Please help!!! Trojan and Malware ruining my sleep HELP!!!

[jiyala]

Hi -

I'm Alex. Im an accountant and not very good with computers. I have an older Dell Inspiron 6400 laptop, about 5 year old at least. This is my only personal computer.

I always had Symantic, but it expired over a year ago, I think it still worked to a degree. A few days ago my computer got very slow, and I started getting Trojan virus alerts from my outdated Symantic, (alerts were all the time). So I downloaded Avast Free Anti-virus. Upon loading, pretty much every 30 seconds, I would get an alert from Avast that a threat was blocked (Trojan and also malware), every 30 seconds. Avast would give the link to the symantic folder and say that symantic was the process. I finally uninstalled the Symantic and the problem went away. I also came to your forum and found this link:

http://forum.avast.com/index.php?PHPSESSID=cldr7vo0il11luq7bc5pfo4is7&topic=53253.0

This link gave good advice, I follwed it:
1. ran Adwcleaner - found stuff that was deleted
2. ran Malwarebyte anti malware - found stuff that was deleted
3. ran OTL - Not sure if it picked anything or not
4. ran aswmbre.exe - I think it picked 1 item, I'm not sure how to delete it

I ran all of the above in a row a couple time. My computer is much better now, but I still believe I have a virus hiding because aswmbre.exe still catches one, I'm not sure how to delete it.

Please help this bean counter, and I will pass the good karma around. Thanking you in advance.

P.S. The link / instructions said that I would get 2 log files for the OTL, but I think I only got one.

BTW, my hats off to you guys, as this is such a technical and complicated work.

In return, please do not hesitate to ask me any tax related questions.

[essexboy]

Hi, there is a partial zero access infection there

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
O4 - HKU\S-1-5-21-1780451004-125877106-1097268120-1000..\Run: [Sylvia Gulen Kamran] C:\Users\Sylvia Gulen Kamran\Sylvia Gulen Kamran.exe File not found
O4 - HKU\S-1-5-21-1780451004-125877106-1097268120-1000..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe File not found
O33 - MountPoints2\{dcd11d30-d2f0-11df-bbdb-c40f8f566d75}\Shell\AutoRun\command - "" = F:\RECYCLER\recycld.exe e
O33 - MountPoints2\{dcd11d30-d2f0-11df-bbdb-c40f8f566d75}\Shell\open\command - "" = F:\RECYCLER\recycld.exe

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

[jiyala]

ESSEXBOY -

1st of all, thank you for your reply. I appreciate quick help in this matter (I really do).

I'll follow your instructions, hopefully it will go smoothly, otherwise I'll bother again, for which I'm saying sorry ahead of time (-;

Just a quick question - in your instructions you have copy / pasted (it appears) some code, right below the very first picture of the OTL screen - am I supposed to do anything with it, I mean do I need to use it for some purpose, or ignore it? do I need to copy paste it into the screen somewhere?

thanks,

[essexboy]

If you click the select hyperlink next to the code :  All the text will highlight, right click the highlighted text and select copy

Then click in the white box on OTL (custom scans/ fixes) and select paste
Then click run fix 

I will continue working with you untill you are happy so no need to fret 

[jiyala]

Hi ESSEXBOY -

I followed the instructions you provided:

1. unfortunately whenever I RUN FIX OTL, it runs for a few seconds, a black window pops up and goes away and then it stop / freezes i.e. on the very top pane of the OTL window where it says its name it also same (Not Responding). Basically it just stays like that forever.
2. Yesterday after your instructions I spent several hours, rebooting and trying over and over again, making sure all windows / programs were closed (with the exception of the AVAST FREE ANTIVIRUS that I have). Even saved OTL at a different location and tried from that place, each time it just goes into a (NOT RESPONDING) mode. After about 5 minutes the NOT RESPONDING disappears but the program just stays still. I can move around the cursor, but the moment I press any buttons it just goes into a NOT RESPONDING mode again.

Is there anything you recommend?
In worst case I'm not able to run OTL, the remaining virus I have, how bad is it, any mitigating steps I can do to prevent it from taking over again?

Once again, I greatly appreciate your help.

[essexboy]

That is probably malwarebytes blocking OTL from running..  Go to the combofix step please and dependant on the result of that I may not need to run OTL