zenith

Hi, great news! After running both these commands per the instructions, I've had no Blue Screens for a full day, whereas before they would be every 20 mins. Many thanks to Noknojon for the help and quick response to my problem! zenith

Hi, I'm getting bluescreen/STOP errors that seems to point to a '.dll' file. The file is 'atikvmag.dll' which I believe is a videocard file. Is there a way to further pinpoint this problem. I've installed the new ati catalyst drivers but only recently began having this problem. Also, I've replaced the above '.dll' file but had no effect. Thanks again to MBAM and the forums for all the help!

Thank you, and I appreciate the quick response and suggestions. However, I have decided to pursue a different course of action with this problem. Again, thanks for the help!

.Hi, new to the forum, and TIA for any help on this problem! I have a WINXP setup and have the "hijack.windowsupdate" virus. The MBAM quick scan returning the same 2 entries in the Registry Data. I ran a "GMER scan" and can post the log file along with the MBAM logfile. *Notes: Recent install of a 'personal firewall' after the scans. Recently removed: 'Security Tool' virus. "Vundo" virus and numerous spy/malwares. Incorrect T+D stamp. 1. GMER Scan GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2003-07-22 04:26:47 Windows 5.1.2600 Service Pack 2 Running: 7q4hty9x.exe; Driver: C:\DOCUME~1\MARCIA\LOCALS~1\Temp\pxtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE7D4C5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE7D4B16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xEE7D50CA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE7D4FF4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE7D46EC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE7D4BF0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE7D462C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE7D4690] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE7D4D10] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xEE7D5198] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE7D4CD0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE7D4E50] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEE7E14FE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEE7E1322] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEE7E145C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntoskrnl.exe!ObInsertObject 805648A3 5 Bytes JMP EE7DE972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!NtCreateSection 80564B1B 7 Bytes JMP EE7E1326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 805885D3 7 Bytes JMP EE7E1502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A2BF9 5 Bytes JMP EE7DD4BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntoskrnl.exe!ZwLoadDriver 805A6B26 7 Bytes JMP EE7E1460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[696] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002 IAT C:\WINDOWS\system32\services.exe[696] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device BAFA3C8A AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- 2. MBAM Log file Malwarebytes' Anti-Malware 1.44 Database version: 3736 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 7/22/2003 4:33:34 PM mbam-log-2003-07-22 (16-33-30).txt Scan type: Quick Scan Objects scanned: 194276 Time elapsed: 29 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)