Ok, im new… Got the same problem. Saw many threads similar before and nothing has taken it away.

Got all the programs suggested and need help. Thanks in advance

Follow essexboy’s suggestions here:
http://forum.avast.com/index.php?topic=32685.msg273268#msg273268

If you have HJt and combofix, run combofix, then HJT. Post the logs. You can attach them using the additional options button on the reply page.

Here are the logs.

I think the Combofix got rid of the trojan ;D

Not quite I am afraid

1. Please open Notepad
   [*] Click Start , then Run[*]Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
   [*]Combofix.txt [*]A new HijackThis log.

Ok done it.

Here are the new logs.

One question whilst I am looking did you reinstall windows at some stage and call it windows2

Yes i got a second windows. This is the one im using at the moment. I think i had a problem with the first one.

OK you appear to have gained a wareout infection since I last looked - neat so I will kill that as well

1. Please open Notepad
   [*] Click Start , then Run[*]Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
   [*]Combofix.txt [*]A new HijackThis log.

THEN

Please download FixWareout from here:
http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure “Run fixit” is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don’t let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log

Ok the new ones…

Hi chains4her did you run fixwareout ?

I was doing that (Fixwareout). Here are the report and the other log.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.54 85.255.112.232

[/b]Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

That should fix it now - how are things running ?

Done, things are working good.

Thanks.

Im having a problem now. When the computer is working i get sometimes that my memory is running low or something. Dont know what is that maybe something changed after all the things i did to get rid of the trojan. Any advices? by the way here is the error (Text log) i got on the log when windows shows after recover.