JSntgRvr

I believe you are cleared. The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well. SpywareBlaster - Great prevention tool to keep nasties from installing on your system. ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes. Best wishes!

Detections are quarantined files. Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.) To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (Windows XP) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK.. Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools. Follow these steps to uninstall Combofix. Click START then RUN Now copy and paste Combofix /Uninstall in the runbox and click OK. Launch OTL and click on the Cleanup button. Follow the prompts. Empty Norton's quarantined files. Create a Restore point: Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. In the System Restore dialog box, click Create a restore point, and then click Next. Type a description for your restore point, such as "After Cleanup", then click Create. How is the computer doing?

Lets check for remnants. Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. Please do an online scan with Kaspersky WebScanner Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0. Upgrading Java : Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18. Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")

Please read the following through carefully so that you understand what to do. Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.) "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file. It may ask you to reboot the computer to complete the process. Allow it to do so. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. Please do an online scan with Kaspersky WebScanner Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0. Upgrading Java : Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18. Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")

Launch and update Malwarebytes' Anti-Malware. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. Please do an online scan with Kaspersky WebScanner Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0. Upgrading Java : Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18. Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")

No detections found in those files, congratulations. Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.) To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (Windows XP) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK.. Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools. Follow these steps to uninstall Combofix. Click START then RUN Now copy and paste Combofix /Uninstall in the runbox and click OK. Please download OTC by OldTimer. Save it to your desktop. Please double-click OTC.exe to run it. (Vista users, please right click on OTC.exe and select "Run as an Administrator") This will delete the tools we used in the removal of malware, including this program. If you are asked to reboot to complete the removal process then please do so Upon restart, manually remove any remaining tools. Create a Restore point: Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. In the System Restore dialog box, click Create a restore point, and then click Next. Type a description for your restore point, such as "After Cleanup", then click Create. The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well. SpywareBlaster - Great prevention tool to keep nasties from installing on your system. ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes. Best wishes!

Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop** If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". [*]During the download, rename Combofix to Combo-Fix as follows: [*]It is important you rename Combofix during the download, but not after. [*]Please do not rename Combofix to other names, but only to the one indicated. [*]Close any open browsers. [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- [*]Double click on combo-Fix.exe & follow the prompts. [*]Install the Recovery Console if prompted. [*]When finished, it will produce a report for you. [*]Please post the "C:\Combo-Fix.txt" . **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop. Double click GMER.exe. If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan.. Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Ensure that only the following are CHECKED ... IAT/EAT Devices Processes Threads Drives/Partition other than Systemdrive (typically C:\) [*] Then click the Scan button & wait for it to finish. [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" [*]Save it where you can easily find it, such as your desktop and post its contents in your next reply. **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Combofix created a zipped file in the C:\Qoobox\Quarantine folder labeled in the form of [4]-Submit_Date_Time.zip. Please have this file uploaded to the following location: http://www.bleepingcomputer.com/submit-malware.php?channel=4 Indicate a link to this address and let me know when ready.

No help there. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop** Please, never rename Combofix unless instructed. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- [*]Double click on combofix.exe & follow the prompts. [*]Install the Recovery Console if prompted. [*]When finished, it will produce a report for you. [*]Please post the "C:\ComboFix.txt" . **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Hi, dickawest Lets try Combofix. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop** Please, never rename Combofix unless instructed. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- [*]Double click on combofix.exe & follow the prompts. [*]Install the Recovery Console if prompted. [*]When finished, it will produce a report for you. [*]Please post the "C:\ComboFix.txt" . **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Lets try another scanner. Download OTS.exe by OldTimer to your Desktop. Close any open browsers. Double-click on OTS.exe to start the program. Leave all settings as they appear as default, except for the following: Under File Age, select 30. Under Drivers, select "All". Under Registry, select "All". Under Additional Scans, click on the "Extras" button. Under the Custom Scan box paste this in netsvcs %SYSTEMDRIVE%\*.* /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles [*]Now click the Run Scan button on the toolbar. [*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes. [*]When the scan is complete Notepad will open with the report file loaded in it. [*]Save that notepad file Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).

Hi, helpmePLS Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. OTL should now start. Change the following settings Change Drivers to All Change Standard Registry to All Under File Scans, change File age to 30 [*]Under the Custom Scan box paste this in netsvcs %SYSTEMDRIVE%\*.* /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles [*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL. Please post the contents of these files in your next reply.

I wasn't sure you were able to connect after combofix. If you still unable, follow these stepsL Enter your Control Panel and double-click on Network Connections Then right click on your Default Connection Usually Local Area Connection for Cable and DSL, or AOL Connection. [*]Left click on Properties [*]Double-Click on the Internet Protocol (TCP/IP) item [*]Select the radio dial that says Obtain DNS Servers Automatically [*]Press OK twice to get out of the properties screen Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line: netsh int ip reset C:\Resetlog.txt netsh winsock reset catalog ipconfig /flushdns (The space between g and / is needed) Exit Restart the computer. Try to connect.

Make sure you have an internet connection. Copy the entire contents of the Quote Box below to Notepad. Name the file as CFScript.txt Change the Save as Type to All Files and Save it on the desktop Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report. When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. Please do an online scan with Kaspersky WebScanner Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0. Upgrading Java : Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18. Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")

Hi, mskumar1233 Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop** Please, never rename Combofix unless instructed. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- [*]Double click on combofix.exe & follow the prompts. [*]Install the Recovery Console if prompted. [*]When finished, it will produce a report for you. [*]Please post the "C:\ComboFix.txt" . **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Timing is very important. This infection may affect your ability to logon. Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste. Click the red Run Fix button. The computer will restart A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply. Upon reboot, follow these steps: Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted. OTL should now start. Change the following settings Change Drivers to All Change Standard Registry to All Under File Scans, change File age to 30 [*]Under the Custom Scan box paste this in %systemroot%\system32\*.dll /lockedfiles [*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL. Please post the contents of these files in your next reply.

Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste. Click the red Run Fix button. The computer will restart A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply. Upon reboot, follow these steps: Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted. OTL should now start. Change the following settings Change Drivers to All Change Standard Registry to All Under File Scans, change File age to 30 [*]Under the Custom Scan box paste this in %systemroot%\system32\*.dll /lockedfiles [*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL. Please post the contents of these files in your next reply.

Hi, dickawest Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. OTL should now start. Change the following settings Change Drivers to All Change Standard Registry to All Under File Scans, change File age to 30 [*]Under the Custom Scan box paste this in netsvcs %SYSTEMDRIVE%\*.* /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles [*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL. Please post the contents of these files in your next reply.

Hi, SixTea7 Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE). Here is what you need to do. Two programs to download First Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps. Second Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download. When downloaded double click and this will then open ISOBurner to burn the file to CD Boot the Non working computer using the boot CD you just created. In order to do so, the computer must be set to boot from the CD first Note : For information click here Your system should now display a REATOGO-X-PE desktop. Double-click on the OTLPE icon. When asked "Do you wish to load the remote registry", select Yes When asked "Do you wish to load remote user profile(s) for scanning", select Yes Ensure the box "Automatically Load All Remaining Users" is checked and press OK OTL should now start. Change the following settings Change Drivers to All Change Registry to All Under the Custom Scan box paste this in %SYSTEMDRIVE%\*.* /md5start Explorer.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys /md5stop %systemroot%\*. /mp /s %systemroot%\System32\config\*.sav [*]Press Run Scan to start the scan. [*]When finished, the file will be saved in drive C:\OTL.txt [*]Copy this file to your USB drive. [*]Please post the contents of the C:\OTL.txt file in your reply.

You should be able to boot in Normal Mode now. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop** If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". [*]During the download, rename Combofix to Combo-Fix as follows: [*]It is important you rename Combofix during the download, but not after. [*]Please do not rename Combofix to other names, but only to the one indicated. [*]Close any open browsers. [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- [*]Double click on combo-Fix.exe & follow the prompts. [*]Install the Recovery Console if prompted. [*]When finished, it will produce a report for you. [*]Please post the "C:\Combo-Fix.txt" . **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

It is an infection that rips files' permissions and creates mountpoints to block everything in your computer. The Access Denied you are experiencing with Rootrepeal is an example of the type of problems it creates. Also your access to Explorer.exe. The infection is newtralized but it may leave the file's permissions borked.

Personal files need no signature. So you will be safe there. I would recommend AVAST as an Anti-Virus. The full version of Malwarebytes's Anti-malware is a good investment. MBAM is kept up-to-date, so it will keep you protected against new variants. Concerning RootRepeal, download this program and save it to your desktop. Drag and drop Rootrepeal on to Inherit.exe, then wait for it to say "OK". Try to remove Rootrepeal. Keep me posted

Hi, jkim. Congratulations. Detections are quarantined files and files backed-up by Windows. Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.) To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (Windows XP) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK.. Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools. Follow these steps to uninstall Combofix. Click START then RUN Now copy and paste "c:\documents and settings\Soup\Desktop\Combo-Fix.exe" /Uninstall in the runbox (including the quotation marks) and click OK. Launch OTL and click on the Cleanup button. Follow the prompts. Go to Start -> Run, copy and paste the following command (including the quotation marks) and press Enter: "%Userprofile%\desktop\maxlook.exe" -cleanup Manually remove the rest of tools. Create a Restore point: Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. In the System Restore dialog box, click Create a restore point, and then click Next. Type a description for your restore point, such as "After Cleanup", then click Create. Something that I am concern in your system is that lots of files lost their signature. You can read about file signatures here. I have consulted with colleagues and they have suggested reinstall SP3. I have never had to do this, so the outcome is uncertain. The SP3 package is a whopped 316.4 MB download. I will give you the steps provided by Microsoft to remove SP3 and the download link. I would suggest you backup your personal documents, in case something goes wrong. Here are the instructions: Download Windows XP Service Pack 3 to your desktop: Uninstalling Service Pack 3 (SP3) Click Start, and then click Run. Copy and then paste the following command in the Open box, and then press ENTER: appwiz.cpl Click to select the Show Updates check box. Click Windows XP Service Pack 3, and then click Remove. Click Finish to restart the computer after the removal process is complete. Reinstalling Service Pack 3 Navigate to the Service Pack 3 installation package on your desktop and click on it. Click Express . Click "I Accept" on the installation window after reading the terms and conditions and install the program. Follow the prompts thereafter Restart your computer. Let me know about your decision and/or outcome.