TechSpot

[Not curable - Ramnit] Google Re-direct-having problems, can't download GMER

By Sixx1402
Apr 23, 2011
  1. Broni

    Broni Malware Annihilator Posts: 47,037   +255

  2. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    Hi Broni, ok i've done the repair and i'm back on, i'll need to reinstall programs and drivers, was just going to download the driver for my nvidia card but wasn't sure if it is safe to do so? I'm still getting redirected on internet explorer so where should i go from here?
     
  3. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Good news for Happy Easter :)

    Install all drivers, you need and....we'll have to start all over :(

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  4. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    ok i'm having big trouble with the nvidia card! i've tried to install a driver but it says it can't find the hardware?
     
  5. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    If your display is kind of OK, we may try to go through cleaning steps and then we can worry about your video card.
    Let me know.
     
  6. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    Its ok, i managed to find a driver that worked after much searching! I'm doing the logs for you now, will post when done
     
  7. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Cool beans :)
     
  8. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    Ok, i've done them apart from the GMER log because when i started running it, it went to a blue screen and said it was 'dumping physical memory' so i didn't try it again!

    Malware Log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6422

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    24/04/2011 18:24:25
    mbam-log-2011-04-24 (18-24-25).txt

    Scan type: Quick scan
    Objects scanned: 167301
    Time elapsed: 3 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  9. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    DDS Log:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by User at 18:54:54.39 on 24/04/2011
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1566 [GMT 1:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\User\Desktop\2\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\userinit.ex,c:\program files\khwsfwle\skofparu.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SkyTel] SkyTel.EXE
    mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286537024059
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286537114027
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-23 11608]
    R1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\25973\RapportCerberus_25973.sys [2011-4-13 57144]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-23 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-23 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-23 61960]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-8 54760]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-1-27 233472]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-24 2218600]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-1-27 36608]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-23 135664]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UND.SYS [2010-10-8 117632]
    .
    =============== Created Last 30 ================
    .
    2011-04-24 17:05:35 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
    2011-04-24 17:05:35 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
    2011-04-24 17:05:35 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-04-24 17:05:35 5210112 ----a-w- c:\windows\system32\nvcuda.dll
    2011-04-24 17:05:35 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-04-24 17:05:35 2116894 ----a-w- c:\windows\system32\nvdata.bin
    2011-04-24 17:05:35 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-04-24 17:05:35 2027008 ----a-w- c:\windows\system32\nvapi.dll
    2011-04-24 17:05:35 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-04-24 17:05:35 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-04-24 15:40:27 -------- d-----w- C:\NVIDIA
    2011-04-24 13:20:11 -------- d-----w- c:\program files\khwsfwle
    2011-04-24 13:14:02 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
    2011-04-24 13:14:02 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
    2011-04-24 13:14:01 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2011-04-24 13:14:01 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
    2011-04-24 13:14:01 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
    2011-04-24 13:14:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
    2011-04-24 13:14:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
    2011-04-24 13:14:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
    2011-04-24 13:14:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
    2011-04-24 13:14:00 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
    2011-04-24 13:12:59 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
    2011-04-24 13:11:59 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
    2011-04-24 13:10:12 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2011-04-24 13:10:12 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
    2011-04-24 13:10:02 8192 -c--a-w- c:\windows\system32\dllcache\bitsprx2.dll
    2011-04-24 13:10:02 8192 ----a-w- c:\windows\system32\bitsprx2.dll
    2011-04-24 13:10:02 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx3.dll
    2011-04-24 13:10:02 7168 ----a-w- c:\windows\system32\bitsprx3.dll
    2011-04-24 12:58:16 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-04-24 12:58:16 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-04-24 12:58:15 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-04-24 12:58:15 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-04-24 01:42:53 -------- d-----w- C:\_OTL
    2011-04-23 18:22:04 -------- d-sha-r- C:\cmdcons
    2011-04-23 18:20:24 98816 ----a-w- c:\windows\sed.exe
    2011-04-23 18:20:24 89088 ----a-w- c:\windows\MBR.exe
    2011-04-23 18:20:24 256512 ----a-w- c:\windows\PEV.exe
    2011-04-23 18:20:24 161792 ----a-w- c:\windows\SWREG.exe
    2011-04-23 02:53:29 -------- dc-h--w- c:\windows\ie8
    2011-04-23 02:53:13 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Google
    2011-04-23 00:58:53 -------- d-----w- c:\windows\system32\NtmsData
    2011-04-23 00:57:01 -------- d-----w- c:\docume~1\user\applic~1\Avira
    2011-04-23 00:55:54 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-23 00:55:53 -------- d-----w- c:\program files\Avira
    2011-04-23 00:55:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-04-22 21:30:59 166768 ----a-w- c:\program files\common files\installshield\updateservice\isuspmmgr.exe
    2011-04-22 21:30:59 166768 ----a-w- c:\program files\common files\installshield\updateservice\agentmgr.exe
    2011-04-22 21:23:14 -------- d-----w- c:\program files\VS Revo Group
    2011-04-15 17:17:32 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Trusteer
    2011-04-14 22:04:15 -------- d-----w- c:\program files\Spotify
    2011-04-07 21:15:38 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2011-04-07 21:15:38 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-04-07 21:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2011-04-07 21:15:34 13891176 ----a-w- c:\windows\system32\nvcpl.dll
    2011-04-07 21:15:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-04-07 21:15:32 155752 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-04-07 21:15:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-04-06 11:23:51 -------- d-----w- C:\found.000
    .
    ==================== Find3M ====================
    .
    2011-04-24 17:15:05 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-04-24 17:15:05 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-04-24 17:15:04 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    .
    ============= FINISH: 18:55:26.32 ===============
     
  10. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    DDS Attach Log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/04/2011 14:14:19
    System Uptime: 24/04/2011 18:50:21 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M2VTVM-VM890
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 396.959 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: System Interrupt Controller
    Device ID: PCI\VEN_1106&DEV_5336&SUBSYS_80ED1043&REV_00\3&267A616A&0&05
    Manufacturer:
    Name: System Interrupt Controller
    PNP Device ID: PCI\VEN_1106&DEV_5336&SUBSYS_80ED1043&REV_00\3&267A616A&0&05
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1: 24/04/2011 14:20:19 - System Checkpoint
    RP2: 24/04/2011 17:01:29 - Installed Windows Installer KB893803v2.
    RP3: 24/04/2011 17:25:10 - Installed NVIDIA PhysX
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Illustrator 10
    Adobe Photoshop 7.0
    Adobe Reader X (10.0.1)
    Adobe SVG Viewer 3.0
    Ahead Nero Burning ROM
    Avira AntiVir Personal - Free Antivirus
    CorelDRAW Graphics Suite X3
    DivX Setup
    EN
    FontNav
    Football Manager 2010
    Football Manager 2011
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Manhunt
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Control Panel 270.61
    NVIDIA Graphics Driver 270.61
    NVIDIA Install Application
    NVIDIA nView 135.70
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Update 1.1.34
    NVIDIA Update Components
    OpenOffice.org 3.2
    PowerDVD
    Rapport
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.92
    SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung New PC Studio
    Samsung New PC Studio USB Driver Installer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Segoe UI
    Splinter Cell Pandora Tomorrow
    Spotify
    Steam
    SWAT 4
    Tom Clancy's Splinter Cell
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update Manager
    VBA
    VC80CRTRedist - 8.0.50727.4053
    WebFldrs XP
    Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    24/04/2011 16:48:33, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_mini.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
    24/04/2011 16:48:33, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_disp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
    24/04/2011 14:17:19, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
    24/04/2011 14:15:06, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
    24/04/2011 14:11:09, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
    24/04/2011 14:08:03, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
    24/04/2011 01:14:04, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip
    23/04/2011 23:51:02, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 898a9970, parameter3 898a9d88, parameter4 1a830008.
    23/04/2011 23:50:53, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 894ebb60, parameter3 894ebf78, parameter4 1a8300fe.
    23/04/2011 23:49:50, error: System Error [1003] - Error code 1000000a, parameter1 00700005, parameter2 00000002, parameter3 00000001, parameter4 806e7a2a.
    23/04/2011 23:49:23, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 88bcb830, parameter3 88bcbc48, parameter4 1a830001.
    23/04/2011 22:58:32, error: PlugPlayManager [11] - The device Root\LEGACY_JATMLANO\0000 disappeared from the system without first being prepared for removal.
    23/04/2011 22:20:37, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 8942f358, parameter3 8942f770, parameter4 1a830008.
    23/04/2011 20:40:29, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 89309858, parameter3 89309c70, parameter4 1a830003.
    23/04/2011 20:40:22, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 890b0000, parameter3 890b0418, parameter4 1a830000.
    23/04/2011 19:04:31, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.6040, the version of the system file is 6.0.2900.6040.
    23/04/2011 19:04:31, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5931, the version of the system file is 6.0.2900.5931.
    23/04/2011 18:59:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadco.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadce.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3002.0, the version of the system file is 2.81.3002.0.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msado15.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
    23/04/2011 18:57:05, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
    23/04/2011 18:57:03, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.1.0.9246, the version of the system file is 6.1.0.9246.
    23/04/2011 18:08:34, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
    23/04/2011 18:08:34, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5146, the version of the system file is 11.0.5721.5146.
    23/04/2011 18:08:34, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
    23/04/2011 16:48:54, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    23/04/2011 16:48:54, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the path specified.
    23/04/2011 16:46:45, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    23/04/2011 16:46:45, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    23/04/2011 16:46:45, error: Service Control Manager [7034] - The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).
    23/04/2011 16:46:45, error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    23/04/2011 16:46:45, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    23/04/2011 15:52:29, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    23/04/2011 15:51:47, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio Avgldx86 Avgmfx86 avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip
    23/04/2011 15:51:47, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    23/04/2011 15:51:47, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    23/04/2011 15:51:47, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    23/04/2011 15:51:47, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    23/04/2011 15:51:47, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    23/04/2011 15:51:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    23/04/2011 14:36:45, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.6010, the version of the system file is 5.1.2600.6010.
    23/04/2011 14:11:43, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4028.0, the version of the system file is 2.1.4028.0.
    23/04/2011 03:40:06, error: VolSnap [25] - The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.
    23/04/2011 03:39:45, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed.
    23/04/2011 03:36:09, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6010.
    23/04/2011 03:36:09, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
    23/04/2011 03:36:09, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5146.
    23/04/2011 03:36:03, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
    23/04/2011 03:10:05, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.6040.
    23/04/2011 03:10:05, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5931.
    23/04/2011 03:04:30, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4028.0.
    23/04/2011 03:03:06, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
    23/04/2011 02:59:25, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadco.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    23/04/2011 02:59:25, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadce.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3002.0.
    23/04/2011 02:59:24, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    23/04/2011 02:59:24, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    23/04/2011 02:59:24, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    23/04/2011 02:59:19, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msado15.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    23/04/2011 02:59:15, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
    23/04/2011 02:59:13, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.1.0.9246.
    22/04/2011 22:31:11, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================
     
  11. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
     
  12. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    MBR Check Log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x0000000d

    Kernel Drivers (total 125):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E2000 \WINDOWS\system32\hal.dll
    0xB85A8000 \WINDOWS\system32\KDCOM.DLL
    0xB84B8000 \WINDOWS\system32\BOOTVID.dll
    0xB7F79000 ACPI.sys
    0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB7F68000 pci.sys
    0xB80A8000 isapnp.sys
    0xB8670000 pciide.sys
    0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB85AC000 viaide.sys
    0xB80B8000 MountMgr.sys
    0xB7F49000 ftdisk.sys
    0xB85AE000 dmload.sys
    0xB7F23000 dmio.sys
    0xB8330000 PartMgr.sys
    0xB80C8000 VolSnap.sys
    0xB7F0B000 atapi.sys
    0xB80D8000 disk.sys
    0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB7EEC000 fltmgr.sys
    0xB7EDA000 sr.sys
    0xB80F8000 PxHelp20.sys
    0xB7EC3000 KSecDD.sys
    0xB7E36000 Ntfs.sys
    0xB7E09000 NDIS.sys
    0xB8108000 RapportKELL.sys
    0xB85B0000 \WINDOWS\System32\Drivers\USBD.SYS
    0xB7DEE000 Mup.sys
    0xB8118000 gagp30kx.sys
    0xB82B8000 \SystemRoot\system32\DRIVERS\processr.sys
    0xB71B9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB71A5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB82C8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB82D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB82E8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB7182000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB83C8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB715F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB83D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB83D8000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB714B000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB85EC000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0xB82F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB83E0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB8308000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB8580000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB7123000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB7109000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
    0xB86B6000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB8318000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB8584000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB70F2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB8158000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB8168000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB83E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB70E1000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB8178000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB83F0000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB83F8000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB7010000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB8188000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB8400000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB85EE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB6FB4000 \SystemRoot\system32\DRIVERS\update.sys
    0xB85A0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8198000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB81B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB3956000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB3932000 \SystemRoot\system32\drivers\portcls.sys
    0xB81C8000 \SystemRoot\system32\drivers\drmk.sys
    0xB8408000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB85F4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB86C7000 \SystemRoot\System32\Drivers\Null.SYS
    0xB85F6000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB8418000 \SystemRoot\System32\drivers\vga.sys
    0xB85F8000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB85FA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB8420000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB8428000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB7008000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB3887000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB382F000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB3807000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB37E6000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB6FF4000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xB81E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB37C4000 \SystemRoot\System32\drivers\afd.sys
    0xB81F8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB8430000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xB3798000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB376F000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
    0xB8208000 \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys
    0xB3700000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB8218000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB36DA000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xB85FE000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xB392E000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB8228000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB8440000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB392A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB8248000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB35FA000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xB8604000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB8448000 \SystemRoot\System32\watchdog.sys
    0xB390A000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xB87DD000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB2B57000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xB2C14000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
    0xB2B74000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB2832000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB27F5000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB7041000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB85E8000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB209B000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB2028000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB1B87000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB24A6000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
    0xB84A0000 \??\C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys
    0xB197B000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 42):
    0 System Idle Process
    4 SYSTEM
    652 C:\WINDOWS\system32\smss.exe
    700 C:\WINDOWS\system32\csrss.exe
    724 C:\WINDOWS\system32\winlogon.exe
    768 C:\WINDOWS\system32\services.exe
    808 C:\WINDOWS\system32\lsass.exe
    980 C:\WINDOWS\system32\nvsvc32.exe
    1012 C:\WINDOWS\system32\svchost.exe
    1116 C:\WINDOWS\system32\svchost.exe
    1212 C:\WINDOWS\system32\svchost.exe
    1296 C:\WINDOWS\system32\svchost.exe
    1416 C:\WINDOWS\system32\svchost.exe
    1548 C:\WINDOWS\system32\spoolsv.exe
    1592 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1996 C:\WINDOWS\explorer.exe
    220 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    304 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    312 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    328 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    456 C:\WINDOWS\RTHDCPL.exe
    480 C:\WINDOWS\system32\rundll32.exe
    588 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    568 C:\WINDOWS\system32\ctfmon.exe
    676 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    112 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    800 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    2160 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2204 C:\WINDOWS\system32\FsUsbExService.Exe
    2260 C:\Program Files\Java\jre6\bin\jqs.exe
    2288 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2352 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    2648 C:\WINDOWS\system32\searchindexer.exe
    3844 C:\WINDOWS\system32\alg.exe
    4068 C:\Program Files\Internet Explorer\IEXPLORE.EXE
    3688 C:\WINDOWS\system32\wscntfy.exe
    2016 C:\WINDOWS\system32\notepad.exe
    4028 C:\WINDOWS\system32\notepad.exe
    3648 C:\WINDOWS\system32\notepad.exe
    3448 C:\WINDOWS\system32\searchprotocolhost.exe
    476 C:\WINDOWS\system32\searchfilterhost.exe
    684 C:\Documents and Settings\User\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD502HJ, Rev: 1AJ10001

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  13. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    RKUnhooker Log:

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 2)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xB71B9000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12505088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 270.61 )
    0xB3956000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4567040 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 4112384 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 270.61 )
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2142208 bytes
    0x804D7000 RAW 2142208 bytes
    0x804D7000 WMIxWDM 2142208 bytes
    0xBF800000 Win32k 1839104 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1839104 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB7E36000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xB3700000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB382F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB209B000 C:\WINDOWS\system32\DRIVERS\srv.sys 339968 bytes (Microsoft Corporation, Server driver)
    0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xB1B87000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB6FB4000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
    0xB7010000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB2832000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB7E09000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB3798000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB197B000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xB376F000 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 167936 bytes (Trusteer Ltd., RapportPG)
    0xB7123000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xB3807000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xB36DA000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
    0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xB3932000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB2028000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xB7182000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xB715F000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB37C4000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0xB37E6000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
    0x806E2000 ACPI_HAL 134400 bytes
    0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB7EEC000 fltmgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xB7DEE000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB7109000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 106496 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
    0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xB35FA000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB7EC3000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB70F2000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB2B57000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
    0xB27F5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB714B000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xB71A5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xB3887000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB7EDA000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB70E1000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB8248000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xB8308000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xB81C8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xB82E8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB7041000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xB81B8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xB8108000 RapportKELL.sys 57344 bytes (Trusteer Ltd., RapportKE)
    0xB82D8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xB82F8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xB8208000 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys 53248 bytes (Trusteer Ltd., RapportCerberus)
    0xB8318000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xB2C14000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
    0xB8118000 gagp30kx.sys 49152 bytes (Microsoft Corporation, MS Generic AGPv3.0 Filter for K8/9 Processor Platforms)
    0xB8168000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xB82C8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xB8158000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xB8198000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xB80F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xB8188000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xB8218000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xB24A6000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
    0xB8228000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xB80A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xB8178000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xB81F8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xB1ACF000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xB82B8000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xB81E8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xB8428000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xB83D8000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xB8440000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xB84A0000 C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys 28672 bytes
    0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xB83D0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xB83E0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xB8400000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xB8430000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
    0xB8418000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xB8408000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
    0xB8420000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xB83F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xB83F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xB83E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xB83C8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xB8448000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xB85A0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xB2B74000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xB8580000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xB390A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xB392E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xB392A000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xB8584000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xB7008000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xB6FF4000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
    0xB85EC000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
    0xB85FE000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
    0xB85F6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xB85AE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xB8604000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xB85F4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xB85F8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xB85E8000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
    0xB85FA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xB85EE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xB85B0000 C:\WINDOWS\System32\Drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xB85AC000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xB86B6000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xB87DD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xB86C7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================
     
  14. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Looks good ...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    The computer went to a blue screen and began dumping physical memory again at the end of combofix, what does this mean? I think the log may be incomplete again but it is huge, would probably take about 20 posts! Do you want me to attach it?
     
  16. Broni

    Broni Malware Annihilator Posts: 47,037   +255

  17. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    File uploaded to File Dropper

    Link: http://www.filedropper.com/combofix_2

    Embeded code: <a href=http://www.filedropper.com/combofix_2><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >upload files online</a></div>
     
  18. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    ComboFix 11-04-23.02 - User 24/04/2011 19:44:29.10.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1572 [GMT 1:00]
    Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}


    ((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))


    2011-04-24 17:06:16 . 2011-04-24 17:06:19 -------- d-----w- C:\Documents and Settings\UpdatusUser
    2011-04-24 17:06:16 . 2011-04-24 17:06:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NVIDIA
    2011-04-24 17:05:35 . 2011-04-08 05:14:00 944232 ----a-w- C:\WINDOWS\system32\nvdispco3220140.dll
    2011-04-24 17:05:35 . 2011-04-08 05:14:00 855656 ----a-w- C:\WINDOWS\system32\nvgenco322060.dll
    2011-04-24 17:05:35 . 2011-04-08 05:14:00 61440 ----a-w- C:\WINDOWS\system32\OpenCL.dll
    2011-04-24 17:05:35 . 2011-04-08 05:14:00 5210112 ----a-w- C:\WINDOWS\system32\nvcuda.dll
    2011-04-24 17:05:35 . 2011-04-08 05:14:00 2770536 ----a-w- C:\WINDOWS\system32\nvcuvid.dll
    2011-04-24 17:05:35 . 2011-04-08 05:14:00 2116894 ----a-w- C:\WINDOWS\system32\nvdata.bin
    2011-04-24 17:05:35 . 2011-04-08 05:14:00 2074216 ----a-w- C:\WINDOWS\system32\nvcuvenc.dll
    2011-04-24 17:05:35 . 2011-04-08 05:14:00 2027008 ----a-w- C:\WINDOWS\system32\nvapi.dll
    2011-04-24 17:05:35 . 2011-04-08 05:14:00 14856192 ----a-w- C:\WINDOWS\system32\nvoglnt.dll
    2011-04-24 17:05:35 . 2011-04-08 05:14:00 13000704 ----a-w- C:\WINDOWS\system32\nvcompiler.dll
    2011-04-24 15:40:27 . 2011-04-24 15:40:27 -------- d-----w- C:\NVIDIA
    2011-04-24 13:20:11 . 2011-04-24 13:20:11 -------- d-----w- C:\Program Files\khwsfwle
    2011-04-24 13:14:02 . 2004-08-04 12:00:00 41600 -c--a-w- C:\WINDOWS\system32\dllcache\weitekp9.dll
    2011-04-24 13:14:02 . 2004-08-04 12:00:00 31232 -c--a-w- C:\WINDOWS\system32\dllcache\weitekp9.sys
    2011-04-24 13:14:01 . 2004-08-04 12:00:00 9216 -c--a-w- C:\WINDOWS\system32\dllcache\wamps51.dll
    2011-04-24 13:14:01 . 2004-08-04 12:00:00 76800 -c--a-w- C:\WINDOWS\system32\dllcache\wam51.dll
    2011-04-24 13:14:01 . 2004-08-04 12:00:00 53248 -c--a-w- C:\WINDOWS\system32\dllcache\wamreg51.dll
    2011-04-24 13:14:00 . 2004-08-04 12:00:00 73728 -c--a-w- C:\WINDOWS\system32\dllcache\w3ext.dll
    2011-04-24 13:14:00 . 2004-08-04 12:00:00 5632 -c--a-w- C:\WINDOWS\system32\dllcache\w3svapi.dll
    2011-04-24 13:14:00 . 2004-08-04 12:00:00 48256 -c--a-w- C:\WINDOWS\system32\dllcache\w32.dll
    2011-04-24 13:14:00 . 2004-08-04 12:00:00 4608 -c--a-w- C:\WINDOWS\system32\dllcache\w3ctrs51.dll
    2011-04-24 13:14:00 . 2004-08-04 12:00:00 363520 -c--a-w- C:\WINDOWS\system32\dllcache\w3svc.dll
    2011-04-24 13:12:59 . 2004-08-04 12:00:00 81976 -c--a-w- C:\WINDOWS\system32\dllcache\imjpdct.dll
    2011-04-24 13:11:59 . 2004-08-04 12:00:00 8192 -c--a-w- C:\WINDOWS\system32\dllcache\staxmem.dll
    2011-04-24 13:10:12 . 2004-08-04 12:00:00 16384 -c--a-w- C:\WINDOWS\system32\dllcache\isignup.exe
    2011-04-24 13:10:12 . 2004-08-04 12:00:00 16384 ----a-w- C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe
    2011-04-24 13:10:02 . 2004-08-04 12:00:00 8192 -c--a-w- C:\WINDOWS\system32\dllcache\bitsprx2.dll
    2011-04-24 13:10:02 . 2004-08-04 12:00:00 8192 ----a-w- C:\WINDOWS\system32\bitsprx2.dll
    2011-04-24 13:10:02 . 2004-08-04 12:00:00 7168 -c--a-w- C:\WINDOWS\system32\dllcache\bitsprx3.dll
    2011-04-24 13:10:02 . 2004-08-04 12:00:00 7168 ----a-w- C:\WINDOWS\system32\bitsprx3.dll
    2011-04-24 12:58:16 . 2004-08-04 12:00:00 13312 -c--a-w- C:\WINDOWS\system32\dllcache\irclass.dll
    2011-04-24 12:58:16 . 2004-08-04 12:00:00 13312 ----a-w- C:\WINDOWS\system32\irclass.dll
    2011-04-24 12:58:15 . 2004-08-04 12:00:00 24661 -c--a-w- C:\WINDOWS\system32\dllcache\spxcoins.dll
    2011-04-24 12:58:15 . 2004-08-04 12:00:00 24661 ----a-w- C:\WINDOWS\system32\spxcoins.dll
    2011-04-24 01:42:53 . 2011-04-24 01:42:53 -------- d-----w- C:\_OTL
    2011-04-24 00:10:56 . 2011-04-24 00:11:26 -------- d-----w- C:\Documents and Settings\Administrator
    2011-04-23 12:22:34 . 2011-04-23 13:15:05 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
    2011-04-23 02:56:20 . 2011-04-23 02:56:20 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    2011-04-23 02:53:29 . 2011-04-23 02:54:38 -------- dc-h--w- C:\WINDOWS\ie8
    2011-04-23 02:53:18 . 2011-04-23 02:53:18 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    2011-04-23 02:53:13 . 2011-04-24 14:28:04 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Google
    2011-04-23 02:52:47 . 2011-04-23 02:53:13 -------- d-----w- C:\Program Files\Google
    2011-04-23 00:58:53 . 2011-04-24 17:41:09 -------- d-----w- C:\WINDOWS\system32\NtmsData
    2011-04-23 00:57:01 . 2011-04-23 00:57:01 -------- d-----w- C:\Documents and Settings\User\Application Data\Avira
    2011-04-23 00:55:54 . 2011-03-04 15:11:12 137656 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
    2011-04-23 00:55:54 . 2011-03-04 13:37:13 61960 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
    2011-04-23 00:55:54 . 2010-06-17 13:27:24 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
    2011-04-23 00:55:54 . 2010-06-17 13:27:24 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
    2011-04-23 00:55:53 . 2011-04-23 00:55:53 -------- d-----w- C:\Program Files\Avira
    2011-04-23 00:55:53 . 2011-04-23 00:55:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
    2011-04-22 21:30:59 . 2011-04-23 00:48:09 166768 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\isuspmmgr.exe
    2011-04-22 21:30:59 . 2011-04-23 00:48:09 166768 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\agentmgr.exe
    2011-04-22 21:23:14 . 2011-04-22 21:23:14 -------- d-----w- C:\Program Files\VS Revo Group
    2011-04-15 17:17:32 . 2011-04-15 17:17:32 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Trusteer
    2011-04-14 22:04:15 . 2011-04-14 22:04:16 -------- d-----w- C:\Program Files\Spotify
    2011-04-07 21:15:38 . 2011-04-07 21:15:38 81920 ----a-w- C:\WINDOWS\system32\nvwddi.dll
    2011-04-07 21:15:38 . 2011-04-07 21:15:38 580200 ----a-w- C:\WINDOWS\system32\easyUpdatusAPIU.dll
    2011-04-07 21:15:34 . 2011-04-07 21:15:34 277608 ----a-w- C:\WINDOWS\system32\nvmccs.dll
    2011-04-07 21:15:34 . 2011-04-07 21:15:34 13891176 ----a-w- C:\WINDOWS\system32\nvcpl.dll
    2011-04-07 21:15:34 . 2011-04-07 21:15:34 111208 ----a-w- C:\WINDOWS\system32\nvmctray.dll
    2011-04-07 21:15:32 . 2011-04-07 21:15:32 155752 ----a-w- C:\WINDOWS\system32\nvsvc32.exe
    2011-04-07 21:15:32 . 2011-04-07 21:15:32 145000 ----a-w- C:\WINDOWS\system32\nvcolor.exe
    2011-04-06 11:23:51 . 2011-04-06 11:23:51 -------- d-----w- C:\found.000
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-04-08 05:14:00 . 2010-07-10 04:38:00 4111232 ----a-w- C:\WINDOWS\system32\nv4_disp.dll
    2011-04-08 05:14:00 . 2010-07-10 04:38:00 12501600 ----a-w- C:\WINDOWS\system32\drivers\nv4_mini.sys
    2011-02-17 12:32:12 . 2010-10-08 11:31:35 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll


    ((((((((((((((((((((((((((((( SnapShot@2011-04-23_18.25.46 )))))))))))))))))))))))))))))))))))))))))

    [snapshot omitted - Broni]

    -- Snapshot reset to current date --

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="C:\Program Files\Steam\steam.exe" [2011-01-12 20:46:45 1242448]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 02:53:11 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30:30 81920]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 15:45:14 35736]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 12:49:34 932288]
    "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 21:10:00 1230704]
    "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 13:36:51 281768]
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 10:43:18 248040]
    "SkyTel"="SkyTel.EXE" [2006-05-16 17:04:26 2879488]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-12-20 10:27:57 155648]
    "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 10:12:24 16062464]
    "NvMediaCenter"="NvMCTray.dll" [2011-04-07 21:15:34 111208]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-04-07 21:15:34 13891176]
    "nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 01:57:14 1753192]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00:00 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-02-28 12:00:00 44544]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
    "C:\\Documents and Settings\\User\\My Documents\\Age Of Empires II\\Age Of Empires II The Conquerors\\age2_x1.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
    "C:\\Program Files\\Spotify\\spotify.exe"=
    "C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

    R0 RapportKELL;RapportKELL;C:\WINDOWS\system32\drivers\RapportKELL.sys [03/10/2010 23:43:44 59240]
    R1 RapportCerberus_25973;RapportCerberus_25973;C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [13/04/2011 12:17:06 57144]
    R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 23:43:44 169320]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [23/04/2011 01:55:54 135336]
    R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [27/01/2011 19:03:01 233472]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [24/04/2011 18:06:14 2218600]
    R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [27/01/2011 19:03:01 36608]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [23/04/2011 03:53:14 135664]
    S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;C:\WINDOWS\system32\drivers\W35UND.SYS [08/10/2010 12:18:03 117632]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - FSUSBEXDISK
    *Deregistered* - Normandy

    Contents of the 'Scheduled Tasks' folder

    2011-04-24 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53:14 . 2011-04-23 02:53:12]

    2011-04-24 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53:14 . 2011-04-23 02:53:12]


    ------- Supplementary Scan -------

    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
     
  19. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    It is incomplete.
    Try to re-run it.
    It should produce shorter log this time.
     
  20. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

  21. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    C:\Program Files\khwsfwle
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  22. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Just to let you know, that I'll be gone for a few hours....
     
  23. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    Ok, i did that a couple of times but it would produce a log, it did the blue screen dumping physical memory thing both times and the second time wouldn't boot up for a couple of goes, its booted up now. The folder that you put in the last post 'khwsfwle' can't be deleted, i tried when i first got the virus but it just says 'cannot delete khwsfwle: The directory is not empty'
     
  24. Sixx1402

    Sixx1402 TS Rookie Topic Starter Posts: 60

    Sorry i meant to say it WOULDN'T produce a log (combofix)
     
  25. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe

    DO NOT RUN IT YET!

    Restart computer in Safe Mode.


    • * Double-click on the Rkill desktop icon to run the tool.
      * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
      * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      * If not, delete the file, then download and use the one provided in Link 2.
      * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      * Do not reboot until instructed.
      * If the tool does not run from any of the links provided, please let me know.

    Now, try to run my Combofix script again.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.