chiaz

Hello Elaine, Please download Malwarebytes' Anti-Malware by clicking the link below: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Hi Erika, welcome to the forum. I have split your thread from the one you posted at. This way, things can be kept more organized and you will have a thread of your own. A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please download Malwarebytes' Anti-Malware by clicking the link below: http://www.besttechie.net/tools/mbam-setup.exe Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include MBAM log, C:\ComboFix.txt and a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Yes please.

OK using the same means: Please download Malwarebytes' Anti-Malware by clicking the link below: http://www.besttechie.net/tools/mbam-setup.exe Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Hello. :) A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) OK first I need to ask how you were able to get HijackThis running since you mentioned you cannot see your desktop or use Windows Explorer?

Panda ActiveScan does take some time to complete. Try Kaspersky Online Scanner instead, and copy and paste the scan report in your next post.

OK, now: Download: CCleaner (freeware) |MG| CCleaner Slim 2.24.1010 Download Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar). Once installed, run CCleaner click the Windows [tab] The following should be selected by default, if not, please select: http://i210.photobucket.com/albums/bb164/jedi_030/CCleanerA.png Next: click Options click the Settings tab Uncheck: "Only delete files older than 48 hrs.", click Ok Then click Run Cleaner (bottom right) then Exit Next, please go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply. Also let me know what other problems you are experiencing now.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the text in the quotebox below into it: Driver:: bed231b btsc6d5 crl9444 dtsb44e ehf9f23 fgf0625 fih96d2 gqo69a0 htrf884 jkia364 jmk0b9f lkjc280 ntr5541 pfef197 qedc204 qqp4897 rec45cf tcbc210 File:: C:\WINDOWS\system32\sdra64.exe c:\windows\system32\149523544.sys c:\windows\system32\drivers\bed231b.sys c:\windows\system32\drivers\btsc6d5.sys c:\windows\system32\drivers\crl9444.sys c:\windows\system32\drivers\dtsb44e.sys c:\windows\system32\drivers\ehf9f23.sys c:\windows\system32\drivers\fgf0625.sys c:\windows\system32\drivers\fih96d2.sys c:\windows\system32\drivers\gqo69a0.sys c:\windows\system32\drivers\htrf884.sys c:\windows\system32\drivers\jkia364.sys c:\windows\system32\drivers\jmk0b9f.sys c:\windows\system32\drivers\lkjc280.sys c:\windows\system32\drivers\ntr5541.sys c:\windows\system32\drivers\pfef197.sys c:\windows\system32\drivers\qedc204.sys c:\windows\system32\drivers\qqp4897.sys c:\windows\system32\drivers\rec45cf.sys c:\windows\system32\drivers\tcbc210.sys Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply, as well as a new HijackThis log. Note that you posted the same HijackThis log in your last post. I will need you to run a new scan with HijackThis this time round. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

If it doesn't work, don't sweat over it. You can attach the reports to your next reply.

Hello Whiterose. :) I do see an infection in your log. And to copy and paste the log: When the Notepad file opens, simply select all by pressing Ctrl+A. Then proceed to copy (Ctrl+C) before pasting it in your reply (Ctrl+V). A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) ========================== First download Malwarebytes' Anti-Malware by clicking the link below: |MG| Malwarebytes Anti-Malware 1.41 Download Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ==================== Then download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please copy and paste the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

I don't see any more malware on your system. It's time to remove ComboFix. Go to to Start > Run Type in box combofix /u Note: the space between the X and the /u Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. Are you still have any issues Nicky?

There are two things you need to set up a website: domain name and web hosting. The latter is of higher priority. You need to get a web host. There are many available, do some research on Google and check out reviews on these web hosting providers before making any form of financial commitment. Also there are different packages available and the cost varies according to the type of package that you choose to take up. Of course, there are some providers that offer 'free hosting', but be aware there are various limitations, such as not allowing scripts, file size limitations, etc. Usually once you sign up for your web host, they will offer you a free sub-domain. This means that if the domain provider is xxx.com, they may provide you with a domain name such as yourdomainname.xxx.com, or xxx.com/yourdomainname. However, this may not fit your needs as it may be deemed as less than professional. Hence you may want to get your own .com (or .net, .info, .org, etc) domain. This usually costs around USD$10. I use NameCheap as my domain name provider, others may have other opinions. There is a wealth of information out there on starting your own website, so Warren you will need to look and read up on this. If you have any questions, please feel free to ask as we are here to help. :)

That's not my area of expertise, but I have heard good reviews on TrueCrypt. It is free.

Give this a try... Download HostsXpert Here and unzip it to your desktop. Next, open HostsXpert Make sure that the "make hosts writable?" button in the upper right corner is checked Now, click on 'back up Host files' then click on 'Restore orginal host files' Finally, close HostsXpert. Maybe others will have more to suggest if this doesn't work.

Put simply, Administrative Shares is something you don't usually use outside a corporate environment. They are designed for remote access support. Disabling Administrative Shares do mitigate some security risks. Disabling Administrative Shares is usually done via registry editing, but that can be dangerous if you are not familiar with the registry. This tool should do the trick: Enable/Disable Automatic Administrative Shares =========== I don't see anything malicious in your ComboFix log. Download: CCleaner (freeware) |MG| CCleaner Slim 2.24.1010 Download Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar). Once installed, run CCleaner click the Windows [tab] The following should be selected by default, if not, please select: http://i210.photobucket.com/albums/bb164/jedi_030/CCleanerA.png Next: click Options click the Settings tab Uncheck: "Only delete files older than 48 hrs.", click Ok Then click Run Cleaner (bottom right) then Exit Now, run a full scan with MBAM and post the new log here.

OK Nicky just post back here when done.

I think our work is done here - your PC should be clean now. It's time to remove ComboFix. Go to to Start > Run Type in box combofix /u Note: the space between the X and the /u Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. ======= Did you type the full URL, aka http://www.aol.com? This is because your default search URL is set as Yahoo, and if the browser does not recognize what you're typing into the URL box, it would consider it as a search and would redirect to Yahoo search pages.

OK can I see the Panda ActiveScan log once the scan is complete?

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the text in the quotebox below into it: File:: c:\programdata\SPL7EE9.tmp Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply later. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.* ========== Next go HERE to run Panda ActiveScan 2.0 Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply, along with the ComboFix.txt.

Have you tried restarting your PC yet? Do you have your Vista disc with you?

Nicky, One benefit I think you will get out of formatting (besides the assurance) is that once you have formatted and re-installed all your favourite programs and documents, you can make a back-up of the PC's current state. That way, you don't have to worry much if a situation warrants similar treatment again. With that said, I think your PC can still be cleaned up, since I don't think the problem here is a rootkit or anything too nasty. So it's really your choice.

Hey Nicky, That article by Tootech is a good read. OK since you intend for us to clean this PC up, let's have you download ComboFix.exe. This shouldn't be foreign to you, I believe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include C:\ComboFix.txt for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Did you decide to remove AskBar? Also your ComboFix log is unreadable. This is caused by having Word Wrap checked. 1. Click Start > All Programs > Accessories > Notepad 2. On the menu bar in Notepad select Format and click on WordWrap so it appears un-checked and then post Combofix report again. Thank you. :)

Hey Nicky and Steve, Sorry to see you back here so fast. But let's try to get this solved shall we. OK as the guys suggested, if you have ever used this computer for shopping, banking, or any transactions relating to your financial well being: Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers. From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to. DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information. Take any other steps you think appropriate for an attempted identity theft. While all the above steps may help in some way, the surest way you can make sure your PC is clean is a complete format, especially since you engage in financial transactions using the PC. Not saying that we can't attempt to clean the PC though - let me know your decision and we will proceed according to both your wishes. :)

Hello caskin. :) Can I know if any programs (.exe files) currently work? Can you try renaming the HijackThis installer, and MBAM.exe and see if they can run?