Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't get past login screen after eradicating virus


  • Please log in to reply
11 replies to this topic

#1 JenGP

JenGP

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 31 January 2010 - 04:37 PM

Friday I thought I had gotten rid of a virus .. I downloaded and ran a Microsoft malware program .. it scanned, found the virus and supposedly removed it ... one of the problems that I had was the Task Manager was disabled but I was able to go in and enable it .. everything seemed to be working correctly and I could get onto websites that the virus said was a risk while it was still in my computer .. fast forward to Saturday morning ... computer opens says welcome shows the logon icon, I click on it says that it is loading settings, then logs off .. help!

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 31 January 2010 - 10:42 PM

Hello.

It appears your infected with one of the rogues that does this or perhaps it's a hijacked userinit file. We'll confirm that. Do you have some spare CDs? Follow the instructions below so we can see the state of that machine. From there we can fix the registry key related to that and see what's really causing that problem.

Download OTLPE and Boot Off It
  • Download OTLPE.iso and burn to a CD using ISO Burner.
A free Image Burning CD download can be found over here if you do not have one.

Instructions or tutorial on Burning ISO files can be found over here.
  • Once you have burned the file to a CD take the CD out of your working computer's CD-Rom drive.
  • Reboot your infected system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop and OTLPE should be loaded successfully.
Download DDS-BootCD and Save to Flash-Drive

Now please download DDS-BootCd and save it to your working computer's desktop.
Use a Flash/removable drive and copy that file into the removable drive.
Insert the flash/removable drive into your infected computer which is currently booted into the OTLPE Environment.
Double-click My Computer on the infected machine which is booted into the OTLPE Environment.
Find your removable/flash drive and copy the DDS-bootCD file to the desktop
Double-click on the DDS-bootcd.exe file and run it
Once it's complete a og files will open:
  • DDS.txt
It will be saved at the root of the drive (C:\). Please save that log file onto your flash/removable drive.
Remove your flash/removable drive and insert it to your working computer and post those two logs here for my review.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 JenGP

JenGP
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 01 February 2010 - 08:12 PM

I did what you suggested and was ready to rock and roll .. I put the CD into the infected computer and it would not let me boot from the CD .. now I am more determined to beat the foe ... lol .. seriously, it looks like it will accept a boot frim a flash drive .. should I copy the program to that? BTW, I have a Dell inspiron ..

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 01 February 2010 - 08:36 PM

Hello.

Did you try the steps mentioned here about setting the BIOS to boot from CDROM? http://www.hiren.info/pages/bios-boot-cdrom

Instead of pressing the delete key you may need to try tapping the F2, F11, F12 key to configure the system to boot from CD. You can usually do this by pressing F10, F11, or F12 (try all of them if unsure) to bring up configuration options, and select CDRom as your boot device. Some machines will automatically attempt boot from the CD if one is inserted.

Let me know how it goes.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 JenGP

JenGP
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 01 February 2010 - 09:33 PM

I burned the CD and put it into the infected computer .. pressed F2 because that's what the Dell I have does to access BIOS .. when I got to the Boot Device it said that the only drives I could boot from were numbered .. the internal drive, the flash drive and the external drive were the only options ..

Should I move the download from the CD to the flash drive and try again? Thanks so much

Jen

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 02 February 2010 - 04:40 PM

You can try using to prepare bootable flash-drive and try that instead. Strange that there's no CD-ROM option to boot from. How old is this PC?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 JenGP

JenGP
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 02 February 2010 - 06:15 PM

You can try using to prepare bootable flash-drive and try that instead. Strange that there's no CD-ROM option to boot from. How old is this PC?


My mistake ... I did it .. here's the dds info

DDS_BootCD_Version (Ver_09-10-04.01) - NTFS
Run at 17:55:16.32 on Tue 02/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

============== Pseudo HJT Report ===============

S-1-5-21-986813130-1257811806-1383117408-500_Start Page = hxxp://www.dell.com
mSearchAssistant = hxxp://www.google.com/ie
S-1-5-21-986813130-1257811806-1383117408-1005_URLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: USERINIT=c:\windows\system32\winlogon32.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
S-1-5-21-986813130-1257811806-1383117408-1005_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
S-1-5-21-986813130-1257811806-1383117408-1005_Run: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
S-1-5-21-986813130-1257811806-1383117408-1005_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
S-1-5-21-986813130-1257811806-1383117408-1005_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VBTUCopy] c:\program files\vbtucopy\VBTUCopy.exe /a /f
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [smss32.exe] c:\windows\system32\smss32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\jen\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
S-1-5-21-986813130-1257811806-1383117408-1005_Policies-explorer: NoSetActiveDesktop = 1 (0x1)
S-1-5-21-986813130-1257811806-1383117408-1005_Policies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

============= SERVICES / DRIVERS ===============

McAfee SiteAdvisor Service; "c:\program files\mcafee\siteadvisor\McSACore.exe"
Outlook; [x]
{21102DB6-915C-4076-8405-06EA78A94765}; [x]
{3DB0AA62-80D0-4B05-9944-15339E4134A2}; [x]
{EFF03A33-BB31-4DDE-B67F-D913A0C606D1}; [x]

=============== Created Last 30 ================

2010-02-02 17:42 8,212 a------- c:\windows\mfebcdata
2010-01-29 18:36 274,288 a------- c:\windows\system32\mucltui.dll
2010-01-29 18:36 215,920 a------- c:\windows\system32\muweb.dll
2010-01-29 18:36 16,736 a------- c:\windows\system32\mucltui.dll.mui
2010-01-29 10:26 181,120 -------- c:\windows\system32\MpSigStub.exe
2010-01-29 10:24 <DIR> --d----- c:\program files\Microsoft Security Essentials
2010-01-29 10:19 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2010-01-28 20:23 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-01-28 20:23 <DIR> --d----- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2010-01-28 20:16 0 a------- c:\windows\system32\IS15.exe
2010-01-28 19:45 0 a------- c:\windows\system32\11942.exe
2010-01-28 19:25 0 a------- c:\windows\system32\2995.exe
2010-01-28 19:05 0 a------- c:\windows\system32\491.exe
2010-01-28 18:45 0 a------- c:\windows\system32\9961.exe
2010-01-28 18:25 0 a------- c:\windows\system32\16827.exe
2010-01-28 18:05 0 a------- c:\windows\system32\23281.exe
2010-01-28 18:02 <DIR> --d----- c:\documents and settings\jen\application data\Malwarebytes
2010-01-28 18:02 <DIR> --d----- c:\documents and settings\all users\application data\Malwarebytes
2010-01-28 17:44 0 a------- c:\windows\system32\28145.exe
2010-01-28 17:24 0 a------- c:\windows\system32\5705.exe
2010-01-28 17:04 0 a------- c:\windows\system32\24464.exe
2010-01-28 16:44 0 a------- c:\windows\system32\26962.exe
2010-01-28 14:21 <DIR> --d----- c:\windows\system32\appmgmt
2010-01-28 14:19 <DIR> --d----- c:\documents and settings\jen\application data\MSNInstaller
2010-01-28 13:49 0 a------- c:\windows\system32\29358.exe
2010-01-28 13:41 69,120 -------- c:\windows\system32\dllcache\iecompat.dll
2010-01-28 13:40 <DIR> --d----- c:\windows\ie8updates
2010-01-28 13:38 11,070,464 -------- c:\windows\system32\dllcache\ieframe.dll
2010-01-28 13:38 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2010-01-28 13:38 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2010-01-28 13:38 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2010-01-28 13:38 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-28 13:38 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2010-01-28 13:35 <DIR> -cd-h--- c:\windows\ie8
2010-01-28 13:29 0 a------- c:\windows\system32\11478.exe
2010-01-28 13:28 411,368 a------- c:\windows\system32\deploytk.dll
2010-01-28 13:09 0 a------- c:\windows\system32\15724.exe
2010-01-28 12:49 0 a------- c:\windows\system32\19169.exe
2010-01-28 12:29 0 a------- c:\windows\system32\26500.exe
2010-01-28 12:09 0 a------- c:\windows\system32\6334.exe
2010-01-28 11:49 0 a------- c:\windows\system32\18467.exe
2010-01-28 11:29 0 a------- c:\windows\system32\41.exe
2010-01-28 11:25 1 a------- C:\s
2010-01-13 15:30 <DIR> --d----- c:\program files\My Documents
2010-01-13 12:46 <DIR> --d----- c:\program files\VBTUCopy
2010-01-12 23:08 471,552 -------- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 04:11 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2010-01-11 21:28 <DIR> --d----- c:\program files\VIA
2010-01-11 19:54 <DIR> --d----- c:\windows\system32\scripting
2010-01-11 19:54 <DIR> --d----- c:\windows\l2schemas
2010-01-11 19:54 <DIR> --d----- c:\windows\system32\en
2010-01-11 19:54 <DIR> --d----- c:\windows\system32\bits
2010-01-11 19:45 <DIR> --d----- c:\windows\network diagnostic

==================== Find3M ====================

2010-01-11 20:03 88,375 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-12-22 00:21 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-12-21 14:14 916,480 a------- c:\windows\system32\wininet.dll
2009-12-21 14:14 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 14:14 916,480 -------- c:\windows\system32\dllcache\wininet.dll
2009-12-21 14:14 5,942,784 -------- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 14:14 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-12-21 14:14 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 14:14 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 14:14 387,584 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 08:19 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-11-21 20:26 262,144 a------- c:\documents and settings\all users\NTUSER.DAT
2009-11-21 10:51 471,552 a------- c:\windows\apppatch\aclayers.dll

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
ALPS Touch Pad Driver
Apple Application Support
Apple Software Update
Banctec Service Agreement
Broadcom Management Programs 2
Brother MFL-Pro Suite
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Digital Line Detect
eFax Messenger
Google Toolbar for Internet Explorer
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Java™ 6 Update 17
Java™ 6 Update 5
McAfee SecurityCenter
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
PaperPort
Platform
PowerDVD 5.5
QuickSet
QuickTime
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Service Pack 3

============= FINISH: 17:56:28.90 ===============

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 02 February 2010 - 06:29 PM

Hello.

Yup it seems it's the rogue that caused this mess. Let's fix that. I have provided a picture below on how it should look at the end.

Boot into the OTLPE Environment again.

Once it's loaded press the "start" button (blue windows symbol) at the bottom left corner.
Then press All Programs > Regedit > Remote (RunScanner)
The RunScanner should run and the when asked: "Do you wish to load remote user profile(s) for scanning?" Select Yes
Then at the next prompt make sure: Automatically Load All Remaining Users? is checked and then press Ok
This should then open up the Registry Editor.

Navigate to the following key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon <- This key.


Click on the Winlogon key and then at the right pane, there should be a lot of values, scroll down until you see: userinit
Right-click on the userinit value and select Modify.
An "Edit String" box should appear. Under "Value data:" please input: C:\Windows\System32\userinit.exe, (refer to image below)
Then press Ok

Note: Make sure the spelling and the comma (,) are there. I have provided a picture of what it should look like below to help you.

Upon completion of that, exit the Registry Editor and reboot the computer and remove the OTLPE disk from the CD-ROM and see if it loads correctly now.

Posted Image

Let me know how it goes.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 JenGP

JenGP
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 04 February 2010 - 10:32 PM

Thank you so much .. I'm totally amazed .. I'm sending others to this site .. and so appreciate your help!!

Jennifer

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 05 February 2010 - 07:51 PM

No problem. Glad I could help. :thumbsup:

--
However, I do not believe you are clean yet. We have just fixed the boot issue regarding this infection. Do you wish for me to continue helping you check for malware and disinfect it?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 robyn1112

robyn1112

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 07 February 2010 - 11:43 PM

HEllo,
I followed your advice from above as I was having the same problem with the logon-logoff loop. I would like to post my DDS log for your review. I have been fighting this virus (?) with other tech helpers for 2 weeks with no luck...I'm hoping to finally have my solution!!
Thanks in advance for your assistance!!!

DDS_BootCD_Version (Ver_09-10-04.01) - NTFS
Run at 23:24:04.81 on Sun 02/07/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18

============== Pseudo HJT Report ===============

mSearch Page =
mLocal Page = %SystemRoot%\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
S-1-5-21-1060284298-1677128483-839522115-1003_URLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mWinlogon: Userinit=c:\windows\system32\winlogon32.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
S-1-5-21-1060284298-1677128483-839522115-1003_Run: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
S-1-5-21-1060284298-1677128483-839522115-1003_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
S-1-5-21-1060284298-1677128483-839522115-1003_Run: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
S-1-5-21-1060284298-1677128483-839522115-1003_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
S-1-5-21-1060284298-1677128483-839522115-500_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [FLMK08KB] c:\program files\muiltmedia keyboard utility\1.3\MMKEYBD.EXE
mRun: [LWBMOUSE] c:\program files\belkin mouse 1.0\MOUSE32A.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\documents and settings\robyn\start menu\programs\startup\Reboot.exe
S-1-5-21-1060284298-1677128483-839522115-1003_Policies-explorer: NoSetActiveDesktop = 1 (0x1)
S-1-5-21-1060284298-1677128483-839522115-500_Policies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} - hxxp://www.worldwinner.com/games/v40/mines/mines.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v49/bjattack/bjattack.cab
DPF: {5EE92643-21CE-4949-903F-39439DCC3944} - hxxp://www.worldwinner.com/games/v42/shape/shape.cab
DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} - hxxp://www.worldwinner.com/games/v44/wordcube/wordcube.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://pogo.oberon-media.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v44/royal/royal.cab
DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} - hxxp://www.worldwinner.com/games/v48/chess/chess.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - hxxp://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab?fd7767a287b2d2f76c0a95f8bda2e136957473c550bfb81e49252734af6867d26a66ecec618633058da45cb1addd0a4167fc5f33e0c071476677bb6fc6:190950799eb876e613008c54b810aed3
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XULRunner: {5F4EF925-AF99-4469-8B86-FCA1EF96157E} - c:\documents and settings\robyn\local settings\application data\{5F4EF925-AF99-4469-8B86-FCA1EF96157E}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

aswFsBlk; system32\DRIVERS\aswFsBlk.sys
aswSP; [x]
Outlook; [x]
YahooAUService; "c:\program files\yahoo!\softwareupdate\YahooAUService.exe"
{60D50674-F9AA-4AE3-8C7A-1E3758951A75}; [x]
{9D8B16C5-756F-44B8-907A-382AA5285F02}; [x]

=============== Created Last 30 ================

2010-02-05 16:34 24,576 a------- c:\windows\system32\userinit.exe
2010-02-03 18:33 524,288,000 -------- C:\.fuse_hidden0000000200000003
2010-01-29 08:36 524,288,000 -------- C:\.fuse_hidden0000000200000002
2010-01-28 17:07 524,288,000 -------- C:\.fuse_hidden0000000200000001
2010-01-23 19:30 73,728 a------- c:\windows\system32\javacpl.cpl
2010-01-23 19:10 411,368 a------- c:\windows\system32\deploytk.dll
2010-01-23 18:34 142 a------- c:\windows\wininit.ini
2010-01-23 17:41 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-23 17:41 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-23 17:41 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-23 17:41 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-22 20:44 <DIR> --d----- c:\windows\pss
2010-01-22 15:37 0 a------- c:\windows\system32\IS15.exe
2010-01-22 15:37 0 a------- c:\windows\system32\helper32.dll
2010-01-22 15:37 2,931 a------- c:\windows\system32\warning.html.virus
2010-01-20 16:44 6,205 a------- c:\windows\system\Kbdvx32a.vxd
2010-01-20 16:44 <DIR> --d----- c:\program files\Labtec
2010-01-13 13:16 0 a------- c:\windows\Lmamada.bin
2010-01-13 13:16 120 a------- c:\windows\Ypiduwude.dat

==================== Find3M ====================

2009-12-22 00:42 662,016 a------- c:\windows\system32\wininet.dll
2009-12-22 00:42 81,920 a------- c:\windows\system32\ieencode.dll
2009-11-21 11:36 470,528 a------- c:\windows\apppatch\aclayers.dll
2007-08-19 12:23 262,144 a------- c:\documents and settings\all users\ntuser.dat

==== Installed Programs ======================

Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Azureus
Belkin Mouse 1.0
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MX700 series
Canon MX700 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
Gold Miner
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 18
Juniper Terminal Services Client
K-Lite Mega Codec Pack 1.25
Labtec Desktop V5.1
LG USB Drivers
LG USB Modem driver
LightScribe 1.4.44.1
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office FrontPage 2003
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Muiltmedia keyboard utility 1.3
Nero Suite
NVIDIA Drivers
Platform
ProCooking
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
USB Vibration Joystick
V CAST Music
V CAST Music Essentials Manager
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
WebFldrs XP
Winamp (remove only)
WinAVIVideoConverter
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Software Update
Yahoo! Toolbar

============= FINISH: 23:25:27.70 ===============

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 08 February 2010 - 08:48 PM

Hello robyn1112,

Please start your own thread, but you can also follow my instructions from this post: http://www.bleepingcomputer.com/forums/ind...t&p=1613137 (Post #8) and see if it resolves it.

Cheers.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users