chiaz

It's time to remove ComboFix. Go to to Start > Run Type in box combofix /uninstall Note: the space between the X and the /uninstall Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. Even if you have no more queries, I would appreciate if you can reply once more to this thread so we can be sure all your problems are truly resolved. Thanks. :)

Now that's rather sticky.... How about this? Free Online Virus Scan | BitDefender Online Scanner Make sure you use Internet Explorer.

Remove all that was found by MBAM. Then download Dr. Web to the desktop: Dr.Web CureIt! — ??????? ????????? ?????????! ??????? ???????, ?????? ?????????? ?????????! Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: PC Hell: How to Start Windows in Safe Mode Doubleclick the drweb-cureit.exe file. It will then suggest to run an expressscan -- this you should allow. After this (Dr.Web writes "Select object for Scanning" at the Bottom-left), you click Options->Change settings. Choose the "Scan"-tab, remove the mark at "Heuristic analysis". Choose the "Actions"-tab, and choose "Rename" under all the Malware-issues. Back at the main window, you should now mark the drives that you want to scan (a red dot shows which drives have been chosen). Click the green arrow at the right, and the scan will start. The first time Dr.Web finds something, you click "Yes to All", and it will after this automatically fix what is found. After the scan: Close Dr.Web. Click Start->search, find the following file: CureIt.log, and copy the last lines of this log into the thread (starting with: Scan statistics).

OK....let's have you go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply, as well as let me know how your PC is running now.

Thanks Randy.

You have to save ComboFix to your desktop. Right now it seems to be running from a separate drive altogether. Also you did not install the Recovery Console. You are reminded that that this guide should be followed to the letter. A guide and tutorial on using ComboFix Thanks.

Rename eauxx.exe to eauxx.exr How's your PC running at this point in time?

Hello, A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Post this log in your reply, along with a fresh HijackThis log. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Try Kaspersky's scanner instead. http://www.kaspersky.com/kos/english/kavwebscan.html

Did you follow my instructions to the letter here? http://extremetechsupport.com/forum/malware-infection-removal/8714-computer-acting-its-own-accord.html#post60470 For clarity's sake, this is the text you have to copy in: KILLALL:: Folder:: c:\documents and settings\All Users\Application Data\save time iso data\ Driver:: odui7gxa

Yea please have that file deleted (or at least renamed) if you do not recognize it. How's your PC running now?

Hi delevy, A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Also you may have to download the files from your son's desktop before copying them to your infected PC to run. ======================= First download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* again and copy/paste the text in the quotebox below into it: File:: c:\windows\cnerolf.dat Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. Replace the original CFScript.txt if it's still there. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply, before going on to do the following. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.* ========================= Next let's have you go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply.

OK...do you actually recognize what this program is? c:\windows\pixart\pac7302\monitor.exe

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the red text in the quotebox below into it: [color="Red"]KILLALL:: Folder:: c:\documents and settings\All Users\Application Data\save time iso data\ Driver:: odui7gxa[/color] Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply, as well as a new HijackThis log. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis: c:\eauxx.exe Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see later in your next reply. If Jotti is busy, please go to http://www.virustotal.com.

Hi Tom, Randy is absolutely right about the P2P programs...they are likely to be the source of infections for you. Also, there is indeed a small remnant left from a Norton product, but it is not causing any conflicts so we'll deal with that later. ===================== Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the red text in the quotebox below into it: [color="red"]Folder:: c:\documents and settings\Tom\Local Settings\Application Data\enkedn[/color] Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

OK....let's have you go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply.

Go to Control Panel > Add/Remove Programs and uninstall anything related to IWin Games. Reboot your PC, then navigate to and delete the following file if still present: c:\users\rita\desktop\new folder (2)\files\p\polly pride - pet detective.exe As well as this folder: c:\program files\iwin games\ ===================== Next go to http://virusscan.jotti.org , click on Browse, and upload the following files for analysis: You will only be able to have one file scanned at a time. c:\windows\pixart\pac7302\monitor.exe c:\program files\common files\ahead\lib\nerocheck.exe Then click Submit. Allow the files to be scanned individually, and then please Copy/Paste the results here for me to see.

I do see some indication of malware in your log. A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the text in the quotebox below into it: Driver:: Rdptecia Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply later. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.* ========================= Next please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis: c:\windows\cnerolf.dat Then click Submit. Allow the files to be scanned, and then please Copy/Paste the results here for me to see, along with the ComboFix.txt. If Jotti is busy, please go to http://www.virustotal.com.

Please run HijackThis and place a tick by the following entries: O4 - HKUS\S-1-5-21-758658292-1448399802-4154073810-1004\..\Run: [fjwtwaar] C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\sqegic\uxolsysguard.exe (User 'HelpAssistant') O4 - HKUS\S-1-5-21-758658292-1448399802-4154073810-1004\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0 (User 'HelpAssistant') O4 - HKUS\S-1-5-21-758658292-1448399802-4154073810-1004\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\y7pvb6g.exe (User 'HelpAssistant') O4 - HKUS\S-1-5-21-758658292-1448399802-4154073810-1004\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\JAMIEP~1\LOCALS~1\Temp\winlogon.exe (User 'HelpAssistant') Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis. Now navigate to and delete the following files if they exist: C:\Documents and Settings\Jamie Panico\Local Settings\Temp\winlogon.exe C:\Documents and Settings\Jamie Panico\Local Settings\Temp\y7pvb6g.exe C:\Documents and Settings\Jamie Panico\Local Settings\Temp\ntload.dll And also this folder: C:\Documents and Settings\Jamie Panico\Local Settings\Application Data\sqegic\ Then restart your PC. Post a fresh HijackThis log in your reply.

It's OK. Have you completed the MBAM scan yet? If yes, post the log here, as well as a fresh HijackThis log for my perusal.

Do you recognize this program? enkedn

As mentioned: