Jump to content

Recommended Posts

I was hoping if I can get some help to get malwarebytes to stop crashing and see if I am virus and malware free.

I had a problem with auto redirects from google on mozilla while using comodo internet security. I tried to fix the problem by trying different antivirus and antispyware programs without much success. While searching for an answer I ran across this website http://deletemalware.blogspot.com/2010/02/...rect-virus.html . The directions helped and I was able to get rid of rootkiy.win.32.tdss.tdl4. I had a suspicion that I still had other viruses (at least one). Earlier when I was trying different softwares to scan for virus and malware, Avira detected TR/kazy.1892, then crashed. Malwarebytes crashed as well. I tried more different antivirus software after I got rid of rootkiy.win.32.tdss.tdl4 and Eset Nod32 scanned and found two viruses. The log showed it was somehow connected to AVG PC Tuneup. I deleted and tried to see if Avira would work this time and find tr/kazy.1892. It did not crash, but it did not find any virus. I checked if malwarebytes would not crash, but it crashed.

I followed the directions from http://forums.malwarebytes.org/index.php?showtopic=9573 .

I appreciate all the help I can get. Thank you. I am including mbam log, ark and attach zip folders.

This may be to much information. Before the auto redirect problem Comodo Antivirus detected service pack 3 as a virus and I unwittingly had it erased. I was not able to go to Windowsupdate until I got rid of rootkit.win.32.tdss.tdl4. Windowsupdate shows that I still have service pack 3, but it is less apparent than before. Avira seems to think I do not have an account that is somehow related to service pack 3. (They said I only have administrative rights.)

Thank you!

The following is the contents from dds.txt

DDS (Ver_10-10-10.03) - NTFSx86

Run by Me at 23:15:43.78 on 10/20/2010 Wed

Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Home Edition 5.1.2600.3.932.1.1041.18.1535.860 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\conime.exe

C:\Documents and Settings\Me\My Documents\Downloads\Defogger.exe

C:\Documents and Settings\Me\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Camera Detector] c:\progra~1\acdsys~1\devdet~1\DEVDET~1.EXE -autorun

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [ctfmon.exe] ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\???~1\???~1\???~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\???~1\???~1\???~1\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\???~1\???~1\???~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

mPolicies-explorer: <NO NAME> =

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231653114432

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\jl46otce.default\

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\documents and settings\me\application data\mozilla\firefox\profiles\jl46otce.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\documents and settings\me\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\me\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\me\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-20 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-20 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-20 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-20 60936]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-10-19 114952]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-20 38224]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

=============== Created Last 30 ================

2010-10-21 02:08:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-21 02:08:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-20 21:28:53 -------- d-----w- c:\docume~1\me\applic~1\Avira

2010-10-20 21:22:57 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-20 21:22:56 -------- d-----w- c:\program files\Avira

2010-10-20 21:22:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-10-20 05:16:50 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2010-10-20 05:16:49 -------- d-----w- c:\program files\KeyScrambler

2010-10-20 03:49:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-20 02:26:22 -------- d-----w- c:\docume~1\me\locals~1\applic~1\ESET

2010-10-19 22:49:36 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-10-19 22:49:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-10-19 07:32:11 -------- d-----w- c:\docume~1\me\locals~1\applic~1\Sunbelt Software

2010-10-19 02:26:45 -------- d-sha-r- C:\cmdcons

2010-10-19 02:23:24 98816 ----a-w- c:\windows\sed.exe

2010-10-19 02:23:24 77312 ----a-w- c:\windows\MBR.exe

2010-10-19 02:23:24 256512 ----a-w- c:\windows\PEV.exe

2010-10-19 02:23:24 161792 ----a-w- c:\windows\SWREG.exe

2010-10-18 17:52:48 396288 ----a-w- C:\HijackThis.exe

2010-10-18 10:49:02 -------- d-----w- c:\docume~1\me\applic~1\Malwarebytes

2010-10-18 10:48:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-10-18 10:04:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2010-10-18 10:04:23 -------- d-----w- c:\program files\IObit

2010-10-18 09:34:38 -------- d-----w- c:\program files\Trend Micro

2010-10-18 07:50:52 -------- d-----w- c:\docume~1\me\applic~1\AVG

2010-10-18 07:46:30 -------- d-----w- c:\docume~1\me\locals~1\applic~1\AVG Security Toolbar

2010-10-18 07:28:57 -------- d-----w- c:\docume~1\me\applic~1\AVG10

2010-10-18 07:27:32 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2010-10-18 07:25:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2010-10-18 06:35:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2010-10-17 22:39:05 -------- d-----w- c:\docume~1\me\applic~1\awkcsyttu

2010-10-12 18:52:08 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-12 18:52:08 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-12 18:51:27 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-02 06:39:54 -------- d-----w- c:\program files\Lux 3rd installment

==================== Find3M ====================

2010-09-18 19:23:20 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:18 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:18 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:18 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-01 11:50:45 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:54:49 1852416 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:02 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:14 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43:58 8192 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:11:44 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:44:09 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 23:16:38.64 ===============

Thanks again. Please let me know to get Malwarebytes to work without crashing and if I still have any virus or malware.

This may be to much information. Before the auto redirect problem Comodo Antivirus detected service pack 3 as a virus and I unwittingly had it erased. I was not able to go to Windowsupdate until I got rid of rootkit.win.32.tdss.tdl4. Windowsupdate shows that I still have service pack 3, but it is less apparent than before. Avira seems to think I do not have an account that is somehow related to service pack 3.

ark.zip

Attach.zip

mbam_log_2010_10_18__15_29_37_.zip

Link to post
Share on other sites

:)

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Thank you!!

2010/10/21 12:11:51.0609 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/21 12:11:51.0609 ================================================================================

2010/10/21 12:11:51.0609 SystemInfo:

2010/10/21 12:11:51.0609

2010/10/21 12:11:51.0609 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/21 12:11:51.0609 Product type: Workstation

2010/10/21 12:11:51.0609 ComputerName: SF-PDNDS2YIGTCP

2010/10/21 12:11:51.0609 UserName: Me

2010/10/21 12:11:51.0609 Windows directory: C:\WINDOWS

2010/10/21 12:11:51.0609 System windows directory: C:\WINDOWS

2010/10/21 12:11:51.0609 Processor architecture: Intel x86

2010/10/21 12:11:51.0609 Number of processors: 1

2010/10/21 12:11:51.0609 Page size: 0x1000

2010/10/21 12:11:51.0609 Boot type: Normal boot

2010/10/21 12:11:51.0609 ================================================================================

2010/10/21 12:11:51.0765 Initialize success

2010/10/21 12:11:54.0984 ================================================================================

2010/10/21 12:11:54.0984 Scan started

2010/10/21 12:11:54.0984 Mode: Manual;

2010/10/21 12:11:54.0984 ================================================================================

2010/10/21 12:11:55.0984 ACPI (7a1cdb2db39841ad75bc7c7f0464efb2) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/21 12:11:56.0062 ACPIEC (8838eab3a389c0b096ee691130f5c6c3) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/21 12:11:56.0203 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/21 12:11:56.0296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/21 12:11:56.0343 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/21 12:11:57.0046 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/21 12:11:57.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/21 12:11:57.0281 ati2mtag (b9aa7785f472a658436676cdaafc94da) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/10/21 12:11:57.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/21 12:11:57.0406 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/21 12:11:57.0453 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2010/10/21 12:11:57.0578 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/10/21 12:11:57.0625 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/10/21 12:11:57.0687 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/10/21 12:11:57.0765 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/21 12:11:57.0937 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/21 12:11:58.0031 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/21 12:11:58.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/21 12:11:58.0234 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/21 12:11:58.0312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/21 12:11:58.0609 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/21 12:11:58.0718 dmboot (d2588be561221dc503eff3b4c49066af) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/21 12:11:58.0812 dmio (88991ec18e8d1e42c59a84d92e342d45) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/21 12:11:58.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/21 12:11:58.0937 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/21 12:11:59.0078 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/21 12:11:59.0156 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/10/21 12:11:59.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/21 12:11:59.0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/21 12:11:59.0406 Fips (225cb09b8c3a59fd177423fbe8d44b02) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/21 12:11:59.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/21 12:11:59.0500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/21 12:11:59.0578 FsVga (9dd699bca7c08ca6c42d70b3ccbbb3f7) C:\WINDOWS\system32\DRIVERS\fsvga.sys

2010/10/21 12:11:59.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/21 12:11:59.0687 Ftdisk (7b32415cf596fe0306c90b05fe29f325) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/21 12:11:59.0734 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2010/10/21 12:11:59.0796 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/21 12:11:59.0859 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/21 12:11:59.0937 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/21 12:12:00.0062 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/10/21 12:12:00.0109 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/10/21 12:12:00.0156 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/10/21 12:12:00.0250 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/21 12:12:00.0406 i8042prt (e2960fb6d8e099be41a33374f3528aeb) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/21 12:12:00.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/21 12:12:00.0609 intelppm (2d7d0f3eca9ef18200a7b42e9902b2f8) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/21 12:12:00.0671 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/21 12:12:00.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/21 12:12:00.0796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/21 12:12:00.0875 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/21 12:12:00.0921 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/21 12:12:00.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/21 12:12:01.0015 isapnp (232774f529ef6e0b5d94a423de736812) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/21 12:12:01.0062 Kbdclass (bcfffeba2503a221741bfc49b8253fdc) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/21 12:12:01.0093 kbdhid (9323119ec30e747afc7d851d9010cf11) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/21 12:12:01.0171 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys

2010/10/21 12:12:01.0234 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/21 12:12:01.0312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/21 12:12:01.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/21 12:12:01.0671 Modem (60445bf3606095104f66e85723ff2dc8) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/21 12:12:01.0734 Mouclass (264c4cd6aa9237ce23b79200d5044909) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/21 12:12:01.0812 mouhid (52a831d0de5d6cc4655642ed13cccd43) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/21 12:12:01.0859 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/21 12:12:01.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/21 12:12:02.0000 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/21 12:12:02.0078 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/21 12:12:02.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/21 12:12:02.0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/21 12:12:02.0218 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/21 12:12:02.0265 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/21 12:12:02.0343 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/21 12:12:02.0406 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/21 12:12:02.0453 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/21 12:12:02.0531 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/21 12:12:02.0593 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/21 12:12:02.0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/21 12:12:02.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/21 12:12:02.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/21 12:12:02.0781 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/21 12:12:02.0859 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/21 12:12:02.0921 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/21 12:12:03.0031 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/21 12:12:03.0093 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/21 12:12:03.0156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/21 12:12:03.0343 nv (34c114da0a5e03219444e46f122ff5a3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/21 12:12:03.0453 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/21 12:12:03.0500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/21 12:12:03.0609 P16X (13026e137486d916a0677d276144ea7f) C:\WINDOWS\system32\drivers\P16X.sys

2010/10/21 12:12:03.0703 Parport (bff867941573da75b046f0dfab96ca59) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/21 12:12:03.0781 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/21 12:12:03.0859 ParVdm (acd12767f76bb6e7109fe17b00823543) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/21 12:12:03.0906 PCI (dc51fa93029662b7b42d41a8d0750c0e) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/21 12:12:04.0000 PCIIde (72d152abf38eb26671488f9ba23c78a8) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/21 12:12:04.0109 Pcmcia (2bd31d5e6c7100d795eec72ac4feac14) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/21 12:12:04.0437 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys

2010/10/21 12:12:04.0562 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/21 12:12:04.0625 Processor (4c36dd4f21693c89140777314fa6ae76) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/21 12:12:04.0703 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/21 12:12:04.0765 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/21 12:12:04.0812 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/21 12:12:05.0031 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/21 12:12:05.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/21 12:12:05.0156 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/21 12:12:05.0203 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/21 12:12:05.0250 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/21 12:12:05.0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/21 12:12:05.0359 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/21 12:12:05.0437 redbook (c5927f08f38a8da6ce16b2d1017d8782) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/21 12:12:05.0562 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/21 12:12:05.0640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/21 12:12:05.0703 Serial (32be213745551fb893713308a28e832e) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/21 12:12:05.0781 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/21 12:12:05.0875 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/21 12:12:05.0968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/21 12:12:06.0015 sr (293f6452dbbd46d37bd0e1274dbe227e) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/21 12:12:06.0109 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/21 12:12:06.0203 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/10/21 12:12:06.0281 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/21 12:12:06.0343 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/21 12:12:06.0390 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/21 12:12:06.0578 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/21 12:12:06.0671 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/21 12:12:06.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/21 12:12:06.0796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/21 12:12:06.0875 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/21 12:12:07.0015 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/21 12:12:07.0125 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/21 12:12:07.0218 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/21 12:12:07.0265 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/21 12:12:07.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/21 12:12:07.0375 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/21 12:12:07.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/21 12:12:07.0515 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/21 12:12:07.0562 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/21 12:12:07.0609 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/10/21 12:12:07.0703 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/21 12:12:07.0796 VolSnap (72a85441a8285ef8af2794c42d87935f) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/21 12:12:07.0921 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/21 12:12:07.0984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/21 12:12:08.0203 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/21 12:12:08.0437 ================================================================================

2010/10/21 12:12:08.0437 Scan finished

2010/10/21 12:12:08.0437 ================================================================================

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thank you!

My computer seems to be behaving fine at the moment. Although I had some weird problems earlier. Before I received your first reply. I had to start my computers about three times before the monitors worked. I have two monitors connected to the computer. Then I decided to reboot my computer before I ran combofix and I received an error during the reboot. http://wer.microsoft.com/responses/Respons...02-ed47d53d6a7d .

Below is the combofix log

ComboFix 10-10-20.04 - Me 1/2010 Thu 12:50:05.4.1 - x86

Running from: C:\Documents and Settings\Me\??????\ComboFix.exe

.

My OS is Japanese and before \Combofix.exe is says desktop. The log is really short. That is all that was there.

Thanks again! :)

Link to post
Share on other sites

Delete the Combofix you have now and download the latest version.

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thank you!

The combofix log is below

ComboFix 10-10-20.04 - Me 1/2010 Thu 13:39:44.5.1 - x86

Running from: C:\Documents and Settings\Me\??????\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

I have uninstalled avg and comodo antivirus so I don't know why it is in the log. When I start combofix it warns me of comodo antivirus, but like I said before I have uninstalled it already.

The computer is behaving the same.

Thank you. :)

Link to post
Share on other sites

Crashed again. Also with error for drwtsn32.exe. The Malwarebytes screeb became blank and it seemed the scan was less than five mins

OK, I downloaded it to my desktop and let it install it to where it wanted to in the c drive in the program files folder. It is still scanning.

Link to post
Share on other sites

Lets see how it does :D

It crashed again. I wasn't able to see exactly what it was currently scanning because the error window was covering it, but it showed c:\WINDOWS\system32... and I could not see the rest. It may be the same place it crashed before, C:\WINDOWS\system32\divx_xx07.dll. Should I uninstall divx? I don't use it much.

Link to post
Share on other sites

It crashed again. I wasn't able to see exactly what it was currently scanning because the error window was covering it, but it showed c:\WINDOWS\system32... and I could not see the rest. It may be the same place it crashed before, C:\WINDOWS\system32\divx_xx07.dll. Should I uninstall divx? I don't use it much.

I scanned the folder C:\WINDOWS\system32 with malwarebytes and it kept crashing on C:\WINDOWS\system32\dispex.dll

Link to post
Share on other sites

I just noticed this one in your DDS scan

Hosts: 127.0.0.1 www.spywareinfo.com

Copy and paste these lines in Notepad.

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

Save as flush.bat to your desktop. Double click to run.

Reboot and let me know if it worked

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.