Superbad virus !

[Rebel]

Got a REALLY bad Virus on my comp, is called QVO6. I don't want to take it out myself, I know about the registry and all that, but would far rather have a malware tool get rid of it. I was thinking of either installing Spyhunter or
Bitdefender Plus, have a preference for Bitdefender as it's got such great reviews, Any advice bout these two virus pros , for or againstwould be great, Thanx !

 

[Punk]

I would suggest posting in the Computer Security section of the forum. JohnB35 will take care of your virus

 

[johnb35]

Moved to the correct section.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.


Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[Rebel]

Hi John, Thanx for the info, however, unfortunately, this particular virus is so
aggressive that " Malwarebytes Anti malware " didn't even touch it. Downloaded ok, and found 1 infection, but QVO's filthy hijacking homepage and screen saver are ~ Still, on my comp...... I'm begining to despair .....

 

[Rebel]

Got this from Malwarebytes log

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Dell D531 :: DELLD531-PC [administrator]

Protection: Enabled

19/05/2013 19:23:12
mbam-log-2013-05-19 (19-23-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210207
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Dell D531\Desktop\bundleSetup.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

(end)


~~~~~~~~~


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Dell D531 :: DELLD531-PC [administrator]

Protection: Enabled

19/05/2013 19:43:06
mbam-log-2013-05-19 (19-43-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209663
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
~~~~~~~~~~~~~


2013/05/19 19:21:33 +0100 DELLD531-PC Dell D531 MESSAGE Starting protection
2013/05/19 19:21:33 +0100 DELLD531-PC Dell D531 MESSAGE Protection started successfully
2013/05/19 19:21:33 +0100 DELLD531-PC Dell D531 MESSAGE Starting IP protection
2013/05/19 19:22:20 +0100 DELLD531-PC Dell D531 MESSAGE IP Protection started successfully
2013/05/19 19:22:42 +0100 DELLD531-PC Dell D531 MESSAGE Starting database refresh
2013/05/19 19:22:42 +0100 DELLD531-PC Dell D531 MESSAGE Stopping IP protection
2013/05/19 19:22:44 +0100 DELLD531-PC Dell D531 MESSAGE IP Protection stopped successfully
2013/05/19 19:22:49 +0100 DELLD531-PC Dell D531 MESSAGE Database refreshed successfully
2013/05/19 19:22:49 +0100 DELLD531-PC Dell D531 MESSAGE Starting IP protection
2013/05/19 19:23:00 +0100 DELLD531-PC Dell D531 MESSAGE IP Protection started successfully
2013/05/19 19:33:25 +0100 DELLD531-PC Dell D531 MESSAGE Starting protection
2013/05/19 19:33:25 +0100 DELLD531-PC Dell D531 MESSAGE Protection started successfully
2013/05/19 19:33:25 +0100 DELLD531-PC Dell D531 MESSAGE Starting IP protection
2013/05/19 19:33:37 +0100 DELLD531-PC Dell D531 MESSAGE IP Protection started successfully

 

[johnb35]

Please post the hijackthis log so I know what the next course of action is.

 

[Rebel]

Hi again, I have attempted several times to install " Hijackthis " on the infected computer, but on each occassion I get a set up wizard and only two choices to either click
~ Repair or ~ Remove ( the installation )

I decided to try the same installation on the computer I am now using ( an old dell lap top which is on its last legs ! ) " Hijack this " installed on this comp without a hitch ! . But I simply cannot get past the ~ Click ~ Repair or ~ Remove, when I attempt to place this on the infected computer !

 

[Rebel]

O.k , Managed to get the " Hijackthis " icon on the desktop of my infected comp, but it will not allow me to get to edit, When I click on " Do a system scan and lsave a logfile, the logfile appears, but then is immediately covered by a pop -up which says - " For some reason your systen deniedwrite access to the host's file. If anyhijacked domains are in this file, Hiack may not be able to fix this ...

says a lot more, do you need me to type everything in the pop up ?

Basically I cannot get past this to copy the contents ...

 

[Rebel]

P.S - When I delete that pop-up, another pop-up appears from " Notepad "
it says, " Cannot find the C:\program files ( x86 ) \ Trend Micro \ HijackThis\
highjackthis.logfile,
Do you want to create a new file ? "

 

[johnb35]

Please follow the instructions again, this time pay attention the writing in red. You must run as administrator.

 

[Rebel]

I click on the writing in red ( top bar ) and the log comes up perfectly on notepad, on the old comp which I'm presently using., but refuses to come up on the infected comp. The notepad remains inaccesable.

I have tried - Start - run - ~ notepad c:\windows\system32\drivers\etc\hosts
and pressed enter, ( as advised by pop-up ) but still wont work

The account is ~ Administrator, on both comps. They are both Dell computers.

The ONLY way I have been able to get a print up of the Log, which has been completely successful ( to my surprise,first time done this... ) is by pressing the ~ Prnt Scrn , key, then saving the print throgh Microsoft office in Picture Manager. I then saved this as an attachment to my email and sent it to myself ( through another email provider ) Opens fine and clear using the zoom.

Would it be ok for me to send this through to your email, please ? As I cannot get it onto the forum.....

 

[Punk]

I click on the writing in red ( top bar ) and the log comes up perfectly on notepad, on the old comp which I'm presently using., but refuses to come up on the infected comp. The notepad remains inaccesable.

I have tried - Start - run - ~ notepad c:\windows\system32\drivers\etc\hosts
and pressed enter, ( as advised by pop-up ) but still wont work

The account is ~ Administrator, on both comps. They are both Dell computers.

The ONLY way I have been able to get a print up of the Log, which has been completely successful ( to my surprise,first time done this... ) is by pressing the ~ Prnt Scrn , key, then saving the print throgh Microsoft office in Picture Manager. I then saved this as an attachment to my email and sent it to myself ( through another email provider ) Opens fine and clear using the zoom.

Would it be ok for me to send this through to your email, please ? As I cannot get it onto the forum.....

To run as administrator go on the Hijackthis launch icon and right click-> Run as administrator.

If this doesn't do anything, host your picture on some free pic hosting website like photobucket.com for example.

 

[johnb35]

Right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the hijackthis desktop icon.

Again, all you had to do was reread my instructions that I had highlighted in red when I instructed you to run hijackthis.

 

[Rebel]

OMG ! I'm staggered, it worked ! Many thanx 4 the tip !

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:59:44, on 20/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?s...retb&v=2_5&u=E76EE8B7297682433480C951968D5B13
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8252 bytes

 

[Rebel]

P. S I downladed ~ " Hitman Pro " just a few minutes ago.
It found

1 Trojan as follows : wordpad-windows-downloader.exe
c:\users\D531\ Downloads\

1 Malware as follows : mlv_ar_qvo6.exe
c:\users\Dell D531\AppData|Local\Temp\

I clicked delete.......


but the blasted virus thing is STILL there !

 

[johnb35]

http://www.computerforum.com/221423-how-remove-pop-up.html#post1863459

Follow my post there to run combofix. I can't post specific instructions as I'm on my phone at work right now.

 

[voyagerfan99]

I'll help ya out John.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[voyagerfan99]

Also download and run this program

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

 

[Rebel]

Thanx 4 that Voyager, ! I'm getting ready for the mammoth task
Before I start, one or two queries.

A ) I recently installed Hitman pro, it's a 30 day free trial version. I don't want to uninstall it, unless absolutely necessary. Could you give me details of how to disable it, please ? I also, have AVG ( free edition 2013 ) will I have to delete AVG and reinstall ? Not sure if the free version can be disabled...

B ) Do I need to put my comp into ~ Safe Mode ? I ~ Really, don't want to as safe mode screen irks me a bit...... again, if you advise ~ Safe mode,
I will use it, just asking if it's really important to use it, or not ?


C ) Crikey, the thought of using Combofix is scary ! hope I'm up to the challenge ! Wish me all the best ...... I'm getting my crash helmet out, just incase

 

[johnb35]

Get rid of hitman pro as its only a 30 day trial. You don't need to uninstall avg, just go Into the advanced settings and disable resident shield.

Safe mode isn't required at this time.