No luck with removal of malware

I've done all the steps requested in the read me, but I still keep getting popups galore, and when I try to navigate to a certain site, the web browser instantly closes.
The only scan I couldn't do was Panda. For some reason I was not able to resize the window, and was not able to get to most of the buttons needed.
My results are attached.

Wendy

 

and the others.

 

Hi Wglesen!

Welcome to Major Geeks!

I'm looking at your logs and will get back to you with an initial set of instructions forthwith!
abri

 

Hi Wglesen!

1) Please run the following scan: ComboFix.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply and

Note:Do not mouseclick combofix's window while it is running. That may cause it to stall.
[/color]


1a) Try running Panda in Normal mode and see if that allows you to get to the buttons you need. If that works, please post that log back to me.


Let me know if this helps or does not help in terms of your pop-ups. If it does not help, please let me know and I will post a different set of instructions before you continue with the below.




2) Next, please look in Add/Remove Programs for the following and uninstall them if found. If you get any errors just make a note and proceed.

3) Now, please REBOOT your computer!


4) After you've rebooted, please install Java Runtime Environment vs. 6.2



5) Once you've finished the above, please go back and reinstall HijackThis according to the instructions in Step 7 of the READ & RUN ME FIRST
It's important that it be installed as per our request, because it will not pick up things properly which have learned to avoid detection.


I need the new log from HijackThis after you reinstall it. Also, I need new logs for ShowNew and GetRunKeys, because Combofix will change some things. Please post the following logs:

- Combofix
- Newfiles.txt (from ShowNew)
- Runkeys.txt (from GetRunKeys)
- HijackThis.log


abri

 

I ran combofix, and that seemed to have helped the pop-ups. I also ran Pand in normal boot and have attached both logs. Also, after all these scans and restarts, my icons in the lower right corner are extremely small, and I cannot get them back to normal.
As requested, I have stopped after doing the first 2 things, and will wait for further instructions.

 

Hi wglesen!
Sorry, a misunderstanding. I only wanted you to wait with the other instructions if Combofix and Panda didn't help with the pop-ups. Please continue with the rest of the instructions and as soon as I can take a look at the fresh newfiles, runkeys and hijackthis logs, I'll be able to see where we are.
Thanks so much!
abri

 

Combofix is attached to previous post.
Here are the other three.

 

Hi wglesen!
Sorry to be a stickler for details. While I'm going through the other logs, please go into Windows Explorer following this path C:\Program Files\HijackThis\HijackThis.exe, right click on HijackThis.exe and click on rename and give it the new name of analyse.exe. Then please rerun it. The folder it's in is in the right place and the log file does not have to be changed. You just forgot to rename the .exe file. We do this, because there are a few malware problems which evade detection if hijackthis is not run using a different name.
Thanks!
abri

 

Here it is.
I renamed it the first time I used it, thought I could just use the same re-named file.

 

Hi wglesen,
Do you have the paid version or the trial version of Spyware Doctor?
abri

 

It is a trial version.

 

Should I delete it? It was just something I tried before coming to this site.

 

Hi wglesen!

Yes, please uninstall Spyware Doctor via add/remove programs! After that I would like for you to follow these instructions.

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.


3) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

4) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

5) After you have completed ALL of the above in the correct order, please attach the following logs.

• Avenger Log
• ShowNew Log
• GetRunKey Log
• HijackThis Log

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

abri

 

Hi wglesen!
I forgot to mention, that I asked about your icons getting small after using Combofix and this is not a known bug of Combofix. It may be due to some of the malware that Combofix removed. The only thing I know to do about this is to go back using a restore point to before Combofix and then rerunning everything without it. It would be difficult to remove everything as easily, but it would be possible. I'm not sure if this would help with the icons problem or not, but it might.
abri

 

Here they are:

 

And the last:

 

Hi wglesen!
The things we wanted to get rid of are gone. Did the problem with the icons in the lower right corner getting to be very small ever resolve itself?
abri

 

Yes, I was able to change the icons....it had happened during all those scans while in safe mode, not after combofix. But I fixed it through the graphical options somehow (I think). The icons are back to normal, and my laptop is running great. One of these days I need to do some kind of cleaning on my desktop, as it runs much slower than it should.
I appreciate all the help.
Now I can uninstall most of these programs/files I had to download?

 

Hi wglesen!
I'm glad about the icons! The thought of going through and trying to do the whole procedure over again without combofix was unnerving. We'd not had anything like that caused by Combofix, so I was glad to learn it might have been due to something else, possibly removing some item of the malware itself that caused the problem.

Please follow the set of instructions in the box below to finish cleaning your computer, to remove the old restore points and to put in a fresh one. After you uninstall the various programs and logs we used, please following the instructions for setting a fresh restore point. Also there's a link to "How to protect yourself from malware". It's a good read. Please follow the instructions in the box below before you do anything with your desktop or your startup menu. That will give you a known place to return to, in case anything you remove causes unexpected problems.

As for your desktop being full or other things slowing down your computer, you are using some pretty super-hefty equipment when you run McAfee for your firewall, Symantec for the tools and AVG for antivirus, plus I can't remember for sure, but I thought at some point I'd seen Windows Defender in there too. AVG is lightweight and good. The other two are good also, but not lightweight, and Norton's ghost saps a lot of energy. In addition you have quite a bit loading at start-up that might not be needed. Msconfig is a diagnostic tool only. You can use Start/Run/msconfig - then click on the start tab of msconfig and look at what is loading at startup. Msconfig allows you to shut off some of those items which are running at startup which you might not need. One of them is realplayer. If you don't feel confident with those decisions about what's needed or not, ask in the software forum, but if you do untick things using msconfig and find that your computer runs all right without them loading at startup, then tick them back on (yes, on!), reset your computer in msconfig to run in normal mode, and then take those items out of startup that you don't need using the start-up button under CCleaner / Tools / Startup. Also, use CCleaner often to keep your temporary files, cookies, etc. cleared out. I advise caution about using the issues button in CCleaner, with the motto, don't fix something that's working!

Please do these final cleaning instructions below before you do anything else:

Let me know how everything goes!
abri

 

Everything seems to be working great now! Thanks for all the help!!

 

Good to hear! Your welcome!
I wish you enjoyment with your computer.
abri