http://www.freedrweb.com/livecd or ftp://ftp.kaspersky.com/devbuilds/RescueDisk/kav_rescue_2008.iso If I'm helping you and I don't reply within 24 hours send me a PM.

0

Check my last. On the Dr. Web site now, however will take some time to set-up. From the tone of your last it sounds as though it is heading towards a complete re-install of the OS. Is this the likely outcome from what you observed in the log?

0

Its not as bad as virut it can be recovered. You can read about it more at http://www.pc1news.com/virus/virus-... If I'm helping you and I don't reply within 24 hours send me a PM.

0

Right then, I'll have a go at it. Thanks in advance for your help. I'll post reply when I have completed the scan. Will post logs as well.

0

OK jd, I could not get the Dr. Web CD to boot completely. After a few attempts, I gave up and DL'ed Kaspersky, burned that CD and it is now running. However, something changed after attempting the boot with Dr. Web. I've now completely lost my internet connection and when I tried to repair the Links Systems Router program I got an error "object instance not found". I tried using the install CD and got "product not supported by OS". I hope the damage can be amaloriated with Kaspersky. Will update when scan is finished. Thanks.

0

You burned kaspersky on clean system correct? If I'm helping you and I don't reply within 24 hours send me a PM.

0

Yes! I used a laptop and burned with ImageBurn.

0

Scsn is 99% complete, but I have a question. I have an alert message that says it has detected Trojan PSW.Win32.Agent.mcx which cannot be disinfected and gives the option of deleting or skipping[recommended]. Should follow the recomended skip or delete now? Also, have a message asking to update the program because the database is out of date but that wasn't possible with my internet connection down. Awaiting advice.

0

Which file is it? Take down names of files you delete. Only use delete/disinfect don't use skip. If I'm helping you and I don't reply within 24 hours send me a PM.

0

0.rar//AvsVideoConverter 6.2.3.320 AVS VideoConverter.exe I'll provide the list next reply.

0

Scan seems to be complete. Should I try to generate the report now?

0

Don't want to hijack thread but would love to jump in and get some help myself. I am having the exact same problems as Pheonixx. I am reading each reply now and following the same steps you suggest will post logs when I get to that point if it is ok to join on this thread

0

Pheonixx Yes post the scan log. Also now rerun scan to be sure it got all the files. Rollencode Should start your own post. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Ok, NP will do. Good luck Pheonixx

0

Sorry, fell asleep! : ) Oddly, I could not save the report, but I copied it verbatim and uploaded it. http://rapidshare.com/files/2622996... Before I restart the scan, I need to know if I should reboot? Or am I good to go with just restarting?

0

What is you E drive? For the second scan follow: Response Number 1 don't use the boot cd. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Not really sure. Under settings I had the program check all drives, even though E drive is the optical drive the CD was in. The program or file deleted resides in C://Downloads folder. Odd. OK. Kaspersky in safe mode. Thanks

0

Now in addition to internet being knocked out, have the message "Windows Help and Support failed to start" with a link back to Microsoft. Seems like the OS is losing fuctionality everytime I boot into safe-mode!

0

Do you have your windows installation disc? If I'm helping you and I don't reply within 24 hours send me a PM.

0

Yes I do.

0

ok Finish the scan and post scan results. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Hi jd, Here's the link for the last scan. Nothing was detected. http://rapidshare.com/files/2624129... Still no internet, had to port the log via flash drive and upload on a laptop. This time when the system rebooted to normal run mode it took five minutes to go from the Welcome screen to the desktop and just before the desktop came up my screen went solid purple for a minute. Also got the message "Intel service failed to start. Windows has closed the program. MS Windows will notify you when a solution has been found." Looks as though it's getting worse. Have my root directory files been damaged?

0

Read: http://www.updatexp.com/scannow-sfc... then go to normal mode START > RUN > Type: sfc /scannow reboot and see if your system is any better if now we will have to boot from CD and repair the installation. If I'm helping you and I don't reply within 24 hours send me a PM.

0

The instructions on this site are for XP, will this command work on Vista Home Premium?

0

Yes it should be similar if you get stuck let me know. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Not what I was expecting having read the article. The scan didn't run. Got the following instead- these are the last 6 lines in the command prompt: For offline repairs specify location of the offline boot directory For offline repairs specify location of the offline WINDOWS directory sfc/scannow sfc/VERIFYFILE=c:\windows\system32\kernal132.dll sfc/SCANFILE=.d\windows\system32\kernal132.dll/OFFBOOTDIR=d:\ /OFFWINDOWS R=d:\windows sfc/VERIFYONLY Second to last line may not be complete as I can't view the whole command prompt window. I'm stuck.

0

Its wrong command? Its suppsoe to be sfc<space>/scannow .I have no clue what you type. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Ah! working now, will advise when done.

0

OK, did the scan and rebooted, but the system is still in the same state. I retrieved the scan log for inclusion here: http://rapidshare.com/files/2625384... When scan was complete I rebooted, but as it was shutting down the blue screen popped up with the "To protect your computer from harm Windows is shutting down" blah, blah, blah. On restart I had the lengthy Wecome screen, followed by the all purple screen, followed by the message: "Windows has recovered from an unexpected shutdow....." Last time I saw that, there had been a power failure. What's next?

0

Seems like virus did corrupt your files. I suggest you either reinstall or repair your installation from boot disc. You can also try to ccleaner registry cleaner. But corrupted system files were replaced by the last command. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Afraid it would come to that. I'll try a repair from boot disc, then reinstall if that fails. Any suggestions on the boot repair procedure? And thanks again for taking the time to this, you've been a godsend with all your help!

0

Run full scan we with: http://onecare.live.com/site/en-Us/... first before we resort to restore. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Only problem there is my internet is still dead in normal start-up as well as safe mode. Network Diagnostics are out as well. Tried restting the Group Policy DHI to get Diagnostics going but all I get is an error 5 message. Help and support is diabled as well.

0

Try This If I'm helping you and I don't reply within 24 hours send me a PM.

0

No joy. Startup Repair detected no problems. Can't use system restore because it isn't enabled. Which means sometheing recently changed because I know I had it enabled. So there are no usable restore points. Please let me know if any other ideas occur to you before I completely reinstall the OS.

0

Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow: 1) Can you please post your AVZ log: Note: Run AVZ in windows normal mode and make sure you are connected to internet. If avz.exe doesn't start, then try to rename the file avz.exe to game.pif and try to run it again. Pause/Stop your antivirus, firewall software (if any), close games, text editors and all other programs; leave Internet Explorer/Firefox running, before following the steps below. i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder. ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice. iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open. Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator. You should now see the main window of the AVZ utility. --> Please navigate to "File" => "Custom Scripts". Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click. begin ExecuteAVUpdate; end. Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script. --> Choose from the menu "File" => "Standard scripts" and mark the "Healing/Quarantine and Advanced System Analysis" check box. Click on the "Execute selected scripts" button. Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. Upload virusinfo_syscure.zip to rapidshare.com and paste the link here. * It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart. Image Tutorial 2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt Upload the logs to rapidshare.com and paste download link in your next reply. Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so. In your next reply, please include download links to the following: [*] virusinfo_syscure.zip [*] DDS Logs

0

Sorry, AVZ?

0

Follow Response Number 42. If I'm helping you and I don't reply within 24 hours send me a PM.

0

No good. AVZ causes a blue screen shut down about two seconds into running the Healing/Quarantine and Advanced System Analysis scrip. Also, I did run the update script despite not having any internet connection. That script ran OK. In case it was a fluke, I ran the program twice with the same result, so no log to post.

0

What was BSOD stop code error? Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step: 1) Run this script in AVZ like before, your computer will reboot: begin ExecuteRepair(5); ExecuteRepair(6); ExecuteRepair(8); ExecuteRepair(9); ExecuteRepair(14); ExecuteRepair(15); ExecuteRepair(16); RebootWindows(true); end. 2) Try to remake above logs. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Assume the scripts in last post were to be run in custom scripts. I get error message "Error:'=' expected at 3:1" I don't know what error code was thrown on the BSOD. Tried to open the Event Viewer to see what the error/eception was but the service is toast like the others.

0

Check that! Got the first of the above scripts going. Will advise when finished.

0

Response Number 46 part 1 should work make sure you are copying the script correctly. If I'm helping you and I don't reply within 24 hours send me a PM.

0

OK ran all the scripts. There has been improvment. System boots now with no lag-time, almost normal. Showing limited internet connection in normal mode so it might be restored in safe mode. [edit] No internet in safe mode still. Down side is UAC has been reactivated for the first time since I got the machine. Won't let me deactivate it again though.

0

Download ccleaner (http://www.ccleaner.com/download/builds/downloading-slim) Run temp and registry cleaner with it Then redo Response Number 42 and post new set of logs. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Here are the logs. http://rapidshare.com/files/2629676... http://rapidshare.com/files/2629676...

0

Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step: 1) Run this script in AVZ like before, your computer will reboot: begin SetAVZGuardStatus(True); SearchRootkit(true, true); QuarantineFile('/C.exe',''); QuarantineFile('c:\windows\system32\drivers\rxfjemmtwfrvrxjn.sys',''); QuarantineFile('c:\windows\system32\drivers\bpirlsecfieyvxxb.sys',''); DeleteFile('/C.exe'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end. 2) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected. 3) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log. If I'm helping you and I don't reply within 24 hours send me a PM.

0

begin SetAVZGuardStatus(True); SearchRootkit(true, true); QuarantineFile('/C.exe',''); DeleteFile('/C.exe'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end. Is this all one step or a series of step like before?

0

Response Number 53 changed. Begin to end. is all part of single script (one step). If I'm helping you and I don't reply within 24 hours send me a PM.

0

OK, Malwarebytes would not complete in full scan, it got hung up twice when it reached this file d:\windows\system32\config\DEFAULT.LOG1 I had to use Task Manager to shut down the program each time after it had scanned 214958 objects which would have been relatively near the end of the scan. I ran the quick scann instead and include that log with the SuperAntimalware scan log, http://rapidshare.com/files/2630336...

0

Do you have any antivirus installed? if you don't install free avira. How is your system running now? If I'm helping you and I don't reply within 24 hours send me a PM.

0

I have both Webroot and Norton 360. The latter I am hesitant to reinstall as I have used two versions of Symantec and have no confidence in their products. The system is still far from stable, many background services remain inaccessable and internet is still out.

0

Run sfc /scannow again If that doesn't bring back system to workable/fixable i suggest you go ahead with your format. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Thinking your last assessment is correct JD, here is the CBS log. http://rapidshare.com/files/2630577...

0

Any better internet working? If I'm helping you and I don't reply within 24 hours send me a PM.

0

Hi JD, sorry for the delay. No there's been no improvement. I ran a diagnostic on the Network Coneections and this generated a remote access http report. Far from any kind of expert, but from what I could see most of the services that are necessary for the operating system to make a connection are disabled and or inaccessable. I think there has been too much damage. While startup is ok and most programs are working everything connected to Internet is down. I don't know what other options I have.

0

JD, Thank you for your time patience and help. I sucessfully reformatted and installed my OS. Minor problem with my Broadcom Network Adapter, but alls well. Thanks to you I was able to salvage most of my important files and even some of my programs, owe you a beer! Really glad I found this forum, thanks for being here!

0

No problem glad to be helpful. If I'm helping you and I don't reply within 24 hours send me a PM.

0