Hello, and I've got a booger of a bug

Inactive
By 12ozRuss
Aug 10, 2011
Topic Status:
Not open for further replies.
  1. Hi there,

    Let me start by saying I have been following your boards for a while and just have joined. In the past reading your various posts have helped me get rid of simple adwares and malwares. But this time I believe I have caught a nasty one.

    I cannot find the name of this virus so I'm not exactly sure what I am looking at. 3 days ago while my wife was tooling on the computer she somehow got the " XP Security 2012" Malware. I ran through the steps I found and thought I was rid of it, but then it just got worse. It seems that I have lost all permissions to scan, install, or run anything. I have downloaded Malwbytes, Combofix, adaware, hijackthis, rkill, gmer, everything I can find. I have installed these and tried to run them in safe modes (renaming and all) individually but cannot get anything to scan with out the program crashing. No logs to be found. I can see the thing running in my Processes under windows task mgr, but I can't stop it, or find it anywhere in my files by searching for it. The running process is:
    3109447242:3046746438.exe it uses 480k memory as it runs.

    I have tried stopping every service to see if it was attached to one. It starts up no matter what. And in Safe mode as well. I'm really at a loss. This PC has alot of goodies I do not want to lose. What should I do next? How do I get my permissions back?

    Thanks in advance and sorry for the largte paragraph.....
    -RW
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot! I'll help remove this frequent flyer.

    If you have a System Restore Point set not too many days before you started 'gathering programs', restore the system to that date. If you do not know how to do this, please let me know- just tell me which OS you have.

    This should remove all or most of these: "Malwbytes, Combofix, adaware, hijackthis, rkill, gmer, everything I can find."[/b] (See uninstaller for Combofix)

    Sometimes users will go into panic mode and gather random programs, not knowing if they are appropriate or not. You comment of 'everything I can find' alerts me to tell you to stop!

    If any of the other programs remain, or if you don't have a restore point, remove the programs in Add/Remove Programs, . Then use Windows Explorer (Right click on Start> Explore)> My Computer> Double click on Local Drive (C)> Programs> find the program folder for each of the scan you used and do a right click> Delete on each.

    I hope this will restore the Service setting. If it does not, I'll have you check in the Event Viewer to see what's not running.

    You will need to do this for Combofix: Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    =============================================
    That being done, we will start at the beginning and deal with any problem that comes up. The infection you have comes on like a bear, but done right, it can be easily removed:

    The following should be run in Normal Mode if you can. If you have any problem running a scan, please let me know and do not add programs unless I instruct you to. Hopefully this will stop you from running programs that are not appropriate for the infection.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please do not change any settings unless I instruct you to.
  3. 12ozRuss

    12ozRuss Newcomer, in training Topic Starter

    Thanks for the reply. I am working on the 7 steps currently.

    Windows XP Media Edition SP3


    sorry didn't mention that already
  4. 12ozRuss

    12ozRuss Newcomer, in training Topic Starter

    Ok,
    It would not allow me to do a system restore to a point existing before the infection. It would allow me to do a restore to earlier today so I did that. I did make sure all of the programs that I have installed are uninstalled.

    I then went to the seven steps but have already failed on the first.
    I downloaded and installed Avira with no problem, but it would not allow me to update giving me an error ( random charactors). It also would not do a full system scan without stopping in the beginning.

    Thank you again...

    Shall i continue to the next steps?
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You don't know for sure when the infection was put of. I just wanted your use a system restore point to the closer date before you changed entries, Services, around and used multiple cleaning programs.

    Please continue on. Remember if you get to where you can't do something, stop and tell me and I will help.

    You do not need to run the scan with Avira- I have you do an online virus scan at the right point. And I'm wondering why you doesnloadrd Avira whwe you already had Norton

    If ou're following this> http://www.techspot.com/vb/topic58138.html
    There is no 7th step

    When I see your logs, I will get some idea what is not the system
  6. 12ozRuss

    12ozRuss Newcomer, in training Topic Starter

    Hi there again,

    I was not running Norton, sorry if something in my messages indicated that.

    Ok, I DL'd Malwarebytes from you site. Again it ended abruptly. No Log could be found for this run.
  7. 12ozRuss

    12ozRuss Newcomer, in training Topic Starter

    So far DDS is the only scan I can get to complete.
    gmer did the same thing as Malwarebytes. It would start and then within 20 seconds just disappear with no error or anything. Then will not let me run the program again due to permissions.

    Here is the DDS Test Log


    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Run by Owner at 11:27:05 on 2011-08-11
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1303.0\msneshellx.dll
    TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
    IE: &Search
    IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: turbotax.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
    DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} - hxxp://rockyou.com/RockYouImageUploader.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ssl.dacor.com/dana-cached/setup/JuniperSetupSP1.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner.your-1bc968e400\application data\mozilla\firefox\profiles\lepof94h.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: XULRunner: {B988DC76-4413-474C-8293-2DEE93C09E34} - c:\documents and settings\owner.your-1bc968e400\local settings\application data\{B988DC76-4413-474C-8293-2DEE93C09E34}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Megaupload Toolbar: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} - %profile%\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2011-08-11 15:20:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-11 15:20:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-11 15:20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-11 01:04:41 -------- d-----w- c:\documents and settings\owner.your-1bc968e400\application data\Avira
    2011-08-11 01:02:55 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-11 01:02:54 -------- d-----w- c:\program files\Avira
    2011-08-11 01:02:54 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-08-10 21:52:49 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-08-10 21:52:48 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-08-10 21:52:13 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
    2011-08-10 21:29:03 -------- d-----w- c:\documents and settings\owner.your-1bc968e400\application data\SUPERAntiSpyware.com
    2011-08-10 21:28:43 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
    2011-08-10 21:28:40 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-08-10 21:28:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2011-08-10 21:27:28 -------- d-----w- c:\windows\system32\CatRoot2
    2011-08-10 21:25:18 98816 ----a-w- c:\windows\sed.exe
    2011-08-10 21:25:18 518144 ----a-w- c:\windows\SWREG.exe
    2011-08-10 21:25:18 256000 ----a-w- c:\windows\PEV.exe
    2011-08-10 21:25:18 208896 ----a-w- c:\windows\MBR.exe
    2011-08-10 21:25:06 -------- d-s---w- C:\readstgo
    2011-08-10 20:29:36 -------- d-sh--w- C:\found.000
    2011-08-10 03:21:53 -------- d-----w- c:\documents and settings\owner.your-1bc968e400\local settings\application data\Deployment
    2011-08-10 02:20:23 -------- d-sh--w- c:\documents and settings\owner.your-1bc968e400\UserData
    2011-08-09 21:47:04 -------- d-----w- c:\documents and settings\owner.your-1bc968e400\application data\AVG8
    2011-08-09 03:01:57 79408 ----a-r- c:\program files\oooii
    2011-08-09 02:03:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-08-09 01:10:19 -------- d-s---w- C:\something
    2011-08-09 00:55:11 -------- d-s---w- C:\russell
    2011-08-08 23:55:07 37392 ----a-w- c:\windows\system32\drivers\00510942.sys
    2011-08-08 23:55:07 315408 ----a-w- c:\windows\system32\drivers\0051094.sys
    2011-08-08 23:55:07 128016 ----a-w- c:\windows\system32\drivers\00510941.sys
    2011-08-07 16:24:03 -------- d-----w- c:\program files\common files\PC Tools
    .
    ==================== Find3M ====================
    .
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    2007-09-17 17:07:53 944797 ----a-w- c:\program files\wrar300.exe
    2007-09-17 17:07:49 10278761 ----a-w- c:\program files\diner dash 2 (full).exe
    .
    ============= FINISH: 11:28:18.79 ===============


    Attach Log :
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    3D MP3 Sound Recorder G2 RL4.04
    7300
    7300_Help
    7300Trb
    Acrobat.com
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Shockwave Player 11.5
    Agere Systems PCI-SV92PP Soft Modem
    AiO_Scan
    AiOSoftware
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASAPI Update
    Athlon 64 Processor Driver
    Audacity 1.3.12 (Unicode)
    AutoUpdate
    AVI MPEG Converter 3
    Avira AntiVir Personal - Free Antivirus
    BigFix
    Bonjour
    BufferChm
    Camera Support Core Library
    Camera Window DS
    Camera Window DVC
    Camera Window MC
    Comcast High-Speed Internet Install Wizard
    Comcast Toolbar
    Comcast Universal Installer v1.2
    Compatibility Pack for the 2007 Office system
    Convert VOB to AVI 1.7
    Copy
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Desktop Doctor
    Destinations
    Digital Media Reader
    DIGOpt
    Director
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    DocProc
    DocumentViewer
    Dora's Carnival 2: Boardwalk Adventure
    DreamStation DXi2
    DVD Solution
    EZ MPEG TO AVI Converter 3.00
    Fax
    FFmpeg for Audacity on Windows
    FlipShare
    Free DVD ISO Burner version 1.2
    GdiplusUpgrade
    Google Gears
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Driver Diagnostics
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Software Update
    HPSystemDiagnostics
    ImgBurn
    InfoRapid Search & Replace
    InstantShare
    ISO Recorder
    iTunes
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 21
    Jumpgate Classic 1.0112
    Juniper Networks Secure Application Manager
    Juniper Networks Secure Meeting 5.5.0
    K-Lite Codec Pack 3.6.5 Full
    LAME v3.98.2 for Audacity
    Line 6 Edit (remove only)
    Linksys EasyLink Advisor 1.5 (1010)
    LiveUpdate 2.7 (Symantec Corporation)
    Magic ISO Maker v5.5 (build 0276)
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MarketResearch
    Mega Manager
    Megaupload Toolbar
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office FrontPage 2003
    Microsoft Office Live Meeting 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Standard Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft Works
    MobileMe Control Panel
    MovieEdit Task
    Mozilla Firefox (3.0.19)
    MSN Toolbar
    MSVCRT
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Napster Burn Engine
    Nero Media Player
    NVIDIA Drivers
    NVIDIA PhysX
    Online Community Suite 2.0
    PanoStandAlone
    PhotoGallery
    PhotoStitch
    ProductContext
    QFolder
    QuickTime
    RAW Image Task 2.1
    Readme
    RealPlayer Basic
    Realtek AC'97 Audio
    Recovery Software Suite Gateway
    Rhapsody Player Engine
    Roblox for Owner
    Safari
    Scan
    ScannerCopy
    SDFormatter
    Seagate Manager Installer
    Search Settings v1.2.3
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SkinsHP1
    Sonic Encoders
    Sony Noise Reduction Plug-In 2.0e
    Sony Sound Forge 9.0
    Steam
    SUPERAntiSpyware
    TrayApp
    TurboTax 2008
    TurboTax 2008 wgaiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax Deluxe 2007
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Ventrilo Client
    Viewpoint Media Player
    WBFS Manager 3.0
    WebFldrs XP
    WebReg
    Windows Audio Recorder Professional 4.02
    Windows Backup Utility
    Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix - KB894476
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    winpwn-2.5 2.5.0.0
    WinRAR archiver
    WinSCP 4.1.6
    .
    ==== End Of File ===========================

    Attached Files:

  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    See if this helps:

    Please download randmbam.exe

    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

    Once done, try running a scan again> but with this change>>>>>>

    Update and rescan with Malwarebytes:Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Pad before copying the log to paste in your next reply.
  9. 12ozRuss

    12ozRuss Newcomer, in training Topic Starter

    The program did generate random MWB names and each did load, but all closed within 4-5 seconds with no errors or logs.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please run the following:


    Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.pif
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    I need to see these logs. Please follow all directions.

    Did you do the System Restore? Did it make any Difference?

    Did you get the Services running again correctly? If they are not, then it's possible that no matter what you try to do, it won't work
  11. 12ozRuss

    12ozRuss Newcomer, in training Topic Starter

    II tried System restores dated before yesterday and when the pc started back up it said it could not restore and no changes were made. The only restore point it would allow was from early yesterday and I really couldn't tell a difference.

    Here are the logs from Rkill and exehelper:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 08/11/2011 at 13:58:57.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 08/11/2011 at 13:59:04.





    exeHelper by Raktor
    Build 20100414
    Run at 13:59:21 on 08/11/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
  12. 12ozRuss

    12ozRuss Newcomer, in training Topic Starter

    [ Did you get the Services running again correctly? If they are not, then it's possible that no matter what you try to do, it won't work[/QUOTE]

    I started all services having to do with internet and essentials.
    If I do start every service my pc gets bogged down and will not hardly run at all.
    Meaning that it is way too slow and will not allow access to any exe files or internet.

    I did however try to star all services to get these programs in the 6 steps to run,
    but to no avail.
  13. 12ozRuss

    12ozRuss Newcomer, in training Topic Starter

    For the record the PC will not boot in safe mode.
    Is there any way to go in an manually get my permissions back? I can't run anything without getting access denied now.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I am not confident that you are knowledgeable enough to know which Services must be set to Automatically start on boot, which can be set to Manual and which can be disabled. To that end, please review the Safe Setting here: Scroll own to the chart:
    Black Viper’s Windows XP x86 (32-bit) Service Pack 3 Service Configurations..
    Set your Services accordingly. And take care to make sure any of the Dependencies are set to either Manual or Automatic.

    If these aren't set correctly, no matter what else we do, we may get nowhere. When you have finished reconfiguring the Services, let me know and we'll continue.
  15. 12ozRuss

    12ozRuss Newcomer, in training Topic Starter

    Been away on business...

    Thank you for posting the services guide. I did start all of the correct services up. Unfortunately when I do this, I lose all functionality of the computer. It seems that the virus is attached to one or more of the services. I believe at this point I am going to take the harddrive out and see if I can get it serviced.

    A friend suggested buying a USB/IDE cable and slaving the harddrive to another machine and running the anti malware to scan it that way. Does this sound logical?
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    That is not what I asked you to do. I only wanted you to restore to the point before you started the random programs to try and get rid of the malware! There is a big difference!

    I'm trying to undo the damage you did by this:
    And if the Services are set correctly, that should not prevent the system from running. You hve been icking and choosing what you think needs to be stopped or even started- that is not the way to clean malware. A cleaning is a very orderly process. It can also make a difference in the order that the scans are run.

    Unless something you did trying to 'fix' the system made the change, if it's a Service it should be seen in Combofix or one of the other scans.

    You have an extraordinary number of addon, most are Active X. Open IE> Tools> Choose 'run without addons.'
    If you can't do that, manually stop:
    There are 3 outdated versions of Java on the system. They need to be removed:
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ===========================================
    You will have malware in the Java cache because of this, so it has to be emptied:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ========================================
    Can't you boot into Normal Mode?
  17. 12ozRuss

    12ozRuss Newcomer, in training Topic Starter

    Ok, sorry for the misunderstanding. What I should have said is, I tried to do a system restore to 6 different restore points. It would only restore to a point set earlier the day you asked me to. So it was no good either way. I cannot do any system restore now, because the machine eventually quit responding to anything I tried. No programs would run, I could not boot in ANY other mode at all without crashing, and I couldn't run the Windows XP ME disk without crashing.

    So now I have pulled the drive, and attached it as a slave to an older PC I have running XP ME. I have the drive being scanned by AVG currently and it has Identified "Win32/Katusha.a" attached to 34 files (most of which are anti virus, google updates, and Windows security files. It has also detected 3 instances of a Trojan called "Agent2.AWEB" . It is only 57% of the way finished scanning.

    I sincerely appreciate your effort in assisting me in this, but I could no longer operate the system in its current condition. I'm pretty sure my Windows installation is hosed on this drive, but if I can get it clean and save all of my important files, I'll be happy man.
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    It would appear that the only way you're going to get the system operable again is to do a reformat/reinstall.

    The important files should have been on a back up. So much has been done to the system in an effort to 'fix' it, that it has become so unstable you can't boot.

    I wish I could make you a 'happy man', but I don't think it's going to happen with this system. You it is extremely vulnerable with all those Active X entries. Those are the ones I quoted in my Reply #16.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.