Please Help !!!!

Please uninstall these thru add/remove programs:
J2SE Runtime Environment 5.0 Update 10"
"DisplayName"="J2SE Runtime Environment 5.0 Update 11
VSAdd-in for Internet Explorer

Reboot and install:
Java Runtime 6

Continue by downloading a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.

Vundo http://forums.majorgeeks.com/showthread.php?t=74267
Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.


Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

* Delete on Reboot
* then Click on the All Files button.*(or on the folders option)*
* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\fsvecfdb.exe
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\rqronnl.dll
C:\WINDOWS\system32\rqrpqon.dll
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\porlnidn.ini

* Return to Killbox, go to the File menu, and choose Paste from Clipboard.
* Click the red-and-white Delete File button. Click the unregister dll's box .Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {6CE2DFB6-EC5A-49E6-85AB-D4580B7AB91A} - C:\WINDOWS\system32\mlljk.dll
02 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrpqon.dll G
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\whffulkq.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll G
O20 - Winlogon Notify: rqrpqon - C:\WINDOWS\SYSTEM32\rqrpqon.dll

After clicking Fix, exit HJT.

Now attach new logs for:

* GetRunKey - please download the current version first!
* ShowNew
* HJT

Be sure to tell us how things are running.

 

Please print these instructions out, or write them down, as you can't read them during the fix.

Download and Install RogueRemover Free http://www.majorgeeks.com/RogueRemover_d5360.html

Run RogueRemover and select Scan and the program will walk you through the remaining steps.

Remove:
VSAdd-in if found and any other that it finds.
Then:

Step 1:
Download SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Do NOT run any other option other than 1

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consultin...rocessutil.htm

Step 2:
Next, reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode
5) Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.

Reboot

Follow the directions for Virtumonde aka Trojan Vundo Removal procedure.

Post the Following Logs:
1. rapport.txt from SmitFraudFix
2. ShowNew
3. GetRunKey
4. HijackThis

 

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {3E780D1C-DB3C-478A-A361-21391D685C1B} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: (no name) - {7A0A9DB8-C834-4C24-9A8A-2463DCB829BD} - C:\WINDOWS\system32\vturp.dll
O2 - BHO: (no name) - {A2C4B724-F4A7-4131-9B3B-53BBB3D13483} - C:\WINDOWS\system32\mlljk.dll (file missing)
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrpqon.dll
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O20 - Winlogon Notify: rqrpqon - C:\WINDOWS\SYSTEM32\rqrpqon.dll G
O20 - Winlogon Notify: vturp - C:\WINDOWS\system32\vturp.dll

After clicking Fix, exit HJT.


Run VundoFix

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying Vundofix will close and re-open in a minute or less. Click OK.
* When VundoFix re-opens, click Scan for Vundo button.
* Once the scan is complete, right-click inside the listbox (white box) and click Add more files
* Copy & paste the entries below into the top 2 boxes:
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\rqronnl.dll
C:\WINDOWS\system32\rqrpqon.dll
C:\WINDOWS\system32\porlnidn.ini
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\kjllm.tmp

* Click Add Files and click Close Window.
* Click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES.
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a fresh ShowNew, GetRun and HiJackThis log.

 

Do these two first ...we'll come back and do the rest again.
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\prutv.ini

 

Please attach those logs.

 

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

* Delete on Reboot
* then Click on the folders option.
* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\VSAdd-in

* Return to Killbox, go to the File menu, and choose Paste from Clipboard.
* Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning and a list of forums to seek help at.

At this point press enter one time.
Next you will see:

At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\rqronnl.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:

At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\rqrpqon.dll

Continue this with each of the remaining items:
C:\WINDOWS\system32\kjllm.tmp
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\porlnidn.ini
C:\WINDOWS\system32\vybeg.ini
Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
The fix will run then HijackThis will open.
In HijackThis, please place a check next to the following items and click FIX CHECKED:

O2 - BHO: (no name) - {100009FA-27B4-4F69-8883-4A3FCBB83AA8} - C:\WINDOWS\system32\gebyv.dll
O2 - BHO: (no name) - {4E2E7171-F46F-4C24-AF01-ED72F4CA6CB5} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrpqon.dll
O20 - Winlogon Notify: gebyv - C:\WINDOWS\system32\gebyv.dll G
O20 - Winlogon Notify: rqrpqon - C:\WINDOWS\SYSTEM32\rqrpqon.dll

After clicking Fix, exit HJT.

Reboot your computer and Copy a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
Also attach a new ShowNew log.

 

Here are the instructions for Add Files to Vundo.

 

Just run the .exe file again ..let's see if it picks up those items.
Then post the resulting log with a new
ShowNew
GetRun
HJT

 

Download Your Uninstaller! 2006 5.0.0.256, save to desktop and install.

Locate VsAdd-in and uninstall this way. Probably would be better to do this In Safe Mode.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

* Delete on Reboot
* then Click on the folders option.
* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\cvslacmq.dll
C:\WINDOWS\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\rqronnl.dll
C:\WINDOWS\system32\rqrpqon.dll
C:\WINDOWS\system32\pmnnm.dll

* Return to Killbox, go to the File menu, and choose Paste from Clipboard.
* Click the red-and-white Delete File button. Click the box to unregister the .dll's. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {1C661191-B16F-4D4F-86C0-B47C4D58D93D} - C:\WINDOWS\system32\gebyv.dll (file missing)
O2 - BHO: (no name) - {38725035-80DD-416A-B513-63921D037A65} - C:\WINDOWS\system32\pmnnm.dll
O2 - BHO: (no name) - {4E2E7171-F46F-4C24-AF01-ED72F4CA6CB5} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrpqon.dll
O2 - BHO: (no name) - {CEF831A6-0ECB-4BD5-AE9D-8984CEA4C9E8} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\cvslacmq.dll (file missing)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://atlantis9.bigfishgames.com/Reef/en_trijinx/online/trijinx/TriJinx.1.0.0.55.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/chainz2/mjolauncher.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://atlantis8.bigfishgames.com/Reef/en_feedingfrenzy/online/SproutLauncher.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://atlantis9.bigfishgames.com/Reef/en_thedavincicode/online/DVCDownloaderControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://atlantis7.bigfishgames.com/Reef/en_zuma/online/popcaploader_v10.cab
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll
O20 - Winlogon Notify: rqrpqon - C:\WINDOWS\SYSTEM32\rqrpqon.dll
After clicking Fix, exit HJT.

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

 

Yes, post those logs and also please post exactly what Norton is reporting ...

 

First let's remove an NT Service still trying to load from Norman Antivirus.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Norman API-hooking helper
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteNipSvc into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Continue by downloading another tool we will need

- Process Explorer

Extract it to its own folder somewhere that you will be able to locate it later.

Make sure you have rebooted in Normal Mode (do not open any other processes)

It is would also be a good idea to shutdown Norton Antivirus before doing the below to avoid having it get in the way of our removal steps.

Also make sure that one and only one Internet Explorer browser is opened up

- Run Process Explorer

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of pmnnm.dll once and then click the kill button. After you have killed all of the pmnnm.dll under winlogon click ok. (If you do not find the dll, just continue on.)

Now repeat the above step for the below DLLs (If you do not find the dll, just continue on):
rqrpqon.dll

Next double click on explorer.exe and again click once on each instance of pmnnm.dll and kill it. (If you do not find the dll, just continue on.)

Now repeat the above step for the below DLLs (If you do not find the dll, just continue on):
rqrpqon.dll

Next double click on iexplore.exe and again click once on each instance of pmnnm.dll and kill it. (If you do not find the dll, just continue on.)

Now repeat the above step for the below DLLs (If you do not find the dll, just continue on):
rqrpqon.dll

Now just exit Process Explorer.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1C661191-B16F-4D4F-86C0-B47C4D58D93D} - C:\WINDOWS\system32\gebyv.dll (file missing)
O2 - BHO: (no name) - {4E2E7171-F46F-4C24-AF01-ED72F4CA6CB5} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrpqon.dll
O2 - BHO: (no name) - {CEF831A6-0ECB-4BD5-AE9D-8984CEA4C9E8} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {DEFB143E-0F21-49ED-9E48-7DA6F5361349} - C:\WINDOWS\system32\pmnnm.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\cvslacmq.dll (file missing)
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll
O20 - Winlogon Notify: rqrpqon - C:\WINDOWS\SYSTEM32\rqrpqon.dll

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe

• select File, Cleanup, Delete All Backups
• Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
• Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\rqronnl.dll
C:\WINDOWS\system32\rqrpqon.dll
C:\WINDOWS\system32\kjllm.tmp
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\mhdmhqvk.ini
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\porlnidn.ini

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Now run Ccleaner!

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

OK, lets try this (hang in there):
Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now:
1. Download VirtumundoBegone and save it to your desktop.

2. Now reboot into Safe Mode.

1. This can be done tapping the F8 key as soon as you start your computer

2. You will be brought to a menu where you can choose to boot into safe mode.

3. Select safe mode with networking using your arrow keys on the keyboard and then press enter.

4. When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps,

3. Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.

4. Exit when it has finished, and reboot back to normal mode.

Attach a new:
RunKeys
HJT

 

You forgot the ShowNew log but thus far it looks like the procedure I gave you probably worked.

Or perhaps you did not even follow the procedure I gave you since I still see the Norman service.

You still need to attach a ShowNew log anyway.


I still see this too!
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\sftytneu.dll",setvm

 

Well some of it but not all of it may still be necessary. I would suggest you do it and then attach all three logs again. But add the below to the fix.

Also fix the below line in HijackThis:
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\sftytneu.dll",setvm

And add the below file to the Pocket Killbox list of items to delete:
C:\WINDOWS\system32\sftytneu.dll

 

You have to be careful and make sure you always follow all steps and in the order given. Otherwise you are at risk to become reinfected with the same or similar mutated (renamed) malware immediately since not all infected items were removed.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\sftytneu.dll",setvm

After clicking Fix, exit HJT.

Now run Pocket Killbox by doubleclicking on killbox.exe

• select File, Cleanup, Delete All Backups
• Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
• Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\rxgsswnj.dll
C:\WINDOWS\system32\uentytfs.ini
C:\WINDOWS\system32\sftytneu.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).
If Killbox does not reboot just reboot your PC yourself.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

That should go without saying. It is really common knowledge that this behavior and P2P downloading are major causes of infections. See step 10 of this too: How to Protect yourself from malware!

 

Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

After doing ALL of the above, let me know if you have anymore detections from Symantec.

 

You're welcome.

The only one I recommend keeping since you should use a program like it weekly is Ccleaner. All others can be uninstalled/deleted as required.


Surf safely!