Oh ok…

Please download TDSSKiller.zip

[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan

[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now

[*]Attach the log in your next reply

[*]A copy of the log will be saved automatically to the root of the drive (typically C:)

I have spent two hours trying to get TDSSKiller to open i have downloaded it it twice just to test and still can’t get it to run. I have downloaded the zip file to my desktop and extracted the program. it just simply will not open. I am totally baffled!

Hi,

Sorry for the delay…I had to work a double-shift yesterday.

[*]Place TDSSKiller.exe in Malwarebytes Chameleon folder.
C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon
[*]Install the Chameleon driver by doing the following: Press the Windows key + R and in the Run box, copy and paste the following command in the Code Box below then press Enter.

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

[*]A black DOS prompt will appear with a prompt to press any key to continue, please do.
[*]Execute TDSSKiller.exe by doubleclicking on it
[*]Press Start Scan
[*]If Malicious objects are found, ensure Cure is selected (it should be by default)
[*]Click Continue then click Reboot now
[*]Once complete, a log will be produced at the root drive which is typically C:\ (For example, C:\TDSSKiller.version_date_time_log.txt)
[*]Please attach that log in reply.

no problem at all Jeff i am just relieved you are able to help me. ;D

i have attached the log as requested.

thank you!

Hi,

There we go…TDSSKiller got rid of a nasty one.

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer’s settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

;D

Hi,

[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\x9f1gak5.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 10acc3f000000000000000184d660870
FF - user.js: extensions.BabylonToolbar_i.hardId - 10acc3f000000000000000184d660870
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15367
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:58
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

File::
c:\program files\Ask.com\Updater\Updater.exe
c:\windows\system32\drivers\lejklauy.sys
c:\windows\system32\drivers\gtkdrv.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

Driver::
lejklauy
TrojanKillerDriver

[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.

i disabled everything (I think) until a re-start. i hope that it has worked.

[list]Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

ESET Online Scanner
I’d like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don’t go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

As a Vista/Win7 user you will need to right click your browser icon and select “Run as Administrator” in order to run this scan.

[]Do not use this instance of your browser for anything besides doing this scan
[]When the scan is complete and the results saved, close that instance of your browser
[*]Open a new one the usual way and post the results in this topic.

[]Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
[]Click the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png
button.
[]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
[*]Click on
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png
to download the ESET Smart Installer. Save it to your desktop.
[]Double click on the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png
icon on your desktop.

[*]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

[*]Click the Start button.
[]Accept any security warnings from your browser.
[]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

[*]Make sure that the option “Remove found threats” is Unchecked
[*]Push the Start button.
[]ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
[]When the scan completes, push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

[*]Push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png
, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
[*]Push the Back button.
[*]Push Finish

http://www.eset.com/onlinescan/

In your next reply please attach the logs made by Malwarebytes and ESET online scanner.

ESET scan for now. will do malwarebyte later!

Ok…

it’s looking good ;D

Great! How is your system running?

sorry was away for a few days…but I have run it today and it seems to be fine…for the first time in months. I have run an avast scan which is showing no problems. Thank you Jeff…I think that may be it!! :-*
Wow.
THANK YOU!

Great!!

Please download JavaRa to your desktop and unzip it to its own
folder
[*]Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
click Remove Older Versions.
[*]Accept any prompts.
[*]Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
[*]Select Update Using Sun Java’s Website then click Search and click on the Open Webpage button. Download and install the latest
Java Runtime Environment (JRE) version for your computer.

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader X (10.1.0) first. Be sure to move any PDF documents to another folder first though.

In your next reply let me know if you had any problems with the instructions above.