Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp Wont Boot After Malware Removal


  • Please log in to reply
14 replies to this topic

#1 kmorris_99

kmorris_99

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 08 April 2008 - 11:38 AM

My HP Pavilion zv5000 laptop will not boot. The OS is Windows XP Home Edition. I was using Avast anti-virus for protection, but it must have failed because it recently became infected with a lot of malware, including trojans, spyware, adware, and other vicious little bugs. At that time I could still log on to the computer, watch movies, play games, and get on the internet, but I could tell something was wrong. I went on the "Am I Infected? What Do I Do?" forum for help. I was told that first I should download a program called Malwarebytes Anti-Malware. I did, then ran it according to the instructions. At the end of the scan, it had found over 250 infected files! I made sure that all were checked then hit "Remove". At the end of removing the files it said that I needed to reboot to complete the removal of the more difficult files. I clicked OK and it shutdown and started rebooting, but would go no further than the HP splash screen. I shut it down and rebooted, pressing the F8 key, I told it to reboot in Safe Mode. It tried but got only as far as a black screen that has the words Safe Mode in all four corners, and across the top of the screen it says Microsoft ® Windows XP ® (Build 2600.xpsp_sp2_rtm.040803-2158: Service Pack 2). It will not go any further than this screen. The moderator that was assisting me suggested that I may need to reformat the hard drive, and suggested that I come to this forum and start a new post asking for help.

Do I need to reformat the hard drive? It was suggested that I do, based on the types of a couple of the infections found on my hard drive (rootkits and backdoor trojans), as you can never be sure that they are totally removed.

I would like to be able to get back onto the computer before doing this, so that i can backup some files prior to reformatting. Is this possible?

This computer is only going to be used for games, movies, and internet surfing. No financial data will be entered into this computer, although in the past I have made a few online purchases with a credit card. I am told that this information (the card number) may be at risk, another good reason to reformat. Knowing this, would you recommend a Repair or a Reformat?

Thank you for any help you can give me!

Kelly

BC AdBot (Login to Remove)

 


#2 Samsbc12

Samsbc12

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 08 April 2008 - 12:11 PM

I suggest a reformat. You will have a clean start and you will remove any virus and malware still on the machine. If you repair you could just run into the same problems again as the malware could still be there.

#3 kmorris_99

kmorris_99
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 08 April 2008 - 12:14 PM

Thanks samsbc12, I am thinking that is the way I need to go. I am very much a non-techie, so my next questions is; How do I do a reformat? Also, is there a way to get the machine to boot up prior to the reformat so that I can backup a few files?

Kelly

Edited by kmorris_99, 08 April 2008 - 12:15 PM.


#4 mz30

mz30

  • Members
  • 828 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:liverpool,england
  • Local time:06:24 AM

Posted 08 April 2008 - 12:26 PM

Hi kmorris_99
i had a similar problem after running malwarebytes as you cannot pull up the log file it created ,i can not be sure, but the problem maybe that one of the files needed to be deleted on reboot and that is why it won't boot ,boot your p.c and leave it (for half an hour or so ).,f it's the same problem you will be able to get onto your desktop eventually.

If you can get on post your malwarebytes log here.
god my head hurts.
if you don't ask ,you don't know



Posted Image

#5 Samsbc12

Samsbc12

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 08 April 2008 - 12:32 PM

Thanks samsbc12, I am thinking that is the way I need to go. I am very much a non-techie, so my next questions is; How do I do a reformat? Also, is there a way to get the machine to boot up prior to the reformat so that I can backup a few files?

Kelly



heres how to reformat

A live cd like Knoppix would let you copy files off your computer, but you would need some external drive or storage to store it too.

I hope this helps

#6 kmorris_99

kmorris_99
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 08 April 2008 - 12:41 PM

MZ30,
Thanks for the reply! Here is my Mbam log. I had posted it on another forum, so I just copy/pasted it here. More of my message at the bottom of this post.



Malwarebytes' Anti-Malware 1.10
Database version: 598

Scan type: Quick Scan
Objects scanned: 34222
Time elapsed: 10 minute(s), 1 second(s)

Memory Processes Infected: 5
Memory Modules Infected: 8
Registry Keys Infected: 65
Registry Values Infected: 17
Registry Data Items Infected: 4
Folders Infected: 34
Files Infected: 165

Memory Processes Infected:
C:\Program Files\MalwareAlarm\pv.exe (Rogue.Malware.Alarm) -> Unloaded process successfully.
C:\Program Files\XP Antivirus\xpa.exe (Rogue.XPAntivirus) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\ctfmona.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\bpemtqkf.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\jkhfe.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\kshxikvg.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\gebxvwt.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wscmp.dll (Adware.BHO) -> Unloaded module successfully.
C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> Unloaded module successfully.
C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> Unloaded module successfully.
C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eefdd7ed-9c4c-4647-9057-32329c6c06b6} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{eefdd7ed-9c4c-4647-9057-32329c6c06b6} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebxvwt (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13} (Adware.AdGoblin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (Adware.AdBreak) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} (Adware.AdBlaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8} (Adware.AdBlaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f} (Adware.AdBlaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44a1-9f4543d34546} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0} (Adware.Aconti) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3} (Adware.7Search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b} (Adware.4Arcade) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089} (Adware.AccessPlugin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f5a62e2-51f2-11d3-a075-cc7364cae42a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y479c6d0-otrw-u5gh-s1ee-e0ac10b4e666} (Trojan.DownLoader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208} (Adware.Accoona) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malwarealarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyshredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{689dff39-4075-41af-b5dc-78d2bed94ad6} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80b1f086-0909-4b1d-86be-0123edebd574} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbfe44a7-c2aa-4f8a-be0b-fdfb6d3c38bf} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ultra soft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Management Service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ntload (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45d7e741-a7b7-45ce-90b7-3c9f15115a7e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c94ab9b7-9c24-436d-94e4-84ca69be000e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d996429a-9262-455c-8681-d97d31452b08} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\XP antivirus (Rogue.XPantivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti Virus Pro spyware remover (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalwareAlarm (Rogue.MalwareAlarm) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3f5a62e2-51f2-11d3-a075-cc7364cae42a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XP Antivirus (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM6aaa53d4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmona (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BluetoothAuthorizationAgent (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkhfe.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger) -> Data: kdvgg.exe -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run (Trojan.Downloader) -> Data: c:\windows\system32\winupdate.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkhfe.dll -> Delete on reboot.

Folders Infected:
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Anti Virus Pro spyware remover (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\Quarantine (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\XP Antivirus (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Start Menu\Programs\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Start Menu\Programs\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro\BrowserObjects (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\StartMenuAllUsers (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\StartMenuCurrentUser (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\RunOnce (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\RunOnceEx (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\RunOnce (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\RunOnceEx (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro\BrowserObjects (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\StartMenuAllUsers (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\StartMenuCurrentUser (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\RunOnce (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKCURun\RunOnceEx (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\RunOnce (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Anti-Virus-Pro.com\AntiVirusPro\Autorun\HKLMRun\RunOnceEx (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\ultra (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Start Menu\XP Antivirus 2008 (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\bpemtqkf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkqtmepb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkhfe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\efhkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efhkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kshxikvg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gvkixhsk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vnvjynwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwnyjvnv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdvgg.exe (Rootkit.DNSChanger) -> Delete on reboot.
C:\Program Files\MalwareAlarm\MalwareAlarm.exe (Rogue.MalwareAlarm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gebxvwt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wscmp.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\system32\adcbet.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atgritgradkret.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bidcf.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bqtojehcn.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfadsnilgf.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crapoj.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dcnql.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dkril.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dofmlcrihsfql.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fihsjadorepgb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfipkrih.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gjatofmtcfih.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gjetcrepgfihkr.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gumwygte.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilgjaloj.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjqhonalgbit.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krorpvhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lgjetcnmpkn.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtkretsnmlob.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nelcbmhor.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsgwjclb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntload.dll (Trojan.Qqpass) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onpdivcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pcfqdgbapgrep.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pcnmlkjeh.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pgrehsnetcr.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pkfidsrqlsn.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psfap.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qdgripsjidknil.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpsifkdx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tgnmhcritgb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tobqpcbalofmd.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsrc.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wjghwlvr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtewocxp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\crc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\awvtt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\YY5CCLMW\stat[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\3Z6DS1CC\CAGXQFWX (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\nsj238.tmp\ns239.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\nsj238.tmp\nsExec.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\nsk22D.tmp\ns22E.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\nsk22D.tmp\nsExec.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\nsk232.tmp\ns233.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\nsk232.tmp\nsExec.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\pv.dat (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\pv.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\up.dat (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.lic (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder0.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder1.dll (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder1.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder2.dll (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder3.dll (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\Uninstall.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Anti Virus Pro spyware remover\Register Anti Virus Pro spyware remover.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Anti Virus Pro spyware remover\Start Anti Virus Pro spyware remover.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Anti Virus Pro spyware remover\Uninstall.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\AntiVirusPro.exe (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\AntiVirusPro.exe.local (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\AntiVirusPro.exe.log (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\Core.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\database.pkg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\Localization.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\msvcp71.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\msvcr71.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\Uninstall.exe (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusPro\WndSystem.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\XP Antivirus\xpa.exe (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Start Menu\Programs\MalwareAlarm\MalwareAlarm.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Start Menu\Programs\MalwareAlarm\Uninstall.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Start Menu\Programs\SpyShredder\SpyShredder.lnk (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Start Menu\Programs\SpyShredder\Uninstall.lnk (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\ultra\uninstall.bat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wscmp.dll.tmp (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjwwqmse.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\grande48.sys (Rootkit.Srizbi) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\xpupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\7search.dll (Adware.7Search) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmona.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ultra.inf (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Anti Virus Pro spyware remover.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\764.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\absolute key logger.lnk (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aconti.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aconti.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aconti.log (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aconti.sdb (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\acontidialer.txt (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\adbar.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cbinst$.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\daxtime.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dp0.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\eventlowg.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\fhfmm-Uninstaller.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\fhfmm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\flt.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\hcwprn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\hotporn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ie_32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorr23.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\jd2002.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\kkcomp$.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\kkcomp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\kvnab$.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\liqad$.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\liqad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\liqui-Uninstaller.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\liqui.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ngd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\pbar.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\settn.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\spredirect.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\wbeInst$.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xadbrk.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xadbrk_.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Desktop\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Anti Virus Pro spyware remover.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Desktop\MalwareAlarm.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelly\Desktop\SpyShredder.lnk (Rogue.SpyShredder) -> Quarantined and deleted successfully.

As you can see, there was a lot of crap on that laptop!! What do you think? I have started another reboot (in safe mode) on the laptop, and will leave it for awhile to see what happens.

Kelly

#7 mz30

mz30

  • Members
  • 828 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:liverpool,england
  • Local time:06:24 AM

Posted 08 April 2008 - 12:51 PM

Hi kmorris_99

I think the problem is that it attempting to delete some file's on re-boot that's why it's not booting ,i will bet it will boot eventually though(just be patient).

Unfortunately i'm unable to help you further with your virus issues as you will need the help of one of the hjt team for that,when your computer boot's follow the instuction's in This link and one of the hjt team will gladly help you out :thumbsup:

P.s also just try and boot in normal mode,not safemode if you have any other questiobn's please don't hesitate to ask :flowers:
god my head hurts.
if you don't ask ,you don't know



Posted Image

#8 kmorris_99

kmorris_99
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 08 April 2008 - 04:08 PM

mz30,

Well, it has been trying to reboot for over two hours now and it is still stuck on the same screen. I just dont think it is going to boot up. Thanks for your help though.

Kelly

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 08 April 2008 - 04:44 PM

You could try running the following commands from the Recovery Console:

bootcfg /rebuild completely re-creates the Boot.ini file. The user must confirm each step.

fixboot writes a new partition boot sector to the system partition.

fixmbr repairs the master boot record of the boot disk
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 kmorris_99

kmorris_99
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 08 April 2008 - 05:00 PM

Budapest, how do you get to the recovery console?

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 08 April 2008 - 05:03 PM

Insert the Windows XP CD into the CD drive, and then restart the computer. Click to select any options that are required to start the computer from the CD drive if you are prompted. When the "Welcome to Setup" screen appears, press R to start the Recovery Console. If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 kmorris_99

kmorris_99
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 08 April 2008 - 05:28 PM

Budapest, I did all 3 commands and rebooted, but I get the same results. It goes just past the Windows XP screen to a blue HP splash screen then just sits there. I tried booting in normal mode, not safe mode.

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 08 April 2008 - 05:32 PM

Try running chkdsk /r in the Recovery Console.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 kmorris_99

kmorris_99
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 08 April 2008 - 08:20 PM

Ok, did that, and got the same results. I'm at a loss. I think it is just time to reformat. What do you think?

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 08 April 2008 - 10:03 PM

One last thing you can try is to do a Repair Install.

How to Perform a Windows XP Repair Install
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users