Trojan Horse dropper.generic?

Hello! I have followed the the steps for Malware removal but AVG is still detecting this trojan horse dropper.generic_c.MMI and indicating that it's in a critical system file and cannot be removed.

Logs are attached below.

Thanks for the help!

 

Hello Lindsey608

http://img194.imageshack.us/img194/4930/combofix.gif Please download and run ComboFix and attach its log.
Read these instructions on how to use it: How to use ComboFix
Do not uninstall ComboFix yet as we may need it to fix remaining malware issues.

__

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

Here are the logs..

 

http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 30

http://img194.imageshack.us/img194/4930/combofix.gif Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]FireFox::[/COLOR]
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\2homnpxh.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
[COLOR="DarkRed"]File::[/COLOR]
C:\programdata\Microsoft\Windows\DRM\2254.tmp.virus
C:\programdata\Microsoft\Windows\DRM\65.tmp
C:\programdata\Microsoft\Windows\DRM\DC90.tmp.dat.virus
C:\Users\All Users\Microsoft\Windows\DRM\2254.tmp.virus
C:\Users\All Users\Microsoft\Windows\DRM\65.tmp
C:\Users\All Users\Microsoft\Windows\DRM\DC90.tmp.dat.virus
C:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
C:\Users\All Users\Microsoft\Windows\DRM\install_flashplayer.exe
[COLOR="DarkRed"]FileLook::[/COLOR]
c:\windows\system32\drivers\pmxdrv.sys
[COLOR="DarkRed"]Folder::[/COLOR]
c:\windows\Installer\{b1d43785-107b-681c-6c82-728d71601cf7}
C:\Users\Justin\AppData\Local\{b1d43785-107b-681c-6c82-728d71601cf7}
c:\windows\SysWow64\%APPDATA%
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.exe on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
http://softvisia.com/users/Night_Raven/Security/cfsdnd2.gif
This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

__

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run

__

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

__

Let me know what problems remain after you have completed these steps.

 

I updated yesterday to java 7 update 5, (after removing the previous versions) is it okay to leave that before following the steps you outlined below?

 

Yes that is fine. Go ahead and proceed.

 

Done!

Scanning with AVG now, will let you know.

 

AVG and Malwarebyes are both coming up clean. I've followed the directions in your how to avoid malware thread, so hopefully this will be the end of it!

Thank you very much for your time and expertise!

 

You're welcome.

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe