Malware Problem

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.
cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

 

Yes, try to run Combofix again. Also, go to C:\MGTools\analyse.exe and run it. This is really HJT, so attach the log. Then go to C:\MGTools\fixATTR.bat and run it.

Then tell me what issues are still happening. You really should not have allowed the "Children's" account to be an Admin, account.

 

Both desktop.ini and thumbs.db are showing because we have hidden files showing. It's normal.

I want you to try running a new tool on this account. Go HERE and download the file RogueKiller to your desktop.
* Close all the running processes
* Under Vista/Seven, right click -> Run as Administrator
* Otherwise just double-click on RogueKiller.exe
* When prompted, type 1 (SCAN) and then Enter
* A report should open, attach the log to your next reply. (RKreport could also be found next to the executable)
* If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
* Attach the log.

You need to uninstall one of these:
Norton
MSE

 

Please run this:
TDSSkiller - How to run

Then go to C:\MGTools\fixAttr.bat and run it.

Then go to C:\MGTools\FixFA.bat and run it.

Is the main Administrator account also affected? No desktop or access to the start menu?

 

Please click Start, All Program, Accessories and you will see ( among other things ) a Command Prompt entry.

• Right click the Command Prompt entry and select Run As Administrator.
  • It is critical that you run it this way.
• If you do this properly, a command prompt window will open with a title of Administrator Command Prompt.
• Enter the below commands ( in bold black ) at the command prompt each followed by the enter key. Try each command!!!! The bold black are commands. The purple/brown is merely informational.

cd \ <-- this changes to the root folder and the prompt should change to C:\>
attrib -h -s * /S /D <-- this will try to remove the hidden and system attributes on all files and folder. Note there are spaces before -h, before -s, before * and before each /
attrib -h -s *.* /S /D <-- a redundant command match possibly other file names and folders due to using *.*

Let me know if this helps.

Please download and save the below to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

http://download.bleepingcomputer.com/grinler/unhide.exe


Now run it. Did that help?

 

Try doing this:

click start, run, type cmd press enter. Now enter this command

attrib -s -h -r c:/*.* /s /d

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :folderfind
  smtmp*
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt