ROOTKIT NTNDIS.EXE - STILL NOT FIXED >.<

[Tarq57]

You better have a look at this sticky. http://www.bleepingcomputer.com/forums/topic25912.html
Basically, as I mentioned earlier, you are running HJT from your desktop. It needs to be moved to its own folder on the C drive.

Aside from that, I see no indication in the logs that anything has been fixed.
Has either application - or MBAM or SAS- deleted or quarantined any further files?

[Tarq57]

Correction to the last, there has been one temp .bat file removed.
Hard to believe, but I wonder if it actually did do the job?

[CharleyO]

***

From an analysis of your HJT log :

This one belongs to Yahoo Companion but appears to be deactivated ...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
[can be fixed if this is no longer being used]

The next 2 were classified as unknown entries though I found some information at the links below ...

O4 - S-1-5-18 Startup: Transparent Windows.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Transparent Windows.lnk = ? (User 'Default user')

http://technet.microsoft.com/en-us/library/cc780850.aspx

http://msdn.microsoft.com/en-us/library/ms940168(WinEmbedded.5).aspx
[read under header "Standard Start Menu Short Cuts Updated"]


***

[Husk]

Mmm... I spoke to soon. It still has the same problem, appears I can only get on through a program when a scan is run and needed to reset.

I'll move HJT to a c drive folder

I did have yahoo messenger, but deleted it a long time ago. Transparent windows is a tool where I can control the opacity of the window

[CharleyO]

***

Ok, then ... just fix the 02 entry for Yahoo companion and leave the 04 entries alone.


***

[Husk]

ok

[Husk]

Aside from that, I see no indication in the logs that anything has been fixed.
Has either application - or MBAM or SAS- deleted or quarantined any further files?

I don't think they have. I'll run a SAS scan, see what it comes up with this time