worm.downadup
worm.kolab
worm.archive
malware.trace
disabled.securitycenter
disabled.securitycenter
things seem a lot better, I can get AV sites again and have even validated windows. Here is the MBAM log:
Malwarebytes' Anti-Malware 1.44
Database version: 3902
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
3/23/2010 3:37:39 AM
mbam-log-2010-03-23 (03-37-39).txt
Scan type: Quick Scan
Objects scanned: 107135
Time elapsed: 4 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows hosts controller (Worm.Archive) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\waittokillservicet (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\heqxdc.dll (Worm.Downadup) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\45UFGT2F\jkmcjhj[1].png (Worm.Downadup) -> Quarantined and deleted successfully.
IT's getting late, I imagine you have probably gone to bed. I will keep an eye out for when you get back.
Thanks.