Inactive [A] Black screen, with all programs disappeared

Status
Not open for further replies.
N

Nunupig

Hi. I ran a AV and malware scan. what should i go next? Here's my malware log. Can someone help me?

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
User :: PC [administrator]

Protection: Enabled

2012/2/8 下午 07:52:09
mbam-log-2012-02-08 (19-52-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 164282
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Detected: 2
C:\Documents and Settings\All Users\Application Data\QGuaayvrII.exe (Rogue.FakeHDD) -> 228 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\lGp2l9xqFbYKFA.exe (Rogue.FakeHDD) -> 2828 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|QGuaayvrII.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\QGuaayvrII.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_XMLLookup (Hijacker.XMLLookup) -> Data: http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_intl (Hijacker.intl) -> Data: http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s -> Quarantined and deleted successfully.

Registry Data Items Detected: 11
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\All Users\Application Data\QGuaayvrII.exe (Rogue.FakeHDD) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\lGp2l9xqFbYKFA.exe (Rogue.FakeHDD) -> Delete on reboot.

(end)
 
gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-08 20:38:40
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 ST31000528AS rev.CC37
Running: riqv7218[1].exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pgtdapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA63AD7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ProtectorA.sys (KeyboardProtection driver module/www.ISRA.org.cn)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ProtectorA.sys (KeyboardProtection driver module/www.ISRA.org.cn)

---- EOF - GMER 1.0.15 ----
 
dds log

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by User at 20:40:07 on 2012-02-08
Microsoft Windows XP Professional 5.1.2600.2.950.886.1028.18.3574.2564 [GMT 8:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Panasonic\ncrcore3.exe
C:\Documents and Settings\User\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
E:\Program Files\Panasonic\Ncrwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SVNZI05T\riqv7218[1].exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hk.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670}: 1 (0x1)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
{5c255c8a-e604-49b4-9d64-90988571cecb}
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.0.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.0.0.125\ips\IPSBHO.DLL
BHO: BOC ProcessProtect Class: {776b71e2-b4cc-4c94-bc7c-09103aa690b6} - c:\windows\system32\ProcessProtection.dll
BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.0.0.125\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Ncr3] e:\program files\panasonic\ncrcore3.exe
uRun: [Octoshape Streaming Services] "c:\documents and settings\user\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: 添加到QQ自定義面板 - c:\program files\tencent\qq\AddPanel.htm
IE: 添加到QQ表情 - c:\program files\tencent\qq\AddEmotion.htm
IE: 用QQ彩信發送該圖片 - c:\program files\tencent\qq\SendMMS.htm
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\tencent\qq\QQ.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: bankofchina.com
Trusted Zone: boc.cn
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{75C8BAD1-66B4-4866-9FD3-C1AC4EBA5524} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B2E8B5BA-862C-419C-BBB4-D23CE64B451F} : DhcpNameServer = 203.78.32.242 203.78.32.243
TCP: Interfaces\{D0F40370-A024-4B80-9374-BB52EAAAC0EE} : DhcpNameServer = 218.102.60.110 192.168.0.1
TCP: Interfaces\{E16E29A6-2296-4350-B2BA-37765EE5C776} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F5CB3797-4158-451A-A4A9-1872C21CB210} : DhcpNameServer = 192.168.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\4sahe4n6.default\
FF - prefs.js: browser.search.selectedEngine - Findbook
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coFFPlgn
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0500000.07d\SymDS.sys [2012-2-8 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0500000.07d\SymEFA.sys [2012-2-8 652336]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-8 314456]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-30 11608]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20101123.003\BHDrvx86.sys [2012-2-8 691248]
R1 Protector;Protector;c:\windows\system32\drivers\Protector.sys [2010-6-9 32904]
R1 ProtectorA;ProtectorA;c:\windows\system32\drivers\ProtectorA.sys [2010-6-9 14216]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0500000.07d\Ironx86.sys [2012-2-8 136312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-30 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-30 269480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-8 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-8 44768]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-30 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-8 652360]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.0.0.125\ccSvcHst.exe [2012-2-8 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-8 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20101201.001\IDSXpx86.sys [2012-2-8 341944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-8 20464]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20101201.025\NAVENG.SYS [2012-2-8 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20101201.025\NAVEX15.SYS [2012-2-8 1371184]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-12 1374464]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-8 435032]
S2 gupdate;Google 更新服務 (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 gupdatem;Google 更新 服務 (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-12-29 18432]
.
=============== Created Last 30 ================
.
2012-02-08 12:31:21 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-08 12:30:58 41184 ----a-w- c:\windows\avastSS.scr
2012-02-08 12:30:50 -------- d-----w- c:\program files\AVAST Software
2012-02-08 12:30:50 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-02-08 11:49:52 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2012-02-08 11:49:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-08 11:49:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 11:49:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 11:40:17 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0401000.00F
2012-02-08 11:40:17 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2012-02-08 11:40:13 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2012-02-08 09:54:26 -------- d--h--w- c:\windows\system32\NtmsData
.
==================== Find3M ====================
.
2012-02-08 10:25:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-08 10:25:48 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
.
============= FINISH: 20:44:07.65 ===============
 
attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2007/10/16 下午 01:06:07
System Uptime: 2012/2/8 下午 08:03:17 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KPL-AM
Processor: Intel Pentium III Xeon 處理器 | Socket 775 | 2797/266mhz
Processor: Intel Pentium III Xeon 處理器 | Socket 775 | 2797/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 217.069 GiB free.
D: is FIXED (NTFS) - 195 GiB total, 191.302 GiB free.
E: is FIXED (NTFS) - 495 GiB total, 444.778 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2C575ACB&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1: 2012/1/31 下午 02:24:40 - 系統檢查點
RP2: 2012/2/2 下午 12:15:04 - 系統檢查點
RP3: 2012/2/3 下午 05:36:13 - 系統檢查點
RP4: 2012/2/6 下午 04:39:38 - 系統檢查點
RP5: 2012/2/7 下午 05:30:34 - 系統檢查點
RP6: 2012/2/8 下午 08:30:50 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0 - Chinese Traditional
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
Bonjour
C-Media WDM Audio Driver
Choice Guard
Final Media Player 2010
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.26)
MSTPCRT
MSVCRT
Network Camera Recorder with Viewer Software
Norton 360
Norton Bootable Recovery Tool Wizard
Octoshape Streaming Services
Platform
PowerDVD
QuickTime
Real Alternative 1.60
Realtek High Definition Audio Driver
Segoe UI
VIA 平台裝置管理員
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Live 上載工具
Windows Live 登入小幫手
Windows Live 程式集
WinRAR archiver
Yahoo! Software Update
小蒙恬
笢弊窅俴厙奻窅俴假諷璃 1.5
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

You're running two AV programs, Avast and Avira.
One of them has to go.
Your choice.

Then....

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

==============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Status
Not open for further replies.

Similar threads

liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni

Latest posts

Back