Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro 2009 & Trojans


  • This topic is locked This topic is locked
15 replies to this topic

#1 nicoleypoleyoley

nicoleypoleyoley

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 17 February 2009 - 02:02 PM

Hi. I'm new to BleepingComputer, and I really need some help.
This is what happened:
Yesterday, I went to go onto my computer and I had left it open so I just pulled open my laptop and the screen came back to normal. AVG said there were three threats. I tried to click "move to vault" and I was blue screened. Then I tried to restart twice, because neither time would anything load. The third time, everything loaded.

AVG had to update and said I had 23 infections after running a 7 hour scan. It hadn't even told me I had any. For the past two weeks my computer had been opening ads on websites, when I hadn't been clicking them. AVG hadn't told me it needed to update either. It said it cleared all of them, and found 2 when I rescanned. I downloaded STOPzilla and scanned, and it found 241 infected files which was somewhere around 40 actual trojans/viruses/worms/whatever.

I had 7 at the most, the last time anything like this happened, and it was only the antivirus thing.
So, my computer was in worse shape yesterday (to the point where I was crying and just wanting to go die or something, because I do all of my schoolwork on my computer and me, being a stupid, stupid person didn't back anything up, although everything seems to be fine), but it's better now. Firefox doesn't open as many windows, but it won't let me go to sites to help me fix it?! So, I'm on Google Chrome for the time being.

I haven't downloaded anything in the past two weeks, except music from my friend who also has an antivirus. I don't know how this could have happened, and I've tried deleting the registry key things, and there was only a few of them there.

I tried running Malwarebytes and it wouldn't open so I tried sending it to my desktop and it still didn't work. AVG and STOPzilla are the only things that are working at all. My mom recommended avast, because her job suggested it for her computer and it works fine. It's still downloading and then I'm going to try and set that up.

I just don't know what to do. I've tried everything. Why do people even make viruses and trojans and whatever? It's not nice. ):

I'm just so upset because I didn't even download anything, and yet I still get infected. So, could I have some help, please? ):

Also: when AVG scanned it said I had 20 trojan alerts, 1 virus, and I think 1 worm.
Help. D:

My Attach file is included and my DDS file is posted below.


DDS (Ver_09-02-01.01) - NTFSx86
Run by EnNicle at 13:46:58.01 on Tue 02/17/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1014.129 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: AOL Antivirus *On-access scanning enabled* (Outdated)
FW: AOL Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1181802290\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\userinit.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\AOL\1181802290\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Common Files\AOL\1181802290\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1181802290\ee\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Common Files\AOL\1181802290\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\EnNicle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EnNicle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EnNicle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\EnNicle\LOCALS~1\Temp\szd4eo7a3rl.exe
C:\Documents and Settings\EnNicle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EnNicle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EnNicle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EnNicle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EnNicle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\EnNicle\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
BHO: c:\windows\system32\osm3of8s3njd.dll: {c5af42a3-94f3-42bd-f634-3604832c897d} - c:\windows\system32\osm3of8s3njd.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [CTZDetec.exe] c:\program files\creative\creative media lite\CTZDetec.exe
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [EleFunAnimatedWallpaper]
uRun: [mount.exe] c:\program files\gipo@utilities\fileutilities.3\mount.exe /z
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\ennicle\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [jsf8uiw3jnjgffght] c:\docume~1\ennicle\locals~1\temp\winlognn.exe
uRun: [es03zbn2mrzzoz] c:\docume~1\ennicle\locals~1\temp\srvs820xvw3z.exe
uRun: [wr0e0n5xy9ru7doiexurx7hhxfo8aue112f0w65utranvh4] c:\docume~1\ennicle\locals~1\temp\o4j8n3zipb.exe
uRun: [qjdqs26qs2l5n9m6p8ucee8ljx940b] c:\docume~1\ennicle\locals~1\temp\jalt6rhhwhb.exe
uRun: [qnahbh8k9qj6y02p214e5n4n18g2kkq] c:\windows\temp\j74ghu.exe
uRun: [un4rlji4om8yzilcswifv] c:\windows\temp\o9qzw0rm6dhxy.exe
uRun: [kyqjclg26it2p15t4a] c:\windows\temp\ufojklnyq.exe
uRun: [p8r0hfk03hgboy2fb5f2p12q] c:\windows\temp\mbvk0qep9.exe
uRun: [e3guo6u2ke9c1r] c:\docume~1\ennicle\locals~1\temp\ifkl4c7jibm3.exe
uRun: [azcj3gxy4w6y] c:\windows\temp\x6wmnim.exe
uRun: [s5hcs7sr6hi7x9s83ouubw66fxdttroq6v7hf] c:\windows\temp\m4w3h8.exe
uRun: [qbimk06tmli55foiqv8hdf8fkc] c:\docume~1\ennicle\locals~1\temp\d7iswvlx2.exe
uRun: [dcf67kairoi42kjk2d0jkcl2b9nl9a4yeszrwn8n] c:\docume~1\ennicle\locals~1\temp\y9hhsrcj.exe
uRun: [rw186mxmpw8p3bg] c:\docume~1\ennicle\locals~1\temp\jc6588.exe
uRun: [zp46fae2rqnlbgjhiu4l7ep] c:\docume~1\ennicle\locals~1\temp\hskagclndd9.exe
uRun: [rghqxh93vdd995n0xh0gnqb4j] c:\docume~1\ennicle\locals~1\temp\cy4yi1uy.exe
uRun: [o2ptrx6m9ktjr0v74l5xxsoplm09v46l4yvxn635avihspj08y] c:\docume~1\ennicle\locals~1\temp\m7unj0j160wja.exe
uRun: [sosld77m3g935u3ub32kngginwxtkeg025qu06huhq5adt] c:\docume~1\ennicle\locals~1\temp\qrc2xf.exe
uRun: [fm4yiuk7qv33dt7nodjs0n633mf7d19omx51ou] c:\docume~1\ennicle\locals~1\temp\tvwmojlo2.exe
uRun: [e607sblipm5qima5z95v6bd73mx1uwusqj6jgfm1ec8] c:\docume~1\ennicle\locals~1\temp\hz7hjv7.exe
uRun: [wj2ifddma5c9eeh] c:\docume~1\ennicle\locals~1\temp\k0brhmor.exe
uRun: [icoghhw5jj] c:\docume~1\ennicle\locals~1\temp\wltj8uawq5v.exe
uRun: [gge39d8qtbowoo3a] c:\docume~1\ennicle\locals~1\temp\e5rm75f.exe
uRun: [oahk9iobtaiz2p9hjbeerp99hkvzytnk6g7] c:\docume~1\ennicle\locals~1\temp\k7ugi8kj.exe
uRun: [c4ftww14tqlfcl1bslds1e28spd41m3hlg6kujf4kjh] c:\docume~1\ennicle\locals~1\temp\sdgffy.exe
uRun: [vg4cze09xzferkomdwpidai9621snbekxubpivo4ecko2tnmf1] c:\docume~1\ennicle\locals~1\temp\r6ylfcnumji.exe
uRun: [b5ut93z1rq46h] c:\docume~1\ennicle\locals~1\temp\d0o84b1sudijq.exe
uRun: [xvchc91hx6ptn4lk4ynoa4t0c5k1n3onmnwo3xakg29mh7w] c:\docume~1\ennicle\locals~1\temp\ey6m4aqt.exe
uRun: [dd8nnz3eezim1qdrui8] c:\docume~1\ennicle\locals~1\temp\i5cqomox21cl.exe
uRun: [enewlnq4h55] c:\docume~1\ennicle\locals~1\temp\ev6b3il06jfa.exe
uRun: [isy26nbje2d5fft3eb83n] c:\docume~1\ennicle\locals~1\temp\zuj6gpqvlau.exe
uRun: [vu21ccjybttqpkx667h3p5] c:\docume~1\ennicle\locals~1\temp\r73rgtcw6kcs.exe
uRun: [q0fp7san6qjx5s6u8b1isty2bgckjhbs9w3td3w9im66] c:\docume~1\ennicle\locals~1\temp\x79pbjar.exe
uRun: [soxlghy4f3hfrw6tof8ko4op0w5z8zx4zfongg1t8] c:\docume~1\ennicle\locals~1\temp\nu18gi.exe
uRun: [hiwpe6i2lneliwe6pzva0vgser5lilgzt2s] c:\docume~1\ennicle\locals~1\temp\iyap7wk1ib.exe
uRun: [rebaxz4y669x7bf0cdiewlcx] c:\docume~1\ennicle\locals~1\temp\qsevl6lvos8q.exe
uRun: [x8fndugraz3g39r0t45hc] c:\docume~1\ennicle\locals~1\temp\ahjb12.exe
uRun: [l0x7utx6q3qpp] c:\docume~1\ennicle\locals~1\temp\d5c9v4vrd.exe
uRun: [zixoici8m7nuvk3kptdu9kojla53vnpzx09iqcpwgi] c:\docume~1\ennicle\locals~1\temp\r2y852fzjob9.exe
uRun: [iqc7oyvhc5apfey7xw8xxg] c:\docume~1\ennicle\locals~1\temp\aiwhid3u9ea.exe
uRun: [bcpt91josijd36kxwqe] c:\docume~1\ennicle\locals~1\temp\ooxtcuda.exe
uRun: [dlpihj9eo4cg2dng3pzpzhhjrv39vhwvzuzre7tfz] c:\docume~1\ennicle\locals~1\temp\bwo9mvo52d7.exe
uRun: [t35kdrcq6z7yggeez9bq09ah3r34ly1ku11xb3oyi7o8s] c:\docume~1\ennicle\locals~1\temp\bo0vu8x4fjnkz.exe
uRun: [b5muu8a3dhhjx5mzksgmzyx5nlb0v3m6v1wvpc5] c:\docume~1\ennicle\locals~1\temp\m6hohb7q.exe
uRun: [v6x6d7pkas3qjnvaob60] c:\docume~1\ennicle\locals~1\temp\lc6i1a2ux0c4.exe
uRun: [ln78qn53cgb32wry4xrr1] c:\docume~1\ennicle\locals~1\temp\mr3h6k8.exe
uRun: [f4wndvvfpn3xa1k] c:\docume~1\ennicle\locals~1\temp\jsx9bndlie33.exe
uRun: [q1thtll2m1d] c:\docume~1\ennicle\locals~1\temp\v7i5kjxd5.exe
uRun: [rdzs9lzbnbkyzi9] c:\docume~1\ennicle\locals~1\temp\xtyn6bo.exe
uRun: [p0y8r9uv51uai15af] c:\docume~1\ennicle\locals~1\temp\c9vnp1v.exe
uRun: [yg54uf5ixtktm0ho61qxvrf9wmll2prvl3v6qqpxdijzhqh] c:\docume~1\ennicle\locals~1\temp\d6rdfa.exe
uRun: [zruhoycj0gz83jg6n6h] c:\docume~1\ennicle\locals~1\temp\ya730d0y.exe
uRun: [udyt6oooy7n8ppr4ann56gb] c:\docume~1\ennicle\locals~1\temp\lev0o57kszngm.exe
uRun: [gufn1aoxszf0801v9mip0pkn86xg45ud4izzf] c:\docume~1\ennicle\locals~1\temp\if8ch8ifwm4f.exe
uRun: [jvzbrc8ynzhoxj44j7f6eli25ptkmhku2vmawg2d] c:\docume~1\ennicle\locals~1\temp\q5a107.exe
uRun: [xpsuuwkivglspy1kkgz3h69migbxtqretax5sq] c:\docume~1\ennicle\locals~1\temp\mcp7moy.exe
uRun: [y2vqycgp079q0fidmds4zrsmp] c:\docume~1\ennicle\locals~1\temp\sz801p47lrg0.exe
uRun: [umtxt570ndr6c89wus5c71gmc5avxfk2y4] c:\docume~1\ennicle\locals~1\temp\smts4vvq.exe
uRun: [nw3w5nz3x6nixfaicnv15cnxwcw] c:\docume~1\ennicle\locals~1\temp\xstlvl64.exe
uRun: [kx4t4515v8iym831vkzxy0da9h95215gm8s] c:\docume~1\ennicle\locals~1\temp\s3tptrw8dt.exe
uRun: [jo56fwtkgfno8r7vj1mb1z56h98uhbgrg0dfl6f7wl9bj] c:\docume~1\ennicle\locals~1\temp\uinigmr3o5.exe
uRun: [kcy0r0tv096cdsaypn8vbtevx9r4gzgj] c:\docume~1\ennicle\locals~1\temp\ab9n8dqe4br2.exe
uRun: [auym3b3mhx87xi1r14ih2i7k5umodva] c:\docume~1\ennicle\locals~1\temp\g233hn4lyato3.exe
uRun: [wac2o7va0hpz3aohbe52jowxlpoe9jlqedks3xp2nm] c:\docume~1\ennicle\locals~1\temp\cnm5a78.exe
uRun: [m3z460m8g43ro72y] c:\docume~1\ennicle\locals~1\temp\rqb64vdrfel.exe
uRun: [ompocms5uybfsw8wlv9yvh75s0e] c:\docume~1\ennicle\locals~1\temp\hkyyj1t3je5.exe
uRun: [rhmxgyz4loiyqv2qnqb87zati7tcrr] c:\docume~1\ennicle\locals~1\temp\vttlianox6th.exe
uRun: [v3hzwvvu72zsj5uuw32sjylm6j1wu4w] c:\docume~1\ennicle\locals~1\temp\e5nkt0o9st.exe
uRun: [po0pk4iumq7lzj2ih7sbzg] c:\docume~1\ennicle\locals~1\temp\l1y03h56viov.exe
uRun: [ojtgqnkw3dneqhjhko1703ayc44] c:\docume~1\ennicle\locals~1\temp\y3a5kcahc.exe
uRun: [erpr43zqodxq] c:\docume~1\ennicle\locals~1\temp\o8kfa2s766.exe
uRun: [xx750h8w5ebuau7oejzt] c:\docume~1\ennicle\locals~1\temp\kzm8vtqmg0.exe
uRun: [jxinwq18j] c:\docume~1\ennicle\locals~1\temp\l9r6maaehdg.exe
uRun: [qwqh6daz6rlvdelhjrs9wew3y53jojbefo6m8e] c:\docume~1\ennicle\locals~1\temp\s3f7w5zcxp.exe
uRun: [hkyy951omv0jhvwe6xfycojjmrm9pshx3oeyvc21nd9m] c:\docume~1\ennicle\locals~1\temp\hh0jlqfv29bt4.exe
uRun: [kergr8ohy4zcskav9] c:\docume~1\ennicle\locals~1\temp\gdbcnvwzsf6kh.exe
uRun: [vki5ogrusnyh6en5] c:\docume~1\ennicle\locals~1\temp\blhe92w6asjg.exe
uRun: [h1cc65m9u6vxntozmca35qzbbdngt42j3i7cgp] c:\docume~1\ennicle\locals~1\temp\tk9182.exe
uRun: [w8ei9zq0qczj] c:\docume~1\ennicle\locals~1\temp\vrgom4de4y0z4.exe
uRun: [a21zier263eft78ng4vj48vys8nm92cnwijw] c:\docume~1\ennicle\locals~1\temp\flv745881b8.exe
uRun: [do962jtdq6a3d3b2wte] c:\docume~1\ennicle\locals~1\temp\sgax5f9h.exe
uRun: [uh7vq6bo8sy5yg6h11mma1g0fwyenq3rkn3wbrcl4ydxyf] c:\docume~1\ennicle\locals~1\temp\abcgilce9y5.exe
uRun: [ie7jzbdviijss8e7qjexik6cwrkb46] c:\docume~1\ennicle\locals~1\temp\vhxjcpr3d6a.exe
uRun: [sqvclkazhdwo0ar5v6ehkc9atb] c:\docume~1\ennicle\locals~1\temp\zhxut6p97l.exe
uRun: [uro7esvhgvioh8a8d8bljd8qvehlb40xh41rmq5e1vvk] c:\docume~1\ennicle\locals~1\temp\yiaqpipi1.exe
uRun: [vhidbbpdr6rutrbxw7mmovtv5vbkvy95] c:\docume~1\ennicle\locals~1\temp\ziji81ihed.exe
uRun: [r9oqm2vvgyiczmj7ujr17sz0k4lh2tyly8u58oa4p] c:\docume~1\ennicle\locals~1\temp\cawucq27ay1.exe
uRun: [gpo5ixxp762fy] c:\docume~1\ennicle\locals~1\temp\vx8tjcd9um8t.exe
uRun: [p2dm6xbnf4l547] c:\docume~1\ennicle\locals~1\temp\potzhhttqu.exe
uRun: [qbh8w4if9x4q3hho2amfavw5y] c:\docume~1\ennicle\locals~1\temp\qgmnx7.exe
uRun: [cd6f5nbbznf0vd] c:\docume~1\ennicle\locals~1\temp\kzp4zma0o6mg.exe
uRun: [mn7e6ov3r3ygy5j6agr8gn] c:\docume~1\ennicle\locals~1\temp\mmr2buddosvu6.exe
uRun: [rq318jow5pk1lnvbripdm10s] c:\docume~1\ennicle\locals~1\temp\hp01k6.exe
uRun: [lq2wl3veing9wfwtu4u9c49wek9rk4auive] c:\docume~1\ennicle\locals~1\temp\iwaugnyi.exe
uRun: [q3necc3j0cvvkofn75po4db3aoxt85g27] c:\docume~1\ennicle\locals~1\temp\zj5odoa02.exe
uRun: [tf5zxruwz6sc] c:\docume~1\ennicle\locals~1\temp\qxd5z4db55.exe
uRun: [mvnmpyyiptpgpazl0edhldhqb2krwehmol2l6] c:\docume~1\ennicle\locals~1\temp\xfd68h.exe
uRun: [hbzq3dpohpp2m6fubnbwoub] c:\docume~1\ennicle\locals~1\temp\jb7azjvk.exe
uRun: [jjl4azppzin7mvevlzikvrz6j4rncnq6m3a] c:\docume~1\ennicle\locals~1\temp\fmvsm4.exe
uRun: [xt1sfhscn8jkscowk] c:\docume~1\ennicle\locals~1\temp\ri4vjq2oe6.exe
uRun: [uhc9rydmq3j5rfxnhij362oa] c:\docume~1\ennicle\locals~1\temp\ycsdxb5df.exe
uRun: [mc2rv7brx00obyh] c:\docume~1\ennicle\locals~1\temp\ou1c83778.exe
uRun: [jkwp4fsap2ub] c:\docume~1\ennicle\locals~1\temp\w3dciflu.exe
uRun: [a06545073cvqbnkbeeql2iln4u1] c:\docume~1\ennicle\locals~1\temp\z4a10szlozcp.exe
uRun: [wbob2ujghdqq1urpwttq] c:\docume~1\ennicle\locals~1\temp\p7gd9w8cvz.exe
uRun: [rj1rsvudc776lgnl] c:\docume~1\ennicle\locals~1\temp\wxe21nxf8x4y.exe
uRun: [vao5gaznggvqw4xiq8i9on3zgutgam69b4dqt2dyt6bk9] c:\docume~1\ennicle\locals~1\temp\d5j0lkhz59an.exe
uRun: [u98tjf3y3rwy0lgpwwovo2ksnzi6fc2kplp0ak8t4nco3] c:\docume~1\ennicle\locals~1\temp\gbz9cej.exe
uRun: [tb1o594kbj7q9pkqc0l0u27wbdstzhkq0sp4] c:\docume~1\ennicle\locals~1\temp\be1hcve65.exe
uRun: [vvw7e5hgajnrh5ks270embjfvv] c:\docume~1\ennicle\locals~1\temp\wb1ggql8.exe
uRun: [bpwu5m4w32848d8l] c:\docume~1\ennicle\locals~1\temp\u51kefbv6a.exe
uRun: [sfxwnvqigf78dtuwiryb3wlkdbcqfkm1lppmky47vwblr] c:\docume~1\ennicle\locals~1\temp\u7pz9wzh2u.exe
uRun: [gu054cyynml4rlelqkntjl075n27xl9gh2pt2hau8v9nl] c:\docume~1\ennicle\locals~1\temp\hfev8yw.exe
uRun: [mwfljcqvtauyx50gjdig63eho653] c:\docume~1\ennicle\locals~1\temp\ts8zz0du3.exe
uRun: [cqs5c1emwbxunrukgoikd] c:\docume~1\ennicle\locals~1\temp\bade5rf8msc.exe
uRun: [lfr6lsxtatci2sj8irxluwmwoi79r2] c:\docume~1\ennicle\locals~1\temp\fq005x.exe
uRun: [duyh8d4j60tgeqiw5hbmtcqau86otmrl9j6sm9dab4x] c:\docume~1\ennicle\locals~1\temp\hd3kqj7o.exe
uRun: [xxxkyiyuc71226pv4fmaa4id31j4rd05nb88ncabeakbi9wmu] c:\docume~1\ennicle\locals~1\temp\t2lphi4u5g.exe
uRun: [aqg0s5e54i6au5dahpp1483hq] c:\docume~1\ennicle\locals~1\temp\b1rlr6uqjwx.exe
uRun: [u6tvn42gre4ywgobrwa1s7k1bwhks41] c:\docume~1\ennicle\locals~1\temp\kfyg7ul.exe
uRun: [ju2ftdjqyhfzw] c:\docume~1\ennicle\locals~1\temp\alyn1xwn22.exe
uRun: [etccmyey415zsvc0zye1oddt1xd422ii4efyq3u5m] c:\docume~1\ennicle\locals~1\temp\osznen.exe
uRun: [md60of04d4wnk9x5w8ngxy2j] c:\docume~1\ennicle\locals~1\temp\n6227hv.exe
uRun: [gh3yfmyuvcn22hv8v7vsfpd8on088swdgj] c:\docume~1\ennicle\locals~1\temp\gryokhd3f.exe
uRun: [n552ei8kcg3n] c:\docume~1\ennicle\locals~1\temp\xvkhjydzp.exe
uRun: [pr4zbgpfl6x12o] c:\docume~1\ennicle\locals~1\temp\xvqhayfy.exe
uRun: [yjajnngjelx2e0pilem4ks55u43u] c:\docume~1\ennicle\locals~1\temp\b3s5luf57.exe
uRun: [nmu3ysa088g0c9] c:\docume~1\ennicle\locals~1\temp\atjrec94.exe
uRun: [tc0wux1f1m4q25elwbfv2jr4gbi] c:\docume~1\ennicle\locals~1\temp\tgmw7b.exe
uRun: [u0dai6b2xw24lc8w1z4b7v8g01lhvw1c97] c:\docume~1\ennicle\locals~1\temp\mrzvlwzlkg.exe
uRun: [cy45qm28wkrts] c:\docume~1\ennicle\locals~1\temp\j7iy44webah1.exe
uRun: [wpdjkpn1s0sahhc7otnd] c:\docume~1\ennicle\locals~1\temp\p15pzw.exe
uRun: [se23jclrliq0fgovn7hv6cdbwz27t] c:\docume~1\ennicle\locals~1\temp\szd4eo7a3rl.exe
uRun: [wjpo3yho1rn3j6xbrgx2fyj071yb70depe6ofv] c:\docume~1\ennicle\locals~1\temp\kcxpestbok3.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [HostManager] c:\program files\common files\aol\1181802290\ee\AOLSoftware.exe
mRun: [AOLSPScheduler] c:\program files\common files\aol\1181802290\ee\services\safetycore\ver210_5_4_1\AOLSP Scheduler.exe
mRun: [sscRun] c:\program files\common files\aol\1181802290\ee\SSCRun.exe
mRun: [OASClnt] c:\program files\mcafee.com\antivirus\oasclnt.exe
mRun: [EmailScan] c:\program files\mcafee.com\antivirus\mcvsescn.exe
mRun: [MPFExe] c:\program files\mcafee.com\personal firewall\MPfTray.exe
mRun: [SNPSTD2] c:\windows\vsnpstd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Amazing3DAquariumWallpaper]
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Ixeyofezi] rundll32.exe "c:\windows\Agubunaz.dll",e
mRun: [jsf8uiw3jnjgffght] c:\docume~1\ennicle\locals~1\temp\winlognn.exe
mRun: [Eganijamehigata] rundll32.exe "c:\windows\ixalozik.dll",e
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\ennicle\startm~1\programs\startup\e-spea~1.lnk - c:\program files\e-speaking\e-Speaking.exe
StartupFolder: c:\docume~1\ennicle\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
STS: c:\windows\system32\osm3of8s3njd.dll: {c5af42a3-94f3-42bd-f634-3604832c897d} - c:\windows\system32\osm3of8s3njd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\khfCUNGv

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ennicle\applic~1\mozilla\firefox\profiles\b0nj97eu.nicole\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ennicle\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {42C162D7-644C-4320-A0AE-987714A46CAB} - c:\documents and settings\ennicle\local settings\application data\{42C162D7-644C-4320-A0AE-987714A46CAB}

============= SERVICES / DRIVERS ===============

R0 ati5bjxx;ati5bjxx;c:\windows\system32\drivers\ati5bjxx.sys [2009-2-16 32768]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2008-12-2 54656]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-29 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-29 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-29 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-4 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;c:\progra~1\mcafee.com\antivi~1\mcshield.exe [2007-6-17 221184]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-6-17 114464]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-17 24652]

=============== Created Last 30 ================

2009-02-17 13:14 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-02-16 23:40 1,664 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-02-16 23:39 120,448 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-02-16 18:24 244 a---h--- C:\sqmnoopt13.sqm
2009-02-16 18:24 232 a---h--- C:\sqmdata14.sqm
2009-02-16 18:21 244 a---h--- C:\sqmnoopt12.sqm
2009-02-16 18:21 232 a---h--- C:\sqmdata13.sqm
2009-02-16 18:12 232 a---h--- C:\sqmdata12.sqm
2009-02-16 18:12 244 a---h--- C:\sqmnoopt11.sqm
2009-02-16 16:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-02-16 16:22 <DIR> --d----- c:\program files\STOPzilla!
2009-02-16 16:22 <DIR> --d----- c:\program files\common files\iS3
2009-02-16 16:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-02-16 16:14 232 a---h--- C:\sqmdata11.sqm
2009-02-16 16:14 244 a---h--- C:\sqmnoopt10.sqm
2009-02-16 15:59 479 a------- c:\windows\system32\win32hlp.cnf
2009-02-16 15:59 104,960 a------- c:\windows\system32\dllcache\userinit.exe
2009-02-16 15:59 133,632 a------- c:\windows\ixalozik.dll
2009-02-16 15:58 89,388 a------- c:\windows\system32\drivers\67e822fb.sys
2009-02-16 15:57 1 a------- c:\windows\system32\uniq.tll
2009-02-16 15:53 368 a--sh--- c:\windows\system32\vGNUCfhk.ini2
2009-02-16 15:52 30,328 a--sh--- c:\windows\system32\vGNUCfhk.ini
2009-02-16 15:52 302,592 a------- c:\windows\system32\khfCUNGv.dll.vir
2009-02-16 15:51 <DIR> --dsh--- c:\windows\system32\twain32
2009-02-16 15:51 15,000 a------- c:\windows\system32\osm3of8s3njd.dll
2009-02-16 15:50 <DIR> --d----- c:\program files\Microsoft Common
2009-02-16 15:49 32,768 a------- c:\windows\system32\drivers\ati5bjxx.sys
2009-02-16 15:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2009-02-16 15:07 89,388 a------- c:\windows\system32\drivers\93564668.sys
2009-02-16 15:05 10 a------- c:\windows\system32\kr_done1
2009-02-16 15:05 2 a------- C:\-1933023975
2009-02-16 15:04 15,000 a------- c:\windows\system32\hs78344kjkfd.dll
2009-02-16 15:00 129,024 a------- c:\windows\system32\ngdgvl.dll
2009-02-16 14:59 129,024 a------- c:\windows\system32\exgirkqi.dll
2009-02-15 11:55 1,589,985 ---sh--- c:\windows\system32\oantxfbk.ini
2009-02-15 03:00 552 a------- c:\windows\system32\d3d8caps.dat
2009-02-15 01:19 30,454 a--sh--- c:\windows\system32\pAGNqXyb.ini2
2009-02-15 01:19 30,470 a--sh--- c:\windows\system32\pAGNqXyb.ini
2009-02-15 01:19 302,592 a------- c:\windows\system32\byXqNGAp.dll.vir
2009-02-10 23:46 <DIR> --d----- C:\DOCUME?
2009-02-02 10:55 <DIR> --d----- c:\windows\pss
2009-02-02 09:54 <DIR> --d----- c:\program files\common files\Kodak
2009-02-02 09:50 62,592 -------- c:\windows\system32\dllcache\cdrom.sys
2009-02-02 09:50 464,384 -------- c:\windows\system32\imapi2fs.dll
2009-02-02 09:50 464,384 -------- c:\windows\system32\dllcache\imapi2fs.dll
2009-02-02 09:50 317,952 -------- c:\windows\system32\imapi2.dll
2009-02-02 09:50 317,952 -------- c:\windows\system32\dllcache\imapi2.dll
2009-01-29 00:25 <DIR> --d----- c:\program files\GIMPy2.0
2009-01-27 05:39 <DIR> --d----- c:\program files\AIM6

==================== Find3M ====================

2009-02-16 18:28 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-16 18:26 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-16 17:46 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-16 15:59 104,960 a------- c:\windows\system32\userinit.exe
2009-02-16 15:51 14,336 a------- c:\windows\system32\svchost.exe
2009-02-16 15:51 14,336 a------- c:\windows\system32\dllcache\svchost.exe
2009-02-11 16:56 18,368 a------- c:\docume~1\ennicle\applic~1\wklnhst.dat
2009-01-16 20:32 164,280 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-12-17 17:26 17,408 a----r-- c:\windows\system32\SZIO5.dll
2008-12-17 17:25 282,624 a----r-- c:\windows\system32\SZBase5.dll
2008-12-17 17:24 540,672 a----r-- c:\windows\system32\SZComp5.dll
2008-11-24 16:19 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2008-11-24 16:19 364,544 a----r-- c:\windows\system32\IS3DBA5.dll
2008-11-24 16:18 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2008-11-24 16:18 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2008-11-24 16:18 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2008-11-24 16:17 212,992 a----r-- c:\windows\system32\IS3Win325.dll
2008-11-24 16:17 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2008-11-24 16:17 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2008-11-24 16:14 708,608 a----r-- c:\windows\system32\IS3Base5.dll
2008-10-15 02:41 24 a------- c:\documents and settings\ennicle\jagex_runescape_preferences.dat
2008-05-31 17:52 116,024 a------- c:\docume~1\ennicle\applic~1\GDIPFONTCACHEV1.DAT
2008-07-21 08:20 88 a--shr-- c:\windows\system32\DD65FBD7FF.sys
2008-07-21 08:20 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:49:25.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 18 February 2009 - 06:52 AM

Please download Dr.Web CureIt to the Desktop:
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)




NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Please post these logs in your next reply... Post each log in separate post

1. Dr. Web CureIt
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 nicoleypoleyoley

nicoleypoleyoley
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 19 February 2009 - 02:27 AM

Please download Dr.Web CureIt to the Desktop:

  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)
NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Please post these logs in your next reply... Post each log in separate post

1. Dr. Web CureIt
2. ComboFix
3. A fresh HijackThis log



Well, thanks for your help, but my computer is fried now.
I'm getting a new one in April, hopefully.

Whenever I log on, it just logs me off, so I can't even do anything.
But thank you. :thumbup2:

I think it was time for a new one, anyway.
My old one was so trashed.
It was my "I'm a rebel and will not use anti-virus software because I'm too lazy!" computer.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 19 February 2009 - 03:12 AM

If you want to have a try to revive the computer, you can do below.. If you want me to close this topic, I can do that too.. :thumbup2:

You will need Windows CD to boot into Recovery Console.. Please refer below website to understand on how to boot into Recovery Console..

http://pcsupport.about.com/od/fixtheproblem/ss/rconsole.htm << This one has 6 slides, navigate them all..

http://www.windowsnetworking.com/articles_...s/wxprcons.html


Upon C:\WINDOWS> directory, type below and press Enter (make sure you type it right..)

copy e:\i386\userinit.ex_ C:\Windows\System32\userinit.exe


The red e is your cd/dvd-rom drive.. Change it to the letter of your own cd\dvd rom drive..


You should see 1 file(s) copied. after you press Enter.. Then type Exit and press Enter..

Reboot your computer and tell me, can you enter Windows now? :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 nicoleypoleyoley

nicoleypoleyoley
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 22 February 2009 - 08:25 PM

So, to do that I'd need a boot CD...
Would that have come with my computer, originally?
Because I have no idea if I even still have the original CDs that came with it, except for maybe the Microsoft Enterprise type CD for Microsoft pictures and word and whatnot.

If I did try to attempt this, I'd probably mess it up. D;

Also: thank you so much for helping.

So, let me ask you, personally:
do you think I should try to fix my old computer, or just get the new one?

My old laptop has at least half or more of the keys missing, so I have to use a keyboard that I plug into it.
(I had spilled liquid on the previous keyboard, then was sent a new one, but that got messed up as well since I wasn't careful.)
My old laptop has numerous things that I don't use installed on it.
It's really dirty and scratched up.


Like, I'm trying to think about the pros and cons of a new laptop vs. my old laptop, and I'm just thinking the new one would be a chance to start over.

One last question: if I leave the laptop in the state it is now, and go to a um. A computer tech person who knows how to get my files off of it, could they do that if I paid them enough money, do you think?

Thank you so much. :D

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 23 February 2009 - 10:01 AM

Would that have come with my computer, originally?


I was looking for a possible Virut and/or Sality infection on the computer.. If indeed either Virut or Sality, it is extremely bad that you might have to wipe your hard disk clean on all partitions..


do you think I should try to fix my old computer, or just get the new one?


Err... Its your choice :) How old is the computer?.. My laptop is nearly five years old and still great.. :step4:


My old laptop has at least half or more of the keys missing, so I have to use a keyboard that I plug into it.


Yeah.. my laptop too.. Currently typing with external small-sized keyboard :thumbup2:


One last question: if I leave the laptop in the state it is now, and go to a um. A computer tech person who knows how to get my files off of it, could they do that if I paid them enough money, do you think?


If I am just beside you, I can do that.. So, yes.. If the technician is skilled enough, he should be able to do it in just several hours (if he's not busy..)

Just tell the computer guy, about the laptop problem and mentioned that your computer has possible Virut or Sality infection, and if he doesn't understand you, just point him to this topic :step1:

Edited by fenzodahl512, 23 February 2009 - 10:02 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 nicoleypoleyoley

nicoleypoleyoley
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 25 February 2009 - 05:06 PM

Okay, thank you very much. :D

I think I'll save up some money and go to one soon. Maybe with my birthday money (in November), I'll go to one and get my pictures and music off of it. (:

You've been very helpful, and if there was an option to pay you and I had money to pay you with, I would have, believe me.

Good day. :D

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 25 February 2009 - 05:39 PM

Ok.. but just want your confirmation, can I close this topic or do you want to attempt on reviving your hard disk? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 04 March 2009 - 04:57 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 05 March 2009 - 03:43 PM

Hello..you mentioned in pm you already have a "boot disk"

Tell me, what kind of boot disk that you have?.. Or is it a Windows CD? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 nicoleypoleyoley

nicoleypoleyoley
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 06 March 2009 - 01:37 AM

Hello..you mentioned in pm you already have a "boot disk"

Tell me, what kind of boot disk that you have?.. Or is it a Windows CD? :)


Well, it's a red CD and it says: "Operating System ALREADY INSTALLED ON YOUR COMPUTER Reinstallation DVD Microsoft Windows XP Media Center Version 2005 with Update Rollup 2"

And then I found a drivers and plug ins one.

Also: Good news! My dad has decided to not be a schweinehund, and buy me the new computer I wanted. :D My other one lasted three years, so I guess that wasn't that good. I'm not completely great with computers.

Anyway! I mainly want to fix my old one, so I can get the pictures and everything off of it.
As well as any files.
If I can.



If I insert the boot disk, will that wipe out all of my files?
Or will it just repair the files?

Because if it wipes them out, I'll just leave it alone and get the files taken off by some guy who knows what he's doing.

:thumbup2:

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 06 March 2009 - 02:04 AM

Or will it just repair the files?


No, it won't do anything.. It just trying to boot into Windows via special mode.. When you succeed to boot into Windows via bootable CD, then you can transfer your backup files into another media such as external drives..


After that, just reformat the computer..


If you want to attempt Repair Install, please navigate below link..

http://www.geekstogo.com/forum/How-to-repa...ws-XP-t138.html


However, please take note that if the computer has nasty polymorphic infection, the Repair Install won't do any good.. Just to attempt reviving the computer temporarily so that you can do all the backup things...


Please put the Boot CD into the computer and reboot into Windows.. Tell me more about it :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 nicoleypoleyoley

nicoleypoleyoley
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 09 March 2009 - 11:42 AM

Okay, I did that.
I pressed F8 and selected the one it had listed.
Then it did the same thing it previously did, so the disk didn't work. ):

It logs me on, says "ViewMgr has encountered a problem and needs to close." then logs me off. I tried four times to get it to work, with no luck any of the times.

):

What do I do, now?

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 09 March 2009 - 07:16 PM

Ok.. via a CLEAN computer, I'll need you to create a BartPE bootable disk so that you can reboot the infected computer via BartPE mode, and perform the backup of all your files..

Please navigate below link to understand how to create a BartPE bootable CD, and then boot your computer via BartPE CD.. Once you boot your computer, DO NOT switch it off..

http://www.winhelponline.com/blog/create-b...ing-pe-builder/


Tell me about it when you've successully built and boot via BartPE cd..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 nicoleypoleyoley

nicoleypoleyoley
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 11 March 2009 - 05:37 PM

Unfortunately, I'm not allowed to download anything to this computer (since it's not mine), so I'll probably end up doing that when/if I get my new one.

Thanks for the help, though.
If it still doesn't work, I'll contact you again or ask someone else for help.

Thank you for all your help.

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users