Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

BitDefender detects Trojan.Inject.TM but can't delete.


  • Please log in to reply
29 replies to this topic

#1 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 01 September 2010 - 02:06 PM

My internet browser is always being redirected. I've downloaded and tried to run AVG and MalwareBytes, but neither will run. My antivirus software, Bitdefender detects the virus, but cannot delete it or quarantine it. I need help. I posted here before but my computer was frozen for a time and i was finally able to get it to safe mode and get it running, albeit still infected.

    Advertisements

Register to Remove


#2 Guest_NightWizard_*

Guest_NightWizard_*
  • Guests

Posted 02 September 2010 - 03:37 AM

Hi Perk,

:welcome:

My name is NightWizard and I will be your helper. :)

While I go through your log, I would very much appreciate it if you read the following.

  • I aim provide you with the best instructions possible to resolve your issue. However, I ask that you understand that malware is complex and the process usually takes a few attempts before successfully cleaning everything out. In severe cases cleaning may not be possible and a reformat may be our only option.
  • If you are unresponsive to this thread within three days, the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.
  • Please do not make any new threads about this issue here or any other malware removal forum; it wastes other helpers' time and it can be dangerous for your PC.
  • If you don't understand a set of instructions or you are having trouble performing some of the fix, don't panic! Let me know and I will be happy to help in any way I can.
  • Please remember that the absence of symptoms does not mean you are clean. I request that you stick to this log until the very end - I will inform you when your system is clean.
  • Please do not use any tools other than the ones I instruct you to use. Some of the tools available can be dangerous if used incorrectly.

Please be advised that I am still in training at this forum. My posts will be checked by experts before I post in this thread. This is to ensure you get the best possible help available. This may cause delay however I will do my best to limit the time gaps between posts.



Thanks for choosing WhatTheTech and I will be back with a fix shortly! :)


-NightWizard

#3 Guest_NightWizard_*

Guest_NightWizard_*
  • Guests

Posted 02 September 2010 - 04:07 PM

Hi Perk,

Please work your way through the following steps:


Step One


It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Do not reboot your computer after running rkill as the malware programs will start again.





Step Two


Download OTL to your Desktop from one of the following links:

LINK 1
LINK 2
LINK 3

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop from HERE.
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in this thread.




Step Three


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries




In your next reply please include:
  • The OTL log.
  • The GMER log.
Cheers :thumbup:

#4 Guest_NightWizard_*

Guest_NightWizard_*
  • Guests

Posted 07 September 2010 - 12:14 AM

How are things going? Still need a hand?

#5 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 07 September 2010 - 02:45 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#6 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 09 September 2010 - 10:46 AM

Every antispyware software I try to use will not work. I've tried MalwareBytes and AVG.

Edited by Perk, 09 September 2010 - 11:01 AM.


#7 Guest_NightWizard_*

Guest_NightWizard_*
  • Guests

Posted 11 September 2010 - 06:36 PM

Hi Perk,

Please work your way through the following:


Step 1 - Rill


Note: If your security software warns about Rkill, ignore & allow the download to continue.
Download RKill by Grinler from Here & save it to your Desktop.
Alternate download links:
Two
Three
Four
  • Double click Rkill to run it
  • A command window will open then disappear upon completion, this is normal
    • If this does not happen... delete the file, then download & use the next link provided
    • If it does not work, repeat the process & attempt to use one of the remaining links until the tool runs
  • Do not reboot your machine until asked to do so. If no version of Rkill would run, please let me know
  • When finished, Notepad will open with a log file, automatically saved at C:\rkill.log
  • Copy/paste the contents of the rkill.log file in your next reply
  • Leave Rkill on the Desktop unless instructed otherwise
Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, leave the warning on the screen, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.

After running RKill continue to do the following, it is important in this time you do not reboot your PC.



Step 2

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Step 3

Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



In your next reply please include:
  • The Rkill log.
  • The two OTL logs.
  • The GMER log.
Cheers! :thumbup:

#8 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 13 September 2010 - 09:49 AM

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Byron on 09/12/2010 at 20:58:35.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Byron\Downloads\rkill.com


Rkill completed on 09/12/2010 at 20:58:43.



OTL logfile created on: 9/13/2010 7:47:46 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Byron\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 203.84 Gb Free Space | 70.98% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.79 Gb Free Space | 16.39% Space Free | Partition Type: NTFS
Drive E: | 7.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BYRON-PC
Current User Name: Byron
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Byron\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00317165\Toolbar\CAGlobal.exe (CallingID Ltd.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00317165\Light\CAGlobalLight.exe (CallingID Ltd.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\System32\svcprs32.exe ()
PRC - C:\WINDOWS\System32\mdmcls32.exe ()
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Byron\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\System32\UmxSbxExw.dll (CA)
MOD - C:\WINDOWS\System32\UmxSbxw.dll (CA)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe File not found
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (WinSvchostManager) -- C:\WINDOWS\System32\svcprs32.exe ()
SRV - (WinExtManager) -- C:\WINDOWS\System32\mdmcls32.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS File not found
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (KmxAMRT) -- C:\Windows\system32\DRIVERS\KmxAMRT.sys (CA)
DRV - (KmxAgent) -- C:\WINDOWS\System32\drivers\KmxAgent.sys (CA)
DRV - (KmxCfg) -- C:\WINDOWS\System32\drivers\KmxCfg.sys (CA)
DRV - (KmxSbx) -- C:\WINDOWS\System32\drivers\KmxSbx.sys (CA)
DRV - (KmxFile) -- C:\WINDOWS\System32\drivers\KmxFile.sys (CA)
DRV - (KmxCF) -- C:\WINDOWS\System32\drivers\KmxCF.sys (CA)
DRV - (KmxFw) -- C:\Windows\System32\DRIVERS\kmxfw.sys (CA)
DRV - (KmxFilter) -- C:\WINDOWS\System32\drivers\KmxFilter.sys (CA)
DRV - (NuidFltr) -- C:\WINDOWS\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (KmxAMVet) -- C:\WINDOWS\System32\drivers\KmxAMVet.sys (Computer Associates International, Inc.)
DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTSTOR) -- C:\WINDOWS\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel® -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\WINDOWS\System32\drivers\yk60x86.sys (Marvell)


I posted 4 logs but the post was too long so i had to select all and copy and paste this way. I hope everything is here.

#9 Guest_NightWizard_*

Guest_NightWizard_*
  • Guests

Posted 13 September 2010 - 04:29 PM

Hi Perk, Please try attaching your logs to a post. To do this click "Add Reply" then under the text input field there is an area to upload and attach files. Please attach ALL logs that I requested previously :) Thanks.

#10 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 14 September 2010 - 06:32 PM

Nightwizard, I can't upload ANY attachments for some reason! It won't allow me to upload Gmer, OTL, or the Rkill.

    Advertisements

Register to Remove


#11 Guest_NightWizard_*

Guest_NightWizard_*
  • Guests

Posted 15 September 2010 - 11:03 PM

Hi Perk,

Please navigate to http://tinypaste.com/ and copy/paste your log into the main text area, then click submit (bottom right). You will then be redirected to a page with a link on it. Please post that link here for me to see.

Please be sure to make a separate paste for each log.

Thanks :)

#12 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 18 September 2010 - 02:16 AM

http://tinypaste.com/48368

#13 Guest_NightWizard_*

Guest_NightWizard_*
  • Guests

Posted 19 September 2010 - 07:05 AM

Hi Perk,

Please work your way through the following steps:

Step 1 - P2P Programs

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire
BitTorrent


References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetw...cles/art053.htm

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you choose not to remove them, please do not use them until this computer is clean.



Step 2 - 2 Anti-Virus Programs Running!

You are operating your computer with multiple Anti-virus programs:

  • BitDefender
  • CA


It is not safe to have more than one anti-virus installed on a computer, and doing so not only does not provide better protection, it will actually cause additional problems.

Anti-virus programs hook deep into the system to provide their protection and take up an enormous amount of your computer's resources when they are actively scanning your computer.

Having multiple anti-virus programs on one computer can cause your computer to run very slow, become unstable and even crash, You must remove all but one anti-virus program now.

To do this click Start > Run then copy/paste this: control.exe appwiz.cpl and click Ok. Then remove your chosen AV's from the list presented.



Step 3

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O4 - HKCU..\Run: [MSVirtual] File not found
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    
    :Files
    C:\Users\Byron\Desktop\Magic ISO Maker 5.4 with serial
    C:\Users\Byron\Desktop\Business Plan Pro 2007 Premier Edition v9.06.0006 Incl Keymaker
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.



Step 4

Download the Norton Removal Tool from HERE and save it to your desktop.

Next Double click on Norton_Removal_Tool.exe to run the tool.

Follow the on-screen instructions.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.



Step 5

Please download Malwarebytes' AntiMalware.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



In your next reply please include:
  • The OTL log.
  • The MBAM log.
Cheers! :thumbup:

#14 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 19 September 2010 - 12:59 PM

All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSVirtual deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\LaunchU3.exe not found. ========== FILES ========== C:\Users\Byron\Desktop\Magic ISO Maker 5.4 with serial\Magic ISO folder moved successfully. C:\Users\Byron\Desktop\Magic ISO Maker 5.4 with serial folder moved successfully. C:\Users\Byron\Desktop\Business Plan Pro 2007 Premier Edition v9.06.0006 Incl Keymaker folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Byron ->Temp folder emptied: 418397372 bytes ->Temporary Internet Files folder emptied: 69759436 bytes ->Java cache emptied: 2241858 bytes ->FireFox cache emptied: 106318592 bytes ->Google Chrome cache emptied: 6099312 bytes ->Flash cache emptied: 170271 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 678638217 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 51097 bytes Total Files Cleaned = 1,222.00 mb [EMPTYFLASH] User: All Users User: Byron ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.9.1 log created on 09192010_114432 Files\Folders moved on Reboot... File\Folder C:\Users\Byron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(241)\Content.IE5\KN1M684O\l=y;kvcmsid%3Dbsd%3A19582413%3Bkvpg=bvbuzz%2F2010%2F08%2F05%2Ffred-hammond-relaunches-rec;kvmn=93239436;target=_blank;aduho=420;grp=496598522;misc=496598522[1] not found! File\Folder C:\Users\Byron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(241)\Content.IE5\KN1M684O\z%2F2010%2F08%2F05%2Ffred-hammond-relaunches-rec%3Bkvmn%3D93239433%3Bkvtid%3D166nbs81err358%3Bkvseg%3D99999%3A60063%3Bnodecode%3Dyes%3Blink%3D;ord=496627873[1] not found! File\Folder C:\Users\Byron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(241)\Content.IE5\KN1M684O\z%2F2010%2F08%2F05%2Ffred-hammond-relaunches-rec%3Bkvmn%3D93239436%3Bkvtid%3D166nbs81err358%3Bkvseg%3D99999%3A60063%3Bnodecode%3Dyes%3Blink%3D;ord=496641717[1] not found! File\Folder C:\Users\Byron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(241)\Content.IE5\C8FTURK7\433;kvcmsid%3Dbsd%3A19582413%3Bkvpg=bvbuzz%2F2010%2F08%2F05%2Ffred-hammond-relaunches-rec;kvmn=93239433;target=_blank;aduho=420;grp=496598522;misc=496598522[1] not found! File\Folder C:\Users\Byron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(241)\Content.IE5\C8FTURK7\l=y;kvcmsid%3Dbsd%3A19582413%3Bkvpg=bvbuzz%2F2010%2F08%2F05%2Ffred-hammond-relaunches-rec;kvmn=93245871;target=_blank;aduho=420;grp=496598522;misc=496598522[1] not found! File\Folder C:\Users\Byron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(241)\Content.IE5\C8FTURK7\l=y;kvcmsid%3Dbsd%3A19582413%3Bkvpg=bvbuzz%2F2010%2F08%2F05%2Ffred-hammond-relaunches-rec;kvmn=93306682;target=_blank;aduho=420;grp=496598522;misc=496598522[1] not found! File\Folder C:\Users\Byron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(241)\Content.IE5\C8FTURK7\_default;sz=960x250;k21=1;kgender=m;kga=1003;kar=5;klg=en;kage=40;kgg=1;kt= U;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=7420998782454081[1].h tm not found! Registry entries deleted on Reboot...

#15 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 19 September 2010 - 01:23 PM

Nightwizard, for some reason MalwareBytes still won't run!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users