EDIT: Run this first please and paste the log into a reply. Allow me to check it before you go on. It looks like a Ramnit malware infection which most of us consider incurable.
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=================================================================
Do not go on with TDSSKiller and Combofix until I've checked the virus online scan log. I will instruct you whether to proceed.
==================================================================
Thank you. You have a Rootkit. Please run the following:
- Download the file TDSSKiller.zip and extract it (use archiver, for example, WInZip) into a folder on the infected (or potentially infected) PC.
- Double click TDSSKiller.exe to start the scan
- Wait for the scan and disinfection process to be over.
[o] The utility outputs a list of detected objects with description.
[o]The utility automatically selects an action (Cure or Delete) for malicious objects.
[o]The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
- Select the action Quarantine to quarantine detected objects.
- The default quarantine folder is in the system disk root folder, e.g.:C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
- After clicking Next, the utility applies selected actions and outputs the result.
It is necessary to reboot the PC after the disinfection is over.
============================================
After you have run the TDSSKiller, please see if Combofix will run for you:
Please download ComboFix from Here and save to your Desktop.
[1]. Do NOT rename Combofix unless instructed.
[2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3].Close any open browsers.
[4]. Double click combofix.exe & follow the prompts to run.- NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
[5]. If Combofix asks you to install Recovery Console, please allow it.
[6]. If Combofix asks you to update the program, always allow.
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
=============================================
By the way, we require all logs to be pasted into the replies You do not have to redo these logs, but please paste all others unless told otherwise.
============================================
After these scans I will have you run a program that will remove all
7 outdated versions of Java- then update to the current. You missed this. The old versions are a vulnerability to the system.
You will also need to update your
v6 of the Adobe Acrobat - to the current v9.xx, another vulnerability.
And you can remove the HijackThis because it's outdated also.
======================================
Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
