Crush

LanneyD, Hello and welcome to Extreme Tech Support - Free PC Help. I'm Crush and I will be guiding you through your disinfection process. There are some steps we need to complete before disinfection can begin. 1. Set System and Hidden files and folders to show: For Vista: Click the (Vista Icon) and click on Computer. Click Organize and click on Folder and Search Options. Click on the View tab. Un-check the Hide Protected Operating System Files (Recommended) box. Under Hidden files and folders, click Show hidden files and folders. If you see a warning message, click Yes. Click Apply. Click OK. For XP: Right-Click My Computer choose Explore, click on Tools, Folder Options. Click the View tab. Place a tick next to Display content of System folders, (answer OK to warnings) Under Hidden files and folders, click Show hidden files and folders. If you see a warning message, click Yes. Click Apply. Click OK. For 98/2000/ME: Double-click the My Computer icon Click on the View menu, click Folder Options Advanced Settings box, under the "Hidden files" folder, click Show all files. If you see a warning message, click Yes. Click Apply. Click OK. 2. Disable System Restore to prevent re-infection. (If you have/use it.) Vista: Click the (Vista Icon) and right click on Computer and select Properties. Click on System Protection (click OK if you are prompted with a warning). Un-check all of the boxes in the list of Available Disks for Automatic Restore Points. Click Apply. Click OK. WinXP. Click the Start button. Right-click My Computer, and then click Properties. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives. WinME. Click Start > Settings > Control Panel. Double-click the System icon. If the System icon is not visible, click View all Control Panel options to display it. On the Performance tab, click File System. On the Troubleshooting tab check Disable System Restore. Click OK. Click Yes when you are prompted to restart Windows. After all that is done please follow up with the following: 3. Download and Run HijackThis! (HJT) from Trend Micro First download the newest version of HijackThis! from either Bleeping Computers or Trend Micro Save the file to your desktop, when you run HJT make sure that you install it into it's own folder, otherwise it will install as a temp location and will not give you accurate information. Click on Run Scanner and Save a Log File When it has finished, a text file will have been saved, copy and paste the entire log back into your thread. Do not attempt to fix anything yourself with HijackThis! it can cause very serious damage to your computer and programs Then: 4. Run both these programs. Please download Malwarebytes' Anti-Malware from one of these places: |MG| Malwarebytes Anti-Malware 1.31 http://www.besttechie.net/tools/mbam-setup.exe Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, navigate to the Update tab and click Check For Updates. It will then download the latest updates for you * Now navigate back to the Scan tab * Select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ================================================== =================================== Next, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages . http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. Double-click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://i254.photobucket.com/albums/hh103/velta911/RcAuto1.gif Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://i254.photobucket.com/albums/hh103/velta911/whatnext.png Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the HJT log prior to everything, MBAM log, C:\ComboFix.txt, and HJT log after running everything in your next reply.