Internet Security 2010 virus and Other strange problems with my PC

Hey Everyone.

I just found this forum and it looks like it's a great place to fix a lot of pc problems that I seem to be having. I already read and followed the "Cleaning your System" FAQ. Let me give you a bit of background on my problems and what I've attempted to do to fix them.

1. About a month ago, Windows said it needed to be re-activated. After I did this, I couldn't see anything in my Device Manager/Hardware section. I also had no sound and couldn't connect to the internet, and I had no programs in the right hand corner of my Taskbar. I discovered that the majority of my services had been disabled under "Control Panel/Administrative Tools/Services" including Plug and Play. I re-enabled most of them, but periodically the same problem re-occurs and I'm guessing it's some Malware.

2. My internet and PC were running really slowly. I thought the internet problem might because I have 5x Network adapters running and my roommate told I should disable all but the one I'm currentely using. I attempted to do that and I got "Not responding" in my Device Manager.

3. Periodically, my IE or FireFox would freeze up and say Not Responding when attempting to log into a forum or email.

4. Suddenly Internet Security 2010 appeared. I think this might be the root of some of my problems. After this happened I couldn't update Malwarebytes Anti-Malware program and I had problems installing AVG 8.5. I ran SuperAntiSpyware, Spybot Search and Destroy and Malware and initially nothing was detected. I then discovered Spyware Doctor and that seemed to find all the malicous programs related to IS2010.
I ran Malwarebytes again it seemed to find most of the Malware files, but it said that there was one stuck in my Rootkit and I had to reboot to remove it. Upon Rebooting, IS2010 showed it's ugly face and Spyware Doctor still detected one program with files related to it.

I decided to search for Free Alternatives before purchasing Spyware Doctor software, and that lead me to these forums to do the System Cleaning Procedure recommended here.

Here are all the logs. At the moment Internet Security appears to be removed for the time being. So I'm hoping I got rid of it.

P.s I couldn't find the SuperAS log. But it found some Adware Tracking cookies that ended with Owner@YieldManager and Pointsroll.txt. I'll try to post them later.

 

Thanks TimW,

I would love to follow these steps, but unfortunately my PC froze up while browsing the internet today. I manually rebooted it by holding down the power button and when it rebooted it got the Windows loading screen, then went black. The PC stays running, but nothing is displayed on the screen after the Windows logo with the loading bar.

I hope this is something I can solve without reformating my Hard Drive.

Also, to answer your other questions.


I don't know what the UDB and IDB Zip files are. Yes, Spyware Doctor is a paid anti-spyware program. I've done some research and it seems legit.

 

Alright Tim,

I typed C:\windows\system32\drivers\atapi.sys and this is the message I recieved

"The volume in Drive C has no label
The volume serial number is ----------

Directory of C:\Windows\system32\drivers\atapi.sys

4/13/08 02:40p -----c-- 96512 atapi.sys
1 file(s) 96512 bytes
240436228096 bytes free."

That is exactly verbatim of the message I got, except the volume serial number, because I wasn't sure if that might be sensitive information or something I wouldn't want to post in a public forum.

Otherwise, I hope that helps. It looks like the file is still there. What should I do next?

 

OKay TimW,

I got my PC to boot up again following your link on How to recover a corrupt registry.

I did everything up to Step 3 and I was able to get it to boot up and it appears to be running as smoothly as it was before.
However, I did NOT do step 4
Part Four
1. Click Start, and then click All Programs.
2. Click Accessories, and then click System Tools.
3. Click System Restore, and then click Restore to a previous RestorePoint.

The only reason I did NOT do this yet is because I have everything running smoothly, and I'm a bit apprehensive about messing things up again.

I also ran FIXMBR and got this message.

**Caution**
"This computer appears to have a non-standard or invalid Master Boot record.
FIXMBR may damage your partition tables if you proceed.
This could cause all the partitions on the current hard disk to become inaccessible.
IF you are not having problems accessing your drive, do not continue.
Are you sure you want to write a new MBR?"

I'm not sure why it's doing that.
Is it because I didn't finish Step 4?
Or the MBR Virus that has infected my system?

 

Okay TimW,

I ran MBR.exe twice following your instructions and I've attached the logs. I also attached the logs of Avenger and MGLogs.

I also wanted to know if I should run the last step of the "recovering from a corrupt registry", which is running a system restore. The only restore point I have is Dec. 26, 2009 which was after this problem started but before I had bootup problems.

Just to update you. I'm able to boot up with no problems. But I still have problems with the internet freezing when I try to log onto forums or websites, and occasionally for no apparent reason at all. I also can't disable my multiple and unnessecary Network Card Hardware in Device Manager. Everytime I do that the Device Manager window shows a "not responding" message.

 

Thanks Chaslang,

I did NOT run the FixMBR command from the Recovery console, because when I attempted to do so, I got this message.

**Caution**
"This computer appears to have a non-standard or invalid Master Boot record.
FIXMBR may damage your partition tables if you proceed.
This could cause all the partitions on the current hard disk to become inaccessible.
IF you are not having problems accessing your drive, do not continue.
Are you sure you want to write a new MBR?"

So, TimW instructed to me run GMER's MBR.exe, but it didn't seem to fix the problem. Thankfully, it appears the PrevX did. I ran the recovery process and when it rebooted it ran the program again and it appears it successfully removed the infection. However, it detected a file called "GtzlCX6pd4.dll.old", which it labeled as a medium Malware threat.
This is a file the was previously detected by MGtools and TimW didn't recognize it, so he instructed me to add the .old extension. So, I'm not sure what to do with that file, but it won't remove it unless I upgrade to the license version. Should I do that? Or remove it manually?

I also downloaded MGtools to my Desktop, then moved it to the C:\ folder, which I'm assuming is what you meant by Root folder.

I've attached the MGtools.zip file.

Anyways, everything seems to be running smoothly. I was able to disable my extra Network Adapters, which I couldn't do before, so that's definitely a good sign!

Thanks again, TimW and Chaslang for your assistance, I'll let you know if I have any more problems.

 

Oopps. I guess the attachment didn't go through the first time.

Here it is.

 

Hey Guys,

I know it's been awhile since I've updated this. It looks like I'm still having a few Malware problems. Spyware Doctor detected 150 infections and 4 threats (which seem to be remnant files of Internet Security 2010). Most of the infections are Adware Advertising and Application tracking cookies.

Previx also detected 6 threats. I don't know how to get logs for either application, but I can list the threats that Previx found.

One is the gtczlx6pd4.dll that I renamed and added the .old extension. It doesn't seem to affect anything, should I just delete it?

A few others seem more serious; There are a few files under Documents and Settings/Help Assistant/local settings/tmp entitled 15, 16 and 19.tmp. When I tried to open one, Previx and Spyware Doctor blocked it, claiming it was a high level threat, some sort of Trojan Mebroot virus!!

I deleted 16.tmp, and it seems to be gone, but I'm not sure if that's the proper method for disposing of them.

Lastly, there is rucabb.dll and dc5.tmp, and all of them are listed as Medium Risk Malware, but I can't delete them unless I buy Previx.

Same with Spyware Doctor. It's $29.99 and seems legit. I'm really tempted to buy it just to finally rid myself of all these infections and the Internet Security Virus