attley.appleton

Hello,
I installed malwarebytes on the computer to delete the malware such as protection system, but they keep returning everytime my avg 8.5 firewall enables and allows the profile. When I block all profiles, the obscene icons on my desktop does not appear and protection system does not run. I also run the antivirus scan for avg and it finds and deletes different viruses but uacinit.dll. I tried killbox to delete uacinit and it says that it could not be deleted. In addition to this rundll32.exe is gone and when I try to expand it off my system disc and I restart computer and scan using malwarebytes, it turns out to be a backdoor.lastdoor. Also taskmanager is gone and when I try to expand it off the system disc it still does not work. Here is the dds file.
Several files that are trojans, 6.tmp and 7.tmp, will not be deleted because the files are corrupt or unreadable. I zipped two ark files that are the same thing but one is ark.txt and the other ark.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 12:08:15.10 on Wed 07/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3503
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uInternet Connection Wizard,ShellNext = "c:\program files\msn gaming zone\windows\shvlzm.exe"
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: {D584CA81-D40C-4804-AAA6-6971C9D243C0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HelpCenter4.1] c:\program files\fastaccessdsl\helpcenter43\bin\sprtcmd.exe /P HelpCenter4.1
mRun: [SunJavaUpdateSched] "c:\program files\java\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [Power2GoExpress] NA
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw_promo.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {cafeefac-0016-0000-0007-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {cafeefac-0016-0000-0011-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
LSA: Notification Packages = scecli c:\windows\system32\legidonu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\tb4g7jsp.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\java\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {8E6513AA-7B3B-496A-92FA-111727E165C9} - c:\documents and settings\owner\local settings\application data\{8E6513AA-7B3B-496A-92FA-111727E165C9}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


============== File Associations ===============

txtfile=%windir%\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-07-01 11:27 <DIR> --d----- c:\program files\Protection System
2009-07-01 10:28 <DIR> --d----- c:\program files\common files\PC Tools
2009-07-01 10:28 <DIR> --d----- c:\program files\Spyware Doctor
2009-07-01 09:45 167,936 a------- c:\windows\REGEDIT.EXE
2009-07-01 09:02 90,624 a------- c:\windows\notepad.exe
2009-07-01 09:02 90,624 a------- c:\windows\system32\notepad.exe
2009-06-29 13:08 <DIR> --d----- C:\!KillBox
2009-06-29 11:57 248 a------- c:\docume~1\owner~1.you\applic~1\wklnhst.dat
2009-06-29 10:47 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-06-28 06:10 14,356 a------- c:\windows\2ee95parse15z7.dll
2009-06-27 19:53 12,553 a------- c:\windows\71cd9wnloader2z55.ocx
2009-06-27 18:24 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\Malwarebytes
2009-06-27 12:21 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\You've Got Pictures Screensaver
2009-06-27 12:21 <DIR> --d----- c:\docume~1\owner~1.you\applic~1\AOL
2009-06-27 12:21 <DIR> --d----- c:\documents and settings\owner.your-5653e30a79\WINDOWS
2009-06-27 12:21 <DIR> --d----- c:\documents and settings\Owner.YOUR-5653E30A79
2009-06-27 00:47 5,547 a------- c:\windows\19015szy597.exe
2009-06-26 19:02 <DIR> --d----- C:\70d59229f8235fabca
2009-06-26 08:16 82,432 a------- c:\windows\system32\resdll.dll
2009-06-25 11:48 17,778 a------- c:\windows\9z089troj7b5.exe
2009-06-25 10:34 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-25 10:34 <DIR> --d----- c:\program files\DivX
2009-06-24 12:23 1,409 a------- c:\windows\QTFont.for
2009-06-24 12:23 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-23 22:46 2,777 a------- c:\windows\system32\26099z5oj182.bin
2009-06-23 11:25 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 11:25 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-23 11:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 18:15 2 a------- c:\windows\010112010146118114.lso
2009-06-22 18:15 39,424 ----h--- c:\windows\ld10.exe
2009-06-22 15:38 8,989 a------- c:\windows\2a04sparse590z.ocx
2009-06-21 19:36 17,093 a------- c:\windows\16511h5cztool9ee.exe
2009-06-21 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-21 08:08 62,465 a------- c:\windows\system32\reader_s.exe
2009-06-21 08:08 0 a------- c:\windows\system32\20.tmp
2009-06-21 08:08 40,961 a------- c:\windows\system32\1F.tmp
2009-06-21 08:08 0 a------- c:\windows\system32\1E.tmp
2009-06-21 07:45 120 a------- c:\windows\system32\1B.tmp
2009-06-21 06:09 15,326 a------- c:\windows\system32\5565threzt14998.cpl
2009-06-20 17:37 1 a------- c:\windows\system32\1C.tmp
2009-06-20 17:37 84 a------- c:\windows\system32\1A.tmp
2009-06-20 10:03 247,808 a------- c:\windows\system32\wzszxrjbpiwsg.dll
2009-06-20 10:03 54,272 a------- c:\windows\system32\wzszxhomufjwx.dll
2009-06-20 10:03 17,408 a------- c:\windows\system32\wzszxrjlbopav.dll
2009-06-20 10:03 4 a------- c:\windows\system32\wzszxcounter
2009-06-20 10:03 33,793 a------- c:\windows\system32\drivers\wzszxetobwesr.sys.rmv
2009-06-19 12:42 <DIR> --d----- c:\program files\TweakNow RegCleaner
2009-06-19 10:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure
2009-06-19 09:41 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-06-19 09:41 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-19 09:41 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-19 09:41 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-19 09:39 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-19 09:37 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-06-19 09:37 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-06-19 09:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\U3
2009-06-18 15:56 81,408 a------- c:\windows\system32\7.tmp
2009-06-18 15:56 1 a------- c:\windows\system32\6.tmp
2009-06-18 13:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-18 13:46 1 a------- c:\windows\system32\11.tmp
2009-06-18 13:46 84 a------- c:\windows\system32\10.tmp
2009-06-18 13:14 0 a------- c:\windows\system32\Installer.exe
2009-06-18 13:10 1 a------- c:\windows\system32\3D.tmp
2009-06-18 13:10 84 a------- c:\windows\system32\39.tmp
2009-06-18 11:36 84 a------- c:\windows\system32\3B.tmp
2009-06-18 11:35 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-18 11:34 <DIR> --d----- c:\program files\Norton Internet Security
2009-06-18 11:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-18 11:23 <DIR> --d----- c:\program files\NortonInstaller
2009-06-18 11:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-17 21:41 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-06-17 18:58 8,680 a------- c:\windows\system32\234925p96z5.bin
2009-06-17 17:36 2 a------- c:\windows\010112010146118114.dat
2009-06-17 13:18 12,448 a------- c:\windows\31925nz59a-virus603.dll
2009-06-17 12:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-06-17 12:09 <DIR> --d----- c:\program files\common files\AVSMedia
2009-06-17 12:09 974,848 a------- c:\windows\system32\mfc70.dll
2009-06-17 12:08 487,424 a------- c:\windows\system32\msvcp70.dll
2009-06-17 11:55 <DIR> --d----- c:\program files\common files\Common Share
2009-06-17 11:43 344,064 a------- c:\windows\system32\msvcr70.dll
2009-06-16 00:57 6,527 a------- c:\windows\7431downlzade59465.exe
2009-06-15 13:55 17,134 a------- c:\windows\system32\1eb1t9i5z208.cpl
2009-06-14 03:40 16,615 a------- c:\windows\4c27zpy9ar594.exe
2009-06-13 20:04 17,279 a------- c:\windows\13fdd5wnlo9der3z9.bin
2009-06-12 14:19 4,563 a------- c:\windows\3a99spa5sez297.cpl
2009-06-12 13:43 8,240 a------- c:\windows\system32\10481v59usz02.exe
2009-06-11 22:04 11,645 a------- c:\windows\255t9reat28z45.ocx
2009-06-11 00:21 9,489 a------- c:\windows\system32\2877d5wnlo9dzr3008.exe
2009-06-07 09:17 5,902 a------- c:\windows\system32\18145not5a-virzs39f.dll
2009-06-07 07:37 5,883 a------- c:\windows\system32\23529pa5bot6z2.cpl
2009-06-07 01:48 14,809 a------- c:\windows\36e9sparsz19745.bin
2009-06-05 03:26 11,755 a------- c:\windows\45zavi91.dll
2009-06-04 02:39 8,142 a------- c:\windows\656adow5l9azer2918.cpl
2009-06-03 16:31 13,874 a------- c:\windows\4a43st5al957z.bin

==================== Find3M ====================

2009-07-01 09:50 65,536 a------- c:\windows\DUMP827e.tmp
2009-06-29 12:05 65,536 a------- c:\windows\DUMP7b5a.tmp
2009-06-29 10:47 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-06-28 17:31 65,536 a------- c:\windows\DUMP9e53.tmp
2009-06-28 15:43 65,536 a------- c:\windows\DUMP8368.tmp
2009-06-27 18:27 65,536 a------- c:\windows\DUMP7ce0.tmp
2009-06-26 19:50 65,536 a------- c:\windows\DUMP7a12.tmp
2009-06-26 19:26 65,536 a------- c:\windows\DUMP8378.tmp
2009-06-26 19:04 65,536 a------- c:\windows\DUMPd8cc.tmp
2009-06-26 19:00 65,536 a------- c:\windows\DUMP8608.tmp
2009-06-23 20:13 65,536 a------- c:\windows\DUMPab14.tmp
2009-06-23 12:08 65,536 a------- c:\windows\DUMP7687.tmp
2009-06-23 08:29 65,536 a------- c:\windows\DUMP79b4.tmp
2009-06-22 11:59 65,536 a------- c:\windows\DUMP73e7.tmp
2009-06-21 08:09 65,536 a------- c:\windows\DUMP7985.tmp
2009-06-20 16:05 65,536 a------- c:\windows\DUMP81a3.tmp
2009-06-20 15:49 65,536 a------- c:\windows\DUMP7ef4.tmp
2009-06-19 13:20 65,536 a------- c:\windows\DUMP857b.tmp
2009-05-27 12:44 9,600 a------- c:\windows\system32\56z4ba9kdoor2798.dll
2009-05-27 08:54 14,294 a------- c:\windows\zacda5d9are2405.bin
2009-05-26 16:04 13,110 a------- c:\windows\75bc9irz65.dll
2009-05-25 07:22 4,752 a------- c:\windows\system32\192zstea51070.bin
2009-05-23 09:42 6,523 a------- c:\windows\9675viruz584.dll
2009-05-22 11:34 13,978 a------- c:\windows\95895vzrus553.bin
2009-05-18 18:04 12,023 a------- c:\windows\z5eddo5nload9r590.exe
2009-05-18 01:06 3,238 a------- c:\windows\system32\5e5dbackd9or2586z.exe
2009-05-16 05:46 16,998 a------- c:\windows\system32\7925s9yzare1384.exe
2009-05-15 14:17 8,300 a------- c:\windows\9d27downloaderz564.exe
2009-05-14 14:05 530,083 a------- C:\HC4DecommissionScheduler.exe
2009-05-13 04:07 8,979 a------- c:\windows\5ezev5r5979.dll
2009-05-12 00:25 16,788 a------- c:\windows\21384ha9ztool3f5.dll
2009-05-10 15:40 8,008 a------- c:\windows\system32\1f39zpa9se24895.dll
2009-05-09 18:33 87,552 a--sh--- c:\windows\system32\fokitape.dll
2009-05-08 21:02 87,552 a--sh--- c:\windows\system32\gamunaku.dll
2009-05-08 02:18 13,352 a------- c:\windows\b99addwar53z5.exe
2009-05-07 11:09 16,735 a------- c:\windows\system32\22355zr9jbf.dll
2009-05-07 08:33 87,552 a--sh--- c:\windows\system32\jelulede.dll
2009-05-06 17:59 87,552 a--sh--- c:\windows\system32\diduwada.dll
2009-05-06 05:59 49,664 a--sh--- c:\windows\system32\dusayamo.dll
2009-05-05 23:38 17,425 a------- c:\windows\13893tr5jz8e.exe
2009-05-05 18:19 3,082 a------- c:\windows\system32\affv300053706p4now.sys
2009-05-05 17:59 88,064 a--sh--- c:\windows\system32\bozujeyi.dll
2009-05-05 06:01 79,872 a--sh--- c:\windows\system32\jojilite.exe
2009-05-04 17:08 9,108 a------- c:\windows\system32\25020spa5z9t268.dll
2009-05-04 15:40 3,287 a------- c:\windows\system32\51z5down9oader1238.dll
2009-05-04 11:37 79,360 a--sh--- c:\windows\system32\lubujoko.exe
2009-05-03 15:44 79,360 a------- c:\windows\system32\vebenone.dll
2009-05-02 22:53 5,733 a------- c:\windows\59dadd9are119z5.dll
2009-05-02 16:19 7,838 a------- c:\windows\3d90spzrs52089.dll
2009-05-02 13:05 88,064 a------- c:\windows\system32\wojohilu.dll
2009-05-02 12:06 78,848 a--sh--- c:\windows\system32\pubinibu.exe
2009-05-01 17:03 129,784 -------- c:\windows\system32\pxafs.dll
2009-05-01 17:03 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-05-01 17:03 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-05-01 17:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 17:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 17:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 17:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 17:02 685,056 a------- c:\windows\system32\DivX.dll
2009-05-01 15:38 79,872 a--sh--- c:\windows\system32\rimuwuka.exe
2009-05-01 00:45 7,890 a------- c:\windows\system32\z0199v5rus3dc.dll
2009-04-30 06:58 79,872 a--sh--- c:\windows\system32\rolivepa.exe
2009-04-29 18:44 87,040 a--sh--- c:\windows\system32\vunogenu.dll
2009-04-28 17:14 48,640 a--sh--- c:\windows\system32\vufurajo.dll
2009-04-28 17:13 87,552 a--sh--- c:\windows\system32\nadojizu.dll
2009-04-24 07:12 2,843 a------- c:\windows\system32\7625thr95z17482.dll
2009-04-24 01:40 16,652 a------- c:\windows\29509roz321.dll
2009-04-19 23:05 16,889 a------- c:\windows\c6evi5319z.exe
2009-04-17 05:13 2,578 a------- c:\windows\system32\4747viz2959.exe
2009-04-16 16:16 6,144 a------- c:\windows\95641tzoj7b5.bin
2009-04-16 06:06 14,157 a------- c:\windows\55dfs5ezl994.dll
2009-04-15 08:51 18,429 a------- c:\windows\system32\5629addware9z635.bin
2009-04-12 08:31 2,737 a------- c:\windows\2z592virus5c09.bin
2009-04-11 15:27 16,236 a------- c:\windows\486dsp9rze5686.exe
2009-04-11 12:54 7,161 a------- c:\windows\42b9spazs9815.exe
2009-04-10 15:29 10,028 a------- c:\windows\7d57s9ywaze2034.bin
2009-04-10 05:23 12,828 a------- c:\windows\4zethi9f3594.exe
2009-04-10 00:52 17,910 a------- c:\windows\29591spy513z.bin
2009-04-08 01:19 11,803 a------- c:\windows\19529zp5mbot3aa.dll
2009-04-06 01:46 13,865 a------- c:\windows\system32\4bc4zteal9556.bin
2009-04-04 17:30 14,166 a------- c:\windows\system32\51zespars5995.bin
2009-01-28 17:15 48,640 a--sh--- c:\windows\system32\seyohehu.dll

============= FINISH: 12:10:14.84 ===============

Attached Files

Attach.zip (33.7 KB, 1 views)

forhockey

Hi attley.appleton,

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

1. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
   
   Link 1
   Link 2
   Link 3
   
   
   
   
   
   
   --------------------------------------------------------------------
   
   
   * IMPORTANT !!! Place combo-fix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   
   You can get help on disabling your protection programs here
   
3. Double click on combo-fix.exe & follow the prompts.
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   
   The Recovery Console was successfully installed.
   
   
   
   Click on Yes, to continue scanning for malware.
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
6. When finished, it shall produce a log for you (Located in C:\ComboFix.txt). Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

attley.appleton

!! ALERT !! It is NOT SAFE to continue!
When I try to run combo fix it says
The contents of the ComboFix package have been compromised.
Please download a fresh copy from bleeping computer.

Note: You may have been infected with a file patching virus (Virut)

Thats what it says everytime I try to run it. Does this mean that I will have to reinstall everything and reboot computer?

Now every time it runs, it says Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

forhockey

Can you delete combofix from your desktop and download a new copy from the first link?

Try running Combofix after you've downloaded a new copy.

Let me know how it goes.

attley.appleton

The alert, saying it is not safe to continue appears up. I have tried downloading it several times and the same alert appears. What should I do next? Thank you for your responses.

forhockey

Did you see something along the lines of the image below?



This prompt is normal and ComboFix is okay to Save. Please click on "Save" if you see the above prompt.

Once you double-click on Combo-Fix.exe you will see the following prompt.



Once again, it is safe to run ComboFix. Please click the "Run" button to proceed.

Let me know if you run into any other problems.

Thanks

attley.appleton

Yes that comes up but after it initializes it comes up with the prompt its not safe. Then it deletes itself. This is after all that stuff comes up.

forhockey

Hi attley.appleton,

Have you saved ComboFix to your desktop will the following name -> Combo-Fix.exe and tried running it?

If you've saved ComboFix.exe to your desktop and tried to rename it, then it will not work.

attley.appleton

yes I did. It says that it is a binary file when I save it. Is that okay?
After I run it the error message keeps coming up.

forhockey

For now I'd like to scan a few files to see what they come back with.

Please go to: VirusTotal

• On the page you'll find a "Browse" button.
• Next to the browse button you'll see a box to enter text.
• Please copy/paste the following in BOLD:
  
  c:\windows\REGEDIT.EXE
  
  
• Then click the "Send File" button just below.
• This will scan the file. Please be patient.
• Once scanned, copy and paste the results in your next reply.

If VirusTotal is busy, try the same at Jotti

Please repeat the same steps for the following file:

c:\windows\system32\notepad.exe


Please reply back with the results from both scans

attley.appleton

the websites do not work. I have to use a proxy to get them to work but they will not load the file. Do you think I should run malwarbytes and avg 8.5 to check registry and notepad.

forhockey

Lets try running an online scan with Panda ActiveScan.

Perform an online scan with Panda ActiveScan

• Click on Scan Your PC Now
• A "pop up" window will appear, or a new tab will open.
• Click on Register
• Choose the option you like most, but we recommend the Free Registration.
• Click on Register
• Enter your e-mail address, and create a password.
• Select "I do not want to receive any type of information". (unless you want to receive such information)
• Click on Send
• Confirm registration, and continue by entering your user name and password, then click on Enter
• Select Full Scan, then Click on Scan Now
• Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  
• If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
• Please ignore the offer to buy the program. Click on Export To
  
• Export the log and save it to your desktop.
• Please attach the contents of that log in your next reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

forhockey

Lets try running an online scan with Panda ActiveScan.

Perform an online scan with Panda ActiveScan

• Click on Scan Your PC Now
• A "pop up" window will appear, or a new tab will open.
• Click on Register
• Choose the option you like most, but we recommend the Free Registration.
• Click on Register
• Enter your e-mail address, and create a password.
• Select "I do not want to receive any type of information". (unless you want to receive such information)
• Click on Send
• Confirm registration, and continue by entering your user name and password, then click on Enter
• Select Full Scan, then Click on Scan Now
• Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  
• If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
• Please ignore the offer to buy the program. Click on Export To
  
• Export the log and save it to your desktop.
• Please attach the contents of that log in your next reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

attley.appleton

I dont know how it happened but all my websites are now working, such as microsoft and virustotal, and panda.
These are the results from virus total:

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.07.06 Virus.Win32.Virut!IK
AhnLab-V3 5.0.0.2 2009.07.06 -
AntiVir 7.9.0.204 2009.07.06 W32/Virut.Gen
Antiy-AVL 2.0.3.1 2009.07.06 Virus/Win32.Virut
Authentium 5.1.2.4 2009.07.05 W32/Virut.AI!Generic
Avast 4.8.1335.0 2009.07.05 -
AVG 8.5.0.386 2009.07.05 Win32/Virut
BitDefender 7.2 2009.07.06 Win32.Virtob.Gen.12
CAT-QuickHeal 10.00 2009.07.06 W32.Virut.G
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.06 Win32.Virut.56
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6598 2009.07.06 Win32/Virut.17408
F-Prot 4.4.4.56 2009.07.05 W32/Virut.AI!Generic
F-Secure 8.0.14470.0 2009.07.06 Virus.Win32.Virut.ce
Fortinet 3.117.0.0 2009.07.03 W32/Virut.ZI
GData 19 2009.07.06 Win32.Virtob.Gen.12
Ikarus T3.1.1.64.0 2009.07.06 Virus.Win32.Virut
Jiangmin 11.0.706 2009.07.06 -
K7AntiVirus 7.10.783 2009.07.03 -
Kaspersky 7.0.0.125 2009.07.06 Virus.Win32.Virut.ce
McAfee 5667 2009.07.05 W32/Virut.n.gen
McAfee+Artemis 5667 2009.07.05 W32/Virut.n.gen
McAfee-GW-Edition 6.8.5 2009.07.06 Heuristic.LooksLike.Win32.Aliser.H
Microsoft 1.4803 2009.07.06 Virus:Win32/Virut.BM
NOD32 4220 2009.07.06 Win32/Virut.NBP
Norman 6.01.09 2009.07.04 W32/Malware
nProtect 2009.1.8.0 2009.07.05 -
Panda 10.0.0.14 2009.07.06 W32/Sality.AO
PCTools 4.4.2.0 2009.07.06 -
Prevx 3.0 2009.07.06 -
Rising 21.37.03.00 2009.07.06 Win32.Virut.bm
Sophos 4.43.0 2009.07.06 W32/Scribble-B
Sunbelt 3.2.1858.2 2009.07.05 -
Symantec 1.4.4.12 2009.07.06 W32.Virut.CF
TheHacker 6.3.4.3.362 2009.07.04 -
TrendMicro 8.950.0.1094 2009.07.06 PE_VIRUX.J
VBA32 3.12.10.7 2009.07.06 Virus.Win32.Virut.9
ViRobot 2009.7.6.1820 2009.07.06 -
VirusBuster 4.6.5.0 2009.07.05 Win32.Virut.Y.Gen
Additional information
File size: 167936 bytes
MD5...: 11f69dbc689a7b70231466547b3aa9d0
SHA1..: cf74f52a1869a355c4b3076007682135db251e12
SHA256: 0ad4a3cd878d34130eb2c869ba66374fb92106f98edfa0e6ff9923a96db942b0
ssdeep: 3072:KveatQxJtrK4LSZqLckUem27ri1vwBI+huFdb8MuTLTiD9w4TUPTz7:KveP
PMqLckUet72FwBI+AFdb8MubP/
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6a798
timedatestamp.....: 0x41107c0f (Wed Aug 04 06:02:55 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x178d2 0x17a00 6.36 2683166d6cc4b68ef1729739de720e2f
.data 0x19000 0x40da0 0x400 1.20 608604848080cee7338324c4556bee35
.rsrc 0x5a000 0x10a00 0x10a00 5.42 953d3c7fd682fad37b8638e957a52076

( 14 imports )
> msvcrt.dll: __p__commode, _adjust_fdiv, __p__fmode, _initterm, __getmainargs, _acmdln, __set_app_type, _except_handler3, __setusermatherr, _controlfp, exit, _XcptFilter, _exit, _c_exit, swprintf, iswprint, wcsncpy, wcslen, wcscat, wcscpy, _purecall, iswctype, wcscmp, wcschr, wcsncmp, wcsrchr, _cexit, memmove
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, InitializeSecurityDescriptor, RegDeleteValueW, InitializeAcl, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetInheritanceSourceW, LookupAccountSidW, GetSidSubAuthorityCount, GetSidSubAuthority, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, SetNamedSecurityInfoW, GetNamedSecurityInfoW, MapGenericMask, RegSetValueExA, RegSetValueW, RegFlushKey, RegSaveKeyW, RegRestoreKeyW, RegConnectRegistryW, RegQueryValueExW, RegCloseKey, RegOpenKeyW, RegSetValueExW, RegCreateKeyW, RegEnumValueW, RegEnumKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegUnLoadKeyW, RegLoadKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegDeleteKeyW
> KERNEL32.dll: ReadFile, DeleteFileW, WriteFile, WideCharToMultiByte, CreateFileW, OutputDebugStringW, GetLastError, SetFilePointer, GetFileSize, SearchPathW, GetTimeFormatW, GetDateFormatW, GetSystemDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, FreeLibrary, LoadLibraryW, MulDiv, lstrcpynW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, MultiByteToWideChar, lstrcmpW, FormatMessageW, GetThreadLocale, GetModuleHandleW, ExitProcess, GetCommandLineW, GetProcessHeap, lstrcatW, LocalAlloc, GetCurrentProcess, CloseHandle, LocalFree, GetComputerNameW, lstrcmpiW, lstrlenW, lstrcpyW, LocalReAlloc, GlobalAlloc, GlobalLock, GlobalUnlock, GetProcAddress, LoadLibraryA
> GDI32.dll: GetStockObject, SetAbortProc, StartDocW, StartPage, SetViewportOrgEx, EndPage, EndDoc, AbortDoc, DeleteDC, CreateBitmap, CreatePatternBrush, PatBlt, ExcludeClipRect, SelectClipRgn, DeleteObject, SetBkColor, SetTextColor, ExtTextOutW, GetDeviceCaps, CreateFontIndirectW, SelectObject, GetTextMetricsW
> USER32.dll: SendDlgItemMessageW, SetDlgItemTextW, SetWindowLongW, DefWindowProcW, ReleaseDC, GetDC, SetScrollInfo, wsprintfW, DestroyCaret, ReleaseCapture, KillTimer, SetCaretPos, ScrollWindowEx, ShowCaret, HideCaret, InvalidateRect, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetClipboardData, WinHelpW, EndDialog, GetWindowLongW, EndPaint, BeginPaint, CreateCaret, SetTimer, SetCapture, SetFocus, CharLowerW, GetDlgItem, DestroyMenu, TrackPopupMenuEx, IsClipboardFormatAvailable, EnableMenuItem, GetSubMenu, LoadMenuW, GetKeyState, RegisterClassW, LoadCursorW, RegisterClipboardFormatW, CheckRadioButton, SendMessageW, GetWindowTextW, GetParent, GetDlgItemTextW, IsDlgButtonChecked, GetDlgCtrlID, CallWindowProcW, GetWindowTextLengthW, GetDlgItemInt, PostQuitMessage, GetWindowPlacement, SetWindowTextW, EnableWindow, GetWindowRect, DrawMenuBar, InsertMenuItemW, DeleteMenu, SetMenuItemInfoW, GetMenu, GetMenuItemInfoW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsIconic, DestroyIcon, LoadImageW, GetSysColor, SetCursor, ShowCursor, ShowWindow, SetWindowPlacement, CreateWindowExW, GetProcessDefaultLayout, GetMessageW, ScreenToClient, SetCursorPos, DispatchMessageW, ClientToScreen, GetDesktopWindow, LoadIconW, PostMessageW, SetMenuDefaultItem, InsertMenuW, GetMenuItemID, CheckMenuItem, UpdateWindow, RegisterClassExW, CharNextW, GetClientRect, DestroyWindow, CreateDialogParamW, CheckDlgButton, DrawAnimatedRects, IntersectRect, ModifyMenuW, GetMessagePos, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetForegroundWindow, GetLastActivePopup, BringWindowToTop, FindWindowW, LoadStringW, GetWindow, IsDialogMessageW, PeekMessageW, MessageBoxW, CharUpperBuffW, CharUpperW, IsCharAlphaNumericW, GetSystemMetrics, MoveWindow, MapWindowPoints, DialogBoxParamW, SetWindowPos, MessageBeep
> COMCTL32.dll: -, -, -, -, InitCommonControlsEx, -, -, ImageList_SetBkColor, ImageList_Create, ImageList_Destroy, -, -, ImageList_ReplaceIcon, -, -, -, -, CreateStatusWindowW
> comdlg32.dll: GetOpenFileNameW, GetSaveFileNameW, PrintDlgExW
> SHELL32.dll: ShellAboutW, DragQueryFileW, DragFinish
> AUTHZ.dll: AuthzInitializeContextFromSid, AuthzAccessCheck, AuthzFreeContext, AuthzFreeResourceManager, AuthzInitializeResourceManager
> ACLUI.dll: -
> ole32.dll: CoCreateInstance, CoUninitialize, CoInitializeEx, ReleaseStgMedium
> ulib.dll: _Resize@DSTRING@@UAEEK@Z, _Initialize@ARRAY@@QAEEKK@Z, _NewBuf@DSTRING@@UAEEK@Z, __1DSTRING@@UAE@XZ, __1OBJECT@@UAE@XZ, __0OBJECT@@IAE@XZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0DSTRING@@QAE@XZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, __0ARRAY@@QAE@XZ, _Initialize@WSTRING@@QAEEPBGK@Z
> clb.dll: ClbAddData, ClbSetColumnWidths
> ntdll.dll: RtlFreeHeap, RtlAllocateHeap

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-

attley.appleton

These are the panda scan results

Attached Files

ActiveScan.txt (36.8 KB, 3 views)

forhockey

Hi attley.appleton,

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

See miekiemoes' blog for similar comments: here


--------------------------------------------------------------------

You can find out more about re-installing Windows at the following link: here

If you have any issues re-installing Windows, then you can ask the folks in our Windows XP section of this forum.

attley.appleton

Thank you for your responses. When I put my system restore cd in and restart the computer and the system restore begins to run it stops and says something like windows login needs to close because of an error

forhockey

You're welcome. Have you already backed up your personal data per my previous instructions? Using your system restore cd will wipe all the data off your system and bring your machine back to factory default settings.

Unfortunately, this section of the forum is strictly for malware/virus removal.

You'll have to create a new thread in the Windows XP Support section of this forum.