Hello gracie_girl,

Your system does have malware infections. You need to do some preparation work and then after, make a New post in the HijackThis forum.

The main page for Trend Micro HijackThis Logs forum is
/f67-Trend_Micro_HijackThis_Logs.html

Read this first /t102301-Hijackthis_Guidelines_Read_Before_Posting.html

If you have peer-to-peer filesharing programs on this system, remove them first.
See /t204179-P2P_programs_we_ask_that_you_remove_first.html

Next, see http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview

Get the HijackThis utility, run it as suggested, and only then, post a new thread by going to this forum
/f67-Trend_Micro_HijackThis_Logs.html

and pressing "New Topic" button, put your HJT log in there, along with all pertinent details.

NOTE: As you get this popups from rogues & malware, do not click the X button at upper right to clode the window(s).
Instead, press and HOLD the ALT key, then tap the F4 function key.
ALT+F4 is the key sequence to close a window.
Some of these rogues will get further into your system when you press the X (close) button {for 'their' message window}.

Don't do free-whelling web surfing and minimize your internet activity to basically just this forum, or the sites you are guided to by CC forum staff.

This is my standard 1st reply to malware issues, consisting of doing some cleanup and getting basic reports.

If your system is running Vista, you likely need to run the programs as Administrator. If so, you Right-click on the program icon or shortcut, select "Run As Administrator".

1. Set Windows to show all files and all folders.
Bring up Windows Explorer / Tools / Folder Options/ select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

This program is for XP and Windows 2000 and Vista


• Double-click ATF-Cleaner.exe to run the program.
  
• Under Main choose: Select All
  
• Click the Empty Selected button.
  
  
• If you use Firefox browser:
  
  
  • Click Firefox at the top and choose: Select All
    
  • Click the Empty Selected button.
    
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  
• If you use Opera browser:
  
  
  • Click Opera at the top and choose: Select All
    
  • Click the Empty Selected button.
    
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  
• Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

For Technical Support, double-click the e-mail address located at the bottom of each menu.
=
3. Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

4. Please download & save Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform FULL Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy & Paste the entire report in a new reply as soon as it has finished.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

5. Download Deckard's System Scanner: http://www.techsupportforum.com/sectools/Deckard/dss.exe

• Close all applications and windows.
  
• Double-click on dss.exe to run the application; follow the prompts.
  
• When the scan is completed, a text file named Main.txt will open. Please save this file, then close Notepad.
  
• The folder C:\Deckard also will open. This folder will contain another text file named Extra.txt. Please save this file to your desktop, too, then exit Notepad.

Note: Your firewall may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
>
In a post to the CC HJT forum, , and NOT here ......please post (in order):

• the MBAM report and
  
• the contents of Main.txt and Extra.txt (from above).

Be sure to do a Preview prior to pressing reply because all reports may not fit into 1 single reply. You'll likely have to do more than 1 reply.

Make one and only 1 post into the HJT forum. And do NOT reply to your own post, until after 1 of the CC moderators or staff has responded. ok?

Cheers.

MBAM shows that you have Vundo infections. Please, right away, do as requested by Prince Serendip.
De-install BitComet and Ares.
Run a new HijackThis Scan and Save.

Reply ONLY on your thread at the HIJACKTHIS forum and not anywhere else. The link to that thread is

/t222425-New_Log.html

Do NOT reply here.

I will endeavor to catch your updated HijackThis post after you have done as requested by Prince Serendip.
Cheers.

All times are GMT