Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Netbook won't start


  • This topic is locked This topic is locked

#1
Heartweaver

Heartweaver

    New Member

  • Member
  • Pip
  • 6 posts
Hi,

I was following the threads by other users on getting an unbootable netbook to start up. I have a similar problem.

I followed the instructions given, which included downloading xPUD and making a system recovery bootable USB. I did all that and got my netbook to boot up from the USB. I ran the tool that xPUD instructed me to and now I have attached my enum.log. Since the other users have not posted theirs yet, I need to know what to do next.

Awaiting further instructions...

(and thank you!)

Attached Files

  • Attached File  enum.log   2.17KB   378 downloads

  • 0

Advertisements


#2
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi heartweaver,

My name is Salagubang and welcome to Geekstogo. If you still need assistance, I'll be glad helping you with your problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

Firstly... due to the nature of the problem, I am going to need you to describe the problem to me and some basic information.

Tell me brand and model of the machine.
What operating system is installed, i.e., XP
Do you have a Recovery CD handy?
and any information prior to the problem which might tell us the cause.

Ok lets begin with a simple test:

Restart your computer with Automatic Restart on System Failure disabled
  • You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight "Disable Automatic Restart on System Failure" then hit enter
    .

  • If windows failed to boot, windows will not restart and will show a blue screen indicating the source of the error as shown in the example below

    Posted Image
  • Copy the technical information (as shown in the above example enclosed in red boxes) and post it on your next response.

  • 0

#3
Heartweaver

Heartweaver

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My netbook is a Asus Eee PC.O
OS is Windows XP
It has no CD drive.

My computer was infected with a virus posing as an anti-virus software. It will only turn on to a dark screen with the cursor blinking the upper left corner.

Tapping the F8 key does not bring up the screen you show.

What I have done so far is install xPUD on a USB drive and have booted my netbook from that. I am transfering files off to a desktop.
I also followed instructions you gave elsewhere on restoring the computer to a specific point. The log file says that it was successful, but Windows still will not boot up. I have reverted to xPUD for now.
  • 0

#4
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi heartweaver,


Step One

On a clean XP machine

  • Please do the following:
  • Open "My Computer" on the desktop.
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders, find "Hide extension for known file types" and uncheck it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window

Next

  • Insert your USB Flash Drive (UFD).
  • Download hpusbfw.exe to your Desktop.
  • Double click "hpusbfw.exe" to run HP USB Disk Storage Format Tool 2.0.6.0.

    Posted Image

    • Choose your USB under "Device"
    • For "File system", choose "FAT"
    • Under "Volume label", type in the name "Bootloader"
    • Leave un-checked "Quick Format" and "Create a DOS startup disk"
    • Click "Start"
  • Copy these two files, from the root of the Windows drive (C:\) to the UFD:

    NTLDR
    Ntdetect.com

Next

  • Open Notepad (go to Start>All Programs>Accessories and click Notepad)
  • Copy the contents of the codebox below using CTRL+C (or selecting all the text in the box, and right clicking on it and selecting Copy)
    [boot loader]
    timeout=-1
    default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="A) Emergency Boot Loader" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="B) Emergency Boot Loader 2nd Partition" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="C) Alternate Boot Loader" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="D) Alternate Boot Loader 2nd Partition" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    
  • Now return to Notepad and use CTRL + V (or rightclick on the whitespace and Paste) to paste the script
  • Verify that you have pasted the complete script
  • Save the Notepad file to the UFD as "boot.ini" using Save as Type: All files

Your Emergency Bootloader is now ready.

Booting using the Emergency Bootloader.
  • Insert the USB (UFD) to the ailing computer.
  • Reboot the system using the UFD Bootloader you just created.
  • Depending on how the harddisk is partitioned, choosing (A) Emergency Bootloader will most of the time do the trick. If however it doesnt work, please try options B,C and D

Note : If you do not know how to set your computer to boot from USB follow the steps here



Step Two

Hi lets try this first, if it fails go to Plan B

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop


Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Posted Image

Then select Start OTL. OTL will now run

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Click the Internet Explorer button, post these logs in your next reply.

Plan B

Download Rkill from here : there are several flavours to choose from, if one does not work then try the next

* rkill.com
* rkill.scr
* rkill.pif


Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above

Attached Files

  • Attached File  Scan.txt   429bytes   361 downloads

Edited by Salagubang, 15 December 2010 - 05:17 PM.

  • 0

#5
Heartweaver

Heartweaver

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi!

I was able to complete Plan A instructions. I have attached the text files.

Attached Files


  • 0

#6
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi heartweaver,

Thank you for posting the logs. I am currently reviewing them right now. Also I am going to repost it here as it makes it easier for me to read. :D

Another question:

Is your netbook running normally with the USB attached? Does the signs of fake alert still showing up?
  • 0

#7
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Reposted

OTL logfile created on: 12/17/2010 7:10:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Michelle Trotter\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 734.00 Mb Available Physical Memory | 72.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 109.89 Gb Free Space | 76.25% Space Free | Partition Type: NTFS
Drive D: | 3.78 Gb Total Space | 3.78 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: MICHELLE | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/17 19:09:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username\Desktop\OTL.scr
PRC - [2010/12/17 19:07:57 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username\Desktop\OTH.scr


========== Modules (SafeList) ==========

MOD - [2010/12/17 19:09:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username\Desktop\OTL.scr


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/01/14 16:58:40 | 000,129,520 | ---- | M] (CinemaNow, Inc.) [Auto | Stopped] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/06 20:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AmUStor.SYS -- (AmUStor)
DRV - [2009/07/10 20:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2009/07/06 09:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/04/27 06:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/09 08:14:28 | 000,208,816 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/03/14 01:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 18:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 00:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/06 20:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/19 03:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/09/12 00:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 07:00:00 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/08 17:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007/12/19 10:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKCU\..\URLSearchHook: {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de680400}:1.9.1.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/02 20:39:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/02 14:08:29 | 000,000,000 | ---D | M]

[2010/05/18 13:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\Mozilla\Extensions
[2010/05/09 18:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\oud7m4h3.default\extensions
[2010/05/09 18:42:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\oud7m4h3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/11/17 20:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\xidch3ai.default\extensions
[2010/05/18 13:48:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\xidch3ai.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/29 19:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\xidch3ai.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2010/12/03 08:28:28 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\xidch3ai.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/05/18 13:48:24 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\xidch3ai.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/12/03 08:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\xidch3ai.default\extensions\[email protected]
[2010/11/30 09:46:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (iUserbar Toolbar) - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (iUserbar Toolbar) - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Program Files\iUserbar\tbiUse.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (iUserbar Toolbar) - {51D37496-C262-4D13-A8C1-C93E59BF50B9} - C:\Program Files\iUserbar\tbiUse.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe (CinemaNow Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\username\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/11 08:16:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/17 19:12:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/12/17 19:08:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\username\Desktop\OTL.scr
[2010/12/17 19:08:02 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\username\Desktop\OTH.scr
[2010/12/03 08:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\username\Local Settings\Application Data\{BA6F6154-B411-4AA6-8D29-D8DD9F49B4C9}
[2010/12/01 12:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/12/01 12:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2010/11/30 09:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\username\My Documents\Higher Self
[2010/11/28 12:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\username\My Documents\Heartweaves
[2010/11/25 16:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/25 16:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/11/25 15:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2009/08/12 02:50:21 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/08/12 02:50:19 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/17 19:09:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username\Desktop\OTL.scr
[2010/12/17 19:07:57 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username\Desktop\OTH.scr
[2010/12/17 19:04:41 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/17 19:04:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/17 19:00:16 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/17 18:56:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 16:07:22 | 001,961,581 | ---- | M] () -- C:\xpud-data.gz
[2010/12/03 08:26:01 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2348482383-1254412328-4204080272-1006UA.job
[2010/12/03 08:23:53 | 000,020,552 | ---- | M] () -- C:\Documents and Settings\username\My Documents\Money Heartweaving.odt
[2010/11/30 09:26:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2348482383-1254412328-4204080272-1006Core.job
[2010/11/28 14:21:04 | 000,028,321 | ---- | M] () -- C:\Documents and Settings\username\My Documents\Heartweaving - Celia Fenn.odt
[2010/11/27 18:51:17 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/25 16:32:34 | 000,022,469 | ---- | M] () -- C:\Documents and Settings\username\My Documents\My Disorderly Room.odt
[2010/11/25 16:32:22 | 000,018,948 | ---- | M] () -- C:\Documents and Settings\username\My Documents\Accounts Access.ods
[2010/11/25 16:30:55 | 000,020,609 | ---- | M] () -- C:\Documents and Settings\username\My Documents\Rule the World From Your Couch.odt
[2010/11/25 16:29:48 | 000,022,660 | ---- | M] () -- C:\Documents and Settings\username\My Documents\ACIM What Am I.odt
[2010/11/25 16:15:25 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/25 16:06:28 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/11/25 16:06:28 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\username\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/11/25 15:44:15 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Reader Library.lnk
[2010/11/20 20:43:30 | 000,062,275 | ---- | M] () -- C:\Documents and Settings\username\My Documents\Heartweaving - Love's Expression - Manifestation.pdf
[2010/11/20 20:43:07 | 000,022,670 | ---- | M] () -- C:\Documents and Settings\username\My Documents\Heartweaving - Love's Expression - Manifestation.odt
[2010/11/19 14:37:01 | 000,001,458 | ---- | M] () -- C:\Documents and Settings\username\Desktop\DivX Movies.lnk
[2010/11/19 14:36:31 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/06 08:29:53 | 001,961,581 | ---- | C] () -- C:\xpud-data.gz
[2010/11/28 12:28:30 | 000,020,552 | ---- | C] () -- C:\Documents and Settings\username\My Documents\Money Heartweaving.odt
[2010/11/25 16:30:52 | 000,020,609 | ---- | C] () -- C:\Documents and Settings\username\My Documents\Rule the World From Your Couch.odt
[2010/11/25 16:29:48 | 000,022,660 | ---- | C] () -- C:\Documents and Settings\username\My Documents\ACIM What Am I.odt
[2010/11/25 16:15:25 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/25 16:06:28 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/11/25 15:44:15 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Reader Library.lnk
[2010/11/20 20:43:26 | 000,062,275 | ---- | C] () -- C:\Documents and Settings\username\My Documents\Heartweaving - Love's Expression - Manifestation.pdf
[2010/11/20 20:43:06 | 000,022,670 | ---- | C] () -- C:\Documents and Settings\username\My Documents\Heartweaving - Love's Expression - Manifestation.odt
[2010/11/01 04:13:46 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\username\Application Data\wklnhst.dat
[2010/09/17 19:50:44 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/09/17 12:31:13 | 000,008,839 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2010/06/09 21:06:24 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010/04/29 00:08:43 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/04/28 21:12:08 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\username\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 03:41:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/12 02:50:21 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/08/12 02:50:21 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/08/12 02:50:21 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/11 14:06:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/08/11 14:06:52 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/08/11 13:51:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/08/11 08:03:27 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/08/11 08:03:18 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2009/08/11 01:10:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/11/06 15:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver
[2010/07/29 19:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2010/06/11 10:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009/08/20 07:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010/08/07 17:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/05/06 18:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/14 11:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\Amazon
[2010/11/06 15:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\Artweaver
[2010/11/14 16:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\Audacity
[2010/11/06 15:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\DAZ 3D
[2010/11/06 15:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\inkscape
[2010/06/10 12:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\MindomoDesktop.9FB4CE8CE38668FA4943B46EEE0AE19C6FFB80FE.1
[2010/04/27 00:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\OpenOffice.org
[2010/04/26 01:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\SecondLife
[2010/11/01 04:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\username\Application Data\Template

========== Purity Check ==========



< End of report >

Edited by Salagubang, 17 December 2010 - 07:46 PM.

  • 0

#8
Heartweaver

Heartweaver

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
There are no more signs of the fake program. My netbook has been on all evening with the USB attached and with no signs of the virus.

Edited by Heartweaver, 17 December 2010 - 09:02 PM.

  • 0

#9
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
:D

Currently reviewing your logs. I will post the next instructions later (upon experts approval).
  • 0

#10
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Heartweaver,

Step One

Restart the computer then remove the USB stick before proceeding with the succeeding instructions.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step Two

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Step Three

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#11
Heartweaver

Heartweaver

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for your clear instructions! :D

Contents of the TDSSKiller file:


2010/12/18 11:45:06.0406 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/18 11:45:06.0406 ================================================================================
2010/12/18 11:45:06.0406 SystemInfo:
2010/12/18 11:45:06.0406
2010/12/18 11:45:06.0406 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/18 11:45:06.0406 Product type: Workstation
2010/12/18 11:45:06.0406 ComputerName: MICHELLE
2010/12/18 11:45:06.0406 UserName: Michelle Trotter
2010/12/18 11:45:06.0406 Windows directory: C:\WINDOWS
2010/12/18 11:45:06.0406 System windows directory: C:\WINDOWS
2010/12/18 11:45:06.0406 Processor architecture: Intel x86
2010/12/18 11:45:06.0406 Number of processors: 2
2010/12/18 11:45:06.0406 Page size: 0x1000
2010/12/18 11:45:06.0406 Boot type: Normal boot
2010/12/18 11:45:06.0406 ================================================================================
2010/12/18 11:45:06.0750 Initialize success
2010/12/18 11:45:17.0890 ================================================================================
2010/12/18 11:45:17.0890 Scan started
2010/12/18 11:45:17.0890 Mode: Manual;
2010/12/18 11:45:17.0890 ================================================================================
2010/12/18 11:45:18.0406 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/18 11:45:18.0500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/18 11:45:18.0671 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/18 11:45:18.0828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/18 11:45:19.0218 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/12/18 11:45:19.0609 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/12/18 11:45:19.0937 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
2010/12/18 11:45:20.0031 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
2010/12/18 11:45:20.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/18 11:45:20.0218 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/18 11:45:20.0343 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/18 11:45:20.0437 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/18 11:45:20.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/18 11:45:20.0906 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/18 11:45:20.0968 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/18 11:45:21.0078 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/18 11:45:21.0140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/18 11:45:21.0203 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/18 11:45:21.0312 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/18 11:45:21.0421 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/18 11:45:21.0671 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/18 11:45:21.0781 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/18 11:45:21.0875 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/18 11:45:21.0921 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/18 11:45:22.0015 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/18 11:45:22.0171 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/18 11:45:22.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/18 11:45:22.0406 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/18 11:45:22.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/18 11:45:22.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/18 11:45:22.0625 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/18 11:45:22.0750 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/12/18 11:45:22.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/18 11:45:22.0890 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/18 11:45:23.0000 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/18 11:45:23.0078 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/18 11:45:23.0187 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/18 11:45:23.0343 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/18 11:45:23.0578 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/18 11:45:23.0609 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/18 11:45:23.0718 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/18 11:45:23.0843 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/18 11:45:24.0015 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/18 11:45:24.0312 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/18 11:45:24.0578 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
2010/12/18 11:45:24.0687 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/18 11:45:25.0078 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/18 11:45:25.0296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/18 11:45:25.0375 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/18 11:45:25.0437 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/18 11:45:25.0484 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/18 11:45:25.0562 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/18 11:45:25.0609 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/18 11:45:25.0671 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/18 11:45:25.0781 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/18 11:45:25.0875 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/18 11:45:25.0968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/18 11:45:26.0062 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/18 11:45:26.0156 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2010/12/18 11:45:26.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/18 11:45:26.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/18 11:45:26.0656 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/12/18 11:45:26.0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/18 11:45:26.0890 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/18 11:45:26.0937 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/18 11:45:27.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/18 11:45:27.0187 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/18 11:45:27.0296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/18 11:45:27.0375 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/18 11:45:27.0406 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/18 11:45:27.0453 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/18 11:45:27.0562 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/18 11:45:27.0640 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/18 11:45:27.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/18 11:45:27.0765 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/18 11:45:27.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/18 11:45:27.0906 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/18 11:45:28.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/18 11:45:28.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/18 11:45:28.0250 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/18 11:45:28.0296 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/18 11:45:28.0343 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/18 11:45:28.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/18 11:45:28.0593 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/18 11:45:28.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/18 11:45:28.0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/18 11:45:28.0875 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/18 11:45:28.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/18 11:45:29.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/18 11:45:29.0046 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/18 11:45:29.0109 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/18 11:45:29.0156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/18 11:45:29.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/18 11:45:29.0359 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/18 11:45:29.0750 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/18 11:45:29.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/18 11:45:29.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/18 11:45:29.0906 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/18 11:45:30.0156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/18 11:45:30.0218 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/18 11:45:30.0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/18 11:45:30.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/18 11:45:30.0531 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/18 11:45:30.0656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/18 11:45:30.0750 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/18 11:45:30.0828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/18 11:45:31.0015 RT80x86 (97b59ce2cfbb0884a16ddd8f1781812b) C:\WINDOWS\system32\DRIVERS\RT2860.sys
2010/12/18 11:45:31.0171 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/18 11:45:31.0265 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/18 11:45:31.0343 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/18 11:45:31.0468 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/18 11:45:31.0625 SNP2UVC (473f35e2a378b854731e67c377a3bea7) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/12/18 11:45:31.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/18 11:45:32.0000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/18 11:45:32.0125 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/18 11:45:32.0296 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/18 11:45:32.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/18 11:45:32.0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/18 11:45:32.0718 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/18 11:45:32.0765 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/18 11:45:32.0890 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/18 11:45:33.0015 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/18 11:45:33.0046 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/18 11:45:33.0140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/18 11:45:33.0312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/18 11:45:33.0437 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/18 11:45:33.0562 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/18 11:45:33.0656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/18 11:45:33.0750 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/18 11:45:33.0812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/18 11:45:33.0890 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/18 11:45:33.0984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/18 11:45:34.0078 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/18 11:45:34.0140 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/18 11:45:34.0234 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/18 11:45:34.0328 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
2010/12/18 11:45:34.0421 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/18 11:45:34.0625 VolSnap (31eda41f98868b92eeed6e16d7424a86) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/18 11:45:34.0656 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/18 11:45:34.0828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/18 11:45:34.0890 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/18 11:45:35.0015 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/18 11:45:35.0296 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/18 11:45:35.0406 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/18 11:45:35.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/18 11:45:35.0640 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/18 11:45:35.0781 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/18 11:45:35.0796 ================================================================================
2010/12/18 11:45:35.0796 Scan finished
2010/12/18 11:45:35.0796 ================================================================================
2010/12/18 11:45:35.0828 Detected object count: 2
2010/12/18 11:45:53.0968 VolSnap (31eda41f98868b92eeed6e16d7424a86) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/18 11:45:56.0015 Backup copy found, using it..
2010/12/18 11:45:56.0046 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2010/12/18 11:45:56.0046 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2010/12/18 11:45:56.0125 \HardDisk0 - processing error
2010/12/18 11:46:38.0343 \HardDisk0 - will be restored after reboot
2010/12/18 11:46:38.0343 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure Restore
2010/12/18 11:46:55.0953 Deinitialize success

______________________________________________________________________________________________________________

MBAM file:


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5348

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/18/2010 12:08:34 PM
mbam-log-2010-12-18 (12-08-34).txt

Scan type: Quick scan
Objects scanned: 139209
Time elapsed: 8 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\spool\prtprocs\w32x86\48020D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\michelle trotter\local settings\Temp\tmp20B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\michelle trotter\local settings\Temp\tmp20C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\michelle trotter\local settings\Temp\vwnetcjlvm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\michelle trotter\local settings\Temp\208.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\michelle trotter\local settings\Temp\480608390.exe (Rogue.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\michelle trotter\local settings\Temp\ilummscowh.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\michelle trotter\local settings\Temp\err.log480527703 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\209.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\_ex-08.exe (Trojan.Fitmu) -> Quarantined and deleted successfully.
c:\documents and settings\michelle trotter\local settings\temporary internet files\Content.IE5\6UFQGRG9\433-direct[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\michelle trotter\local settings\Temp\0.5694972688036583.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\michelle trotter\local settings\Temp\windows update.exe (Trojan.VB) -> Quarantined and deleted successfully.

______________________________________________________________________________________________________________

Kas file:


Autoscan: completed 1 minute ago (events: 12, objects: 341956, time: 01:10:31)
12/18/2010 3:19:03 PM Task completed
12/18/2010 3:07:44 PM Deleted: Trojan.Win32.FakeAV.vxt C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP82\A0015200.exe
12/18/2010 3:07:31 PM Detected: Trojan.Win32.FakeAV.vxt C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP82\A0015200.exe
12/18/2010 3:07:31 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP82\A0015199.exe
12/18/2010 3:05:02 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP82\A0015198.dll
12/18/2010 3:04:52 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP82\A0015194.exe
12/18/2010 3:04:43 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{AD59D2D3-9557-4F15-938F-8763BF16B5A2}\RP82\A0015190.dll
12/18/2010 2:27:28 PM Deleted: Trojan-Downloader.Java.OpenConnection.ca C:\Documents and Settings\Michelle Trotter\Local Settings\Temp\jar_cache2085070674744231419.tmp/ot/pizdi.class
12/18/2010 2:27:18 PM Detected: Trojan-Downloader.Java.OpenConnection.ca C:\Documents and Settings\Michelle Trotter\Local Settings\Temp\jar_cache2085070674744231419.tmp/ot/pizdi.class
12/18/2010 2:27:17 PM Deleted: Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Michelle Trotter\Local Settings\Temp\jar_cache2085070674744231419.tmp/bpac/KAVS.class
12/18/2010 2:26:41 PM Detected: Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\Michelle Trotter\Local Settings\Temp\jar_cache2085070674744231419.tmp/bpac/KAVS.class
12/18/2010 2:08:31 PM Task started
  • 0

#12
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
How is the computer running now?
  • 0

#13
Heartweaver

Heartweaver

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Seems to be working beautifully! No sign of problems. :D
  • 0

#14
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi heartweaver,

Congratulations. Your computer is now clean :D

  • Download OTL to your desktop
  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
  • Then click the Run Fix button at the top
  • You may be asked to reboot - if so, choose Yes

Clean Temporary Files
  • Download TFC to your desktop
  • Open the file and close any other windows
  • It will close all programs itself when run - make sure to let it run uninterrupted
  • Click the Start button to begin the process - the program should not take long to finish its job
  • Once it is finished, it should reboot your machine, if not, do this yourself to ensure the cleaning process completes

Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
  • Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 23 .
  • Click the JDK 6 Update 20 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u23-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u23-windows-i586.exe and select "Run as an Administrator.")



++++++++++++++++++++++++++++++++++++


Below are links to several programs that will help protect your computer.

Anti-Spyware
I recommend downloading and installing all of the following applications.
  • SpywareBlaster keeps spyware from installing on your system - read the tutorial here
  • SpywareGuard protects your browser and computer in real time - read the tutorial here
  • SUPERAntiSpyware Free Edition detects and removes spyware, adware, malware, trojans, rogue software, worms, rootkits, parasites and other potentially harmful software applications - read the tutorial here

++++++++++++++++++++++++++++++++++++

Other things to keep in mind.

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.

Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.

Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there! Posted Image
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP