14 replies to this topic

[Toramaru]

My computer has been really slow lately, taking up 2-3min just to start firefox. It is also slow in every other task executed, but I'm using firefox as a marker. Thanks in advance.  hijackthis.txt   11.66KB   296 downloads

[inzanity]

Hello and Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise. This may cause a delay, but I will do my best to keep it as short as possible. I am checking over your log , I will post back shortly with instructions.

[inzanity]

Hi Toramaru,

Please download ERUNT from here. A free program that allows you to keep a complete backup of your registry and restore it when needed.

• Double click erunt-setup.
• Choose a language then press Enter or click OK to continue.
• Install it using the default settings and choose yes when asked to add ERUNT to the start up folder.
• Once installed, open ERUNT.exe if it hasn't opened yet then create a registry back up.

--Next--

We Need to check for Rootkits with RootRepeal
Please download RootRepeal one of these locations and save it to your desktop
Here
Here
Here

• Open on your desktop.
• Click the tab.
• Click the button.
• Check just these boxes:
• 
• Push Ok
• Check the box for your main system drive (Usually C:, and press Ok.
• Allow RootRepeal to run a scan of your system. This may take some time.
• Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.

--Next--

Please download DDS by sUBs from one of the following links and save it to your desktop.

• • DDS.scr
  • DDS.pif
• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

---------------------------------------------------

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:

• Under the reply panel is the Attachments Panel.
  
• Browse for the attachment file you want to upload, then click the green Upload button.
  
• Once it has uploaded, click the Manage Current Attachments drop down box.
  
• Click on to insert the attachment into your post

Please post both DDS logs in your next reply.

Logs to post in your next reply:
1. RootRepeal log.
2. DDS log.

[Toramaru]

Here they are inzanity, and thanks for the help so far XD  DDS.txt   12.49KB   318 downloads  RootRepeal.txt   9.71KB   357 downloads  Attach.txt   11.77KB   199 downloads

[inzanity]

Hi,

Please do the following

• Double-click mbam.exe to open it.
  
• Check for an update, if an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. Please save it to a convenient location and post back the log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

--Next--

Please do a scan with Kaspersky Online Scanner or from Here.

• Click on the Accept button and install any components it needs.
• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Once the scan is complete, click on View scan report To obtain the report:
• Click on: Save Report As
• Next, in the Save as prompt, Save in area, select: Desktop
• In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
• Then, click: Save
• Please post the Kaspersky Online Scanner Report in your reply.

To post in your next reply (don't attach):
1. Malwarebytes log
2. Kaspersky log.
3. How is your computer doing at the moment.

[Toramaru]

inzanity, I have problems using Kaspersky, it says I need a stable internet connection and shuts the update. I have used it before and I'm pretty sure my internet connection is just fine. By the way, I disabled my Anti-Virus, Firewall and Spyware Guard before starting to use Kaspersky. My MBAM log is as it follows: Malwarebytes' Anti-Malware 1.41 Database version: 2969 Windows 5.1.2600 Service Pack 2 15/10/2009 20:12:07 mbam-log-2009-10-15 (20-12-07).txt Scan type: Quick Scan Objects scanned: 95184 Time elapsed: 4 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And my computer is still slow, specially at startup.

[inzanity]

Hi,

Let's try ESET instead.

Please run this free online virus scanner from ESET

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

[Toramaru]

Well, ESET went smoothly XD Here it is: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) # OnlineScanner.ocx=1.0.0.6208 # api_version=3.0.2 # EOSSerial=7f450fc1ef00ae4c80c64559d5d05fcb # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-10-17 12:27:34 # local_time=2009-10-16 10:27:34 (-0300, Horário brasileiro de verão) # country="Brazil" # lang=9 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=767 16777215 0 0 0 0 0 0 # compatibility_mode=1023 16777215 0 0 0 0 0 0 # compatibility_mode=1279 16777215 0 0 0 0 0 0 # compatibility_mode=2047 16777215 0 0 0 0 0 0 # compatibility_mode=3073 16777213 80 89 1607424 6537435 0 0 # compatibility_mode=3589 16777214 0 0 0 0 0 0 # compatibility_mode=4351 16777215 0 0 0 0 0 0 # compatibility_mode=5890 16777214 0 0 0 0 0 0 # compatibility_mode=8447 16777215 0 0 0 0 0 0 # scanned=67112 # found=1 # cleaned=1 # scan_time=5571 C:\Documents and Settings\Eduardo\Desktop\Matheus' to do's and stuff\FFSetup2.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) # OnlineScanner.ocx=1.0.0.6208 # api_version=3.0.2 # EOSSerial=7f450fc1ef00ae4c80c64559d5d05fcb # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-10-17 07:06:37 # local_time=2009-10-17 05:06:37 (-0300, Horário brasileiro de verão) # country="Brazil" # lang=9 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=767 16777215 0 0 0 0 0 0 # compatibility_mode=1023 16777215 0 0 0 0 0 0 # compatibility_mode=1279 16777215 0 0 0 0 0 0 # compatibility_mode=2047 16777215 0 0 0 0 0 0 # compatibility_mode=3073 16777213 80 89 1632684 6562695 0 0 # compatibility_mode=3589 16777214 0 0 0 0 0 0 # compatibility_mode=4351 16777215 0 0 0 0 0 0 # compatibility_mode=5890 16777214 0 0 0 0 0 0 # compatibility_mode=8447 16777215 0 0 0 0 0 0 # scanned=93007 # found=0 # cleaned=0 # scan_time=4237

[inzanity]

Hi,

Am not seeing any malware. Let's have another look.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
• Save it where you can easily find it, such as your desktop

[Toramaru]

I'll have to double post since the logs are really extensive...  GMER.txt   297.4KB   320 downloads Soon the next one...

[Toramaru]

I really tried to atach the first part and post the second but it didn't work out.
Here's the second part. It's simply a juxtaposition of 2 parts.

 GMER_2.txt   323.71KB   212 downloads

Thanks for the help so far inzanity and I'm sorry for the delay in this reply.

:notworthy:

[inzanity]

Hi,

No worries as we are all busy.

Please go to the site below to scan the following file:
VirSCAN

click on Browse, and upload the following file for analysis:
C:\Windows\System32\Drivers\ain60eb8.SYS

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

[Toramaru]

inzanity, I'm having problems submiting that file to analisys. It says here that such file doesn't exist.|
What should I do?

Here's a copy of the DIR command on that folder:

Microsoft Windows XP [versão 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Eduardo>cd..

C:\Documents and Settings>cd..

C:\>cd..

C:\>%SystemRoot%
'C:\WINDOWS' não é reconhecido como um comando interno
ou externo, um programa operável ou um arquivo em lotes.

C:\>cd %systemroot%

C:\WINDOWS>cd system32

C:\WINDOWS\system32>cd drivers

C:\WINDOWS\system32\drivers>dir
O volume na unidade C não tem nome.
O número de série do volume é 744C-C15B

Pasta de C:\WINDOWS\system32\drivers

21/10/2009 19:10 <DIR> .
21/10/2009 19:10 <DIR> ..
04/08/2004 10:00 188.416 acpi.sys
04/08/2004 10:00 11.904 acpiec.sys
14/08/2008 08:57 74.720 adfs.sys
14/02/2006 22:22 142.464 aec.sys
04/08/2004 10:00 138.496 afd.sys
21/05/2008 02:07 82.380 AFS2K.SYS
04/08/2004 00:07 42.368 AGP440.SYS
16/12/2005 14:50 3.842.560 alcxwdm.sys
04/08/2004 10:00 41.088 amdk6.sys
04/08/2004 10:00 41.472 amdk7.sys
04/08/2004 10:00 60.800 arp1394.sys
04/08/2004 10:00 14.336 asyncmac.sys
03/08/2004 23:59 95.360 atapi.sys
04/08/2004 10:00 59.904 atmarpc.sys
04/08/2004 10:00 31.360 atmepvc.sys
04/08/2004 10:00 55.936 atmlane.sys
04/08/2004 10:00 352.256 atmuni.sys
17/08/2001 19:59 3.072 audstub.sys
13/02/2009 13:17 45.416 avgntdd.sys
05/08/2009 23:44 55.656 avgntflt.sys
13/02/2009 13:29 22.360 avgntmgr.sys
30/03/2009 11:33 96.104 avipbb.sys
04/08/2004 10:00 4.224 beep.sys
04/08/2004 10:00 71.552 bridge.sys
04/08/2004 10:00 13.952 cbidf2k.sys
04/08/2004 10:00 18.688 cdaudio.sys
04/08/2004 10:00 63.744 cdfs.sys
28/04/2009 18:20 9.072 cdr4_xp.sys
28/04/2009 18:20 9.200 cdralw2k.sys
04/08/2004 10:00 49.536 cdrom.sys
04/08/2004 10:00 262.528 cinemst2.sys
04/08/2004 10:00 49.664 classpnp.sys
17/09/2009 15:14 132.296 cmdguard.sys
17/09/2009 15:14 25.160 cmdhlp.sys
04/08/2004 10:00 11.776 cpqdap01.sys
04/08/2004 10:00 40.576 crusoe.sys
19/05/2008 11:43 <DIR> disdn
04/08/2004 10:00 36.352 disk.sys
04/08/2004 10:00 14.208 diskdump.sys
04/08/2004 10:00 800.000 dmboot.sys
04/08/2004 10:00 153.984 dmio.sys
04/08/2004 10:00 5.888 dmload.sys
04/08/2004 00:07 52.864 DMusic.sys
04/08/2004 00:08 60.288 drmk.sys
04/08/2004 00:07 2.944 drmkaud.sys
04/08/2004 10:00 10.496 dxapi.sys
04/08/2004 10:00 71.040 dxg.sys
04/08/2004 10:00 3.328 dxgthk.sys
04/03/2003 01:56 145.408 e100b325.sys
22/07/2009 13:56 <DIR> etc
04/08/2004 10:00 143.360 fastfat.sys
04/08/2004 10:00 27.392 fdc.sys
04/08/2004 10:00 35.072 fips.sys
04/08/2004 10:00 20.480 flpydisk.sys
21/08/2006 07:14 128.896 fltmgr.sys
04/08/2004 10:00 12.416 fsvga.sys
04/08/2004 10:00 7.936 fs_rec.sys
04/08/2004 10:00 125.824 ftdisk.sys
18/09/2009 17:01 30.336 GbpKm.sys
18/05/2009 15:17 26.600 GEARAspiWDM.sys
04/08/2004 10:00 3.440.660 gm.dls
04/08/2004 10:00 646 gmreadme.txt
04/08/2004 10:00 36.224 hidclass.sys
04/08/2004 10:00 24.960 hidparse.sys
17/08/2001 23:02 9.600 hidusb.sys
27/10/2008 21:45 833 hosts
14/05/2003 17:19 51.056 hpzid412.sys
14/05/2003 17:19 16.496 HPZipr12.sys
14/05/2003 17:17 21.488 HPZius12.sys
16/03/2006 22:33 262.784 http.sys
04/08/2004 10:00 53.760 i8042prt.sys
10/02/2003 20:18 102.400 ianswxp.sys
04/08/2004 10:00 41.856 imapi.sys
17/09/2009 15:14 87.104 inspect.sys
03/08/2004 22:38 5.632 intelide.sys
04/08/2004 10:00 40.192 intelppm.sys
04/08/2004 10:00 29.056 ip6fw.sys
04/08/2004 10:00 32.896 ipfltdrv.sys
04/08/2004 10:00 20.992 ipinip.sys
29/09/2004 20:28 134.912 ipnat.sys
04/08/2004 10:00 74.752 ipsec.sys
17/03/2003 18:39 20.352 iqvw32.sys
04/08/2004 10:00 11.264 irenum.sys
06/09/2001 00:07 36.224 isapnp.sys
04/08/2004 10:00 25.088 kbdclass.sys
04/08/2004 01:39 14.848 kbdhid.sys
14/06/2006 06:47 172.416 kmixer.sys
04/08/2004 00:15 140.928 ks.sys
04/08/2004 10:00 92.032 ksecdd.sys
10/09/2009 15:53 19.160 mbam.sys
10/09/2009 15:54 38.224 mbamswissarmy.sys
04/08/2004 10:00 7.680 mcd.sys
04/08/2004 10:00 63.744 mf.sys
04/08/2004 10:00 4.224 mnmdd.sys
04/08/2004 10:00 30.336 modem.sys
04/08/2004 10:00 23.552 mouclass.sys
06/09/2001 00:20 12.288 mouhid.sys
04/08/2004 10:00 42.240 mountmgr.sys
06/07/2007 08:05 72.960 mqac.sys
18/12/2007 07:51 179.584 mrxdav.sys
05/05/2006 07:41 453.120 mrxsmb.sys
04/08/2004 10:00 19.072 msfs.sys
04/08/2004 10:00 35.072 msgpc.sys
03/08/2004 23:58 7.552 MSKSSRV.sys
03/08/2004 23:58 5.376 MSPCLOCK.sys
03/08/2004 23:58 4.992 MSPQM.sys
04/08/2004 10:00 15.488 mssmbios.sys
04/08/2004 10:00 107.904 mup.sys
04/08/2004 10:00 182.912 ndis.sys
04/08/2004 10:00 9.600 ndistapi.sys
04/08/2004 10:00 12.928 ndisuio.sys
04/08/2004 10:00 91.776 ndiswan.sys
04/08/2004 10:00 38.016 ndproxy.sys
04/08/2004 10:00 34.560 netbios.sys
04/08/2004 10:00 162.816 netbt.sys
04/08/2004 10:00 61.824 nic1394.sys
04/08/2004 10:00 12.032 nikedrv.sys
04/08/2004 10:00 40.320 nmnt.sys
10/08/2009 18:40 <DIR> Nova pasta
06/11/2007 18:22 34.064 npf.sys
04/08/2004 10:00 30.848 npfs.sys
09/02/2007 09:10 574.464 ntfs.sys
04/08/2004 10:00 2.944 null.sys
02/05/2008 23:46 6.554.496 nv4_mini.sys
04/08/2004 10:00 12.416 nwlnkflt.sys
04/08/2004 10:00 32.512 nwlnkfwd.sys
04/08/2004 10:00 88.448 nwlnkipx.sys
04/08/2004 10:00 63.232 nwlnknb.sys
04/08/2004 10:00 55.936 nwlnkspx.sys
13/10/2006 08:23 163.584 nwrdr.sys
04/08/2004 10:00 3.456 oprghdlr.sys
04/08/2004 10:00 46.592 p3.sys
04/08/2004 10:00 80.384 parport.sys
04/08/2004 10:00 18.688 partmgr.sys
04/08/2004 10:00 7.040 parvdm.sys
04/08/2004 01:35 68.992 pci.sys
06/09/2001 00:17 3.456 pciide.sys
03/08/2004 23:59 25.088 pciidex.sys
04/08/2004 10:00 120.064 pcmcia.sys
19/04/2009 12:04 22.328 PnkBstrK.sys
04/08/2004 00:15 145.792 portcls.sys
04/08/2004 10:00 39.424 processr.sys
04/08/2004 10:00 69.120 psched.sys
04/08/2004 10:00 17.792 ptilink.sys
28/04/2009 18:20 44.944 PxHelp20.sys
04/08/2004 10:00 8.832 rasacd.sys
04/08/2004 10:00 51.328 rasl2tp.sys
04/08/2004 10:00 41.472 raspppoe.sys
04/08/2004 10:00 48.384 raspptp.sys
04/08/2004 10:00 16.512 raspti.sys
04/08/2004 10:00 34.432 rawwan.sys
05/05/2006 07:47 174.592 rdbss.sys
04/08/2004 10:00 4.224 rdpcdd.sys
04/08/2004 00:01 196.864 rdpdr.sys
10/06/2005 02:11 139.528 rdpwd.sys
03/08/2004 22:36 57.984 redbook.sys
04/08/2004 10:00 12.032 rio8drv.sys
04/08/2004 10:00 12.032 riodrv.sys
13/07/2006 06:48 202.240 rmcast.sys
04/08/2004 10:00 30.080 rndismp.sys
04/08/2004 10:00 5.888 rootmdm.sys
04/08/2004 10:00 96.256 scsiport.sys
04/08/2004 10:00 67.584 sdbus.sys
03/02/2006 15:45 55.168 sdcplh.sys
13/11/2007 08:25 20.480 secdrv.sys
19/02/2003 15:04 41.344 ser2pl.sys
04/08/2004 10:00 15.488 serenum.sys
04/08/2004 10:00 65.920 serial.sys
04/08/2004 10:00 11.136 sffdisk.sys
04/08/2004 10:00 10.240 sffp_sd.sys
04/08/2004 10:00 11.392 sfloppy.sys
04/08/2004 10:00 14.592 smclib.sys
04/08/2004 10:00 25.472 sonydcam.sys
17/08/2001 22:56 7.552 SONYPVU1.SYS
14/06/2006 06:47 6.400 splitter.sys
29/07/2009 19:49 721.904 sptd.sys
04/08/2004 10:00 73.472 sr.sys
14/08/2006 08:34 332.928 srv.sys
11/05/2009 11:12 28.520 ssmdrv.sys
04/08/2004 00:08 48.640 stream.sys
04/08/2004 10:00 4.352 swenum.sys
17/08/2001 23:00 54.272 swmidi.sys
04/08/2004 00:15 60.800 sysaudio.sys
04/08/2004 10:00 14.976 tape.sys
30/10/2007 15:20 360.064 tcpip.sys
16/08/2006 07:37 225.664 tcpip6.sys
04/08/2004 10:00 18.560 tdi.sys
04/08/2004 10:00 12.040 tdpipe.sys
04/08/2004 10:00 21.896 tdtcp.sys
04/08/2004 01:45 40.840 termdd.sys
19/07/2009 18:16 102.664 tmcomm.sys
04/08/2004 10:00 51.712 tosdvd.sys
04/08/2004 10:00 21.376 tsbvcap.sys
04/08/2004 10:00 12.416 tunmp.sys
04/08/2004 10:00 66.176 udfs.sys
23/08/2008 13:44 <DIR> UMDF
23/04/2007 08:32 364.160 update.sys
04/08/2004 10:00 12.672 usb8023.sys
06/03/2009 00:59 36.864 usbaapl.sys
04/08/2004 10:00 23.808 usbcamd.sys
04/08/2004 10:00 23.936 usbcamd2.sys
04/08/2004 00:08 31.616 usbccgp.sys
04/08/2004 10:00 4.736 usbd.sys
04/08/2004 00:08 26.624 usbehci.sys
04/08/2004 00:08 57.600 usbhub.sys
04/08/2004 10:00 16.000 usbintel.sys
04/08/2004 00:08 142.976 usbport.sys
04/08/2004 00:01 25.856 usbprint.sys
03/08/2004 23:58 15.104 usbscan.sys
04/08/2004 00:08 26.496 USBSTOR.SYS
04/08/2004 00:08 20.480 usbuhci.sys
04/08/2004 10:00 58.112 vdmindvd.sys
04/08/2004 10:00 20.992 vga.sys
04/08/2004 10:00 79.744 videoprt.sys
04/08/2004 10:00 53.248 volsnap.sys
04/08/2004 10:00 34.560 wanarp.sys
04/08/2004 01:37 32.000 wceusbsh.sys
14/06/2006 07:00 82.944 wdmaud.sys
04/08/2004 10:00 4.352 wmilib.sys
18/10/2006 21:00 38.528 wpdusb.sys
04/08/2004 10:00 12.032 ws2ifsl.sys
28/09/2006 19:55 77.568 WudfPf.sys
28/09/2006 20:00 82.944 WudfRd.sys
219 arquivo(s) 28.457.087 bytes
6 pasta(s) 11.494.678.528 bytes disponíveis

C:\WINDOWS\system32\drivers>

[inzanity]

Hi Toramaru,

I don't see any malwares in your computer. Your current problem may not be malware related.
You can post your problem in the Windows forum by first reading here then creating a new topic here.
Also please add a link back here so the experts there could review your logs. Thank you.

Let's do some clean and off you go

Please delete DDS, RootRepeal, GMER and all the logs we've had.

You can keep Malwarebytes, it is an excellent malware removal tool. Update atleast once a week then run a complete scan.

--Next--

You need to create a new Clean restore point.
Click Start Menu > Run > copy and paste

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

--Next--

Adobe
You can get the latest version here.
Or you can download and install Foxit Reader.

Java
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

The latest update is Java 6 update 16

Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.

• Under Temporary Internet Files, click the Settings... button
  
• click the Delete Files button.
  
• There are two options in the window to clear the cache - Leave both Checked
  Applications and Applets
  Trace and Log Files
  
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  
• Click OK to leave the Temporary Files Settings
  
• Click OK to leave the Java Control Panel.

To keep your operating system up to date visit

• Secunia Software inspector to check your program update status.
• Microsoft Windows Update .

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer More Secure

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab.
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
  
  
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. SpywareBlaster - Download and install SpywareBlaster. This program prevents the installation of ActiveX-based spyware and other potentially unwanted programs.

7. SpywareGuard - Download and install SpywareGuard. This provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

8. Protect your computer from internet threats with SandboxIE. This program isolates Internet Explorer from the rest of your operating system, 'sandboxing' it away - so malicious websites can't do damage to the rest of your system. There is a Getting Started guide on their website.

9. And finally, please read these excellent articles:
Malware: Help prevent the Infection by Sandi Hardmeier,
Preventing Malware - Tools and Practices for Safe Computing

For more safe computing tips please read the guide by Rorschach112 on how to prevent malware and about safe computing here.



Goodluck, happy computing and stay clean!

[CatByte]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.