Jump to content

ShadowPuterDude

Emsisoft Employee
  • Posts

    20056
  • Joined

  • Last visited

  • Days Won

    212

Everything posted by ShadowPuterDude

  1. Thread Closed Reason: Lack of Response PM either ShadowPuterDude or Lynx to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  2. Download Avenger from HERE and unzip to your desktop. Run Avenger Read the prompt that appears, and press OK Copy & paste the following text in Input script Box: Registry keys to delete: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB} Drivers to delete: gkmixern Files to delete: c:\docume~1\carolyne\LOCALS~1\Temp\gkmixern.sys Then click "Execute". You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Attach that log with your next post. ----------------------------------------------------------- Download -->> OTL <<-- to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Attach both logs with your next reply.
  3. Where are the ISeeYouXP and HiJackFree logs?
  4. Until you attach the logs I requested earlier, I can not help you. If you are having problems with IE then change to another browser, such a Firefox, for the duration of this support case. Stop using the reply button at the button of the post.
  5. The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u17 available from Sun Microsystems. ----------------------------------------------------------- Using Add or Remove Programs in the Control Panel; uninstall the following: ----------------------------------------------------------- Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*). REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] "{381FFDE8-2394-4f90-B10D-FC6124A40F8C}"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] "{381FFDE8-2394-4f90-B10D-FC6124A40F8C}"=- Close Notepad. Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry. ----------------------------------------------------------- Download Avenger from HERE and unzip to your desktop. Run Avenger Read the prompt that appears, and press OK Copy & paste the following text in Input script Box: Files to delete: c:\windows\system32\browseui(3).dll c:\windows\system32\browseui(2).dll c:\windows\system32\jscript(2).dll c:\windows\system32\jscript(3).dll c:\windows\system32\msasn1(3).dll c:\windows\system32\msasn1(4).dll c:\windows\system32\mshtmled(2).dll c:\windows\system32\mshtmled(3).dll c:\windows\system32\msrating(2).dll c:\windows\system32\msrating(3).dll c:\windows\system32\shlwapi(3).dll c:\windows\system32\shlwapi(4).dll c:\windows\system32\urlmon(3).dll c:\windows\system32\urlmon(4).dll c:\windows\system32\wininet(3).dll c:\windows\system32\wininet(4).dll C:\WINDOWS\temp\ib1.tmp C:\WINDOWS\temp\ib2.tmp C:\WINDOWS\temp\ib3.tmp C:\WINDOWS\temp\ib4.tmp C:\WINDOWS\temp\ib5.tmp Then click "Execute". You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post. ----------------------------------------------------------- Attach fresh logs for: Avenger (C:\avenger.txt) a-squared Free/Anti-Malware ISeeYouXP HiJackFree Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  6. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  7. If they are not there, they are not there. The instructions say if they exist to delete them.
  8. gsl.dll is not malware. Reformatting the HDD and performing a "Clean Install" of the Operating System is the best way to proceed.
  9. There are 4 types of Windows XP CD's, OEM, Retail, VLK, and Upgrade. You have to use the kind that was used when it was first installed. I won't explain how to do a "Repair Install", if you do not have the installation media in your possession. If someone upgraded your Operating System, without leaving the installation media with you; then this leads me to believe that your copy of Windows in not legally licensed.
  10. Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL :OTL PRC - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found :Files C:\Users\greg\zerxr6qe.exe C:\Windows\System32\_WDYSZYG.sys C:\Windows\342440337.dat C:\Windows\System32\rezumatenoi.dat C:\Windows\System32\sasnative32.exe @C:\ProgramData\TEMP:C97C8631 @C:\ProgramData\TEMP:DFC5A2B2 @C:\ProgramData\TEMP:5C321E34 :Commands [purity] [emptytemp] [resethosts] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Attach the new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  11. Thread Closed Reason: Lack of Response PM either ShadowPuterDude or Lynx to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  12. Thread Closed Reason: Lack of Response PM either ShadowPuterDude or Lynx to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  13. Download -->> OTL <<-- to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Attach both logs with your next reply.
  14. C:\My Games\WordUp\wordup.exe detected: Virus.Win32.Sality!IK E:\CD image\Downloads\LsReCore_L2M.dll detected: Trojan.Hijacker!IK E:\CD image\Downloads\wings-0.98.36.exe/inet_gethost.exe detected: Virus.Win32.PureMorph!IK E:\CD image\Downloads\x-fusions_setup.exe detected: Virus.Win32.Melting.B!IK These appear to be False Positives.
  15. Antivirus Tools Cannot Clean Infected Files in the System Restore Folder.The System Restore feature in Windows protects all folders and files in the System Restore folder on the Windows partition. This folder and all of its subfolders are the data store that the System Restore feature uses to restore your computer's operating system to a previous state from a previous point in time. Although some antivirus programs may have the ability to work with files that have been compressed or stored in .zip or .cab file format, the System Restore feature does not permit these utilities to manipulate these files within the data store. The data store is protected for data integrity purposes, and the System Restore feature is the only method you can use to obtain access to the data store. Because of this, the antivirus program is unable to remove the virus from the file or files in the data store. The files in the data store are inactive and can be used only by the System Restore feature. ----------------------------------------------------------- A reinstall of the Operating System may be required.
  16. Download ComboFix from one of these locations: Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 Link 3 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. ----------------------------------------------------------- Attach fresh logs for: ComboFix (C:\combofix.txt) a-squared Free/Anti-Malware HiJackFree Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  17. Download ComboFix from one of these locations: Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 Link 3 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. ----------------------------------------------------------- Attach fresh logs for: ComboFix (C:\combofix.txt) a-squared Free/Anti-Malware ISeeYouXP HiJackFree Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  18. Download ComboFix from one of these locations: Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 Link 3 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. ----------------------------------------------------------- Attach fresh logs for: ComboFix (C:\combofix.txt) ISeeYouXP HiJackFree Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  19. Open notepad Copy and Paste the below lines of code to notepad: @echo off copy C:\WINDOWS\system32\logevent.dll c:\logevent.dll Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your Desktop. Double-click on fixes.bat to execute it. ----------------------------------------------------------- Download Avenger from -->> HERE <<-- and unzip to your desktop. Run Avenger Read the prompt that appears, and press OK Copy & paste the following text in Input script Box: Files to delete: Files to move: C:\logevent.dll | C:\WINDOWS\system32\eventlog.dll Then click "Execute". You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot. Note: It is possible that Avenger will reboot your system TWICE. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post. ----------------------------------------------------------- Go to start > run and copy and paste the following command in the field: "%userprofile%\desktop\win32kdiag.exe" -f -r This should restore permissions on locked files and remove mountpoints. ----------------------------------------------------------- Post fresh logs for: Avenger (C:\avenger.txt) Win32kDiag a-squared Free ISeeYouXP Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  20. Have a-squared quarantine the following: Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe detected: Trace.Registry.VirusShield2009!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\Arrakis3.exe detected: Trace.Registry.SmartVirusEliminator!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdreinit.exe detected: Trace.Registry.SmartVirusEliminator!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdsubwiz.exe detected: Trace.Registry.SmartVirusEliminator!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdtkexec.exe detected: Trace.Registry.SmartVirusEliminator!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\bdwizreg.exe detected: Trace.Registry.SmartVirusEliminator!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\livesrv.exe detected: Trace.Registry.SmartVirusEliminator!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\seccenter.exe detected: Trace.Registry.SmartVirusEliminator!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\uiscan.exe detected: Trace.Registry.SmartVirusEliminator!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\upgrepl.exe detected: Trace.Registry.SmartVirusEliminator!A2 Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\vsserv.exe detected: Trace.Registry.SmartVirusEliminator!A2 Then attach a fresh log from a-squared.
  21. It the same CD, the only thing you do differently is how you install the Operating System.
  22. The OTL log looks fine. How are things running?
  23. Thread Closed Reason: Lack of Response PM either ShadowPuterDude or Lynx to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  24. Thread Closed Reason: Lack of Response PM either ShadowPuterDude or Lynx to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
  25. Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
×
×
  • Create New...