Win32 Sality

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Underachiever, Aug 31, 2012.

  1. Underachiever

    Underachiever Private E-2

    My USB and PC recently got infected with Win32 Sality leaving some of my files hidden but cant be revealed by (Folder Option>Show Hidden Folder) I need to uncheck the protected operating system files for me to see my files.


    How can i make them into normal folder again?

    Win32 Sality corrupted my system restore and destroyed some system files. Deleted Malwarebytes and lucky not the Avast because it does have user authentication before closing.

    And How can add protection to my computer?

    Anti Virus Installed/Anti Malware

    Avast
    Malwarebytes ( <-- Any better suggestion? )
    USB Disk Security (I think this prevented the malware from further spreading the virus because of the autorun.inf installed by usb disk security on my USB)
    -Autorun disabled
    -Not downloading any crack,keygen,porn etc
    -Full scanning my computer every 3 days


    I heard some rumors that "Linux" cant be infected by windows virus. Im planning to change my OS but i know linux have a lot of software compatibility issue.
     
    Underachiever, Aug 31, 2012
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Welcome to the Malware Removal Forum.

    Please read ALL of this message including the notes before doing anything.

    Pleases follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.
    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    Kestrel13!, Sep 1, 2012
    #2
  3. Underachiever

    Underachiever Private E-2

    I already get rid of the Sality.. Thanks for the info thou. Im just asking how to make the my folder be normal again.

    -Folder is hidden and treated as operating system files.
    [​IMG]



    And suggestions to improve my security.


    Thanks in advance
     
    Underachiever, Sep 1, 2012
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Personally I would rather you follow those procedures and attach the requested logs because it might help me to help you get it all fixed up. :) There could be remnants, ya never know, rather check before trying to fix that.
     
    Kestrel13!, Sep 1, 2012
    #4
  5. Underachiever

    Underachiever Private E-2

    Alright will do.

    Anyway is it ok to have both Malwarebytes(PRO) and SuperAntiSpyware(FREE) running.

    [​IMG]
     
    Underachiever, Sep 1, 2012
    #5
  6. Underachiever

    Underachiever Private E-2

    While waiting for my scans to finish is there anyway to remove this registry

    Code:
    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun]
"NoDriveTypeAutoRun"=dword:000000b1
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000b1
    Its from Salitykiller. I will replace it with Disable Auto run from Majorgeeks.

    Same as this
    Code:
    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
     
    Underachiever, Sep 1, 2012
    #6
  7. Underachiever

    Underachiever Private E-2

    This is my scan result

    1 New Infected file
     

    Attached Files:

    Underachiever, Sep 1, 2012
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Can I see logs from:

    • HitManPro
    • RogueKiller
    • MGTools

    Thanks.
     
    Kestrel13!, Sep 1, 2012
    #8
  9. Underachiever

    Underachiever Private E-2

    Here is it. I really appreciate this Kestrel

    My folders are now back to normal :)


    Follow up question

    Can i have both Malwarebytes(PRO) and Superantispyware both running at the sametime on my tray together with Avast?

    And how can i delete the registry below. I want to use Disable Autorun reg from majorgeeks so i would want to delete this registry from salitykiller
     

    Attached Files:

    Underachiever, Sep 1, 2012
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes, MalwareBytes SUPerantispyware and avast are fine together. Only one of the Anti-spyware is offering real time protection as you purchased it.

    Now, I need to seek advice from colleagues regarding something. Hang in there.
     
    Kestrel13!, Sep 2, 2012
    #10
  11. Underachiever

    Underachiever Private E-2

    Please include the registry issue. I need to delete those.

    Thanks.
     
    Underachiever, Sep 2, 2012
    #11
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes I have asked thisisu to look in at this thread, so you'll be OK. Just be patient as he has his own threads to look at and is doing me a favour by checking this one ;)
     
    Kestrel13!, Sep 2, 2012
    #12
  13. thisisu

    thisisu Malware Consultant

    Hello,

    [​IMG] From Add/Remove Programs (via Control Panel), please uninstall the below:
    • uTorrentControl2 Toolbar

    These are values set by SalityKiller or other Disable Autorun type of programs. I do not recommend modifying them as the system will become more prone to malware utilizing Autorun features. They are set there as a security precaution. You don't need to modify anything in the registry before swapping to Disable Autorun.

    Unfortunately, you're still infected. Try the below:

    [​IMG] Fix items using OTL by OldTimer

    Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
    Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    Copy the text in the code box below and paste it into the [​IMG] text-field.
    Code:
    [COLOR="DarkRed"]:files[/COLOR]
C:\WINDOWS\baxqskha.dat
C:\WINDOWS\cpznhdhikek
C:\WINDOWS\dehidfjtpt
C:\WINDOWS\dwbwxg
type C:\WINDOWS\ecisfvuhpa.ini /c
C:\WINDOWS\ecisfvuhpa.ini
type C:\WINDOWS\eewo.ini /c
C:\WINDOWS\eewo.ini
C:\WINDOWS\ejxebk
C:\WINDOWS\err.ini
C:\WINDOWS\fas.ini
C:\WINDOWS\grgqrvb
C:\WINDOWS\hihw
C:\WINDOWS\iurduaasebj
C:\WINDOWS\jnpltjziixr
C:\WINDOWS\kragnbr.dat
C:\WINDOWS\lqrbl
C:\WINDOWS\lyi
C:\WINDOWS\lzuovdq
C:\WINDOWS\nhs
C:\WINDOWS\oaap
C:\WINDOWS\pnaphwmzlgp
C:\WINDOWS\pxluctu.dat
type C:\WINDOWS\qgqkumwr.ini /c
C:\WINDOWS\qgqkumwr.ini
C:\WINDOWS\refyhravcw.dat
C:\WINDOWS\rnni.ini
C:\WINDOWS\tnlcyha
C:\WINDOWS\togl
C:\WINDOWS\tzhdw
C:\WINDOWS\uivgphjr
C:\WINDOWS\xibfo.dat
C:\WINDOWS\zwjvhcytwbc
C:\WINDOWS\system32\aclcvmx.ini
C:\WINDOWS\system32\ajfm.ini
C:\WINDOWS\system32\akjgqsepny.ini
C:\WINDOWS\system32\apluecjxljh.ini
C:\WINDOWS\system32\arembuqqlhl.ini
C:\WINDOWS\system32\auemdu.ini
C:\WINDOWS\system32\ayyyufnvi.ini
C:\WINDOWS\system32\azuxhafgo.ini
C:\WINDOWS\system32\betjex.ini
C:\WINDOWS\system32\bxqecmpfn.ini
C:\WINDOWS\system32\byoqvakieh.ini
C:\WINDOWS\system32\cbqynozbpo.ini
C:\WINDOWS\system32\cfclssx.ini
C:\WINDOWS\system32\civwzqm.ini
C:\WINDOWS\system32\cntaml.ini
C:\WINDOWS\system32\cqbt.ini
C:\WINDOWS\system32\ctxnogspj.ini
C:\WINDOWS\system32\defhdp.ini
C:\WINDOWS\system32\detwvkklv.ini
C:\WINDOWS\system32\dfswulgomz.ini
C:\WINDOWS\system32\dgckkqqq.ini
C:\WINDOWS\system32\djzobvavx.ini
C:\WINDOWS\system32\dkfd.ini
C:\WINDOWS\system32\dmuuqmc.ini
C:\WINDOWS\system32\dqajfj.ini
C:\WINDOWS\system32\dxrnzku.ini
C:\WINDOWS\system32\edsljcdivuy.ini
C:\WINDOWS\system32\eesejbzog.ini
C:\WINDOWS\system32\egskehx.ini
C:\WINDOWS\system32\epuzw.ini
C:\WINDOWS\system32\ezafudvoiyt.ini
C:\WINDOWS\system32\fmlgoxxnn.ini
C:\WINDOWS\system32\fnyj.ini
C:\WINDOWS\system32\fyvyvw.ini
C:\WINDOWS\system32\gbx.ini
C:\WINDOWS\system32\gcgii.ini
C:\WINDOWS\system32\gecrm.ini
C:\WINDOWS\system32\ggjxmqh.ini
C:\WINDOWS\system32\ghdvcccqxcv.ini
C:\WINDOWS\system32\giemuzl.ini
C:\WINDOWS\system32\gswxesatox.ini
C:\WINDOWS\system32\gxiglgpq.ini
C:\WINDOWS\system32\gzswrdxw.ini
C:\WINDOWS\system32\hgu.ini
C:\WINDOWS\system32\hiushfclfla.ini
C:\WINDOWS\system32\hqwxnfwmq.ini
C:\WINDOWS\system32\hrfumedgw.ini
C:\WINDOWS\system32\htubwk.ini
C:\WINDOWS\system32\hxokmtz.ini
C:\WINDOWS\system32\ibqvywo.ini
C:\WINDOWS\system32\ict.ini
C:\WINDOWS\system32\iduxw.ini
C:\WINDOWS\system32\ikvd.ini
C:\WINDOWS\system32\ilppyukvb.ini
C:\WINDOWS\system32\imisiwl.ini
C:\WINDOWS\system32\isnvgwxvzx.ini
C:\WINDOWS\system32\itshnv.ini
C:\WINDOWS\system32\ivz.ini
C:\WINDOWS\system32\ixrmyzmuf.ini
C:\WINDOWS\system32\jazdltqdat.ini
C:\WINDOWS\system32\jecbuzopv.ini
C:\WINDOWS\system32\jscxtijpp.ini
C:\WINDOWS\system32\jupdate-1.6.0_33-b03.log
C:\WINDOWS\system32\jupdate-1.6.0_35-b10.log
C:\WINDOWS\system32\jvanbm.ini
C:\WINDOWS\system32\jvpytddxshm.ini
C:\WINDOWS\system32\jxqxva.ini
C:\WINDOWS\system32\kaddzumq.ini
C:\WINDOWS\system32\kblu.ini
C:\WINDOWS\system32\kjvzwobzke.ini
C:\WINDOWS\system32\kkrk.ini
C:\WINDOWS\system32\knk.ini
C:\WINDOWS\system32\ldna.ini
C:\WINDOWS\system32\lhlcj.ini
C:\WINDOWS\system32\liif.ini
C:\WINDOWS\system32\lmkwvtfa.ini
C:\WINDOWS\system32\lnm.ini
C:\WINDOWS\system32\lwcnbd.ini
C:\WINDOWS\system32\maynwlp.ini
C:\WINDOWS\system32\mbpbf.ini
C:\WINDOWS\system32\mhefcltipun.ini
C:\WINDOWS\system32\mhymnl.ini
C:\WINDOWS\system32\mlfml.ini
C:\WINDOWS\system32\mpuqpwyjjoe.ini
C:\WINDOWS\system32\mwzhlh.ini
C:\WINDOWS\system32\mxdvmytw.ini
C:\WINDOWS\system32\narceunvfsr.ini
C:\WINDOWS\system32\netcd.ini
C:\WINDOWS\system32\ntpp.ini
C:\WINDOWS\system32\ocduhsoaeky.ini
C:\WINDOWS\system32\ogknbwh.ini
C:\WINDOWS\system32\ogn.ini
C:\WINDOWS\system32\oicryjbsxhd.ini
C:\WINDOWS\system32\okbzdweogsf.ini
C:\WINDOWS\system32\olcfhmx.ini
C:\WINDOWS\system32\ooaomuyhvz.ini
C:\WINDOWS\system32\oofsbkfk.ini
C:\WINDOWS\system32\otorwgb.ini
C:\WINDOWS\system32\ousspnt.ini
C:\WINDOWS\system32\pclkwlz.ini
C:\WINDOWS\system32\pedcjlq.ini
C:\WINDOWS\system32\pefaimbebk.ini
type C:\WINDOWS\system32\phcioojd.ini /c
C:\WINDOWS\system32\phcioojd.ini
C:\WINDOWS\system32\pjtdqi.ini
C:\WINDOWS\system32\pplmagu.ini
C:\WINDOWS\system32\pqjjgvrcrr.ini
C:\WINDOWS\system32\psxulyb.ini
C:\WINDOWS\system32\pvsbacopgo.ini
C:\WINDOWS\system32\qbdvroefxtf.ini
C:\WINDOWS\system32\qnretzig.ini
C:\WINDOWS\system32\qpghwlpi.ini
C:\WINDOWS\system32\qqqewpfdl.ini
C:\WINDOWS\system32\qqqt.ini
C:\WINDOWS\system32\qzegqoobxiy.ini
C:\WINDOWS\system32\rifbww.ini
C:\WINDOWS\system32\riffaw.ini
C:\WINDOWS\system32\rmkgnn.ini
C:\WINDOWS\system32\rnaxcorvnpm.ini
C:\WINDOWS\system32\rpz.ini
C:\WINDOWS\system32\rvitifkhda.ini
C:\WINDOWS\system32\rzuc.ini
C:\WINDOWS\system32\sjzadmi.ini
C:\WINDOWS\system32\skjqlknoa.ini
C:\WINDOWS\system32\slfzi.ini
C:\WINDOWS\system32\srt.ini
C:\WINDOWS\system32\sthnpbr.ini
C:\WINDOWS\system32\surl.ini
C:\WINDOWS\system32\swrosmstc.ini
C:\WINDOWS\system32\tcu.ini
C:\WINDOWS\system32\tgysztaa.ini
C:\WINDOWS\system32\tjerrruiu.ini
C:\WINDOWS\system32\tmksiwyo.ini
C:\WINDOWS\system32\tttpgilubhz.ini
C:\WINDOWS\system32\tubh.ini
C:\WINDOWS\system32\uaqqwmjt.ini
C:\WINDOWS\system32\udixx.ini
C:\WINDOWS\system32\ugh.ini
C:\WINDOWS\system32\uhgxcxne.ini
C:\WINDOWS\system32\ujupkolaxz.ini
C:\WINDOWS\system32\uuknvmo.ini
C:\WINDOWS\system32\vexcv.ini
C:\WINDOWS\system32\vhgdwwy.ini
C:\WINDOWS\system32\vpymgh.ini
C:\WINDOWS\system32\vtccpjjxhbl.ini
C:\WINDOWS\system32\vuzy.ini
C:\WINDOWS\system32\vwx.ini
C:\WINDOWS\system32\wjd.ini
C:\WINDOWS\system32\wmaeoulj.ini
C:\WINDOWS\system32\wtkvqxla.ini
C:\WINDOWS\system32\wuienx.ini
C:\WINDOWS\system32\wvmaql.ini
C:\WINDOWS\system32\wvpmojcpagc.ini
C:\WINDOWS\system32\wztapis.ini
C:\WINDOWS\system32\xabxrnwognq.ini
C:\WINDOWS\system32\xbeumyws.ini
C:\WINDOWS\system32\xbwudob.ini
C:\WINDOWS\system32\xei.ini
C:\WINDOWS\system32\xhepiahgu.ini
C:\WINDOWS\system32\xhliavnncf.ini
C:\WINDOWS\system32\xhxj.ini
C:\WINDOWS\system32\xnrwoffi.ini
C:\WINDOWS\system32\xratz.ini
C:\WINDOWS\system32\xrjmwls.ini
C:\WINDOWS\system32\ybcwdcj.ini
C:\WINDOWS\system32\yeqc.ini
C:\WINDOWS\system32\yfddtyco.ini
C:\WINDOWS\system32\yft.ini
C:\WINDOWS\system32\ynbpico.ini
C:\WINDOWS\system32\yqwnxmuqkr.ini
C:\WINDOWS\system32\yruogei.ini
C:\WINDOWS\system32\ywcotf.ini
C:\WINDOWS\system32\zbu.ini
C:\WINDOWS\system32\zhbezzk.ini
C:\WINDOWS\system32\zmulmsalvp.ini
C:\WINDOWS\system32\zyadeizbstq.ini
C:\WINDOWS\system32\zzmbkjttcv.ini
C:\Documents and Settings\Public\Local Settings\Application Data\Babylon
C:\Documents and Settings\Public\Local Settings\Application Data\Conduit
C:\Documents and Settings\Public\Local Settings\Application Data\uTorrentBar(2)
C:\Documents and Settings\Public\Local Settings\Application Data\uTorrentControl2
[COLOR="DarkRed"]:reg[/COLOR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"startup"=dword:00000000
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
    Now click the [​IMG] button.
    If the fix needed a reboot please do it.
    Click the OK button (upon reboot).
    When OTL is finished, Notepad will open. Close Notepad.
    A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
    Attach this log to your next message. (How to attach)
     
    Last edited: Sep 3, 2012
    thisisu, Sep 2, 2012
    #13
  14. Underachiever

    Underachiever Private E-2

    •I can't uninstall the uTorrentControl2 Toolbar using the add and remove programs,ccleaner and manually clicking the uninstall file.

    •My PC just freezes after clicking the "Run Fix" ("Killing Processes then the progress bar doesnt go and my pc just freezes")

    -Pasted the txt below
    -Disabled Avast,Malwarebytes and SyperAntiSpyware.
     
    Underachiever, Sep 3, 2012
    #14
  15. Underachiever

    Underachiever Private E-2

    I already uninstalled the uTorrentControl2 Toolbar using Reve Uninstaller

    For OTL by OldTimer is it normal that my PC appears to be freezing and the CPU light is not blinking?


    Or is there any setting that i should modify?
     
    Underachiever, Sep 3, 2012
    #15
  16. thisisu

    thisisu Malware Consultant

    thisisu, Sep 3, 2012
    #16
  17. Underachiever

    Underachiever Private E-2

    Done with the OTL.


    I attached the Sality Killer files where i got the disable auto run reg. I just want to replace and delete those registry with disable auto run from majorgeeks. http://forums.majorgeeks.com/showthread.php?t=186542

    I feel that disable auto run from Majorgeeks is more safe. (just a feeling)


    Anyway im getting this errors

    [​IMG]

    I saw this fix method should i do this?

    1.Copy the content written below:
    @ECHO off

    Echo Coded by http://hubpages.com/profile/rancidTaste

    reg add HKLM\SYSTEM\CurrentControlSet\Services\netbt\parameters /v TransportBindName /t REG_SZ /d "" /f

    reg add HKLM\Software\Microsoft\OLE /v EnableDCOM /t REG_SZ /d "N" /f

    Echo Coded by http://hubpages.com/profile/rancidTaste

    Echo Generic Host Error Problem Is Fixed, Press any key to continue

    pause
    2. Open a notepad and paste the above copied content to the notepad.
    3. Save the file as GenericHostErrorProblem.bat and close it.
    4. Double-click on GenericHostErrorProblem.bat and run it.
    5. After fixing or removing the errors, it will ask you to press any key to finish.
    6. Press any key and that's all to fix the problem Generic Host Process For Win32 Services Encountered A Problem and needs to close.
     

    Attached Files:

    Underachiever, Sep 4, 2012
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    @thisisu and kestrel13!,

    Sality has not been removed. There are many system files and possibly others that are infected and or corrupted. Check the filesizes shown in newfiles.txt. For example, all of the below are wrong for WinXP SP2 and there are likely many more:
    Code:
    ============= Finding copies of csrss.exe               
2004-02-18 18:02:44             4,096 [5A8F00B32569BFDBD7607AD383055F77] C:\WINDOWS\system32\csrss.exe
2004-02-18 18:02:44             4,096 [5A8F00B32569BFDBD7607AD383055F77] C:\WINDOWS\system32\dllcache\csrss.exe
                                                      
============= Finding copies of ctfmon.exe               
2004-02-18 18:02:44            14,336 [B04A5398D61CCB25B086CD48DDB191B2] C:\WINDOWS\system32\ctfmon.exe
2004-02-18 18:02:44            14,336 [B04A5398D61CCB25B086CD48DDB191B2] C:\WINDOWS\system32\dllcache\ctfmon.exe
                                                      
============= Finding copies of eventlog.dll               
2004-02-18 18:02:22            61,952 [C55EDF6D72BDA1937C7B46A323925B26] C:\WINDOWS\system32\eventlog.dll
2004-02-18 18:02:22            61,952 [C55EDF6D72BDA1937C7B46A323925B26] C:\WINDOWS\system32\dllcache\eventlog.dll
                                                      
============= Finding copies of explorer.exe               
2004-02-18 18:02:44         1,028,608 [2EC01E29A5F40FCEE4F42A2A66FCB609] C:\WINDOWS\explorer.exe
2004-02-18 18:02:44         1,028,608 [2EC01E29A5F40FCEE4F42A2A66FCB609] C:\WINDOWS\system32\dllcache\explorer.exe
                                                      
============= Finding copies of kernel32.dll               
2004-02-18 18:02:28           965,632 [AD3537131DEE6F2F582E33FDDBFABF20] C:\WINDOWS\system32\kernel32.dll
2004-02-18 18:02:28           965,632 [AD3537131DEE6F2F582E33FDDBFABF20] C:\WINDOWS\system32\dllcache\kernel32.dll
                                                                                                   
============= Finding copies of netlogon.dll               
2004-02-18 18:02:36           416,768 [3205E7E5F5002CAFEAB7C5DB55C5C5C6] C:\WINDOWS\system32\netlogon.dll
2004-02-18 18:02:36           416,768 [3205E7E5F5002CAFEAB7C5DB55C5C5C6] C:\WINDOWS\system32\dllcache\netlogon.dll
                                                      
============= Finding copies of ntfs.sys               
2004-02-16 19:09:30           573,312 [15F2AD4F67E74DA71CC402EC37791F1B] C:\WINDOWS\system32\dllcache\ntfs.sys
2004-02-16 19:09:30           573,312 [15F2AD4F67E74DA71CC402EC37791F1B] C:\WINDOWS\system32\drivers\ntfs.sys
                                                      
============= Finding copies of regedit.exe               
2004-02-18 18:02:46           145,408 [439A9D04F6782F596E7ADF7777EBD9F8] C:\WINDOWS\regedit.exe
2004-02-18 18:02:46           145,408 [439A9D04F6782F596E7ADF7777EBD9F8] C:\WINDOWS\system32\dllcache\regedit.exe
                                                      
============= Finding copies of scecli.dll               
2004-02-18 18:02:38           179,712 [8E1AD375FFDE86544420600740B89E32] C:\WINDOWS\system32\scecli.dll
2004-02-18 18:02:38           179,712 [8E1AD375FFDE86544420600740B89E32] C:\WINDOWS\system32\dllcache\scecli.dll
                                                      
============= Finding copies of services.exe               
2004-02-18 18:02:46           107,520 [0405DFD0B2D76EB02723D399E950CA0A] C:\WINDOWS\system32\services.exe
2004-02-18 18:02:46           107,520 [0405DFD0B2D76EB02723D399E950CA0A] C:\WINDOWS\system32\dllcache\services.exe
                                                      
============= Finding copies of spoolsv.exe               
2004-02-18 18:02:46            57,344 [FDF749AE42C69284694836B551D014A1] C:\WINDOWS\system32\spoolsv.exe
2004-02-18 18:02:46            57,344 [FDF749AE42C69284694836B551D014A1] C:\WINDOWS\system32\dllcache\spoolsv.exe
     
    chaslang, Sep 5, 2012
    #18
  19. thisisu

    thisisu Malware Consultant

    Does MD5 not matter in this case?
     
    thisisu, Sep 5, 2012
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well I guess it is possible that this system has never had its updates for even XP SP2 and that it the reason for the unexpected file sizes. They just immediately stood out especially in light of knowing the system had a PE file infector. Perhaps the best thing to do would be to get SP3 installed and see if every thing looks correct afterwards.

    Based on what you already had to fix, this system has had quite a few infections well beyond just Sality.
     
    chaslang, Sep 5, 2012
    #20
  21. Underachiever

    Underachiever Private E-2


    Please dont tell me i have to reformat :( i dont have SP3 here and have a lot of important files here. i dont even have external HDD to back my files up.

    Please tell me what to do next.


    I will post a new log files again.


    Additional question

    [​IMG]

    It says defense + is not functioning properly

    but when i run the diagnostics, it says it didnt found anything.
     
    Last edited: Sep 6, 2012
    Underachiever, Sep 6, 2012
    #21
  22. thisisu

    thisisu Malware Consultant

    Not sure about Comodo (more of a Software issue) but I believe Chaslang was referring to this: http://majorgeeks.com/Microsoft_Windows_XP_Service_Pack_3_d4323.html

    You can download and run this to upgrade to Windows XP Service Pack 3 (without losing your files).

    Go ahead and do that and then complete the below too:

    [​IMG] Now download the latest MGtools.exe to the root of your c: drive.
    • Replace your existing MGtools.exe with this one.
    • Now run this new MGtools.exe by double-clicking it. (Vista/7 right-click and select Run as Administrator)
    • When it is finished, attach c:\MGlogs.zip to your next message. (How to attach)
     
    thisisu, Sep 6, 2012
    #22
  23. Underachiever

    Underachiever Private E-2

    SP2

    Heres my new scan update.

    Hoping for improvements
     

    Attached Files:

    Last edited: Sep 6, 2012
    Underachiever, Sep 6, 2012
    #23
  24. Underachiever

    Underachiever Private E-2


    Ok i will try.. But im using a cracked XP by updating to SP3 it might detect that i am using a cracked one.
     
    Underachiever, Sep 6, 2012
    #24
  25. thisisu

    thisisu Malware Consultant

    thisisu, Sep 6, 2012
    #25
  26. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes, I agree trying to repair a cracked installation of Windows is futile!
     
    Kestrel13!, Sep 7, 2012
    #26
  27. Underachiever

    Underachiever Private E-2

    So troubleshooting ends here..

    Thanks for trying to help.
     
    Underachiever, Sep 7, 2012
    #27
  28. thisisu

    thisisu Malware Consultant

    Yes

    You're welcome.
     
    thisisu, Sep 9, 2012
    #28

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds