Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.bot, Trojan.agent, Rootkit.agent, and others on my Comp


  • Please log in to reply
7 replies to this topic

#1 aNimosity1

aNimosity1

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 28 February 2009 - 01:34 AM

Hello. I have been directed to post an SSD log on this forum board for diagnosis. From this topic: http://www.bleepingcomputer.com/forums/t/203036/systemexe-problems/ ~ OB About midway through January, my computer caught a very strange virus, causing my desktop background to be changed to some "Warning: Your computer is infected with PassCaptures, many viruses blah blah..." I remember seeing the exact same background that I had on my desktop on the Home section. But after running MBAM, my computer seemed to work normally. Now everytime I scan my computer with MBAM, the same Malwares show up. I am stuck on what to do next. At the moment, my computer is only exhibiting minor symptoms, such as when I open my Firefox Browser Shortcut on my Desktop, a box titled "Malformed File" pops up and reads "Firefox could not install this item because "install.rdf" (provided by the item) is not well-formed or does not exist. Please contact the author about this problem." But as soon as I press "OK". Firefox opens up. Some sites appear different though. I also have several "iexplore.exe" that are in the "Processes" tab of the Task Manager. Finally, my computer will beat periodically and randomly every 2-3 minutes.
All right here is the SDD scan, and its attachment:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Akaash Prasad at 21:59:42.85 on 2009-02-27
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.664 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN1.tmp
C:\WINDOWS\System32\svchost.exe
svchost.exe C:\WINDOWS\TEMP\VRT2.tmp
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Akaash Prasad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.help2go.com/forum/spyware-help/101315-cant-open-cmd-exe.html
uInternet Settings,ProxyOverride = *.local
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [reader_s] c:\documents and settings\akaash prasad\reader_s.exe
dRun: [services] c:\windows\services.exe
dExplorerRun: [services] c:\windows\services.exe
StartupFolder: c:\docume~1\akaash~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\akaash~1\applic~1\mozilla\firefox\profiles\ncxcvpfg.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - component: c:\program files\mozilla firefox\components\perfs21.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {6F982F74-416C-4F5C-B399-833A72BD137F} - c:\documents and settings\akaash prasad\local settings\application data\{6F982F74-416C-4F5C-B399-833A72BD137F}

============= SERVICES / DRIVERS ===============

R0 ctjlsenh;ctjlsenh;c:\windows\system32\drivers\ctjlsenh.sys [2004-8-4 23424]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-11 64160]
R1 NtLclIpc;Remote Procedure Call RT4s;c:\windows\system32\ntdosb411.sys [2008-7-23 122112]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 31744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-3 45132]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2008-10-25 264576]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2002-10-2 13532]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2006-5-10 22842]

=============== Created Last 30 ================

2009-02-27 21:59 578,560 a------- c:\windows\system32\etyenk
2009-02-27 21:59 105,984 a------- c:\windows\system32\azton.mt
2009-02-27 21:59 105,984 a------- c:\windows\system32\4.tmp
2009-02-27 16:38 578,560 a------- c:\windows\system32\wypyqa
2009-02-27 15:47 578,560 a------- c:\windows\system32\rvznldilui
2009-02-26 18:03 406,016 a------- c:\windows\system32\CF13191.exe
2009-02-26 18:03 --d----- C:\ComboFix
2009-02-26 16:42 406,016 a------- c:\windows\system32\CF13024.exe
2009-02-26 16:29 578,560 a------- c:\windows\system32\gmzwsdq
2009-02-25 20:15 578,560 a------- c:\windows\system32\xtakuhu
2009-02-25 20:15 60 a------- c:\windows\system32\rs
2009-02-25 19:57 179,712 a------- c:\windows\SWREG.exe
2009-02-25 19:57 406,016 a------- c:\windows\system32\CF31125.exe
2009-02-25 19:56 406,016 a------- c:\windows\system32\CF30932.exe
2009-02-25 19:56 578,560 a------- c:\windows\system32\locoh
2009-02-25 19:56 262,144 a------- c:\windows\system32\nvtpm32.dll
2009-02-25 17:53 45,568 a------- c:\windows\system32\xlk.dl_
2009-02-25 17:53 105,984 a------- c:\windows\system32\7.tm_
2009-02-23 20:36 578,560 a------- c:\windows\system32\ygqdfbv
2009-02-23 20:36 105,984 a------- c:\windows\system32\71.tmp
2009-02-23 20:36 1 a------- c:\windows\system32\6E.tmp
2009-02-23 19:39 0 a------- c:\windows\mqcd.dbt
2009-02-23 19:38 28,672 a------- c:\windows\system32\kdoqmn.sr
2009-02-23 19:38 32,768 a------- c:\windows\system32\odjan.wa
2009-02-23 19:38 32,768 a------- c:\windows\system32\kei1w.an
2009-02-23 19:38 28,672 a------- c:\windows\system32\doqkm.zt
2009-02-23 19:38 77,312 a------- c:\windows\system32\rkoq.pxf
2009-02-19 21:53 0 a------- c:\windows\system32\7D.tmp
2009-02-19 21:51 0 a------- c:\windows\system32\79.tmp
2009-02-19 21:46 162,724 a------- c:\windows\system32\75.tmp
2009-02-19 21:46 9,216 a------- c:\windows\system32\73.tmp
2009-02-19 21:46 88,065 a------- c:\windows\system32\70.tmp
2009-02-19 21:46 208 a------- c:\windows\system32\6B.tmp
2009-02-19 21:30 197 a------- c:\windows\system32\MRT.INI
2009-02-19 21:23 162,724 a------- c:\windows\system32\72.tmp
2009-02-19 21:23 9,216 a------- c:\windows\system32\6F.tmp
2009-02-19 21:23 88,065 a------- c:\windows\system32\6C.tmp
2009-02-19 21:23 208 a------- c:\windows\system32\69.tmp
2009-02-18 19:11 0 a------- c:\windows\system32\6D.tmp
2009-02-18 19:11 7,168 a------- c:\windows\system32\6A.tmp
2009-02-18 19:11 168 a------- c:\windows\system32\66.tmp
2009-02-18 17:31 163,300 a------- c:\windows\system32\68.tmp
2009-02-18 17:31 7,168 a------- c:\windows\system32\65.tmp
2009-02-18 17:31 25,601 a------- c:\windows\system32\64.tmp
2009-02-18 17:31 168 a------- c:\windows\system32\4F.tmp
2009-02-18 17:23 --d----- c:\windows\ERUNT
2009-02-18 17:07 163,300 a------- c:\windows\system32\67.tmp
2009-02-18 17:07 7,168 a------- c:\windows\system32\5A.tmp
2009-02-18 17:07 168 a------- c:\windows\system32\19.tmp
2009-02-18 17:02 0 a------- c:\windows\system32\4E.tmp
2009-02-18 17:02 7,168 a------- c:\windows\system32\2E.tmp
2009-02-18 17:02 168 a------- c:\windows\system32\15.tmp
2009-02-18 16:56 0 a------- c:\windows\system32\18.tmp
2009-02-18 15:13 137,376 a------- c:\windows\system32\drivers\ethkgdnb.sys
2009-02-18 15:13 3,584 a------- c:\windows\hdimwidh.exe
2009-02-18 15:10 164,036 a------- c:\windows\system32\11.tmp
2009-02-17 20:48 822 a---h--- C:\aaw7boot.cmd
2009-02-17 16:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-17 16:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 16:49 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 16:40 81,931 a------- c:\windows\system32\63.tmp
2009-02-17 16:40 48 a------- c:\windows\system32\62.tmp
2009-02-17 16:36 a-dshr-- C:\autorun.inf
2009-02-17 16:33 81,931 a------- c:\windows\system32\61.tmp
2009-02-17 16:32 48 a------- c:\windows\system32\60.tmp
2009-02-17 16:30 81,931 a------- c:\windows\system32\5F.tmp
2009-02-17 16:30 48 a------- c:\windows\system32\5E.tmp
2009-02-17 16:27 81,931 a------- c:\windows\system32\5D.tmp
2009-02-17 16:27 48 a------- c:\windows\system32\5C.tmp
2009-02-16 18:06 81,931 a------- c:\windows\system32\5B.tmp
2009-02-16 18:06 1 a------- c:\windows\system32\58.tmp
2009-02-16 18:06 88 a------- c:\windows\system32\56.tmp
2009-02-16 14:02 81,931 a------- c:\windows\system32\55.tmp
2009-02-16 14:02 1 a------- c:\windows\system32\54.tmp
2009-02-16 14:02 88 a------- c:\windows\system32\52.tmp
2009-02-16 13:59 81,931 a------- c:\windows\system32\51.tmp
2009-02-16 13:59 1 a------- c:\windows\system32\50.tmp
2009-02-16 13:59 88 a------- c:\windows\system32\4D.tmp
2009-02-16 13:30 81,931 a------- c:\windows\system32\4C.tmp
2009-02-16 13:30 1 a------- c:\windows\system32\4B.tmp
2009-02-16 13:30 88 a------- c:\windows\system32\4A.tmp
2009-02-16 13:27 81,931 a------- c:\windows\system32\49.tmp
2009-02-16 13:27 88 a------- c:\windows\system32\47.tmp
2009-02-16 13:27 1 a------- c:\windows\system32\48.tmp
2009-02-16 13:24 81,931 a------- c:\windows\system32\46.tmp
2009-02-16 13:24 1 a------- c:\windows\system32\45.tmp
2009-02-16 13:24 88 a------- c:\windows\system32\44.tmp
2009-02-16 13:20 81,931 a------- c:\windows\system32\43.tmp
2009-02-16 13:20 1 a------- c:\windows\system32\42.tmp
2009-02-16 13:20 88 a------- c:\windows\system32\41.tmp
2009-02-16 13:15 81,931 a------- c:\windows\system32\40.tmp
2009-02-16 13:15 1 a------- c:\windows\system32\3F.tmp
2009-02-16 13:15 88 a------- c:\windows\system32\3E.tmp
2009-02-16 13:10 81,931 a------- c:\windows\system32\3D.tmp
2009-02-16 13:10 1 a------- c:\windows\system32\3B.tmp
2009-02-16 13:10 88 a------- c:\windows\system32\3A.tmp
2009-02-16 13:08 81,931 a------- c:\windows\system32\39.tmp
2009-02-16 13:08 1 a------- c:\windows\system32\38.tmp
2009-02-16 13:08 88 a------- c:\windows\system32\37.tmp
2009-02-16 13:05 81,931 a------- c:\windows\system32\36.tmp
2009-02-16 13:05 1 a------- c:\windows\system32\35.tmp
2009-02-16 13:05 88 a------- c:\windows\system32\34.tmp
2009-02-16 13:03 81,931 a------- c:\windows\system32\33.tmp
2009-02-16 13:03 1 a------- c:\windows\system32\32.tmp
2009-02-16 13:03 88 a------- c:\windows\system32\31.tmp
2009-02-16 12:59 81,931 a------- c:\windows\system32\30.tmp
2009-02-16 12:59 1 a------- c:\windows\system32\2C.tmp
2009-02-16 12:59 88 a------- c:\windows\system32\2B.tmp
2009-02-16 12:57 81,931 a------- c:\windows\system32\2A.tmp
2009-02-16 12:57 1 a------- c:\windows\system32\29.tmp
2009-02-16 12:56 88 a------- c:\windows\system32\27.tmp
2009-02-16 12:54 81,931 a------- c:\windows\system32\26.tmp
2009-02-16 12:54 1 a------- c:\windows\system32\25.tmp
2009-02-16 12:54 88 a------- c:\windows\system32\24.tmp
2009-02-16 12:52 81,931 a------- c:\windows\system32\23.tmp
2009-02-16 12:52 1 a------- c:\windows\system32\22.tmp
2009-02-16 12:52 88 a------- c:\windows\system32\21.tmp
2009-02-16 12:50 81,931 a------- c:\windows\system32\20.tmp
2009-02-16 12:50 1 a------- c:\windows\system32\1F.tmp
2009-02-16 12:50 88 a------- c:\windows\system32\1E.tmp
2009-02-16 12:37 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-16 12:36 81,931 a------- c:\windows\system32\1D.tmp
2009-02-16 12:36 1 a------- c:\windows\system32\1C.tmp
2009-02-15 20:24 54,784 a------- c:\windows\system32\1B.tmp
2009-02-15 20:24 1 a------- c:\windows\system32\1A.tmp
2009-02-12 20:00 53,248 a------- c:\windows\system32\drivers\ndisio.sys
2009-02-12 16:37 a-dshr-- C:\cmdcons
2009-02-12 16:34 116,224 a------- c:\windows\sed.exe
2009-02-12 14:35 172 a------- c:\windows\system32\17.tmp
2009-02-12 14:33 15,239 a------- c:\windows\system32\16.tmp
2009-02-12 14:33 172 a------- c:\windows\system32\13.tmp
2009-02-12 14:06 --d----- c:\program files\common files\Symantec Shared
2009-02-12 14:06 --d----- c:\program files\Norton Security Scan
2009-02-11 20:45 25,601 a------- c:\windows\system32\2F.tmp
2009-02-11 20:42 128 a------- c:\windows\system32\2D.tmp
2009-02-11 20:41 5 a------- c:\windows\_id.dat
2009-02-11 19:33 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-11 15:46 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-11 15:38 -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-11 15:38 --d----- c:\program files\Lavasoft
2009-02-11 15:07 128 a------- c:\windows\system32\3C.tmp
2009-02-11 15:03 128 a------- c:\windows\system32\12.tmp
2009-02-10 17:47 --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-02-10 17:46 --d----- c:\program files\AIM6
2009-02-10 17:30 --d----- c:\program files\Spybot - Search & Destroy
2009-02-10 17:30 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-06 14:10 647,552 a------- C:\autoruns.exe
2009-02-06 14:10 540,032 a------- C:\autorunsc.exe
2009-02-05 17:19 130 a------- c:\windows\adobe.bat
2009-02-05 17:19 23,553 a------- c:\windows\system32\14.tmp
2009-02-05 17:15 168 a------- c:\windows\system32\10.tmp
2009-02-05 17:05 23,553 a------- c:\windows\system32\59.tmp
2009-02-05 17:02 168 a------- c:\windows\system32\57.tmp
2009-02-05 17:00 67,072 ----h--- c:\windows\system32\secupdat.dat
2009-02-05 16:59 616 a------- c:\windows\system32\53.tmp
2009-02-05 16:56 168 a------- c:\windows\system32\28.tmp
2009-02-01 21:06 --d----- C:\HJT
2009-02-01 20:15 --d----- c:\program files\Trend Micro
2009-02-01 17:03 --d-h--- C:\Data
2009-02-01 13:28 --d----- c:\docume~1\akaash~1\applic~1\Malwarebytes
2009-02-01 13:28 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-01 13:13 --d----- C:\SDFix
2009-01-30 22:43 --d----- c:\windows\pss
2009-01-30 20:23 --d----- c:\program files\NoAdware
2009-01-29 19:22 0 a------- c:\windows\system32\drivers\bb69258e.sys

==================== Find3M ====================

2009-02-25 17:53 578,560 a------- c:\windows\system32\user32.DLL
2009-02-12 14:39 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-02-11 20:05 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-01 16:21 581 a------- c:\program files\Shortcut to ComboFix.lnk
2009-01-29 19:29 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-29 19:29 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-12 17:20 279,888 a------- c:\program files\npmusicn.dll

============= FINISH: 22:00:23.23 ===============

Thank you!

Attached Files


Edited by Orange Blossom, 01 March 2009 - 03:02 AM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 PM

Posted 03 March 2009 - 04:49 PM

Hello aNimosity1 and welcome to Bleeping Computer,

I'm afraid I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware on your system. In that case, it's unfortunately a lost cause - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Greetings,
Thunder

Edited by Thunder, 03 March 2009 - 05:01 PM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 aNimosity1

aNimosity1
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 03 March 2009 - 07:56 PM

When I press F12, it brings up a screen which only two options: Windows XP Home Edition or Windows Recovery Console.
There is no screen like what is shown in the guide. The computer never came with any CDs either. It's an HP.

Thanks,
aNimosity1

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 PM

Posted 04 March 2009 - 05:21 PM

Hello aNimosity1,

You could contact your reseller to obtain the WinXP installation disc, if you paid for a legitimate Windows version.

To set the BIOS to boot from CD, it's possible you'll need to push another key, possibly F1, Del or an other.
The right key to enter Setup is shown on startup (usually at the bottom of the screen, white characters on a black background).

On the other hand, the Recovery Console can be used just as well,
all you need to do then is to change the path to the CD/DVD drive (fi. after the prompt, type cd /d D:, where D: is your CD/DVD drive),
and at the D:> prompt, type setup to iniatiate the installation.

If you are totally inexperienced performing an installation, it may be wise to consult someone with the necessary know how. :thumbup2:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 aNimosity1

aNimosity1
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 04 March 2009 - 07:13 PM

Could I just borrow an XP Installation Disc from a friend? Just wondering because everything is better free. :thumbup2:

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 PM

Posted 05 March 2009 - 05:55 PM

Hello aNimosity1,

That might work if you still have your WinXP license key and no significant hardware changes were executed on the PC.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 aNimosity1

aNimosity1
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 05 March 2009 - 09:37 PM

I do have a 20 digit code that I recorded from Start > All Programs > System Tools > System Information.
It is XXXXX-XXX-XXXXXXX-XXXXX. Is this the correct key? I also have several bar codes on the surface of the computer that I have not removed since I bought the computer at a used computer store. It was bought as a used computer, so they also posted a paper on the computer that has the system specs on it. I'm really inexperienced with these types of things, so where can I find the license key?

Thanks,
aNimosity1

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:04 PM

Posted 06 March 2009 - 04:23 PM

Hello aNimosity1,

As I said before :

If you are totally inexperienced performing an installation, it may be wise to consult someone with the necessary know how.


The WinXP key should be formatted like xxxxx-xxxxx-xxxxx-xxxxx-xxxxx - five sets of five letters and numbers.
To find it you might want to check here :
http://pcsupport.about.com/od/tipstricks/ht/findxpkey.htm

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users