Starbuck

Hi Dave, The scans we ran showed no malware, but there is another scan we can run. If this comes back clean, i'd say it's either a software or hardware issue. Let's take a look. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista, you may not see these screens Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

When you press the f11 key during bootup, you should see prompts on the screen... just follow the prompts to roll you system back to how it was when first bought. Don't forget that you will need to run all the microsoft updates again as these will have been removed. Once you have installed an anti virus and probably MalwareBytes Anti Malware..... Insert the usb stick with you files on. Click Start >> My Computer and right click on the icon for the usb stick and select 'scan with'. You should be able to select either MBAM or your Anti Virus to scan the usb stick.

Hi igrek001, Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl [2009.12.09 00:05:41 | 000,002,377 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wyeke127.xml [2010.03.07 22:57:33 | 000,000,000 | ---D | M] (Wyeke) -- C:\Program Files\Mozilla Firefox\extensions\{4CFC8387-5FB1-47C1-8AA4-5B7B906A591E} O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_sa_us.dll File not found O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.) O33 - MountPoints2\{64f62da2-96af-11dd-8251-00173fd65f11}\Shell - "" = AutoRun O33 - MountPoints2\{64f62da2-96af-11dd-8251-00173fd65f11}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{64f62da2-96af-11dd-8251-00173fd65f11}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found [2010.04.04 12:04:09 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml [2008.10.09 06:05:14 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini :commands [emptytemp] [purity] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click 'Select'. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Recommendation. SuperAntiSpyware doesn't need to start when Windows starts. You can start it manually when you need to do a scan. To change this: Restart SuperAntiSpyware... Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'. Then click Close. and then Close on the next screen to exit the program. In your next reply, please submit: Otl fix report and let me know how things are running. Thanks.

Hi Dave, These are infected emails which you have deleted, but still haven't emptied the 'Deleted Items' folder. Empty that folder and all will be well. Your malware issue seems to be resolved now. Let's finish off. Step 1 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will remove any programs we have asked you to download along with there associated folders.. plus itself. Note: MBAM will not be removed Step 2 Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. When you uncheck a disk you will be presented with a screen. You should click on the Turn System Protection Off button. Click Apply and then OK. Reboot your computer. Now: Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. Click Apply and then OK. Your System restore will now be active again... starting with a new restore point. To find out how you may have been infected....read this topic: So how did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir Avast free Bitdefender Free MS Security Essentials ... see note* Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below Outpost Firewall Free Sunbelt Personal Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: CCleaner TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

Hi kwikimart, Ok, that seems to be enough info. Now look at this, from your OTL report: something isn't right with your system. It may well be a file infector, in which case, we are on a hiding to nothing. I'd already said that the system was heavily infected. It seems your system has a recovery partition. It should be available if you press the f11 key during bootup. If you want to get any saved files off the system before that.... it would be a good idea to back them up. Remember to check any files that you may want to put back on the system with an Anti Virus protector once it's been recovered. This is your best option i'm afraid to say.

Can you let me have the extra.txt as well. It'll have been saved in the same location as the main.txt Thanks

Hi kwikimart What is the make and model of your pc?

Hi Dave, Ok, let's try this then: Step 1 Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click 'Select'. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Step 2 McAfee can cause allsorts of problems when trying to run scans, let's get it disabled before running Step 3: To disable your McAfee security programs please refer to the clip below. http://img.photobucket.com/albums/v666/sUBs/mcafee_disable.gif Please don't forget to retrace the steps to re-enable McAfee after running the scan. Step 3 Please do an online scan with Kaspersky WebScanner. Notes Java must be installed and enabled for the scan to work. Disable your computer's antivirus program as leaving it active will cause conflicts Close ALL programs and windows except for your browser Please go to Online Kaspersky Scan and perform an online antivirus scan. Read through the Requirements and limitations statement and click on the Accept button. You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions. When the downloads have finished, the scrolling window will show 'Database is updated. Ready to scan'. Click on the Settings button at the bottom left. Make sure these boxes are checked/ticked. If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases[*] Click on My Computer under Scan on the left. OK any warnings from your protection programs.[*] Go for a long walk. Please be patient and let the scanner finish. It is better that you do NOT use the computer while the scan is running. Keep all other programs/windows closed.[*] Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.[*] Click on Save Report As... and change the Files of type to Text file (.txt) [*] Name the file KAVScan-ddmmyy before clicking on the Save button. Save the report to a convenient place - for example the Desktop.[*] Please post this log in your next reply. Note - enable your antivirus program before browsing away from the Kaspersky site. Go to the Desktop and double-click on the Kaspersky report KAVScan-ddmmyy.txt, it will open in Notepad Click Edit > Select all then Edit > Copy Reply to this thread and paste (Ctrl+V) the report. Thanks

Hi igrek001 Please let me have the rest of the report. Thanks.

Hi nuley, Did you update MBAM? This morning i ran an update and the present Database Version is 3952 Which means it's been updated 22 times since you updated it. Please try again so that we have an up to date scan report. If this comes back all clear, we can start to finish off. Thanks.

Try running the System File Checker now and let me know how it goes.

Hi Dave Thanks for that. There's nothing really bad showing in the reports but we'll do a little cleaning and then see if an online scan shows anything. P2P Warning Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme. Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use. When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections. You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation. If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you. Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl O4 - HKLM..\Run: [] File not found O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) [2010/03/21 21:22:41 | 000,032,256 | ---- | M] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini @Alternate Data Stream - 76 bytes -> C:\Users\Dave\Documents\LimeWire:Roxio EMC Stream :commands [emptytemp] [purity] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 I'd like you to do an ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt In your next reply, please submit: Otl fix report Eset scan report Thanks.

Hi Dave , Although i do have 'Word' installed and can open the attachments..... it's very difficult to read them properly. Please add the reports as .txt files ( notepad files) it's a lot easier to read. Thanks.

Hi kwikimart Ok, there's obviously more issues going on here. If this doesn't work ( which it may not as you don't have an OS disc) i hope you have a recovery partition. As the only hope will be to reformat and reinstall. Try running the System File Checker (SFC) to scan all protected files to verify their versions. If SFC discovers that a critical system file has been damaged, altered or missing, it restores the correct version of the file from the cache folder. You must be logged on as an administrator or as a member of the Administrators group to run sfc and it may ask you to insert your XP Installation CD ..so have it available. Use Task Manager ... New Task... and type: sfc /scannow Make sure that you include a space between the c and /. This command will initiate the Windows File Protection service to scan all protected files, verify their integrity, and replace any problem files. Sometimes it will ask for the disc, sometimes it doesn't. Let's keep our fingers crossed.

Hi Igor, Let me have the new reports from OTL and i'll check them through. How is the system behaving generally?

Hi kwikimart Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure you include the first lot of : ) :Otl SRV - (Wind0wsSrv) -- File not found SRV - (ODBC_Server_2009) -- File not found SRV - (kstationA) -- File not found SRV - (IocationA) -- File not found SRV - (IDESRv) -- File not found SRV - (wcsv) -- C:\Program Files\WebCompass\wcsv.dll () SRV - (mgsv) -- C:\Program Files\Mplus\mgsv.dll () O2 - BHO: (WebCompass Search Class) - {2D3BA117-A67B-4BE3-B692-A0F399E7EBC3} - C:\Program Files\WebCompass\wc_src_1m.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Mplus Search Class) - {8EA9A253-227C-4b03-9DD7-A138E8600430} - C:\Program Files\Mplus\mg_src_1g.dll () O2 - BHO: (WebCompass Reward Class) - {EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90} - C:\Program Files\WebCompass\wc_rwd_1p.dll (Datawave System Inc) O2 - BHO: (WebGuide Class) - {F90BB714-01B6-438B-8993-F6E46ACBFA24} - c:\program files\WebGuide\webguide7a_C.dll File not found O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found O33 - MountPoints2\{05c9ea7a-0a69-11de-9c00-000c762886fc}\Shell - "" = AutoRun O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell - "" = AutoRun O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found [2010-03-26 00:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\WebCompass :Files C:\Program Files\Mplus c:\program files\WebGuide :commands [emptytemp] [purity] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. Step 2 Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. Click on Start >> Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here. In your next reply, please submit: Otl fix report TDSSKiller.txt Btw: Do you have a windows XP installation disc, if we need it? Thanks.

Hi DRogers Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Step 2 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 3 Download OTL to your desktop. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM scan report Both reports from OTL Thanks.

Hi, Just saw this post be chance.... didn't get a notification for some reason. Let me go through your OTL reports.... i'll post a fix based on what we can see at the moment. Once the fix is run, it may help us with other programs. Back ASAP.

A http://fc09.deviantart.net/fs29/f/2008/080/b/5/Happy_Easter_by_luminos_star.gif to everyone.

http://fc06.deviantart.com/fs27/f/2008/184/4/2/Happy_Birthday_Flag_by_Chaosbrazer.gif Barry, Hope your day went well.

Hi nuley, Happy Easter to you. Actually that doesn't look too bad. These are files that Combofix has already removed. (qoobox, is the name of the CF quarantine folder) These are infected restore points, which we would have expected after an infection like this. We clear all the restore points when we finish the cleaning process anyway. ( so these would have been removed at the end) There is now a newer version of MBAM. Let's get that updated and run a scan with the new version.... if that comes back clean, we can finish off. Please update MBAM and run another scan: Start MBAM Click on the Update tab http://img.photobucket.com/albums/v708/starbuck50/mbam1.png Click Check for Updates http://img.photobucket.com/albums/v708/starbuck50/mbam2.png If it says that MBAM needs to close to update it... let it close and then restart it. Then click the Scan button. Don't forget: Thanks.

it should be your treat :) But nice if you can get away with it. Hope you both have a good time. I'm going to get one of the other mods to take a look at your last questions.... this really isn't in my field. I'll get one of them to reply to you. Please bare with me.

Hi Judy, Seems a lot of people are having problems with the new version of MBAM. Here's the link to the whole forum: Malwarebytes Forum -> General Malwarebytes' Anti-Malware Forum did you read this part: I have MBAM on 3 systems and have had no problems with the new version.......... yet!

if it runs, it's ok..... try it. try this and see if you get the desktop icons: If you can get into 'Task Manager'... click on File >>> New Task in the window that comes up type or copy and paste this in: %UserProfile%\desktop then click Ok. It may work. Let me have the combofix report if you get it.

Hi Jim, It may need the software reinstalling, if you don't have a copy of the software, try this: VIA Technical Support FAQ - VIA Technologies, Inc.