Removing Residual Traces

How did you remove the malware as the last malware thread you had here was in 2010.

 

Rerun RogueKiller and have it fix these items:

Code:

¤¤¤ Registry : 23 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E} -> Found

Now rerun Hitman and have it fix all it finds.

Now lets clean out your temp files.

Download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Paste the following code under the area. Do not include the word Code.

Code:

:Processes
explorer.exe

:files
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
C:\WINDOWS\Temp\*.*
C:\Users\Account\AppData\Local\Temp\*.*

:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

Do tell me how things are running after a reboot.

 

You can try using Revo Uninstaller to remove that program.

Just keep an eye on things and let me know how things are running.

 

What browser is causing the issues? The downloading issue should be pursued in the software forum.

 

There is a 1.87 Terabyte harddisk in this PC and it is almost full. Less than 1 % free space remains! While this may not be the cause of the current problems, it can cause problems. With this large of a hard disk, you should never have less than 10% free ( 200 GB ) free space which will help to keep things running more smoothly.


@ TimW,

Due to the policy/permission issue with SUPERAntispyware, I suggest running Windows Repair. Note that per the logs, no malware had been fixed with TDSSKiller in the past. It would have should in the logs in the Quarantine folder. SAS did have a few logs from Nov/Dec 2014 though.

 

Let's try this on Chaslangs recommendation: (This will take some time to do! )

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
  
  
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

 

I doubt that it is your AV software. The Windows repair was to help with possible permission issues. At this point, yes, you should post in the software forum for further assistance.

[BSince you are not having any malware problems, it is time to do our final steps:[/B]

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
   
   
8. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!