IC8D1A13...infection

ok..well that means waiting till monday.....thanks Broni...have a good weekend I will try and play around but...

I went to the local library and tried downloading the reboot program and the security would not let me. I am afraid my work computer will be the same on Monday. I did copy mbam and tje other one I have ot on a cd but cannot find the five now. I look in my computer and see C: & D: drve only no cd drive or E: or whatever its called.. can you PC anywhere it and have a look?

There is a open laptop at work for personal use I will use it..talk to you Monday

Broni...my cd drive is gone??? so even if I bring home the cd from work how will I ply it?? its just gone, I used it to make a pwerpoint cd about a month ago...now it doesnt even show up in "my computer"

Broni....I have downloaded everything to a flash drive, however for the next 2 evenings I have baseball games and may not get to it..just for your info, I am not ignoring this help and I appreciate it alot.

Hi Broni...
I have everything on a flash drive now and will work on it tonight when I get home. should I go right to the boot program or try GMER and the other one first?

will do..talk to you in a couple hours...

ok broni..I am lost help me through this process.. I have OLTPE on the flas drive plus the zip and eee?? program. I have never booted from a stick before??

We just moved ..don't know many people yet. I will plug away and report back. I have this thread ony phone so I can post with the laptop down.

Broni..not sure what is up...however I have the MBAM program running thru the hard drive normally. do I fix the 28 items it found or post the log first?

sorry I read the instructions and saw to remove....I will try harder her is log
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Randy Enns :: RANDY [administrator]

Protection: Enabled

7/18/2012 8:19:16 PM
mbam-log-2012-07-18 (20-19-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 318565
Time elapsed: 17 minute(s), 57 second(s)

Memory Processes Detected: 1
C:\Program Files\VooMuu\bin\1.0.34.0\VooMuuSA.exe (Adware.HotBar.CP) -> 3496 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files\VooMuu\bin\1.0.34.0\VooMuuSAHook.dll (Adware.HotBar.VM) -> Delete on reboot.

Registry Keys Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\Software\voomuusa (Adware.HotBar.VM) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\VooMuu (Adware.HotBar.VM) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VooMuuSA (Adware.HotBar.VM) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VooMuuSA (Adware.HotBar.CP) -> Data: "C:\Program Files\VooMuu\bin\1.0.34.0\VooMuuSA.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 5
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\VooMuu (Adware.HotBar.VM) -> Delete on reboot.
C:\Program Files\VooMuu\bin (Adware.HotBar.VM) -> Delete on reboot.
C:\Program Files\VooMuu\bin\1.0.34.0 (Adware.HotBar.VM) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\VooMuuSA (Adware.HotBar.VM) -> Delete on reboot.

Files Detected: 12
C:\Program Files\VooMuu\bin\1.0.34.0\VooMuuSA.exe (Adware.HotBar.CP) -> Delete on reboot.
C:\Program Files\VooMuu\bin\1.0.34.0\VooMuuSAHook.dll (Adware.HotBar.VM) -> Delete on reboot.
C:\Documents and Settings\Tana Lynn\My Documents\Downloads\FrostWireSetup(2).exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tana Lynn\My Documents\Downloads\FrostWireSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tana Lynn\My Documents\Downloads\SoftonicDownloader_for_frostwire.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tana Lynn\Local Settings\Temp\app14.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\Program Files\VooMuu\bin\1.0.34.0\copyright.txt (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\Program Files\VooMuu\bin\1.0.34.0\VooMuuUninstaller.exe (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VooMuuSA\VooMuuSA.dat (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VooMuuSA\VooMuuSAau.dat (Adware.HotBar.VM) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\VooMuuSA\VooMuuSA_kyf.dat (Adware.HotBar.VM) -> Delete on reboot.

(end)