i found a suspicous keystroke textfile when i searched ".BDJ" your opinions and is this relevant?
Here is all the text files associated with eset scanner copied to one text file no this is not a joke this is infact everything i could find asociated with eset. quarentine files were empty.
Please don't send anymore screen shots. They don't have any useful information.
Please uninstall the Eset online program. Delete ALL the files for it either on the desktop or wherever you put them.
Kaspersky Online Scanner in Internet Explorer
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click Accept and the web scanner will begin to load
If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
You will be prompted to install an ActiveX component from Kaspersky, click Install
If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT and then Scan Settings
In the scan settings make that the following are selected:
[o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
[o] Scan Options: Scan Archives> Scan Mail Bases
Now under select a target to scan:
[o] Select My Computer
The program will start to scan your system.
Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
Log only please- no screen shots.
good and bad news, the good news is that the scan is running, the bad its at 85% and its been running for 6 hours.
*Update: total scan time 7hours, 11minutes and 13 seconds
Great success!, also it appears the random popups have ceased. however after removing the metro 2033 file, i feel as though this will not be the last of the trojan viris associated with this file. your thoughts and opinions, also i apologize for not stating my thanks for all of your assistance up until this point in the process.
The best news is that the scan is clean!
What problems related to the malware are you still having? If none, I'll have you remove the cleaning tools. I suggest you delete all those screen shots also on your system!
Uninstall ComboFix and all Backups of the files it deleted
Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Remove all of the tools we used and the files and folders they created
Download OTCleanIt by OldTimer
Save it to your Desktop.
Double click OTCleanIt.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
Go to Start > All Programs > Accessories > System Tools
Click "System Restore".
Choose "Create a Restore Point" on the first screen then click "Next".
Give the Restore Point a name> click "Create".
Go back and follow the path to > System Tools.
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.
More details and screenshots for Disk Cleanup in Windows Vista can be found here.
Let me know if I can be of more help. And keep in mind that an image of a screen only shows information showing on the screen at that time. It does not open and files or folders listed on the screen!
Thank you very much for all of your assistance and for putting up with me. the purpose of the many screenshots were to show you what i was seeing, this would help explain visually that either a certain log or file was not present or it was is i sent as it oringinally was.
You're welcome. Glad to help.
Please follow these simple steps to keep your computer clean and secure:
1.Disable and Enable System Restore: See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
2.Stay current on updates:
Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
3.Make Internet Explorer safer. Follow the suggestions HERE This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.
4.Remove Temporary Internet Files regularly: Use ATF Cleaner by Atribune or TFC
5. Use an AntiVirus Software(only one)
Both of the following programs are free and known to be good:
Avira Free or Avast Home
6.Use a good, bi-directional firewall(one software firewall) I recommend either of these software firewalls.- both are free and good:
Comodo or Zone Alarm
7.Consider these programs for Extra Security
Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Google Toolbar Get the free google toolbar to help stop pop up windows.
If I can be of further assistance, please let me know. .
no, that will be all thank you. you were of great assistance.