Posts by jholland1964

You have Spybot TeaTimer running. Turn it off and leave it off. If is known to stop or interfere with any changes made by other legal programs, even those the users makes himself.

To do this do the following:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Also please turn off Windows Defender, it can do the same thing and honestly, this program really isn't worth much.
o turn off Windows Defender do this:
1.Run Windows Defender from Start Menu.
2.Click on Tools button.
3.Then click on Options link under “Tools and Settings” section.
4.Scroll down the “Options” page, and uncheck the check boxes of the following two settings:
Use real-time protection (recommended) under “Real-time protection options”
Use Windows Defender under “Administrator options”
*Note that both options MUST be unchecked for the Windows Defender service to be completely stopped. Else, only real-time protection is disabled.
5.Click on Save button.
6.A “Windows Defender is turned off” dialog message will appear, confirming that Windows Defender no longer runs.

* Restart your computer after doing both of the above.

rar files wont attach...

Instructions are and were VERY clear both in our Read Me First Sticky
"please be sure to submit (Copy & Paste, not as an attachment unless requested) these requested scanlogs"

And as instructed by myself twice in this thread itself

"post back with copy/pastes of all the logs produced."

"DDS logs please, both should be copy/pasted"
Please COPY/PASTE both files. We do not open attached files due to the possiblility of infecting those opening the files.
The logs are both displayed in Notepad so a Copy/paste of these .txt files is very simple to do.

DDS logs please, both should be copy/pasted

Its just says Avira has blocked " g: autorun.inf ". Then theres no option of removal or quarantine its just plane " OK ". Its an avira pop up at the right top corner. It used to only happen to drive g: and f: now it also gives me a warning from drive c:. For the 2 drives i can see the autorun.inf file and erase it like a normal file for C: i cant see or delete it even in dos and malwarebytes n avira cant too. Btw the warning pops up everytime i plug or unplug any usb device. Thanks

I know exactly what you are saying, I have gotten them before also. I understood your first post and all the others. I have used Avira for well over 4 years and am very familiar with the program.
I also told you above how to get to that setting in Avira, it is there that you would be able to stop those pop ups. Look at my print screens.
Though, this shows Avira is doing it's job. So removing the default setting you are disabling a key part of the program, It IS blocking something, which should be telling you there is something wrong and you need to take additional steps.
There IS a chance, as I said earlier this could be an infection and you should follow all the steps given in our Read Me First Sticky and post back with copy/pastes of all …

What was the name of the infection removed? Do you have the MBA-M logs from that removal? Look in the program under the logs tab. Copy/paste that log here. It might help if we knew what that infection was.

For one thing, if you are running both Avira and Microsoft Security Essentials this means you have TWO anti-virus programs on your computer and that is a big "no-no". Absolute rule is ONE anti-virus program on the computer.
Otherwise we can't really tell you much until you complete the steps given in the Read Me First sticky and post the copy/pastes of all the logs. We can better tell you then what to do to try to correct the problems.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

did what you said about the autoplay setting,ived done that way back i got my Win7. Ok il post asap...myt take awhile coz its almost 2tb of memory to be scanned. Btw no settings changed in avira,just defaults.

The Avira setting change was the very first thing I gave you, any reason you chose to ignore that suggestion? That would turn that warning off.
When you get that warning from Avira what drive is it telling you that the autorun has been blocked?

hi thanks for the replies. i tried that autorun eater but still the autorun.inf still pops up.

@jholand - yeah im running win7 but i already did that. The autorun doesnt execute it just pops up all the time even i delete it and avira keeps on blocking them.

You all ready did what? If it is change settings on the computer, the computer should have been fully rebooted immediately following, did you do that? Did you change settings in Avira? If after all of this it all continues then you likely have infections.
You need to do the steps noted in our Read Me Sticky because this may be an infection.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865
Post back with the logs.

Download autorun-eater, it will take it all away and detect it on contact with removable devices

Absolutely no reason to download a special program to do this.
We don't know the operating system of the OP but here are instructions which should cover all:
go to Start Menu \ Run and type in gpedit.msc
If you are prompted for an administrator password or for confirmation, type the password, or click Allow.
Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.
In the Details pane, double-click Turn off Autoplay.
Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
Restart the computer

For Windows 7 do the following:
Click Start button > Open control panel.
Select Default Programs.
Click Change AutoPlay Setting.
Uncheck use AutoPlay for all media and devices and click save.

Open Avira -> Configuration -> Guard -> Scan -> Action on detection and disable "Block autostart function

with Avast running it doesn't pop up an error but it doesn't save either... shows up for a fraction of a second then disappears... working as intended?

Look in Avast quarantine. IF it worked then it should be in there or there should be a listing stating that this file has been blocked. If the file itself shows ON your computer then no, it didn't work because it should not be allowed to be saved on the computer.

Is there a specific reason you are using Hibernate instead of just saving your work and shutting down? If if is only to speed boot time you might time the difference, you may be surprised, you may only be saving a few seconds.
The file used for storage during hibernation could be corrupt. This is the file where all your desktop and open files are saved it is a special Windows file called hiberfil.sys is saved to the hard disk for hibernation. This large file usually resides in your root folder (c:\hiberfil.sys). Persons who don't have the hibernation option usually don't have this file. Normally this file is approximately the same size as the amount of RAM on the computer. So if you have 2 GB of RAM then you are giving up about 2GB of your hard drive for this file.

You might try running Chkdsk to see if there are any damaged files on the computer.

Is this a laptop?

my computer still tells me that it hasn't been shut down correctly after putting it in hibernation or putting it to "sleep."
Hibernation or putting to sleep are two different things, which are you doing?

Sleep is a power-saving state only, it isn't turning off the computer. Putting your computer into the sleep state is like pausing a DVD playerThe computer is still "ON" though using less power than it does when you are working on it.

Hibernation is a power-saving state designed primarily for laptops.Of all the power-saving states in Windows, hibernation uses the least amount of power.

Sleep typically saves your settings in memory and draws a small amount of power, hibernation saves your open documents and programs to your hard disk and then turns off your computer.

A reboot, as requested when doing ESET or MBA-M the computer shuts down and immediately reboots to complete removals done by the program being used. Removals are done very early in the boot process, before key files would be in use, that is why it is Reboot you must use, NOT Sleep, when using sleep there are some files still in use by the computer so removals often cannot be completed.

You should try them all until one of them works. If something tells you that rkill is an infection then it IS the infection telling you this. The only thing killed by the rkill was that one rkill file, that was it and it was the infection working to avoid being stopped. When it works it is not going to "find itself" it is going to stop the infection process or processes that are running. Remember DON'T reboot after running rkill, immediately go onto the MBA-M scan.
You need to use a different one. Download them all except that first one again. Try them until something is stopped, THEN update MBA-M and run it again. That ONE rkill file is the only one that MBA-M may flag, it should not flag any of the others so delete that one and begin again with the others.

How many of the rkill files did you use? The log you posted only showed that it stopped one of the rkill files When you say you "deleted" McAfee, simply deleting a program does not remove it, it only deletes the visible signs of it. The program likely remains if you did not actually Uninstall it.
Please update MBA-M and run a new Full Scan with it in Normal Mode have it remove everything found. Reboot the computer
Also do the following:
Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Still Not Working for Me ( Using Kaspersky 2012 )

Then I would say there IS a problem with your anti-virus program because if you followed the correct instructions to save the file as EICAR.COM then the simple act of saving the file should have triggered an alert.

sorry! you should save file as .com not .con then test it

That is exactly what I posted.
If the av program is set up correctly, a scan shouldn't be necessary, a correctly configured av program should catch it the moment it is saved on the computer and not allow it to be saved. You really should actually know how the test works before posting instructions. Also make sure instructions posted are absolutely correct before posting something. Incorrect instructions for something, not this, but tools for instance, can damage a computer.

I had AVG antivirus installed on my computer at one time, however, I thought I uninstalled it. Is what you're seeing remnants from that?
You show version AVG 2010 and also show this
8/25/2011 6:28:33 PM - Installed AVG 2011
8/25/2011 6:29:31 PM - Installed AVG 2011
8/25/2011 8:02:49 PM - Removed AVG 2011
8/25/2011 8:06:38 PM - Removed AVG 2011
AVG 2010 also shows as either installed or files added on the 25th at around 10:30 P.M.
McAfee DOES show as still INSTALLLED and running on the computer, the absolute rule is only ONE antivirus should be installed on the computer and running, you most definitely have two of them. BitDefender shows in the log as disabled but there are BitDefender files running however does not show in the list of installed programs.
A Fake Windows Anti-virus infection must be Removed in a very specific way using, generally MBA-M and sometimes other programs. If this is not the way that you removed the original then at least part of it remains, but the computer would not have acted normally for too long before the infection "re-infected" the computer completely. This likely is a new infection though parts of the other may remain. BitDefender is not a Free program, did you pay for it?

If you have installed an antivirus and you are not sure if it is protecting your pc
fully or not? just try this popular test....

open notepad

just type in
"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
(without quotes "")

save this with ".con" extension like: "eicar.con"
scan this file with your antivirus

if your antivirus detects this file- Antivirus is working as it should be...
most antivirus will pop out a message

and if your antivirus doesn't detects it
There's a problem with your installation So, re-install your antivirus

While you are attempting to do a "good thing", your instructions are incorrect.

You need to save the file as EICAR.COM not EICAR.con Your av program should save it the moment you save the file. My Avira did.

You still have McAfee on your system. It shows as running in your DDS log. It needed to be completely uninstalled before installing BitDefender.
However I believe you problem is an infection called AVG Antivirus 2011. It shows in multiple places in your logs.
Follow these instructions from bleepingcomputer and post back with the logs.

http://www.bleepingcomputer.com/virus-removal/remove-avg-antivirus-2011

Print out these instructions as we will need to close every window that is open later in the fix.

Reboot your computer into Safe Mode with Networking. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard.
Once in Safe Mode with Networking then download RKill to your desktop from the following link.
http://www.bleepingcomputer.com/download/anti-virus/rkill
When at the download page, scroll down and click on the click on the link labeled eXplorer.exe download link. When you are prompted where to save it, please save it on your desktop.

Once it is downloaded, double-click on the eXplorer.exe icon in order to automatically attempt to stop any processes associated with AVG Antivirus 2011 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just …

HiJackThis is rarely used today. Please complete the steps given in our Read Me First sticky and copy/paste all requested logs back here and we will see what may be causing the problem.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

HiJackthis really isn't as thorough as it once was. Please follow the steps given in our Read Me sticky and copy/paste all logs back here and we will be happy to take a look.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Judy

Hi, I have installed norton antivirus 2011 and now i can't use facebook, hotmail or youtube and other sites dont load properly if at all, i uninstalled norton as this seemed to be the problem but still nothing has changed in regards to the sites mentioned. Can anyone help? thanks

This thread is 8 months old and belongs to another. You need to begin your own thread stating all of your problems.Telling us HOW you uninstalled Norton also. It is likely settings were changed with the install and must be restored to their original settings.

I honestly don't see anything. It may very well be that you had "just enough" of McAfee remaining that kept you protected. Also looking at the logs, it appears to me that you are a pretty safe computer user. You don't appear to have any of the very risky P2P programs that much of the time bring in some real nasties. I had something similar happen to me way back when I used Norton AV years ago. I renewed and thought that was all that was necessary there was a major change between the program I had on the computer and the newly released program which necessitated the removal of the old and the download of the newest version. I would bet that is what happened to you.

For safety sake you might try just one more online scan.
Do the following:
Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14

* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

If it doesn't find anything then I would think you are "good to go" …

HiJackThis is no longer used, and yours was out of date anyway, as is your operating system. We don't know what problems you are having because System Error title really tells us nothing. We need some more information, exactly what are the problems you are experienceing? Give as full info as possible.
Follow the steps given in our Read Me First sticky and post back here with all the requested logs and we will be most happy to provide assistance.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

If you are have enough experience to remove a virus manually, you may try to remove the infections of fake Windows Security in manual way so that the virus can be completely kicked off from your PC.
But you should be very careful because any mistake during the removal process may cause irreversible damage worse:

(1) The associated files of fake Windows Security to be deleted are listed below:

%AppData%\Microsoft\[random].exe

%UserProfile%\Desktop\Windows Security.lnk

%UserProfile%\Start Menu\Programs\Windows Security\

%UserProfile%\Start Menu\Programs\Windows Security\Windows Security.lnk

%UserProfile%\Start Menu\Programs\Windows Security\Uninstall Windows Security.lnk

(2)Open your Registry Editor (For Windows XP:Click the Start menu->Click Run->Type "regedit" and click OK. For Windows Vista/7:

Click on start menu and input " regedit " in the search bar and press Enter.) and then remove the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe Debugger = svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe Debugger = svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe Debugger = svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe Debugger = svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe Debugger = svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe Debugger = svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore DisableSR = "1"

Manual removal is most definitely not recommended. If you wish to give help here we ask that you read and follow the instructions given here
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/368036

and use the instructions Here

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Check the browser and be sure it is not set to Offline.File, work offline.

If the computer is infected which prevents you in updating MBAM, you should try using the Malwarebytes manual update process:

Using another PC, download the Malwarebytes database installer from http://data.mbamupdates.com/tools/mbam-rules.exe
Save mbam-rules.exe on a USB or flash drive and transfer it to the affected computer
Open mbam-rules.exe to start updating MBAM

Did you try to run that winsock fix as Administrator? That must be done if using Vista

Repair and reset the Windows Vista

Click on Start button.
Type Cmd in the Start Search text box.
Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request .
Type netsh winsock reset in the Command Prompt shell , and then press the Enter key.
Restart the computer.

Since the problem only happens with IE9 then yes, it may very well only be a problem with that browser. But to be sure please do the following and post back with the requested logs copy/pasted

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

What is that protection log? Honestly am not familiar with that.

That midicair Toolbar is really considered very questionable. It is a Conduit toolbar. Conduit toolbars are reputed to have a certain trackware functionality.
You should really give serious consideration to uninstalling it if you personally installed it and if you didn't choose to install it then by all means get rid of it.
If that MBA-M was run today it is way out of date. Your Database version: 7035. Most Current Database version is 7367. The absolute rule with MBA-M is update before each and every scan, even scans done one after another. They release multiple updates daily, sometimte just a few minutes apart. You need to update and run another Full Scan.

We need to see the log produced by MBA-M that actually removed the Trojan. We can recommend nothing until we know which one we are dealing with.
You also need to copy/past that Attach.txt log here, we do not open attached files, our sticky is quite specific with that instruction.

I have done the other things required, there were no problems.
The instructions clearly say post the logs. We do need to see all of those
.

You actually first posted this problem with these same infection files showing in April 2010. You didn't complete any requested clean up steps then either.
http://www.daniweb.com/hardware-and-software/microsoft-windows/windows-nt-2000-xp/threads/273435 and your HiJackThis log run then looks pretty much the same as this one, showing the very same infection files. So you have been running an infected computer for well over one year.

HiJackThis isn't even used here now. If you have done the requested steps in the Read Me sticky then you should have at least four logs available for posting, Please post those. We can do nothing without seeing the logs.

Only difference between then and now is you have added these programs which are total junk and need to be fully uninstalled immediately IObit\Advanced SystemCare 4
IObit Malware Fighter

Now you need to boot to normal mode, update MBA-M and do another full scan.

Boot to Safe Mode with Networking.
Internet Explorer go up to Tools, Internet Options. Connections Tab. Click the LAN Button.
When LAN Settings opens if there is a checkmark in use Proxy Server, REMOVE that check mark and click OK. Then OK your way out of Internet Options.

Then do this:
Download rkill and save it to the desktop.

http://www.bleepingcomputer.com/down...ti-virus/rkill

When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.

If you are unable to connect to the site to download RKill, please go back and do steps again and make sure the infection has not reenabled the proxy settings. You may have to do this quite a few times before you can get RKill downloaded. If you still cannot download the RKill program on the infected computer, you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Personal Shield Pro and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not …

Which scan are you attempting? You only do one at a time, not all of them at once which your post sounds like you are trying to do.
"i cant scan my computer when the scan is in progress i always get a bluescreen"
If you are only getting it with one program then skip that one and go to the next.

Could very well be an infection. I suggest you follow the steps given in our Read Me First sticky and post back here with the requested logs.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Thanks so much for your kind words, they are greatly appreciated.
Happy we could get it all resolved. Good working with you too!

Fantastic!!!
Now here are the two programs I mentioned.
First one is SpywareBlaster from Javacool. It is truly a MUST have program. I have not run my computers without it in years.
"SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites."

Download it from here:
http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html

Install it, update it and then Enable All protection and close the program. This is one reason it is so good, it doesn't run in the background so it cannot interfere with any other programs, but it offers superb protection. Manually check for updates every couple weeks. If there are updates then install them, enable all protection and close the program. Simple as that.

The second one is WOT...Web Of Trust. This is a browser addon which gives you advanced warnings on whether a website is trustworthy or not. If the site is good you will see a little green circle on the browser, if it is questionable the circle will be yellow/orange and if it is totally NOT trustworth the circle will be red.
It is available for both Firefox and Internet Explorer.
http://www.mywot.com/

Keep Malwarebytes' Anti-Malware (MBA-M). Update it at least once a week and …

Ok, almost finished. You need to Uninstall these programs, as I said earlier, they are basically Junk programs and really can do much more harm than good.
Uniblue DriverScanner
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Uniblue SystemTweaker

These two, are not listed in Add/Remove but do have Program folders so they need to go also
C:\Program Files\ErrorTeck
C:\Program Files (x86)\TotalRecipeSearch

You also should change your Home Page to something other than .mywebsearch, it also brings in a LOT of questionable files.

A huge number of the infected files actually came from TotalRecipeSearch and it is known as a questionable website.Obviously somebody in your household is a cook or loves to cook. There are many other excellent websites where good recipes can be found, I would strongly advise against this one.

Your Java is also WAY out of date so it needs to be updated.
You should Uninstall the old Java using Add/Remove and then download this newest version from this web page.
http://www.java.com/en/download/

Once you have done all of the above come back and I will give you just two more FREE security programs which will help keep your computer safer.
You haven't had anymore indications of the PERSONAL SHIELD PRO have you...I hope anyway.

You are doing SUPER! Exactly as asked with everything.

Just a couple more things so we can be 100% certain that things are fully cleaned up and won't happen again.
I want you to do the following:
Download DDS by sUBs and save it to your Desktop.

http://download.bleepingcomputer.com/sUBs/dds.scr

Be sure follow the instructions below carefully
• If your AV has a script blocker, please disable it
• DoubleClick on dds.scr to run the tool
* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
• Copy&Paste both the DDS.txt and the DDS Attach.txt into your post

This is basically a simple scanner program that can show us what has been happening, possibly HOW it happened and also what programs are installed on the computer that may not be needed OR that may have helped contribute to this problem. The logs are quite long and might take more than one reply to paste them completely.

i am hung up at the step for saving the new hosts file to the c:........hosts\ect file
i have downloaded the file but it goes into the download file and i can't get it onto the desktop????

right click the file and choose copy. Then open the C:\Windows\System32\Drivers\etc\ folder and right click and Choose Paste. See if it goes in ok.

Should I be using Uniblue Registry Booster, Drive Scanner, System Tweak and Speed My Computer?
All of those programs are JUNK. They should be uninstalled using Add/Remove.

Should I use Windows security, instead of BitDefender?

No BitDefender is just fine.

However, you are not complete with the clean up yet. This Personal Shield Pro makes some major changes to the computer and you will need to correct those also.
It changes your Windows HOSTS file, you will need to replace this file with the default version for your operating system.
Here are the steps:
Please download the following batch file and save it to your desktop:

http://download.bleepingcomputer.com/bats/hosts-perm.bat

When the file has finished downloading, double-click on the hosts-perm.bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run. Once it starts you will see a small black window that opens and then quickly goes away. This is normal and is nothing to be worried about. You should now be able to access your HOSTS file.

Next do the following:
Go to C:\Windows\System32\Drivers\etc\HOSTS You need to Delete that HOSTS file.

Once you have done that then do this:
Once it is deleted, download the following HOSTS file
http://download.bleepingcomputer.com/misc/host-files/windows-7/hosts
and save it in the C:\Windows\System32\Drivers\etc folder.

Once you have done that Reboot the computer and come back …

Whew!!! boy, that may be some sort of record!:)
Go to normal mode and update and run Malwarebytes' again the same way, Full Scan, remove everything found and reboot.

Now do the following:
Download Malwarebytes'Anti- malware and save it to your desktop.
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Once downloaded, close all programs and Windows on your computer, including this one.

Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.

When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button. If MalwareBytes' prompts you to reboot, please do not do so.

On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for Personal Shield Pro related files.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the attached image below with infected files found noted in Red.
Scroll through the list and be sure there ARE check marks next to each item noted in Red. Once you are certain the check marks are there then click the Remove Selected button and then Reboot the computer.

Go to MBA-M and open the program. Go to …

There is no reason to remove these programs you noted, they are NOT P2P programs. They are normal programs found on most Windows 7 operating systems and likely cannot be removed. Just CLOSE them.

Ok, you are exactly where you should be right now, Safe Mode with Networking. Very good!
These instructions are the standard, always used instructions and they were created by Bleepingcomputer website and are used on most good, legitimate sites for these removals.
I have posted attachment pictures so you can see what is needed to do.
Here is what you need to do:
In Internet Explorer go up to Tools, Internet Options. Connections Tab. Click the LAN Button.
When LAN Settings opens if there is a checkmark in use Proxy Server, REMOVE that check mark and click OK. Then OK your way out of Internet Options.

Then do this:
Download rkill and save it to the desktop.

http://www.bleepingcomputer.com/download/anti-virus/rkill

When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.

If you are unable to connect to the site to download RKill, please go back and do steps again and make sure the infection has not reenabled the proxy settings. You may have to do this quite a few times before you can get RKill downloaded. If you still cannot download the RKill program …

Apology accepted. Now if you do want assistance with the removal of this infection I will be happy to give you the steps needed one at a time. You complete step one and report back with the needed log and then I will give you step two and so on. But you have to be willing to do the steps as given.
If you don't feel that you can follow the steps this way then your only option is to take it to a shop.

You are assuming a LOT and very wrongly. The Sticky, while dated, 2008, is kept up to date on a regular basis.
If your "handle" appendage, 1964, is a hint of your experience, you come from a generation of IT people that were notoriously abusive to "non-techs."

Again another wrong assumption. I am not a "tech" as you assume, I have never been and never have claimed to be. I am simply an ordinary computer user who has taken up assistance in malware removal as a hobby. The 1964 "appendage" was used in order to not have to go through "umpteen" other numbers to be able to use the name I wanted to use or take on a suggested user name that I didn't want to use.

The Sticky is user friendly if a person will use it as described and if you read other threads here you will see that it is used by all when posting here.

Honestly I don't know what it is that you are expecting or what it is that you want us to do. There is no magic bullet or button to push to remove infections like this one. They all require multiple steps and tools and there is no other way to remove them. We can't give you different steps if they are not available and they are not available. There is no ONE step to remove this infection.

If you don't feel you can follow the steps …

I have about no chance of following PhilliePhan's sticky without my head blowing off. As a longtime PR person I would go back and carefully read that sticky and decide whether it is conducive to "follow exactly as given," and determine whether or not the attitudes in communications project arrogance and distain,"or truly assist your mission of "helping."

Sgt Taylor, USMC and still frustrd

Then your chances of getting the computer clean are very slight. I am very sorry. There are multiple tools required to rid the computer of this infection and if you are not willing to run these simple tools then as stated the chances of getting the computer clean are very small.We have helped posters remove this infection many times with great success. There are accepted tools used to clean this and then fix damaged files but they must all be run correctly otherwise further damage will result until it is possible the computer will not be usable.
hopefully you will be willing to run the tools. We only want to assist.

svilla[/B, while we always welcome help here. We also have a sticky for those wishing to offer assistance. You need to follow those rules if you wish to assist.You will find it at the top of the page and I ask that you read it.

Forum Rules and Policy for First Responders
-- Please refer initial posters for assistance to our Read Me First Sticky Post
We would like everyone to start with these steps so that a "baseline" for further assistance can be established.