Hmmmm... I thought that I copied this thread to the 'Virus and Worms' forum but now I can't find it over there. In any event, I have now worked my way through the first 3 steps of the "logs to assist in cleaning malware" tretise by essexboy (when I try to run aswMBR.exe, it tells me that it can't comply because it is not a windows32 application - I will keep working on that. What follows is the logs form MalwareBytes:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.orgDatabase version: v2012.09.03.07
Windows 2000 Service Pack 4 x86 FAT32
Internet Explorer 6.0.2800.1106
Administrator :: B586863B [administrator]
03/09/2012 12:20:11 PM
mbam-log-2012-09-03 (12-20-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 139303
Time elapsed: 14 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.
Files Detected: 9
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\krnln.fnr (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\sock.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\shell.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\internet.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINNT\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\drmgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNT\KBPC080604.log (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
and then I have attached the two logs from OLT.
Looking forward to receiving some input from the experts here so that I can restore my laptop to its former peak performance and get on with many productive items that have been backing up. Any thoughts on how I can get aswMBR.exe to run would be most appreciated.
Hans