Computer Infected

Compaq Presario Computer - Windows XP - AMD 64 Athlon


I might have several viruses, i dont know, but i know recently i got a msg that my computer is infected and somewhere i saw "AntivirusPro2009". Since then my computer has slowed down.
Everytime I search something and click a link, i get redirected to another page (no specific one, its always different).

I searched around & tried downloading AVG Antivirus, Malware Bytes & a free trial of McAfee AntiVirus. It will not download it no matter what website I try. I get the following message:
Connection Interrupted
The connection to the server was reset while the page was loading.
The network link was interrupted while negotiating a connection. Please try again.
It does have a "try again" button, i press it several times but i get the same message. In Explorer It just shows up as if the page cannot load as if i didnt have internet connection - but i obviously do.

PLEASE HELP! CAN ANYONE SUGGEST ANYTHING???? Is it too late?

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:

• Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
• Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
• The Express scan will automatically begin.
  (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
• If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
• If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)

• After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
• In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
• Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
• Please be patient as this scan could take a long time to complete.
• When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
• Click Select All, then choose Cure > Move incurable.
• In the top menu, click file and choose save report list.
• Save the DrWeb.csv report to your desktop.
• Exit Dr.Web Cureit when done.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Ok i tried like 5x to download DrWebCureIt but it doesnt do anything, I get the wait icon on my mouse and thats it. I click the link to manually start the download and same problem...

I saw a msg from my 'security center' so i clicked on it and went to Virus Protection and then Recommendations. It took me to a website and I clicked on a link and downloaded "Panda Internet Security". Ok so I dont know why my computer chooses whatever it wants to download, weird.

Anyway I did a computer scan with the Panda thing and got a report... Hopefully this will suffice:


Panda Internet Security 2009 incident report
Filter selected:Virus detected, Suspicious file, Dangerous file, Script execution, Phone connection, Connection attempt, Port scan attack, Denial of service attack, Spoofing, Attacking IP address blocked, Enabled, Disabled, Update, Scan started, Scan complete, Date: All

Adware detected: adware/coolsavings On-demand antivirus scan 7/9/2009 8:13:53 PM Deleted Path: hkey_local_machine\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/cpnmgr.dll

Virus detected: W32/Autorun.ISY On-demand antivirus scan 7/9/2009 8:20:45 PM Moved to quarantine Path: D:\RECYCLER\S-8-4-23-100015547-100030490-100026569-4309.com
Virus detected: W32/Autorun.ISY On-demand antivirus scan 7/9/2009 8:20:44 PM Moved to quarantine Path: D:\RECYCLER\S-7-3-83-100027316-100007513-100012476-1353.com
Virus detected: W32/Autorun.ISY On-demand antivirus scan 7/9/2009 8:20:42 PM Moved to quarantine Path: D:\RECYCLER\S-5-9-25-100012776-100025431-100005291-4419.com
Virus detected: W32/Autorun.ISY On-demand antivirus scan 7/9/2009 8:20:46 PM Moved to quarantine Path: D:\RECYCLER\S-5-3-37-100029320-100027556-100001809-1726.com
Virus detected: W32/Autorun.ISY On-demand antivirus scan 7/9/2009 8:20:42 PM Moved to quarantine Path: D:\RECYCLER\S-4-2-10-100011675-100002714-100004586-2319.com
Virus detected: W32/Autorun.ISY On-demand antivirus scan 7/9/2009 8:20:42 PM Moved to quarantine Path: D:\RECYCLER\S-3-9-31-100003804-100027365-100001287-4470.com
Virus detected: W32/Autorun.ISY On-demand antivirus scan 7/9/2009 8:20:47 PM Moved to quarantine Path: D:\RECYCLER\S-1-6-44-100024045-100000731-100019279-5325.com
Virus detected: W32/Autorun.ISY On-demand antivirus scan 7/9/2009 8:20:42 PM Moved to quarantine Path: D:\RECYCLER\S-0-5-43-100002731-100013219-100016787-4041.com
Virus detected: W32/Autorun.ISY On-demand antivirus scan 7/9/2009 8:20:43 PM Moved to quarantine Path: D:\RECYCLER\S-0-5-34-100008183-100007619-100020746-5183.com

Do you access to another computer where you could download the DrWebCureIt scan and copy it over to the problem computer.

NO I DON'T ..... IS THERE ANY OTHER SOLUTION?
I TRIED TO DOWNLOAD IT AGAIN TODAY BUT IT DOESN'T WORK

Reboot your computer and as it boot repeatedly tap the F8 key until you get to the Safe Mode menu. Then select "Safe Mode with Networking". After the computer boots in Windows try to download DrWebCureIt again.

i went in safe mode w/ networking and tried downloading it but it still doesn't work

Most Internet connectivity problems arise out of corrupt Winsock settings due to the installation of a networking software or Malware infestation. If your ISP provider insists that your connection is coming through, the problem must be at your end.

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot. Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.

Then try to download DrWebCureIt again.

i did all the above step by step and i still cant download it!
oh and i got pop ups for sites like registrydefender.com and http://axecaif.cn/?wm=70159&l=1 which says "my computer online scan". i keep getting that and messages saying my computer is infected but i know its not my computer sending those messages.

do i really need to use this drweb thing or is there something else i can try to download?
i'm willing to try whatever. in the meantime i've been trying to email and save my pictures in case my last resort is to restore the computer. =(

Try SUPERAntiSpyware.

http://www.superantispyware.com/

it downloaded or saved on my desktop but it wont run or open. should i exit safe mode?

Try this (in Normal Mode).

Rename this file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

to this

winlogon.exe

Then double-click the renamed file and see if Malwarebytes will run.

i dont have malware bytes lol. but i'll do what you say. i'm shutting down now and will go in normal mode.

Sorry, I thought you already had it.

Try the same renaming trick with SUPERAntiSpyware.