122 replies to this topic

[Stevo]

...any help/advice would be greatly appreciated. If I click on My Documents or My Music, it can take up to 10 minutes for the folder to open. CLicking on My Computer takes about 20 mins to open............

I've added a Rogue Killer report that I did before reading what was required, so I've added that anyway.....

Thanks in advance.

Attached Files

•  a2scan_120621-172156.txt   668bytes   47 downloads
•  RKreport1.txt   2.06K   44 downloads
•  OTL.Txt   72.79K   111 downloads
•  Extras.Txt   39.76K   44 downloads

[ShadowPuterDude]

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1
Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  See HERE for help
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

• ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[Stevo]

Still hasn't resolved the issue of folders like my music taking up to 10 minutes to open, tho it did find three infections.

Attached Files

•  CFlog.txt   20.05K   36 downloads

[ShadowPuterDude]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:

• Download the latest version of JRE 7 Update 5.
• Click the "Download JRE" button to the right.
• Accept the license agreement.
• Click on the download link for your system and save it to your desktop. Users of Windows Vista/7 64-bit can install both the 32-bit and 64-bit JRE without conflicts.
  Windows x86 Offline (jre-7u5-windows-i586.exe)
  Windows x64 (jre-7u5-windows-x64.exe)
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")

The installed version of Adobe Reader on this computer is out-dated. Install the latest version of Adobe Reader available from Adobe.

The installed version of Adobe Flash Player ActiveX control on this computer is out-dated. Using Internet Explorer, install the latest version of Adobe Flash Player ActiveX available from Adobe.

Using Add or Remove Programs in the Control Panel; uninstall the following:

Java(TM) 6 Update 22
Java(TM) 6 Update 31

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTLO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery presentO33 - MountPoints2\{819ee075-c3bd-11df-9155-002433e7cfb0}\Shell - "" = AutoRunO33 - MountPoints2\{819ee075-c3bd-11df-9155-002433e7cfb0}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{819ee075-c3bd-11df-9155-002433e7cfb0}\Shell\AutoRun\command - "" = G:\Startme.exe[2012/06/17 14:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{FD7CAB3E-E895-4E98-9D68-A307CC601204}:Commands[Purity][EmptyTemp][EmptyFlash][EmptyJava][Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[Stevo]

Right, all kinds of trouble happening. It won't let me install Adobe Flash Player as it says 'The user does not have sufficient privileges to install AFP' (I am running as admin)
I had to update to IE8, which now hangs & won't load. I can't install AFP from here because of that.
I managed to update Java, thought I would try OTL anyway, left it on for approx 10 hours with no movement.
Need more help please.

[Stevo]

Strange that, after attempting to install AFP from Opera for the umpteenth time, rather than unticking the box to say I don't want Google Chrome installed I left it ticked & it installed no problem. will try & kick on with your instructions, though IE is still stalled.

[ShadowPuterDude]

OK, try this OTL fix instead:

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

[2012/06/17 14:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{FD7CAB3E-E895-4E98-9D68-A307CC601204}



:Commands

[Purity]

[EmptyTemp]

[EmptyFlash]

[EmptyJava]

[Reboot]

[Stevo]

Tried the new OTL fix, still no joy, left it running for over 12 hours & no progress. I must be doing something wrong. It is still set to minimal output, should I change that back to it's default or is that okay? It just basically hangs, it say's 'killIng processes DO NOT INTERUPT' how long is the process supposed to take? I may be being impatient. Sorry about this.

[ShadowPuterDude]

Something is interfering with OTL. Let's take a look for a MBR RootKit.

Read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Double-click on TDSSKiller.exe to run the application.
  
  
• Click Change parameters
  
  
• Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  
  
• Click on the Start Scan button to begin the scan and wait for it to finish.
  NOTE: Do not use the computer during the scan!
  
• During the scan it will look similar to the image below:
  
  
• When it finishes, you will either see a report that no threats were found like below:
  
  
  If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  
• If any infection or suspected items are found, you will see a window similar to below:
  
  
  • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
  • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
  • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
• Click Continue to apply selected actions.
  
• A reboot may be required to complete disinfection. A window like the below will appear:
  
  Reboot immediately if TDSSKiller states that one is needed.
  
• Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  
• Attach this log to your next reply.

[Stevo]

Here's the TDSSKiller log:

Attached Files

•  TDSSKiller.2.7.41.0_24.06.2012_17.19.28_log.txt   91.16K   36 downloads

[ShadowPuterDude]

No MBR RootKit. Changing tools.

Download avz4.zip from here

• Unzip it to your desktop to a folder named avz4
• Double click on AVZ.exe to run it.
• Run an update by clicking the Auto Update button on the Right of the Log window:
• Click Start to begin the update

Note: If you receive an error message, chose a different source, then click Start again

• After the update, from the "File" menu, choose "Standard Scripts"
• Put a check next to item 2: Advanced System Investigation
• Click Execute selected scripts
• At the next prompt, click the OK button
• Let the scan run and click "OK" when the completion prompt pops up
• Now Close out of the Standard Scripts window, and exit AVZ
• Navigate to the avz4 folder and locate the folder LOG
• Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.htm and virusinfo_syscheck.zip
• Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.

[Stevo]

Here's the syz4 log, on another note my installation of AFP hasn't worked........

Attached Files

•  virusinfo_syscheck.zip   25.64K   31 downloads

[ShadowPuterDude]

Close all windows then double click on AVZ.exe

• Click File > Custom scripts
• Copy & paste the contents of the following codebox in the box in the program
  

  beginSetAVZGuardStatus(True);SearchRootkit(true, true); DeleteFile('C:\WINDOWS\system32\MsSip1.dll'); DeleteFile('C:\WINDOWS\system32\MsSip2.dll'); DeleteFile('C:\WINDOWS\system32\MsSip3.dll'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1','$DLL'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2','$DLL'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3','$DLL');ExecuteSysClean;RebootWindows(true);end.

• Note: When you run the script, your PC will be restarted
• Click Run
• Restart your PC if it doesn't do it automatically.

Download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please attach the log to your reply.

[Stevo]

Managed to run FSS:

Attached Files

•  FSS.txt   1.99K   26 downloads

[ShadowPuterDude]

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTLO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found[2012/06/17 14:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{FD7CAB3E-E895-4E98-9D68-A307CC601204}:Commands[Purity][EmptyTemp][EmptyFlash][EmptyJava][Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[Stevo]

Don't know how long OTL is supposed to run, only been on for half an hour at the moment, but it appears to have hung again. The green status bar hasn't moved at all so far and the activity light has only come on briefly.

[ShadowPuterDude]

Now we need to use ComboFix to remove some stuff.

• Make sure that the copy of combofix.exe that you downloaded earlier is on your Desktop but Do not run it!
• If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it

(make sure you scroll all the way down in the code box to get all lines selected ):

KillAll::

Folder::
C:\Documents and Settings\All Users\Application Data\{FD7CAB3E-E895-4E98-9D68-A307CC601204}

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note: DO NOT mouseclick combofix's window while it is running. That may cause it to stall.

The ComboFix folder should not be renamed since ComboFix and even we would have suspicions about it. Also when you uninstall CF, the folder would not be removed since it does not look for that folder name.

Attach the log produced by ComboFix to your next reply.

[Stevo]

Should I just reboot my pc as OTL is stuck? Then when I restart do as above?

[ShadowPuterDude]

Yes, go ahead and reboot. Then run the CFScript I posted.

[Stevo]

Here's the ComboFix log:

I still cannot get IE8 or AdobeFP to install properly on the pc, by the way.

Attached Files

•  ComboFix.txt   21.18K   29 downloads

[ShadowPuterDude]

OK, let's reset somethings to default settings.

Download Windows Repair by Tweaking.com to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com

• Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
• Now open this folder and double-click Repair_Windows.exe.
• Click the Start Repairs tab on the far right.
• Click the Start button (bottom right)
  Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
• Click Unselect All
• Put a checkmark in the following items:
  
  • Reset Registry Permissions
  • Reset File Permissions
  • Repair Internet Explorer
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Repair Volume Shadow Copy Service
  • Set Windows Services To Default Startup
  Note: Leave everything else unchecked
• Put a checkmark in Restart System When Finished
• Now click the Start button (bottom right)

Run a fresh scan with OTL and attach the resulting log.

[Stevo]

Folders still taking an age to open, sorry about this.

Attached Files

•  OTL1.Txt   74.75K   29 downloads

[ShadowPuterDude]

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTLO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present[2012/06/17 14:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{FD7CAB3E-E895-4E98-9D68-A307CC601204}:Commands[Purity][EmptyTemp][EmptyFlash][EmptyJava][Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[Stevo]

Right, so OTL has been on runfix now for 11 hours, still stuck on the Killing processes Do Not Interrupt, at the bottom. No progress has been made from what I can tell, the egg timer is still on too. Am I doing something wrong? It is stil on the minimal output is that what is supposed to be on?
Am I ok to reboot/force shut down of my pc?

[ShadowPuterDude]

Changing tools.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.

• Please download GMER from one of the following locations, and save it to your desktop:
  
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zip Mirror
    Alternate Zip Mirror 2
    Alternate Zip Mirror 3
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
• Double click or on your desktop. If you are using Vista, please right-click and select run as administrator
• When you have done this, close all running programs.
  There is a small chance this application may crash your computer so save any work you have open.
• Allow the gmer.sys driver to load if asked.

If it detects rootkit activity, you will receive a prompt to run a full scan. Click NO.

• In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
  
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show all (Don't miss this one!)
• Click on and wait for the scan to finish.
• If you see a rootkit warning window, click OK.
• Push and save the logfile to your desktop.
• Attach the GMER log.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on <--- ROOKIT entries

[Stevo]

Atteched GMER log:

Attached Files

•  GMER.log   4.17K   34 downloads

[ShadowPuterDude]

Download Hitman Pro to your Desktop. Download the 32-bit version.

Press the CTRL key and double-click on Hitman Pro. Hitman Pro will shut down all unnecessary processes when ran this way.

If Hitman Pro wants to update, let it.

If Hitman Pro wants to download signatures, let it.

If Hitman Pro wants to remove something, let it.

Attach any logs produced by Hitman Pro.

[Stevo]

It only seemed to delete CombiFix.exe & a load of cookies..............

Attached Files

•  hitman.xml   33.89K   35 downloads

[ShadowPuterDude]

Everything is coming back clean. So, I'm a little baffled as to why those registry restrictions aren't being removed.

Let's try this:

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Attach the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[Stevo]

With MBAM, it's the registered paid for version I have with daily updates. Do you still want me to go ahead with the re-install? I will do it tomorrow as not enough time tonight.

[ShadowPuterDude]

No need to reinstall. Run a scan with MBAM and have it remove what it finds and then attach the MBAM log.

[Stevo]

MBAM Full scan & flash scan :

Attached Files

•  mbam-log-2012-06-27 (00-52-22).txt   1.91K   36 downloads
•  mbam-log-2012-06-27 (07-34-31).txt   1.88K   31 downloads

[ShadowPuterDude]

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Windows Registry Editor Version 5.00

[-HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery]

[-HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions]

[-HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel]

[-HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions]

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Reboot

Run a fresh scan with OTL and attach the new OTL log to your next reply.

[Stevo]

Still freezing on My Documents, a lot of screens all stuck on even thoughI've closed them.

Attached Files

•  OTL2.Txt   76.48K   31 downloads

[ShadowPuterDude]

Those registry restrictions are still inplace.

Download DDS by sUBs from one of the following links and save it to your desktop.

• • DDS.scr
  • DDS.pif
• Disable any script blocking protection
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

---------------------------------------------------

• Attach the DDS.txt report in your next reply
• Attach the Attach.txt report to your reply

[Stevo]

dds. logs as requested

Attached Files

•  attach.rar   4.27K   25 downloads
•  dds.txt   15.39K   30 downloads

[ShadowPuterDude]

It's more than likely that it is EAM preventing the registry changes. Disable EAM and do the registry patch.

Reboot

Get a fresh log from OTL.

[Stevo]

Here's the OTL log, thanks for all your help so far. My Documents & My Comp open quite quickly at the moment

Attached Files

•  OTL3.Txt   77.15K   31 downloads

[ShadowPuterDude]

Download to your Desktop:
- RegASSASSIN

• Start RegASSASSIN
• Enter the registry key to delete:

  HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery

• Ensure the following are selected:
  
  • Reset registry key permissions
  • Delete registry key and all subkeys
• Click Delete
• Repeat for each of the following registry keys:

  HKLM\Software\Policies\Microsoft\Internet Explorer\RestrictionsHKCU\Software\Policies\Microsoft\Internet Explorer\Control PanelHKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

• Exit RegASSASSIN

Reboot

Run a fresh scan with OTL and attach the new OTL log.

[Stevo]

If I copy & paste the above instructions, ach time an error message appears, it reads ERROR: Hive returned NULL. If I follow the instructions from RegAssassin It gives me these keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions

Should I use these?

[ShadowPuterDude]

If I copy & paste the above instructions, ach time an error message appears, it reads ERROR: Hive returned NULL. If I follow the instructions from RegAssassin It gives me these keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions

Should I use these?

Yes, go ahead and use those.

[Stevo]

Next OTL log.........

Attached Files

•  OTL4.Txt   76.91K   29 downloads

[ShadowPuterDude]

OK, that did the trick.

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

• Download OTC to your desktop and run it
• A list of tool components used in the cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Delete the following from your Desktop (If they exist)
CFscript.txt
FixReg.reg
TDSSKiller.exe
Anything else I had you use

Delete the following files: (If they exist)
C:\ComboFix.txt

Delete the following folders: (If they exist)
C:\ComboFix
C:\Qoobox

Empty the Recycle Bin

Download to your Desktop:
- CCleaner Portable

• UnZip CCleaner Portable to a folder on your Desktop named CCleaner

Run CCleaner

• Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
• The following should be selected by default, if not, please select:
  
• Click and choose
• Uncheck
• Then go back to and click to run it.
• Exit CCleaner.

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

[Stevo]

And now My Documents folders are taking an age to open again. Even though I have installed AFP, it's telling me I don't have it & when I try to re-install it, the old chestnut of not having authorisation to do it.....

[Stevo]

And can't open IE either.........

[ShadowPuterDude]

Run ComboFix and attach the resulting log to your next reply.

[Stevo]

MY folders are still slow to open, Firefox takes a long time to open, IE8 won't install & neither will AFP or Quicktime........

Attached Files

•  cfTEXT.txt   22.71K   25 downloads

[ShadowPuterDude]

Now we need to use ComboFix to remove some stuff.

• Make sure that the copy of combofix.exe that you downloaded earlier is on your Desktop but Do not run it!
• If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it

(make sure you scroll all the way down in the code box to get all lines selected ):

KillAll::

Driver::
0269081340819581mcinstcleanup

File::
c:\windows\TEMP\026908~1.EXE

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note: DO NOT mouseclick combofix's window while it is running. That may cause it to stall.

The ComboFix folder should not be renamed since ComboFix and even we would have suspicions about it. Also when you uninstall CF, the folder would not be removed since it does not look for that folder name.

[Stevo]

At this moment in time I cannot get on to my computer as it is stuck on a loading screen. Either Chrome, Firefox or IE has stalled it. The box says "Personalised settings: setting up personalized settings for Browser Customizations"

[ShadowPuterDude]

Will the system boot to Safe Mode?