Hello and welcome to
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Download
Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.
Do not confuse
Windows Messenger with
MSN Messenger because they are not the same.
Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the
MessengerDisable.exe and choose the bottom box -
Uninstall Windows Messenger and click
Apply.Exit out of
MessengerDisable then delete the two files that were put on the desktop.
================================
Open
HijackThis and select
Do a system scan onlyPlace a check mark next to the following entries: (if there)
R3 - URLSearchHook: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMari.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMari.dll (file missing)
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeImportant: Close all open windows except for
HijackThis and then click
Fix checked.Once completed, exit
HijackThis.======================================
Download
Security Check by screen317 from one of the following links and save it to your desktop.
Link 1Link 2* Unzip
SecurityCheck.zip and a folder named
Security Check should appear.
* Open the
Security Check folder and double-click
Security Check.bat* Follow the on-screen instructions inside of the black box.
* A
Notepad document should open automatically called
checkup.txt* Post the contents of that document in your next reply.
Note: If a security program requests permission from
dig.exe to access the Internet, allow it to do so.
====================================
Please download
ComboFix from
BleepingComputer.comAlternate link: GeeksToGo.comAlternate link: Forospyware.comRename ComboFix.exe to commy.exe before you save it to your Desktop- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
- Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the
Microsoft Windows Recovery Console is installed using
ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
- When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.