noahdfear

Looks good. I can only assume you are no longer getting the alert since the log doesn't show any HelpAssistant folders present. The mbr is OK as well. I've just a couple of things to add then kadah will be back with you. First, please click Start>Run and type (or copy and paste) the following bolded command then hit Enter. helpasst -cleanup You can then delete HelpAsst_Mebroot_fix.exe when it finishes. Next, click Start>Run and type cmd then hit Enter to open a command window. Highlight and copy the contents of the code box below, then right click in the command window and select Paste. reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List >>%temp%\temp.txt start notepad %temp%\temp.txt exit cls The pasted commands will execute quickly, a log will open in notepad and the command window will close on it's own. Please post the contents of that log here. Note - if instead of a log opening you're asked if you want to create temp.txt, click no and inform us. Finally, did you knowingly configure your computer to use a proxy? IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

Hi SteelBarracuda, kadah has graciously agreed to allow me to work with you directly. Hope you don't mind You may want to write down or print the following for reference. Please delete the copy of HelpAsst_Mebroot_fix.exe you currently have and replace it with this one Close out all other open programs and windows. Double click the file to run it and follow any prompts. When the tool completes, click Start>Run and type the following bolded command, then hit Enter. mbr -f Now, please do the Start>Run>mbr -f command a second time. Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up. Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter. helpasst -mbrt Make sure you leave a space between helpasst and -mbrt ! When it completes, a log will open. Please post the contents of that log.

Try running gmer in Safe Mode tomorrow. Sleep well!

Well, see what happens if you uncheck only the first 3 and Files.

That's very odd - I've run it that way many times. Try adding the following to the scan, trying with just each one in addition to the others. Services Registry

That error is often associated with memory (RAM). Suggest you do the following. 1. Run the Memory Diagnostic option in 'Repair your computer' 2. Run gmer again and uncheck the following options. System Sections IET/EAT Services Registry Files Show all If you have more than 1 hard drive, make sure only the operating system drive is selected.

ComboFix scans for and reports registry keys that are locked or otherwise normally hidden from normal registry editors. Those entries related to Footbal Manager fall into such a category - nothing to be concerned with. It appears that between the system restore point used and your onboard malware removal apps, your system may well be free of infections. I would like to see a new gmer scan log to verify the rootkit(s) have been cleaned as well. It's not recommended to have more than one active antivirus installed. I recommend you uninstall either the Norton Internet Security or AVG. I also recommend you run an online virus scan. Click here to go to ESET's online scanner. Note: You will need to use Internet explorer for this scan Turn off the real time scanner of any existing antivirus program while performing the online scan Check the box next to YES, I accept the Terms of Use. Click Start When asked, you need to allow Eset's activeX control to install Click Start Make sure that the option Remove found threats is unchecked and the Scan Archives option is checked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are selected. Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt Post the contents of that log here and also let me know how things are now. In addition to the above actions, please highlight and copy the bolded command below. dir %systemroot%\system32\config\*.sav /a:h >%userprofile%\desktop\look.txt Click Start then type cmd in the start search window. When cmd.exe populates in the results above, right click on it and select Run as Administrator. Right click in the command window and select Paste, then hit Enter. Close the command window. Post the contents of the look.txt file created on your desktop.

BSODs produced by running ComboFix are not common, though not unheard of. Regardless, it is recoverable using a number of methods, as you've already seen with System Restore. Please run ComboFix again. Should it result in another BSOD, please do not panic and hold off on System Restore - we'll try some other things first. Should it BSOD, first use the Startup Repair option in 'Repair your computer'. If that does not resolve the issue, please post the exact stop error message displayed on the BSOD.

Great! Lets see what all we can get cleaned up with ComboFix. Please visit the following webpage for instructions for downloading and running ComboFix How to use ComboFix Download ComboFix, saving the file to your desktop. Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs. Close all open programs and windows Double click ComboFix.exe and follow the prompts. It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply. Note: Do not mouseclick combofix's window while its running. That may cause it to stall

You should also be prompted to re-activate Windows, and maybe even prompted to enter the Vista Product Key. Is this happening as well? If so, what happens when you do so? When first turning on the computer, tap the F8 key repeatedly. That should bring up the Advanced startup menu, where Safe Mode, Safe Mode with Networking, etc is available. Is there also an option to 'Repair your computer"? If not, do you have a Vista installation or Recovery cd? Are you able to access Windows in any mode, eg, Normal, Safe mode, Safe mode with Networking? If yes, do you have internet access? If yes but no internet access, do you have a usb flash drive and another computer available to download and transfer files?

Hi DE4life, Are you still in need of assistance? You have an infection that is quite new, for which there is currently no known fix. I'd like to see if I can help to rid you of it.

Happy Birthday to you, happy birthday to you, hap ........... well, you know the rest of it. Happy Birthday Andy!!

Congratulations RD! Good to see you back up!