Hello this is my first post so excuse me if I don't included everything needed for a proper assessment.

I was attacked by this Malware Protector Virus and I think I removed most of it by I still get that blue screen background when my computer reboots. Its got a yellow box in the middle that reads "Warning! Spyware Detected on you computer...etc."

I'm not sure if there are any other issues at work silently that I'm not aware of so I just wanted the experts to take a look. I read a followed this post "Read this before requesting malware removal help "

Here are my logs in this order

SuperAntispyware log
Malwarebytes' log
Hijackthis log


[recovering disk space -- attachment deleted by admin]You're running two antiviruses: Avast, and Norton. One has to go.
If you decide to uninstall Norton, use this: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
If you remove Norton, you have to turn Windows firewall on. LET me know.ok sorry i took so long to reply. I removed Norton by following your link, and turned on my windows firewall. I'm gonna NEED fresh HJT log.K here it is Thank you

[recovering disk space -- attachment deleted by admin]1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

- O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
- *O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
- *O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
- *O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
- *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
- *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
- O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
- *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
- O4 - HKCU\..\Policies\Explorer\Run: [aigxz] C:\WINDOWS\system32\aigxz.exe
- O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
- O4 - Startup: gameutil.exe.lnk = ?
- O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
- *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


4. Click on Fix checked button.

5. Restart computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)

6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

7. DELETE following files/folders (if present):

- aigxz.exe file from C:\WINDOWS\system32
- Symantec Shared folder from C:\Program Files\Common Files

8. Restart in Normal Mode.

9. Post new HijackThis log.






WOW holy crap, ok after I restarted the first time from safe to normal mode I got a very serious looking blue screen that talked about a physical memory dump taking place and that it was successful. There was a technical issue number that read something like this

***Stop: 0x00000050 {and etc}

and something about BIOS

I guess I should have written down what I saw for a better explaination but I got really nervous and turned off my computer for fear of something HORRIBLE.

But alas, it started up no problem this time and here is another HJT log.Invisible, I assume?...LOLinvisible haha i dont know this language!?!?Quote

here is another HJT log