malware removal assistance needed

Hello, indigolite

Please attach the log from running Malwarebytes' Anti-Malware.

 

I think I've stared at the monitor too long, today - indigolite.... it's the SUPERAntiSpyware log that I need you to attach.

Thanks!

 

Sorry for the delay.

Other than what has already been removed by the cleaning procedure, your logs are clean.

This is not malware. Anytime you open up a Word Document, Word will create this type of temp file. It replaces the first letter of the filename with the ~$ and the rest of the filename is kept the same. When the Word Document is properly closed, the temp file will go away.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Why did you disable connections? And are your referring to your network connection and how many did you have?

This does not sound like malware. It sounds more like hardware issues. However even in a few days, we have seen people get a PC very badly infected. If your PC has not been connected to anything, then it is not a malware problem and since it has been a few days after the cleaning procedure before this occurred, it is also not an effect of the cleaning.

Also sounds like you have hardware issues.

You can attach a new log from MGtools if you wish and I will look at it to see if anything new shows up.

 

According to your log you did not allow Malwarebytes to fix the problem. If you don't fix it, it will keep finding it. It is just registry settings that have been changed. They could effect your ability to load screen saver files and also the Windows Registry Editor.

Your logs are still clean.

 

I have looked at them even though the view counter shows 0. I just looked at them again to double check and there are no problems in the logs. In fact runkeys.txt shows the registry keys that Malwarebytes is mentioning to be set to the correct values. Now it could just be that you ran MGtools after MBAM had already fixed them. You could try rebooting and not running MBAM and then getting another new MGtools log to see if it shows the registry keys being changed to the incorrect value after a reboot.

You can look at the runkeys.txt log inside of the C:\MGtools folder for yourself and you will see the last log showed the below for those two registry keys and these are the correct values. If they are being changed back to the wrong values, it is probably due to Symantec not allow the keys to be set to the proper values.