Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Recovery fix instructions worked! Almost.


  • Please log in to reply
3 replies to this topic

#1 AHoerner

AHoerner

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 01 June 2011 - 05:47 AM

I got a bad case of the Windows XP Recovery virus and could see nothing but the phony console. I followed the bleepingcomputer instructions at http://www.bleepingcomputer.com/virus-removal/remove-windows-xp-recovery exactly -- RKill, then TDSSKiller, then MBAM,then finally Unhide, running everything from a thumb drive. I have not yet run Secunia PSI. TDSSKiller found nothing, and MBAM found and removed a bunch of infected file. Logs for RKill, TDSSKiller, and MBAM are copied below.

Although this seems to have solved most of the problem, most of the simple programs links and all the program links in program folders in my start menu remain missing. So are all the program shortcuts on my desktop. The programs themselves -- the few that I have checked -- seem to be still in place, and I can start them by double-clicking their .exe files in the Program Files directory. Is there any way to get them back? There are dozens of them. Are the program links on the Start menu just shortcuts (with icons in some cases)? Was there perhaps some failure in unhiding shortcuts?

Oh, one more curious thing. The only programs that remained on the Start menu were Notepad and MS Internet Explorer. Explorer says all of its add-ons are disabled, though if you click on the bar to manage add-ons, they say that they are enabled.

Subsequently to the above, a ran a full scan using Microsoft Security Essentials. It found and removed three copie of Alureon.S

My operating system is Windows XP with SP3.

Any help you could offer would be greatly appreciated.

Sincerely, Beanxx



This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 05/31/2011 at 23:13:30.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\uaaiHfWFhq.exe
C:\Documents and Settings\All Users\Application Data\18210596.exe

Rkill completed on 05/31/2011 at 23:13:37.


2011/05/31 23:15:53.0140 3912 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:242011/05/31 23:15:54.0343 3912 ================================================================================
2011/05/31 23:15:54.0343 3912 SystemInfo:
2011/05/31 23:15:54.0343 3912
2011/05/31 23:15:54.0343 3912 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/31 23:15:54.0343 3912 Product type: Workstation
2011/05/31 23:15:54.0343 3912 ComputerName: AHOERNERHP
2011/05/31 23:15:54.0343 3912 UserName: Administrator
2011/05/31 23:15:54.0343 3912 Windows directory: C:\WINDOWS
2011/05/31 23:15:54.0343 3912 System windows directory: C:\WINDOWS
2011/05/31 23:15:54.0343 3912 Processor architecture: Intel x86
2011/05/31 23:15:54.0343 3912 Number of processors: 2
2011/05/31 23:15:54.0343 3912 Page size: 0x1000
2011/05/31 23:15:54.0343 3912 Boot type: Normal boot
2011/05/31 23:15:54.0343 3912 ================================================================================
2011/05/31 23:16:00.0953 3912 Initialize success
2011/05/31 23:16:06.0109 3064 ================================================================================
2011/05/31 23:16:06.0109 3064 Scan started
2011/05/31 23:16:06.0109 3064 Mode: Manual;
2011/05/31 23:16:06.0109 3064 ================================================================================
2011/05/31 23:16:09.0859 3064 Accelerometer (a0baabb7d3549460e3f8c5ad6f778683) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
2011/05/31 23:16:09.0875 3064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/31 23:16:09.0890 3064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/31 23:16:09.0968 3064 ADIHdAudAddService (1600cb3056c984af1987627128874e39) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/31 23:16:10.0000 3064 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/05/31 23:16:10.0046 3064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/31 23:16:10.0109 3064 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/05/31 23:16:10.0171 3064 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/31 23:16:10.0250 3064 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/31 23:16:10.0343 3064 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/31 23:16:10.0453 3064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/31 23:16:10.0484 3064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/31 23:16:10.0703 3064 ati2mtag (ea0139d1673f0db5ec9bc0eb9994cbb2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/31 23:16:10.0953 3064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/31 23:16:11.0015 3064 ATSWPDRV (4c42e4697f3a4ea0cd73a85116d7af7f) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2011/05/31 23:16:11.0078 3064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/31 23:16:11.0140 3064 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/31 23:16:11.0203 3064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/31 23:16:11.0312 3064 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/05/31 23:16:11.0390 3064 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/05/31 23:16:11.0437 3064 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/05/31 23:16:11.0531 3064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/31 23:16:11.0578 3064 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/31 23:16:11.0609 3064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/31 23:16:11.0656 3064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/31 23:16:11.0718 3064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/31 23:16:11.0781 3064 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/31 23:16:11.0828 3064 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/31 23:16:11.0937 3064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/31 23:16:12.0000 3064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/31 23:16:12.0046 3064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/31 23:16:12.0078 3064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/31 23:16:12.0109 3064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/31 23:16:12.0156 3064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/31 23:16:12.0265 3064 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/05/31 23:16:12.0312 3064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/31 23:16:12.0343 3064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/31 23:16:12.0421 3064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/31 23:16:12.0468 3064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/31 23:16:12.0515 3064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/31 23:16:12.0546 3064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/31 23:16:12.0578 3064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/31 23:16:12.0671 3064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/31 23:16:12.0703 3064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/31 23:16:12.0750 3064 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/05/31 23:16:12.0796 3064 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/31 23:16:12.0828 3064 HECI (66fed3eeabdce17829edf4c68702ed22) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/05/31 23:16:12.0843 3064 hpdskflt (9f620e11b80b74f4dab50a81a5df357f) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
2011/05/31 23:16:12.0906 3064 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/05/31 23:16:12.0968 3064 HSFHWAZL (3c01c18b866488fb6cc4e7d5472986a0) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/31 23:16:13.0109 3064 HSF_DPV (0d7d34441e37e4a41b61cff0cbca1e3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/31 23:16:13.0156 3064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/31 23:16:13.0234 3064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/31 23:16:13.0468 3064 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/31 23:16:13.0812 3064 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/31 23:16:13.0890 3064 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/05/31 23:16:13.0937 3064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/31 23:16:14.0000 3064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/31 23:16:14.0046 3064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/31 23:16:14.0078 3064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/31 23:16:14.0140 3064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/31 23:16:14.0187 3064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/31 23:16:14.0218 3064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/31 23:16:14.0265 3064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/31 23:16:14.0328 3064 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/05/31 23:16:14.0453 3064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/31 23:16:14.0500 3064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/31 23:16:14.0562 3064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/31 23:16:14.0593 3064 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/31 23:16:14.0640 3064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/31 23:16:14.0656 3064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/31 23:16:14.0734 3064 lfqlqwexktri (d7dbfbc453b645111e6d21142305e80b) C:\WINDOWS\system32\drivers\lfqlqwexktri.sys
2011/05/31 23:16:14.0812 3064 lfsfilt (5d88f49926258990b55521f17914f287) C:\WINDOWS\system32\DRIVERS\lfsfilt.sys
2011/05/31 23:16:14.0859 3064 lpx (13a46ea046059b01470e819d591f16b8) C:\WINDOWS\system32\DRIVERS\lpx.sys
2011/05/31 23:16:14.0953 3064 MagicTune (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTiCtwl.sys
2011/05/31 23:16:15.0031 3064 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/31 23:16:15.0156 3064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/31 23:16:15.0218 3064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/31 23:16:15.0312 3064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/31 23:16:15.0343 3064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/31 23:16:15.0390 3064 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/05/31 23:16:15.0781 3064 MpKslfec4172c (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE92F465-CFA0-4E72-B36B-60E5FDBBB7FF}\MpKslfec4172c.sys
2011/05/31 23:16:15.0812 3064 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
2011/05/31 23:16:15.0843 3064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/31 23:16:15.0890 3064 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/31 23:16:15.0953 3064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/31 23:16:16.0000 3064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/31 23:16:16.0031 3064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/31 23:16:16.0062 3064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/31 23:16:16.0078 3064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/31 23:16:16.0140 3064 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/31 23:16:16.0156 3064 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/31 23:16:16.0296 3064 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/31 23:16:16.0359 3064 ndasbus (8bfb675da7cdaebd5fa833a5552141d1) C:\WINDOWS\system32\DRIVERS\ndasbus.sys
2011/05/31 23:16:16.0406 3064 ndasfat (fdb5c587a34b2e352b47a90a7b47a930) C:\WINDOWS\system32\DRIVERS\ndasfat.sys
2011/05/31 23:16:16.0437 3064 ndasfs (7804a864942cee2a05dbcf09fceff75a) C:\WINDOWS\system32\DRIVERS\ndasfs.sys
2011/05/31 23:16:16.0578 3064 ndasrofs (003ec31d1ba90d4a6866a1e4bfaf8203) C:\WINDOWS\system32\DRIVERS\ndasrofs.sys
2011/05/31 23:16:16.0640 3064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/31 23:16:16.0750 3064 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/31 23:16:16.0796 3064 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/31 23:16:16.0843 3064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/31 23:16:16.0859 3064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/31 23:16:16.0921 3064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/31 23:16:16.0953 3064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/31 23:16:17.0062 3064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/31 23:16:17.0171 3064 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/05/31 23:16:17.0375 3064 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/05/31 23:16:17.0562 3064 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/31 23:16:17.0625 3064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/31 23:16:17.0796 3064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/31 23:16:18.0000 3064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/31 23:16:18.0046 3064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/31 23:16:18.0062 3064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/31 23:16:18.0140 3064 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/05/31 23:16:18.0609 3064 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/05/31 23:16:18.0687 3064 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/05/31 23:16:18.0750 3064 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/05/31 23:16:18.0812 3064 nxucjgqhnjpg (d7dbfbc453b645111e6d21142305e80b) C:\WINDOWS\system32\drivers\nxucjgqhnjpg.sys
2011/05/31 23:16:18.0859 3064 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/31 23:16:18.0921 3064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/31 23:16:18.0984 3064 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys
2011/05/31 23:16:19.0015 3064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/31 23:16:19.0062 3064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/31 23:16:19.0093 3064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/31 23:16:19.0140 3064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/31 23:16:19.0171 3064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/31 23:16:19.0656 3064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/31 23:16:19.0687 3064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/31 23:16:19.0765 3064 PSFILEMON (61279e72a00aabd3d9ad81d9f425445a) C:\WINDOWS\system32\Drivers\psfilemon.sys
2011/05/31 23:16:19.0796 3064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/31 23:16:19.0812 3064 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/31 23:16:19.0921 3064 qngljhytcmys (d7dbfbc453b645111e6d21142305e80b) C:\WINDOWS\system32\drivers\qngljhytcmys.sys
2011/05/31 23:16:19.0968 3064 qqyucsvmmymw (d7dbfbc453b645111e6d21142305e80b) C:\WINDOWS\system32\drivers\qqyucsvmmymw.sys
2011/05/31 23:16:20.0031 3064 qrkis (3b68696914e467bbe827d2552b5b85ef) C:\WINDOWS\system32\DRIVERS\qrkis.sys
2011/05/31 23:16:20.0078 3064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/31 23:16:20.0125 3064 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/31 23:16:20.0156 3064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/31 23:16:20.0468 3064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/31 23:16:20.0500 3064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/31 23:16:20.0562 3064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/31 23:16:20.0609 3064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/31 23:16:20.0640 3064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/31 23:16:20.0703 3064 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/31 23:16:20.0812 3064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/31 23:16:20.0859 3064 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys
2011/05/31 23:16:20.0921 3064 rgnncvrmwegl (d7dbfbc453b645111e6d21142305e80b) C:\WINDOWS\system32\drivers\rgnncvrmwegl.sys
2011/05/31 23:16:20.0953 3064 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/31 23:16:21.0015 3064 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/31 23:16:21.0046 3064 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/31 23:16:21.0078 3064 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\WINDOWS\system32\DRIVERS\rismc32.sys
2011/05/31 23:16:21.0187 3064 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2011/05/31 23:16:21.0265 3064 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/31 23:16:21.0343 3064 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/31 23:16:21.0390 3064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/31 23:16:21.0437 3064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/31 23:16:21.0468 3064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/31 23:16:21.0546 3064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/31 23:16:21.0593 3064 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/31 23:16:21.0625 3064 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/05/31 23:16:21.0656 3064 snapman (492e4e69c5f673e638bc9173c7e9d5a1) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/05/31 23:16:21.0765 3064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/31 23:16:21.0781 3064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/31 23:16:21.0843 3064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/31 23:16:21.0937 3064 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/31 23:16:21.0984 3064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/31 23:16:22.0015 3064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/31 23:16:22.0171 3064 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/31 23:16:22.0281 3064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/31 23:16:22.0328 3064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/31 23:16:22.0375 3064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/31 23:16:22.0390 3064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/31 23:16:22.0453 3064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/31 23:16:22.0484 3064 tifsfilter (e52011ffe8e8947078ac797df216e5a6) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/05/31 23:16:22.0500 3064 timounter (f644b9eba05806eb5d6f2a8716ce0eee) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/05/31 23:16:22.0546 3064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/31 23:16:22.0703 3064 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/05/31 23:16:22.0765 3064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/31 23:16:22.0812 3064 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/31 23:16:22.0875 3064 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/31 23:16:22.0921 3064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/31 23:16:23.0000 3064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/31 23:16:23.0015 3064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/31 23:16:23.0078 3064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/31 23:16:23.0125 3064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/31 23:16:23.0171 3064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/31 23:16:23.0203 3064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/31 23:16:23.0250 3064 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/31 23:16:23.0281 3064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/31 23:16:23.0312 3064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/31 23:16:23.0343 3064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/31 23:16:23.0437 3064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/31 23:16:23.0500 3064 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/05/31 23:16:23.0609 3064 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/31 23:16:23.0687 3064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/31 23:16:23.0718 3064 whygqbjhaljl (d7dbfbc453b645111e6d21142305e80b) C:\WINDOWS\system32\drivers\whygqbjhaljl.sys
2011/05/31 23:16:23.0828 3064 winachsf (bb62e6fadcfe4096151103ac4b07f1ed) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/31 23:16:23.0890 3064 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/31 23:16:23.0937 3064 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/31 23:16:23.0984 3064 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/31 23:16:24.0015 3064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/31 23:16:24.0062 3064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/31 23:16:24.0125 3064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/31 23:16:24.0375 3064 MBR (0x1B8) (f49c5c7d726b5bae293e238396bab0f6) \Device\Harddisk1\DR3
2011/05/31 23:16:24.0515 3064 ================================================================================
2011/05/31 23:16:24.0515 3064 Scan finished
2011/05/31 23:16:24.0515 3064 ================================================================================
2011/05/31 23:16:24.0531 2348 Detected object count: 0
2011/05/31 23:16:24.0531 2348 Actual detected object count: 0
2011/05/31 23:16:37.0656 2620 Deinitialize success




Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.org

Database version: 6741

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/1/2011 1:23:00 AM
mbam-log-2011-06-01 (01-23-00).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 435144
Time elapsed: 1 hour(s), 57 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PCAntispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uaaiHfWFhq (Trojan.FakeMS) -> Value: uaaiHfWFhq -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\uaaihfwfhq.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.6600795605450083.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\18210596.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\downloads\cryptload1.1.8\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\downloads\cryptload1.1.8\router\fritz!box\nc.exe (PUP.KeyLogger) -> Not selected for removal.
c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\RP376\A0055429.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\RP376\A0055430.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.7358357449961641.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.110560583418981.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.982527556172461.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 AHoerner

AHoerner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 08 June 2011 - 12:09 AM

I solved this problem. I was accidentally running sombody else's cleanup program. When I ran yours, the problem went away.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:57 PM

Posted 08 June 2011 - 12:35 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 jw-WHY

jw-WHY

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 08 June 2011 - 08:08 PM

Hello I was reading your post and you said you ran a tool that corrected the missing options inside the program menus. Can you show the name or the link for the program you ran that solved your issue? I used the same instructions that you used but I still have the missing menu options. Thanks for your help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users