Rootkit removal please help I feel like tearing my hair out

[hre2stay]

My antivirus has a rootkit scanner but it finds them but cannot get rid of them as it is hidden. If I delete said file another one pops up. I am running rootkit revealer but even that it seems to hijack.

I am close to banging my head against the screen with this F'ing thing.

I keep getting BSOD IRQL_NOT_LESS_OR_EQUAL. Something like that anyway. Now all my drivers are ok and having done a scan for rootkits have found this "C:\WINDOWS\System32\Drivers\a6dkvma6.SYS";"Hi dden driver";"Object is hidden"

Only thing is if I delete it another one appears and I cannot seem to find it in the system32 file myself for some reason. How can I rid my machine of this thing?

Also my C: drive has turned blue on the my computer screen. Can anyone help?

Also system idle process is constantly on 90 something

[BC_Programmer]

First- is your drive ICON blue, or just the text? If it's just the text it is simply an indicator that the volume is compressed, so no worries with that.

As far as your rootkits, We will leave that to the malware experts- In the meantime, can you run through the guide here- attach the three guides to your post.

[evilfantasy]

What's up with the link to the drugs forum

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[hre2stay]

Sorry about that don't know what happened there here is the 3 logs that you need.


I have done all the things that you required. Hope you guys can help

Here is some more error data

0040 BCP2: 02000000 BCP3: 80000000
BCP4: 00000000 OSver:5_1_2600 SP:3_0 Product 768_1

C:\DOCUME~1User\LOCLS~1\Temp\\WER9990.dir00\Mini021209-02.dmp
C:\DOCUME~1User\LOCLS~1\Temp\\WER9990.dir00\sysdata.xml

Bad_pool

A device driver attempting to corrupt the system has been caught. Faulty driver on kernel stack must be replaced.

ntfs.sys address f747c356 base at f745b000 datestamp 48025be5


HLKM\SECURITY\Policy\Secrets\SAC*
HLKM\SECURITY\Policy\Secrets\SAI*
HLKM\SYSTEM\ControlSet008\Services\sptd\Cfg

and some data that

[attachment deleted by admin]

[evilfantasy]

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O2 - BHO: (no name) - {5315B925-3A4A-3FAF-8535-D826ADB5EE6A} - (no file)
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[hre2stay]

Hi I have done that. Combofix log is attached 

[attachment deleted by admin]

[evilfantasy]

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:files
c:\windows\hpoins06.dat.temp
c:\windows\hpomdl06.dat.temp

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

• Double-click Lop S&D.exe
  
• Choose the language by typing of the corresponding letter and press Enter
• Click OK at the informative window
  
• Type 1, to choose Option 1 (Search) then press Enter
  
• Wait until the end of the scan
• A report will be generated, post the contents of it in your next reply.

A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt

[hre2stay]

Here is the move it log

[attachment deleted by admin]

[hre2stay]

Here you go there is the orter one too

[attachment deleted by admin]

[evilfantasy]

Your going to have to remove the Cracks & Keygens before I can continue helping.

* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:files
C:\DOCUME~1\User\Application Data\Microsoft\Office\Recent\Football Manager 2008 (PC) + crack.LNK
C:\DOCUME~1\User\My Documents\Football Manager 2008 (PC) + crack
C:\DOCUME~1\User\My Documents\Football Manager 2008 (PC) + crack\
C:\DOCUME~1\User\My Documents\LimeWire\Saved\Leftover Crack - Heroin or Suicide.mp3

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

[hre2stay]

I have got rid of all of those I think



[attachment deleted by admin]

[evilfantasy]

Download GMER and save it to your desktop

• Unzip (extract) it to your desktop.
• Disconnect from Internet and close all running programs.
• There is a small chance this application may crash your computer so save any work you have open.
• Double-click gmer.exe to run it.
  
• Let the gmer.sys driver to load if asked.
• If it gives you a warning at program start about rootkit activity and asks if you want to run a scan... click NO
  
• Click the Rootkit tab.
  
• Make sure all the boxes on the right of the screen are checked, EXCEPT for "Show All".
  
• Then click the Scan button. Wait for the scan to finish.
  
• Once done, click the Copy button.
  
• This will copy the results to the clipboard. Open Notepad and press CTRL + V to paste the log, and save it to your desktop.
  
• Add this log to your next reply.

NOTE: If you're having problems with running gmer.exe, try it in Safe Mode. This tool works in Safe Mode whereas many other rootkit revealers do not.

[hre2stay]

It wont let me post the logs it says the are too large

[hre2stay]

Number 1

[attachment deleted by admin]

[hre2stay]

Number 2

[attachment deleted by admin]