Hi Jason
Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
=================
2. Go to
| Run | paste in the
single line command & click OK
"%userprofile%\desktop\combofix.exe" /v wvurpno oybguief
3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
===============================================
'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING
==============================================
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.
===============================================
From Control Panel->Add/Remove Programs, uninstall the following programs, if present, :
- FunWebProducts
- MediaFACE 4.0
=================
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Please remember to close all other windows, including browsers then click Fix checked.
===============================================
If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
- Tick - Show hidden files and folder
- Untick - Hide file extensions for known types
- Untick - Hide protected operating system files
Click Yes to confirm & then click OK
Locate and delete the following folders, if present:
- C:\Program Files\FunWebProducts
- C:\Program Files\Fellowes\MediaFACE 4.0
Locate and delete the following files:
- C:\Documents and Settings\jay\My Documents\Incomplete\T-106814-_uncensored_ yellow haired girl 53.wma
- C:\Documents and Settings\jay\us.exe
- C:\WINDOWS\us.exe
- C:\WINDOWS\Downloaded Installations\Neato MediaFACE 4.0.msi
- C:\Program Files\eMule\Incoming\spiderman creative studio_fastest_BitTorrent_downloader.zip
=================
REBOOT TO NORMAL MODE
=================
Go
here and do the
BitDefender online virus scan.
- Click "I Agree" to agree to the EULA.
- Allow the ActiveX control to install when prompted.
- Leave the scanning options at default and press "Click here to scan" to begin the scan.
- Please refrain from using the computer until the scan is finished.
- When the scan is finished, click on "Click here to export the scan results"
- Save the report to your desktop then come back here and post it in your next reply
=================
Please Run a scan with
Deckard's System Scanner and
save the log
===============================================
In your next post, please include fresh logs from:
- ComboFix.txt
- Online scan
- main.txt
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now