rmurphy

Hi fang56, and welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer. I would like to see a few more things before we start to do some clean-up. Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) == Clear Temporary Files == Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Close all Internet Explorer, Firefox, and Opera windows before continuing. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. I

One last scan, then I think you're all set. == Clear Temporary Files == Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Close all Internet Explorer, Firefox, and Opera windows before continuing. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Se

Fix this entry using HiJackThis: O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file). Reboot, and post a new log. How is the computer running? -Ryan

Please do an online scan with Kaspersky WebScanner You will need to use Internet Explorer to do this Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases [*]Click OK [*]Now under select

Please read Grinler's guide to removing XP Antivirus here, and post a HiJack This log in this thread after you have followed the steps outlined in that post. -Ryan

Uninstall the following programs: J2SE Runtime Environment 5.0 Update 4 Java™ 6 Update 2 Download ComboFix from one of the locations below, and save it to your Desktop. Link 1 Link 2 Link 3 Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall -Ryan

Please post a new hijack this log and an uninstall list. Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) -Ryan

Please uninstall NoAdware v5.0. Download CWShredder Here to its own folder. Update CWShredder Open CWShredder and click I AGREE Click Check For Update Close CWShredder Boot into Safe Mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows. After that, please update and scan with SUPERAntiSpyware. Please post the results of the scan along with a ne

Hi Gerry, welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer. Before we start cleaning, I would like to see an uninstall list: Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) -Ryan

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, open the S

Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your log. Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes.

Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer. Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a fi

Open notepad and post the contents of the box below into it: ipconfig >> nodapic.txt nodapic.txt Save the file as "ipconfig.bat" (include the quotes) to your desktop. Double click the ipconfig.bat file; a black window will flash open then close - this is normal. Notepad will open with some text in it, please post that text. -Ryan

Congratulations, your log is clean For information on how to protect yourself in the future, read Infection Prevention Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask. -Ryan

This post should help with the items SpyBot is saying: http://forums.spybot.info/showpost.php?p=6...amp;postcount=3 The rest of your issues do not appear to be malware related, and should be posted about in the Windows forum. Congratulations, your log is clean For information on how to protect yourself in the future, read Infection Prevention Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask. -Ryan

The updates are most likely the monthly updates from Microsoft, and are safe to install, and should be installed. Are you having any problems besides the system restore? -Ryan

On the System Restore tab, is System Restore enabled? If not, turn it on, and reboot. If it is already on, turn it off, reboot, and turn it back on. Let me know what the results of that are. -Ryan

Right click on My Computer and select Properties. Do you see a tab labelled System Restore? If not, does your account have administrator rights? -Ryan

Delete the following files: Z:\SusBkUp\Test\clipartfree.exe Z:\SusBkUp\Test\lmping-clipartfree.exe Since you would like to save the emails, I recommend that you burn them to a CD in order to reduce the risk of infection. Let's make a new restore point and clear the others: Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point. Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please repeat this step for all drives listed when you fisrt open Disc Cleanup. R

== Clear Temporary Files == Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Close all Internet Explorer, Firefox, and Opera windows before continuing. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NO

Download GMER from here: http://www.gmer.net/files.php Unzip it to the desktop. Open the program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’. Click on Scan. When the scan has run click Copy and paste the results (if any) into this thread.

Hi, I'm Ryan, and I'll be helping you from here, cuz MoNsTeReNeRgY22 is leaving for vacation (lucky dog). How is the computer running? Can you please scan with combofix again, and post the log from that, as well as a new HiJackThis log, and I'll take a look at what needs to be done from there. -Ryan

That looks good, and I didn't notice anything out of the ordinary in the KAV scan. How is your computer running? -Ryan

Didn't see any of the programs I was expecting to see, but note that Firefox is now up to version 2.0.0.9, so you should update as soon as you can. Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall -Ryan

Hi, and welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer. I would like to see an Uninstall list. Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) -Ryan