Search:

Hello :)

Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

Hello :)

Disable Windows Defender:

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
...

Hello :)

Disable Teatimer:

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident...

Hi and welcome to the forums. :)
I'm Markka and I will be helping you with your malware issues.

I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be...

Hello :)

Disable Teatimer:

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident...

Hi and welcome to the forums. :)
I'm Markka and I will be helping you with your malware issues.

I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be...

Still needing help?:euro: :spider:

Hello :)

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows except HijackThis and press fix checked.

O2 - BHO: (no name) -...

Hi and welcome to the forums. :)
I'm Markka and I will be helping you with your malware issues.

I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be...

Hello :)

All logs are clean! How is your computer running now?

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

You can...

Hello :)

Delete these files: (Using Windows explorer; Windows key +e)

C:\37.tmp
C:\WINDOWS\system32\kddlp.exe
C:\WINDOWS\system32\kddrd.exe
C:\WINDOWS\system32\kdjiu.exe...

Hello :)

Good job! Now re-run with kaspersky online scanner!

Post:
- A fresh HijackThis log
- Kaspersky's report

Hello :)

Re-scan again with Blacklight, when the scan is ready check the file and click "rename"

c:\WINDOWS\system32\kdxmp.exe
________________

Open HijackThis, Click Do a system scan only,...

Hello :)

Re-scan again with Blacklight, when the scan is ready check the file and click "rename"

You will need to rename these files one by one.

c:\WINDOWS\system32\dmremote.dll...

Hello :)


Please download F-Secure Blacklight (fsbl.exe) from here
Save into C:\ with a name of fsbl.exe
Go to Start -> Run
Copy and paste the contents of the below codebox into the run...

Hello :)

Please run an online scanner with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start...

Hello :)

Disable AVG Anti-Spyware resident shield

Disconnect from the internet.
Double-click on the AVG Tray Icon
Double-click on "AVG Resident Shield"
Uncheck "Turn on...

Hello :)

Rename HijackThis.exe to Scanner.exe by doing the following;

Navigate to here; C:\Program Files\Trend Micro\HijackThis
Right-click on the HijackThis.exe
Choose from the pull-down...

Hello :)

Start -> Run -> "%userprofile%\desktop\combofix.exe" /killall

Hello :)

Rename HijackThis.exe to Scanner.exe by doing the following;

Navigate to here; C:\Program Files\Trend Micro\HijackThis
Right-click on the HijackThis.exe
Choose from the pull-down...

Hi and welcome to the forums. :)
I'm Markka and I will be helping you with your malware issues.

I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be...

You're welcome! :bigthumb:

Hello :)

All logs are clean! How is your computer running now?


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

You can remove all...

Hello :)

Delete this file: (Using windows explorer; windows key +e)

C:\WINNT\plite731.exe

Empty this folder: (Using windows explorer; windows key +e)

C:\Documents and Settings\All...

Hello :)

Kaspersky online scanner works only with Internet Explorer!
Please run an online scanner with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from...

Hello :)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow...

Hello :)

Disable Teatimer:

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident...

Hello :)

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do...

Hi and welcome to the forums. :)
I'm Markka and I will be helping you with your malware issues.

I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be...

Hello :)

Re-download Combofix.exe and save it to your desktop. Then re-run it. After that Re-create the CFScript.txt and drag the CFScript.txt into the Combofix.exe

Kaspersky online scanner...

Hello :)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow...

Please post a fresh HijackThis log too :bigthumb:

Hello :)

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do...

Hello :)

Rename HijackThis.exe to Scanner.exe by doing the following;

Navigate to here; C:\Program Files\Trend Micro\HijackThis
Right-click on the HijackThis.exe
Choose from the pull-down...

Hi and welcome to the forums. :)
I'm Markka and I will be helping you with your malware issues.

I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be...

You're welcome! :bigthumb:

Hello :)

All logs are clean! :bigthumb:

Hello :)

Enable Teatimer:

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Check "Resident TeaTimer"...

The virus database of Kaspersky is bigger that the virus database of Norton. ;)

You're welcome! :bigthumb:

Hello :)

All logs are clean! How is your computer running now?

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

You can remove all...

Hello :)

Delete this folder:

C:\VundoFix Backups
__________________

Disable system restore:
Right click on my computer icon
Choose properties

Hello :)

You did good job :thumbup:

Update java:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java...

Hello :)

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of...

Hello :)

You have websites in your Internet Explorer Trusted Zone. These aren't malicious websites, however the security settings which apply to sites in the Trusted Zone are much more permissive...

Hello :)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow...

Hello :)

I recommend to uninstall the following items: (Via add/remove programs, in control panel)

FlashGet (<- Optional)
BitComet Toolbar
ADSTechnology
Megaupload Toolbar...

Hi and welcome to the forums. :)
I'm Markka and I will be helping you with your malware issues.

I'll check your HijackThis log. Right now I'm MRU Undergrad, everything that I post to you must be...

exporer.exe should be explorer.exe

Hello :)

I did a mistake and I can't edit my previous post :sad:


Where those files are located? If winlogon.exe is located in System32 folder then it is legitimate. exporer.exe is legitimate...

Hello :)

You didn't update java :( You should do it.
__________________


Where those files are located? If they are located in System32 folder, then you can allow them using internet....