Cleaning Malware

Welcome to MajorGeeks!

I'm looking over your logs and will reply with a fix.
dr.m

 

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\CraigSnedeker\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Run HitmanPro and fix everything under the headings of

• Malware remnants
• Potential Unwanted Programs

Ignore all other detections.
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.

Next, double-click RogueKiller.exe to run it. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button, then select the Registry tab and then select any of the below that exist and then click the Delete button.

• [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\X6va003 (C:\Users\CRAIGS~1\AppData\Local\Temp\0038778.tmp) -> FOUND
• [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\X6va003 (C:\Users\CRAIGS~1\AppData\Local\Temp\0038778.tmp) -> FOUND

When it is finished there will be a log on your desktop called RKreport[2].txt, attach it to your next reply.
Then immediately reboot your PC.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach the JRT.txt to your next message.

Please look in Add/Remove Programs (Programs and Features if using Vista or Windows 7) for the following and uninstall if found. If you get any errors just make a note and continue on.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now we need to use ComboFix.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Make sure you have shut down all protection software (antivirus, antispyware, firewall...etc) programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text inside of the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  If it asks you to overide the previous file with the same name, click YES.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up because you recieve the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

*Note:The fixes performed by the following tool can sometimes take quite awhile to run, so please be patient. Do NOT run anything else while the repairs are going on.
Now download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now open Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Go to Start Repairs tab.
• Then click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Register System Files
  • Repair WMI
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

Please download the latest Sun Java Runtime Environment

Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the below logs to your next reply:

• C:\MGlogs.zip
• updated HitmanPro_.log
• updated RKreport[2].txtlog

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

 

:-o My mistake in not catching the age of your old combofix.txt log and the removed cf.exe. Let's gather some more fresh information.

Please run new scans with both RogueKiller and Hitman Pro, attach those new logs to your next reply.

Please download OTL by Old Timer to your desktop.

• See the download links under this icon:
• Double-click OTL.exe to run (Vista and Win7 right click and select Run as administrator)
• When the window appears, underneath Output at the top-right, make sure Minimal Output is selected.
• Select Scan All Users.
• In the Processes box and the Services box choose All.
• Check the boxes beside LOP Check and Purity Check.
• Copy the text in the code box below and paste it into the text-field.
  
  Code:

  activex
  netsvcs
  drives
  

• Now click the button.
• When the scan is complete, Notepad will open with the results of the OTL scan.
• Close Notepad.
• There will be two log files on your desktop entitled OTL.txt and Extras.txt.
• Attach both OTL.txt and Extras.txt to your next message. (How to attach items to your post)

Please attach these new logs to your next reply:

• OTL.txt and Extras.txt
• updated HitmanPro_log.txt
• updated RKlog.txt
• missing JRT.txt requested from post#4

 

You didn't re-run HitmanPro as instructed in my post #6, therefore the file you zipped is the same original one... do this now and attach an updated log.

Did you disable ALL protection software first? Did you try running it in Safe Mode?

Please run this online scanner and attach the results.

Using ESET's Online Scanner

Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach

• the new C:\MGlogs.zip
• the ESETscan.txt
• OTL.txt and Extras.txt logs if you were able to run OTL
• updated HitmanPro log

What malware problems do you still have?

 

You're welcome!

*Be sure to work through the below link -

How to Protect yourself from malware!