Windows update error code FFFFFFF

Solved/Closed
punitive Posts 13 Registration date Sunday April 11, 2010 Status Member Last seen April 24, 2010 - Apr 21, 2010 at 06:24 AM
Kamrul08 Posts 27 Registration date Monday November 28, 2011 Status Member Last seen December 22, 2011 - Dec 14, 2011 at 10:15 AM
hello all

ok I have a problem with windows updating, I get an error (code FFFFFFFF) im running windows vista.
i cosequently get bluescreened alot.
i have searched the internet thourouly and have found that the above code is generated from a virus, it all points to (MS10-015) which is (Alureon rootkit)
now this problem can of coarse be cured by formatting BUT im sure there is someone out there that can tell me differently? im really hoping its just a case of deleting some files and voilla.

please help (any information will be gratefully recieved)

thx

1 response

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Apr 21, 2010 at 06:54 AM
Hi there,

Somehow, your problem seems familiar!

So you get the "blue screen of death"?

Indeed blue screen may be cause by aluron rootkit.

I suggest to you the following:

To keep your system safe, you must follow the instructions hereunder to the letter:

1. Download Combofix to your desktop.

http://www.combofix.org/download.php

2.Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

3. Double click on the ComboFix icon.

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

4. Accept the disclaimer and the recovery

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

Once you are done, paste the log here and report to me on how your system is behaving.

Good luck

Ambucias
0
punitive Posts 13 Registration date Sunday April 11, 2010 Status Member Last seen April 24, 2010
Apr 22, 2010 at 02:07 AM
ComboFix 10-04-21.01 - Mark 22/04/2010 7:52.3.2 - x86
Microsoft® Windows Vista(TM) Home Premium 6.0.6002.2.1252.44.1033.18.3582.2525 [GMT 1:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-22 07:00 . 2010-04-22 07:00 -------- d-----w- c:\users\Mark\AppData\Local\temp
2010-04-22 07:00 . 2010-04-22 07:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-22 07:00 . 2010-04-22 07:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-21 11:12 . 2010-04-21 11:12 -------- d-----w- C:\$AVG
2010-04-21 06:34 . 2010-04-21 06:34 -------- d-----w- c:\users\Mark\AppData\Roaming\Uniblue
2010-04-20 16:34 . 2010-04-20 16:34 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-20 16:33 . 2010-04-20 16:33 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-18 06:17 . 2010-04-18 06:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-18 06:17 . 2010-04-20 16:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-18 06:17 . 2010-04-18 06:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-18 06:17 . 2010-04-21 17:50 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-18 06:17 . 2010-04-18 06:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-18 06:15 . 2010-04-18 06:15 -------- d-----w- c:\programdata\avg9
2010-04-17 14:44 . 2010-04-17 14:44 -------- d-----w- c:\program files\CCleaner
2010-04-16 19:50 . 2010-04-16 22:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-16 19:50 . 2010-04-16 22:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-16 03:02 . 2010-04-16 05:58 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-14 20:45 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 20:45 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 20:45 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 20:45 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 20:45 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 20:45 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 20:42 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 16:22 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:22 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 21:10 . 2010-04-12 21:10 388096 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-12 21:10 . 2010-04-12 21:10 -------- d-----w- c:\program files\TrendMicro
2010-04-11 15:52 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2010-04-11 15:14 . 2010-04-11 15:14 -------- d-----w- c:\users\Mark\AppData\Local\Mozilla
2010-04-10 08:55 . 2010-04-10 08:55 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-10 08:33 . 2010-04-10 08:33 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2010-04-10 08:33 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-10 08:33 . 2010-04-10 08:33 -------- d-----w- c:\programdata\Malwarebytes
2010-04-10 08:33 . 2010-04-10 08:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 08:33 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 08:26 . 2010-04-10 08:26 -------- d-----w- c:\users\Mark\AppData\Roaming\AVP 2009
2010-04-07 09:18 . 2010-04-07 09:18 -------- d-----w- c:\program files\Lizard Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 06:45 . 2009-07-30 17:33 34800 ----a-w- c:\programdata\nvModes.dat
2010-04-22 05:21 . 2010-03-18 22:40 -------- d-----w- c:\program files\Runes of Magic
2010-04-21 09:47 . 2009-07-30 17:32 -------- d-----w- c:\programdata\NVIDIA
2010-04-21 09:46 . 2009-07-30 17:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-13 17:39 . 2009-07-31 22:23 -------- d-----w- c:\program files\Cheat Engine
2010-04-11 14:44 . 2009-07-26 16:41 1356 ----a-w- c:\users\Mark\AppData\Local\d3d9caps.dat
2010-04-10 10:04 . 2009-07-31 18:26 -------- d-----w- c:\program files\HTvid
2010-04-10 08:56 . 2009-07-26 16:42 50896 ----a-w- c:\users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-10 08:51 . 2009-07-30 17:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-09 09:09 . 2009-08-08 03:49 -------- d-----w- c:\users\Mark\AppData\Roaming\Download Manager
2010-04-09 08:41 . 2010-04-09 08:41 129784 ------w- c:\windows\system32\pxafs.dll
2010-04-09 08:41 . 2010-04-09 08:41 43528 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-09 08:41 . 2010-04-09 08:41 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-04-09 08:41 . 2010-04-09 08:41 116472 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-07 09:18 . 2009-07-28 04:19 65536 ----a-w- c:\windows\IFinst27.exe
2010-03-21 07:28 . 2010-03-21 07:28 -------- d-----w- c:\users\Mark\AppData\Roaming\Leadertech
2010-03-18 16:59 . 2010-03-18 16:55 -------- d-----w- c:\users\Mark\AppData\Roaming\FOG Downloader
2010-03-12 18:51 . 2009-07-26 17:06 -------- d-----w- c:\program files\AVG
2010-03-08 18:25 . 2010-03-08 18:25 317760 ----a-w- c:\users\Public\RemoveSGP0.exe
2010-02-24 09:16 . 2009-10-02 17:44 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-04-11 15:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-11 15:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-11 15:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-11 15:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 03:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 03:00 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 03:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-08 03:00 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-23 09:26 . 2010-02-24 18:09 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-04-16_22.42.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-26 18:46 . 2010-04-22 06:53 43210 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-04-22 06:53 79270 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-26 16:43 . 2010-04-22 06:53 10576 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004625517-856898-3363201662-1000_UserData.bin
+ 2010-01-12 11:03 . 2010-01-12 11:03 68200 c:\windows\System32\OpenCL.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 68200 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\OpenCL.dll
- 2006-11-02 13:02 . 2010-04-16 21:10 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2010-04-22 06:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2010-04-16 21:10 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2010-04-22 06:28 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2010-04-22 06:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2010-04-16 21:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-31 16:36 . 2010-04-20 17:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-31 16:36 . 2010-03-30 21:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-31 16:36 . 2010-04-20 17:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-31 16:36 . 2010-03-30 21:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-31 16:36 . 2010-04-20 17:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-31 16:36 . 2010-03-30 21:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-30 03:48 . 2010-04-20 16:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-30 03:48 . 2010-04-09 07:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-30 03:48 . 2010-04-20 16:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-30 03:48 . 2010-04-09 07:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-30 03:48 . 2010-04-09 07:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-30 03:48 . 2010-04-20 16:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-21 09:45 . 2010-04-21 09:45 10134 c:\windows\Installer\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}\ARPPRODUCTICON.exe
- 2010-04-16 22:33 . 2010-04-16 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-22 06:52 . 2010-04-22 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-16 22:33 . 2010-04-16 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-22 06:52 . 2010-04-22 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-04-22 06:59 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-04-16 22:41 599942 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-04-22 06:59 105448 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-04-16 22:41 105448 c:\windows\System32\perfc009.dat
+ 2010-01-11 21:18 . 2010-01-11 21:18 129640 c:\windows\System32\nvvsvc.exe
+ 2009-07-30 04:56 . 2010-01-12 11:03 592488 c:\windows\System32\NVUNINST.EXE
+ 2009-07-30 17:30 . 2010-01-12 11:03 592488 c:\windows\System32\nvudisp.exe
+ 2010-01-11 21:18 . 2010-01-11 21:18 962664 c:\windows\System32\nvsvc.dll
+ 2010-01-11 21:18 . 2010-01-11 21:18 110696 c:\windows\System32\nvmctray.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 182888 c:\windows\System32\nvcod189.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 182888 c:\windows\System32\nvcod.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 592488 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvudisp.exe
+ 2010-01-12 11:03 . 2010-01-12 11:03 318568 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvdecodemft.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 182888 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvcod.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 795104 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\dpinst.exe
- 2009-07-29 04:53 . 2010-04-13 17:45 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-29 04:53 . 2010-04-20 16:59 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-04-21 09:45 . 2010-04-21 09:45 463360 c:\windows\Installer\6f5c8.msi
+ 2008-10-31 09:51 . 2008-10-31 09:51 1314816 c:\windows\System32\PVSonyDll.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 4321384 c:\windows\System32\nvwgf2um.dll
+ 2009-07-30 17:29 . 2010-01-12 11:03 9388648 c:\windows\System32\nvd3dum.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 2243176 c:\windows\System32\nvcuvid.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 4077672 c:\windows\System32\nvcuvenc.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 4061800 c:\windows\System32\nvcuda.dll
+ 2009-07-30 17:29 . 2010-01-12 11:03 1280616 c:\windows\System32\nvapi.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 4321384 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvwgf2um.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 4338792 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvencodemft.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 9388648 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvd3dum.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 2243176 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvcuvid.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 4077672 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvcuvenc.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 4061800 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvcuda.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 1280616 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvapi.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 14924392 c:\windows\System32\nvoglv32.dll
+ 2010-01-11 21:18 . 2010-01-11 21:18 13679720 c:\windows\System32\nvcpl.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 11639400 c:\windows\System32\nvcompiler.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 14924392 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvoglv32.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 11586280 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvlddmkm.sys
+ 2010-01-12 11:03 . 2010-01-12 11:03 40129056 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\NvCplSetupInt.exe
+ 2010-01-12 11:03 . 2010-01-12 11:03 11639400 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_bb022c7b\nvcompiler.dll
+ 2010-01-12 11:03 . 2010-01-12 11:03 11586280 c:\windows\System32\drivers\nvlddmkm.sys
+ 2009-07-29 02:00 . 2010-04-17 10:13 269692544 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSeries.PCSync"="c:\program files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe" [2007-02-23 1716224]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1248630569\ee\AOLSoftware.exe" [2006-11-14 50736]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2009-11-21 884840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 23:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-07-31 18:07 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 13:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 15:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-21 05:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trioService]
2006-01-04 14:17 69632 ------w- c:\program files\3D-Relax\Living 3D Dolphins Trial\trioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):75,30,f6,e6,45,11,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2004625517-856898-3363201662-1000]
"EnableNotificationsRef"=dword:00000001

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R3 DNINDIS4;DNINDIS4 NDIS Protocol Driver;c:\windows\system32\DNINDIS4.SYS [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-02 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-18 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-20 242896]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-04-18 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-18 308064]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

.
Contents of the 'Scheduled Tasks' folder

2010-04-22 c:\windows\Tasks\User_Feed_Synchronization-{5EE14C22-117C-4289-A29C-E53F111B0C96}.job
- c:\windows\system32\msfeedssync.exe [2010-04-11 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\jgeaozdn.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 08:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll nvstor32.sys >>UNKNOWN [0x87F328C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82ba7d24
\Driver\ACPI -> acpi.sys @ 0x8069dd68
\Driver\atapi -> ataport.SYS @ 0x807aca2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-22 08:02:32
ComboFix-quarantined-files.txt 2010-04-22 07:02
ComboFix2.txt 2010-04-16 22:44
ComboFix3.txt 2010-04-13 17:42

Pre-Run: 157,216,567,296 bytes free
Post-Run: 157,352,980,480 bytes free

- - End Of File - - F4F427340106A8A03994F5FE5C01FCBF
0
punitive Posts 13 Registration date Sunday April 11, 2010 Status Member Last seen April 24, 2010
Apr 22, 2010 at 02:09 AM
well all seems to be ok atm but ill report back in 1 day and give an update to my problem.
tyvm jules, if not jules thankyou soooooooo much anyway xD
0