This next tool won't show me rootkits, but it may give me a hint or a clue somewhere. Again, shut down any programs, close browsers, that disable all active protection programs before running the tool.
Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
No, I'm not concerned about the rootkit scanners having trouble, only because gmer did run in Safe Mode.
I took another look at your Attach.txt. I think this is the problem with your game
08/08/2010 16:42:03, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.
To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.
WOT, Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop
WOT has an addon available for both Firefox and IE.
BACKING UP YOUR REGISTRY ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.
NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If that still won't work, rename it to spoolsv.exe and give it a try.
If all that still fails, download and run the following tool to help allow other programs to run.
There are 3 different versions. If one of them won't run then download and try to run the other one. You only need to get one of them to run, not all of them.
(Vista and Win7 users need to right click and choose Run as Admin)
Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER.
In some really stubborn cases, it can take several tries with rkill. The trick with rkill and some rogues is to leave the error message open, and run rkill again. You'll know rkill has worked when explorer cycles off and then on again.
I imagine Task Manager is disabled as well. Try it anyway - press Ctrl Alt Del on your keyboard. If it doesn't load or you see that error message, try this:
Navigate to c:\Windows\System32\taskmgr.exe and copy it to the desktop. Rename it csrss.exe
Double click the csrss.exe and see if task manager opens for you.
If it does, look at the running processes. You're looking for:
A randomly named file, usually 8 characters long
av.exe
If you aren't sure of a file name, write them down and post back here what you see in the Running Processes.
If you see av.exe kill process on it and run the renamed rsit.exe.
Status
Not open for further replies.
You have insufficient privileges to reply here.
Related Threads
?
?
?
?
?
Tech Support Forum
4.7M posts
958K members
Since 2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!