Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
Malware Removal Instructions
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
by sketch lagit » July 29th, 2011, 12:45 am
not found:
C:\Windows\System32\drivers\iaStor.sys
C:\Windows\System32\drivers\iaStorV.sys
C:\Windows\System32\drivers\nvraid.sys
C:\Windows\System32\drivers\nvstor.sys
sketch lagit
Regular Member
Posts: 32Joined: July 16th, 2011, 9:53 pm
by Gary R » July 29th, 2011, 2:28 am
OK, I think we should remove the following files and folders ....
Double click OTL.exe to launch the programme. Copy/Paste the contents of the code box below into the Custom Scans/Fixes box. Code: Select all :Files
C:\version
C:\ml-20110714032055.xml
C:\Windows\SysWow64\wrLZMA.dll
C:\Windows\system32\wrLZMA.dll
C:\CD3rdPartyWrapper.log
C:\lv.log
ipconfig /flushdns /c
:Commands
[emptytemp]
[emptyflash]
[resethosts] Click the Run Fix button. OTL will now process the instructions. When finished a box will open asking you to open the fix log, click OK . The fix log will open. Copy/Paste the log in your next reply please. Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
To see the driver files I asked you to scan, you'll need to do the following, sorry my fault I should have told you to do this earlier .....
Click Start > Control Panel > Appearance and personalization Under Folder Options click on Show hidden files and folders A Folder Options window will openClick the show hidden files, folders and drives button. scroll down and uncheck hide extensions for known file types scroll down and uncheck hide protected operating system files (recommended) Click Yes when prompted. Click OK and exit the Folder Options window. C:\Windows\System32\drivers\iaStor.sys C:\Windows\System32\drivers\iaStorV.sys C:\Windows\System32\drivers\nvraid.sys C:\Windows\System32\drivers\nvstor.sys
Browse to the first file in the quote box above. Click Send/Submit , and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes. After a while, a window will open, with details of what the scans found. Note details of any viruses found .Repeat for all files on the list, and post me the details please .
Gary R
Administrator
Posts: 25903Joined: June 28th, 2005, 11:36 amLocation: Yorkshire
by sketch lagit » July 30th, 2011, 12:06 pm
All processes killed ========== FILES ========== C:\version moved successfully. C:\ml-20110714032055.xml moved successfully. File move failed. C:\Windows\SysWow64\wrLZMA.dll scheduled to be moved on reboot. File move failed. C:\Windows\system32\wrLZMA.dll scheduled to be moved on reboot. C:\CD3rdPartyWrapper.log moved successfully. C:\lv.log moved successfully.< ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Dakota\Downloads\cmd.bat deleted successfully. C:\Users\Dakota\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Dakota ->Temp folder emptied: 6997396627 bytes ->Temporary Internet Files folder emptied: 2326618 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 242677918 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 7706 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17440 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 6,907.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Dakota ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.26.1 log created on 07302011_003519 Files\Folders moved on Reboot... File move failed. C:\Windows\SysWow64\wrLZMA.dll scheduled to be moved on reboot. File move failed. C:\Windows\system32\wrLZMA.dll scheduled to be moved on reboot. C:\Users\Dakota\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
sketch lagit
Regular Member
Posts: 32Joined: July 16th, 2011, 9:53 pm
by sketch lagit » July 30th, 2011, 12:13 pm
none of the files where found
sketch lagit
Regular Member
Posts: 32Joined: July 16th, 2011, 9:53 pm
by Gary R » July 30th, 2011, 4:02 pm
It's not clear whether the two
wrLZMA.dll files were successfully removed.
Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: Code: Select all :filefind
wrLZMA.dll Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled
SystemLook.txt No idea why you're unable to see the driver files I asked you to scan at VT or Jotti's, OTL clearly sees them.
Download aswMBR.exe to your desktop. Double click aswMBR.exe to run it Click the SCAN button to start the scan. On completion of the scan click SAVE LOG and save it to your desktop. Post the log contents in your next reply please. DO NOT ATTEMPT TO FIX ANYTHING ASWMBR MAY FIND
Gary R
Administrator
Posts: 25903Joined: June 28th, 2005, 11:36 amLocation: Yorkshire
by sketch lagit » July 31st, 2011, 1:39 am
SystemLook 04.09.10 by jpshortstuff Log created at 23:35 on 30/07/2011 by Dakota Administrator - Elevation successful ========== filefind ========== Searching for "wrLZMA.dll" C:\Windows\SysWOW64\wrLZMA.dll --a---- 30424 bytes [05:01 02/11/2010] [02:44 08/12/2010] (Unable to calculate MD5) -= EOF =-
sketch lagit
Regular Member
Posts: 32Joined: July 16th, 2011, 9:53 pm
by sketch lagit » July 31st, 2011, 1:45 am
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software Run date: 2011-07-30 23:43:50 ----------------------------- 23:43:50.861 OS Version: Windows x64 6.1.7600 23:43:50.861 Number of processors: 2 586 0x170A 23:43:50.862 ComputerName: DAKOTA-VAIO UserName: Dakota 23:43:51.919 Initialize success 23:44:25.932 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 23:44:25.936 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3 23:44:25.941 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006a 23:44:25.945 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0 23:44:25.948 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006b 23:44:25.952 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0 23:44:25.955 Disk 0 MBR read error 0 23:44:25.960 Disk 0 MBR scan 23:44:25.964 Disk 0 unknown MBR code 23:44:25.968 MBR BIOS signature not found 0 23:44:25.972 Service scanning 23:44:26.811 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 23:44:27.423 Modules scanning 23:44:27.431 Disk 0 trace - called modules: 23:44:27.488 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll 23:44:27.499 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c3d060] 23:44:27.509 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004711e40] 23:44:27.519 5 ACPI.sys[fffff88000ee8781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004710050] 23:44:27.530 Scan finished successfully 23:45:12.346 Disk 0 MBR has been saved successfully to "C:\Users\Dakota\Downloads\MBR.dat" 23:45:12.352 The log file has been saved successfully to "C:\Users\Dakota\Downloads\girk.txt"
sketch lagit
Regular Member
Posts: 32Joined: July 16th, 2011, 9:53 pm
by Gary R » July 31st, 2011, 9:37 am
If you still have Combofix on your machine, please run it using the instructions below, if not download a new copy from .....
Link 1 Link 2 Click Start > Run type Notepad click OK . This will open an empty Notepad file. Copy/Paste the contents of the box below into Notepad.Code: Select all Rootkit::
C:\Windows\SysWOW64\wrLZMA.dll
Click Format and ensure Wordwrap is unchecked. Save as CFScript.txt to your Desktop. Refering to the picture above, drag
CFScript.txt into
ComboFix.exe Combofix will now process that file.
When finished, it will produce a log for you.
Post that log in your next reply please. (it can also be found at
C:\Combofix.txt )
How's your computer behaving now ?
Gary R
Administrator
Posts: 25903Joined: June 28th, 2005, 11:36 amLocation: Yorkshire
by Gary R » August 4th, 2011, 12:50 pm
Due to lack of response, this topic is now closed. If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
Gary R
Administrator
Posts: 25903Joined: June 28th, 2005, 11:36 amLocation: Yorkshire
Need help with RAT virus removal
by BigFamily » June 21st, 2019, 12:51 am
in Infected? Virus, malware, adware, ransomware, oh my!
3
45925
by Gary R
June 28th, 2019, 12:52 pm
Virus removal - HELP!!
by JRCC07+ » October 30th, 2018, 11:45 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
38663
by pgmigg
October 30th, 2018, 12:28 pm
Coinminer Trojan infected the pc
by Positive_Eases » January 4th, 2020, 2:17 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
50370
by Gary R
January 4th, 2020, 11:33 am
Trojan, not sure which one, MB is popping up every minute
by bfvmg » November 2nd, 2022, 2:36 pm
in Infected? Virus, malware, adware, ransomware, oh my!
3
28333
by Gary R
November 3rd, 2022, 1:20 pm
Coin miner Trojan infected the PC
by Positive_Eases » January 4th, 2020, 1:58 pm
in Infected? Virus, malware, adware, ransomware, oh my!
1
50249
by Gary R
January 6th, 2020, 2:07 am
Trojan: HTML/FakeAlert found on my PC, what other nasties?
by six-h » March 12th, 2019, 12:35 pm
in Infected? Virus, malware, adware, ransomware, oh my!
14
31995
by pgmigg
March 13th, 2019, 9:46 am
Trojan/ Unable to Reset or Reinstall windows/ BlueScreen
by Stefan_Crb03 » May 17th, 2023, 3:45 pm
in Infected? Virus, malware, adware, ransomware, oh my!
3
31146
by Gary R
May 25th, 2023, 10:14 am
Return to Infected? Virus, malware, adware, ransomware, oh my!
Who is online
Users browsing this forum: No registered users and 179 guests
Contact us: forum@malwareremoval.com
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware