Please download the following programs, but do not run them yet:
* rdrivRem.zip
- Unzip it to your desktop.
- Install it.
- Save it to your desktop.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight "Safe Mode" then hit enter.
1.) Please double-click rdrivRem.bat to run the program - follow the instructions on the screen. After it's complete, rdriv.txt will be created in the rdrivRem folder.
2.) Double-click the Ewido Security Suite icon to run the program.
- Click on scanner
- Click Complete System Scan
- Let the program scan the machine
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report
- Save the report to your desktop
- Exit Ewido
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
Press the CleanUp! button to start the program.
4.) After Cleanup! is finished, run HijackThis. Place a check next to the following items, if found, and click FIX CHECKED:
O4 - HKLM\..\Run: [Microsoft Telecom Center] tellecom.exe
O4 - HKLM\..\RunServices: [Microsoft Telecom Center] tellecom.exe
O4 - HKCU\..\Run: [Microsoft Telecom Center] tellecom.exe
Close HiJackThis.
5.) Run Killbox.exe.
* Select "Delete on Reboot".
* Select all these file and click on Copy -
C:\WINDOWS\System32\tellecom.exe
C:\WINDOWS\System32\mousebm.exe
* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any "PendingRenameOperation" prompt. If your computer does not restart automatically, please restart it manually.
After computer has restarted continue with the rest of the instructions:
6.) Make sure your firewall is on. Make sure you can turn it off then turn it back on and that nothing is greyed out.
Also, Make sure your Anti-Virus program is working properly - you can turn on and off auto-protect, etc.
7.) Run BOTH of these online virus scans (NOT at the same time!):
ActiveScan
TrendMicro's HouseCall - check "Auto Clean"
Save the results from ActiveScan.
I need you to post the contents of rdriv.txt, the log from Ewido, the log from ActiveScan, and a new HiJackThis log into this topic.