Virus Reports

[oBubbleso]

I've been getting help on the general forums, and someone let me know when I got done with the virus steps to post here. I have ran everything and most of them have worked sucessfully, the maleware software and the Avast both said there where files it itself could not remove and I believe it said they where moving. I'm not positive. I hope I post this stuff right

 

[tystanwick]

Hi Bubbles,

In HijackThis put checks next to the following then hit fix all:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

Going by what MBAM and SAS are saying, you have a rootkit that combofix should be able to remove.

Download here:

https://www.techspot.com/downloads/5587-combofix.html
or here:
http://www.forospyware.com/sUBs/ComboFix.exe

When saving combofix to your PC, rename it to 123.com so malware won't disable it. Launch combofix (now titled 123.com), allow it to download and install the Recovery Console if it prompts you. Once the scan starts, DO NOT TOUCH YOUR PC, clicking anywhere while combofix is running is enough to make your system become non-responsive. Be forewarned that combofix will make your desktop dissapear and will also reboot your PC as needed. This is normal.

Once combofix has run, run MBAM again as well as HJT.

Post logs when done please.

 

[Bobbye]

deleting- triple post

 

[Bobbye]

oBubbleso, hold off on the HijackThis logs removals for now. The HJ log doesn't look as full as it should and I suspect that malware might be depressing some entries. Also hold off on Combofix for now.

I have read you post in your original thread https://www.techspot.com/vb/topic130153.html as I wanted to know what the problems were. Several members gave you suggestions to work through. Did you do them? You seem to be stuck on the drivers being and issue, followed by malware. But the only problem I saw there was the lag time when playing WOW.
You made a comment:

I ran some virus software and of course it found some malware as well as some Trojan horses, I removed them with the software, although I'm not if that will actually fix my problem.

So the first thing we need for you to do is run a full system scan with an online scanner: I want you to use Nod32 because frankly, AVG is missing a lot of malware and only reporting on Tracking Cookies,

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

You also mention lag time-again:

Now I almost always lag anywhere even with my graphics low.

and then you add:

I found the drivers in my computer the ones that the computer company used last time in a zip file. I'm not sure how to copy those to a computer or even if I can.

You don't just reinstall drivers- you need to find out if there is a problem with any you have now.

Checking the Drivers in the Device Manager
Click on Start> Run> cmd> type in devmgmt.msc> OK. This will open the Device Manager for you. It will look like this:

Click on the + sign in front of the Display Adapter to expand. Display adapters displays each of the video cards installed and/or detected by Windows.This is your graphics card. You will be looking for:
Exclamation Mark - When a device has a yellow exclamation mark, this is an indication that the device is conflicting with another hardware device.
or
Red X - Indication that the device has been disabled, removed or that Windows is unable to locate the device.

Click on the + sign at Sound, Video and Game Controllers. Do you see any error icons there?
Sound, video and game controllers display the computer sound card, video capture devices, Codecs, and game controllers currently installed. Note: Your video card should be installed under the Display adapters category and not this category.

You then say:

I think we're going to reformat my computer, to make sure all the malware and such are gone and since my hardware's all good I hope that will speed everything up.

I hope you have waited on this. Reformatting should be the last thing you do if nothing else in the troubleshooting shows up.

If there are no errors in the Device Manager and driver updates aren't indicated, the next step you would follow is running the suggested memtest. Although by the numbers you have sufficient RAM, is one of the chips has gone bad, you will run out of RAM-memory- while playing the game

Uninstalling RelevantKnowledge:
One of the main sources of the malware is a site called RelevantKnowledge
Go the the Control Panel> Add/Remove Programs and UNINSTALL entry for Marketscore.RelevantKnowledge.
This Add or Remove Programs entry corresponds to a program that is either malware, installs malware, or is bundled with malware.
RelevantKnowledge is a MarketScore variant that monitors browsing habits and sends unsolicited advertisements. RelevantKnowledge is bundled in many freeware utilities. The related rlvknlg.exe file is a backdoor proxy component.

IF you see the process rlvknlg.exe running in the TaskManager> highlight and End Task
The use Windows explorer to remove the program folder: Right click on Start> Explore> Programs> right click on RelevantKnowledge program folder> Delete
Follow this same procedure if you see Marketscore.

Empty the Recycle Bin when through. Reply back with the new logs.
We will determine further action after I see the results form the AV scan and results of looking for Errors in the Device Manager