Running vista service pack 1 on an HP pavilion m7750n with no hardware or software changes. Have run Malware-bytes and smitfraudfix as well as several other attempts to kill this thing, getting all sorts of rouge spyware and system tool popups.

Here are my latest MWG and HJt logs taken 10 min ago.

running Kaspersky Online Scanner right now will post log when compleate

Attached Files

	Mbam-log.txt (800 Bytes, 1 views)
	HJT-log.txt (6.8 KB, 2 views)

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• Type "1" (and Enter) to start the fix.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

here is the log when it finished i got this alert from my trendmicro software

System Change

Risk Level: Low

Description:
Windows Service programs can run even when you have not logged in, often with administrative access to your computer. Spyware can use Windows Services to hijack your computer for illegal purposes.

Details:
Display Name: PROCEXP90
Program: C:\Windows\system32\Drivers\PROCEXP90.SYS

Recommendation:
Although suspicious, this new software or change may serve a legitimate purpose. Please investigate further before taking steps to correct this possible problem.

Attached Files

combofix-log.txt (21.1 KB, 2 views)

Download\install 'SuperAntiSpyware Home Edition Free Version' from HERE

• Launch SuperAntiSpyware and click on 'Check for updates'.
• Once the updates have been installed,exit SuperAntiSpyware.

Scan with SuperAntiSpyware

• Start SuperAntiSpyware.
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.
  
  It's possible that the program will ask you to reboot in order to delete some files.
  
  Obtain the SuperAntiSpyware log as follows:
  Click on 'Preferences'.
  Click on the 'Statistics/Logs' tab.
  Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
  It will then open in your default text editor,such as Notepad.
  Attach the notepad file here on your next reply

CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

here is the data you requested

Attached Files

	combofix-log.txt (24.8 KB, 1 views)
	HJT-log.txt (6.8 KB, 1 views)
	SUPERAntiSpyware Scan Log - 04-04-2008 - 19-37-04.log (6.0 KB, 2 views)

Getting better from the looks of the logs, how is your computer doing? Any symptoms?

CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

here are the new logs. no symtoms since previous cleaning.

Attached Files

	combofix-log.txt (23.6 KB, 1 views)
	HJT-log.txt (6.9 KB, 1 views)

Ok, thanks for your patience, your logs are looking good.

Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply