DHL got me

You mention that you ran combofix a number of times. You really shouldn't be running such a powerful tool on your own and without instructions. I would like to see the logs created from when you ran it please (if you still have them)

I am not seeing any signs of malware in your logs now, but I can see from your newfiles.log that combofix (the time(s) you ran it, did remove some files. If you do still have the logs that would be great if I could see them. Although I do believe I shall be giving you final steps and sending you to software to deal with any remaining issues.

Tidy your desktop up a little, it's a perfect place for malware to hide and can cause performance degradation depending on the amount of files you save here and how large they are.

 

Where is it finding these threats? Could you give me the exact file path? Without knowing I cannot verify whether this is indeed fact or just a false positive from the software.

We specifically ask that during the cleaning procedures you refrain from making any changes to your machine which includes the installation of new software. This makes my job more difficult.

Not very useful then. nircmd is a valid tool from NirSoft

( see http://www.nirsoft.net/utils/nircmd.html )

It was put on your PC by ComboFix and can be present from other utilities such as the smitfraud removal tool. Spyware Doctor will not fix anything anyway unless you pay for it, so basically the trial software is junk.

Then you may have to discuss this in the software forum.

Let's just do this:

Please disable your antivirus program while running this scan to avoid running into issues with your existing program conflicting with the online scan.

Notes:

• You must use Internet Explorer to run this scan.
• If you are using Vista, right click IE and "Run as Administrator" or the online scanner will not work properly.

Click on this ESET Online Scannner to begin the process.

• Check the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to be installed.
• Click Start
• Check below options:
  • Remove found threats
  • Scan unwanted applications.
• Click Scan
• Wait for the scan to finish
• When it finishes it will create a log file here: C:\Program Files\EsetOnlineScanner\log.txt
• Attach this logfile to your next message.
  • (See: HOW TO: Attach Items To Your Post )

Attach the log it created and also answer my questions about what MSE is finding.

Thanks
Kes13!

 

It's just detecting what's been quarantined by combofix, it's not a threat(s) that's active on your computer, and it will stop detecting it each time you scan with it after we are done with our final steps.

It's just detecting what's been quarantined by combofix, it's not a threat(s) that's active on your computer, and it will stop detecting it when you scan with it after we are done with our final steps, which I think I will be giving you very soon, as I am not seeing any malware in your logs.

I am just researching something that needs to be looked at a little closer before I respond to you again. Thanks for your patience.

 

Is the below something you set yourself?

 

Your logs are clean

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Thankyou very much! :-D Happy Holidays to you too