Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run Root Repeal


  • This topic is locked This topic is locked
2 replies to this topic

#1 syplan

syplan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 03 October 2009 - 08:55 AM

Root repeal runs for about 2 minutes and then locks up and no message appears in the window, only blank white screen. I am having the same problem when running a scan from my regular AVG virus software and also from malwarebytes anti malware. Each program scans part of the system and then locks up. If I follow the messages as the scans are taking place, they both seem to get to some file in \windows\system32\drivers and then lock up. It is not possible to cancel the program, only a reboot of the system will kill it. I am also experiencing some hijack problems with google search. I was able to run spybot search and destroy and that did seem to fix the google hijack for a time but it seems to be back now. I am including the DDS.txt and attach.txt as requested. thanks in advance for your help.


DDS (Ver_09-09-29.01) - NTFSx86
Run by MAK at 9:29:54.10 on Sat 10/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1164 [GMT -4:00]

AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Calendarscope\cs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cingular\Communication Manager\CingularCCM.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\HijackThis\DDs\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [calendarscope] "c:\program files\calendarscope\cs.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [rthdcpl] RTHDCPL.EXE
mRun: [restoreit!] "c:\program files\farstone\restoreit_xp\VBPTASK.EXE" VBStart
mRun: [mxobg] c:\windows\MXOALDR.EXE
mRun: [ktpware] c:\program files\elantech\ktp.exe
mRun: [intellipoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [cingular communication manager] c:\program files\cingular\communication manager\CingularCCM.exe -a
mRun: [cass] c:\program files\compal electronics, inc\wireless select switch\Wireless Select Switch.exe
mRun: [azmixersel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [alcmtr] ALCMTR.EXE
mRun: [agrsmmsg] AGRSMMSG.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4871a87a-bfdd-4106-8153-ffde2bac2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: bersk.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 avgrkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-2 12552]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2007-7-24 180074]
R1 avgldx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-2 335240]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2007-7-26 27784]
R1 avgtdix;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-2 108552]
R1 CPEb;CPEB;c:\windows\system32\drivers\CPEb.sys [2006-2-23 8192]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-2 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-6-2 1370488]
R3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-6-2 29208]
S1 6290f219;6290f219;c:\windows\system32\drivers\6290f219.sys [2009-4-5 0]
S1 SDManager;SDManager;\??\c:\program files\spywaredetector\sdmanager.sys --> c:\program files\spywaredetector\SDManager.sys [?]
S2 avast!antivirus;avast!antivirus;c:\windows\system32\avast!antivirus.exe -k netsvcs --> c:\windows\system32\avast!Antivirus.exe -k netsvcs [?]
S2 xwoarh;xwoarh;c:\windows\system32\drivers\xwoarh.sys [2009-8-28 175616]
S3 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-6-2 29208]
S3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2007-2-27 27904]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-28 38224]
S3 SDActMon;SDActMon;\??\c:\program files\spywaredetector\sdactmon.sys --> c:\program files\spywaredetector\SDActMon.sys [?]

=============== Created Last 30 ================

2009-10-03 09:00 <DIR> --d----- c:\program files\Trend Micro
2009-10-01 17:03 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-01 17:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-30 15:57 993 a------- C:\NEXTEL.DBF
2009-09-30 15:55 <DIR> --d----- C:\Nextel
2009-09-29 13:51 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-29 13:51 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-29 13:49 <DIR> --d----- c:\program files\iPod
2009-09-29 13:49 <DIR> --d----- c:\program files\iTunes
2009-09-29 13:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-29 13:49 <DIR> --d----- c:\program files\Bonjour
2009-09-28 12:08 <DIR> --d----- c:\docume~1\mak\applic~1\Malwarebytes
2009-09-28 12:08 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 12:08 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-28 12:08 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 12:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-28 10:08 5,632 a------- c:\windows\system32\ptpusb.dll
2009-09-28 10:08 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-09-28 10:08 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-09-28 10:08 159,232 a------- c:\windows\system32\ptpusd.dll
2009-09-26 15:30 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-26 14:31 237,552 a------- c:\windows\system32\tpuninst.exe
2009-09-26 14:31 <DIR> --d----- c:\program files\Windows Update Remover
2009-09-26 12:19 <DIR> --d----- c:\docume~1\mak\applic~1\McAfee
2009-09-26 12:18 <DIR> --d----- c:\program files\McAfee
2009-09-20 09:10 <DIR> --d----- C:\Pictures
2009-09-20 09:10 <DIR> --d----- C:\Lightroom Data
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-09-01 09:34 0 a------- c:\windows\system32\drivers\6290f219.sys
2009-08-28 05:14 175,616 a--s---- c:\windows\system32\drivers\xwoarh.sys
2009-08-11 15:35 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-11 15:35 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2007-08-03 06:45 23 a------- c:\documents and settings\mak\dos.bat
2002-05-15 06:13 167 a------- c:\documents and settings\mak\TRKUPD.BAT

============= FINISH: 9:30:27.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:56 PM

Posted 21 October 2009 - 02:21 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:56 PM

Posted 28 October 2009 - 08:54 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users