Hello
shamsheer and welcome to
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
I need the SAS and MBAM logsThe first thing I will need you to do is to go to
this link and follow the directions precisely. If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the
shift key down while inserting the USB storage device for about
10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. If you can't run any step, just jump to the next one. Please let me know how you are doing or have any questions. Initially, I will need the
SuperAntiSpyware and MBAM logs. Please post any logs that you can generate.
===============================
Download
Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.
Do not confuse
Windows Messenger with
MSN Messenger because they are not the same.
Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the
MessengerDisable.exe and choose the bottom box -
Uninstall Windows Messenger and click
Apply.Exit out of
MessengerDisable then delete the two files that were put on the desktop.
==========================================
Open
HijackThis and select
Do a system scan onlyPlace a check mark next to the following entries: (if there)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeImportant: Close all open windows except for
HijackThis and then click
Fix checked.Once completed, exit
HijackThis.===================================
Download
ComboFix by sUBs from one of the below links. Be sure to save it to the
Desktop.link # 1link #2Close any open web browsers (Firefox, Internet Explorer, etc) before starting
ComboFix.Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click
this link to see a list of security programs that should be disabled and how to disable them.
Vista users Right-click
combofix.exe and select
Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)
Double-click
combofix.exe and follow the prompts.
When finished,
ComboFix will produce a log for you.
Post the
ComboFix log and a new
HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.Remember to re-enable your
anti-virus and
anti-spyware protection when
ComboFix is complete.
If you have problems with ComboFix usage, see
How to use ComboFixPlease attach the
SAS, MBAM and
ComboFix logs