Try your luck with this one:


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:

* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:


This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

Ok is this for my primary, secondary, or both? Why would malwarabytes terminate without an error? Is that a bad sign?

Ok my primary computer blue screened twice while running the complete scan. The first was related to ntfs.sys & the other was PFN_List_corrupt. In both cases it was scanning the system partition. Each time upon boot up check disk started scanning my drives, reboot, & then scan something else. During the second scan the last time I had looked at the window it had found several registry entries related to spybot s & d. I'm not trying that scan again.

What I'm find on this error is that it is related to drivers accessing memory incorrectly. Is that correct? I've never seen this error before. I haven't recently updated my drivers & why would one act up while I'm scanning my hard drive? Could avira have caused it? I was running Vista.

Edit: based upon this I turned on driver verifier & I did get a blue screen while it was running. There where no drivers listed but the error code is this:

stop: 0x000000c4 (0x000000e1, 0x91aa2fd4, 0x00000000, 0x00000000)

The only thing I've found (based on a google of stop: 0x000000c4) is that it has to do with a bug in a driver. Everything I've seen indicates that the driver should have been listed but it wasn't. I saved the dmp file.

DrWebCureit from secondary computer:
RegUBP2b-Ben.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0060007.reg;C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP196;Trojan.StartPage.1505;Deleted. ;
241kC1xp.dll;C:\WINDOWS\system32;Trojan.DownLoader .based;Deleted.;
hmceqtkt1.exe;C:\WINDOWS\system32\hmceqtkt;Trojan. Fakealert.244;Deleted.;

Let's look deep.



Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix




If you have previously downloaded ComboFix,please delete that version now.



It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

Combofix.txt:

What about the other computer? I need to know what to do. drweb-cureit won't do a complete scan without crashing it. Looking through the dump file yesterday I found out what driver caused it to crash; I can't really use the device in Vista so I uninstalled it. Even after that it still crashed.

This one seems to be ok, combofix did nt find much, try combofix on the other computer.

This one seems to be ok, combofix did nt find much, try combofix on the other computer.

Does this mean that my secondary is clean.

Ok log from combofix run on my primary computer:


In different places during the scan I saw admin permissions errors yet I ran it from my admin account to which UAC doesn't apply. I had all my protection tools off. I know it says that windows defender was on but I have it entirely disabled because I don't use it.