update issues, ram removal aps, some problems with root repel, logs attached

This started when my mothers laptop need to do some updates. It is set to automatic updates, but it had never even updated to sp3. There were some issues in updating, so I decided to run the malware apps. Combo fix appears to have found some things. There were some issues getting RootRepel to run. I was getting an error 0xc0000022 that the driver could not be loaded. I had to install some dotnet versions to get MGtools to run and I don't know if RootRepel needs dotnet or not. In the end, if I had my zonealarm ISS turned on, RootRepel would open. If ISS was off, I would get the driver error. I ended up leaving ISS on to open the app, and then turning it off while the scan was running. RootRepel said that it found two files, but when I clock on the button to save the sacn, the save window had something on it like there was a problem saving the file. It did save, but there is only one file listed in the log when the app said if found two.

I think I have all the updates installed, but I'm not sure if the rig is clean now or not. Let me know if I left anything out.

LMHmedchem

 

Hello LMHmedchem,

Retry attaching the logs. See the following: How to attach items to your post

 

I have moved to a different computer and will try uploading the attachment from here. I was having quite a bit of trouble on the other rig. I put everything in one zip, I hope that is the prescribed method.

LMHmedchem

 

I can see you are on Service Pack 3 now.

If the only problems you are having are with Windows Updates, then you should visit the Software forum.

These logs are all clean of malware.

___

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

 

I was trying to install an app, and it said I needed sp3. I was shocked to see that the computer was not on sp3, and that is was still using ie6. I was having allot of trouble getting it to complete the updates and after running so long on old code, I thought it was wise to run a malware sweep. The fact the combofix seemed to find and quarantine some things, and that I couldn't get rootrepeal to run at all for a while gave me more concern.

Thanks for checking this out, the computer is used for some important things and I needed to make sure it is alright. Was there anything that was removed in the cleaning process?

Thanks for all your help.

LMHmedchem

 

ComboFix is a great tool but it only removed some unneeded/junk items in your case, nothing malware related.

RootRepeal does not run properly on every single system. Many people have issues with getting it to run. This is why we have you scan with multiple scanners and removal tools.

In the end, you did get a RootRepeal log and it is clean.

You're welcome.
There are not any malware related items in your logs, so nothing malware related was removed.