1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive popup problem

Discussion in 'Malware and Virus Removal Archive' started by Spanner, 2012/03/15.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. 2012/04/02
    Spanner

    Spanner Inactive Thread Starter

    Joined:
    2006/08/27
    Messages:
    451
    Likes Received:
    1
    This should be the GMER Log
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-02 11:52:38
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6Y080L0 rev.YAR41BW0
    Running: 051796cr[1].exe; Driver: C:\DOCUME~1\PATCOX~1\LOCALS~1\Temp\kgtdypod.sys
    Doing next test now. Spanner

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2592] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4056] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[2592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[4056] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@AUOptions 4
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2012-04-03 00:29:51
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@ScheduledInstallDate 2012-04-03 07:00:00
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@BalloonTime 2012-01-05 16:14:51
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@BalloonType 7
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2012-04-02 10:29:59
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@DownloadExpirationTime 2012-04-04 08:05:32
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download@LastError 0

    ---- EOF - GMER 1.0.15 ----
     
    Spanner,
    #21
  2. 2012/04/02
    Spanner

    Spanner Inactive Thread Starter

    Joined:
    2006/08/27
    Messages:
    451
    Likes Received:
    1
    Having trouble downloading aswMBR. Keep getting 'Internet Explorer cannot display this page' done diagnostic check, all ok, tried 'Refresh' no luck.
    I often get this message from Internet Explorer.
    Cannot conplete the malware scans without Internet Explorer.
    Should I start a new topic in Malware and Virus Removal? as this one is getting long.

    Spanner
     
    Last edited: 2012/04/02
    Spanner,
    #22


  3. to hide this advert.

  4. 2012/04/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No. Continue right here.
    Try different browser to download aswMBR.
     
    broni,
    #23
  5. 2012/04/03
    Spanner

    Spanner Inactive Thread Starter

    Joined:
    2006/08/27
    Messages:
    451
    Likes Received:
    1
    Doing something wrong, changed Browser, have aswMBR log in 'documents', did ' Copy' log, try to 'paste' to Quick Reply. get no highlight on 'paste' when I go to edit.
    Worked ok before.
    Tried again with the original Browser, same results. going wrong somewhere and not seeing the wood for the trees.
    Spanner.
     
    Spanner,
    #24
  6. 2012/04/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Instead of "Paste" hold CTRL key and press "V ".
     
    broni,
    #25
  7. 2012/04/03
    Spanner

    Spanner Inactive Thread Starter

    Joined:
    2006/08/27
    Messages:
    451
    Likes Received:
    1
    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-03 13:43:40
    -----------------------------
    13:43:40.875 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:40.875 Number of processors: 1 586 0x209
    13:43:40.875 ComputerName: SSTYLE UserName:
    13:43:41.421 Initialize success
    13:44:59.921 AVAST engine defs: 12040301
    13:45:07.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:45:07.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 75906MB BusType: 3
    13:45:07.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:45:07.437 Disk 1 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
    13:45:09.468 Disk 0 MBR read successfully
    13:45:09.468 Disk 0 MBR scan
    13:45:09.531 Disk 0 Windows XP default MBR code
    13:45:09.562 Disk 0 scanning sectors +155457215
    13:45:09.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:45:26.468 Service scanning
    13:45:28.187 Modules scanning
    13:45:53.812 Disk 0 trace - called modules:
    13:45:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    13:45:54.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b8eab8]
    13:45:54.359 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82b96f18]
    13:45:54.375 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b47d98]
    13:45:55.203 AVAST engine scan C:\WINDOWS
    13:46:17.328 AVAST engine scan C:\WINDOWS\system32
    13:49:04.750 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:22.718 AVAST engine scan C:\Documents and Settings\Pat cox
    13:52:54.890 AVAST engine scan C:\Documents and Settings\All Users
    13:53:06.203 Scan finished successfully
    13:53:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\MBR.dat "
    13:53:25.328 The log file has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\aswMBR.txt "


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-03 13:43:40
    -----------------------------
    13:43:40.875 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:40.875 Number of processors: 1 586 0x209
    13:43:40.875 ComputerName: SSTYLE UserName:
    13:43:41.421 Initialize success
    13:44:59.921 AVAST engine defs: 12040301
    13:45:07.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:45:07.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 75906MB BusType: 3
    13:45:07.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:45:07.437 Disk 1 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
    13:45:09.468 Disk 0 MBR read successfully
    13:45:09.468 Disk 0 MBR scan
    13:45:09.531 Disk 0 Windows XP default MBR code
    13:45:09.562 Disk 0 scanning sectors +155457215
    13:45:09.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:45:26.468 Service scanning
    13:45:28.187 Modules scanning
    13:45:53.812 Disk 0 trace - called modules:
    13:45:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    13:45:54.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b8eab8]
    13:45:54.359 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82b96f18]
    13:45:54.375 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b47d98]
    13:45:55.203 AVAST engine scan C:\WINDOWS
    13:46:17.328 AVAST engine scan C:\WINDOWS\system32
    13:49:04.750 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:22.718 AVAST engine scan C:\Documents and Settings\Pat cox
    13:52:54.890 AVAST engine scan C:\Documents and Settings\All Users
    13:53:06.203 Scan finished successfully
    13:53:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\MBR.dat "
    13:53:25.328 The log file has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\aswMBR.txt "


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-03 13:43:40
    -----------------------------
    13:43:40.875 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:40.875 Number of processors: 1 586 0x209
    13:43:40.875 ComputerName: SSTYLE UserName:
    13:43:41.421 Initialize success
    13:44:59.921 AVAST engine defs: 12040301
    13:45:07.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:45:07.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 75906MB BusType: 3
    13:45:07.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:45:07.437 Disk 1 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
    13:45:09.468 Disk 0 MBR read successfully
    13:45:09.468 Disk 0 MBR scan
    13:45:09.531 Disk 0 Windows XP default MBR code
    13:45:09.562 Disk 0 scanning sectors +155457215
    13:45:09.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:45:26.468 Service scanning
    13:45:28.187 Modules scanning
    13:45:53.812 Disk 0 trace - called modules:
    13:45:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    13:45:54.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b8eab8]
    13:45:54.359 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82b96f18]
    13:45:54.375 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b47d98]
    13:45:55.203 AVAST engine scan C:\WINDOWS
    13:46:17.328 AVAST engine scan C:\WINDOWS\system32
    13:49:04.750 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:22.718 AVAST engine scan C:\Documents and Settings\Pat cox
    13:52:54.890 AVAST engine scan C:\Documents and Settings\All Users
    13:53:06.203 Scan finished successfully
    13:53:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\MBR.dat "
    13:53:25.328 The log file has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\aswMBR.txt "


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-03 13:43:40
    -----------------------------
    13:43:40.875 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:40.875 Number of processors: 1 586 0x209
    13:43:40.875 ComputerName: SSTYLE UserName:
    13:43:41.421 Initialize success
    13:44:59.921 AVAST engine defs: 12040301
    13:45:07.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:45:07.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 75906MB BusType: 3
    13:45:07.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:45:07.437 Disk 1 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
    13:45:09.468 Disk 0 MBR read successfully
    13:45:09.468 Disk 0 MBR scan
    13:45:09.531 Disk 0 Windows XP default MBR code
    13:45:09.562 Disk 0 scanning sectors +155457215
    13:45:09.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:45:26.468 Service scanning
    13:45:28.187 Modules scanning
    13:45:53.812 Disk 0 trace - called modules:
    13:45:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    13:45:54.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b8eab8]
    13:45:54.359 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82b96f18]
    13:45:54.375 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b47d98]
    13:45:55.203 AVAST engine scan C:\WINDOWS
    13:46:17.328 AVAST engine scan C:\WINDOWS\system32
    13:49:04.750 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:22.718 AVAST engine scan C:\Documents and Settings\Pat cox
    13:52:54.890 AVAST engine scan C:\Documents and Settings\All Users
    13:53:06.203 Scan finished successfully
    13:53:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\MBR.dat "
    13:53:25.328 The log file has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\aswMBR.txt "


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-03 13:43:40
    -----------------------------
    13:43:40.875 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:40.875 Number of processors: 1 586 0x209
    13:43:40.875 ComputerName: SSTYLE UserName:
    13:43:41.421 Initialize success
    13:44:59.921 AVAST engine defs: 12040301
    13:45:07.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:45:07.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 75906MB BusType: 3
    13:45:07.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:45:07.437 Disk 1 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
    13:45:09.468 Disk 0 MBR read successfully
    13:45:09.468 Disk 0 MBR scan
    13:45:09.531 Disk 0 Windows XP default MBR code
    13:45:09.562 Disk 0 scanning sectors +155457215
    13:45:09.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:45:26.468 Service scanning
    13:45:28.187 Modules scanning
    13:45:53.812 Disk 0 trace - called modules:
    13:45:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    13:45:54.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b8eab8]
    13:45:54.359 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82b96f18]
    13:45:54.375 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b47d98]
    13:45:55.203 AVAST engine scan C:\WINDOWS
    13:46:17.328 AVAST engine scan C:\WINDOWS\system32
    13:49:04.750 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:22.718 AVAST engine scan C:\Documents and Settings\Pat cox
    13:52:54.890 AVAST engine scan C:\Documents and Settings\All Users
    13:53:06.203 Scan finished successfully
    13:53:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\MBR.dat "
    13:53:25.328 The log file has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\aswMBR.txt "


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-03 13:43:40
    -----------------------------
    13:43:40.875 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:40.875 Number of processors: 1 586 0x209
    13:43:40.875 ComputerName: SSTYLE UserName:
    13:43:41.421 Initialize success
    13:44:59.921 AVAST engine defs: 12040301
    13:45:07.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:45:07.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 75906MB BusType: 3
    13:45:07.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:45:07.437 Disk 1 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
    13:45:09.468 Disk 0 MBR read successfully
    13:45:09.468 Disk 0 MBR scan
    13:45:09.531 Disk 0 Windows XP default MBR code
    13:45:09.562 Disk 0 scanning sectors +155457215
    13:45:09.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:45:26.468 Service scanning
    13:45:28.187 Modules scanning
    13:45:53.812 Disk 0 trace - called modules:
    13:45:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    13:45:54.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b8eab8]
    13:45:54.359 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82b96f18]
    13:45:54.375 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b47d98]
    13:45:55.203 AVAST engine scan C:\WINDOWS
    13:46:17.328 AVAST engine scan C:\WINDOWS\system32
    13:49:04.750 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:22.718 AVAST engine scan C:\Documents and Settings\Pat cox
    13:52:54.890 AVAST engine scan C:\Documents and Settings\All Users
    13:53:06.203 Scan finished successfully
    13:53:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\MBR.dat "
    13:53:25.328 The log file has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\aswMBR.txt "


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-03 13:43:40
    -----------------------------
    13:43:40.875 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:40.875 Number of processors: 1 586 0x209
    13:43:40.875 ComputerName: SSTYLE UserName:
    13:43:41.421 Initialize success
    13:44:59.921 AVAST engine defs: 12040301
    13:45:07.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:45:07.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 75906MB BusType: 3
    13:45:07.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:45:07.437 Disk 1 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
    13:45:09.468 Disk 0 MBR read successfully
    13:45:09.468 Disk 0 MBR scan
    13:45:09.531 Disk 0 Windows XP default MBR code
    13:45:09.562 Disk 0 scanning sectors +155457215
    13:45:09.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:45:26.468 Service scanning
    13:45:28.187 Modules scanning
    13:45:53.812 Disk 0 trace - called modules:
    13:45:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    13:45:54.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b8eab8]
    13:45:54.359 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82b96f18]
    13:45:54.375 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b47d98]
    13:45:55.203 AVAST engine scan C:\WINDOWS
    13:46:17.328 AVAST engine scan C:\WINDOWS\system32
    13:49:04.750 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:22.718 AVAST engine scan C:\Documents and Settings\Pat cox
    13:52:54.890 AVAST engine scan C:\Documents and Settings\All Users
    13:53:06.203 Scan finished successfully
    13:53:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\MBR.dat "
    13:53:25.328 The log file has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\aswMBR.txt "


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-03 13:43:40
    -----------------------------
    13:43:40.875 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:40.875 Number of processors: 1 586 0x209
    13:43:40.875 ComputerName: SSTYLE UserName:
    13:43:41.421 Initialize success
    13:44:59.921 AVAST engine defs: 12040301
    13:45:07.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:45:07.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 75906MB BusType: 3
    13:45:07.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:45:07.437 Disk 1 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
    13:45:09.468 Disk 0 MBR read successfully
    13:45:09.468 Disk 0 MBR scan
    13:45:09.531 Disk 0 Windows XP default MBR code
    13:45:09.562 Disk 0 scanning sectors +155457215
    13:45:09.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:45:26.468 Service scanning
    13:45:28.187 Modules scanning
    13:45:53.812 Disk 0 trace - called modules:
    13:45:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    13:45:54.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b8eab8]
    13:45:54.359 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82b96f18]
    13:45:54.375 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b47d98]
    13:45:55.203 AVAST engine scan C:\WINDOWS
    13:46:17.328 AVAST engine scan C:\WINDOWS\system32
    13:49:04.750 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:22.718 AVAST engine scan C:\Documents and Settings\Pat cox
    13:52:54.890 AVAST engine scan C:\Documents and Settings\All Users
    13:53:06.203 Scan finished successfully
    13:53:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\MBR.dat "
    13:53:25.328 The log file has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\aswMBR.txt "


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-03 13:43:40
    -----------------------------
    13:43:40.875 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:40.875 Number of processors: 1 586 0x209
    13:43:40.875 ComputerName: SSTYLE UserName:
    13:43:41.421 Initialize success
    13:44:59.921 AVAST engine defs: 12040301
    13:45:07.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:45:07.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 75906MB BusType: 3
    13:45:07.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:45:07.437 Disk 1 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
    13:45:09.468 Disk 0 MBR read successfully
    13:45:09.468 Disk 0 MBR scan
    13:45:09.531 Disk 0 Windows XP default MBR code
    13:45:09.562 Disk 0 scanning sectors +155457215
    13:45:09.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:45:26.468 Service scanning
    13:45:28.187 Modules scanning
    13:45:53.812 Disk 0 trace - called modules:
    13:45:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    13:45:54.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b8eab8]
    13:45:54.359 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82b96f18]
    13:45:54.375 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b47d98]
    13:45:55.203 AVAST engine scan C:\WINDOWS
    13:46:17.328 AVAST engine scan C:\WINDOWS\system32
    13:49:04.750 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:22.718 AVAST engine scan C:\Documents and Settings\Pat cox
    13:52:54.890 AVAST engine scan C:\Documents and Settings\All Users
    13:53:06.203 Scan finished successfully
    13:53:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\MBR.dat "
    13:53:25.328 The log file has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\aswMBR.txt "


    aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-03 13:43:40
    -----------------------------
    13:43:40.875 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:40.875 Number of processors: 1 586 0x209
    13:43:40.875 ComputerName: SSTYLE UserName:
    13:43:41.421 Initialize success
    13:44:59.921 AVAST engine defs: 12040301
    13:45:07.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    13:45:07.437 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 75906MB BusType: 3
    13:45:07.437 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    13:45:07.437 Disk 1 Vendor: WDC_WD2500BB-22RDA0 20.00K20 Size: 238475MB BusType: 3
    13:45:09.468 Disk 0 MBR read successfully
    13:45:09.468 Disk 0 MBR scan
    13:45:09.531 Disk 0 Windows XP default MBR code
    13:45:09.562 Disk 0 scanning sectors +155457215
    13:45:09.750 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:45:26.468 Service scanning
    13:45:28.187 Modules scanning
    13:45:53.812 Disk 0 trace - called modules:
    13:45:53.843 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    13:45:54.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b8eab8]
    13:45:54.359 3 CLASSPNP.SYS[f85b5fd7] -> nt!IofCallDriver -> \Device\0000005c[0x82b96f18]
    13:45:54.375 5 ACPI.sys[f852c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b47d98]
    13:45:55.203 AVAST engine scan C:\WINDOWS
    13:46:17.328 AVAST engine scan C:\WINDOWS\system32
    13:49:04.750 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:22.718 AVAST engine scan C:\Documents and Settings\Pat cox
    13:52:54.890 AVAST engine scan C:\Documents and Settings\All Users
    13:53:06.203 Scan finished successfully
    13:53:25.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\MBR.dat "
    13:53:25.328 The log file has been saved successfully to "C:\Documents and Settings\Pat cox\My Documents\aswMBR.txt "


    v Bingo, thanks, send the rest later. a thankful Spanner.
     
    Spanner,
    #26
  8. 2012/04/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on....
     
    broni,
    #27
  9. 2012/04/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still with me?
     
    broni,
    #28
  10. 2012/04/08
    Spanner

    Spanner Inactive Thread Starter

    Joined:
    2006/08/27
    Messages:
    451
    Likes Received:
    1
    Yes Broni, still working on problem whilst trying to get Newsletter out within a week, Easter is not helping, I will send the final scans within the next 48 hours.
    Do you want them posted to this topic or as step 5 suggests start a new topic in Malware and Virus Removal.
    Step 5 shows MBAM Log, GMER.MBRCheck and DDS (2 logs).
    I was wrong when I said the head and sholder images (pop-ups ?)had gone away, they are back. but I found them to be on other computers at our Centre when I clicked into my ISP for mail. Another Administrator at our Centre has the same but she is not with my ISP.
    So do I asume it is not specific to my set-up, and is not a virus ? I have not contacted my ISP, I am waiting till you have seen all the tests.
    Thanks as always, Spanner
     
    Spanner,
    #29
  11. 2012/04/08
    Spanner

    Spanner Inactive Thread Starter

    Joined:
    2006/08/27
    Messages:
    451
    Likes Received:
    1
    DDS Scan stops. left it for 15 minutes, no sign of HD activity.
    Could not find any script blocking, could I be looking in wrong place ? ( Internet Options, Advanced, )
    Spanner
     
    Spanner,
    #30
  12. 2012/04/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #31
Page 2 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...