After running malwarebytes on my computer, network drivers are dead!

[sandela]

Caught some nasty malware recently and removed it with malwarebytes. Every since, my network drivers are dead and I can't figure out how to revive them. Any help would be appreciated! Thanks!

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

10/21/2009 6:07:23 PM

mbam-log-2009-10-21 (18-07-23).txt

Scan type: Full Scan (C:\|)

Objects scanned: 252887

Time elapsed: 1 hour(s), 32 minute(s), 35 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 1

Registry Keys Infected: 13

Registry Values Infected: 17

Registry Data Items Infected: 9

Folders Infected: 4

Files Infected: 26

Memory Processes Infected:

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\servises.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Documents and Settings\Sandy\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\btwsrv (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\btwsrv (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.FakeAlert.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.FakeAlert.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: crnbdht.dll -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\55647128 (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

C:\Documents and Settings\Sandy\Start Menu\Programs\Windows AntiVirus Pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\crnbdht.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\servises.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\Documents and Settings\Sandy\reader_s.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\reader_s.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\470HE9W3\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ITEPYXQD\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S5S5O5QZ\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\55647128\55647128.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\AdvancedVirusRemover\PAVRM.exe (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Sandy\Start Menu\Programs\Windows AntiVirus Pro\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\Sandy\Desktop\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Sandy\Desktop\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\Sandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Sandy\Start Menu\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\net.net (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Sandy\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Sandy\Local Settings\Temp\prun.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Sandy\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Sandy\Local Settings\Temp\b.exe (Trojan.Downloader) -> Delete on reboot.

[GT500]

It looks like your computer is infected with Virut. The way Virut infects other files makes it virtually impossible to remove it. Your best option is to back up your data, reformat the hard drive, and reinstall Windows. Here is a link to an article by one of our researchers explaining why this is the case:

http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html

Virut will infect the following types of files, so DO NOT back them up:

.exe - Executable files (installers, applications, etc)

.scr - Screen savers.

.htm/.html - Saved webpages.

.xml - Structured data files, but also sometimes webpages.

.zip - ZIP archives, typically called "Compressed Folders" on Windows XP.

.rar - RAR archives, typically made by WinRAR.

Most computers from companies like Dell, HP/Compaq, Sony, Gateway, etc. come with a predefined restore procedure. If your computer manufacturer didn't give you disks with your computer, then you may have to check their support website and see what their recovery procedure is for your model of computer. Note that HP and Compaq computers have two recovery modes, and you will need to do the "Destructive Recovery". If you computer manufacturer sent you a Windows XP installation disk, then the link below will take you to instructions from MIT on how to reformat and reinstall Windows from the disk:

http://web.mit.edu/ist/products/winxp/adva...all-format.html

If you cannot accept a reformat and reinstall of Windows, then note that while even a professional would not be able to guarantee that the computer is clean afterwards, there are some instructions at the following link on how to clean it up. Note that these instructions are a bit old, but should still apply, and it requires a lot more time and effort than just reformatting and reinstalling everything.

http://www.malwarebytes.org/forums/index.p...ost&p=58063