Free Malware Removal Forum

[richope]

Ok I do not have a bootable Windows XP SP3 CD but are the ones on the web ok to use? The ones you can download?
Here is the log from Kaspersky scan
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 13, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 13, 2010 01:08:09
Records in database: 4200120
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 198337
Threats found: 4
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 03:55:33


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AFB0D4B.zip Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AFB0D4B.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\hp\bin\wbug\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\iaStor.sys.vir Infected: Virus.Win32.TDSS.b 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP0\A0000020.sys Infected: Virus.Win32.TDSS.b 1
D:\I386\APPS\APP11700\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
D:\I386\APPS\APP11700\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1

Selected area has been scanned.

[richope]

ntbtlog too big i can not attach it or post it.

Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Did not load driver ACPI Multiprocessor PC
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers

sample from log mostly did not load driver

[deltalima]

Hi richope,

Ok I do not have a bootable Windows XP SP3 CD but are the ones on the web ok to use? The ones you can download?

We would need to use a licensed copy of XP so a download would not be an option.

The detections by Kaspersky are all malware that has been safely quarantined or minor spyware that is not a problem.

[deltalima]

Ok, we just posted at the same time. Please post the last few lines of the ntbtlog log.

[richope]

I will have to check around for cd's we got the computer through Dell and I don't believe CD's came with it

Did not load driver \SystemRoot\System32\Drivers\Klpf.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Did not load driver Realtek High Definition Audio
Did not load driver Data Fax SoftModem with SmartCP
Did not load driver OHCI Compliant IEEE 1394 Host Controller
Did not load driver WsAudioDevice_383
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver Media Control Devices
Did not load driver intelppm.SYS
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel Processor
Did not load driver Intel Processor
Did not load driver Intel(R) G965 Express Chipset Family
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Did not load driver Klif.SYS
Did not load driver Fips.SYS
Did not load driver ELmon.SYS
Did not load driver ELhid.SYS
Did not load driver eeCtrl.SYS
Did not load driver Realtek High Definition Audio
Did not load driver Data Fax SoftModem with SmartCP
Did not load driver OHCI Compliant IEEE 1394 Host Controller
Did not load driver WsAudioDevice_383
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel Processor
Did not load driver Intel Processor
Did not load driver Intel(R) G965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver Data Fax SoftModem with SmartCP
Did not load driver OHCI Compliant IEEE 1394 Host Controller
Did not load driver WsAudioDevice_383
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel Processor
Did not load driver Intel Processor
Did not load driver Intel(R) G965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver Data Fax SoftModem with SmartCP
Did not load driver OHCI Compliant IEEE 1394 Host Controller
Did not load driver WsAudioDevice_383
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel Processor
Did not load driver Intel Processor
Did not load driver Intel(R) G965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver Data Fax SoftModem with SmartCP
Did not load driver OHCI Compliant IEEE 1394 Host Controller
Did not load driver WsAudioDevice_383
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver Intel Processor
Did not load driver Intel Processor
Did not load driver Intel(R) G965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver Data Fax SoftModem with SmartCP
Did not load driver OHCI Compliant IEEE 1394 Host Controller
Did not load driver WsAudioDevice_383
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Did not load driver Intel Processor
Did not load driver Intel Processor
Did not load driver Intel(R) G965 Express Chipset Family
Did not load driver Realtek High Definition Audio
Did not load driver Data Fax SoftModem with SmartCP
Did not load driver OHCI Compliant IEEE 1394 Host Controller
Did not load driver WsAudioDevice_383
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \SystemRoot\System32\Drivers\TDTCP.SYS
Loaded driver \SystemRoot\System32\Drivers\RDPWD.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Did not load driver Klif.SYS
Did not load driver Klif.SYS
Did not load driver Klif.SYS
Did not load driver Klif.SYS
Did not load driver Klif.SYS
Did not load driver Klif.SYS
Did not load driver Klif.SYS
Did not load driver Klif.SYS
Did not load driver Klif.SYS
Did not load driver Klif.SYS
Did not load driver TSP.SYS
Did not load driver Klif.SYS

[richope]

OK. Pulled out book that came with computer and there is an application in PC Help & Tools > HP Application Recovery > can click on either Application Installation or Driver Installation

There is also something about Microsoft System Restore

Helpful?

[deltalima]

Hi richope,

there is an application in PC Help & Tools > HP Application Recovery

I doubt that would be able to sort the booting problem. HP computers normally come with a recovery partition that allows you to return the computer to the state it was when delivered new.

Warning This process will remove any programs you have installed and any documents, pictures etc. that are on the computer so make sure you copy everything you want to keep to another computer first.

Press the power button to start the HP. Press and hold the F11 key to launch the HP Recovery Manager from the recovery partition then follow the on screen instructions.

If you choose to follow this route then as soon as the computer is back up and running, before connecting to the Internet download whatever antivirus program you intend to use to another computer and transfer using a USB memory stick to this computer and install the antivirus.

As soon as the computer is connected to the Internet then update the antivirus and then visit Microsoft Update and install All updates that are available. This may take quite a while but is vital.

[richope]

Just to give you an update. Did a full system restore. Took awhile to get all the Windows updates and stuff but I am now at Windows XP sp 3. Have AVG ant-virus running. So I guess you can close this posting. Thanks for all your help. Would I have been able to just do a restore from the start and been at the same point rather than fighting the whole thing? Or should you get rid of the virus before doing restore?
Thanks again for your help.
Hope

[deltalima]

Hi richope,

Thanks for all your help. Would I have been able to just do a restore from the start and been at the same point rather than fighting the whole thing?

Glad you are sorted.

You could have just done a restore at first, however it is unusual to need to do a full restore, the majority of malware problems can be resolved without needing to restore.

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

[Carolyn]

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.