Inactive Computer freezes when I run DDS for the 8 steps

[durb17]

Hi I'm new to the boards here and am trying to fix multiple problems on my system. I was trying to complete the 8 steps listed for my first post. Whenever I run the DDS program however, my computer will freeze when the progress bar gets about halfway across. I'm pretty sure I turned off all script blocking programs unless there's one on this system I'm not aware of. Here are the MBAM and GMER logs.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5408

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2010 1:30:41 PM
mbam-log-2010-12-28 (13-30-41).txt

Scan type: Quick scan
Objects scanned: 136354
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-28 13:34:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2040BH rev.0085002A
Running: 5qnqcuvz.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kftcapob.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sdcplh.sys

---- EOF - GMER 1.0.15 ----


PS. Problems I was coming here to correct include the redirect issue that seems to be plaguing a number of people and an issue with all my browsers. They are taking up way too much CPU and Shockwave continues to crash.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[durb17]

Thanks for the help. I ran the scan and it said it didn't detect anything. Here's the log.


2010/12/28 16:02:17.0515 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/28 16:02:17.0515 ================================================================================
2010/12/28 16:02:17.0515 SystemInfo:
2010/12/28 16:02:17.0515
2010/12/28 16:02:17.0515 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/28 16:02:17.0515 Product type: Workstation
2010/12/28 16:02:17.0515 ComputerName: USER-60474A764E
2010/12/28 16:02:17.0515 UserName: Administrator
2010/12/28 16:02:17.0515 Windows directory: C:\WINDOWS
2010/12/28 16:02:17.0515 System windows directory: C:\WINDOWS
2010/12/28 16:02:17.0515 Processor architecture: Intel x86
2010/12/28 16:02:17.0515 Number of processors: 2
2010/12/28 16:02:17.0515 Page size: 0x1000
2010/12/28 16:02:17.0515 Boot type: Normal boot
2010/12/28 16:02:17.0515 ================================================================================
2010/12/28 16:02:18.0093 Initialize success
2010/12/28 16:02:23.0718 ================================================================================
2010/12/28 16:02:23.0718 Scan started
2010/12/28 16:02:23.0718 Mode: Manual;
2010/12/28 16:02:23.0718 ================================================================================
2010/12/28 16:02:24.0734 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/28 16:02:24.0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/28 16:02:24.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/28 16:02:24.0968 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/28 16:02:25.0109 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/28 16:02:25.0375 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/12/28 16:02:25.0437 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/12/28 16:02:25.0531 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/28 16:02:25.0687 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2010/12/28 16:02:25.0734 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/28 16:02:25.0781 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/28 16:02:25.0875 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/28 16:02:25.0921 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/28 16:02:26.0031 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/12/28 16:02:26.0140 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/12/28 16:02:26.0203 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/12/28 16:02:26.0312 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/28 16:02:26.0359 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/28 16:02:26.0437 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2010/12/28 16:02:26.0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/28 16:02:26.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/28 16:02:26.0718 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/28 16:02:26.0765 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/28 16:02:26.0859 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/12/28 16:02:26.0984 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/28 16:02:27.0125 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/28 16:02:27.0421 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/28 16:02:27.0500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/28 16:02:27.0609 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/28 16:02:27.0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/28 16:02:27.0718 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/28 16:02:27.0781 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/28 16:02:27.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/28 16:02:27.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/28 16:02:27.0968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/28 16:02:28.0000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/28 16:02:28.0031 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/28 16:02:28.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/28 16:02:28.0125 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/28 16:02:28.0203 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/28 16:02:28.0281 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/28 16:02:28.0359 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
2010/12/28 16:02:28.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/28 16:02:28.0468 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/28 16:02:28.0671 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2010/12/28 16:02:28.0765 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2010/12/28 16:02:28.0953 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/28 16:02:29.0125 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/28 16:02:29.0531 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/28 16:02:29.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/28 16:02:30.0125 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/28 16:02:30.0234 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/28 16:02:30.0359 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/28 16:02:30.0468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/28 16:02:30.0515 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/28 16:02:30.0609 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/28 16:02:30.0671 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/28 16:02:30.0812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/28 16:02:31.0046 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/28 16:02:31.0140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/28 16:02:31.0281 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/28 16:02:31.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/28 16:02:31.0421 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/28 16:02:31.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/28 16:02:31.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/28 16:02:31.0562 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/28 16:02:31.0656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/28 16:02:31.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/28 16:02:31.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/28 16:02:31.0859 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/28 16:02:32.0000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/28 16:02:32.0078 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/28 16:02:32.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/28 16:02:32.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/28 16:02:32.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/28 16:02:32.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/28 16:02:32.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/28 16:02:32.0781 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/28 16:02:32.0843 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/28 16:02:32.0906 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/28 16:02:33.0015 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/28 16:02:33.0109 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/28 16:02:33.0140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/28 16:02:33.0375 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/12/28 16:02:33.0515 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/28 16:02:33.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/28 16:02:33.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/28 16:02:33.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/28 16:02:33.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/28 16:02:33.0921 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/28 16:02:34.0031 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/28 16:02:34.0125 OMCI (1a30b4e6faabe42ebdfcffff63e72117) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/12/28 16:02:34.0156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/28 16:02:34.0187 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/28 16:02:34.0250 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/28 16:02:34.0312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/28 16:02:34.0437 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/28 16:02:34.0515 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/28 16:02:34.0625 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/12/28 16:02:34.0687 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
2010/12/28 16:02:34.0765 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
2010/12/28 16:02:35.0343 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/28 16:02:35.0406 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/28 16:02:35.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/28 16:02:35.0546 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/28 16:02:36.0031 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/28 16:02:36.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/28 16:02:36.0140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/28 16:02:36.0171 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/28 16:02:36.0203 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/28 16:02:36.0234 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/28 16:02:36.0265 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/28 16:02:36.0343 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/28 16:02:36.0406 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/28 16:02:36.0515 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/12/28 16:02:36.0640 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINDOWS\system32\drivers\sdcplh.sys
2010/12/28 16:02:36.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/28 16:02:36.0812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/28 16:02:36.0859 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/28 16:02:36.0937 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/28 16:02:37.0109 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/28 16:02:37.0171 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/28 16:02:37.0328 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/28 16:02:37.0500 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/12/28 16:02:37.0640 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2010/12/28 16:02:37.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/28 16:02:37.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/28 16:02:37.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/28 16:02:38.0093 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/28 16:02:38.0156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/28 16:02:38.0187 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/28 16:02:38.0234 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/28 16:02:38.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/28 16:02:38.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/28 16:02:38.0828 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/28 16:02:38.0953 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/28 16:02:39.0015 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/28 16:02:39.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/28 16:02:39.0156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/28 16:02:39.0203 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/28 16:02:39.0250 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/28 16:02:39.0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/28 16:02:39.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/28 16:02:39.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/28 16:02:39.0437 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/28 16:02:39.0515 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/28 16:02:39.0625 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/12/28 16:02:39.0750 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/28 16:02:39.0828 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/28 16:02:39.0968 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/28 16:02:40.0046 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/28 16:02:40.0156 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/28 16:02:40.0406 ================================================================================
2010/12/28 16:02:40.0406 Scan finished
2010/12/28 16:02:40.0406 ================================================================================

 

[Broni]

am trying to fix multiple problems on my system

Please, describe your problems.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[durb17]

The main problem I'm having seems to be this redirect virus that causes all browser programs to run very slow. It also will take any search engine searches and direct them to various places, mainly other search engines like Scour.

I've also started experiencing Shockwave crashes, mainly when playing games online, and random pop ups on sites I've visited before with no pop ups.

Lastly, whenever my computer starts up I am informed by Avira that there is a infected program called TR/Crypt.XPACK.Gen that it is unable to do anything about.

Additionally, when I attempted to run combo fix it froze my entire PC up. I had to manually shut it down and restart it. I'm wondering if I have some sort of script blocking software enabled that I am unaware of. I do have the MBRCheck log and have included it below.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75B6000 fltmgr.sys
0xF7588000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7577000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B9000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF749A000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF7482000 atapi.sys
0xF7717000 cercsr6.sys
0xF746A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7458000 sr.sys
0xF741B000 PCTCore.sys
0xF7840000 pctDS.sys
0xF7B3A000 pctEFA.sys
0xF7667000 PxHelp20.sys
0xBA7E9000 KSecDD.sys
0xBA7D6000 WudfPf.sys
0xBA749000 Ntfs.sys
0xBA71C000 NDIS.sys
0xBA702000 Mup.sys
0xBA662000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA6AE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA6AA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB99A1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB998D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9965000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9743000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB971F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA652000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA642000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB9704000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA632000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA6A2000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA622000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA612000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA602000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB96E1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77EF000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7AC0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5F2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA69A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB96CA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7687000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7697000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9619000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7807000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB95BD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79C7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB954B000 \SystemRoot\system32\DRIVERS\update.sys
0xBA5C9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\omci.sys
0xF76D7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA9332000 \SystemRoot\system32\drivers\sthda.sys
0xA930E000 \SystemRoot\system32\drivers\portcls.sys
0xF7567000 \SystemRoot\system32\drivers\drmk.sys
0xA92D4000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xA91DD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xA9127000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xF7817000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7557000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A88000 \SystemRoot\System32\Drivers\Null.SYS
0xF79D5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7767000 \SystemRoot\System32\drivers\vga.sys
0xF79D7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF776F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7777000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA6D2000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8EC6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8E6D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8E47000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8E1F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7537000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA6BA000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA8DFD000 \SystemRoot\System32\drivers\afd.sys
0xF7527000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF7517000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF777F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF7507000 \SystemRoot\System32\drivers\sdcplh.sys
0xA8DD2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8D62000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF74F7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF74E7000 \SystemRoot\System32\Drivers\oz776.sys
0xBA6B6000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xA8D3C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF79DF000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB9611000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xA780B000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA77F3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF798D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB95B1000 \SystemRoot\System32\drivers\Dxapi.sys
0xA911F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA454000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
0xA76C6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA90F7000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA76A2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA769E000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA73F1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA86FE000 \SystemRoot\System32\drivers\aspi32.sys
0xA7169000 \SystemRoot\system32\DRIVERS\srv.sys
0xA72C5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA6CCC000 \SystemRoot\system32\drivers\wdmaud.sys
0xA70C1000 \SystemRoot\system32\drivers\sysaudio.sys
0xA689A000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
628 C:\WINDOWS\system32\smss.exe
688 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
948 C:\WINDOWS\system32\svchost.exe
1024 svchost.exe
1088 C:\WINDOWS\system32\svchost.exe
1136 C:\WINDOWS\system32\svchost.exe
1252 svchost.exe
1296 svchost.exe
1584 C:\WINDOWS\system32\spoolsv.exe
1632 scardsvr.exe
1656 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1692 svchost.exe
1784 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1832 C:\Program Files\Bonjour\mDNSResponder.exe
1924 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1940 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2000 C:\Program Files\Dell\OpenManage\Client\Iap.exe
192 C:\Program Files\Java\jre6\bin\jqs.exe
228 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
284 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
352 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
472 C:\WINDOWS\system32\svchost.exe
496 C:\Program Files\Viewpoint\Common\ViewpointService.exe
556 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1424 wmiprvse.exe
2616 alg.exe
3892 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
3908 C:\WINDOWS\explorer.exe
956 C:\Program Files\Apoint\Apoint.exe
2108 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2316 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2336 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
2356 C:\Program Files\Dell\QuickSet\quickset.exe
2380 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2492 C:\WINDOWS\system32\igfxpers.exe
2828 C:\WINDOWS\system32\igfxsrvc.exe
2868 C:\Program Files\iTunes\iTunesHelper.exe
2912 C:\WINDOWS\system32\hkcmd.exe
2896 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2984 C:\Program Files\Apoint\hidfind.exe
3272 C:\Program Files\Apoint\ApntEx.exe
3496 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
196 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
528 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
1792 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
4088 C:\Program Files\iPod\bin\iPodService.exe
3300 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2568 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3296 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1428 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2736 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1264 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
812 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
996 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3160 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2040BH, Rev: 0085002A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Broni]

when I attempted to run combo fix it froze my entire PC up. I had to manually shut it down and restart it

If, for some reason, Combofix refuses to run, try one of the following:
......
(read in my previous reply).

 

[durb17]

I have tried everything to get Combofix to run except for running it and rkill from safe mode, which I am going to try as soon as I finish this post. Just wanted to update you that my browsers are running even slower now, and my system has crashed a couple times when I am doing nothing more than visiting sites I normally visit with no problem. When the computer crashes it freezes and nothing will respond to commands. Eventually even the mouse will not respond. I mention this because it is the exact way my computer freezes when I run Combofix.

Here also is a log from when I ran rkill. Don't know if you need it or not but it does mention a program I've noticed running a lot as malware (GoogleCrashHandler.exe). Looks like a bit of a nasty one. Here's the log.


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/29/2010 at 14:48:20.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


Rkill completed on 12/29/2010 at 14:48:31.

 

[Broni]

Did you try to run rKill and renamed Combofix from Safe Mode?