Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help!! I believe that I have some kind of worm.


  • This topic is locked This topic is locked
8 replies to this topic

#1 egomez

egomez

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 26 December 2009 - 06:42 PM

As soon as I turn my computer on, before windows can even fully start a picture pops up. It's file name is gee_ru_430435. This is not my picture. I have to close it and then a warning comes up staying that I am infected with a worm and I have to close that in order for windows to start. Then when windows starts, it changes my background image to say "YOUR SYSTEM IS INFECTED! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed." There is a red cirle with an X next to the time. When I try to run Malwarebytes' Anti Malware, it won't open and tries to search for the file. I tried to rename it and it won't work. I run AVG and it won't find anything useful. Malwarebytes is my favorite program and it won't run!! I ran Hijack This and RootRepeal. I hope that someone can help me. It's driving me crazy!!

DDS (Ver_09-11-24.02) - NTFSx86
Run by IllyRap Recordings at 12:48:50.32 on Tue 11/24/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3582.2670 [GMT -5:00]

AV: System Defender *On-access scanning enabled* (Outdated) {A279AC9A-2D39-490C-9E26-9BDEC8B42AB8}
FW: System Defender *enabled* {B1885C7A-69BB-4581-968E-ED174C61C90B}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\IllyRap Recordings\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.8.0\IEViewBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [DiskeeperSystray] "c:\program files\executive software\diskeeper\DkIcon.exe"
mRun: [Dell AIO Printer A960] "c:\program files\dell aio printer a960\dlbfbmgr.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [awTray.exe] "c:\program files\intel\idu\awtray.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: bdsripcab - hxxps://media.bdsrealtime.com/components/bdsripcab.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab
DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - hxxps://accounting.quickbooks.com/c1/v16.580/qboax9.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160702183296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160703986640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\illyra~1\applic~1\mozilla\firefox\profiles\nnm1i9y3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={F783C94B-E788-678A-CA66-0EC14B831625}&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-20 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-20 360584]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-11-11 12298]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-20 285392]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-6-30 7296]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-13 38224]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2007-7-21 19968]
S2 sdufstws;sdufstws;c:\windows\system32\drivers\kemjlwk.sys [2009-11-23 71424]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1a.tmp --> c:\windows\system32\1A.tmp [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]

=============== Created Last 30 ================

2009-11-24 17:36:12 12800 ----a-w- c:\windows\system32\tdlclk.dll
2009-11-24 17:35:51 15872 ----a-w- c:\windows\system32\tdlcmd.dll
2009-11-23 19:08:31 71424 ----a-w- c:\windows\system32\drivers\kemjlwk.sys
2009-11-22 10:13:28 0 d-----w- c:\program files\WinPcap
2009-11-21 15:29:12 0 d-----w- c:\program files\Sophos
2009-11-20 23:43:39 387 ----a-w- c:\windows\system32\uses32.dat
2009-11-20 23:43:39 30 ----a-w- c:\windows\system32\worker.info
2009-11-20 23:43:39 30 ----a-w- c:\windows\system32\thread.xml
2009-11-20 23:43:39 30 ----a-w- c:\windows\system32\config.data
2009-11-20 23:43:39 100 ----a-w- c:\windows\system32\flags.ini
2009-11-20 23:41:41 55296 ----a-w- C:\xrvho.exe
2009-11-20 21:35:50 0 d--h--w- C:\$AVG
2009-11-20 21:35:41 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-20 21:35:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-20 21:35:36 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-20 21:35:33 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-20 21:35:31 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-11-20 21:35:24 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-19 23:51:07 0 d-----w- c:\program files\AVG
2009-11-18 22:34:13 72 ----a-w- C:\ddv.tmp
2009-11-18 22:29:19 0 d-sh--w- c:\docume~1\alluse~1\applic~1\85605
2009-11-18 22:24:27 0 d-sh--w- c:\documents and settings\all users\729995a
2009-11-13 15:51:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-13 15:51:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 15:51:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 14:17:49 0 d-----w- c:\docume~1\illyra~1\applic~1\Malwarebytes
2009-11-04 14:16:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-30 19:46:43 0 d--h--w- C:\1
2009-10-30 19:30:21 0 d--h--w- C:\0
2009-10-30 19:19:15 0 d-----w- C:\DVDTemp
2009-10-30 19:07:59 0 d-----w- c:\program files\Free DVD Creator

==================== Find3M ====================

2009-09-17 01:09:01 70984 ----a-w- c:\documents and settings\illyrap recordings\g2mdlhlpx.exe
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:24:10 14848 --sha-w- c:\program files\Thumbs.db
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2007-01-25 23:02:41 15505200 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-11-30 04:05:32 2880456 ----a-w- c:\program files\vmp_full_installer.exe
2006-11-27 01:39:19 1037312 ----a-w- c:\program files\iview399.exe
2006-11-19 03:37:10 2012824 ----a-w- c:\program files\LS_HSI.EXE
2006-11-13 03:46:45 18131206 ----a-w- c:\program files\exPressit.zip
2006-11-03 03:39:08 36808256 ----a-w- c:\program files\iTunesSetup.exe
2006-10-28 15:31:37 48376504 ----a-w- c:\program files\flstudio608_install.exe
2006-10-22 18:07:25 24334848 ----a-w- c:\program files\WP12SP1E.msp
2006-10-18 21:01:38 93302066 ----a-w- c:\program files\IDU_2.1.9.66.exe
2006-10-16 22:49:30 12878009 ----a-w- c:\program files\ysitebuilder.exe
2006-10-14 03:13:18 728328 ----a-w- c:\program files\SonicStageInstaller.exe
2006-10-14 02:36:50 23608632 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2004-10-01 19:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2004-01-07 19:20:08 465920 ----a-w- c:\program files\FL Studio VSTi (Multi).dll
2004-01-07 19:19:12 465920 ----a-w- c:\program files\FL Studio VSTi.dll
2002-12-10 22:45:37 489825 ----a-w- c:\program files\cooledit manual.pdf
2002-09-09 03:37:14 27863562 ----a-w- c:\program files\Acid Pro 4.0 (Build 215) -v187.exe
2002-08-16 19:17:10 2979728 ----a-w- c:\program files\ACID40_manual.pdf
2002-07-12 19:00:54 61 ----a-w- c:\program files\Cool Edit Pro 2.0 Serial.txt
2002-07-12 18:59:10 568140 ----a-w- c:\program files\Cool Edit Pro CD Burning Add On.exe
2002-07-12 18:46:04 20280855 ----a-w- c:\program files\Cool Edit Pro 2.0 setup.exe
2002-07-12 18:26:16 996067 ----a-w- c:\program files\Cool Edit Pro 2.0 Registration.exe

============= FINISH: 12:50:42.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:09 PM

Posted 26 December 2009 - 07:29 PM

Hi egomez,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
  • Please make a restore point.
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Reset the LAN settings:
    • Go to Tools => Internet Options => click on the Connections tab, then click on LAN Settings. The following items should be unchecked:
      • Automatically detect settings
      • Use a proxy server for your LAN
    • Click OK.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open, copy and paste just OTL.txt to your reply:


#3 egomez

egomez
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 26 December 2009 - 11:10 PM

I have not yet been able to try anything that you have said. I just tried to turn on the computer and it won't start normally. As soon as I turn it on, that picture pops up, gee_ru_430435, and when I close it, the screen is just blank. I try to start in safe mode and it just blue screens. I am currently using a different computer. Any suggestions? I will keep trying to start it! This is driving me crazy!! Thank you for all of your help! I really appreciate it.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:09 PM

Posted 27 December 2009 - 06:39 AM

I am currently using a different computer.

  • Is this one a Windows XP or Vista?

  • Do you have a Windows XP or Vista installation CD. We need to use its recovery options.

  • Do you have a pen drive or a flash drive?


#5 egomez

egomez
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 27 December 2009 - 01:32 PM

I have Windows XP on both computers. No, I don't have an installation cd. I do have a flash drive.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:09 PM

Posted 27 December 2009 - 03:04 PM

  • We need to make a boot CD.
    • Download Hiren's BootCD Iso to the desktop of the clean computer.
    • Extract the zipped HirensBootCD.zip to your desktop.
    • Open the extracted HirensBootCD folder and extract the zipped HirensBootCD.iso.
    • Double click the BurnToCD.cmd bat file contained in the HirensBootCD folder. This will launch BurnCDCC.
    • Insert a blank CD in your drive.
    • Press Start. This will burn the image to disc.
  • Insert the CD in the CD/DVD-Rom of the problematic computer and and restart.
    • When the computer starts before loading Windows it gives you the option Press any key to boot from CD.... Press a key. If you don't press the key on time it goes on booting Windows and you have to restart to press the key on time.
    • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, F10, F12 or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
    • If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
    • Your PC should now boot from your CD.
  • When the CD boots choose "Start MiniWindowsXP". Allow Windows to load. You will see a typical Windows Desktop.
  • You will be able to access your sick drive and save files/folders from here. Let me know when you have gotten this far and I can guide you.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:09 PM

Posted 27 December 2009 - 07:25 PM

When you performed the steps in the previous post and get to the boot Cd, double-click My Computer icon on the desktop and tell me the drive letter of your flash drive.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:09 PM

Posted 30 December 2009 - 09:21 AM

Are you still there? I'll wait one more day before closing the topic.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:09 PM

Posted 31 December 2009 - 03:45 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.

Edited by farbar, 31 December 2009 - 03:46 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users