Hello,
Like many users I am having the same problem. From 10 to 10 minutes my avast shows a popup with the blocked http://gteusaaall.info object
URL:MAL
Process: C: \ \ Windows \ System32 \ svchost.exe
I’m using Windows 7 64bit and already ran the Recovery Farbar scan tool.
Attached I send the FRST and the Addition logs generated by Farbar.
Does Anyone know how to remove this thing?
Thanks in advance 
Anybody? 
Thank you
Please be patient, there are many requests atm.
This should stop it
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Attached I send the log generated by Combofix.
To uninstall Combofix I just delete the .exe file located on my desktop?
After you analyse the log can I delete it?
I’ll wait and then i’ll tell you if it worked.
Thanks
I will uninstall the programmes safely when we are completed
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
FCopy:: c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll|c:\windows\system32\user32.dll
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
I no longer have the Combofix .exe file on my desktop 
Can I do that by downloading again Combofix (but not running it)?
But anyway, I think that the http:\getusaaall.info popup was removed. It no longer pops up since I used Combofix.
Do we need to do that step anyway?
Thank you once again.
Well your user32.dll is not showing a legitimate MD5 so it may be infected. But the choice is yours
Ok, but my only doubt is:
[b]"3. Open notepad and copy/paste the text in the quotebox below into it:
Quote
FCopy::
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll|c:\windows\system32\user32.dll"[/b]
For doing this step and drag the text file to Combofix, do I need to run Combofix all over again? Or can I just download Combofix and drag the notepad with the text you post without running combofix again?
Thank you once again
Do you still have FRST ? If so then use that
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Replace: c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll c:\windows\system32\user32.dll REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
I don’t have Farbar anymore
But can I download it again and make the last step you wrote?
Replace: c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll c:\windows\system32\user32.dll
REBOOT:
But what will this do to my computer exactly?
It will replace the suspect file with a good known copy
But won’t it do anything wrong to my Windows?
I don’t have Farbar anymore
But can I download it again and make the last step you wrote?
[b] Replace: c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll c:\windows\system32\user32.dll
REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that[/b]
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
This should not affect windows at all
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Replace: c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll c:\windows\system32\user32.dll REBOOT:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
But before I open notepad and copy paste this:
Replace: c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll c:\windows\system32\user32.dll
REBOOT:
Should I ran FRST first? Or can put the fixlist.txt into FRST folder without running FRST again?
Thanks
No need to run an FRST scan first
Sorry, I didn’t understand.
I need to run FRST?
ORr I don’t need to run FRST?
Thanks
There is no need to run an FRST scan just run the fix
I ran the fix and after that I couldn’t start my Windows 7…I had to restore my OS :\
What state are you at now ?