Antivirus is disabled, firewall is disabled, can't update thru windows update. Restore function is not working. Ran Spybot, it removed quite a bit. Then ran mbam. It also removed many things, but has left 2 registry files that can't be deleted.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
But they are still there on a second, third, & fourth scan.
Ran Sophos Anti-rootkit, crashed in both normal and safe mode.
Housecall ran in normal mode but found nothing. Crashed in Safe mode.
Would really like some help on this. Would hate to have to Format/reinstall!
Just let me know what other logs you need.[/quote]
Edited by Bryanmakeup, 31 August 2009 - 09:46 PM.