steve jones

I'm sure you will :-). Did the TDSSKiller log reveal nothing useful?

Scratch that optimism...I'm attaching the TDSSKiller log, but when I got to the laptop it had frozen on the screen saver so ComboFix never finished/reported. I restarted and retried ComboFix in normal and safe modes - nothing. I have a suggestion - I am going to buy a caddy which will enable me to run the infected HDD as a USB device attached to my good PC. Then I should be able to run any diagnostic tool without a problem I hope. I this is acceptable to you it will take me a few days to organise it so I won't have any updates until then, but I would very much appreciate your support at that time. Let me know what you think? Steve TDSSKiller.2.4.7.0_11.11.2010_02.55.27_log.txt

Superb - thanks Terry!

My father - in - law's laptop came with Norton AV which has now expired. I want to remove that and put on AVG Free (but NOT the 2011 version). Try as I might I can't find a link to a download of the version before 2011 - I think it is AVG 9.5? Can anyone help please?

OK I deleted the item found by TDSSKiller and it asked for a reboot. It didn't restart the laptop and i didn't get the option to run a report, so I started again and this time it found the threat again (?), I asked for it to delete it again, but delayed the restart and instead found I could run a TDSS log, which I did. Then I did a restart. I thought I would try the renamed Combofix.exe, and this time it ran! As I didn't have Recovery Console installed, and I have no internet connection, I suppose Combofix can't do everything it normally would. Given this whole process has taken about 8 hours I have had to leave the laptop running while I come to work, but this evening I will post the TDSSKiller log and hopefully something from Combofix! Could this be a turning point in this saga....:-)

TDSSKiller ran OK and reports just 1 'Suspicious object' - Locked Service - name vbmaf096 - service type Kernel Driver (0x1) - Service Start: Demand (0x3) - File: c:\WINDOWS\system32\drivers\vbmaf096.sys. Options are skip / quarantine / delete and Continue. What next?

I ran Services from TaskMgr and got the report "Unable to open service control manager databas on . Error 1460:This operation returned because the timeout period expired". I will try TDSSKiller...

For both items I highlighted My Computer in reg editor but when I clicked Edit - Find the highlight was removed (but it still seemed to be searching everything?). Both times, after about 30 secs it reported back 'finished searching though registry' and had found nothing.

Not a problem!

I found the best way to learn Photoshop was to buy the magazines that came with a free tutorials disc. I found that the mag plus the disc was a great way of learning (well for me anyways). It will certainly introduce you to the tools that you will use most frequently. Good luck Steve

This is nothing to do with my laptop issues - it's a different PC that's running completely normally.

The joy of Dilbert is that he shows up the stupidity of office life. The second monitor is a metaphor for the better window view, the posher chair, the company car. OMG did I say metaphor?? Basically, it's just amusing (in a post-ironic sense).

When I'm not hassling LD Tate with my laptop troubles :-) I like to look through the latest jokes, and I find that often I can't see any kind of link to a jpg or joke? If the joke is just typed out in the post, that's fine, but if it is accessed via a link, I often don't see the link. From the comments of others, evidently they CAN see it! Have I got a setting wrong somewhere? Steve

I will try to get back to the laptop after work and do as advised. Thanks again.

OK, I downloaded Combofix and renamed it to iexplorer.exe. Ran it from mem stick and I saw the license agreement. OK'd that then left laptop for at least an hour but saw nothing? I did run OTL though - I definitely saved the 2 logs to my mem stick but when I look now they are not there!? Dammit. This is getting frustrating...should I try it again?

MBAM running off the memory stick reports MBAM_ERROR_ENUMERATE_LANGUAGES(3,0) The system cannot find the path specified. I had OTL on the stick so tried that and it ran. It's well past midnight here so if it's OK I'll leave it running overnight and get back to you tomorrow? Thanks for all your help!

After a long time, .wtav deleted ok Couldn't find the next two files in System32 folder. Folder options were set to show system files and hidden files. I could see userinit.exe though?

After a long time, .wtav deleted ok Couldn't find the next two files in System32 folder. Folder options were set to show system files and hidden files. I could see userinit.exe though?

After a long time, .wtav deleted ok Couldn't find the next two files in System32 folder. Folder options were set to show system files and hidden files. I could see userinit.exe though?

Thanx for the quick reply! That process doesn't show in the list of processes? I can only see; lxdfamon.exe avgtray.exe explorer.exe taskmgr.exe avgcsrvx.exe avgrsx.exe avgchsvx.exe lsass.exe winlogon.exe csrss.exe smss.exe System System Idle Process SYSTEM (CPU 99) And 'show processes from all users' is ticked..

Hi again - some progress?!! Although the laptop is running as slow as ever, and still no taskbar, I tried HiJackThis from a USB stick and it ran and allowed me to save the attached log! Internet Explorer still won't run, and the laptop doesn't have Recovery Console installed, so is it pointless trying Combofix? Hope the HJT log helps! hijackthis.log

Great - got the Laptop back and he claims he took out my HDD and ran a MBAM check succesfully. Removed a trojan and MBAM declared it 'clean'. BUT he didn't note what the trojan was and he didn't keep a copy of the log file as I'd asked- fantastic!. Anyhow, laptop now back together and apparently no different than before. So I'll try your last recommendation asap - thanks.

Sorry LDTate - got back from the visit later than expected. I left the laptop with a friend who said he may be able to take out the hard drive and add it to his clean laptop so he could do a MBAM scan from there. Will check with him tonite and get back asap. Many thanks for your patience.

I forgot we are away seeing family until Tuesday next so won't be able to look at laptop til then. Hope that's OK. Steve

Hi! Ran fixme.reg from the pendrive and it seemed to work as expected - succesfully added stuff to the registry. But after a reboot - exactly as before, no taskbar. The whole process took 4 hours, so now off to work and will try other suggestions later. Thanks again. Stev