I had some issues with malware last summer and was able to successfully deal with them here ( here is the link to my thread from then, if it would be relevant:
help needed with popups and blue screen - Adware.MaxSearch ).
Since then, my computer has been running pretty well, but recently I started to have some weird issues.
I am running Windows XP home edition. with service pack 3. I have spybot search and destroy anti-spyware and symantec antivirus. My primary browser is firefox 3.
Last night, I got a blue screen of death. When I restarted the computer, my desktop wouldn't load. (black screen, which is my background, but no taskbar, no icons, etc) I restarted a few more times to no avail, but then tried ctrl-alt-dlting to bring up the task manager. With task manager, I was able to open up some applications, and I started a scan for spyware. It went okay for a while, but then I got a blue screen of death. I tried again, deleted a few things that came up, but then I had to go to sleep.
This morning, I tried restarting again, and the desktop loaded. However, when I try to make some programs load (almost everything but firefox), the computer objects. I get these popups that say:
"Application cannot be executed. The file "...".exe is infected. Do you want to activate your antivirus software now?"
with the file in question being everything from microsoft word to some random program I've never heard of/seen. If I press no, more pop up, and if I press yes, it opens an IE window trying to get me to buy a pro edition of Spyware Protect 2009. There is also an icon for this "Antivirus System Pro" in my taskbar by the clock - it looks like a shield with blue and white stripes. I don't recall having ever installed this - maybe it was trial software (I bought the laptop from Dell in 2006 if that helps)? I have also been getting IE popups which go to "porno.org", "porno.com", and "******.com"
I read through the instructions and tried to do the steps requested. I downloaded dds.scr and was able to get dds.txt saved to my desktop. However, the text file 'attach.txt' disappeared somehow in a flurry of "windows security alert" popups, and I haven't been able to run dds.scr again.
(Popup: "Application cannot be executed. The file dds.scr.exe is infected. Do you want to activate your antivirus software now?" ). I downloaded gmer.zip to the desktop as well, but I can't get it unzipped, let alone run. I'll put the contents of the dds.txt here. I have to be away from the computer for a few hours, but I'll be trying to get the other scans done again, too.
Thank you for any and all help or advice you can provide. The computer isn't terribly usable at the moment, and while I am willing to pay some money to get it repaired, I would like to try and figure it out first.
DDS (Ver_09-06-26.01) - FAT32x86
Run by Emily Merrill at 14:07:39.92 on Thu 07/02/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [DellTransferAgent] "c:\documents and settings\all users\application data\dell\transferagent\TransferAgent.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [LowRiskFileTypes] c:\windows\sysguard.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sysldtray] c:\windows\ld11.exe
mRun: [sysfbtray] c:\windows\freddy49.exe
mRun: [sysberay2] c:\windows\romeo15.exe
dRun: [LowRiskFileTypes] c:\windows\sysguard.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Default: No Registry Reference - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
==================== Find3M ====================
2009-07-02 13:54 12,544 a------- c:\windows\system32\iehelper.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 23:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 23:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-02-22 14:27 59,616 ac------ c:\documents and settings\emily merrill\application data\GDIPFONTCACHEV1.DAT
2006-10-18 17:47 14,507,105 a------- C:\mpeg-encoder.exe
2006-09-05 15:29 25,791,108 a------- C:\sav10installer.exe
2006-08-31 13:36 580,102 a------- C:\DE04.ZIP
2006-05-11 01:18 16,686,284 a------- C:\mcafee8i.zip
============= FINISH: 14:09:05.93 ===============