Solved Latest Windows Updates Failing to Install - Malware Suspected

oserdavid · 2010/10/19

As requested - other scans follow:

All processes killed
========== OTL ==========
Service BrlAPI stopped successfully!
Service BrlAPI deleted successfully!
File C:\cygwin\bin\cygrunsrv.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B99F805C-F0B1-48EA-8C8B-753BFCBED913} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B99F805C-F0B1-48EA-8C8B-753BFCBED913}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B99F805C-F0B1-48EA-8C8B-753BFCBED913} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B99F805C-F0B1-48EA-8C8B-753BFCBED913}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HWSetup deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cf\ deleted successfully.
File Protocol\Handler\cf - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Program Files\Common Files\IRAREG.DLL moved successfully.
C:\Program Files\Common Files\IRAABOUT.DLL moved successfully.
C:\Program Files\Common Files\IRAMDMTR.DLL moved successfully.
C:\Program Files\Common Files\IRALPTTR.DLL moved successfully.
C:\Program Files\Common Files\IRAWEBTR.DLL moved successfully.
C:\Program Files\Common Files\IRASRIAL.DLL moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 6000 bytes
->Temporary Internet Files folder emptied: 256890 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 178837024 bytes
->Flash cache emptied: 1125789 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 279386 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 172.00 mb

[EMPTYFLASH]

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10202010_021837

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

oserdavid · 2010/10/19

Security check:

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Smart Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Mozilla Thunderbird (3.1.4)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
FireTrust MailWasher MailWasherPro.exe
FireTrust MailWasher MailWasherProApp.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

broni · 2010/10/19

The above looks good

oserdavid · 2010/10/19

Here's the Bitdefender log:

QuickScan Beta 32-bit v0.9.9.41
-------------------------------
Scan date: Wed Oct 20 02:34:54 2010
Machine ID: 54E972C7

No infection found.
-------------------

Processes
---------
Bonjour 2360 C:\Program Files\Bonjour\mDNSResponder.exe
Carbonite Secure Backup Engine 2388 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
ESET Smart Security 2076 C:\Program Files\ESET\ESET Smart Security\egui.exe
ESET Smart Security 2424 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
Firefox 4608 E:\Program Files\Mozilla Firefox\firefox.exe
Malwarebytes' Anti-Malware 5848 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
Microsoft® .NET Framework 1068 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Microsoft® CoReXT 3244 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
Microsoft® CoReXT 3456 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
Microsoft® Windows® Operating System 4056 C:\Program Files\Windows Media Player\wmpnetwk.exe
Microsoft® Windows® Operating System 2096 C:\Program Files\Windows Media Player\wmpnscfg.exe
Microsoft® Windows® Operating System 6092 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 4748 C:\Windows\servicing\TrustedInstaller.exe
Microsoft® Windows® Operating System 408 C:\Windows\System32\alg.exe
Microsoft® Windows® Operating System 704 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 760 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 2032 C:\Windows\System32\dwm.exe
Microsoft® Windows® Operating System 860 C:\Windows\System32\lsass.exe
Microsoft® Windows® Operating System 868 C:\Windows\System32\lsm.exe
Microsoft® Windows® Operating System 1580 C:\Windows\System32\mobsync.exe
Microsoft® Windows® Operating System 848 C:\Windows\System32\services.exe
Microsoft® Windows® Operating System 1452 C:\Windows\System32\SLsvc.exe
Microsoft® Windows® Operating System 632 C:\Windows\System32\smss.exe
Microsoft® Windows® Operating System 2024 C:\Windows\System32\spoolsv.exe
Microsoft® Windows® Operating System 1020 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1664 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1536 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1432 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 2556 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 2744 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 2804 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 2848 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 2864 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 2988 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 3208 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1284 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1264 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 228 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1232 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1148 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1112 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 404 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 1964 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 4308 C:\Windows\System32\wbem\WmiPrvSE.exe
Microsoft® Windows® Operating System 768 C:\Windows\System32\wininit.exe
Microsoft® Windows® Operating System 816 C:\Windows\System32\winlogon.exe
RAID Monitor 2596 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
TDCSrv Application 3052 C:\Windows\System32\TODDSrv.exe
TOSHIBA Power Saver 3092 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
Windows® Search 1424 C:\Windows\System32\SearchFilterHost.exe
Windows® Search 3436 C:\Windows\System32\SearchIndexer.exe
Windows® Search 4168 C:\Windows\System32\SearchProtocolHost.exe

Network activity
----------------
Process firefox.exe (4608) connected on port 443 (HTTP over SSL) --> 173.194.37.83
Process firefox.exe (4608) connected on port 80 (HTTP) --> 64.4.20.186
Process firefox.exe (4608) connected on port 443 (HTTP over SSL) --> 173.194.36.104
Process firefox.exe (4608) connected on port 80 (HTTP) --> 66.235.142.24
Process firefox.exe (4608) connected on port 80 (HTTP) --> 173.194.37.100
Process firefox.exe (4608) connected on port 80 (HTTP) --> 92.123.85.115
Process firefox.exe (4608) connected on port 443 (HTTP over SSL) --> 173.194.36.104
Process firefox.exe (4608) connected on port 80 (HTTP) --> 66.196.66.212
Process firefox.exe (4608) connected on port 80 (HTTP) --> 173.194.37.104
Process firefox.exe (4608) connected on port 80 (HTTP) --> 87.248.105.217
Process firefox.exe (4608) connected on port 443 (HTTP over SSL) --> 173.194.37.83
Process firefox.exe (4608) connected on port 80 (HTTP) --> 82.71.193.201

Process wininit.exe (768) listens on ports: 49152 (RPC)
Process services.exe (848) listens on ports: 49167
Process lsass.exe (860) listens on ports: 49154 (RPC)
Process svchost.exe (1112) listens on ports: 135 (RPC)
Process svchost.exe (1232) listens on ports: 49153 (RPC)
Process svchost.exe (1284) listens on ports: 49155 (RPC)
Process spoolsv.exe (2024) listens on ports: 49158 (RPC)
Process svchost.exe (2744) listens on ports: 515 (LPD/LPR)
Process svchost.exe (2864) listens on ports: 49159 (RPC)
Process wmpnetwk.exe (4056) listens on ports: 554 (RTSP)

Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Carbonite InfoCenter C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
CLIStart.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Cordless DUALphone C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
ESET Smart Security C:\Program Files\ESET\ESET Smart Security\egui.exe
Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
Google Update C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
HP Digital Imaging C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Intel(R) Common User Interface C:\Windows\system32\igfxdev.dll
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
KeNotify Application C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
Logitech SetPoint E:\Program Files\Logitech\SetPointP\SetPoint.exe
MailWasherPro E:\Program Files\FireTrust\MailWasher\MailWasherPro.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
QuickTime E:\Program Files\QuickTime\QTTask.exe
RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
Skype E:\Program Files\Skype\Phone\Skype.exe
SVPWUTIL Application C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPStart.exe
TOSHIBA Button Support C:\Program Files\TOSHIBA\TBS\HSON.exe
TOSHIBA Online Product Information C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
TOSHIBA Power Saver C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
Windows® Internet Explorer C:\Windows\System32\webcheck.dll

Browser plugins
---------------
Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Advertising Cookie Opt-out c:\program files\google\advertising cookie opt-out\opt_out.dll
BitDefender QuickScan C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
DivX Player Netscape Plugin E:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
Foxit Reader Plugin for Mozilla E:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
Google Gears 0.5.36.0 c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
Google Update C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
Java Deployment Toolkit 6.0.220.4 E:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U22 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Support Diagnostic Tool C:\Windows\Downloaded Program Files\MSDCode.DLL
Microsoft® CoReXT c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
Microsoft® Windows® Operating System C:\Windows\System32\wshbth.dll
Mozilla Default Plug-in E:\Program Files\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
NPWebSLLauncher.dll C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
Panda ActiveScan 2.0 C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
Picasa E:\Program Files\Google\Picasa3\npPicasa3.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
Software Manager C:\Windows\Downloaded Program Files\isusweb.dll
Windows Live Messenger Companion c:\program files\windows live\companion\companioncore.dll
Windows Live Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\System32\ieframe.dll

Missing files
-------------
File not found: C:\Program Files\Virtual Earth 3D\
--> HLKM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0\ "Path "

File not found: E:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
--> HKLM\System\ControlSet001\services\HPSLPSVC\Parameters\ "ServiceDll "

File not found: E:\Program Files\MailDrop
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ "MailDrop "

File not found: H:\PortableApps\OpenOfficePortable\App\openoffice\program
--> HLKM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0\ "Path "

Scan
----

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.06 MB sent, 1.50 KB recvd
Scanned 1263 files and modules - 20 seconds

==============================================================================

oserdavid · 2010/10/19

I'm going to sleep now it's 2:40am here... up again at 7am here...
G'nite
Best
David

broni · 2010/10/19

You'll wake up to good news

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

oserdavid · 2010/10/20

Many thanks Broni - I will follow the recommendations - although I have to say, most of them I've been doing for some time - including scans with Secunia PSI, Malwarebytes and my ESET Smart Security - all of which are meticulously kept up to date. Thus I'm truly puzzled as to why and how it happened in the first place (but I'll read the recommended stuff).

You have not told me what I was infected with... It would be useful to know.

Finally - what am I to do with two usb sticks - one of which contains a bunch of PortableApps, the other of which contains a live Peppermint Ice Linux in one partition and some (Windows) PortableApps in the other? Obviously I do not wish to reinfect myself, or anyone else.

Thank you once again for all your help.
David

broni · 2010/10/20

Your computer had some kind of rootkit activity.
Then, we removed some garbage.

Regarding your USB sticks...
Install this on your computer...

Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.

Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.

Wait until it has finished scanning and then exit the program.

Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Windows Vista and Windows 7 users
Flash Disinfector is not compatible with the above Windows version.
Please, use Panda USB Vaccine

Now, you're safe to connect your USB sticks and scan them with your AV program.

Log in or Sign up

Solved Latest Windows Updates Failing to Install - Malware Suspected

oserdavid Inactive Thread Starter

oserdavid Inactive Thread Starter

broni Moderator Malware Analyst

oserdavid Inactive Thread Starter

oserdavid Inactive Thread Starter

broni Moderator Malware Analyst

oserdavid Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Latest Windows Updates Failing to Install - Malware Suspected

oserdavid Inactive Thread Starter

oserdavid Inactive Thread Starter

broni Moderator Malware Analyst

oserdavid Inactive Thread Starter

oserdavid Inactive Thread Starter

broni Moderator Malware Analyst

oserdavid Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches