Can't remove final few Malware issues

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make.

Kes13!

 

1. Were you able to run RootRepeal and combofix? If so then please attach the logs from doing so into your next reply as I would prefer to see those also.

2. Please disable frostwire from running at start-up whilst we are removing malware.

3. You need to move MGTools.exe from your desktop now before we continue and put it where it belongs, directly on your C Drive.

4. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix exit HJT.

5. Now download The Avenger by Swandog469, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

6. Also delete all files in the below bold folder except ones from the current date (Windows will not let you delete the files from the current day).

7. Now go to C:\MGTools and locate analyse.exe. Double click it to run it. Click on CONFIG > Mics Tools > click on Open Uninstall Manager > choose to "save list" save the log to your desktop and attach it into your next reply.

7. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from avenger and also the uninstall list log.

8. Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

don't forget to let me know how things are running now! Reviewing your logs right now.

 

You are using an outdated version of MGTools!

Go to this MGTools and download the new version of MGtools.exe. Overwrite your previous MGtools.exe file with this one.

Run the new MGTools.exe and attach the C:\Mglogs.zip that it creates.

 

Hmm, then let's try clearing up some avg remnants to make a fresh start and we will also see what might be lurking of malware defense still, which is preventing you from installing avg or causing a very incomplete install.

1. Now download Registry Search (see the link titled RegSearch Download Link)

• Extract the files from Regsearch.zip into a folder.
• Doubleclick regsearch.exe to start the program.
• In the top 3 boxes under the Enter search strings case independen) and click Ok... option, enter the below string (use copy and paste)

• Then click "OK".
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
• Attach this RegSearch.txt file.

2. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix exit HJT.

3.

• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

4. Attach the log from avenger and the log from RegSearch into your next reply.

 

Try running it in safe boot mode, and also may I see the log from running SUPERantispyware?

 

Good to hear! I would still like to see the logs from both Combofix and SAS before I give you final steps.

 

OK well don't panic, I was just making sure absolutely everything was covered, but those logs were looking good so not to worry