PLEASE HELP I am new to Malware Removal

Hello,

I have done the instructions for Read & Run Me First. So the next thing is to attach my logs I assume.

I noticed threat alerts earlier last week after I tried to download a TV show. I normally don't download shows to my computer for this exact reason, but I see my boyfriend do it all the time and think well I could just download 1, what could go wrong?? hahaha I'm an idiot!
I had AVG installed for quite some time (I now have Avast, thinking it would help more than AVG) that just kept popping up letting me know that threats were being blocked. I tried to run a scan and thought it would rid them, but that is when I realized it wasn't working, so I download Avast and removed AVG(uninstalled). I also downloaded Malwarebytes and tried to fix it that way. After those two programs didn't work, I researched online and found your site. I thought all the info I was reading seemed more helpful than what I was finding/doing myself. So i went through your instructions and my internet seems to be working a lot better. The only downside though, is that my Avast keeps telling me that it's still blocking the Malware/Trojan horse...how do I get rid of this??? It's showing up as object c:\win32

I plan to attend school soon and don't want to have any issues with my laptop not functioning properly..if you could help that would be FAB!!

Thank you!!!

 

If there is any other log you need, please let me know

Thanks again team!

 

Welcome to MajorGeeks, Scorpio 20 !

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run
Note: This is a newer version of TDSSKiller than what you previously ran. Make sure you download the new version!

 

I thought I sent you a message already, but I don't see it.

I just wanted to THANK YOU for helping me out. I ran the program and it said I had 1 threat, so I did the Scan and rebooted my computer and it asked to re-scan so I did and now it shows zero threats!! And my Avast isn't popping up anymore showing me a threat has been blocked lol. THANK YOU TONS!!

Now my last question is, how do I undo everything I did from the read me run me instructions? I've downloaded a lot and now my system is running very very slow .

Thank you,
Happy Scorp!

 

Hi,

I'm glad to hear things are working better but we most likely still have some work to do.

First I need the TDSSKiller log from the root of the C: drive.

 

ho hum lol...Okay here are my logs...the 1st log I ran and the 2nd log I ran after the re-boot.

 

http://img205.imageshack.us/img205/1894/otl.gif Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

[COLOR="DarkRed"]:files[/COLOR]
C:\Users\jisabell\AppData\Local\{1113febf-37cb-e78d-7fd3-10c6fd40af6c}
c:\windows\installer\{1113febf-37cb-e78d-7fd3-10c6fd40af6c}
C:\Program Files (x86)\Yontoo
C:\Windows\assembly\GAC_32\Desktop.ini
[COLOR="DarkRed"]:reg[/COLOR]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C74A0B7-5878-4277-A70B-0980A819895D}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
[COLOR="DarkRed"]:commands[/COLOR]
[emptytemp]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

__

http://img406.imageshack.us/img406/3189/windowsrepair.gif Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now open Repair_Windows.exe
• Go to the Start Repairs tab.
• Press the Start button
• Create a System Restore point if prompted.
• In the Repair Options window, choose the following repairs:
  • Repair Windows Firewall
• Place a checkmark in Restart/Shutdown System When Finished
• Fill in the Restart System bubble
• Now click the Start button.
• Be patient while the tool repairs the selected items. Your computer should automatically restart when finished.

__

http://img97.imageshack.us/img97/8120/fss.gif Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure all the options are checked
• Press Scan.
• It will create a log (FSS.txt) in the same directory the tool was run.
• Please attach FSS.txt to your next message. (How to attach)

__

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

here are the logs you requested.

Thanks again

 

• Download the three files below onto your desktop:
  • BITS.reg
  • WinDefend.reg
  • wuauserv.reg
• Now double-click each of them, one at a time, and allow each one to merge into the Windows registry.
• Let me know if you received a successful message for all 3 files
  • If all were successful, reboot your computer and run another scan with Farbar Service Scanner.
  • If all were NOT successful, doesn't matter if you reboot computer or not, but make sure you let me know which error message you received when trying to merge into the registry.

 

All three were successful, here is the log from the FSS in case you need it.

 

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe

 

Thank you so much for your help!!

 

You are very welcome. Be safe: )