Websites redirected, can't run Windows Update, can't install Malwarebytes

Jay Pfoutz · Oct 27, 2012

Okay. Move on to SystemLook, please.

weety · Oct 27, 2012

SystemLook 30.07.11 by jpshortstuff
Log created at 19:09 on 27/10/2012 by hmc05
(Limited User)

========== filefind ==========

Searching for "atapi.sys"
C:\WINNT\erdnt\cache\atapi.sys --a---- 96512 bytes [03:31 25/09/2012] [12:00 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINNT\system32\dllcache\atapi.sys --a---- 96512 bytes [00:10 14/04/2008] [12:00 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINNT\system32\drivers\atapi.sys --a---- 96512 bytes [00:10 14/04/2008] [12:00 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

Searching for "usb*.sys"
C:\DRIVERS\MISC\USBSCAN.SYS --a---- 8944 bytes [00:00 01/01/1980] [05:01 13/06/1998] 45F1636265B41F9ECC4F33A721A411E1
C:\WINNT\system32\dllcache\usb101et.sys --a---- 32384 bytes [19:32 09/10/2012] [21:05 13/04/2008] 24BB6CA00ED8C91DAE2FD13E5F6EEC39
C:\WINNT\system32\dllcache\usb8023.sys --a---- 12800 bytes [00:00 01/01/1980] [12:00 14/04/2008] BEE793D4A059CAEA55D6AC20E19B3A8F
C:\WINNT\system32\dllcache\usb8023x.sys --a---- 12800 bytes [19:32 09/10/2012] [23:26 13/04/2008] B6CC50279D6CD28E090A5D33244ADC9A
C:\WINNT\system32\dllcache\usbaudio.sys --a---- 60032 bytes [21:17 28/12/2011] [00:15 14/04/2008] E919708DB44ED8543A7C017953148330
C:\WINNT\system32\dllcache\usbcamd.sys --a---- 25600 bytes [00:15 14/04/2008] [12:00 14/04/2008] 1C1A47B40C23358245AA8D0443B6935E
C:\WINNT\system32\dllcache\usbcamd2.sys --a---- 25728 bytes [00:15 14/04/2008] [12:00 14/04/2008] CE97845D2E3F0D274B8BAC1ED07C6149
C:\WINNT\system32\dllcache\usbccgp.sys --a---- 32128 bytes [21:16 28/12/2011] [00:15 14/04/2008] 173F317CE0DB8E21322E71B7E60A27E8
C:\WINNT\system32\dllcache\usbd.sys --a---- 4736 bytes [14:03 17/08/2001] [12:00 14/04/2008] 596EB39B50D6EBD9B734DC4AE0544693
C:\WINNT\system32\dllcache\usbehci.sys --a---- 30208 bytes [00:15 14/04/2008] [12:00 14/04/2008] 65DCF09D0E37D4C6B11B5B0B76D470A7
C:\WINNT\system32\dllcache\usbhub.sys --a---- 59520 bytes [00:15 14/04/2008] [12:00 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINNT\system32\dllcache\usbintel.sys --a---- 15872 bytes [00:15 14/04/2008] [12:00 14/04/2008] 290913DC4F1125E5A82DE52579A44C43
C:\WINNT\system32\dllcache\usbohci.sys --a---- 17152 bytes [19:32 09/10/2012] [23:15 13/04/2008] 0DAECCE65366EA32B162F85F07C6753B
C:\WINNT\system32\dllcache\usbport.sys --a---- 143872 bytes [00:15 14/04/2008] [12:00 14/04/2008] 791912E524CC2CC6F50B5F2B52D1EB71
C:\WINNT\system32\dllcache\usbprint.sys --a---- 25856 bytes [19:32 09/10/2012] [23:17 13/04/2008] A717C8721046828520C9EDF31288FC00
C:\WINNT\system32\dllcache\usbscan.sys --a---- 15104 bytes [14:00 21/01/2010] [00:15 14/04/2008] A0B8CF9DEB1184FBDD20784A58FA75D4
C:\WINNT\system32\dllcache\usbser.sys --a---- 26112 bytes [19:32 09/10/2012] [23:15 13/04/2008] 1C888B000C2F9492F4B15B5B6B84873E
C:\WINNT\system32\dllcache\usbstor.sys --a---- 26368 bytes [15:02 17/11/2009] [00:15 14/04/2008] A32426D9B14A089EAA1D922E0C5801A9
C:\WINNT\system32\dllcache\usbuhci.sys --a---- 20608 bytes [00:15 14/04/2008] [12:00 14/04/2008] 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINNT\system32\dllcache\usbvideo.sys --a---- 121984 bytes [21:17 28/12/2011] [00:16 14/04/2008] 63BBFCA7F390F4C49ED4B96BFB1633E0
C:\WINNT\system32\drivers\usb8023.sys --a---- 12800 bytes [00:00 01/01/1980] [12:00 14/04/2008] BEE793D4A059CAEA55D6AC20E19B3A8F
C:\WINNT\system32\drivers\USBAUDIO.sys --a---- 60032 bytes [21:17 28/12/2011] [00:15 14/04/2008] E919708DB44ED8543A7C017953148330
C:\WINNT\system32\drivers\usbcamd.sys --a---- 25600 bytes [00:15 14/04/2008] [12:00 14/04/2008] 1C1A47B40C23358245AA8D0443B6935E
C:\WINNT\system32\drivers\usbcamd2.sys --a---- 25728 bytes [00:15 14/04/2008] [12:00 14/04/2008] CE97845D2E3F0D274B8BAC1ED07C6149
C:\WINNT\system32\drivers\usbccgp.sys --a---- 32128 bytes [21:16 28/12/2011] [00:15 14/04/2008] 173F317CE0DB8E21322E71B7E60A27E8
C:\WINNT\system32\drivers\usbd.sys --a---- 4736 bytes [14:03 17/08/2001] [12:00 14/04/2008] 596EB39B50D6EBD9B734DC4AE0544693
C:\WINNT\system32\drivers\usbehci.sys --a---- 30208 bytes [00:15 14/04/2008] [12:00 14/04/2008] 65DCF09D0E37D4C6B11B5B0B76D470A7
C:\WINNT\system32\drivers\usbhub.sys --a---- 59520 bytes [00:15 14/04/2008] [12:00 14/04/2008] 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINNT\system32\drivers\usbintel.sys --a---- 15872 bytes [00:15 14/04/2008] [12:00 14/04/2008] 290913DC4F1125E5A82DE52579A44C43
C:\WINNT\system32\drivers\usbport.sys --a---- 143872 bytes [00:15 14/04/2008] [12:00 14/04/2008] 791912E524CC2CC6F50B5F2B52D1EB71
C:\WINNT\system32\drivers\usbscan.sys --a---- 15104 bytes [14:00 21/01/2010] [00:15 14/04/2008] A0B8CF9DEB1184FBDD20784A58FA75D4
C:\WINNT\system32\drivers\USBSTOR.SYS --a---- 26368 bytes [15:02 17/11/2009] [00:15 14/04/2008] A32426D9B14A089EAA1D922E0C5801A9
C:\WINNT\system32\drivers\usbuhci.sys --a---- 20608 bytes [00:15 14/04/2008] [12:00 14/04/2008] 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINNT\system32\drivers\usbvideo.sys --a---- 121984 bytes [21:17 28/12/2011] [00:16 14/04/2008] 63BBFCA7F390F4C49ED4B96BFB1633E0

Searching for "spvu.*"
No files found.

-= EOF =-

Jay Pfoutz · Oct 27, 2012

I was not aware of this:

(Limited User)

You must be on an administrator account in order to fully disinfect the system.

No wonder why we can't get the system to cooperate. If you cannot get to an administrator account, we need to either create one, reinstall Windows, or I cannot be of anymore service. We'll just keep going around in circles in a limited account.

weety · Oct 27, 2012

In User Accounts, I'm listed under the group "Administrators". It says "Administrators have complete and unrestricted access to the computer/domain". I always thought I had an admin account... perhaps I should try to create a new one?

Jay Pfoutz · Oct 27, 2012

Please do, re-run above. I will be back later or tomorrow morning.

weety · Oct 27, 2012

Ok thanks very much!

I'm now properly logged in with an Administrator account. Everything seems to work fine here (except I obviously can't access my files/desktop etc. so directly). To check original symptoms, I tried installing Malwarebytes and running Windows update. Both work fine.

I guess this changes everything, but I'll complete the previous steps anyway.

Jay Pfoutz · Oct 28, 2012

Run ComboFix as such: http://www.techspot.com/community/t...ant-install-malwarebytes.185898/#post-1237534

weety · Oct 29, 2012

First, here's the GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-29 09:10:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 WDC_WD2500AAJS-60M0A0 rev.02.03E02
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aflcapob.sys

---- System - GMER 1.0.15 ----
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwAllocateVirtualMemory [0xB9CEB2D2]
SSDT 8A133E10 ZwConnectPort
SSDT spir.sys ZwCreateKey [0xB9EB50E0]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThread [0xB9CEC904]
SSDT spir.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spir.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwFreeVirtualMemory [0xB9CEB55E]
SSDT spir.sys ZwOpenKey [0xB9EB50C0]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwOpenSection [0xB9CEB0F0]
SSDT spir.sys ZwQueryKey [0xB9ECE20A]
SSDT spir.sys ZwQueryValueKey [0xB9ECE08A]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwQueueApcThread [0xB9CECA0C]
SSDT 8A330910 ZwResumeThread
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSetContextThread [0xB9CECA58]
SSDT spir.sys ZwSetValueKey [0xB9ECE29C]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSystemDebugControl [0xB9CEB006]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwWriteVirtualMemory [0xB9CEB66E]
INT 0x62 ? 8A47FBF8
INT 0x73 ? 8A47FBF8
INT 0x73 ? 8A47FBF8
INT 0x73 ? 8A47FBF8
INT 0x73 ? 8A47FBF8
INT 0x73 ? 8A47FBF8
INT 0x82 ? 8A47FBF8
INT 0x83 ? 8A16BBF8
INT 0x83 ? 8A16BBF8
INT 0x83 ? 8A16BBF8
INT 0x83 ? 8A16BBF8
INT 0x84 ? 8A16BBF8
INT 0x84 ? 8A16BBF8
INT 0x84 ? 8A16BBF8
INT 0x84 ? 8A16BBF8
INT 0x94 ? 8A16BBF8
INT 0x94 ? 8A16BBF8
INT 0x94 ? 8A16BBF8
---- Kernel code sections - GMER 1.0.15 ----
? spir.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B91C38AC 5 Bytes JMP 8A16B1D8
---- User code sections - GMER 1.0.15 ----
.text C:\WINNT\system32\SearchIndexer.exe[820] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINNT\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spir.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spir.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spir.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spir.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spir.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spir.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\System32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3232] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A4ED1F8
AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
Device \Driver\usbuhci \Device\USBPDO-0 8A1A5500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4EF1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A4EF1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A4EF1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A4EF1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A1A5500
Device \Driver\usbuhci \Device\USBPDO-2 8A1A5500
Device \Driver\usbehci \Device\USBPDO-3 8A1A21F8
Device \Driver\usbuhci \Device\USBPDO-4 8A1A5500
AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbuhci \Device\USBPDO-5 8A1A5500
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA44147E-D188-421D-83F4-E51BBDEDA4DC} 89AC2500
Device \Driver\usbuhci \Device\USBPDO-6 8A1A5500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4801F8
Device \Driver\usbehci \Device\USBPDO-7 8A1A21F8
Device \Driver\Cdrom \Device\CdRom0 8A2441F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89AC2500
Device \Driver\NetBT \Device\NetbiosSmb 89AC2500
AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 8A1A5500
Device \Driver\usbuhci \Device\USBFDO-1 8A1A5500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89AC01F8
Device \Driver\usbuhci \Device\USBFDO-2 8A1A5500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89AC01F8
Device \Driver\usbehci \Device\USBFDO-3 8A1A21F8
Device \Driver\usbuhci \Device\USBFDO-4 8A1A5500
Device \Driver\Ftdisk \Device\FtControl 8A4801F8
Device \Driver\usbuhci \Device\USBFDO-5 8A1A5500
Device \Driver\usbuhci \Device\USBFDO-6 8A1A5500
Device \Driver\usbehci \Device\USBFDO-7 8A1A21F8
Device \FileSystem\Cdfs \Cdfs 89AA9500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0x47 0x65 0x45 ...
---- Files - GMER 1.0.15 ----
File C:\cygwin\usr\include\xercesc\validators\schema\identity\FieldActivator.hpp 6989 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\FieldValueMap.hpp 8122 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\IC_Field.hpp 8219 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\IC_Key.hpp 4536 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\IC_KeyRef.hpp 4963 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\IC_Selector.hpp 7901 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\IC_Unique.hpp 4638 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\IdentityConstraint.hpp 9161 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\ValueStore.hpp 7442 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\ValueStoreCache.hpp 8970 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\XercesXPath.hpp 21872 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\XPathException.hpp 3017 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\XPathMatcher.hpp 8538 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\XPathMatcherStack.hpp 6551 bytes
File C:\cygwin\usr\include\xercesc\validators\schema\identity\XPathSymbols.hpp 4418 bytes
File C:\cygwin\usr\info\enscript.info 0 bytes
---- EOF - GMER 1.0.15 ----

weety · Oct 29, 2012

And here's the ComboFix log:

ComboFix 12-10-29.01 - Administrator 29/10/2012 9:28.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3017.2338 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\winnt\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-27 18:52 . 2012-10-27 18:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-27 18:52 . 2012-10-27 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-27 18:51 . 2012-10-27 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-27 18:51 . 2012-09-29 18:54 22856 ----a-w- c:\winnt\system32\drivers\mbam.sys
2012-10-27 18:50 . 2012-10-27 18:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-10-27 18:50 . 2012-10-27 18:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2012-10-27 18:50 . 2012-10-27 18:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2012-10-27 18:49 . 2012-10-27 18:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2012-10-27 18:49 . 2012-10-27 18:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-10-27 18:48 . 2012-10-27 18:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2012-10-26 18:26 . 2012-10-26 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-10-25 16:36 . 2012-10-25 16:36 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Norman Malware Cleaner
2012-10-24 11:23 . 2012-10-24 11:23 149272 ----a-w- c:\winnt\system32\drivers\dwprot.sys
2012-10-23 18:20 . 2012-10-23 18:20 -------- d-----w- c:\documents and settings\hmc05\DoctorWeb
2012-10-22 12:19 . 2012-10-22 12:19 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Temp
2012-10-22 12:19 . 2012-10-22 12:19 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Adobe
2012-10-19 18:01 . 2012-10-19 18:01 -------- d-----w- C:\Mozilla
2012-10-19 18:01 . 2012-10-19 18:01 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Mozilla
2012-10-19 17:08 . 2012-10-19 17:09 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Google
2012-10-19 17:06 . 2012-10-19 17:06 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Identities
2012-10-19 17:05 . 2012-10-19 17:05 -------- d-----w- c:\documents and settings\hmc05\Local Settings\Application Data\Symantec
2012-10-19 17:02 . 2012-10-19 17:02 -------- d-----w- C:\_OTL
2012-10-15 16:42 . 2012-10-15 16:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-10-10 08:16 . 2012-10-10 08:16 -------- d-----w- c:\winnt\ms
2012-10-09 19:51 . 2012-10-09 19:51 -------- d-----w- c:\program files\Tweaking.com
2012-10-09 19:41 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-10-09 19:39 . 2012-10-09 19:39 -------- d-----w- C:\RegBackup
2012-10-09 19:34 . 2008-04-14 04:42 116224 ----a-w- c:\winnt\system32\dllcache\xrxwiadr.dll
2012-10-09 19:34 . 2001-08-17 21:36 23040 ----a-w- c:\winnt\system32\dllcache\xrxwbtmp.dll
2012-10-09 19:34 . 2008-04-14 04:42 18944 ----a-w- c:\winnt\system32\dllcache\xrxscnui.dll
2012-10-09 19:34 . 2001-08-17 21:37 27648 ----a-w- c:\winnt\system32\dllcache\xrxftplt.exe
2012-10-09 19:34 . 2001-08-17 21:37 4608 ----a-w- c:\winnt\system32\dllcache\xrxflnch.exe
2012-10-09 19:32 . 2008-04-13 21:04 11807 ----a-w- c:\winnt\system32\dllcache\wadv07nt.sys
2012-10-09 19:31 . 2001-08-17 21:36 28160 ----a-w- c:\winnt\system32\dllcache\umaxu40.dll
2012-10-09 19:30 . 2001-08-17 11:10 28232 ----a-w- c:\winnt\system32\dllcache\tos4mo.sys
2012-10-09 19:29 . 2001-08-17 21:36 53248 ----a-w- c:\winnt\system32\dllcache\stlncoin.dll
2012-10-09 19:28 . 2001-08-17 21:36 33792 ----a-w- c:\winnt\system32\dllcache\smb0w.dll
2012-10-09 19:27 . 2008-04-13 23:15 11520 ----a-w- c:\winnt\system32\dllcache\scsiscan.sys
2012-10-09 19:26 . 2001-08-17 11:19 3840 ----a-w- c:\winnt\system32\dllcache\rpfun.sys
2012-10-09 19:25 . 2001-08-17 12:53 7168 ----a-w- c:\winnt\system32\dllcache\pnrmc.sys
2012-10-09 19:24 . 2001-08-17 13:05 25088 ----a-w- c:\winnt\system32\dllcache\ovca.sys
2012-10-09 19:23 . 2001-08-17 11:50 13664 ----a-w- c:\winnt\system32\dllcache\n9i128.sys
2012-10-09 19:22 . 2001-08-17 12:52 6528 ----a-w- c:\winnt\system32\dllcache\miniqic.sys
2012-10-09 19:21 . 2008-04-13 23:09 14592 ----a-w- c:\winnt\system32\dllcache\kbdhid.sys
2012-10-09 19:20 . 2001-08-17 11:49 58592 ----a-w- c:\winnt\system32\dllcache\i740nt5.sys
2012-10-09 19:19 . 2008-04-13 23:06 20352 ----a-w- c:\winnt\system32\dllcache\hidbatt.sys
2012-10-09 19:18 . 2001-08-17 12:28 595647 ----a-w- c:\winnt\system32\dllcache\es56cvmp.sys
2012-10-09 19:17 . 2001-08-17 11:11 29696 ----a-w- c:\winnt\system32\dllcache\dm9pci5.sys
2012-10-09 19:16 . 2001-08-17 11:11 39936 ----a-w- c:\winnt\system32\dllcache\cnxt1803.sys
2012-10-09 19:15 . 2008-04-14 04:41 377984 ----a-w- c:\winnt\system32\dllcache\ati2dvaa.dll
2012-10-09 19:00 . 2012-10-09 20:14 181064 ----a-w- c:\winnt\PSEXESVC.EXE
2012-10-09 18:59 . 2012-10-09 20:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-08 20:54 . 2012-10-08 20:54 -------- d-----w- c:\winnt\Application Data
2012-10-07 17:42 . 2012-10-07 17:42 -------- d-----w- c:\winnt\PIF
2012-10-07 16:23 . 2012-10-07 16:23 -------- d-----w- c:\winnt\Profiles
2012-10-05 17:13 . 2012-10-05 17:13 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 11:18 . 2012-04-27 14:50 696520 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
2012-09-24 11:18 . 2011-06-09 07:30 73416 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14 . 1980-01-01 00:00 916992 ----a-w- c:\winnt\system32\wininet.dll
2012-08-28 15:14 . 1980-01-01 00:00 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2012-08-28 15:14 . 1980-01-01 00:00 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2012-08-28 12:07 . 1980-01-01 00:00 385024 ----a-w- c:\winnt\system32\html.iec
2012-08-24 13:53 . 1980-01-01 00:00 177664 ----a-w- c:\winnt\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 00:54 2148864 ----a-w- c:\winnt\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\winnt\system32\ntkrnlpa.exe
2005-10-12 15:04 . 2005-10-12 15:04 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2012-04-21 01:18 . 2012-05-16 17:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2008-10-16 150040]
"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2008-10-16 178712]
"Persistence"="c:\winnt\system32\igfxpers.exe" [2008-10-16 150040]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-08 1044480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-17 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-11-18 115560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\hmc05\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [N/A]
ICTprintservice.lnk - \\ICADS3\netlogon\clusters\common\ICTprintservice.cmd [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto-sleep.lnk - c:\winnt\Installer\{F1F8CE7F-1D24-416F-BFA1-F7DD39D8A000}\mainicon.ico [2011-11-9 15086]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-166766\Scripts\Logoff\0\0]
"Script"=userlog_logoff_3.04.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-166766\Scripts\Logon\0\0]
"Script"=%logonserver%\netlogon\user4-GPO.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DwProt;DrWeb Protection;c:\winnt\system32\drivers\dwprot.sys [24/10/2012 11:23 149272]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\winnt\system32\drivers\sfaudio.sys [01/01/1980 24064]
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [17/12/2009 23:14 691696]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\winnt\system32\drivers\e1k5132.sys [01/01/1980 144480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/09/2012 08:28 106656]
R3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [01/01/1980 36352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27/04/2012 14:50 250568]
S3 COH_Mon;COH_Mon;c:\winnt\system32\drivers\COH_Mon.sys [03/07/2009 10:52 23888]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-29 c:\winnt\Tasks\Adobe Flash Player Updater.job
- c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 11:18]
.
2012-10-29 c:\winnt\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2012-03-22 03:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.imperial.ac.uk/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 155.198.142.7 155.198.142.8
DPF: {64A6114F-2976-4634-BE36-134BF84D369C} - hxxps://www3.imperial.ac.uk/eWebEditPro/ewebeditpro4.cab
DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AD} - ftp://ftp.ni.com/pub/devzone/tut/cnx_lv8_runtime.exe
DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF}
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\knuehkda.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-29 09:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-507921405-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,73,79,a0,0d,21,93,42,a8,9d,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,73,79,a0,0d,21,93,42,a8,9d,fe,\
.
Completion time: 2012-10-29 09:39:45
ComboFix-quarantined-files.txt 2012-10-29 09:39
ComboFix2.txt 2012-10-19 01:05
ComboFix3.txt 2012-10-04 05:10
ComboFix4.txt 2012-10-03 03:36
ComboFix5.txt 2012-10-29 09:26
.
Pre-Run: 197,775,917,056 bytes free
Post-Run: 199,163,875,328 bytes free
.
- - End Of File - - 20A2BF5765F694CF06E3086D0ABFCDE8

weety · Oct 29, 2012

ComboFix ran way faster than before (a few mins compared to many hours). I logged back in to the affected user account to recheck the symptoms. Windows Update fails differently to before (the website loads but displays an error message on the page). The same problem remains with installing Malwarebytes (even though it is actually installed now).

Jay Pfoutz · Oct 29, 2012

Please do the following:

Download and run mbam-clean.exe from here

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
[*]Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

weety · Nov 1, 2012

I followed the steps. No change from before. Setup still completes fine in the Administrator account.

Jay Pfoutz · Nov 1, 2012

But is MBAM working?

How is the overall state of the PC?

weety · Nov 1, 2012

Yes MBAM looks fine. My point was that the MBAM installer cannot be run from the affected account (only the new, unaffected Administrator account). Similarly, Windows Update can only be run from the unaffected account.

In fact, all of the original symptoms are more or less the same in the affected account, while the Administrator account works fine.

Jay Pfoutz · Nov 2, 2012

Okay. Transfer/backup all personal files (documents, pics, etc.) from the bad account, then delete and recreate the account. That should solve that.

MBAM and Windows Update are made to be run by an administrator account only. Maybe that'll help free your mind.

weety · Nov 2, 2012

I've been running Windows Update (and installing/uninstalling/using any number of programs) for the past 3 years on that account (which is listed as an 'administrator' account under User Accounts).

Still, what you say certainly makes sense, so I'll get on with it...

Jay Pfoutz · Nov 3, 2012

Okay. Let me know what happens/happened with it, and if it all worked out.

TechSpot

Welcome to TechSpot

Websites redirected, can't run Windows Update, can't install Malwarebytes

Jay Pfoutz Malware Helper Posts: 4,286 +49

weety Newcomer, in training Posts: 60

Jay Pfoutz Malware Helper Posts: 4,286 +49

weety Newcomer, in training Posts: 60

Jay Pfoutz Malware Helper Posts: 4,286 +49

weety Newcomer, in training Posts: 60

Jay Pfoutz Malware Helper Posts: 4,286 +49

weety Newcomer, in training Posts: 60

weety Newcomer, in training Posts: 60

weety Newcomer, in training Posts: 60

Jay Pfoutz Malware Helper Posts: 4,286 +49

weety Newcomer, in training Posts: 60

Jay Pfoutz Malware Helper Posts: 4,286 +49

weety Newcomer, in training Posts: 60

Jay Pfoutz Malware Helper Posts: 4,286 +49

weety Newcomer, in training Posts: 60

Jay Pfoutz Malware Helper Posts: 4,286 +49

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.