Leave it for a further 10 minutes then close via task manager. Reboot and then run again
It will take a bit longer as it will need to replace files via the recovery console
just tried to load up the task manager to see if combofix was doing anything and the systray icon appears but not the task manager window. Is it safe to just hit close on combofix?
Now I just got a BSOD :s
KERNEL_DATA_INPAGE_ERROR
STOPL 0x0000007A (0xE1688E4C, 0xC000026E, 0xBF965788, 0x1E68D860)
win32k.sys
Could you reboot and run a new OTS for me please, plus let me know what your problems are now
Managed to run combofix without errors about the BSOD. I then ran a OTS scan without any other options. Here are the logs:
There is a possible MBR infection present - so lets clear that
-
Please open Notepad
[*] Click Start , then Run[*]Type notepad .exe in the Run Box. -
Now copy/paste the entire content of the codebox below into the Notepad window:
MBR::
-
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
-
Save the above as CFScript.txt
-
Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
- After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
[*]Combofix.txt .
Here we go 
How is it running now ?
The computer? I don’t see any dodgy processes running and when I connect to the network the cpu usage doesn’t jump up to 50+% so I guess things are back to normal?
Just to add, is it safe to delete the combofix and ots folders created:
C:_OTS and C:\Qoobox ?
Easier way - run OTS and hit the cleanup button - all gone ;D
XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
[*]Select Start > All Programs > Accessories > System tools > System Restore.
[*]On the dialogue box that appears select Create a Restore Point
[*]Click NEXT
[*]Enter a name e.g. Clean
[*]Click CREATE
You now have a clean restore point, to get rid of the bad ones:
[*]Select Start > All Programs > Accessories > System tools > Disk Cleanup.
[*]In the Drop down box that appears select your main drive e.g. C
[*]Click OK
[*]The System will do some calculation and the display a dialogue box with TABS
[*]Select the More Options Tab.
[*]At the bottom will be a system restore box with a CLEANUP button click this
[*]Accept the Warning and select OK again, the program will close and you are done
Ok so just created a new restore point and then ran the OTS clean up and upon reboot explorer crashed and now an instance of svchosts is taking up 50% cpu. erk!
[list][list][list]OK lets run a harder tool
Download avz4.zip from here
[*]Unzip it to your desktop to a folder named avz4
[*]Double click on AVZ.exe to run it.
[*]Run an update by clicking the Auto Update button on the Right of the Log window:
http://i768.photobucket.com/albums/xx326/perplexus13/malware/avz-update-button.png
[*]Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again
[*] Start AVZ.
[*] Choose from the menu “File” => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.
http://perplexus.geekstogo.com/avz-standardscripts-asa-removal.png
[*] Click on the “Execute selected scripts”.
[*] Automatic scanning, healing and system check will be executed.
[*] A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
[] It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
[] All applications will work properly after the system restart.
When restarted
[*] Start AVZ.
[*] Choose from the menu “File” => "Standard scripts " and mark the “Advanced System Analysis " check box.
http://i768.photobucket.com/albums/xx326/perplexus13/malware/avz-standardscripts.png
[*] Click on the “Execute selected scripts”.
[*] A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post or upload to mediafire
I have finally returned after a brief excursion and I’m determined to fix this. I’ve run process explorer and noticed that the svchosts.exe that is taking up 50% at startup is running a windows update process and after a few minutes it stops running and the CPU usage drops back to 0. What I am rather concerned about is the disappearence of some of my hard drive space on C:. After running all these scans trying to remove the rootkit, the space had dropped by several hundred mb and continues to drop slightly more each day. Even after removing temp files I can’t seem to restore it back to what is previously was. Could I still be infected?
OK run OTS and hit the cleanup button - that will remove the tools
Then
Download TFC to your desktop
[*]Open the file and close any other windows.
[*]It will close all programs itself when run, make sure to let it run uninterrupted.
[*]Click the Start button to begin the process. The program should not take long to finish its job
[*]Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
THEN
Download and run Auslogics Disc Defragmenter
If you still have a space problem we will investigate that