PC Infected with malwares ... Please help

Hi.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Dear Sneakyone,

Since from last instruction

# Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

My question
Do I close Dr. Web CureIt or not? (When I run ESET Online Scanner)

Regards,
SV

Yes please close it.

Dear Sneakyone,
I finished scanning my PC with ESET Online Scanner and the log file is below:
Regards,
SV
***

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.3264 (xpsp.071130-1425)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=547413f90892a744bdd0c1ef90c79633
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-27 12:55:36
# local_time=2010-07-27 07:55:36 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3, v.3264
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88973
# found=10
# cleaned=10
# scan_time=1512
C:\Program Files\AskTBar\bar\3.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Registry Easy\RegEasyCleaner.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Registry Easy\RegEasyCleanerUpdate.exe Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\D\AutoRun.inf.vir Win32/AutoRun.VB.QH worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2EC1658-917B-4601-B516-30ED508C78FF}\RP18\A0017291.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2EC1658-917B-4601-B516-30ED508C78FF}\RP18\A0017292.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2EC1658-917B-4601-B516-30ED508C78FF}\RP18\A0017293.exe Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\include\ident.txt IRC/Zapchast.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\include\mirc.ini IRC/Zapchast.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\include\updater.ini IRC/Tedeto.A worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Hi.

Could you please try to install Malwarebytes now?

Sneakyone wrote:

Hi.

Could you please try to install Malwarebytes now?

Dear Sneakyone,

I did (installing Malwarebytes) as you told me to .... but still same error(s) as before



Please instruct me what to do next ..

Regards,
SV

1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

Dear Sneakyone,

I followed your instruction very closely

1) I uninstalled Anti_Malwarebytes
2) Reboot my PC
3) Downloaded mbam-clean.exe & run it
4) Restarted the PC again, downloaded the latest Anti_Malwarebytes (from your link)

Result: The same error(s) show up as I reported before .

Hi.

Please follow the instructions on Section A Issue 15.

http://forums.malwarebytes.org/index.php?showtopic=10138

Hi Sneakyone,
After installing Microsoft Visual Basic 6.0 Common Controls , it asked for a restart, then I got into this BSOD ... and this message.

STOP: c000021a {Fatal System Error}
The Window Logon Process system process terminated unexpectedly with a status of 0x00000135 (0x00000000 0x00000000).
The system has been shut down."

I tried .. Windows in safe mode => same BSOD => Stuck???

I am on differrent PC to report to you here and do not know what to do next (with the dead PC)???

Any advice would be greatly appreciated .

Regards,
SV

Hi.

Please start up the computer, tap F8, then choose Last Known Good Configuration, then it should boot up.

After that, please system restore back to before you installed the thing that caused the BSOD then we will start from there.

Please tell me how this process goes.

Sneakyone wrote:

Hi.

Please start up the computer, tap F8, then choose Last Known Good Configuration, then it should boot up.

After that, please system restore back to before you installed the thing that caused the BSOD then we will start from there.

Please tell me how this process goes.

Hi Sneakyone,

I tried ..
Last Known Good Configuration
Safe mode
...
All go into BSOD mode

Regards,
SV

Hi.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Step 1: you need to get the appropriate burning software for this task.

Download ISOBurner

• This will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic.
  
• See the instructions page for more info.

Step 2: download the OTLPE REATOGO Windows Recovery Environment.

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  
• When downloaded double click and this will then open ISOBurner to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
    
  • Press Run Scan to start the scan.
    
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    
  • Copy this file to your USB drive if you do not have internet connection on this system
    
  • Please post the contents of the OTL.txt file in your reply.

Dear Sneakyone,

Since I need my PC for working and the BSOD problem totally prevents me to use the PC => I could not wait, I used my pretty old back up (Acronis method) to restore, and of course, I lost some of my data as new application programs, some of my works ...etc.... But my computer seems working ok now...

I really appreciated your guidance (I have learned a lot from you) and your time spending to help me and others.

I wish you all the best.

Best regards,
SV

PS: All the best wishes to the staffs of GeekPolice as well. You guys have done an exellent job in helping others.

Hi.

Thanks for the nice comments, you're welcome, glad to help.