[James Brady]

Combos fix says access is denied and sometimes causes BSOD,
Smitfraudfix staqys stagnant at search screen and sometimes causes BSOD,
all done from safemode,
Malwarbytes has been blocking virus attached to scvhost.exe,
Spybot s&d can remove virus but virus returns.
AVG free won't install, unsure why.
Comodo Firewall Pro hasn't seemed to notice the errant process yet.

Downoading VIPRERescue but skeptical,
Should I get hijackthis for log file, or what?

Any assistance is appriciated.
-James

[Advertisements]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• In the custom scan box paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90

• Push the button.
• A report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

[myrti]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• In the custom scan box paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90

• Push the button.
• A report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

[James Brady]

Ahh, nice to meet you myrti, I am James. I haven't actually had too many problems with the virus lately except that it won't go away. Here is the OTL file in an attachment.  OTL.Txt   212.73KB   144 downloads

[myrti]

Heya,

nice to meet you too

Please run a scan with gmer too:
Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

I'm pretty sure you've caught something more than "just smitfraud". Gmer should show us that.

regards myrti

[James Brady]

It won't upload the gmer.log file because it doesn't take up any space "0 kb", I guess it didn't detect anything.

[myrti]

Hi,

what did it show in the main window? Nothing?

regards myrti

[James Brady]

Correct, it showed nothing.

Also, I swear something popped up when I first tried to scan, but my computer tried to fall asleep, and when I pushed the space bar to revive it, it turned out to be the button to cancel the scan.

[myrti]

Hi,

could you please disable all your anti virus software and try to run another scan with gmer. If it remains emtpy, there's no need to post the log, but if it isn't please post.

(Also check if that popup reappears)

regards myrti

[James Brady]

holy smokes... talk about a difference after a restart...
here ya go.

Attached Files

•  gmer.log   26.84KB   156 downloads

[myrti]

Hi,

well the thing is, even though it's not emtpy it's still clean. Did you run anything between the OTL log and gmer to remove some malware?

Could you please rerun a scan with OTL?

regards myrti

[James Brady]

Hello, I don't beieve I did anything between the two scans, I could use spybot to see if the virus is still popping up if you want.

Here's the OTL fie.

Attached Files

•  OTL.Txt   231.24KB   133 downloads

[myrti]

Hi,

no need. Please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
  Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
  
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingc...to-use-combofix

[James Brady]

First run:
-got the blue screen of death.

Second try "in safe mode":
-said Comodo firewall scanner was interfering, even though I'm sure it was off.
-proceeded to show a blank blue screen which I closed to cancel until Comodo was uninstalled.

-restarts computer-
-boots up normally to use windows uninstaller-
-uninstalls Comodo-
-reboot required-
-starts up normally-

Third Try:
-Blue screen of death-

Forth Try "safemode again":
-blue screen of death-

It was always on the same task in the program before the bsod, I tried to capture the screen before the crash but it was too fast.
It said something like "extract to "c/337...etc""

[myrti]

Hi,

that's a very odd time to crash. This was in the grey & black window with the green writing, yes? Not in the blue one?

regards myrti

[James Brady]

Correct, in fact, here's a picture of what it looks like before it crashes, I used my camera.