Malware Procedure Completed, Logs for review

Found some suspicious things in my email, so I ran the sequence of malware detection/removal. I'm attaching my logs and waiting for instructions on what to do next. Thanks for your help!!

I have one last file to upload, so I'll comment on this post and add it there. Your procedure gen's 6 logs and we can only attach 5.

 

Now for the TDSKiller log, attaching that. Thanks again!

 

I'm embarrassed to say that I completely spaced the Defogger and preliminary stuff. I'm having some problems, though. My computer is not acting right.

Here's what I've done per your direction:

1. I purchased the license for MBAM and inserted the license codes. I made sure it's turned on and actively monitoring.

2. I checked and I do not have the ComboFix installed, another oversight. Sorry about that, I was under duress trying to get my computer cleaned plus keep up with other commitments.

3. I re-enabled the UAC

4. I ran the MGclean.bat. Does it just go, flash, then finish? I didn't see much when it ran.

5. I tried to uninstall the Hijack This and I can't find it on my list of programs. I tried to find it in CCleaner and still couldn't. Is it installed under another name? Seems to me that it is, but my brain is not engaging on this one.

7. I tried to do the system restore and I cannot get the computer properties to come up. I tried to do a snip of the error boxes and my computer says that that feature is gone! I did a screen capture, but it says "Computer Management Snapin Launcher has stopped working. Windows is collecting more information about the problem. This might take several minutes... The bar has no progress. A second box came up and asked if I want to send more info to MS about the problem. Here are the details included:

Files that help describe the problem:
C:\Users\Laura\AppData\Local\Temp\WER39F9.tmp.WERInternalMetadata.xml
C:\Users\Laura\AppData\Local\Temp\WER524B.tmp.appcompat.txt
C:\Users\Laura\AppData\Local\Temp\WER52D8.tmp.mdmp

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

I can't get to the properties nor can I send you a picture of what it's doing. What happened?

Thanks for your help!

 

Something is really wrong. Most of my programs will no longer launch from my task bar, start menu, etc. The only way I could get my browser to launch was via the "CCleaner Home Page" short cut that let me open Chrome. I was able to renavigate back here. I decided to restart my computer, thinking when I restarted the UAC, I hadn't restarted.

I pulled up CCleaner as the registry scan gives me a feel for how compromised my computer is. I have 14 issues which is not normal.

4 Missing TypeLib Ref
6 Invalid Firewall rules
2 Missing MUI Ref
2 Invalid file ref

I don't know if that helps any. Every time I try to open the computer properties, Windows Explorer stops working and has to restart. I'm perplexed.

Thanks for your help!

Laura

 

I'm beginning to think that there's something still on my computer. When I opened my email, the broadcast messages were apparently going again as I have another mess load of nondelivery errors.

I can't boot into safe mode.

My Windows Explorer shuts down whenever I try to right click on anything.

Most of my shortcuts are toast, inop.

Should I start over on the Malware process and this time not skip the beginning?

Help!

Thanks, Laura :cry

 

Re: Malware Procedure Completed, Logs for review--2nd run

I answered my own question and reran the process from the beginning. Logs are attached. I did encounter the following problems:

1. CCleaner would not run in the other accounts. Good news is they haven't been used so there shouldn't be much junk.

2. MBAM would not run. I will try to reboot and since it will auto initiate active protection, I'll see if it will run then.

Everything else went through, but one of the scans wants me to buy it before it will remove anything. I wasn't sure since it marked everything as "no action"

Thanks for the second look.

Laura

 

I understand that this is a malware forum. BTW, as soon as the Hitman removed these items, my software may be ok. I was actually able to right click on a file to delete it and Windows did not stop working!

Here is the log. Please let me know if there is any additional cleanup I need to do.

Thanks!

Laura

 

No, it does not. I've attached the log.

Thanks!

Is there any clean up now?

Laura

 

Re: Malware Procedure Completed, Additional Scans. More Malware

I honestly do not believe that I'm clean.

I found RemoveIT Pro in your list of detection / removers and it came up with a long list of suspicious files. I did a check on the files to see if they were actual threats or false detections and there were too many that are considered malware for me to believe that I'm clean.

The log keeps failing so I can't attach it. Can I get more help with this please??

Also, you never had me go back and fix anything that Rogue Killer found? Why not?

I'm still limping along here.

Laura

 

Okay, I finally figured out where I could find the SnipIt tool and get it to run because I can't cut/paste in that ap. Everything else is so glommed up that Windows keeps shutting down every time I try to open anything using a shortcut.

I'm attaching the 3 captures of the list. I know that not all of these are actually bad, but when I looked them up, it became obvious that files that were installed since August (I don't remember the exact date) are the suspect ones. From the reading I've done, this malware hides itself using other program names and in the Sys32 folder of Windows. Some are legit, but like I said, if there is a date of 2012, it is probably not. You can't tell here, but when I line them up in the Sys32 folder.

Thanks!

Laura