetSight\NetSight\meter1\extension.crx CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\Shaggy\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx

OK we clean up and then see how your system responds... We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself.. OK, we continue: Delete any fixlist.txt file previously used, continue: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. Next, Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST Next, Remove ESET Online Scanner (Only if installed) Click Start, click Run, type control appwiz.cpl in the Open box, and then press ENTER. Click to select ESET Online Scanner from the application list, and then click Remove. Only re-boot if prompted Next, Remove Combofix now that we're done with it Please press the Windows Key and R on your keyboard. This will bring up the Run... command. Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/") Please follow the prompts to uninstall Combofix. You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself. The above procedure will delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen. Next, Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop. Double click icon to start the program. If you are using Vista or Windows 7 accept UAC Then Click the big button. You will get a prompt saying "Begining Cleanup Process". Please select Yes. Restart your computer when prompted. This will remove tools we have used and itself. Any tools/logs remaining on the Desktop or downloads folder can be deleted. Let me know if those steps complete, also if any remaining issues or concerns.. Kevin fixlist.txt

Does that happen on a specific browser or all browsers you have installed

Not exactly sure what you mean, what site do you refer to and what links are you using... back in 15 mins, off for a coffee...

Hello and P2P/Piracy Warning: Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin

Thanks for that log, I can get more or less the same information I was after from Security Checks. All looks good.. Do you have any remaining issues or concerns?

Did you re-boot while Combofix was still running? If so please run it one more time, have patience CF scan time can be excessive if dealing with a stubborn infections

ESET log is OK, as Security Checks will not run can you post the second log from FRST, it will be named addition.txt and saved in the same place FRST was run from. I have asked for this previously in replies #2 and #8

That is good news, If all is ok with no issues here are some tips to reduce the potential for malware infection in the future: Make proper use of your antivirus and firewall Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important. You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own. Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system. WinPatrol features explained here http://www.winpatrol.com/features.html Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install) If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important Use a safer web browser Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives: FireFox http://www.mozilla.com/en-US/, Opera http://www.opera.com/, and Chrome http://www.google.com/chrome. All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer. These browser add-ons will help to make your browser safer: Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones: Available for Firefox and Internet Explorer. Green to go, Yellow for caution, and Red to stop. Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing. These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article: http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm Here a couple of links by two security experts that will give some excellent tips and advice. So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/ How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s. Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint. Let me know when its OK to close out your thread.... Take care, Kevin

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run) http://oldtimer.geekstogo.com/OTM.exe. http://www.itxassociates.com/OT-Tools/OTM.com http://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes... Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles :Filesnetsh winsock reset /cC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\staged\{8ccc74ba-5e85-fa2d-ebe4-67c3fa9a174b}\components\SmartbarFireFoxRemotePlugin_20.dllC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\staged\{8ccc74ba-5e85-fa2d-ebe4-67c3fa9a174b}\components\SmartbarFireFoxRemotePlugin_21.dllC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\staged\{8ccc74ba-5e85-fa2d-ebe4-67c3fa9a174b}\components\SmartbarFireFoxRemotePlugin_22.dllC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\staged\{8ccc74ba-5e85-fa2d-ebe4-67c3fa9a174b}\components\SmartbarFireFoxRemotePlugin_23.dllC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\staged\{8ccc74ba-5e85-fa2d-ebe4-67c3fa9a174b}\components\SmartbarFireFoxRemotePlugin_24.dllC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\{8ccc74ba-5e85-fa2d-ebe4-67c3fa9a174b}\components\SmartbarFireFoxRemotePlugin_20.dllC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\{8ccc74ba-5e85-fa2d-ebe4-67c3fa9a174b}\components\SmartbarFireFoxRemotePlugin_21.dllC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\{8ccc74ba-5e85-fa2d-ebe4-67c3fa9a174b}\components\SmartbarFireFoxRemotePlugin_22.dllC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\{8ccc74ba-5e85-fa2d-ebe4-67c3fa9a174b}\components\SmartbarFireFoxRemotePlugin_23.dllC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\{8ccc74ba-5e85-fa2d-ebe4-67c3fa9a174b}\components\SmartbarFireFoxRemotePlugin_24.dllC:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\jjj6nsln.default\extensions\{906000a4-88d9-4d52-b209-7a772970d91f}\chrome\content\dealplyshopping.xulC:\Documents and Settings\George\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000457C:\Documents and Settings\George\My Documents\Downloads\LimeWireWin(4).exeC:\Documents and Settings\George\My Documents\Downloads\LimeWireWin(5).exeC:\Documents and Settings\George\My Documents\Downloads\xfire_setup (1).exeC:\Documents and Settings\George\My Documents\Downloads\xfire_setup (2).exeC:\Documents and Settings\George\My Documents\Downloads\xfire_setup (3).exeC:\Documents and Settings\George\My Documents\Downloads\xfire_setup (4).exeC:\Documents and Settings\George\My Documents\Downloads\xfire_setup (5).exeC:\Documents and Settings\George\My Documents\Downloads\xfire_setup.exeC:\Documents and Settings\Juanita\Local Settings\Application Data\Torch\User Data\Default\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol\5.0.0.7254_0\lib\default-config.jsC:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0160791.dllC:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0160792.exeC:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0160793.exeC:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP291\A0160794.exeC:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP297\A0162001.dllC:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP297\A0162002.dllC:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP330\A0225787.dllC:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP330\A0225788.dllC:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP335\A0227272.dll:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Next, Adobe Reader is outdated... Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader Step 1 - Select your Operating System. Step 2 - Select your Langauge. Step 3 - Select latest version. Untick the option for any security scanner or toolbar if offered. Download and install. Having the latest updates ensures there are no security vulnerabilities in your system. Let me see the log from OTM, also let me know if there are any remaining issues or concerns.. Kevin

OK, when you have access to your PC on return try the following: Check for proxy server settings in your browser, the following are the most common used. Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok. Chrome: Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself. Kevin

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run) http://oldtimer.geekstogo.com/OTM.exe. http://www.itxassociates.com/OT-Tools/OTM.com http://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes... Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles :Filesipconfig /flushdns /cC:\Users\wendyredrum\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJO70QYL\RadioRage.exe:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If the machine reboots, the Results log can be found here: c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Next, Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Upgrading Java: Go to http://java.com/en/ and click on "Do I have Java" It will check your current version and then offer to update to the latest version Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it. ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. How is your system responding now, also are there any remaining issues or concerns... Your AV program is showing outdated, that will need updating ASAP Kevin

Did you run ESET online AV, is there a log? Also same with Security Check...

Yes please do remove all entries and post the new log.. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Please also be aware of Forum protocol regarding P2P/Piracy Warning:

Malwarebytes was very busy. Re-run Malwarebytes again, this time use the Full scan option. When that completes post the log... Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Next, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me see those logs. Also tell me if there are any remaining issues or concerns.. Kevin

OK, post back when ready. When you mention the proxy issue is that through a specific browser or all browsers.. Firefox, Internet Explorer or Chrome...

Yes please re-run Malwarebytes and remove those entries, Next, Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :- http://download.bleepingcomputer.com/sUBs/ComboFix.exe Ensure that Combofix is saved directly to the Desktop <--- Very important Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask. Close any open browsers and any other programs you might have running Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator) Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended. *EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted) Post the log in next reply please... Kevin

Yep ESET scan is very thorough and can take several hours, post back when you`re ready.... 12:45 am local time for me, been a long day.

OK if you trust that program then I guess it can be left alone. Run the following scans: Download Junkware Removal tool from this link: http://www.bleepingcomputer.com/download/junkware-removal-tool/ Save to your desktop. Shut down your Security Protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator. Follow prompts as they come. The tool will open and start scanning your system. (Press any key when prompted to continue) Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post JRT.txt to your next message. Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the add/on to be installed Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Finally, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Post those logs, let me know of any remaining issues or concerns...

What do think of Bleeping Computer feedback, do you tell me that is your program and can be trusted.