Should I run RKill ?

Rkill is only something we request when a person is having difficulty getting any executable programs to run. So you only need to run it first to help get started if that is your problem. Otherwise, just complete the instructions in the below:

READ & RUN ME FIRST. Malware Removal Guide

 

As stated in the READ & RUN ME, you need to attempt running all the scans ( that includes MGtools ) and then attach the logs for whatever you can run. Also you should try running scans in safe mode if normal boot mode does not work.

Also run the below.


Download TDSSKiller from Kaspersky to your directly onto your Desktop

• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
• If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).
  • If you do not see the file extension, please refer to: How to view hidden, system files & folders!
• Allow the application to run if prompted by Windows or any security programs you have installed
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

 

You need to run TDSSKiller as requested in my last message and attach the log.

Also attach the below logs from SUPERAntiSpyware and Malwarebytes

Code:

"C:\Users\jaina_lotr\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
Apr 23 2011  9349 "SUPERAntiSpyware Scan Log - 04-23-2011 - 00-20-55.log"
Apr 24 2011 25114 "SUPERAntiSpyware Scan Log - 04-24-2011 - 18-01-23.log"

"C:\Users\jaina_lotr\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
Apr 11 2011  1109 "mbam-log-2011-04-11 (20-06-54).txt"
Apr  8 2009 38416 "mbam-log-2009-04-08 (00-56-09).txt"
Apr 22 2011   911 "mbam-log-2011-04-22 (23-12-01).txt"

 

I suggest that you post in the Software Forum about this. It is likely related to some video codecs for something that was installed. If you figure out what the program is, you may be able to just uninstall it.

What is the below program for and do you know that it is safe?

O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe



Now let's flush the Java Cache

• Click Start > Settings > Control Panel
• Double click the Java icon (be patient, it may take a while to open)
• Now click the General tab and under the Temporary Internet File area
• Click the Settings button and then click the Delete Files... button.
• In the next popup click OK.

If you have multiple Java plugin icons in Control Panel follow the above to clear all their caches.


Now let's flush the Internet Explorer Cache

To flush your Internet Explorer Cache:

• click Tools
• Internet Options
• Now on the General tab and click Delete Files and select Delete all Offline content too
• Click OK.
• When it finishes Click OK.

Now run Ccleaner!


Uninstall the below software:
Browser Address Error Redirector
Java(TM) SE Runtime Environment 6



Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up because you recieve the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Users\jaina_lotr\AppData\Local\Temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!