Persistent spyware

Assuming this is only occurring with IE>...then you need to look in the tools and check your add-ons and toolbars.

 

Just open IE and remove the addons and toolbars. Then :

Using BitDefender Online Scan.

 

You need to use the correct versions of software. Both SAS and MBAM are way out of date!!! Uninstall them and then download and install what we asked you to install in the READ & RUN ME and also update them from within the programs after installing. Then run new scans and attach the new logs.

 

Please re-run Combo and then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

 

I am not seeing any malware in your system. If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. If you are running Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!

 

Yes, your log from 7-15 showed it as being removed. Let me ask you this, did you disable your corporate AV program when running the scans?
Was your AV protection turned off/disabled when you tried to download ComboFix--> apparently not.

That single instance of the registry key is the ONLY instance that is being reported. So, have you looked in the registry to see if it actually exists?

When you made your reply on 7-21....you did not say that you still had the problem. Perhaps you expected that I would somehow know that it still existed?

I doubt this will help, but you need to use windows explorer to find and delete:
This file --> c:\programdata\19962664\19962664.exe
This folder --> c:\programdata\19962664

If you are unhappy, you are free to have some other site assist you with your issue.