Posts by jholland1964

Matt, though your problems seem to be gone for now I am somewhat concerned by the fact that these whole group new ones have infected the computer within a week of clearing out the last infections. I am concerned that I didn't follow through enough the last time so I think it should be done this time to be sure that nothing remains.

I would like you to do the following;

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and …

Hi Dan, welcome to daniweb.
First thing I would like you to do is Open your Spybot program. Click Mode and choose Advanced.
One the Advanced mode opens you should see three buttons at the bottom right of the program. Click Tools. When tools opens you will see a row of buttons on the right. The second one down is called Resident. Click that one. When Resident opens take the check mark OUT of TeaTimer. Click Ok and close the program. Next go to Start, Control Panel, Administrative tools. When that opens Click Services. Once services opens you will see a list of programs which can be run as services at Start Up, they are listed in alphabetical order. Once of those is AdAware. Double click on that to open. A box will open, Stop the program with the button towards the bottom. Then in the middle there is a place where you can set Start Up type. Click the little arrow there and it will open up. Choose Disabled. Once Disabled appears in that window then click Apply. Close out that and close out services.
Reboot the computer.
I would like you to try to run the online ESET Scanner
You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it …

Looks much better. Could you post that Malwarebytes' log so I can see what was removed? Might be other steps required.

One thing for sure you need to do is update your Java, it is way out of date. Current version is version 6 update 7.
First go HERE
Download the Offline install and save it to the desktop so you can find it easily.
After you do that then go to Add/Remove and Uninstall ALL previous versions of Java. Reboot the computer if prompted to do so.
Once you have uninstalled all previous versions then double click that Java install icon on the desktop and install the new version. Once complete go back to the link above and on the right side of the page you will see Verify Now. Click that to verify the install went as it should.

Also, Uninstall these two programs, they are NOT necessary.
regcure, registrybooster 3009
Judy

Hi welcome to daniweb,
Definite infections showing in the HJT log. Let's try first to get rid of some of those.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer and then run a new HJT scan and place a checkmark next to the following if still present;

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)
O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - (no file)
O2 - BHO: (no name) - {20DCFF48-3990-4EF6-BC3A-E4C57534447D} - (no file)
O2 - BHO: (no name) - {35C84892-0779-45A2-B577-28D39D07ED8F} - (no file)
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} …

Hi, welcome to daniweb.
Couple things you need to do here to begin, go HERE
Follow the instructions there, especially ATF-Cleaner, the Malwarebytes' program (be sure to have it FIX what it finds) and save the log, the ESET Online scanner and save the log.
After doing those steps then download HiJackThis.
Run a Full System Scan with it and save the log.
Post back here with all three logs and I'll take a look and see if other steps need to be taken.
Judy

This log looks much better. Are you still having problems?
Judy

Have to remember, when using many of these tools it is always advisable to reboot the computer after use.

You DID totally Uninstall Symantec I hope?

OK I downloaded and installed spyblaster

I hope you mean SpywareBlaster Spyblaster is a totally different program and definitely NOT the one I spoke about. SpywareBlaster is FREE, Spyblaster, eventually is NOT, believe after the free trial it costs around $30 and isn't worth it.

Run a new HJT scan just to be certain there are not remnants sitting there ok? Post back with that log.
Judy

Hi atarischad, I hesitate to say welcome back, thought we had this all corrected:(
Your log is again showing multiple infections.
I need to see that MBA-M log too.
I want you to run the ESET Scanner

• You will need to use Internet Explorer to to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is[B] checked[/B] at this time and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us too.
• Reboot.

After you have done that then run HJT again and place a checkmark next to the following if they still exist;

F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O3 - Toolbar: &WinSec Toolbar - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\WINDOWS\system32\wscmp.dll
O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe
O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system

Once you have placed the checkmarks then click the Fix Checked button.
Exit HJT
Reboot.
Run HJT again and save the log. Post back here with the MBA-M log, the ESET Scanner log and the new HJT log.
Judy

Hi Dorita,
You should NEVER run two antivirus programs on one computer there would definitely be an incompatibility issue no matter which two would be on there.

If you all ready have Eset's NOD32 on the machine then it could very well be interfering with the Norton downloads. If you like NOD32, it's a good program, then just Uninstall Norton via Add/Remove. Then do a file search for all files named Norton and delete all found and then another search for all files Symantec and delete those found. But be sure to go through the UNINSTALL FIRST to remove it.
Judy

I am so happy to hear this. Glad I could be of help.
Judy

SPSS Evaluation Program is installed on this laptop but i wasn't the one who installed it.

If you didn't install it then who did? It appears to have been installed on September 10, 2008 about 30 minutes after you did your original HiJackThis scan.

Have you been able to correct the expired Norton program? Is the computer running any better?

Hi and welcome to daniweb. Sorry it has taken so long for you to receive a response.

She says OneCare is her virus scanner and it came installed????

What version is she running? I may be wrong but I believe this is a Pay For Antivirus program. Did she pay for it? Usually ones which come all ready installed, no matter what brand, are just trial versions and eventually must be purchased or removed. I believe the cost is around $50 per year for three computers.

I would like you to run one more online scan and that is the ESET Scanner
You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us here.

I would also like you to download and run HiJackThis
Do a Full System scan with it and save the log.
Post back here with the ESET Scanner log and the HiJackThis log.
Judy

Don't give up on Firefox, it is much more secure than IE. I have used it for several years and use it almost exclusively now.
If you want to re-enable TeaTimer you can, I don't use that portion of the program but otherwise I do use it for weekly scanning and it does a great job.. But it's ok.

One thing I definitely recommend and that is SpywareBlaster. It is a super program, DOESN'T run in the back ground but it protects both IE AND Firefox against, to quote their website;

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.

It is excellent. Download, Install, Update, Enable and "X" out, that is it. Check manually weekly for updates, enable those and that is it.
Frankly, I would disable the AdAwareService, it doesn't really do much. The program is ok for scanning I guess but not nearly as good as it was in the past. This can be disabled by going to Start, Control Panel, Administrative Tools, Services. When that opens double click on AdAware, stop the service and then disable the running at start up. You can scan with it just fine, it doesn't need to run in the background all the time though.

Just south of Kokomo...I am in Marion. Used to head …

You've left off the top of the log, we need to see that also. The part that reads like this;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15 AM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal mode

You need also to run the steps found HERE If instructions say to have the program fix what is found then please do so. Save all requested logs and post them back here when you have completed the steps. After you have completed all the steps, Ignoring the Deckard Scanner since it isn't available right now, run a NEW scan with HJT and post that full log back here with all the others.
Judy

Hi Kat, Welcome to daniweb. To begin you need to go to this link Follow the directions given by PhilliePhan.
There are links to various programs and scans you need to do, be sure to save the logs requested and post them back here. If PP says have the program FIX what is found, please do so. Now one of the steps he requests is running the DeckardScanner DSS, but it is NOT available at this time so instead of doing that the LAST step you need to complete will be running a Full System Scan with HiJackThis and saving that log.
Once you have completed all those steps then post right back here with those requested logs and I'll have a look and see if anything else needs to be done.
Just take your time, these scans pretty much run themselves so just let them run. Don't do anything else on the computer while they are running and you will do just fine.
Judy

Hi, Welcome to daniweb!

What I see looks pretty good. From these logs it looks as though you have done a very thorough job of cleaning up.
Only program I would suggest you remove is the
SweetIM Toolbar for Internet Explorer 3.1. This one is listed as "Open to debate" on most malware sites. To be safe I would Uninstall it.

I know that DSS is not available now. How about running a Full System scan with HiJackThis and posting the log here so I can take a look at that?

Judy

Looks pretty good Pete. How are things running? Don't really see anything in your Uninstall list that needs to go. You have a few unnecessary start ups showing in the log that can be run manually but other than that looks ok to me.
See you must have a pre-schooler or elementary schooler using the computer:) I had some of those same games until my two grandkids moved away.
Let me know how things are running.
Judy

I have learned a lot too...enough to know I don't want to mess with Quickbooks, I have enough trouble with simple Excel sheets!:icon_confused:
Judy

First of all please disable the Spybot TeaTimer;
To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer.
Reboot.
Next go back to the ESET Scanner, run the scan again and have it FIX or REMOVE everything found.
Reboot.
Then run a NEW full system scan with HiJackThis.
Place checkmarks next to the following entries if they still remain;
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O4 - Startup: PowerReg Scheduler V3.exe

Once you have placed the checkmarks then click the Fix Checked button. Exit HJT and reboot.
You also need to do a search for that PowerReg program, it is most definitely malware. It would most likely be located in
UserProfile (this would be you so substitute your name)\Start Menu\Programs\Startup
If you find it, delete it.
Run a new HJT scan after doing all the above, INCLUDING the fixes with the ESET scanner and post those logs here.

Another thought, does the computer have the ability to restore back to a date prior to say Sep 1st before I updated to IE7

I would say, don't try this. System Restore has all ready been altered by the removal of items during that AVG removal so chances of going back farther are, at best limited. I just wouldn't risk it. You could end up with more trouble than you have now.
Now here is what I found about the WOWEXEC problem. It is related to your old version of Quickbooks. Took me awhile because I am not fluent in "computereeze" so had to find someplace that would give me the explanation in plain English.
The problem, I "think" really lies with that Quickbook program itself. It is for one of the original versions of Windows which came out prior to 1992, actually around 1985. These 1st versions of Windows ran actually "on top of" the older MS-DOS operating systems. This is probably why your tech had difficulty even installing this program on the new hard drive several months ago.
This wowexec.exe is the file which helps this probably 16 year old program run on the computers we have today. One of it's problems is when you turn off Quickbooks, wowexec.exe doesn't turn off as you found, it just sits there.
This wowexec is supposed to enable, if I read this correctly, 16-bit applications (which this Quickbook version probably is) run on 32-bit machines, which is …

Hold off on the IE6 reinstall. I am doing some searching concerning this Wowexec.exe error and may have hit on something but want to do more reading. I will get back to you ASAP.
Judy

Very happy to help pete.
Judy

You said that Symantec comflicts...with what? If it is the Verizon Security Suite then I would get rid of the Verizon Security stuff since you prefer Symantec. They WILL conflict because running two security suites or two antivirus programs . two firewalls, of any brand or name will conflict. I would remove all the Verizon stuff, except what is needed for connections and reinstall Symantec, add a firewall, there are many good ones for free out there, or Windows Does have a built in one way one, add Spywareblaster which is a must have protection program, FREE, doesn't run in the background and try all that.
Judy

C:\WINDOWS\SYSTEM32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

I haven't gone to step #9 -- I hate to be the anal-retentive engineer, but Malwarebytes' Anti-Malware tells me that my "computer needs to be restarted to complete the removal process" and asks if I would like to continue, but PhilliePhan's instructions don't address this. Should I restart before continuing with the ESET scan?

Thanks,
Pete

If you note the bolded words above...Delete on Reboot. That is just something PP forgot to include there. Yes, you MUST reboot for these to be removed. The program cannot remove these until the computer reboots, so they are still on the system until reboot.
They are probably running and cannot be removed if running. MBA-M will delete them BEFORE they begin to run when the computer is rebooted. THEN once the computer is fully booted follow his instructions for ESET Scanner.
Judy

Hi Terri,
Well, your list of updates DOES give me somewhat of a clue, or even a couple and since you listed all this I figure you must have the same feelings that I am having. I could be wrong, BUT I think all of this goes to the Install of XP SP3. Look at the date, September 5. The very same day your AVG flagged these files as trojans. Now I firmly believe these were very likely false positives. I have found on countless websites AVG and only AVG flagging these supposed trojans. I just don't think they were or are. I think AVG sees these suddenly new files and something in these makes it think that they are bad files.

I would really advise you to uninstall the XP SP3 and go back to XP SP2.
The instructions on how to do this can be found here;

http://support.microsoft.com/kb/950249

I would also guess that you should also uninstall all the automatic updates installed AFTER Sept. 5 also. Just go backwards on the list, beginning with the most recent and ending then with that SP3 install.

Be sure to reboot if told to do so each time AND be sure to reboot after the whole process is complete.

Now once you have done this of course your Auto Update will probably notifiy you of updates available. Don't do them yet though. Wait and see if you can get your Quickbook program …

Just wonder how this is allotted or determined. I have 324 posts, 12 solved threads and my numbers read like this;

Community Reputation Points: 15
Reputation-Altering Power: 1

But another member with just 27 posts, no solved threads has these numbers;

Community Reputation Points: 10
Reputation-Altering Power: 3

Can somebody explain the reason for my lower number in Reputation-Altering Power, AND exactly what this is?

I have to be perfectly honest here teatear, I really think some very key files were removed or damaged, either by the Trojans OR by the removal of these files.
Looking at all you removed, a large number of these were in your System Restore, another group were Internet Temp files and then the others seem to be related to the Windows Installer files. To have this much damage in so many programs, I don't know for sure they can be repaired.
Can I ask, when did you install XP SP3? Where did you get it? Did you download it from the Microsoft site or someplace else?

All of the event errors showing this;

Friday, September 05, 2008 Service Control Manager The Application Management service terminated with the following error: The specified module could not be found.

have to be related to the removal of the files when you got deleted the items from the computer after the discovery of the Trojans.

Many of the other errors are related to the Hanging of Internet Explorer and all seemed to happen prior to Sept. 5 when you removed the files. The other errors with Adobe Reader and others seem all to have occurred AFTER Sept. 5th.

It just really looks to me like many files were damaged or corrupted by either the removal of the Trojans, the Trojans themselves OR some incorrect files were removed.

The other thing I really wonder about is this;

I …

The error you mentioned is a file corruption of the core.dll file of the acrobat reader. so its is best to uninstall your old copy first then install a new one.

http://www.adobe.com/products/

Will do some checking on those errors but to research each one will take me awhile.
Judy

Then download this one.

Hi, welcome to daniweb.
You cannot just "delete" a rootkit or even most viruses or trojans, you must use specialized tools in order to do so.
Begin this by going HERE
Follow all the steps given. Pay close attention to the instructions and follow each to the letter. If you are told to have the tool REMOVE what it finds, please do so. Run each program noted WITH THE EXCEPTION OF DSS (Deckard System Scanner) which is NOT AVAILABLE at this time. Run instead HiJackThis on a Full System Scan, saving the log, as you should also do with all the other programs you are instructed to do.
Post back here with ALL of those logs and we will go from there.
Judy

File Name:
File Size
Redist.txt This is the Redistributables text saying how in can be redistributed.

windows installer 3.1 EULA.doc This is the End User License Agreement

WindowsInstaller-KB893803-v2-x86.exe This is the actual Windows Installer.

About the Windows Installer 3.1, I have Windows XP Service Pack 3 (would it be there?) but I don't see Windows Insaller 3.1 in the Add or Remove Programs area. Should I download still?

I would say yes, install it.

I have all of the files listed that were deleted though. I did a print screen and posted them in a Word File and printed them also if you want me to type them out for you to see or if there is a way to attach a word file to you, I could do that.

You should be able to attach a Word file here.

You know in reading through all of this again, couple things I missed...you say these removed items ended up in your Recycle Bin...Why? Normally if my antivirus program removes something it is sent to the Quarantine OR just plain deleted, not to the Recycle Bin but deleted.
The other thing you say, these were supposedly viruses or trojans but what showed in the Recycle Bin were two Windows Installer Packages and the file sizes were just about right for the Windows Installer 3.1
I am wondering, were these uninstalled by mistake?
Look in Add/Remove and see if it is listed there, should be there but I also don't see it on your Uninstall list either.
You do need this to install many programs, maybe that is why you can't get the Quickbooks to install
Go HERE and download and see if that helps. Meanwhile I will take a look at your log.

Am looking at your HJT now but one thing you do need to do is run Malwarebytes' Anti-Malware again and this time have it fix everything found.
Then run a new HJT log and post that one along with the new Malwarebytes' log
Judy

Honestly, I am thinking (which may be dangerous in itself) that this Authenium could actually be part of the Verizon Security Suite. I just haven't yet been able to find who provides their Security Suite. Let me do some more looking around and maybe I can finally find out. I will let you know as soon as I do.
Judy

Sorry, didn't read it correctly, thought it was Quicken. You know that Quickbook program is way out of date, may be the reason it was so hard to reinstall. That may be your only option though.
Hopefully somebody smarter than I will come along and read this and offer a solution. Sorry I couldn't be of more help.
Judy

Did you delete these all the way out or are they still in the Recycle Bin?
I am a bit concerned because when checking on the few you noted these could have been false postitives, meaning they were not a trojan or virus at all. This is why it is recommended that you keep items removed in Quarantine for awhile to be certain they actually were not false positives and files key to running of specific programs. If a file is moved to Quarantine then it is not active anymore but available for restoration in case it really was a valuable file.

You may need to fully uninstall the Quicken program and reinstall it. If you have stored files I would back them up to an outside source to be sure you don't lose the information contained in them...a CDR or Flash drive would be good if possible.

To assure a clean install of Quicken you should be certain that you totally uninstall it and all remaining files of the corrupt version. This way when you reinstall you will have totally, fresh and clean program files there.

Quicken has a removal tool for this which can be found here, with instructions for it's use.

https://quicken.custhelp.com/cgi-bin/quicken.cfg/php/enduser/std_adp.php?p_faqid=4108

Judy

Hi chess77, Looks pretty good really. Do you feel that all the issues have been resolved?
One thing I wonder about...you say you uninstalled the Norton program and now are running the Verizon Security Suite which of course includes and antivirus and firewall program, but also showing on the computer as running is THIS entry;
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

Is this a portion of the Verizon program or perhaps a remaining piece of an old antivirus program? It also shows in your first log when you still had the Norton/Symantec program installed. I know this is NOT part of Norton but part of another antivirus program.
Can you please check and see if this is somehow connected to that Verizon Security Suite? I cannot find anywhere that it IS connected but being a Verizon customer maybe you can.
If it is NOT connected to that Verizon program then it will need to be removed and we will have to do that as more than one antivirus program running on a computer can really cause some problems.
Judy

Looks good. Is everything running ok?

See if you can do the following;
download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

If you cannot do that in normal mode then see if you can do it with Safe Mode with Networking. If that is not possible then if you have another computer you can use try the download on it, but it to a disk or flash drive and bring it back to the infected computer and install and run it.
If you are able to run it then post back here with the log.
Judy

Don't you believe it. In only a small minority is it the case where things have gotten bad enough that one needs to reformat.
There are tools around that can completely remove this infection.

I totally agree crunchie. In fact my feeling is much of the time a reformat becomes necessary it isn't the malware or infection that finally makes it necessary but too much "playing around" with either the wrong tools or some "off the wall" registry "fixer" program.
This appears to be a variant of VideoAccessCodec adware.
SDFix is certainly worth a try here.
SDFix Instructions from Bleeping Computer:

1. Please print these instructions as they will be needed later when Internet access is not available.

2. Logon to your computer with an account that has Administrator privileges.

3. Download SDFix.exe and save it to your desktop.
Confirm that the file SDFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps.
4. Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.

5. A window will open asking where you would like to install SDFix to. Do not change anything and press the Install button. This will install the program into the default location of C:\SDFix. At this point, you should not run SDFix, but …

I did use the scanner and I did not reset which I have done now and restored. Only to remove alfacleaner now Could I get instructions please

The log you posted was from the Panda scan. I need to see the ESET Log in order to know what was removed.
I also need to see a new HiJackThis log so we can repair anything still showing in there ok?
Judy

Thought you said you were using ESET Scanner this time, it IS FREE and WILL remove what it finds.
Why didn't you run ATF-Cleaner as instructed in post #6 or Reset System Restore as instructed in post #8? If you had followed both of those instructions then nothing would have been found with the exception of alfacleaner and we could have taken care of that also for FREE. Only thing found were tracking cookies and items in System Restore and that one application alfacleaner which is malware.

Do you use any type of license management software?
Did you install an Evaluation version of a program by SPSS?
Some files removed by combofix and some showing in your combofix log are noted in some places as being malware and in others as being related to valid software related to a license manager. Sometime they are related to the LinuX OS but you are not running Linux. All of the files I am questioning were installed Sept. 10 at around 10:13 p.m. to 10:35 p.m., including this SPSS Evaluation program.
Do you know what these are or what that particular program is?

Ok, will wait for that log. Be absolutely certain you tell it to clean what it finds.

can reg cleaner help

Leave registry cleaners out of this. If you cannot boot to the operating system then a registry cleaner isn't going to work. Registry cleaners can be dangerous anyway so they are best avoided unless advised to use.

First of all looks like from your log that Malwarebytes' Anti-Malware program needs the computer to reboot as indicated from this entry here;
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
In order to remove some infections sometimes the program must have the computer reboot so that the infections can be removed early in the boot process before other programs have started up.
Reboot the computer.
Then post that log from the Malwarebytes' program. You can find it if you open the program and click on the Log Tab.
Copy/Paste or attach that log back here. I need to see what has been found and removed before I can give other steps.
Judy

Hi Judy

When I done the Pandascan I was unable to fix the threats that was found as I had to pay to get that version to fix

Peter

So you are saying that you DIDN'T remove the viruses showing? You would NOT have had to pay, as stated in my post

Next I want you to run the Panda Online Active Scan.
Now this is a FREE scan, however be sure to REGISTER. You aren't buying anything but in order to have Panda remove what it finds you do need to register.
Scan with the Panda scan, if it finds anything please have it remove everything it finds.

If you don't want to go back to that site then do the ESET Online scanner. It is FREE and it does remove.

I have to leave for awhile but will get back here ASAP. One thing, do you have Linux installed on the computer?