Submitting Malware Removal Logs

2 days ago my husband was on Amazon.com completing his check out of a purchase when he had a pop up dialog message indicating that there was a problem detected with his hard drive it had critical errors. If you clicked the OK button to remove the dialog it would just came back. After multiple pop ups another dialog appeared "Microsoft Repair Scan" my husband clicked the button to start scanning PC, and everything went downhill from there.

The icons on his desktop are light in color like they are hidden files, the start menu recent files icons are not associated with there application folders any longer, the all programs list is empty. Many features were disabled like the task manager, Norton anti virus, control panel and I was unable to run programs like TDSSK.exe. The programs I was able to run were Registry Mechanic, Registry Booster and Trojan remover. All programs had to be executed from there application folder C:\Program Files\filefolder\filename.exe. I was unable to run them from a command prompt, error message could not find the files. The only files I have in my All Programs now are files I had just recently installed on the PC. It feels like I have 2 explorers. I did notice when I was finally able to run Task Manager that there are 2 iexplorers loaded "even on start up without accessing IE". One runs around 20,244k memory usage staying pretty consistent with the number while the other is running at around 51,000k memory usage and constantly changing (going up in size).

I ran across you site for Mal-ware Removal/Cleaning Procedure and decided to give your steps a try. I was able to complete all steps and logs successfully with the exception of Combofix. Combofix completed half way thru the scan when it locked up the PC creating output files at C:\filename.txt I had to do a hard shutdown. The SuperAntiSpyware did not create a log the first time it was ran, it found tracking cookies which it removed. I ran a search of entire hard drive for the file SASlog.txt and could not find one. I ran the application again and attached it. I hope this did not mess up things.

I hope I have provided enough details, if I had been the one this happened to I might would have more details about how it occurred, I can only tell you what I was told by the user.

 

I went through the steps you provided but still had to reinstall the OS. The Analysis.exe did not find the file O4 - HKCU\..\Run: [UU9G4E9I4A9I4UXAKOTC] C:\pagess.sys\pagess.sys.exe, so I moved onto the next step.

After running through all the steps and a fresh restart of the PC I still had pop ups warning about a security risk. Antivirus kept warning of Trojans.
While the unhide.exe brought back all programs list, all the folders were empty. If you right clicked on the folder and tried find the target it was pointing to administrator/Steve or administrator/Steve_oooo the folder they should have been pointing to was Steve and it was not visible to select even though I could see it was in c:\documents and settings.

Thank you for your assistant, I believe it would have worked but too much time had gone by before I asked for help and I believe with each restart it prorogated/embedded even more in to the system.

 

Yes I did a full format and reinstall OS