also @ TechSpot: Blizzard talks Diablo 3 facts, nerfing and buffs for legendary items

TechSpot

[Inactive] Computer freezes when I run DDS for the 8 steps

Discussion in 'Virus and Malware Removal' started by durb17, Dec 28, 2010.

Thread Status:
Not open for further replies.

  1. durb17 Newcomer, in training

    Hi I'm new to the boards here and am trying to fix multiple problems on my system. I was trying to complete the 8 steps listed for my first post. Whenever I run the DDS program however, my computer will freeze when the progress bar gets about halfway across. I'm pretty sure I turned off all script blocking programs unless there's one on this system I'm not aware of. Here are the MBAM and GMER logs.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5408

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/28/2010 1:30:41 PM
    mbam-log-2010-12-28 (13-30-41).txt

    Scan type: Quick scan
    Objects scanned: 136354
    Time elapsed: 5 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-28 13:34:04
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2040BH rev.0085002A
    Running: 5qnqcuvz.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kftcapob.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sys
    Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys
    Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sdcplh.sys

    ---- EOF - GMER 1.0.15 ----


    PS. Problems I was coming here to correct include the redirect issue that seems to be plaguing a number of people and an issue with all my browsers. They are taking up way too much CPU and Shockwave continues to crash.
    durb17, Dec 28, 2010
    #1

  2. Broni Malware Annihilator

    Welcome aboard [IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
    Broni, Dec 28, 2010
    #2

  3. durb17 Newcomer, in training

    Thanks for the help. I ran the scan and it said it didn't detect anything. Here's the log.


    2010/12/28 16:02:17.0515 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2010/12/28 16:02:17.0515 ================================================================================
    2010/12/28 16:02:17.0515 SystemInfo:
    2010/12/28 16:02:17.0515
    2010/12/28 16:02:17.0515 OS Version: 5.1.2600 ServicePack: 3.0
    2010/12/28 16:02:17.0515 Product type: Workstation
    2010/12/28 16:02:17.0515 ComputerName: USER-60474A764E
    2010/12/28 16:02:17.0515 UserName: Administrator
    2010/12/28 16:02:17.0515 Windows directory: C:\WINDOWS
    2010/12/28 16:02:17.0515 System windows directory: C:\WINDOWS
    2010/12/28 16:02:17.0515 Processor architecture: Intel x86
    2010/12/28 16:02:17.0515 Number of processors: 2
    2010/12/28 16:02:17.0515 Page size: 0x1000
    2010/12/28 16:02:17.0515 Boot type: Normal boot
    2010/12/28 16:02:17.0515 ================================================================================
    2010/12/28 16:02:18.0093 Initialize success
    2010/12/28 16:02:23.0718 ================================================================================
    2010/12/28 16:02:23.0718 Scan started
    2010/12/28 16:02:23.0718 Mode: Manual;
    2010/12/28 16:02:23.0718 ================================================================================
    2010/12/28 16:02:24.0734 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/28 16:02:24.0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/12/28 16:02:24.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/28 16:02:24.0968 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2010/12/28 16:02:25.0109 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/28 16:02:25.0375 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    2010/12/28 16:02:25.0437 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    2010/12/28 16:02:25.0531 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/12/28 16:02:25.0687 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
    2010/12/28 16:02:25.0734 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/28 16:02:25.0781 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/28 16:02:25.0875 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/28 16:02:25.0921 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/28 16:02:26.0031 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2010/12/28 16:02:26.0140 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2010/12/28 16:02:26.0203 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2010/12/28 16:02:26.0312 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2010/12/28 16:02:26.0359 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/28 16:02:26.0437 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    2010/12/28 16:02:26.0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/28 16:02:26.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/28 16:02:26.0718 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/28 16:02:26.0765 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/28 16:02:26.0859 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    2010/12/28 16:02:26.0984 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/12/28 16:02:27.0125 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/12/28 16:02:27.0421 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/28 16:02:27.0500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/28 16:02:27.0609 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/28 16:02:27.0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/28 16:02:27.0718 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/28 16:02:27.0781 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/28 16:02:27.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/28 16:02:27.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/12/28 16:02:27.0968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/28 16:02:28.0000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/12/28 16:02:28.0031 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/12/28 16:02:28.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/28 16:02:28.0125 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/28 16:02:28.0203 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2010/12/28 16:02:28.0281 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/28 16:02:28.0359 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
    2010/12/28 16:02:28.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/12/28 16:02:28.0468 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/12/28 16:02:28.0671 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    2010/12/28 16:02:28.0765 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    2010/12/28 16:02:28.0953 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/28 16:02:29.0125 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/28 16:02:29.0531 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2010/12/28 16:02:29.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/28 16:02:30.0125 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/12/28 16:02:30.0234 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/12/28 16:02:30.0359 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/28 16:02:30.0468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/28 16:02:30.0515 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/28 16:02:30.0609 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/28 16:02:30.0671 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/28 16:02:30.0812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/28 16:02:31.0046 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/28 16:02:31.0140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/12/28 16:02:31.0281 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/28 16:02:31.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/28 16:02:31.0421 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2010/12/28 16:02:31.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/28 16:02:31.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/28 16:02:31.0562 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/28 16:02:31.0656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/12/28 16:02:31.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/28 16:02:31.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/28 16:02:31.0859 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/28 16:02:32.0000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/28 16:02:32.0078 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/28 16:02:32.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/28 16:02:32.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/28 16:02:32.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/28 16:02:32.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/28 16:02:32.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/28 16:02:32.0781 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/28 16:02:32.0843 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/28 16:02:32.0906 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/28 16:02:33.0015 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/28 16:02:33.0109 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/28 16:02:33.0140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/28 16:02:33.0375 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
    2010/12/28 16:02:33.0515 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/12/28 16:02:33.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/28 16:02:33.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/28 16:02:33.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/28 16:02:33.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/28 16:02:33.0921 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/28 16:02:34.0031 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/12/28 16:02:34.0125 OMCI (1a30b4e6faabe42ebdfcffff63e72117) C:\WINDOWS\system32\DRIVERS\omci.sys
    2010/12/28 16:02:34.0156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/12/28 16:02:34.0187 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/28 16:02:34.0250 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/28 16:02:34.0312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/28 16:02:34.0437 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/28 16:02:34.0515 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2010/12/28 16:02:34.0625 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
    2010/12/28 16:02:34.0687 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
    2010/12/28 16:02:34.0765 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
    2010/12/28 16:02:35.0343 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/28 16:02:35.0406 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/28 16:02:35.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/28 16:02:35.0546 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/12/28 16:02:36.0031 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/28 16:02:36.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/28 16:02:36.0140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/28 16:02:36.0171 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/28 16:02:36.0203 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/28 16:02:36.0234 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/28 16:02:36.0265 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/12/28 16:02:36.0343 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/28 16:02:36.0406 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/28 16:02:36.0515 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2010/12/28 16:02:36.0640 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINDOWS\system32\drivers\sdcplh.sys
    2010/12/28 16:02:36.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/28 16:02:36.0812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/12/28 16:02:36.0859 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/12/28 16:02:36.0937 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/28 16:02:37.0109 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/28 16:02:37.0171 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/28 16:02:37.0328 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/28 16:02:37.0500 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2010/12/28 16:02:37.0640 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
    2010/12/28 16:02:37.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/28 16:02:37.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/28 16:02:37.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/28 16:02:38.0093 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/28 16:02:38.0156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/28 16:02:38.0187 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/28 16:02:38.0234 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/28 16:02:38.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/28 16:02:38.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/12/28 16:02:38.0828 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/12/28 16:02:38.0953 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/12/28 16:02:39.0015 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/28 16:02:39.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/28 16:02:39.0156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/12/28 16:02:39.0203 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/12/28 16:02:39.0250 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/28 16:02:39.0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/12/28 16:02:39.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/28 16:02:39.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/28 16:02:39.0437 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/28 16:02:39.0515 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/28 16:02:39.0625 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    2010/12/28 16:02:39.0750 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2010/12/28 16:02:39.0828 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2010/12/28 16:02:39.0968 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2010/12/28 16:02:40.0046 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/12/28 16:02:40.0156 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/12/28 16:02:40.0406 ================================================================================
    2010/12/28 16:02:40.0406 Scan finished
    2010/12/28 16:02:40.0406 ================================================================================
    durb17, Dec 28, 2010
    #3

  4. Broni Malware Annihilator

    Please, describe your problems.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Broni, Dec 28, 2010
    #4

  5. durb17 Newcomer, in training

    The main problem I'm having seems to be this redirect virus that causes all browser programs to run very slow. It also will take any search engine searches and direct them to various places, mainly other search engines like Scour.

    I've also started experiencing Shockwave crashes, mainly when playing games online, and random pop ups on sites I've visited before with no pop ups.

    Lastly, whenever my computer starts up I am informed by Avira that there is a infected program called TR/Crypt.XPACK.Gen that it is unable to do anything about.

    Additionally, when I attempted to run combo fix it froze my entire PC up. I had to manually shut it down and restart it. I'm wondering if I have some sort of script blocking software enabled that I am unaware of. I do have the MBRCheck log and have included it below.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 137):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75B6000 fltmgr.sys
    0xF7588000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7577000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7607000 ohci1394.sys
    0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF789B000 compbatt.sys
    0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF74B9000 pcmcia.sys
    0xF7627000 MountMgr.sys
    0xF749A000 ftdisk.sys
    0xF770F000 PartMgr.sys
    0xF7637000 VolSnap.sys
    0xF7482000 atapi.sys
    0xF7717000 cercsr6.sys
    0xF746A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xF7647000 disk.sys
    0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7458000 sr.sys
    0xF741B000 PCTCore.sys
    0xF7840000 pctDS.sys
    0xF7B3A000 pctEFA.sys
    0xF7667000 PxHelp20.sys
    0xBA7E9000 KSecDD.sys
    0xBA7D6000 WudfPf.sys
    0xBA749000 Ntfs.sys
    0xBA71C000 NDIS.sys
    0xBA702000 Mup.sys
    0xBA662000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA6AE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xBA6AA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xB99A1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xB998D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB9965000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB9743000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
    0xF77C7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB971F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF77CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA652000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA642000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB9704000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xF77DF000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF77E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA632000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA6A2000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA622000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA612000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA602000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB96E1000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF77EF000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF7AC0000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA5F2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA69A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB96CA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7687000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7697000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF77F7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB9619000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF76A7000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77FF000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7807000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB95BD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF76B7000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79C7000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB954B000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA5C9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF76C7000 \SystemRoot\system32\DRIVERS\omci.sys
    0xF76D7000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA9332000 \SystemRoot\system32\drivers\sthda.sys
    0xA930E000 \SystemRoot\system32\drivers\portcls.sys
    0xF7567000 \SystemRoot\system32\drivers\drmk.sys
    0xA92D4000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0xA91DD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0xA9127000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0xF7817000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF7557000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF79D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7A88000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79D5000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7767000 \SystemRoot\System32\drivers\vga.sys
    0xF79D7000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF776F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7777000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA6D2000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA8EC6000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA8E6D000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA8E47000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA8E1F000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF7537000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBA6BA000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xA8DFD000 \SystemRoot\System32\drivers\afd.sys
    0xF7527000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF7517000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF777F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xF7507000 \SystemRoot\System32\drivers\sdcplh.sys
    0xA8DD2000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA8D62000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF74F7000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF74E7000 \SystemRoot\System32\Drivers\oz776.sys
    0xBA6B6000 \SystemRoot\System32\Drivers\SMCLIB.SYS
    0xA8D3C000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF79DF000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xB9611000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    0xA780B000 \SystemRoot\System32\Drivers\Udfs.SYS
    0xA77F3000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF798D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB95B1000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA911F000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA454000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
    0xA76C6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xA90F7000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xA76A2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA769E000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA73F1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA86FE000 \SystemRoot\System32\drivers\aspi32.sys
    0xA7169000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA72C5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA6CCC000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA70C1000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA689A000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 61):
    0 System Idle Process
    4 System
    628 C:\WINDOWS\system32\smss.exe
    688 csrss.exe
    712 C:\WINDOWS\system32\winlogon.exe
    756 C:\WINDOWS\system32\services.exe
    768 C:\WINDOWS\system32\lsass.exe
    948 C:\WINDOWS\system32\svchost.exe
    1024 svchost.exe
    1088 C:\WINDOWS\system32\svchost.exe
    1136 C:\WINDOWS\system32\svchost.exe
    1252 svchost.exe
    1296 svchost.exe
    1584 C:\WINDOWS\system32\spoolsv.exe
    1632 scardsvr.exe
    1656 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1692 svchost.exe
    1784 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1832 C:\Program Files\Bonjour\mDNSResponder.exe
    1924 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1940 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2000 C:\Program Files\Dell\OpenManage\Client\Iap.exe
    192 C:\Program Files\Java\jre6\bin\jqs.exe
    228 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    284 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    352 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    472 C:\WINDOWS\system32\svchost.exe
    496 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    556 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    1424 wmiprvse.exe
    2616 alg.exe
    3892 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    3908 C:\WINDOWS\explorer.exe
    956 C:\Program Files\Apoint\Apoint.exe
    2108 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    2316 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    2336 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    2356 C:\Program Files\Dell\QuickSet\quickset.exe
    2380 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2492 C:\WINDOWS\system32\igfxpers.exe
    2828 C:\WINDOWS\system32\igfxsrvc.exe
    2868 C:\Program Files\iTunes\iTunesHelper.exe
    2912 C:\WINDOWS\system32\hkcmd.exe
    2896 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2984 C:\Program Files\Apoint\hidfind.exe
    3272 C:\Program Files\Apoint\ApntEx.exe
    3496 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    196 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    528 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    1792 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    4088 C:\Program Files\iPod\bin\iPodService.exe
    3300 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2568 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3296 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    1428 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    2736 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    1264 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    812 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    996 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3160 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHV2040BH, Rev: 0085002A

    Size Device Name MBR Status
    --------------------------------------------
    37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
    durb17, Dec 28, 2010
    #5

  6. Broni Malware Annihilator

    If, for some reason, Combofix refuses to run, try one of the following:
    ......
    (read in my previous reply).
    Broni, Dec 28, 2010
    #6

  7. durb17 Newcomer, in training

    I have tried everything to get Combofix to run except for running it and rkill from safe mode, which I am going to try as soon as I finish this post. Just wanted to update you that my browsers are running even slower now, and my system has crashed a couple times when I am doing nothing more than visiting sites I normally visit with no problem. When the computer crashes it freezes and nothing will respond to commands. Eventually even the mouse will not respond. I mention this because it is the exact way my computer freezes when I run Combofix.

    Here also is a log from when I ran rkill. Don't know if you need it or not but it does mention a program I've noticed running a lot as malware (GoogleCrashHandler.exe). Looks like a bit of a nasty one. Here's the log.


    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 12/29/2010 at 14:48:20.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


    Rkill completed on 12/29/2010 at 14:48:31.
    durb17, Dec 29, 2010
    #7

  8. Broni Malware Annihilator

    Did you try to run rKill and renamed Combofix from Safe Mode?
    Broni, Dec 29, 2010
    #8
Thread Status:
Not open for further replies.