Computer infected with malware

[ryandesign2003]

My computer is infected with malware that snuck by my malwarebytes program.

Per the recommendations posted on the topic called "I'm infected - What do I do no?" started on January 9, 2009 - I have downloaded dds.com and ran it. Attached are the two logs described in the original posting:

1. dds.txt

2. attach.txt

Hopefully you can provide some guidance on how to remove the malware.

Thank you.

ryandesign2003

Attach.txt

DDS.txt

[RPMcMurphy]

Hello and welcome. Please follow these guidelines while we work on your PC:

• Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  
• Please do not run any scans or install/uninstall any applications without being directed to do so.
  
• Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  
• When finished, it will produce a report for you.

.

Please include the following in your next post:

• ComboFix log

[ryandesign2003]

RPMcMurphy,

I downloaded combofix however it did not save to my desktop. It started running without giving me the option to save. It has been running AutoScan for 60+ minutes and shows Completed Stage_48. It seems to be stuck now......it hasn't shown any more completed stages for over 20 minutes. Should I assume it's gone as far as it can? No report has been generated.

Thanks.

[RPMcMurphy]

If it is still hung, reboot and try running ComboFix from the safe mode. You will have to download it and save it to your desktop - click on "Save" instead of "Run" when you press the download link.

Please include the following in your next post:

• ComboFix log
  

[ryandesign2003]

Successfully ran combofix this morning - attached is the log

ComboFix.txt

[RPMcMurphy]

ryandesign2003:

Parts of that log are missing from the end. This will re-open it, please try posting it again for me:

Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:

c:\ComboFix.txt

Please include the following in your next post:

• ComboFix log

[ryandesign2003]

ComboFix 12-01-21.02 - TR 01/31/2012 7:09:03.2.2 - x64 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.3434 [GMT -5:00]

Running from: C:\Users\TR\Documents\Downloads\ComboFix.exe

AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\TR\g2mdlhlpx.exe

((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))

2012-01-31 12:15:32 . 2012-01-31 12:15:32 -------- d-----w- C:\Users\TR\AppData\Local\temp

2012-01-31 12:15:32 . 2012-01-31 12:15:32 -------- d-----w- C:\Users\Guest\AppData\Local\temp

2012-01-31 12:15:32 . 2012-01-31 12:15:32 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-01-29 20:37:54 . 2012-01-29 20:37:54 -------- d-----w- C:\Users\TR\AppData\Roaming\AVG2012

2012-01-29 20:37:41 . 2012-01-29 20:37:41 -------- d--h--w- C:\ProgramData\Common Files

2012-01-29 20:37:13 . 2012-01-29 20:37:13 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2012-01-29 20:34:39 . 2012-01-30 20:04:30 -------- d-----w- C:\Windows\system32\drivers\AVG

2012-01-29 20:34:39 . 2012-01-29 20:50:00 -------- d-----w- C:\ProgramData\AVG2012

2012-01-29 20:34:02 . 2012-01-29 20:34:02 -------- d-----w- C:\Program Files (x86)\AVG

2012-01-29 20:30:09 . 2012-01-30 20:05:59 -------- d-----w- C:\ProgramData\MFAData

2012-01-29 20:29:08 . 2012-01-29 22:25:08 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2012-01-29 20:29:08 . 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-01-29 18:59:56 . 2012-01-29 18:59:56 -------- d-----w- C:\Users\TR\AppData\Roaming\Malwarebytes

2012-01-29 18:45:48 . 2012-01-29 18:46:15 -------- d-----w- C:\Windows\F9D59E62845F49A28B75DDB00661673C.TMP

2012-01-29 17:40:55 . 2012-01-29 17:40:55 -------- d-----w- C:\Users\TR\AppData\Roaming\Tific

2012-01-22 01:19:32 . 2011-11-16 16:42:25 347136 ----a-w- C:\Windows\system32\schannel.dll

2012-01-22 01:19:32 . 2011-11-16 16:23:05 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-01-22 01:19:31 . 2011-11-17 06:53:02 515968 ----a-w- C:\Windows\system32\drivers\ksecdd.sys

2012-01-22 01:19:31 . 2011-11-16 16:43:13 442368 ----a-w- C:\Windows\system32\winhttp.dll

2012-01-22 01:19:31 . 2011-11-16 16:42:28 94720 ----a-w- C:\Windows\system32\secur32.dll

2012-01-22 01:19:31 . 2011-11-16 16:41:01 1689600 ----a-w- C:\Windows\system32\lsasrv.dll

2012-01-22 01:19:31 . 2011-11-16 16:24:00 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-01-22 01:19:31 . 2011-11-16 16:23:44 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll

2012-01-22 01:19:31 . 2011-11-16 14:34:41 11264 ----a-w- C:\Windows\system32\lsass.exe

2012-01-13 18:55:11 . 2011-12-01 15:29:18 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2012-01-13 18:55:11 . 2011-12-01 15:21:18 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2012-01-13 18:55:03 . 2011-10-25 16:13:33 1570816 ----a-w- C:\Windows\system32\quartz.dll

2012-01-13 18:55:03 . 2011-10-25 15:58:55 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-13 18:55:03 . 2011-10-25 15:58:54 497152 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-13 18:55:02 . 2011-10-25 16:13:31 352256 ----a-w- C:\Windows\system32\qdvd.dll

2012-01-13 18:55:00 . 2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\system32\ntdll.dll

2012-01-13 18:55:00 . 2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-13 18:54:59 . 2011-10-14 17:31:42 211968 ----a-w- C:\Windows\system32\winmm.dll

2012-01-13 18:54:59 . 2011-10-14 17:27:57 48128 ----a-w- C:\Windows\system32\mcicda.dll

2012-01-13 18:54:59 . 2011-10-14 17:27:57 28672 ----a-w- C:\Windows\system32\mciwave.dll

2012-01-13 18:54:59 . 2011-10-14 17:27:57 28160 ----a-w- C:\Windows\system32\mciseq.dll

2012-01-13 18:54:59 . 2011-10-14 16:03:25 189952 ----a-w- C:\Windows\SysWow64\winmm.dll

2012-01-13 18:54:59 . 2011-10-14 16:00:23 23552 ----a-w- C:\Windows\SysWow64\mciseq.dll

2012-01-13 18:54:56 . 2011-11-25 16:25:32 451072 ----a-w- C:\Windows\system32\winsrv.dll

2012-01-13 18:54:55 . 2011-11-18 18:07:45 76800 ----a-w- C:\Windows\system32\packager.dll

2012-01-13 18:54:55 . 2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-11 21:11:48 . 2011-12-11 21:11:48 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-23 13:57:38 . 2011-12-15 04:03:56 2764800 ----a-w- C:\Windows\system32\win32k.sys

2011-11-10 10:54:13 . 2010-05-08 17:26:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-08 14:58:31 . 2011-12-15 04:04:40 2048 ----a-w- C:\Windows\system32\tzres.dll

2011-11-08 14:42:19 . 2011-12-15 04:04:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-03 06:55:13 . 2011-12-15 04:04:16 1147392 ----a-w- C:\Windows\system32\wininet.dll

2011-11-03 06:50:15 . 2011-12-15 04:04:10 56832 ----a-w- C:\Windows\system32\licmgr10.dll

2011-11-03 06:49:54 . 2011-12-15 04:04:11 1538560 ----a-w- C:\Windows\system32\inetcpl.cpl

2011-11-03 06:49:36 . 2011-12-15 04:04:10 77312 ----a-w- C:\Windows\system32\iesetup.dll

2011-11-03 06:49:36 . 2011-12-15 04:04:10 132096 ----a-w- C:\Windows\system32\iesysprep.dll

2011-11-03 06:22:04 . 2011-12-15 04:04:25 916992 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 06:17:38 . 2011-12-15 04:04:10 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-03 06:17:23 . 2011-12-15 04:04:11 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 06:17:08 . 2011-12-15 04:04:10 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll

2011-11-03 06:17:08 . 2011-12-15 04:04:10 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2011-11-03 05:54:27 . 2011-12-15 04:04:10 479232 ----a-w- C:\Windows\system32\html.iec

2011-11-03 05:22:43 . 2011-12-15 04:04:10 385024 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-03 05:11:55 . 2011-12-15 04:04:10 162816 ----a-w- C:\Windows\system32\ieUnatt.exe

2011-11-03 05:10:39 . 2011-12-15 04:04:09 1638912 ----a-w- C:\Windows\system32\mshtml.tlb

2011-11-03 04:45:39 . 2011-12-15 04:04:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2011-11-03 04:43:59 . 2011-12-15 04:04:10 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 17:16:32 2363392]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:51:33 138240]

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-23 22:53:03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 00:11:14 61440]

"DVDAgent"="C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 01:04:26 1148200]

"TSMAgent"="C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 20:41:16 1316136]

"CLMLServer for HP TouchSmart"="C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 20:41:20 189736]

"UCam_Menu"="C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 05:02:14 218408]

"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 02:11:32 210216]

"UpdatePSTShortCut"="C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 19:34:22 210216]

"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 20:24:44 206128]

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 10:38:00 34672]

"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 19:51:46 210216]

"UpdatePDIRShortCut"="C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 02:11:32 210216]

"HP Health Check Scheduler"="c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 15:58:56 75008]

"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 23:34:24 54576]

"TVAgent"="C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 23:13:36 206120]

"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 13:04:24 500792]

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-11-29 22:38:18 421888]

"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2011-12-03 06:22:12 2415456]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856]

HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14:42 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2012-01-31 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 18:15:54 . 2010-02-05 18:15:47]

2012-01-31 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 18:15:54 . 2010-02-05 18:15:47]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 16:48:06 1560872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uStart Page = hxxp://www.yahoo.com/

uLocal Page = C:\Windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mLocal Page = C:\Windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 64.233.217.3 64.233.217.5

DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

- - - - ORPHANS REMOVED - - - -

HKLM-Run-SmartMenu - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

HKLM-Run-Windows Defender - C:\Program Files (x86)\Windows Defender\MSASCui.exe

HKLM-Run-SysTrayApp - C:\Program Files (x86)\IDT\WDM\sttray64.exe

[RPMcMurphy]

ryandesign2003:

You have what appears to have been an incomplete uninstall of Norton 360. Run this tool to remove the leftovers from that:

Norton Removal Tool

Then run this, please:

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

• Click the Update tab
  
• Click Check for Updates
  
• If an update is found, it will download and install the latest version.
  
• The program will close to update and reopen.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Uncheck any entries from C:\System Volume Information or C:\Qoobox
  
• Make sure that everything else is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

• MBAM log
  

[ryandesign2003]

I used the Norton Removal Tool to remove the leftovers.

When I tried to open Malwarebytes' Anti-Malware (MBAM) I received the same message that I have been receiving since this issue started:

Malware Anit-Malware has stopped working.

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

So at this point I am unable to run the Anti-Malware program.

[RPMcMurphy]

ryandesign2003:

Please do this:

Uninstall Malwarebytes via Control Panel > Add/Remove Programs

• Reboot
  
• Download the Malwarebytes Removal Tool
  
• Double click on the utility to run it
  
• It will ask to restart your computer (please allow it to).
  
• After the computer restarts, install the latest version from here
  
• When asked, choose to update and open the program, then run a full scan

Please include the following in your next post:

• MBAM log

[ryandesign2003]

Attached is the MBAM log that I ran this morning.

mbam-log-2012-02-02 (08-35-17).txt

[RPMcMurphy]

Hi,

How is your computer running now? Please do this next:

Please go to here to run an online scan with ESET.

• 
  
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
    
  • Tick the box next to YES, I accept the Terms of Use.
    
  • Click Start
    
  • When asked, allow the activex control to install
    
  • Click Start
    
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    
  • Click on Advanced Settings and ensure these options are ticked:
    
  • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth Technology

[*]Click Scan

[*]Wait for the scan to finish

[*]If any threats were found, click the 'List of found threats' , then click Export to text file....

[*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Please include the following in your next post:

• How is the computer running now?
  
• ESET log

[RPMcMurphy]

Hi,

How is your computer running now? Please do this next:

Please go to here to run an online scan with ESET.

• 
  
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
    
  • Tick the box next to YES, I accept the Terms of Use.
    
  • Click Start
    
  • When asked, allow the activex control to install
    
  • Click Start
    
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    
  • Click on Advanced Settings and ensure these options are ticked:
    
  • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth Technology

[*]Click Scan

[*]Wait for the scan to finish

[*]If any threats were found, click the 'List of found threats' , then click Export to text file....

[*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Please include the following in your next post:

• How is the computer running now?
  
• ESET log

[ryandesign2003]

I ran ESET and no threats were found. Since no threats were found there was no log to send.

The computer seems to be running ok -- I'm going to continue to watch my yahoo email account to see if it is still sending out spam emails.

[RPMcMurphy]

Hi,

You definately need to change the password on that e-mail account. Your logs look good! All I have left for you is an update and some very important cleanup:

Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Uninstall ComboFix

• Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
  Combofix /Uninstall
  

Delete the following tools along with any other logs you saved from our work:

• DDS
  

Download TFC to your desktop

• Close any open windows.
  
• Double click the TFC icon to run the program
  
• TFC will close all open programs itself in order to run,
  
• Click the Start button to begin the process.
  
• Allow TFC to run uninterrupted.
  
• The program should not take long to finish it's job
  
• Once its finished it should automatically reboot your machine,
  
• if it doesn't, manually reboot to ensure a complete clean
  

Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

• Restart any anti-malware programs that we disabled while we were cleaning your machine.
  
• Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  
• Please read this post for some helpful information.
  

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

[ryandesign2003]

I updated Adobe Reader but can't complete the next step. When I press the Windows key +R and type in ComboFix/Uninstall I receive a message that says:

Windows cannot find "ComboFix/Uninstall". Make sure you type the name correctly and then try again.

I can see ComboFix listed under the C drive directory. Any other recommendations on how to uninstall it?

[RPMcMurphy]

Hi,

There needs to be a space between the x and / (see below)

Combofix<space>/uninstall

If that isn't the problem, download and run the free standing uninstaller from this LINK

[ryandesign2003]

Hello,

I tried removing ComboFix by adding the space -- that didn't work. I then downloaded the free standing installer from your link. It appeared to run and said "Done" but I can still see ComboFix in my C Drive directory,

[RPMcMurphy]

Do you still have the ComboFix icon on your desktop?

[ryandesign2003]

No, there is no ComboFIx icon on my desktop. I may have deleted it when I was deleting the logs. I only see it in the C drive directory.

[RPMcMurphy]

OK, please download ComboFix again, but DON'T run it - just save it to your desktop. Once it's on your desktop, right click on it and rename it to uninstall.exe then double click on it.

[ryandesign2003]

For some reason, when I download combofix it does not give me the option to save to my desktop. I found it the C directory, changed the name there to uninstall.exe and then moved it to my desktop. When I double clicked on it , it automatically started running. It ran all the way up to the creating the log step and then it seemed to get hung up. I rebooted my computer and when I checked the C directory combofix appears to be gone. I still have the icon on my desktop - I am attaching a screen shot of my desktop so that you can see what it looks like

Screen shot of desk top.doc

[ryandesign2003]

Hello,

Please ignore my last post. I was finally able to successfully remove combofix and and run TFC.

Should I reload the Norton 360 that I uninstalled earlier?

Thanks.

[RPMcMurphy]

OK, good! You should only install Norton 360 if you uninstall AVG - do not run more than one antivirus at once as it won't offer any more protection and in many cases causes conflicts.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!