A quick check of logs (hopefully that's it)

I'm sorry to bother you again. I have no 'known' malware problems right now. this morning I got the red shield with the x and a balloon telling me my CA anti-virus was not up to date, click the balloon to update. I didn't click it. that was true, my CA antivirus said it needed attention. but that red shield is more of a red flag. I don't have any other pop ups right now (or before running R&R first). my desktop hasn't been hijacked or anything but I want to be sure that doesn't happen. the other curious thing is, after running R&R first, I had a new program installed, Norton Security Scan. I'm not sure where that came from? Hopefully all is well, everything ran smoothly from what I could tell and in normal mode. things 'seem' ok but that stupid red shield w/ the x is still there. please advise.

THANKS.

 

and the last log.

As always, thanks!

 

This comes with some software. It might have been when you installed the new Java. If you don't look closely when installing some software you will agree to try/use whatever it is that's included.

You can uninstall it in Add or Remove Programs by uninstalling:

• Norton Security Scan (Symantec Corporation)
• Norton Security Scan

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

Driver::
kupmbvjl

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze



ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log



Next post plaese attach:

• ComboFix log
• ESET scan log

 

Thanks EF!!

Norton uninstalled.

ComboFix fix complete after a couple tries, had to disable my AV and firewall.

ESET scan complete, one threat found.

Both logs are attached.

Thanks again, your help (and everyone's here) is greatly appreciated.

 

Looks good. Is the computer running OK now?

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Things are running great.

Once again, thank you very much.

 

Your welcome.

Safe surfing...