Good day my friends. I am experiencing a serious problem. someone already posted a thread like this but I can't seem to reply. the virus is very powerful since it disables all my malware remover files and even my advanced system care 5. My avira premium security suite did not work well. I tried Avast for a change and it's a failure. Now, I tried kaspersky and still nothing is going on. I also tried malwarebytes but during scanning, It detects the virus and malwarebytes closes. If you click it again, the application can no longer be started. I tried HiJackThis and also crashed the first time. I uninstalled the app and installed it again. The second time, It worked and I got a log

[HJT log removed by Broni]


as you can see above

Running processes:
C:\WINDOWS\2183607450:1707858045.exe

That file is the virus. I can't stop it using end task in task manager.
I really need help. When I play online games like ragnarok... The game crashes and every application that I could click cannot be clicked. It results to forcibly shut down the computer. I need to click the AVR to turn it off since I could not do anything and turn the computer on again. I am really disappointed since my computer is broken and I would really appreciate help from anyone.

Welcome aboard

Please, complete all steps listed here: HERE

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Hi. I am now downloading all the files needed.

I'm having problem with GMER. I can't download. The link is broken

Here is the text log from Malware bytes... Will post GMER soon after PC restart


Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8039

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/29/2011 9:28:22 PM
mbam-log-2011-10-29 (21-28-22).txt

Scan type: Quick scan
Objects scanned: 152083
Time elapsed: 12 minute(s), 22 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\WINDOWS\2183607450:1707858045.exe (Backdoor.0Access) -> 1432 -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent.Gen) -> Value: Shell -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\2183607450:1707858045.exe (Backdoor.0Access) -> Quarantined and deleted successfully.

From GMER

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2011-10-29 21:51:45
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 Maxtor_2B020H1 rev.WAH21PB0
Running: 36u0omcp.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\axrdqfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEFC34D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEFC34BC5]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEFC8C9A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:424] EFF163E0
Thread System [4:428] 8205A8C5

---- EOF - GMER 1.0.15 ----

It's awefully late I need to sleep now and GMER still does not function properly. I did not receive an error after the automatic scan. So, when I press scan, It scans and later restarts my computer. I tried to uncheck Devices It scans and when I see a rootkit warning window and clicked OK. The system crashes. I could not save the file and there is nothing I could do but to force shut down the computer and turn it on again. I tried it on safe mode. when I press save, it also crashes. What should I do with GMER?

You just posted GMER log.
Go on with other steps.

Here is aswMBR log. I cant believe the GMER that I post was correct? The GMER log I posted was the automatic scan log after I double click...

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-30 09:19:42
-----------------------------
09:19:42.671 OS Version: Windows 5.1.2600 Service Pack 2
09:19:42.671 Number of processors: 1 586 0x102
09:19:42.671 ComputerName: USER-3AA5C54738 UserName: Administrator
09:19:44.015 Initialize success
09:19:45.281 AVAST engine defs: 11102901
09:19:48.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
09:19:48.187 Disk 0 Vendor: Maxtor_2B020H1 WAH21PB0 Size: 19092MB BusType: 3
09:19:50.281 Disk 0 MBR read successfully
09:19:50.281 Disk 0 MBR scan
09:19:51.562 Disk 0 Windows XP default MBR code
09:19:51.593 Disk 0 scanning sectors +39085200
09:19:55.437 Disk 0 scanning C:\WINDOWS\system32\drivers
09:20:33.500 Service scanning
09:20:35.015 Modules scanning
09:20:52.000 Disk 0 trace - called modules:
09:20:52.031 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:20:52.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823ab9c0]
09:20:52.031 3 CLASSPNP.SYS[f858305b] -> nt!IofCallDriver -> \Device\00000061[0x82361f18]
09:20:52.562 5 ACPI.sys[f84f9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x823937f8]
09:20:56.781 AVAST engine scan C:\WINDOWS
09:20:57.312 File: C:\WINDOWS\2183607450:1707858045.exe **INFECTED** Win32:Tiny-AMB [Rtk]
0908.156 AVAST engine scan C:\WINDOWS\system32
09:28:45.546 File: C:\WINDOWS\system32\wuauclt.exe **INFECTED** Win32:Patched-WQ [Trj]
09:28:53.859 AVAST engine scan C:\WINDOWS\system32\drivers
09:29:10.187 AVAST engine scan C:\Documents and Settings\Administrator
09:30:10.406 File: C:\Documents and Settings\Administrator\Local Settings\Application Data\9a342782\U\80000000.@ **INFECTED** Win32:Malware-gen
09:30:10.953 File: C:\Documents and Settings\Administrator\Local Settings\Application Data\9a342782\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
09:30:11.125 File: C:\Documents and Settings\Administrator\Local Settings\Application Data\9a342782\X **INFECTED** Win32:Sirefef-CK [Trj]
09:33:47.531 AVAST engine scan C:\Documents and Settings\All Users
09:34:36.703 Scan finished successfully
09:36:17.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
09:36:17.375 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Go on.....