Okay, I will read you the riot act first: it is very important that you only run the programs I tell you to and it is equally important that they be run in the order I have set up.
You ran Combofix the day before Mbam and HJT> bad.
You used Avira for the AV scan and most of what it found was items quarentines by Spybot and Syantec- Norton. I don't see any entries for Avira in the HJT log and see a homepage set up for Symantec. So what is the AV status?
Housekeeping:
1. Go to
Spybot. Delete what it has found.
2. Find the
Norton folder and delete all the quarantined items.
IF you are now using
Avira and it isd properly installed, remove Symantec:
Download then run the
Norton Removal Tool.
3. The reason the malware wasn't removed in
Malwarebytes (No action taken). is because you didn't check the line that says "remove"!
- Make sure that everything is checked, and click Remove Selected.
So go back, update MBAM, chec the entry and rescan. Include new log.
4. Update and rescan with
Avira. Include new log with next reply.
5.Please identify this for me:
c:\program files\rukro.txt>> it appears to be related to WoW but I don't know why it's text.
6.
Adobe Photoshop CS2\KeyGen.exe: this indicates that the program was pirated. To continue, it needs to be removed.
7.
c:\program files\Cloakfish and c:\program files\My-Proxy
I need information about how you are using both of these programs.
8.
P2P or 'file sharing: P2P Warning:
I notice that you are using P2P programs:
uTorrent and FrostWire
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall uTorrent and Frostwire for the following reasons:
- As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
- Malware writers use these program to include malicious content.
- Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
- The'sharing' also includes malware that the shared system has on it.
- Files that are illegal can be spread through file sharing.
Please read the information on
P2P Warning to help you better understand these dangers.
If you choose not to remove these programs, please do not use them while we are cleaning. Their use could lead to loss of support.
Rescan with HJT when all of the above has been handled. Include logs for Mbam, Avira and HJT. You should be able to paste the hJT log now. Attach the other 2.