Pages in history N#2

waddler_8

Post the aswMBR log in this thread. then PM me the rest of the DDS log when you can.

DerekRX

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-06 08:24:00

---

08:24:00.109 OS Version: Windows 5.1.2600 Service Pack 3
08:24:00.109 Number of processors: 1 586 0x7F02
08:24:00.109 ComputerName: USER-89C68BBC24 UserName: user
08:24:02.250 Initialize success
08:25:26.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
08:25:26.093 Disk 0 Vendor: WDC_WD1600AAJS-00L7A0 01.03E01 Size: 152627MB BusType: 3
08:25:26.109 Disk 0 MBR read successfully
08:25:26.109 Disk 0 MBR scan
08:25:26.109 Disk 0 Windows XP default MBR code
08:25:26.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
08:25:26.109 Disk 0 scanning sectors +312560640
08:25:26.203 Disk 0 scanning C:\WINDOWS\system32\drivers
08:25:32.156 Service scanning
08:25:41.265 Modules scanning
08:25:47.156 Disk 0 trace - called modules:
08:25:47.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:25:47.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857aeab8]
08:25:47.171 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000062[0x85765a20]
08:25:47.671 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x857656e0]
08:25:47.671 Scan finished successfully
08:26:48.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\My Documents\My Pictures\SAVANNA RX3s\MBR.dat"
08:26:48.359 The log file has been saved successfully to "C:\Documents and Settings\user\My Documents\My Pictures\SAVANNA RX3s\aswMBR.txt"

waddler_8

Go here and read through the instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• Ensure you temporarily turn off AVG before running. Instructions here
• Double click combofix.exe & follow the prompts closely.
• When it's finished, it'll produce a log. Post the contents of that log.
• It'll be found on your C:\ drive named combofix.txt

Above all, BE PATIENT! and let it run it's course.

DerekRX

Hey,

I done the combofix program and pmed you the log.

My computer is working fine now and theres no more "openfastlah" in my history list.

If theres no more to do, thanks so much for your help and if theres any problems in the future I will know where to look.

Cheers.
Derek.

waddler_8

I'll take a look through the combofix log Derek and let you know..

waddler_8

There's signs you've had a worm infection spread from a USB flash drive. Scan all USB drives & .rar archive type files before accessing.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FAutorun.NH


Go to start > run and copy/paste the following command into the run command window:

cmd /c netsh firewall reset

Reboot.

Download Flash_Disinfector and save it to your desktop.

• Double click to run it.
• You'll be prompted to plug in your flash drive. Plug it in.
• Flash Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear.
• When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Alt + del to open Task Manager.
• Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder - it will help protect your drives from future infection.

Then update and run a quick scan with Malwarebytes' Anti-Malware (mbam) and post the log.