Inactive Iexplorer running twice and very very slowly!

Status
Not open for further replies.
T

The OP

Posts: 6   +0
Hi I am new to this site and already wanting to pick your brains! Internet explorer has started to run vey very slowly on my laptop under XP and seems to be listed twice in the processes tab of taskmanager. I have looked around here for some answers but so far without success.

Any help greatfully received
Matt...
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi Broni Thanks for your assistance! The first log from Malwarebytes:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

02/12/2010 11:36:44
mbam-log-2010-12-02 (11-36-43).txt

Scan type: Quick scan
Objects scanned: 124797
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-02 11:50:02
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060AT_PL rev.000000A0
Running: quc75fp4.exe; Driver: C:\DOCUME~1\Matthew\LOCALS~1\Temp\pwdorkow.sys


---- Devices - GMER 1.0.15 ----

Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----
 
I have downloaded the DDS software but when I try to run it it just opens notepad straight away with a whole page of script and does nothing else! any help gretafully received.
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
Hi Broni,

This is the TDSS report:-

2010/12/03 18:30:32.0312 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/03 18:30:32.0312 ================================================================================
2010/12/03 18:30:32.0312 SystemInfo:
2010/12/03 18:30:32.0312
2010/12/03 18:30:32.0312 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/03 18:30:32.0312 Product type: Workstation
2010/12/03 18:30:32.0312 ComputerName: MATTLAPTOP
2010/12/03 18:30:32.0312 UserName: Matthew
2010/12/03 18:30:32.0312 Windows directory: C:\WINDOWS
2010/12/03 18:30:32.0312 System windows directory: C:\WINDOWS
2010/12/03 18:30:32.0312 Processor architecture: Intel x86
2010/12/03 18:30:32.0312 Number of processors: 1
2010/12/03 18:30:32.0312 Page size: 0x1000
2010/12/03 18:30:32.0312 Boot type: Normal boot
2010/12/03 18:30:32.0312 ================================================================================
2010/12/03 18:30:32.0937 Initialize success
2010/12/03 18:30:45.0515 ================================================================================
2010/12/03 18:30:45.0515 Scan started
2010/12/03 18:30:45.0515 Mode: Manual;
2010/12/03 18:30:45.0515 ================================================================================
2010/12/03 18:30:46.0578 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/03 18:30:46.0812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/03 18:30:47.0171 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/12/03 18:30:47.0406 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/12/03 18:30:48.0250 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/03 18:30:48.0718 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/12/03 18:30:49.0046 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/03 18:30:50.0718 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS
2010/12/03 18:30:50.0875 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/03 18:30:50.0968 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/03 18:30:51.0265 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/03 18:30:51.0406 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/03 18:30:51.0640 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/03 18:30:51.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/03 18:30:52.0000 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2010/12/03 18:30:52.0281 Cam5603C (75b5d1fbd7c6b3a107624ca6e34c30b5) C:\WINDOWS\system32\Drivers\Bs350u2.sys
2010/12/03 18:30:52.0390 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/03 18:30:52.0578 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/03 18:30:52.0781 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
2010/12/03 18:30:53.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/03 18:30:53.0171 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/03 18:30:53.0375 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/03 18:30:53.0734 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/03 18:30:54.0109 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/03 18:30:54.0781 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/03 18:30:54.0937 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/03 18:30:55.0093 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/03 18:30:55.0156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/03 18:30:55.0328 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/03 18:30:55.0687 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/03 18:30:55.0859 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/03 18:30:55.0968 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/03 18:30:56.0156 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/03 18:30:56.0296 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/03 18:30:56.0359 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/03 18:30:56.0468 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/03 18:30:56.0609 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/03 18:30:56.0671 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/03 18:30:56.0718 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/03 18:30:56.0875 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/12/03 18:30:57.0171 ghaio (108a784ff664a83329549e5883c84cfd) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2010/12/03 18:30:57.0328 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/03 18:30:57.0562 GtTdiFltr (76360ae27cc97e462ff4e52b91d59e11) C:\WINDOWS\system32\drivers\GtTdiFltr.sys
2010/12/03 18:30:57.0796 GTUHSBUS (3517b3e8bb7d27802ecd633e31aadf7b) C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys
2010/12/03 18:30:58.0015 GTUHSNDISIPXP (770245ed20d62faeb34de4f1f4018708) C:\WINDOWS\system32\DRIVERS\gtuhs51.sys
2010/12/03 18:30:58.0203 GTUHSOMS (e3d4f72f92dd9d4f6e93a3c005d6dcbf) C:\WINDOWS\system32\DRIVERS\gtuhsoms.sys
2010/12/03 18:30:58.0375 GTUHSSER (25a80ada6ce5466aeb4a144cc8256990) C:\WINDOWS\system32\DRIVERS\gtuhsser.sys
2010/12/03 18:30:58.0765 HSFHWSIS (084c5ea9445cb4b2f934ddf417d64b9e) C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys
2010/12/03 18:30:59.0000 HSF_DP (7a7fbe994d1018be8cfd1ba7a028dbd3) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/03 18:30:59.0250 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/03 18:30:59.0750 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/03 18:31:00.0062 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101130.001\IDSxpx86.sys
2010/12/03 18:31:00.0203 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/03 18:31:00.0718 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/03 18:31:00.0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/03 18:31:00.0906 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/03 18:31:01.0046 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/03 18:31:01.0187 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/03 18:31:01.0343 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/12/03 18:31:01.0484 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/03 18:31:01.0640 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/12/03 18:31:01.0734 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/03 18:31:01.0875 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/03 18:31:02.0093 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/03 18:31:02.0296 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/03 18:31:02.0703 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2010/12/03 18:31:02.0859 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/03 18:31:02.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/03 18:31:03.0125 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/03 18:31:03.0281 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/03 18:31:03.0359 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/03 18:31:03.0640 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/03 18:31:03.0859 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/03 18:31:04.0015 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/03 18:31:04.0187 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/03 18:31:04.0343 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/03 18:31:04.0500 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/03 18:31:04.0625 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/03 18:31:04.0812 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/03 18:31:04.0984 MTsensor (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2010/12/03 18:31:05.0062 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/03 18:31:05.0265 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/03 18:31:05.0500 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101201.003\NAVENG.SYS
2010/12/03 18:31:05.0671 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101201.003\NAVEX15.SYS
2010/12/03 18:31:05.0859 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/03 18:31:06.0062 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/03 18:31:06.0140 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/03 18:31:06.0250 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/03 18:31:06.0359 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/03 18:31:06.0406 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/03 18:31:06.0500 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/03 18:31:06.0640 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/03 18:31:06.0828 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/03 18:31:06.0937 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/03 18:31:07.0109 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/03 18:31:07.0234 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/03 18:31:07.0453 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/03 18:31:07.0531 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/03 18:31:07.0671 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/03 18:31:07.0781 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/03 18:31:07.0843 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/03 18:31:07.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/03 18:31:08.0062 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/03 18:31:08.0312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/03 18:31:08.0453 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/03 18:31:09.0750 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/03 18:31:09.0906 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/03 18:31:10.0078 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/03 18:31:10.0125 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/03 18:31:11.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/03 18:31:11.0265 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/12/03 18:31:11.0375 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/03 18:31:11.0468 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/03 18:31:11.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/03 18:31:11.0640 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/03 18:31:11.0687 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/03 18:31:11.0875 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/03 18:31:12.0031 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/03 18:31:12.0203 rmedia (57c3751fd5beeaba87de83979fbb9977) C:\WINDOWS\system32\DRIVERS\rmedia.sys
2010/12/03 18:31:12.0390 RTL8023xp (accaef9f58ae156772be67df148c5b3a) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2010/12/03 18:31:12.0546 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/03 18:31:12.0671 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/03 18:31:12.0843 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/03 18:31:13.0234 SiS315 (8365751f9407ea612ea1e022292ffc9c) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/12/03 18:31:13.0406 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/12/03 18:31:13.0625 SiSkp (5de3c5e923eaa435ab4b48ea87c99f71) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/12/03 18:31:13.0812 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/03 18:31:14.0171 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/03 18:31:14.0343 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/03 18:31:14.0656 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
2010/12/03 18:31:14.0875 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
2010/12/03 18:31:15.0109 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/03 18:31:15.0312 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/03 18:31:15.0437 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/03 18:31:15.0656 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/03 18:31:16.0281 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
2010/12/03 18:31:16.0484 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/12/03 18:31:16.0750 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
2010/12/03 18:31:16.0968 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
2010/12/03 18:31:17.0187 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/12/03 18:31:17.0218 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/12/03 18:31:17.0406 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
2010/12/03 18:31:17.0640 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2010/12/03 18:31:18.0390 SynTP (55a7c2667ff752fabcae7e6b6df52a10) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/03 18:31:18.0578 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/03 18:31:18.0796 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/03 18:31:18.0984 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/03 18:31:19.0156 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/03 18:31:19.0328 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/03 18:31:19.0703 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/03 18:31:20.0031 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/03 18:31:20.0234 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/03 18:31:20.0375 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/03 18:31:20.0531 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/03 18:31:20.0734 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/03 18:31:20.0859 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/03 18:31:21.0171 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/03 18:31:21.0296 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/03 18:31:21.0656 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/03 18:31:21.0843 winachsf (3abf96fc0e3ae1aa8ba21d8b5a9a745a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/03 18:31:22.0171 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/03 18:31:22.0421 ================================================================================
2010/12/03 18:31:22.0421 Scan finished
2010/12/03 18:31:22.0421 ================================================================================
 
MBRcheck report:-

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF7AC5000 \WINDOWS\system32\KDCOM.DLL
0xF79D5000 \WINDOWS\system32\BOOTVID.dll
0xF7496000 ACPI.sys
0xF7AC7000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7485000 pci.sys
0xF75C5000 isapnp.sys
0xF75D5000 ohci1394.sys
0xF75E5000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF79D9000 compbatt.sys
0xF79DD000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B8D000 pciide.sys
0xF7845000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7467000 pcmcia.sys
0xF75F5000 MountMgr.sys
0xF7448000 ftdisk.sys
0xF79E1000 ACPIEC.sys
0xF7B8E000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF784D000 PartMgr.sys
0xF7605000 VolSnap.sys
0xF7430000 atapi.sys
0xF7615000 disk.sys
0xF7625000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7411000 fltMgr.sys
0xF73FF000 sr.sys
0xF73B0000 SYMEFA.SYS
0xF738D000 Fastfat.sys
0xF7376000 KSecDD.sys
0xF7349000 NDIS.sys
0xF7635000 SISAGPX.sys
0xF7338000 rmedia.sys
0xF731D000 Mup.sys
0xF7645000 gagp30kx.sys
0xF7AC9000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0xF7296000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xF7282000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7675000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF786D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7254000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7ACB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7875000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7685000 \SystemRoot\System32\Drivers\Serial.SYS
0xF787D000 \SystemRoot\system32\DRIVERS\irsir.sys
0xF7A59000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF7240000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7695000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76A5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76B5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF721D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF71ED000 \SystemRoot\system32\DRIVERS\HSFHWSIS.sys
0xF70EF000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF7047000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7885000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6E11000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6DED000 \SystemRoot\system32\drivers\portcls.sys
0xF76C5000 \SystemRoot\system32\drivers\drmk.sys
0xF788D000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6DCA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7895000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6D6F000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7A65000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF76D5000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF7C58000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF789D000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF78A5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF76E5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A6D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6D58000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7705000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6CA7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7715000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78AD000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78B5000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7725000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78BD000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF7ACD000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6C4B000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A79000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7735000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7765000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AD1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C79000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AD3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78DD000 \SystemRoot\System32\drivers\vga.sys
0xF7AD5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AD7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78E5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78ED000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AB1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB16CD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB1675000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1641000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0xB161C000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF78F5000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
0xB1607000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0xB15E6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7775000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF78FD000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMIDS.SYS
0xB158E000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101130.001\IDSxpx86.sys
0xB1566000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7AD9000 \SystemRoot\system32\drivers\GtTdiFltr.sys
0xB1544000 \SystemRoot\System32\drivers\afd.sys
0xF7785000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF77A5000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0xF72F9000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xB1518000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB14A9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77B5000 \SystemRoot\System32\Drivers\Fips.SYS
0xB13AB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB138E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB1313000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0xB12A9000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0xB120D000 \SystemRoot\System32\Drivers\Bs350u2.sys
0xF77D5000 \SystemRoot\System32\Drivers\STREAM.SYS
0xF77E5000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB11F5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7ADB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6C97000 \SystemRoot\System32\drivers\Dxapi.sys
0xF791D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B94000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB102F000 \SystemRoot\system32\DRIVERS\irda.sys
0xB10B5000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xB10B1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB0E22000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB0F2B000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0xB0F23000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB0D2B000 \SystemRoot\system32\DRIVERS\srv.sys
0xB0C4E000 \SystemRoot\system32\drivers\wdmaud.sys
0xB0EDF000 \SystemRoot\system32\drivers\sysaudio.sys
0xB07AE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB0933000 \??\C:\WINDOWS\system32\ASNDIS5.SYS
0xB0947000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB00DE000 \??\C:\DOCUME~1\Matthew\LOCALS~1\Temp\pwdorkow.sys
0xAFEDC000 \SystemRoot\system32\drivers\kmixer.sys
0xF7B1B000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
776 C:\WINDOWS\System32\SMSS.EXE
880 csrss.exe
904 C:\WINDOWS\System32\winlogon.exe
948 C:\WINDOWS\System32\services.exe
960 C:\WINDOWS\System32\lsass.exe
1092 C:\WINDOWS\System32\svchost.exe
1204 svchost.exe
1260 C:\WINDOWS\System32\svchost.exe
1380 svchost.exe
1448 svchost.exe
1844 C:\WINDOWS\System32\spoolsv.exe
1912 svchost.exe
200 C:\WINDOWS\System32\svchost.exe
652 C:\WINDOWS\Explorer.EXE
716 C:\Program Files\Google\Update\GoogleUpdate.exe
1676 alg.exe
212 C:\WINDOWS\ATK0100\HControl.exe
332 C:\WINDOWS\SOUNDMAN.EXE
348 C:\Program Files\ASUS\NB Probe\NBProbe.exe
588 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
620 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
660 C:\WINDOWS\System32\rundll32.exe
740 C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
812 C:\Program Files\Java\j2re1.4.2_19\bin\jusched.exe
1396 C:\Program Files\Messenger\msmsgs.exe
1420 C:\WINDOWS\ATK0100\ATKOSD.exe
1324 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1584 C:\WINDOWS\System32\ctfmon.exe
1656 C:\WINDOWS\System32\sistray.exe
1684 C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
3052 C:\WINDOWS\System32\wuauclt.exe
2432 C:\WINDOWS\System32\svchost.exe
1196 C:\Program Files\Internet Explorer\iexplore.exe
2792 C:\Program Files\Internet Explorer\iexplore.exe
1964 C:\WINDOWS\System32\wuauclt.exe
3336 wmiprvse.exe
2280 C:\Documents and Settings\Matthew\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`77226600 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000008`94637e00 (FAT32)

PhysicalDrive0 Model Number: FUJITSUMHV2060ATPL, Rev: 000000A0

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
All looks clean, so far :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Status
Not open for further replies.

Similar threads

Shawn Knight
Security firm claims it can unlock IronKey USB drive holding 7,000 Bitcoin hostage, but...
Replies
4
Views
325
Srksi
Srksi
AlphaX
Recent report claims Seagate and Hitachi HDDs are most likely to fail
Replies
19
Views
873
leonvh
leonvh
J
Disengaging from China manufacturing is hard, but it's happening slowly
2
Replies
36
Views
1K
lripplinger
lripplinger

Latest posts

Back