[NeonFx]

We'll see what we can do. Let me know when you have the results from GMER

[SantinoBee]

Hahaa Thanks...
I did run it earlier, but Vista happened again....
!!
Froze everything, so I left it alone, walked the dog and an hour later still no mouse controls... ctrl/alt/del did nothing... had to power off, yikes, and start up again... I'll try it again, but later on... I have too much to do right now to fight with the computer.. but hey, noxt time it might work...
Thanks for the effort.

[NeonFx]

Alright. Try that again and if it doesn't work skip it and please do the following:

(if it does, get me both the results for that and for the following)


NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Disabling Security Programs
• Double click on ComboFix.exe & follow the prompts.
  
  Note: Combofix will run without the Recovery Console installed.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

[SantinoBee]

I'm going to try to combofix now.
I really need the autoplay thing. I'm a photographer and use usb stuff every day. It really would impair me without it.
I had a lot of stuff come up, that's why I'm late here.
!!

[NeonFx]

I didn't mean to say that USB would be disabled, just the popup that comes up when you plug it in. It will still be accessible through "My Computer" as it normally is. I highly recommend you leave that disabled, ESPECIALLY if you use USB stuff every day. The types of malware that spread using this method are rampant.

Don't worry about delays, I might be delayed at times myself as this isn't my real job. This is just volunteer work I do when I have time.

Let me know when you have the results.

[SantinoBee]

My computer doesn't have it show up when I connect the USB. Sometimes I never end up getting the icon to click, so I can't access my cf cards. I only use it in the camera and this computer.
______
Everything has gone to hell now:
I had to uninstall my Norton internet security because it wouldn't disable. So that's gone.
The Combofix thing ran... it said it found something and had to restart the computer, I clicked ok, do it. Went to take a shower... came back.. Blue screen > something about an error and preparing disk for crash dump something or other!!
I have no security for the internet... my online business is my only source of income, so this is very stressful. I can't screw this computer up, I have no money at all to put on it.
(can't work out of the place, sick... )
Should I try to run it again? or is suicide the better option of the two?
Thanks for the effort.

[SantinoBee]

also I never leave the cf card connected, I just transfer the folders off and then unplug.

[SantinoBee]

Just tried it and the pages still forward everywhere...

[NeonFx]

It's possible the infection is fighting back. I never gave you instructions to uninstall your security program, just to disable it. You should reinstall it as soon as you can.

Is your computer turning on ok? We can use other programs but I want to make sure nothing bad happened. Was a log saved at C:\ComboFix.txt or C:\QooBox\Combofix-quarantined-files.txt ?

[SantinoBee]

There was no way of turning it off, other than to uninstall it.
It refused to comply.

[SantinoBee]

there doesn't seem to be a txt file.
I searched in the *run* programs thing for both, so if it saved to a weird place it could find it, but no luck.

[SantinoBee]

The computer turns on fine.
I don't have Norton anything on discs, it came with the computer and I don't think my computer allowed it to get any of the updates it needed in the first place.

[NeonFx]

Ok. I need to see what infection it is. ComboFix probably tried to attack it and lost. Please do the following:

Download RootRepeal from one of the following locations and save it to your desktop:

Link 1
Link 2
Link 3

• Double click to start the program
• Click on the Report tab at the bottom of the program window
• Click the button
• In the Select Scan dialog, check:
  
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
  • Shadow SSDT
  
  
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan

  Note: The scan can take some time. DO NOT run any other programs while the scan is running
  

• When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

[SantinoBee]

I'll try again but it's error after error...
then this:

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP0
Exception Code: 0xc0000005
Exception Address: 0x00422bf2
Attempt to read from address: 0x00000004

[SantinoBee]

I downloaded it twice and it won't run.
Well, it runs... just all kinds of errors come up.