Jump to content

qrius

Members
 View Profile  See their activity

  • Posts

    18

  • Joined

  • Last visited

 Content Type 

Everything posted by qrius

  1. qrius
    Ok... Firstly, thanks for the suggestion noknojon. I was mistaken previously when stating this was a secondhand notebook with no install dvd, it was bought new from dell website...but owner not sure if it came with a dvd...will need to hunt around for it, so will continue to follow exile360 in the meantime. I was hoping I wouldn't have to resort to that using the dvd Secondly, tried running "MGAdiag.exe" again as administrator. It didn't actually take long at all and completed without any apparent problem. However got the same error as before after pressing "Copy": "Failed to create output files, hr=0x8007000d. Please contact support." Any further ideas? Q
  2. qrius
    Ok, ran the tool which completed but was unable to save a copy of the results due to an error. I restarted and tried updating again, but without success.
  3. qrius
    Didn't try that before...but have now and still nothing happening. I've noticed that when checking for updates, it states "never" under most recent check for updates and updates installed...which isn't the case. Not sure if this means anything or not?
  4. qrius
    The process completed successfully but windows update is still not working...
  5. qrius
    Apologies for the delays There were a couple of errors that occurred will running updatefix.bat 1. The module "wuaueng.dll" was loaded but the call to DllRegisterServer failed with error code 0x80070005. For more information about this problem, search online using the error code as a search term 2. The module "wudriver.dll" was loaded but the entry-point DllRegisterServer was not found. Make sure that "wudriver.dll" is a valid DLL or OCX file then try again After it completed and restarted, Windows update still failed to work Whats next?
  6. qrius
    Ok, not much luck with this fix. It said it failed to process after starting and the issue continues Q
  7. qrius
    Apologies for the delay. I don't have access to the laptop during the week. Tried both tools but got the same error on restart. Unfortunately, the laptop is secondhand and didn't come with installation DVDs so I'm at a dead end with Microsoft it would seem. Any other pointers would be helpful
  8. qrius
    Hi I was directed here from the malware removal forum by "fenzodahl512". I keep getting this error code when trying to update windows. This has been a long standing problem (at least a few months) and now that the malware issue has been resolved, this problem remains. I've googled the error code and have got various answers, but I'm not sure which one is correct. I'm missing out on important updates so would like to resolve this isssue if possible Any ideas would be much appreciated Q
  9. qrius
    Thanks again, will do. Q
  10. qrius
    Thats good news Internet is up and running with no browser issues...Windows update screenshot is attached Not sure if this is a malware problem more than some kind of system/software error, but I'm no expert. Tried googling the error code and there are all sorts of solutions which I'm not too convinced of at the moment Any pointers would be helpful re: update, but otherwise thanks for all your help with malware removal! Cheers Q
  11. qrius
    Ok - the mbr and rootrepeal logs Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/02/24 13:09 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys Address: 0x8E2DA000 Size: 815104 File Visible: No Signed: - Status: - Name: mbr.sys Image Path: C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\mbr.sys Address: 0x8E3F8000 Size: 20864 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x8DA70000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\System Volume Information\{2ee94e2e-1684-11df-b37e-00219bcd1fe7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{2ee94e3c-1684-11df-b37e-00219bcd1fe7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3325ac14-19a1-11df-8629-00219bcd1fe7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{39a02236-1d13-11df-92e8-00219bcd1fe7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{563e5995-03fd-11df-b6f7-002268d3163e}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{78f286bb-1fe5-11df-9ceb-00219bcd1fe7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{91868715-05bb-11df-8199-002268d3163e}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{d6ac9bb3-1da7-11df-86b7-002268d3163e}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\Windows\System32\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\System32\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd a6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b 5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8 .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d21850 4d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5 6e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11d f268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f2 1d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f 59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_765 8964504b9f3b6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e5070 87.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f3 9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8 cc63a6e4c2a3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d 131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc 0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_5169 53ad0f4d16c4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c 0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e 1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003 bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3c e6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_588 43c41d2730d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea 1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0e bd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ab ac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddf c6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c 2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d d7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053 e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17 b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a 620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16386_none_c52353cea8765257\$$DeleteMe.msasn1.dll.01ca528a859133de.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.18096_none_67458179da6478e3\FRAMEW~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SECURI~4.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEE61C~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED8D0~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC3C2~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED85F~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC362~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_bd4ece0e1eaaafd1\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638 6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6001.18096_none_ada2ec92b42bf87e\GLOBAL~1.COM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.16708_none_1dbee32b03599791\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.20864_none_1e039f461cab79a5\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.18096_none_1f41d00b00caf426\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.22208_none_202ebe9c199dc84c\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6002.18005_none_218896a6fda92bef\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.16708_none_9e7d8c92dbaad42f\WORKFL~1.TAR Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.20864_none_9ec248adf4fcb643\WORKFL~1.TAR Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.18096_none_a0007972d91c30c4\WORKFL~1.TAR Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.22208_none_a0ed6803f1ef04ea\WORKFL~1.TAR Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~2.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\NAVIGA~1.RES Status:Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! SSDT ------------------- #: 072 Function Name: NtCreateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x84b0dcdc #: 073 Function Name: NtCreateProcessEx Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x84b0dece #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x84b0d982 #: 383 Function Name: NtCreateUserProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x84b0e0d6 ==EOF== Hopefully this is useful
  12. qrius
    Ok, after a couple of attempts in safe mode and one blue screen, the scan finally worked and the log should be attached ark.zip
  13. qrius
    Unfortunately, the GMER scan could not be completed. It starts to run, but windows stated that the program had stopped working and is searching for solutions (normal boot up mode). Any ideas? (Will try in safe mode...)
  14. qrius
    The laptop seems to be running better most of the problems have been resolved except for the persistence of Windows not being able to check for updates As for the online scan - the initial attempt seemed to be going ok until the laptop shutdown on its own (battery ok) when it was about 49% done having found 1 threat - something called "INF/AutoRun.lj.7 INF virus" which was also quarantined by avira antivir personal guard running in the background I ran the scan again after rebooting and no threats were found with a very short log produced: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 Is this normal? and any ideas about Windows update? Thanks for the help so far Q
  15. qrius
    Ok, apologies for the delay...I had some problems running Combo-fix in normal boot-up mode. It seemed to do nothing for hours after starting so I decided to run it in safe mode Combofix managed to upload successfully and the log is below plus the Hijack this log ComboFix 10-02-20.03 - SYSTEM 2010-02-21 11:49:30.7.2 - x86 NETWORK Running from: c:\windows\system32\config\systemprofile\Desktop\Combo-Fix.exe Command switches used :: c:\windows\system32\config\systemprofile\Desktop\CFScript.txt file zipped: c:\windows\system32\SVKP.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\NetLogin c:\program files\NetLogin\netlogin.dll c:\windows\system32\SVKP.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SVKP -------\Legacy_UMLAHATSZLI -------\Service_dqbisrtk -------\Service_NetLogin Helper -------\Service_SVKP -------\Service_umlahatszli ((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 ))))))))))))))))))))))))))))))) . 2010-02-20 22:58 . 2010-02-20 23:01 -------- d-----w- c:\users\Krystal\AppData\Local\temp 2010-02-20 22:58 . 2010-02-20 22:58 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-02-20 22:58 . 2010-02-20 22:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-20 22:48 . 2010-02-20 22:48 -------- d-----w- C:\%APPDATA% 2010-02-20 22:48 . 2010-02-20 22:48 -------- d-----w- C:\32788R22FWJFW 2010-02-20 06:39 . 2010-02-20 06:39 -------- d-----w- c:\program files\Trend Micro 2010-02-20 00:05 . 2010-02-20 06:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-20 00:05 . 2009-03-29 20:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-20 00:05 . 2010-02-20 00:05 -------- d-----w- c:\programdata\Avira 2010-02-20 00:04 . 2010-02-20 00:04 -------- d-----w- c:\program files\Avira . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-20 05:02 . 2009-03-04 05:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-20 05:01 . 2009-03-04 05:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-20 01:12 . 2008-12-16 02:02 -------- d-----w- c:\program files\WordPod 2010-02-20 01:12 . 2009-03-04 03:44 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-20 01:12 . 2009-02-25 07:44 -------- d-----w- c:\program files\Spyware Doctor 2010-02-20 01:12 . 2009-06-07 08:44 -------- d-----w- c:\program files\QuickTime 2010-02-20 01:12 . 2009-03-26 02:17 -------- d-----w- c:\program files\PC Connectivity Solution 2010-02-20 01:12 . 2009-04-01 21:40 -------- d-----w- c:\program files\Norton Security Scan 2010-02-20 01:12 . 2008-08-27 04:23 -------- d-----w- c:\program files\Microsoft Works 2010-02-20 01:12 . 2008-10-05 23:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-20 01:11 . 2009-08-07 23:07 -------- d-----w- c:\program files\iTunes 2010-02-20 01:11 . 2008-11-22 03:25 -------- d-----w- c:\program files\Handbrake 2010-02-20 01:11 . 2008-12-31 10:05 -------- d-----w- c:\program files\FrostWire 2010-02-20 01:11 . 2008-10-25 20:34 -------- d-----w- c:\program files\DivX 2010-02-20 01:11 . 2008-08-27 19:49 -------- d-----w- c:\program files\DellTPad 2010-02-20 01:11 . 2009-02-21 23:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-02-20 01:11 . 2009-03-03 10:19 -------- d-----w- c:\program files\CCleaner 2010-02-20 01:11 . 2009-05-13 10:12 -------- d-----w- c:\program files\AutoUnpack 2010-02-19 22:17 . 2010-02-19 22:17 52224 ----a-w- c:\users\Krystal\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-19 22:17 . 2009-04-17 23:52 117760 ----a-w- c:\users\Krystal\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-19 04:57 . 2009-03-04 05:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-19 04:54 . 2010-02-19 04:54 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-02-15 00:26 . 2008-08-27 19:49 371224 ----a-w- c:\windows\system32\hkcmd.exe 2010-02-12 01:39 . 2008-10-06 03:04 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-02-11 22:10 . 2008-12-31 10:06 -------- d-----w- c:\users\Krystal\AppData\Roaming\FrostWire 2010-02-06 04:55 . 2009-10-20 05:20 -------- d-----w- c:\programdata\AVG Security Toolbar 2010-01-21 23:21 . 2009-10-20 05:56 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-01-21 23:21 . 2009-10-20 05:56 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-01-21 23:21 . 2009-10-20 05:56 1152444 ----a-w- c:\windows\UDB.zip 2010-01-21 23:21 . 2009-10-20 05:56 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-01-21 23:21 . 2009-10-20 05:56 767952 ----a-w- c:\windows\BDTSupport.dll 2010-01-21 01:00 . 2009-04-27 12:12 -------- d-----w- c:\program files\Counter-Strike 1.6 2010-01-21 00:25 . 2009-05-07 07:43 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-01-21 00:25 . 2009-05-07 07:43 -------- d-----w- c:\program files\AVS4YOU 2010-01-20 05:05 . 2009-04-18 06:11 -------- d-----w- c:\programdata\Google Updater 2010-01-19 20:57 . 2010-01-01 23:25 -------- d-----w- c:\users\Krystal\AppData\Roaming\support 2010-01-13 22:12 . 2009-10-07 02:10 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-12 20:47 . 2010-01-12 20:47 -------- d-----w- c:\program files\DVDVideoSoft 2010-01-07 03:07 . 2009-03-04 05:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 03:07 . 2009-03-04 05:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 03:00 . 2008-10-19 07:03 -------- d-----w- c:\program files\Windows Live 2009-11-25 00:02 . 2010-02-06 04:55 1234176 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll 2009-10-02 08:10 . 2009-10-02 08:10 12120 ----a-w- c:\program files\Common Files\romir.db 2008-08-27 04:10 . 2008-08-27 04:10 76 --sh--r- c:\windows\CT4CET.bin 2008-08-27 19:46 . 2008-08-27 19:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 00:02 1234176 ----a-w- c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-15 371224] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2010-02-19 174872] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-01 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-02-19 3883856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-27 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-11-04 10:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2010-01-19 06:06 120320 ----a-w- c:\dell\E-Center\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-08-27 04:16 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-02-19 23:47 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe] 2008-03-04 05:05 36864 ----a-w- c:\windows\OEM02Mon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 R2 AeLookupSvcAESTFilters;Application Experience AeLookupSvcAESTFilters;c:\windows\TEMP\ujnfimmnch.exe service [x] R2 gupdate1c9bfecbe49b96a;Google Update Service (gupdate1c9bfecbe49b96a);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280] S1 AvgLdx86;AVG LinkScanner
  16. qrius
    Thanks for the quick response. I deleted Spybot first and then ran the programs as instructed TDSSKiller log as follows 18:08:25:934 2296 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31 18:08:25:934 2296 ================================================================================ 18:08:25:934 2296 SystemInfo: 18:08:25:934 2296 OS Version: 6.0.6001 ServicePack: 1.0 18:08:25:934 2296 Product type: Workstation 18:08:25:934 2296 ComputerName: KRYSTAL-PC 18:08:25:934 2296 UserName: Krystal 18:08:25:934 2296 Windows directory: C:\Windows 18:08:25:934 2296 Processor architecture: Intel x86 18:08:25:934 2296 Number of processors: 2 18:08:25:934 2296 Page size: 0x1000 18:08:25:934 2296 Boot type: Normal boot 18:08:25:934 2296 ================================================================================ 18:08:25:950 2296 UnloadDriverW: NtUnloadDriver error 2 18:08:25:950 2296 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 18:08:25:950 2296 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000 18:08:48:289 2296 UtilityInit: KLMD drop and load success 18:08:48:289 2296 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010) 18:08:48:289 2296 UtilityInit: KLMD open success 18:08:48:289 2296 UtilityInit: Initialize success 18:08:48:289 2296 18:08:48:289 2296 Scanning Services ... 18:08:48:289 2296 CreateRegParser: Registry parser init started 18:08:48:320 2296 CreateRegParser: DisableWow64Redirection error 18:08:48:320 2296 wfopen_ex: Trying to open file C:\Windows\system32\config\system 18:08:48:320 2296 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043 18:08:48:320 2296 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 18:08:48:320 2296 wfopen_ex: Trying to KLMD file open 18:08:48:320 2296 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system 18:08:48:320 2296 wfopen_ex: File opened ok (Flags 2) 18:08:48:367 2296 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 25E6FC0 18:08:48:367 2296 wfopen_ex: Trying to open file C:\Windows\system32\config\software 18:08:48:367 2296 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043 18:08:48:367 2296 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 18:08:48:367 2296 wfopen_ex: Trying to KLMD file open 18:08:48:367 2296 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software 18:08:48:367 2296 wfopen_ex: File opened ok (Flags 2) 18:08:48:367 2296 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 25E1318 18:08:48:367 2296 CreateRegParser: EnableWow64Redirection error 18:08:48:367 2296 CreateRegParser: RegParser init completed 18:08:49:412 2296 GetAdvancedServicesInfo: Raw services enum returned 470 services 18:08:49:412 2296 fclose_ex: Trying to close file C:\Windows\system32\config\system 18:08:49:412 2296 fclose_ex: Trying to close file C:\Windows\system32\config\software 18:08:49:412 2296 18:08:49:412 2296 Scanning Kernel memory ... 18:08:49:412 2296 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 18:08:49:412 2296 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 87AC2F38 18:08:49:412 2296 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects 18:08:49:412 2296 18:08:49:412 2296 DetectCureTDL3: DEVICE_OBJECT: 86C0B7B8 18:08:49:412 2296 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86C0B7B8 18:08:49:412 2296 DetectCureTDL3: DEVICE_OBJECT: 86CA7520 18:08:49:412 2296 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86CA7520 18:08:49:412 2296 DetectCureTDL3: DEVICE_OBJECT: 86CC9560 18:08:49:412 2296 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86CC9560 18:08:49:412 2296 KLMD_ReadMem: Trying to ReadMemory 0x86CC9560[0x38] 18:08:49:412 2296 DetectCureTDL3: DRIVER_OBJECT: 86C66618 18:08:49:412 2296 KLMD_ReadMem: Trying to ReadMemory 0x86C66618[0xA8] 18:08:49:412 2296 KLMD_ReadMem: Trying to ReadMemory 0x86C54760[0x1E] 18:08:49:428 2296 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_CREATE : ADE9DB40 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_CLOSE : ADE9DBB8 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_READ : ADE9DC30 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_WRITE : ADE9DC30 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_QUERY_EA : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_SET_EA : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : ADE9D828 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : ADE924AA 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_CLEANUP : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_POWER : ADE9BF9A 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : ADE997A2 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84477FDF 18:08:49:428 2296 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84477FDF 18:08:49:428 2296 TDL3_FileDetect: Processing driver: USBSTOR 18:08:49:428 2296 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:08:49:428 2296 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:08:49:459 2296 KLMD_ReadMem: Trying to ReadMemory 0xADE94A44[0x400] 18:08:49:459 2296 TDL3_StartIoHookDetect: CheckParameters: 4, ADE98000, 0 18:08:49:459 2296 TDL3_FileDetect: Processing driver: USBSTOR 18:08:49:459 2296 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:08:49:459 2296 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:08:49:475 2296 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 18:08:49:475 2296 18:08:49:475 2296 DetectCureTDL3: DEVICE_OBJECT: 87FE4AC8 18:08:49:475 2296 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87FE4AC8 18:08:49:475 2296 DetectCureTDL3: DEVICE_OBJECT: 87AC28A0 18:08:49:475 2296 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87AC28A0 18:08:49:475 2296 DetectCureTDL3: DEVICE_OBJECT: 87008030 18:08:49:475 2296 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87008030 18:08:49:475 2296 KLMD_ReadMem: Trying to ReadMemory 0x87008030[0x38] 18:08:49:475 2296 DetectCureTDL3: DRIVER_OBJECT: 86FFDC48 18:08:49:475 2296 KLMD_ReadMem: Trying to ReadMemory 0x86FFDC48[0xA8] 18:08:49:475 2296 KLMD_ReadMem: Trying to ReadMemory 0x86FF4388[0x1C] 18:08:49:475 2296 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_CREATE : 84A42818 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_CLOSE : 84A42818 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_READ : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_WRITE : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_QUERY_EA : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_SET_EA : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 84A40132 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 84A3D918 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_CLEANUP : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_POWER : 84A39AB4 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 84A3907C 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84477FDF 18:08:49:475 2296 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84477FDF 18:08:49:475 2296 TDL3_FileDetect: Processing driver: iaStor 18:08:49:475 2296 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\iastor.sys 18:08:49:475 2296 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\iastor.sys 18:08:49:506 2296 TDL3_FileDetect: Processing driver: iaStor 18:08:49:506 2296 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\iastor.sys 18:08:49:506 2296 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\iastor.sys 18:08:49:522 2296 TDL3_FileDetect: C:\Windows\system32\drivers\iastor.sys - Verdict: Clean 18:08:49:522 2296 18:08:49:522 2296 Completed 18:08:49:522 2296 18:08:49:522 2296 Results: 18:08:49:522 2296 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 18:08:49:522 2296 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 18:08:49:522 2296 File objects infected / cured / cured on reboot: 0 / 0 / 0 18:08:49:522 2296 18:08:49:522 2296 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000 18:08:49:522 2296 UtilityDeinit: KLMD(ARK) unloaded successfully And the Combo-Fix Log as requested... ComboFix 10-02-19.04 - Krystal 2010-02-20 18:15:22.6.2 - x86 Running from: c:\users\Krystal\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Windows\Start Menu\Programs\Ardamax Keylogger c:\windows\system32\AutoRun.inf c:\windows\system32\setting.ini c:\windows\system32\setup.ini c:\windows\system32\stacsv.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_STacSV ((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 ))))))))))))))))))))))))))))))) . 2010-02-20 05:28 . 2010-02-20 05:31 -------- d-----w- c:\users\Krystal\AppData\Local\temp 2010-02-20 05:28 . 2010-02-20 05:28 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-02-20 05:28 . 2010-02-20 05:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-20 00:05 . 2009-07-28 02:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-20 00:05 . 2009-03-29 20:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-20 00:05 . 2010-02-20 00:05 -------- d-----w- c:\programdata\Avira 2010-02-20 00:04 . 2010-02-20 00:04 -------- d-----w- c:\program files\Avira . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-20 05:02 . 2009-03-04 05:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-20 05:01 . 2009-03-04 05:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-20 01:12 . 2008-12-16 02:02 -------- d-----w- c:\program files\WordPod 2010-02-20 01:12 . 2009-03-04 03:44 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-20 01:12 . 2009-02-25 07:44 -------- d-----w- c:\program files\Spyware Doctor 2010-02-20 01:12 . 2009-06-07 08:44 -------- d-----w- c:\program files\QuickTime 2010-02-20 01:12 . 2009-03-26 02:17 -------- d-----w- c:\program files\PC Connectivity Solution 2010-02-20 01:12 . 2009-04-01 21:40 -------- d-----w- c:\program files\Norton Security Scan 2010-02-20 01:12 . 2008-09-16 05:26 -------- d-----w- c:\program files\NetLogin 2010-02-20 01:12 . 2008-08-27 04:23 -------- d-----w- c:\program files\Microsoft Works 2010-02-20 01:12 . 2008-10-05 23:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-20 01:11 . 2009-08-07 23:07 -------- d-----w- c:\program files\iTunes 2010-02-20 01:11 . 2008-11-22 03:25 -------- d-----w- c:\program files\Handbrake 2010-02-20 01:11 . 2008-12-31 10:05 -------- d-----w- c:\program files\FrostWire 2010-02-20 01:11 . 2008-10-25 20:34 -------- d-----w- c:\program files\DivX 2010-02-20 01:11 . 2008-08-27 19:49 -------- d-----w- c:\program files\DellTPad 2010-02-20 01:11 . 2009-02-21 23:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-02-20 01:11 . 2009-03-03 10:19 -------- d-----w- c:\program files\CCleaner 2010-02-20 01:11 . 2009-05-13 10:12 -------- d-----w- c:\program files\AutoUnpack 2010-02-19 22:17 . 2010-02-19 22:17 52224 ----a-w- c:\users\Krystal\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-19 22:17 . 2009-04-17 23:52 117760 ----a-w- c:\users\Krystal\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-19 04:57 . 2009-03-04 05:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-19 04:54 . 2010-02-19 04:54 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-02-15 00:26 . 2008-08-27 19:49 371224 ----a-w- c:\windows\system32\hkcmd.exe 2010-02-12 01:39 . 2008-10-06 03:04 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-02-11 22:10 . 2008-12-31 10:06 -------- d-----w- c:\users\Krystal\AppData\Roaming\FrostWire 2010-02-06 04:55 . 2009-10-20 05:20 -------- d-----w- c:\programdata\AVG Security Toolbar 2010-01-21 23:21 . 2009-10-20 05:56 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-01-21 23:21 . 2009-10-20 05:56 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-01-21 23:21 . 2009-10-20 05:56 1152444 ----a-w- c:\windows\UDB.zip 2010-01-21 23:21 . 2009-10-20 05:56 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-01-21 23:21 . 2009-10-20 05:56 767952 ----a-w- c:\windows\BDTSupport.dll 2010-01-21 01:00 . 2009-04-27 12:12 -------- d-----w- c:\program files\Counter-Strike 1.6 2010-01-21 00:25 . 2009-05-07 07:43 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-01-21 00:25 . 2009-05-07 07:43 -------- d-----w- c:\program files\AVS4YOU 2010-01-20 05:05 . 2009-04-18 06:11 -------- d-----w- c:\programdata\Google Updater 2010-01-19 20:57 . 2010-01-01 23:25 -------- d-----w- c:\users\Krystal\AppData\Roaming\support 2010-01-13 22:12 . 2009-10-07 02:10 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-12 20:47 . 2010-01-12 20:47 -------- d-----w- c:\program files\DVDVideoSoft 2010-01-07 03:07 . 2009-03-04 05:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 03:07 . 2009-03-04 05:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 03:00 . 2008-10-19 07:03 -------- d-----w- c:\program files\Windows Live 2009-11-25 00:02 . 2010-02-06 04:55 1234176 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll 2009-10-02 08:10 . 2009-10-02 08:10 12120 ----a-w- c:\program files\Common Files\romir.db 2008-08-27 04:10 . 2008-08-27 04:10 76 --sh--r- c:\windows\CT4CET.bin 2008-08-27 19:46 . 2008-08-27 19:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 00:02 1234176 ----a-w- c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-15 371224] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2010-02-19 174872] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-01 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-02-19 3883856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingD2586"="del" [X] "SpybotDeletingD2621"="del" [X] "SpybotDeletingD7495"="del" [X] "SpybotDeletingD4264"="del" [X] "SpybotDeletingD4803"="del" [X] "SpybotDeletingD3192"="del" [X] "SpybotDeletingD5925"="del" [X] "SpybotDeletingD1472"="del" [X] "SpybotDeletingD55"="del" [X] "SpybotDeletingD2721"="del" [X] "SpybotDeletingD9515"="del" [X] "SpybotDeletingD8489"="del" [X] "SpybotDeletingD8591"="del" [X] "SpybotDeletingD4809"="del" [X] "SpybotDeletingD2662"="del" [X] "SpybotDeletingD2481"="del" [X] "SpybotDeletingD7151"="del" [X] "SpybotDeletingD3152"="del" [X] "SpybotDeletingD8804"="del" [X] "SpybotDeletingD9190"="del" [X] "SpybotDeletingD5663"="del" [X] "SpybotDeletingD8396"="del" [X] "SpybotDeletingD5188"="del" [X] "SpybotDeletingD8507"="del" [X] "SpybotDeletingD382"="del" [X] "SpybotDeletingD7229"="del" [X] "SpybotDeletingD8956"="del" [X] "SpybotDeletingD6306"="del" [X] "SpybotDeletingD2872"="del" [X] "SpybotDeletingD5941"="del" [X] "SpybotDeletingD4304"="del" [X] "SpybotDeletingD4158"="del" [X] "SpybotDeletingD5481"="del" [X] "SpybotDeletingD9399"="del" [X] "SpybotDeletingD996"="del" [X] "SpybotDeletingD4662"="del" [X] "SpybotDeletingD491"="del" [X] "SpybotDeletingB80"="command.com" [2006-11-02 50648] "SpybotDeletingB3406"="command.com" [2006-11-02 50648] "SpybotDeletingB9790"="command.com" [2006-11-02 50648] "SpybotDeletingB9342"="command.com" [2006-11-02 50648] "SpybotDeletingB8562"="command.com" [2006-11-02 50648] "SpybotDeletingB6736"="command.com" [2006-11-02 50648] "SpybotDeletingB5928"="command.com" [2006-11-02 50648] "SpybotDeletingB6286"="command.com" [2006-11-02 50648] "SpybotDeletingB2925"="command.com" [2006-11-02 50648] "SpybotDeletingB3366"="command.com" [2006-11-02 50648] "SpybotDeletingB2958"="command.com" [2006-11-02 50648] "SpybotDeletingB3835"="command.com" [2006-11-02 50648] "SpybotDeletingB5344"="command.com" [2006-11-02 50648] "SpybotDeletingB1292"="command.com" [2006-11-02 50648] "SpybotDeletingB744"="command.com" [2006-11-02 50648] "SpybotDeletingB2457"="command.com" [2006-11-02 50648] "SpybotDeletingB9414"="command.com" [2006-11-02 50648] "SpybotDeletingB4646"="command.com" [2006-11-02 50648] "SpybotDeletingB6559"="command.com" [2006-11-02 50648] "SpybotDeletingB4135"="command.com" [2006-11-02 50648] "SpybotDeletingB3757"="command.com" [2006-11-02 50648] "SpybotDeletingB3573"="command.com" [2006-11-02 50648] "SpybotDeletingB8155"="command.com" [2006-11-02 50648] "SpybotDeletingB7239"="command.com" [2006-11-02 50648] "SpybotDeletingB1071"="command.com" [2006-11-02 50648] "SpybotDeletingB9097"="command.com" [2006-11-02 50648] "SpybotDeletingB9665"="command.com" [2006-11-02 50648] "SpybotDeletingB5116"="command.com" [2006-11-02 50648] "SpybotDeletingB5142"="command.com" [2006-11-02 50648] "SpybotDeletingB2181"="command.com" [2006-11-02 50648] "SpybotDeletingB3011"="command.com" [2006-11-02 50648] "SpybotDeletingB9449"="command.com" [2006-11-02 50648] "SpybotDeletingB5934"="command.com" [2006-11-02 50648] "SpybotDeletingB502"="command.com" [2006-11-02 50648] "SpybotDeletingB4604"="command.com" [2006-11-02 50648] "SpybotDeletingB4144"="command.com" [2006-11-02 50648] "SpybotDeletingB7343"="command.com" [2006-11-02 50648] "SpybotDeletingB9843"="command.com" [2006-11-02 50648] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-27 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-11-04 10:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2010-01-19 06:06 120320 ----a-w- c:\dell\E-Center\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-08-27 04:16 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-02-19 23:47 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe] 2008-03-04 05:05 36864 ----a-w- c:\windows\OEM02Mon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 R1 dqbisrtk;dqbisrtk;c:\windows\system32\drivers\dqbisrtk.sys [x] R2 AeLookupSvcAESTFilters;Application Experience AeLookupSvcAESTFilters;c:\windows\TEMP\ujnfimmnch.exe service [x] R2 gupdate1c9bfecbe49b96a;Google Update Service (gupdate1c9bfecbe49b96a);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 NetLogin Helper;NetLogin Helper;c:\program files\NetLogin\NetLoginService.exe [x] R2 umlahatszli;umlahatszli;c:\windows\system32\drivers\yvvzueygg.sys [x] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280] S1 AvgLdx86;AVG LinkScanner
  17. qrius
    Hi Posting on behalf of a family member who has had problems with the registry infections on her own laptop as mentioned in the title and as a result task manger is disabled, the security center plays up and internet doesn't appear to work. Windows update and CCleaner also does not work. I was kindly advised by "noknojon" to follow instructions in the pinned topic "I'm infected - What do I do now?", which I have tried with mixed results that will be posted here shortly The avira antivir personal program seemed to pick up a few problems but even after the full scan, the registry infections still remained. Firstly the most recent MBAM log: Malwarebytes' Anti-Malware 1.44 Database version: 3764 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18828 2010-02-20 16:04:58 mbam-log-2010-02-20 (16-04-58).txt Scan type: Quick Scan Objects scanned: 106481 Time elapsed: 8 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Next I tried Defogger- but I'm not sure it worked as after clicking OK on the "Finished" popup I was not asked to restart (I decided to restart manually), and the log created seems a bit short, but here it is: defogger_disable by jpshortstuff (29.01.10.1) Log created at 16:17 on 20/02/2010 (Krystal) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- I tried DDS next - DDS.txt follows DDS (Ver_09-12-01.01) - NTFSx86 Run by Krystal at 16:23:05.20 on 2010-02-20 Internet Explorer: 8.0.6001.18828 ============== Running Processes =============== ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avgls\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avgls\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avgls\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avgls\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avgls\toolbar\IEToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Krystal] c:\users\krystal\Krystal.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AVG8_TRAY] c:\progra~1\avg\avgls\avgtray.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background dRunOnce: [spybotDeletingB80] command.com /c del "c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\antiviruspro_2010\AntivirusPro_2010.lnk" dRunOnce: [spybotDeletingD2586] cmd.exe /c del "c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\antiviruspro_2010\AntivirusPro_2010.lnk" dRunOnce: [spybotDeletingB3406] command.com /c del "c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\antiviruspro_2010\Uninstall.lnk" dRunOnce: [spybotDeletingD2621] cmd.exe /c del "c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\start menu\programs\antiviruspro_2010\Uninstall.lnk" dRunOnce: [spybotDeletingB9790] command.com /c del "c:\program files\antiviruspro_2010\data\daily.cvd" dRunOnce: [spybotDeletingD7495] cmd.exe /c del "c:\program files\antiviruspro_2010\data\daily.cvd" dRunOnce: [spybotDeletingB9342] command.com /c del "c:\windows\temp\kbiwkmadaxknpsii.tmp" dRunOnce: [spybotDeletingD4264] cmd.exe /c del "c:\windows\temp\kbiwkmadaxknpsii.tmp" dRunOnce: [spybotDeletingB8562] command.com /c del "c:\windows\system32\kbiwkmcnedniqq.dat" dRunOnce: [spybotDeletingD4803] cmd.exe /c del "c:\windows\system32\kbiwkmcnedniqq.dat" dRunOnce: [spybotDeletingB6736] command.com /c del "c:\windows\system32\kbiwkmpmxumxyn.dat" dRunOnce: [spybotDeletingD3192] cmd.exe /c del "c:\windows\system32\kbiwkmpmxumxyn.dat" dRunOnce: [spybotDeletingB5928] command.com /c del "c:\windows\system32\kbiwkmuxkqejxo.dat" dRunOnce: [spybotDeletingD5925] cmd.exe /c del "c:\windows\system32\kbiwkmuxkqejxo.dat" dRunOnce: [spybotDeletingB6286] command.com /c del "c:\windows\system32\kbiwkmvfcnlnqi.dat" dRunOnce: [spybotDeletingD1472] cmd.exe /c del "c:\windows\system32\kbiwkmvfcnlnqi.dat" dRunOnce: [spybotDeletingB2925] command.com /c del "c:\windows\system32\drivers\kbiwkmfhmeriyc.sys" dRunOnce: [spybotDeletingD55] cmd.exe /c del "c:\windows\system32\drivers\kbiwkmfhmeriyc.sys" dRunOnce: [spybotDeletingB3366] command.com /c del "c:\windows\system32\drivers\kbiwkmstxvcpbf.sys" dRunOnce: [spybotDeletingD2721] cmd.exe /c del "c:\windows\system32\drivers\kbiwkmstxvcpbf.sys" dRunOnce: [spybotDeletingB2958] command.com /c del "c:\windows\system32\drivers\kbiwkmyixuwqbm.sys" dRunOnce: [spybotDeletingD9515] cmd.exe /c del "c:\windows\system32\drivers\kbiwkmyixuwqbm.sys" dRunOnce: [spybotDeletingB3835] command.com /c del "c:\windows\temp\kbiwkmhbvuhkspmd.tmp" dRunOnce: [spybotDeletingD8489] cmd.exe /c del "c:\windows\temp\kbiwkmhbvuhkspmd.tmp" dRunOnce: [spybotDeletingB5344] command.com /c del "c:\windows\system32\kbiwkmcnedniqq.dat" dRunOnce: [spybotDeletingD8591] cmd.exe /c del "c:\windows\system32\kbiwkmcnedniqq.dat" dRunOnce: [spybotDeletingB1292] command.com /c del "c:\windows\system32\kbiwkmpmxumxyn.dat" dRunOnce: [spybotDeletingD4809] cmd.exe /c del "c:\windows\system32\kbiwkmpmxumxyn.dat" dRunOnce: [spybotDeletingB744] command.com /c del "c:\windows\system32\kbiwkmrapdeije.dat" dRunOnce: [spybotDeletingD2662] cmd.exe /c del "c:\windows\system32\kbiwkmrapdeije.dat" dRunOnce: [spybotDeletingB2457] command.com /c del "c:\windows\system32\kbiwkmsvecvbwi.dat" dRunOnce: [spybotDeletingD2481] cmd.exe /c del "c:\windows\system32\kbiwkmsvecvbwi.dat" dRunOnce: [spybotDeletingB9414] command.com /c del "c:\windows\system32\kbiwkmuxkqejxo.dat" dRunOnce: [spybotDeletingB4646] command.com /c del "c:\windows\system32\kbiwkmvfcnlnqi.dat" dRunOnce: [spybotDeletingD7151] cmd.exe /c del "c:\windows\system32\kbiwkmvfcnlnqi.dat" dRunOnce: [spybotDeletingB6559] command.com /c del "c:\windows\system32\drivers\kbiwkmfhmeriyc.sys" dRunOnce: [spybotDeletingD3152] cmd.exe /c del "c:\windows\system32\drivers\kbiwkmfhmeriyc.sys" dRunOnce: [spybotDeletingB4135] command.com /c del "c:\windows\system32\drivers\kbiwkmrxiwuoyx.sys" dRunOnce: [spybotDeletingD8804] cmd.exe /c del "c:\windows\system32\drivers\kbiwkmrxiwuoyx.sys" dRunOnce: [spybotDeletingB3757] command.com /c del "c:\windows\system32\drivers\kbiwkmstxvcpbf.sys" dRunOnce: [spybotDeletingD9190] cmd.exe /c del "c:\windows\system32\drivers\kbiwkmstxvcpbf.sys" dRunOnce: [spybotDeletingB3573] command.com /c del "c:\windows\system32\drivers\kbiwkmyixuwqbm.sys" dRunOnce: [spybotDeletingD5663] cmd.exe /c del "c:\windows\system32\drivers\kbiwkmyixuwqbm.sys" dRunOnce: [spybotDeletingB8155] command.com /c del "c:\windows\system32\kbiwkmcipirvmn.dat" dRunOnce: [spybotDeletingD8396] cmd.exe /c del "c:\windows\system32\kbiwkmcipirvmn.dat" dRunOnce: [spybotDeletingB7239] command.com /c del "c:\windows\system32\kbiwkmcnedniqq.dat" dRunOnce: [spybotDeletingD5188] cmd.exe /c del "c:\windows\system32\kbiwkmcnedniqq.dat" dRunOnce: [spybotDeletingB1071] command.com /c del "c:\windows\system32\kbiwkmpmxumxyn.dat" dRunOnce: [spybotDeletingD8507] cmd.exe /c del "c:\windows\system32\kbiwkmpmxumxyn.dat" dRunOnce: [spybotDeletingB9097] command.com /c del "c:\windows\system32\kbiwkmrapdeije.dat" dRunOnce: [spybotDeletingD382] cmd.exe /c del "c:\windows\system32\kbiwkmrapdeije.dat" dRunOnce: [spybotDeletingB9665] command.com /c del "c:\windows\system32\kbiwkmsvecvbwi.dat" dRunOnce: [spybotDeletingD7229] cmd.exe /c del "c:\windows\system32\kbiwkmsvecvbwi.dat" dRunOnce: [spybotDeletingB5116] command.com /c del "c:\windows\system32\kbiwkmuxkqejxo.dat" dRunOnce: [spybotDeletingD8956] cmd.exe /c del "c:\windows\system32\kbiwkmuxkqejxo.dat" dRunOnce: [spybotDeletingB5142] command.com /c del "c:\windows\system32\kbiwkmvfcnlnqi.dat" dRunOnce: [spybotDeletingD6306] cmd.exe /c del "c:\windows\system32\kbiwkmvfcnlnqi.dat" dRunOnce: [spybotDeletingB2181] command.com /c del "c:\windows\system32\kbiwkmcipirvmn.dat" dRunOnce: [spybotDeletingD2872] cmd.exe /c del "c:\windows\system32\kbiwkmcipirvmn.dat" dRunOnce: [spybotDeletingB3011] command.com /c del "c:\windows\system32\kbiwkmcnedniqq.dat" dRunOnce: [spybotDeletingD5941] cmd.exe /c del "c:\windows\system32\kbiwkmcnedniqq.dat" dRunOnce: [spybotDeletingB9449] command.com /c del "c:\windows\system32\kbiwkmhkaypgxg.dat" dRunOnce: [spybotDeletingD4304] cmd.exe /c del "c:\windows\system32\kbiwkmhkaypgxg.dat" dRunOnce: [spybotDeletingB5934] command.com /c del "c:\windows\system32\kbiwkmpmxumxyn.dat" dRunOnce: [spybotDeletingD4158] cmd.exe /c del "c:\windows\system32\kbiwkmpmxumxyn.dat" dRunOnce: [spybotDeletingB502] command.com /c del "c:\windows\system32\kbiwkmrapdeije.dat" dRunOnce: [spybotDeletingD5481] cmd.exe /c del "c:\windows\system32\kbiwkmrapdeije.dat" dRunOnce: [spybotDeletingB4604] command.com /c del "c:\windows\system32\kbiwkmsvecvbwi.dat" dRunOnce: [spybotDeletingD9399] cmd.exe /c del "c:\windows\system32\kbiwkmsvecvbwi.dat" dRunOnce: [spybotDeletingB4144] command.com /c del "c:\windows\system32\kbiwkmucxeevns.dat" dRunOnce: [spybotDeletingD996] cmd.exe /c del "c:\windows\system32\kbiwkmucxeevns.dat" dRunOnce: [spybotDeletingB7343] command.com /c del "c:\windows\system32\kbiwkmuxkqejxo.dat" dRunOnce: [spybotDeletingD4662] cmd.exe /c del "c:\windows\system32\kbiwkmuxkqejxo.dat" dRunOnce: [spybotDeletingB9843] command.com /c del "c:\windows\system32\kbiwkmvfcnlnqi.dat" dRunOnce: [spybotDeletingD491] cmd.exe /c del "c:\windows\system32\kbiwkmvfcnlnqi.dat" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) dPolicies-system: DisableTaskMgr = 1 (0x1) dPolicies-system: DisableRegistryTools = 1 (0x1) IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avgls\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2010-02-20 03:02:52 0 ----a-w- c:\users\krystal\defogger_reenable 2010-02-20 00:05:02 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-20 00:05:00 0 d-----w- c:\programdata\Avira 2010-02-20 00:04:59 0 d-----w- c:\program files\Avira 2010-02-19 01:51:46 0 ----a-w- C:\e8c8 2010-02-10 07:20:38 0 --sha-r- c:\windows\system32\setting.ini ==================== Find3M ==================== 2010-02-15 00:26:11 371224 ----a-w- c:\windows\system32\hkcmd.exe 2010-01-21 23:21:07 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-01-21 23:21:07 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-01-21 23:21:07 1152444 ----a-w- c:\windows\UDB.zip 2010-01-21 23:21:06 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-01-21 23:21:05 767952 ----a-w- c:\windows\BDTSupport.dll 2010-01-13 22:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-07 03:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 03:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-02 09:14:38 86016 ----a-w- c:\windows\inf\infstor.dat 2009-11-02 09:14:38 51200 ----a-w- c:\windows\inf\infpub.dat 2009-11-02 09:14:38 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-10-02 08:10:51 12120 ----a-w- c:\program files\common files\romir.db 2008-08-27 19:49:06 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2008-08-27 04:10:33 76 --sh--r- c:\windows\CT4CET.bin 2009-10-20 10:25:19 16384 --sha-w- c:\windows\%appdata%\microsoft\windows\ietldcache\index.dat 2009-05-06 22:29:01 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-10-28 21:03:20 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-10-28 21:03:20 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-10-28 21:03:20 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-10-28 21:03:20 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-11-06 20:56:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat 2009-10-20 07:52:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\internet explorer\domstore\index.dat 2009-11-06 20:55:48 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\userdata\index.dat 2009-11-06 20:56:24 851968 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\iecompatcache\index.dat 2009-11-06 20:56:24 5996544 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat 2009-10-02 09:55:19 16384 --sha-w- c:\windows\system32\config\systemprofile\desktop\%appdata%\microsoft\windows\iecompatcache\index.dat 2009-10-02 09:55:19 32768 --sha-w- c:\windows\system32\config\systemprofile\desktop\%appdata%\microsoft\windows\privacie\index.dat 2009-10-27 00:19:30 16384 --sha-w- c:\windows\system32\config\systemprofile\documents\%appdata%\microsoft\windows\ietldcache\index.dat 2008-08-27 19:46:04 8192 --sha-w- c:\windows\users\default\NTUSER.DAT ============= FINISH: 16:26:56.41 =============== Attach.txt should be attached as a zip file, however I had problems running the GMER Rootkit scanner as it kept stopping shortly after running so there was no log created. Defogger re-enable was carried out...but no log was created Any help would be much appreciated! Thanks Q Attach.zip
  18. qrius
    Hi Posting on behalf of a family member who has had problems with the registry infections on her own laptop as mentioned in the title and as a result task manger is disabled, the security center plays up and internet doesn't appear to work. Windows update also does not work. She has run MBAM which detects the infections but are still present after reboot. The latest MBAM log follows: Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18828 2010-02-19 18:22:43 mbam-log-2010-02-19 (18-22-43).txt Scan type: Quick Scan Objects scanned: 100338 Time elapsed: 9 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This is my first post, so please excuse any errors. Please let me know how I should proceed Thanks Q
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.