Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to Boot with XP!


  • This topic is locked This topic is locked
8 replies to this topic

#1 damfm33

damfm33

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 20 March 2010 - 05:51 PM

I have a HP Pavillion ze2000 running XP Home edition. I get the initial HP screen and then just a blank black screen. It will only give me the boot from cd message if I only have the recovery disk in otherwise I can't boot from cd. Before I was unable to boot I had the antivirus xp 2010 virus.

Thanks in advance for any help

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:48 PM

Posted 20 March 2010 - 07:26 PM

I don't have an HP system, so I don't know how this recovery CD works.

Can you boot into XP at all?

What happens when you insert your CD? What options are available to you?

Louis

#3 Bill1821

Bill1821

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:daytona
  • Local time:12:48 AM

Posted 20 March 2010 - 08:03 PM

Can you enter into cmos? does it show you have a hdd? Have you tried to enter safe mode? (cd-out---as soon as you see the HP screen repeatedly pushing f8- if a menu comes up then scroll up with arrow keys to safe mode- push enter)

also unplug everything from your computer except power, monitor and keyboard- this includes memsticks-speakers-printers-just everything--if windows starts then you can plug in your mouse then..........I once had a similar problem and it was the card reader on my printer causing a conflict--------------

Does the recovery cd 'see' the hard drive and operating system? What happened when you tried to use it?

I think when a moderator gets to this thread he is going to need more info from you-

here is a link to the same or similar virus matching your description-

http://www.bleepingcomputer.com/virus-remo...-antivirus-2010

If this is you then this probably didn't cause boot problem but maybe it has some friends that are visiting you too.

I googled this and it appears to cause some bad problems like blank desktops- etc. so maybe the inventers of this nastines 'upgraded' their product- but if you can't get into windows then they can't make a sale---doesn't make sense.

good luck to you.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,428 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 AM

Posted 21 March 2010 - 04:06 AM

Hello, please see if you can follow the steps below. I am moving this topic to a more appropriate forum.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use Safelist
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 damfm33

damfm33
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 21 March 2010 - 02:28 PM

Here is the file.

OTL logfile created on: 3/21/2010 3:08:29 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.00 Mb Total Physical Memory | 438.00 Mb Available Physical Memory | 69.00% Memory free
582.00 Mb Paging File | 461.00 Mb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.44 Gb Free Space | 62.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (crd)
SRV - [2009/12/09 05:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe -- (N360)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2004/08/04 08:00:00 | 000,053,248 | ---- | M] () [Auto] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilDrvI9)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (_VOIDd.sys)
DRV - [2010/03/19 22:11:38 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\omxziqm.sys -- (omxziqm)
DRV - [2010/03/15 21:54:07 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/09 21:54:56 | 000,041,472 | ---- | M] () [Kernel | System] -- C:\WINDOWS\_VOIDnseompdmxt\_VOIDd.sys -- (_VOIDnseompdmxt)
DRV - [2009/12/09 05:06:51 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0400000.07F\ccHPx86.sys -- (ccHP)
DRV - [2009/12/09 05:00:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20091209.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/12/09 05:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20091209.020\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/03 02:08:32 | 000,325,168 | R--- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\N360\0400000.07F\SRTSP.SYS -- (SRTSP)
DRV - [2009/12/03 02:08:32 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0400000.07F\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/11/26 02:41:48 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\N360\0400000.07F\SymEFA.sys -- (SymEFA)
DRV - [2009/11/26 02:41:22 | 000,116,272 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0400000.07F\Ironx86.SYS -- (SymIRON)
DRV - [2009/11/26 02:40:54 | 000,529,456 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20091205.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/11/25 23:45:11 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/11/21 20:43:48 | 000,362,032 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0400000.07F\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/11/16 20:51:14 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20091105.001\IDSxpx86.sys -- (IDSxpx86)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\N360\0400000.07F\SymDS.sys -- (SymDS)
DRV - [2005/04/11 09:33:52 | 001,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/10 05:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/03/03 15:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/02/18 11:42:02 | 000,349,696 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/02/18 11:41:18 | 000,038,016 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/02/02 07:58:58 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/12/15 11:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/12/15 11:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 11:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/11 20:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 08:00:00 | 000,002,304 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\ndiswdk.sys -- (ndiswdk)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/14 11:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 15:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Earl_Mack_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\Earl_Mack_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Earl_Mack_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\

[2009/10/27 20:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl Mack\Application Data\Mozilla\Firefox\extensions
[2009/10/27 20:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Earl Mack\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\dg9u0g.dll) - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\dg9u0g.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.0.0.127\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\Earl_Mack_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\Earl_Mack_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\EARLMA~1\LOCALS~1\Temp\install.exe File not found
O4 - HKU\Earl_Mack_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\Earl_Mack_ON_C..\Run: [Remote System Protection] C:\WINDOWS\System32\dg9u0g.DLL ()
O4 - HKU\Earl_Mack_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Earl_Mack_ON_C..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Documents and Settings\Earl Mack\Local Settings\Temp\gomzlw8y.exe ()
O4 - HKLM..\RunOnce: [IERESETATTRIB] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Installing-ie8] C:\Documents and Settings\Earl Mack\Local Settings\Temp\IE8-WindowsXP-x86-ENU.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Earl_Mack_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Earl_Mack_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O22 - SharedTaskScheduler: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - 7whfiudhf8s7f3oifhif7syfdhsof - C:\WINDOWS\system32\dg9u0g.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Blue Sonic.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Sonic.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/10 00:20:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ae0faac1-0ce5-11de-ba5c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae0faac1-0ce5-11de-ba5c-806d6172696f}\Shell\AutoRun\command - "" = D:\Start.exe -- File not found
O33 - MountPoints2\{ae0faac1-0ce5-11de-ba5c-806d6172696f}\Shell\Install\Command - "" = D:\Start.exe -- File not found
O33 - MountPoints2\{d5c3baee-0dde-11de-ba64-00c09feb228d}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Earl Mack\Local Settings\Application Data\Windows Server\fxlevx.dll) - C:\Documents and Settings\Earl Mack\Local Settings\Application Data\Windows Server\fxlevx.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/19 21:33:07 | 000,000,000 | ---D | C] -- C:\6c66b63308001fb8065a2e06b5
[2010/03/15 21:44:36 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\symtdi.sys
[2010/03/15 21:44:36 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\symtdiv.sys
[2010/03/15 21:44:36 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymDS.sys
[2010/03/15 21:44:36 | 000,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtsp.sys
[2010/03/15 21:44:36 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymEFA.sys
[2010/03/15 21:44:36 | 000,116,272 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\Ironx86.sys
[2010/03/15 21:44:36 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtspx.sys
[2010/03/15 21:44:32 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\cchpx86.sys
[2010/03/15 21:42:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/03/15 21:42:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0400000.07F
[2010/03/15 21:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/03/15 20:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/15 20:29:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/03/15 17:17:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache
[2010/03/14 20:51:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Earl Mack\PrivacIE
[2010/03/14 20:50:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\IETldCache
[2010/03/14 20:50:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Earl Mack\IETldCache
[2010/03/14 20:45:06 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/14 20:45:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/14 20:45:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/03/14 20:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Earl Mack\Application Data\Tific
[2010/03/14 20:14:02 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/03/14 20:14:02 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/03/14 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/03/14 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/03/14 20:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/03/10 22:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Earl Mack\Local Settings\Application Data\Symantec
[2010/03/09 21:54:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\_VOIDnseompdmxt
[2010/03/09 21:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Earl Mack\Local Settings\Application Data\Windows Server
[2010/02/28 17:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Earl Mack\Local Settings\Application Data\Temp
[92 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[100 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/20 15:32:20 | 472,907,776 | -HS- | M] () -- C:\NRTPage.sys
[2010/03/20 15:18:04 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2010/03/20 15:18:03 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Earl Mack\NTUSER.DAT
[2010/03/20 15:18:03 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/20 15:18:03 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/19 22:11:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/19 22:11:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\omxziqm.sys
[2010/03/19 22:11:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/19 22:11:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Earl Mack\ntuser.ini
[2010/03/19 22:11:03 | 004,824,190 | -H-- | M] () -- C:\Documents and Settings\Earl Mack\Local Settings\Application Data\IconCache.db
[2010/03/19 21:45:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/19 21:44:21 | 669,569,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/19 21:41:58 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/19 21:41:58 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/19 21:41:58 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/19 21:12:27 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/19 20:53:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/16 20:56:30 | 001,067,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\Cat.DB
[2010/03/16 20:38:08 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Earl Mack\Desktop\rkill.com
[2010/03/15 22:52:53 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/15 21:54:07 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/03/15 21:54:07 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/03/15 21:54:07 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/03/15 21:54:07 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/03/15 20:40:58 | 000,000,279 | ---- | M] () -- C:\WINDOWS\System32\_VOIDthdubrovbr.dat
[2010/03/15 20:23:35 | 000,001,592 | ---- | M] () -- C:\WINDOWS\System32\_VOIDmfeklnmal.dll
[2010/03/14 20:32:53 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDoptalkvmba.dll
[2010/03/14 20:32:52 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDlrlusdksew.dll
[2010/03/09 21:55:04 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\_VOIDabrprujhpx.dll
[2010/03/09 21:53:23 | 000,020,000 | ---- | M] () -- C:\WINDOWS\System32\dg9u0g.dll
[2010/03/05 08:46:11 | 000,012,644 | ---- | M] () -- C:\Documents and Settings\Earl Mack\Desktop\March 10.xlsx
[92 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[100 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/20 14:34:13 | 472,907,776 | -HS- | C] () -- C:\NRTPage.sys
[2010/03/16 20:56:27 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Earl Mack\Desktop\rkill.com
[2010/03/15 22:43:00 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2010/03/15 21:56:19 | 001,067,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\Cat.DB
[2010/03/15 21:43:33 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymEFA.inf
[2010/03/15 21:43:33 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymDS.inf
[2010/03/15 21:43:33 | 000,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\ccHPx86.inf
[2010/03/15 21:43:33 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymNetV.inf
[2010/03/15 21:43:33 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymNet.inf
[2010/03/15 21:43:33 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtspx.inf
[2010/03/15 21:43:33 | 000,001,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtsp.inf
[2010/03/15 21:43:33 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\Iron.inf
[2010/03/15 21:42:22 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\symnetv.cat
[2010/03/15 21:42:22 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymEFA.cat
[2010/03/15 21:42:22 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymDS.cat
[2010/03/15 21:42:22 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymNet.cat
[2010/03/15 21:42:21 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtspx.cat
[2010/03/15 21:42:21 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtsp.cat
[2010/03/15 21:42:21 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\iron.cat
[2010/03/15 21:42:21 | 000,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\cchpx86.cat
[2010/03/15 21:42:21 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\isolate.ini
[2010/03/14 20:14:02 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/03/14 20:14:02 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/03/09 21:56:27 | 000,001,592 | ---- | C] () -- C:\WINDOWS\System32\_VOIDmfeklnmal.dll
[2010/03/09 21:55:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDlrlusdksew.dll
[2010/03/09 21:55:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDoptalkvmba.dll
[2010/03/09 21:55:08 | 000,000,279 | ---- | C] () -- C:\WINDOWS\System32\_VOIDthdubrovbr.dat
[2010/03/09 21:55:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\_VOIDabrprujhpx.dll
[2010/03/09 21:53:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\omxziqm.sys
[2010/03/09 21:53:23 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\dg9u0g.dll
[2010/03/05 08:46:10 | 000,012,644 | ---- | C] () -- C:\Documents and Settings\Earl Mack\Desktop\March 10.xlsx
[2009/10/10 06:39:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/08/09 10:24:28 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2009/08/09 10:24:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2009/08/02 16:39:32 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/07/27 03:56:37 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Earl Mack\Application Data\$_hpcst$.hpc
[2009/03/10 01:08:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/03/10 01:08:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/03/10 01:08:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/03/10 01:08:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/03/10 01:08:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/03/10 01:08:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/03/10 00:52:28 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/09 22:33:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/13 04:06:00 | 001,347,502 | ---- | C] () -- C:\Program Files\abcpalm_setup.exe
[2007/02/09 05:02:36 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\DevSolutionsCrypt.dll
[2005/05/07 08:40:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PalmDB.dll
[2005/02/12 04:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 08:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2004/08/04 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\ndiswdk.sys

========== LOP Check ==========

[2010/03/09 21:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl Mack\Application Data\Azureus
[2009/07/22 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl Mack\Application Data\Chessmaster Challenge
[2009/09/29 15:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl Mack\Application Data\HotSync
[2009/06/18 22:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl Mack\Application Data\InterVideo
[2009/10/10 16:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl Mack\Application Data\iSilo
[2009/07/05 00:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl Mack\Application Data\PlayFirst
[2010/03/14 20:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Earl Mack\Application Data\Tific

========== Purity Check ==========


< End of report >


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,428 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 AM

Posted 21 March 2010 - 02:48 PM

Well thats a LOT of malware we have there, so lets start cleaning!

Re-run OTLPE and copy the text in de codebox below into the "custom scan/fix" field. Click "Run Fix".
CODE
:services
6to4
ASKUpgrade
ASKService
_VOIDd.sys
omxziqm
_VOIDnseompdmxt

:otl
O2 - BHO: (C:\WINDOWS\system32\dg9u0g.dll) - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\system32\dg9u0g.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKU\Earl_Mack_ON_C..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\EARLMA~1\LOCALS~1\Temp\install.exe File not found
O4 - HKU\Earl_Mack_ON_C..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Documents and Settings\Earl Mack\Local Settings\Temp\gomzlw8y.exe ()
O7 - HKU\Earl_Mack_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O22 - SharedTaskScheduler: {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - 7whfiudhf8s7f3oifhif7syfdhsof - C:\WINDOWS\system32\dg9u0g.dll ()
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Earl Mack\Local Settings\Application Data\Windows Server\fxlevx.dll) - C:\Documents and Settings\Earl Mack\Local Settings\Application Data\Windows Server\fxlevx.dll ()
[2010/03/09 21:56:27 | 000,001,592 | ---- | C] () -- C:\WINDOWS\System32\_VOIDmfeklnmal.dll
[2010/03/09 21:55:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDlrlusdksew.dll
[2010/03/09 21:55:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDoptalkvmba.dll
[2010/03/09 21:55:08 | 000,000,279 | ---- | C] () -- C:\WINDOWS\System32\_VOIDthdubrovbr.dat
[2010/03/09 21:55:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\_VOIDabrprujhpx.dll
[2010/03/09 21:53:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\omxziqm.sys
[2010/03/09 21:53:23 | 000,020,000 | ---- | C] () -- C:\WINDOWS\System32\dg9u0g.dll

:files
C:\WINDOWS\system32\6to4v32.dll
C:\WINDOWS\system32\drivers\omxziqm.sys
C:\WINDOWS\_VOIDnseompdmxt\_VOIDd.sys
C:\Program Files\AskBarDis


Afterwards you should be able to boot normally. Please let me know if it works fine and how the computer is running.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 damfm33

damfm33
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 21 March 2010 - 06:45 PM

Looks like I am good to go. Thank You very much!!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,428 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 AM

Posted 22 March 2010 - 04:13 AM

Please let me know if you want any more help to make sure your computer is clean indeed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,428 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:48 AM

Posted 28 March 2010 - 11:59 AM

Due to lack of activity, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users