Killbox is a cool little tool! Zapped that partition file right outta there (for good, I hope).

Here is the Combofix log.

Thanks for your help

Attached Files

combofixlog.txt (22.9 KB, 1 views)

Ok, so now how is it running?

Actually before answering that, do this:
Un-install SuperAntiSpyware (if still installed)

Clear & Reset System Restore's Cache

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Run CCleaner

Restart
Then tell me

Uninstalled Super Anti Spyware

Cleared and reset system restore cache

Ran CC Cleaner

Restarted computer, ran Norton scan and it found two infected files: Help.exe and stm.exe.

Help.exe no longer loads as a process with restart, which is progress.

I've attached the scan log.

Thanks

Attached Files

symantec log.txt (129 Bytes, 1 views)

That's strange, didn't we already remove that
Please supply a new HJT log (after restart, just in case)

Yes, we removed both those files (the stm.exe file was removed multiple times). Here is the latest Hijack file after a fresh restart.

Attached Files

hijackthislog.txt (7.3 KB, 1 views)

OOOhh ! I haven't actually checked your HJT log (that's why all seems strange)

Here's what you need to do (but I might not continue - info later on, why)

Un-install Trend
Uninstall Norton
Uninstall Bittorent
Run the Norton Removal tool

Re-open HJT and fix all the following (tick then fix all)

Finally restart

Then

Install Avira free AntiVirus
Run a full scan
Actually if you just install and update Malwarebytes and run that (with Avira installed) that'll be fine

Attach the logs.

Note: I usually never support users with FileSharing programs installed, basically there's no use (in my mind) These programs are the most likely cause of Malware infection, and here's the punch line - re-infection ie I don't help users with this installed.
Your choice to uninstall Bittorent

Yes, this was self-inflicted and I learned my lesson - bittorrent goes. Do I have to uninstall Trend to get this cleared up? Digging up my disc to reinstall it and then finding the email where I got a free upgrade to their 2009 security suite will be problematic.

Well no.

But I find Trend to be overly slow (back in 2005 and 2006 it was ok - but not now)
So I tried Trend (actually I tried them all )
And found Avira (free) Antivirus to be the best
It's user preference

Therefore some of the above will not be correct !!

I'll probably wind up deferring to your expertise, but Trend was awesome in blocking the infection from sending my browser off to the dark nasty corners of the world wide web. As far as preventing the infection in the first place, I clicked on an .exe file and I knew better. No program protects against that kind of stupidity. In any event, I will follow the latest instructions (mostly) and repost. - Thanks

If you keep Trend installed, some of the above (HJT entries asked to be removed) will be incorrect

I don't have Norton installed so I skipped that step (I've been using the online scanner), but I downloaded and ran the remove Norton tool.

I left Trend installed.

I uninstalled Bittorrent

I fixed everything listed in Hijack except anything notated as Trend.

I downloaded Avira, installed, closed Trend, and ran Malwarebytes. I did the quick scan because previously when I ran it both ways, it picked up the same infections. I am doing a full scan with Avira as I write this.

Malwarebytes found those same two pesky files it keeps finding. I've attached the log.

Norton is the only scanner that's been picking up the Help.exe file - I suspect it's still there too.

What's the next step?

Thanks again for your help on this.

Attached Files

mbam-log-2009-01-07 (09-49-09).txt (961 Bytes, 1 views)

Well it would have been ideal if you had updated Malwarebytes first
The entire program is now at a new revision (just using the update button in Malwarebytes will automatically download the new version, and then update the defs)

By the way, once Avira finishes scanning, please remove it
There's no telling what corruption you may get with having more than 1 antivirus installed at the same time (ie what happens when Avira scans Trends quarantine folder who knows!)
So once Avira is done, please un-install it fully

oops. Okay, after the Avira scan (it found two new infections) I uninstalled, restarted, then updated Malwarebytes and rescanned. Both logs are attached. Malwarebytes finally says everything is o-tay.

Attached Files

	AVSCAN-20090107-082955-D58A9F28.LOG (15.6 KB, 1 views)
	mbam-log-2009-01-07 (11-18-18).txt (832 Bytes, 1 views)

Well done

Clear & Reset System Restore's Cache

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Re-run CCleaner
Restart
Then let me know how it's presently running (Couldn't be worse! ; ok ; Fantastic )

Fantastic