chiaz

Jinkie, OK forget DDS for the moment. ================ Please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Also, if you cannot open MBAM, rename the file to XXX.exe before running it again. =================== Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Hey there, welcome. :) I do see malware in there, so your guess is not wrong. Also I'm moving this to the Malware Infection Removal forum. All right, a few more things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Go on to run ComboFix then. :)

Sorry I don't get what you mean. Maybe you can elaborate.

Yes, run it. It will prompt to disable your anti-virus programs (just like when you ran the scan), after which it will say ComboFix has been uninstalled.

Yes, I think your PC is all clean now. It's time to remove ComboFix. Go to to Start > Run Type in box combofix /uninstall Note: the space between the X and the /uninstall Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. And, also you're welcome Will. As you probably know a donation is not required, but would be greatly appreciated. I thank you in advance of the staff here. :)

You probably don't have one. Go on with running the tool.

Hi Dred, Let's get your PC all checked for malware shall we? A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) ======== First, please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ====== Now let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Hi Jinkie, A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please download DDS and save it to your desktop from here or here or here. Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs DDS.txt Attach.txt Copy/Paste the contents of 'DDS.txt' to be posted as text to your post. The Attach.txt file should be attached and uploaded to your post. When posting your reply, Attach.txt may be attached by clicking the [Manage Attachments] button. It's located under [Additonal Options] on the composition page. Browse to where you saved the file, and click Upload.

Hi TehIrishViking, I do see some malware in your log. A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) First, please run HijackThis and place a tick by the following entries: O2 - BHO: precisead - {099350fd-4ce9-7086-34f7-d75a4bd52dd8} - C:\WINDOWS\system32\nsp70.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: precisead search enhancer - {CAC33A64-7623-A982-5173-1488D5E3065C} - C:\WINDOWS\system32\bvfeuahxtqc.dll (file missing) Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer. ================= Next please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ===================== Now let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

It is likely that your PC is clean now, but I would like a confirmation before we really send you off. :D Try this scanner instead? Kaspersky Online Scanner 7.0

Yes that is normal. This gives you an option to use the Recovery Console if there is a problem with even booting your PC. Skip the VirusTotal/Jotti scan and go on with the Panda ActiveScan.

Looks like that removed a ton of stuff. Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis: c:\WINDOWS\system32\winpl77.dll Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see later in your next reply. If Jotti is busy, please go to http://www.virustotal.com. ================================================= Then go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your reply, along with the Jotti/VirusTotal results.

Hi clueless, I definitely see malware in there. A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include MBAM log, C:\ComboFix.txt and a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

I'm sorry, it was my mistake. I did not have you run the above mentioned tool. Well I believe your computer is clean now and you are all set to go unless you want me to get someone to take a look at your remaining problems if any.

Yes, I believe this is true. It's time to remove ComboFix. Go to to Start > Run Type in box combofix /u Note: the space between the X and the /u Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore.

When I said "going away", I didn't mean you (and I) would have to stay at the computer the entire time this whole process is going to take. Some people, thinking that their malware is gone, stop checking the thread for replies, or go 'missing' for weeks. This is the situation I was referring to.

I see nothing wrong with your HijackThis log Jacwat, but it is not a thorough scanner. Let's have you go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply.

OK, A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) ========================== First download Malwarebytes' Anti-Malware by clicking the link below: |MG| Malwarebytes Anti-Malware 1.41 Download Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ==================== Then download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please copy and paste the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Mtav, Would you like us to help check if your system is entirely clean?

I missed out this...can you navigate to and delete this folder: f:\documents and settings\All Users\Application Data\WildTangent I think our work is done here - your PC should be clean now. It's time to remove ComboFix. Go to to Start > Run Type in box combofix /u Note: the space between the X and the /u Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. Even if you have no more queries, I would appreciate if you can reply once more to this thread so that I will be able to have this archived. Thanks. :)

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. First, please close any open browsers. Go to Control Panel > Add/Remove Programs and uninstall the following programs if found: WildTangent WildGames GamesBar Kiwee Toolbar Reboot your computer if you did manage to uninstall any applications. Next, 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the text in the quotebox below into it: Folder:: f:\program files\WildGames f:\program files\GamesBar f:\documents and settings\User\Application Data\WildTangent f:\documents and settings\All Users\Application Data\Kiwee Toolbar f:\program files\Kiwee Toolbar Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=- [-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [-HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}] [-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1] [-HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}] [-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar] Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

Hey there. :) Launch MalwareBytes' Anti-Malware and check for definition updates. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Happppppppppy birthday!!! :D

Your system appears clean to me. Head back to that thread and let them know that malware isn't the cause. :) Let's remove ComboFix. Go to to Start > Run Type in box combofix /u Note: the space between the X and the /u Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore.