04-22-2011, 04:14 AM
Note: Give me the above minidumps. I would suggest that you download everything mentioned in here first and save this page so that you can access it offline. Only connect to the Internet when necessary. Another, please do not update using Windows Update at the time being.
- Step 10
Download this Registry fix and run it as Administrator. It would be preferable that you download it off a clean computer and save it in a USB drive. But seeing as you can access and download from the Internet, you may opt to download it on this very machine.
- Step 11
Please download RKill.
- Please chose "eXplorer.exe" and save it to your Desktop.
- Double-click the file for it to stop any process associated with the rogue program.
- When done, a prompt will automatically close.
"If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Antimalware Doctor when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Antimalware Doctor. So, please try running RKill until the malware is no longer running. If you continue having problems running RKill, you can download the other renamed versions of RKill from the Rkill download page. All of the files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab. Do not reboot your computer after running RKill as the malware programs will start again."
- Please chose "eXplorer.exe" and save it to your Desktop.
- Step 12
System Restore maintains a backup of your programs however it may also backup infections therefore constant flushing is required to create a clean Restore Point.
- On the Start Menu, right-click Computer > Properties > System Protection.
- Click Configure.
- Click Delete > Continue > OK.
- You are now back at the System Protection Tab.
- On the Start Menu, right-click Computer > Properties > System Protection.
- Step 13
Please update and run a full scan with Malwarebytes' Anti-Malware. Make sure you are disconnected from the Internet whilst this process is on-going. After it has asked you to reboot, if infections were found, proceed to run a full scan with Avira, again with no Internet connectivity. Make sure that this is done individually.
- Step 14
Please do a clean installation of Firefox.
I have noticed you have more than one profile. Please backup your bookmarks, and remove Firefox completely. Visit the enclosed path (C:\Users\Tyler\Application Data\Mozilla\Firefox\Profiles) and delete any profiles left. Then do a re-installation.
- Step 15
Run OTL.exe.- Copy and paste the following text written inside of the code box into the Custom Scans & Fixes box located at the bottom of OTL.
Code::OTL
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07BF512B
[2011/04/20 23:01:33 | 000,011,202 | -HS- | C] () -- C:\Users\Tyler\AppData\Local\4kegtidw7006g801m8f6f10
[2011/04/20 23:01:33 | 000,001,618 | -HS- | C] () -- C:\ProgramData\4203139489
[2011/04/20 23:01:25 | 000,011,202 | -HS- | C] () -- C:\ProgramData\4kegtidw7006g801m8f6f10
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[CLEARALLRESTOREPOINTS]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot when it is done.
- Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time).
- Copy and paste the following text written inside of the code box into the Custom Scans & Fixes box located at the bottom of OTL.
- In your next post, please provide the following:
- A Fresh HijackThis (HJT) Log
- Avira Scan Log
- Deckard's System Scanner (DDS) Logs
- DDS.txt
- Attach.txt
- DDS.txt
- A Fresh HijackThis (HJT) Log
- Malwarebytes' Anti-Malware Scan Log
- OTL Results
- Format of Response
Code:[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Link To Requested Logs:[/b][/color]
- Comments:
- Also, as to why you keep getting infected, it is either the infection still resides in the system (and a copy is in the System Volume Information), but I doubt that because you are getting new variants. Another could be because of your activity. You are clicking and visiting wrong sites.