Am I safe?

"It" may be deleted ( as in long gone ) , but that does not mean you are necessarily clean.

We can only determine that if you run the READ & RUN ME FIRST. Malware Removal Guide and attach the requested logs.

 

Did you get an error message when you ran MGTools? Your Newfiles log is empty.

Let's just do this for now:

Open notepad and copy and paste the following text in the quote box into the window:

Save this as fix.bat
Choose to save as all files.
Doubleclick fix.bat and let the program run.
A small black dos window will flash, this is normal.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file and be sure to tell me if you get any error messages.

 

You need to tell me what the pop up dos window said......your log is only showing one file....You do not need to do the recovery console part of COmboFIx instructions..you just need to run it.

 

You have multiple av software:
C:\Program Files\Trend Micro ---> this appears to have been uninstalled at some point
C:\Program Files\Panda Security --> this is still installed
C:\Program Files\AVG ---> this appears to be your main av program

Please remove all but one ( I assume you wish to keep AVG).

The services patch did not work.....when you ran it, did you get an error with doing that?

We will try doing it with HJT.....

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

* Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
* On the page that opens, scroll down to EDPPPH
* then right click the entry, select Properties and press Stop Service.
* When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
Do this for all of these:
SGIM
UGWIMG
YDLTEJUX
* Click OK until you get back to Windows.

* Next, run C:\MGtools\analyse.exe, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
* At the lower right, click on the Config button
* Then click the Misc tools button
* Select Delete an NT Service
* Copy/paste:
EDPPPH
SGIM
UGWIMG
YDLTEJUX
into the box that opens, and press OK
* If you receive any error messages just ignore them and continue.
* Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Now re-Run C:\MGtools\analyse.exe and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O23 - Service: EDPPPH - Unknown owner - C:\Users\Noreen\AppData\Local\Temp\EDPPPH.exe (file missing)
O23 - Service: SGIM - Unknown owner - C:\Users\Noreen\AppData\Local\Temp\SGIM.exe (file missing)
O23 - Service: UGWIMG - Unknown owner - C:\Users\Noreen\AppData\Local\Temp\UGWIMG.exe (file missing)
O23 - Service: YDLTEJUX - Unknown owner - C:\Users\Noreen\AppData\Local\Temp\YDLTEJUX.exe (file missing)

After clicking Fix, exit HJT.

Now reboot in normal mode

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.

 

Please do it again and make sure you have ALL anti-virus and spyware programs disabled.