XP ANTIVIRUS 2011/ Running Windows XP/ Cannot Download Jara

Hello! I need some help please! I have a virus that will not allow me to access the internet, run MSN messanger. It never loads. I cannot run Firefox. I cannot run Media Player. I cannot download what you guys require me to download. It is being blocked by XP Antivirus 2011.

Please help, I had to click on Register for XP to get over here and I used the ask tool bar to search for you guys...


Thanks

Dave

Okay I found a way to download it however when I run javaRA it doesnt do anything

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Hey there! Nothing came up at all

after I downloaded it. I also should point out I have utorrant but cannot unistalll as this program will not allow me.

Did OTL not make any logs?

No... when I downloaded and double clicked to open it, clicked run and nothing happened at all...

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

• Please Download Rkill.com. Save it to your Desktop.
  
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  
  
• NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
  
  
• Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  
• Please be patient while the program looks for various malware programs and ends them.
  
• When it has finished, the black window will automatically close and you can continue with the next step.
  

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try OTL now.

OTL still did not make any logs. RKill was succesufully downloaded and ran. Some of the annyoying pops have stopped, except for infection alert for security updates

Hello.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

Hey man
I ran the program and it freezes up everytime right near the finish....

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Hey,
I downloaded it like you requested and nothing is producing at all. Im stumped.... I cant use calculator or anything... Ive never had such a problem....

Any other suggestions?

Lets try it from a boot disc.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
  
• Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  

• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
  
• Please post the contents of the OTL.txt file in your reply.
  

Hey man,
I cant do that. Im on a laptop and do not have one.. its an older like 2002 dell model

Hello.

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
  

Try OTL now.

Oh you rock
OTL logfile created on: 4/11/2011 10:51:24 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\The Mean Machine\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 9.12 Gb Free Space | 24.48% Space Free | Partition Type: NTFS

Computer Name: BERQ | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/08 21:51:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Mean Machine\My Documents\Downloads\OTL(2).exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/08 21:51:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Mean Machine\My Documents\Downloads\OTL(2).exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/07/13 13:11:20 | 000,560,848 | ---- | M] (CrossLoop Inc) [Auto | Stopped] -- C:\Documents and Settings\The Mean Machine\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/03/22 14:37:56 | 001,587,352 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Documents and Settings\The Mean Machine\Local Settings\Application Data\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2003/11/13 13:29:40 | 000,455,680 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G)


========== Driver Services (SafeList) ==========

DRV - [2004/03/10 21:54:32 | 000,385,536 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TNET1130x.sys -- (TNET1130x)
DRV - [2003/08/12 22:34:30 | 000,594,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/05/14 16:01:42 | 000,062,673 | R--- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2002/08/08 13:10:46 | 000,089,088 | ---- | M] (Cirrus Logic, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cwawdm.sys -- (cs429x)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1998/10/06 15:36:26 | 000,001,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papycpu.sys -- (papycpu)
DRV - [1998/10/06 15:36:26 | 000,001,888 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions [2011/02/04 20:10:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 09:38:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 09:38:10 | 000,000,000 | ---D | M]

[2011/04/10 22:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/05 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/26 23:48:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/26 15:35:22 | 000,087,344 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ClickPotatoLiteSA] C:\Program Files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe (Pinball Corporation.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSABHO.dll (Pinball Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/11 19:16:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 22:50:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/04/11 22:50:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/04/11 22:50:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/04/11 22:50:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/04/11 22:50:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/11 22:50:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/04/11 22:50:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/04/11 22:50:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/04/11 22:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/04/11 22:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/04/11 22:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/04/11 22:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/04/11 22:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/04/11 22:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/04/11 22:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/04/11 22:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/03/25 21:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabFlvPlayer
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/11 22:50:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/11 22:49:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/11 22:47:20 | 000,017,254 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\js6cy226kpp3fu006bryc5cx757a25077l2
[2011/04/10 22:51:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/10 16:03:34 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/10 16:03:27 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-2146744963-1814167683-1003.job
[2011/04/10 14:02:40 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-2146744963-1814167683-1003.job
[2011/04/10 14:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/04/09 14:53:30 | 000,000,492 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for The Mean Machine.job
[2011/04/07 08:05:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/16 03:01:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/14 23:36:54 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/14 23:36:54 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/11 22:50:11 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/04/11 22:50:11 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/04/07 23:33:01 | 000,017,254 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\js6cy226kpp3fu006bryc5cx757a25077l2
[2010/12/15 01:39:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/16 16:14:54 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu.sys
[2010/11/16 16:14:54 | 000,001,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2010/11/16 16:14:37 | 000,000,132 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/09/16 17:09:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/08/11 22:31:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/11 19:51:14 | 000,084,644 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
[2010/08/11 19:51:14 | 000,083,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
[2010/08/11 19:47:22 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2010/08/11 19:47:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2010/08/11 19:21:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/11 19:11:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/11 17:00:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/11 16:58:13 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

Hello.

• Download combofix from here
  Link 1
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Hey,.,, Should I run that in safe mode? It still does not run or produce anything.

I tried it again in safe mode and nothing produced at all.

Hello.
Yes, run it in Safe Mode, try these instructions.

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Hey there. I had tried that and it did not work...

Hello.

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory.