Persistent Malware/Viral Infection -- Help!

[billfiredrake]

Regrettably, I bring bad news, Essexboy. GMER gave me a catastrophic blue screen memory dump both times I tried to use it so I gave up. As for OTL, after getting an "Access Violation at address 0040295B in module 'OTL.exe'. Read of address 001E9000" I got the logs. They're attached.

Thank you for your help!

[billfiredrake]

Here's the other. Forum file size cap prevented me from including it in the previous post.

[essexboy]

Unfortunately GMER does that sometimes, usually when you have a cd emulator onboard

 Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code: [Select]

:OTL
O4 - HKU\.DEFAULT..\Run: [khbwmxim] C:\Documents and Settings\NetworkService\Local Settings\Application Data\pleawapgw\bstamwstssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [khbwmxim] C:\Documents and Settings\NetworkService\Local Settings\Application Data\pleawapgw\bstamwstssd.exe File not found
[2010/05/06 15:01:14 | 000,231,935 | ---- | M] () -- C:\WINDOWS\jgzr.dat

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

.

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[billfiredrake]

New OTL Log

[billfiredrake]

Combofix log. Amazing that they keep finding things...

[essexboy]

Can you confirm that all is working OK now

[billfiredrake]

Chrome works again! And I've performed several Google searches... no hijacked links. And, I haven't had any rogue pop ups!!! Okay, give me a day, let me use the computer for a bit and I'll let you know! :-)

[essexboy]

OK once you are happy then run the following cleanup procedure

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

 Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code: [Select]

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Click Start > Run  and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself.  MBAM can be uninstalled via control panel add/remove along with ERUNT.  But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

SPRING CLEAN
 
Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  Malwarebytes.  Run weekly to keep your system clean
  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update
  

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?
Keep safe  :wave:

[billfiredrake]

Okay, I'm back. First let me say not to worry, everything is alright, I just wanted to give an update. I apologize for not getting back sooner; it wasn't that I'm not appreciative, I've just been incredibly busy over the last week.

The computer works. After a week's worth of use, I've had no problems.

I wanted to thank you all so very much for your help. I'm extremely grateful for all the help you each have provided. Essexboy, I am pretty much indebted to you. Thank you so much for everything you've done to help me out. I know there is no material compensation I can provide to you to show you just how appreciative I am, so I hope my thanks will do.

Thanks again!

[essexboy]

My pleasure - just keep safe now

[Asyn]

You're welcome..!
asyn