gamblersgirlky

My WinXP will not boot up. I can get as far as the black option screen, but none of the options will work. Before it crashed, I found msa.exe and b.exe running in the task manager. None of my security programs would work. I disabled DEP and tried to restart. I had some type of error messages as WinXP was shutting down, it seems they were rundll errors.

I can get Avira Rescue System to run, but it freezes a few minutes into the scan. This is what the screen has on it at the time that it locks up the computer:
ifthey
Scanned files: 9651
Scanned directories: 3816
Records: 34
Suspect files: 0
Warnings: 151

Scanner freezes at 4:29 required time

I do not have any discs for this computer, WinXP came preinstalled on this Emachine. I do have the 4 recovery discs that a friend made from her Emachine, but I don't know if they will work on mine.

Any help would be greatly appreciated.

gamblersgirlky

BTW...While searching this forum, I saw a recommendation to download Hiren's Boot CD. I downloaded it, booted with it and I finally saw the WinXP logo (haven't saw it for days)!!!
But,I don't know how to use it. Anyone know what I should do??? Thanks

Ried

Hello gamblersgirlky,

While you have access to your files, you'll first want to backup your personal data such as pictures and documents to CD or usb stick.

After you've done that, download this tool to a usb stick.

Boot with Hiren's disc and start Windows XP. You should be able to see your usb stick in My Computer. Open the usb drive, select Edit>Copy this file and copy the downloaded version of dds directly to the C: drive.

Navigate to C:\dds-bootcd.exe and double click to run it. Post the logs it produces.

gamblersgirlky

DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 1:03:58.20 on Fri 11/13/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_01

============== Pseudo HJT Report ===============

S-1-5-21-3108874483-2999358327-619295311-501_Search Bar = hxxp://www.google.com/ie
S-1-5-21-3108874483-2999358327-619295311-501_Start Page = hxxp://www.emachines.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mLocal Page = %SystemRoot%\system32\blank.htm
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant =
S-1-5-21-3108874483-2999358327-619295311-1003_URLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
S-1-5-21-3108874483-2999358327-619295311-1003_URLSearchHooks: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\program files\macrogaming\sweetimbarforie\toolbar.dll
S-1-5-21-3108874483-2999358327-619295311-1003_URLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
mWinlogon: Shell=Explorer.exe logon.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
S-1-5-21-3108874483-2999358327-619295311-1003_Winlogon: shell=explorer.exe,c:\windows\system32\W1NL0g0.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: c:\windows\system32\s8s0m5q7.dll: {a2234b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\s8s0m5q7.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: c:\windows\system32\s8s0m5q7.dll: {a2234b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\s8s0m5q7.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: gPhotoShow Toolbar: {28f4a32b-116f-48fd-b4ce-4273852bb730} - c:\program files\gphotoshow toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\program files\macrogaming\sweetimbarforie\toolbar.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: Profile ****: {10000000-1000-1000-1000-100000000000} - c:\program files\profile ****\tbcore3.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
EB: SmartShopper: {8bcb5337-ec01-4e38-840c-a964f174255b} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
EB: {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} - No File
S-1-5-21-3108874483-2999358327-619295311-1003_Run: [Yjafosi8kdf98winmdkmnkmfnwe] c:\docume~1\owner\locals~1\temp\login.exe
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [-FreedomNeedsReboot] "c:\program files\at&t\at&t internet security suite\ZkRunOnceR.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [LXCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCCtime.dll,_RunDLLEntry@16
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
mRun: [ziluhipol] Rundll32.exe "c:\windows\system32\dubuwemo.dll",a
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\scandisk.dll
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\scandisk.lnk - x:\i386\system32\rundll32.exe
S-1-5-21-3108874483-2999358327-619295311-1003_Policies-explorer: NoFolderOptions = 1 (0x1)
S-1-5-21-3108874483-2999358327-619295311-1003_Policies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Search - ?p=ZKfox000
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {10000000-1000-1000-1000-100000000000} - {10000000-1000-1000-1000-100000000000} - c:\program files\profile ****\tbcore3.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {6FAC4823-815E-4361-836E-46D65ED2550B} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: efcBuuTK - efcBuuTK.dll
AppInit_DLLs: c:\windows\system32\kbdnet.dll c:\windows\system32\zatarozu.dll, c:\windows\system32\dubuwemo.dll,petolahu.dll,c:\docume~1\owner\locals~1\temp\2042xxx.dll,c:\docume~1\owner\locals~1\temp\2216333.dll,c:\docume~1\owner\locals~1\temp\2216usc.dll,wepejapu.dll
SSODL: SysNet - {8560C5B7-CA1A-4D67-AD82-092DACACC941} - c:\documents and settings\all users\microsoft adata\sysnet.dll
SSODL: dabumuhul - {988809ed-61cf-4c88-9003-d161d7a48f0d} - c:\windows\system32\kofirawa.dll
SSODL: tofuhifoj - {ee7af8a6-4f36-4851-89c4-067428c4d351} - c:\windows\system32\dubuwemo.dll
SSODL: buyizohuy - {abb6329b-077b-4777-90e4-edb99a2a6dea} - c:\windows\system32\dubuwemo.dll
STS: tokatiluy: {988809ed-61cf-4c88-9003-d161d7a48f0d} - c:\windows\system32\kofirawa.dll
STS: c:\windows\system32\s8s0m5q7.dll: {a2234b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\s8s0m5q7.dll
STS: jugezatag: {ee7af8a6-4f36-4851-89c4-067428c4d351} - c:\windows\system32\dubuwemo.dll
STS: kupuhivus: {abb6329b-077b-4777-90e4-edb99a2a6dea} - c:\windows\system32\dubuwemo.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\yyg9l96g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www10.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - www.my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

pref(dom.disable_open_during_load, false);
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www10.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

.Net CLR; %SystemRoot%\System32\svchost.exe -k ".Net CLR"; c:\windows\system32\2e655e7.dll
785ff4dc; \SystemRoot\System32\drivers\785ff4dc.sys
ATMhelpr; [x]
BtwSrv; %SystemRoot%\system32\svchost.exe -k netsvcs; c:\windows\system32\BtwSrv.dll
daqdrv; \??\c:\windows\system32\daqdrv.sys
fastnetsrv; c:\windows\system32\FastNetSrv.exe
Ias; %SystemRoot%\System32\svchost.exe -k netsvcs; c:\windows\system32\Iasex.dll
Iprip; %SystemRoot%\System32\svchost.exe -k netsvcs; c:\windows\system32\Ipripv32.dll
Net_Login; c:\windows\svchust.exe
Outlook; [x]
Radialpoint Security Services; c:\windows\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}
SASDIFSV; \??\c:\program files\superantispyware\SASDIFSV.SYS
SASENUM; \??\c:\program files\superantispyware\SASENUM.SYS
SASKUTIL; \??\c:\program files\superantispyware\SASKUTIL.sys
srserviceRDSessMgr; c:\windows\system32\12520850i.exe srv
win; %SystemRoot%\System32\svchost.exe -k netsvcs; c:\windows\system32\win.dll
YahooAUService; "c:\program files\yahoo!\softwareupdate\YahooAUService.exe"
{A3716312-F2BD-42F3-8271-A115BEFC2173}; [x]
{FF0B7ABC-5B35-4557-A20B-BBC6EF640700}; [x]

=============== Created Last 30 ================

2009-11-13 00:57 <DIR> --d----- C:\(C) Local Disk
2009-11-11 00:58 46 ---s---- C:\hda1
2009-11-06 14:55 0 a------- c:\windows\kbdnet.dll
2009-11-06 14:21 32,768 a------- c:\windows\system32\QingYL.dll
2009-11-06 14:21 28,672 a------- c:\windows\system32\Sveran.exe
2009-11-06 14:20 49,152 a--shr-- c:\windows\system32\W1NL0g0.exe
2009-11-06 14:18 88,576 a------- c:\windows\system32\14.tmp
2009-11-06 14:18 52 a------- c:\windows\system32\12.tmp
2009-11-06 04:12 88,576 a------- c:\windows\system32\F.tmp
2009-11-06 04:12 52 a------- c:\windows\system32\E.tmp
2009-11-06 01:47 100 a------- c:\windows\system32\flags.ini
2009-11-06 01:45 88,576 a------- c:\windows\system32\7.tmp
2009-11-06 01:45 52 a------- c:\windows\system32\5.tmp
2009-11-06 01:03 88,576 a------- c:\windows\system32\D.tmp
2009-11-06 01:03 52 a------- c:\windows\system32\C.tmp
2009-11-06 01:01 0 a------- c:\windows\SC.INS
2009-11-06 01:01 0 a------- c:\windows\sc.exe
2009-11-06 01:01 <DIR> --d----- c:\program files\Protection System
2009-11-05 22:13 6,144 a------- c:\windows\system32\WinRAR.dll
2009-11-05 22:13 39,424 a------- c:\windows\system32\winnt.exe
2009-11-05 22:12 309,212 a------- c:\windows\sv1.exe
2009-11-05 22:11 25,600 a------- c:\documents and settings\owner\application data\eqnljk.dll
2009-11-05 22:11 329 a--s---- c:\windows\system32\4082876599.dat
2009-11-05 22:11 86,016 a------- C:\sadcadwm.exe
2009-11-05 22:11 15,000 a------- c:\windows\system32\s8s0m5q7.dll
2009-11-05 22:11 1,168,896 a------- c:\windows\svchust.exe
2009-11-05 22:11 52,736 a------- C:\ktpubj.exe.XXX
2009-11-05 22:10 1,169,920 a------- c:\windows\svchost.exe
2009-11-05 22:09 69,691 a------- C:\lxsnexe.exe
2009-11-05 22:09 52,736 a------- C:\yeoumtkh.exe.XXX
2009-11-05 22:09 423,424 a------- c:\windows\isvchost.exe
2009-11-05 22:09 90,624 a------- C:\sacbnjm.exe.XXX
2009-11-05 22:08 88,576 a------- c:\windows\system32\6.tmp
2009-11-05 22:08 104 a------- c:\windows\system32\4.tmp
2009-11-05 22:07 0 a------- c:\windows\win32k.sys
2009-11-05 22:04 <DIR> --d----- c:\program files\Yahoo! Games
2009-11-05 22:04 <DIR> --d----- C:\Remote Programs
2009-11-05 22:04 <DIR> --d----- c:\program files\Free Ride Games
2009-11-05 19:52 <DIR> --d----- c:\documents and settings\all users\Microsoft AData
2009-11-05 19:51 54,784 a------- c:\windows\system32\logon.exe
2009-11-05 19:26 88,576 a------- c:\windows\system32\11.tmp
2009-11-05 19:26 52 a------- c:\windows\system32\10.tmp
2009-11-05 18:49 0 a------- c:\windows\system32\2.tmp
2009-11-05 18:27 88,576 a------- c:\windows\system32\B.tmp
2009-11-05 18:27 52 a------- c:\windows\system32\A.tmp
2009-11-05 17:52 88,576 a------- c:\windows\system32\9.tmp
2009-11-05 17:52 52 a------- c:\windows\system32\8.tmp
2009-11-05 17:09 0 a------- c:\windows\system32\3.tmp
2009-11-05 14:57 187,034 a------- c:\windows\system32\net.net
2009-11-05 14:51 42,498 a------- c:\windows\system32\uses32.dat
2009-11-05 14:49 0 a------- c:\windows\system32\6D.tmp
2009-11-05 14:49 88,576 a------- c:\windows\system32\6C.tmp
2009-11-05 14:49 52 a------- c:\windows\system32\6B.tmp
2009-11-05 14:49 94 a------- C:\Clone Cash System.url
2009-11-04 17:42 <DIR> --dsh--- c:\windows\system32\lowsec
2009-10-22 17:53 180,224 a------- c:\windows\system32\lsp.dll.old
2009-10-22 17:53 180,224 a------- c:\windows\system32\lsp.dll
2009-10-22 17:43 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-10-22 16:37 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-10-22 15:12 <DIR> --d----- c:\windows\SxsCaPendDel
2009-10-22 14:35 <DIR> --d----- c:\windows\system32\drivers\Avg(2)
2009-10-22 02:52 <DIR> --d-h--- C:\$AVG
2009-10-22 02:51 <DIR> --d----- c:\documents and settings\all users\application data\avg9
2009-10-21 22:55 <DIR> --d----- c:\documents and settings\all users\application data\Legendo
2009-10-21 22:55 <DIR> --d----- c:\documents and settings\all users\application data\Trymedia
2009-10-20 22:56 <DIR> --d----- c:\program files\CA
2009-10-20 22:56 <DIR> --d----- c:\program files\Raxco
2009-10-20 22:55 <DIR> --d----- c:\program files\common files\Scanner
2009-10-20 22:55 <DIR> --d----- c:\program files\common files\Authentium
2009-10-20 21:10 <DIR> --d----- c:\program files\ATT-HSI
2009-10-20 21:10 <DIR> --d----- c:\program files\common files\Motive

==================== Find3M ====================

2009-10-22 17:56 405,504 a------- c:\windows\undst.exe
2009-10-22 17:55 672,768 a------- c:\windows\system32\nsf1CF.dll
2009-10-22 17:55 672,768 a------- c:\windows\system32\nsd13E.dll
2009-10-22 17:55 672,768 a------- c:\windows\system32\nsd307.dll
2009-10-22 17:55 672,768 a------- c:\windows\system32\nso64.dll
2009-10-22 17:55 1,228,288 a------- c:\windows\system32\nsp6A0.dll
2009-10-22 17:55 672,768 a------- c:\windows\system32\nss248.dll
2009-10-22 17:55 672,768 a------- c:\windows\system32\nsmC7A.dll
2009-10-22 17:55 672,768 a------- c:\windows\system32\nsn1B4.dll
2009-10-22 02:52 12,464 a------- c:\windows\system32\avgrsstx(2)(2).dll
2008-04-07 19:50 5,424 a------- c:\documents and settings\owner\application data\wklnhst.dat
2007-09-24 02:39 49,152 a------- c:\program files\Follow Dir.doc
2007-09-17 14:09 58,368 a------- c:\program files\classofficeschedFall07.pub
2007-02-19 21:42 262,144 a------- c:\documents and settings\all users\NTUSER.DAT
2007-02-19 20:21 5,971,432 a------- c:\program files\Firefox Setup 2.0.0.1.exe
2003-08-05 15:41 53,248 a------- c:\windows\inf\ap561.exe
2002-11-26 20:24 32,768 a------- c:\windows\inf\Remove561.exe
2002-11-22 19:56 118,784 a------- c:\windows\inf\ShowBmp.exe
2002-10-29 22:07 36,864 a------- c:\windows\inf\Setup8a.exe
2002-10-01 18:43 119,798 a------- c:\windows\inf\spca561.sys

==== Installed Programs ======================

Adobe Acrobat Reader 3.01
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe Type Manager 4.0
Advertisement Service
AT&T Internet Security Suite
AT&T Internet Security Wizard 1.5.11
AudibleManager
Authentium AntiVirus SDK - 2
BigFix
blinkx beat
CareBears
Creative MediaSource 5
Creative MuVo V100
Creative System Information
Digital Media Reader
DNA
Free Easy Burner V 3.8
Full Tilt Poker.Net
GameTap
Google Earth
Google Toolbar for Internet Explorer
gPhotoShow Toolbar
gPhotoShow v1.6.1
Graboid Video 1.6
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Lexmark 3300 Series
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Home Publishing 2000
Microsoft Money 2005
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.5.4)
MP3 Rocket
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero BurnRights
Nero OEM
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
Olympus Digital Wave Player
OpenOffice.org 2.3
Paint.NET v3.05
PerfectDisk
Philips PC Camera
Poker Academy Pro 2
PokerStars
PopsMedia Site Adviser
PowerDVD
PPSDKRedistributables
Print Workshop 2007
Profile ****
PySolFC Solitaire (a freeware Solitaire Game) version 1.1
QuickTime
QuickTime 3.0
Radialpoint Security Services
RealPlayer Basic
Realtek AC'97 Audio
Recovery Software Suite eMachines
RON Tool Globaladsolution
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
SecondLife (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
SmartShopper
SoftV92 Data Fax Modem with SmartCP
SoulSeek 157 NS 13c
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
SweetIM For Internet Explorer 3.0b
U3Launcher
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Veoh Web Player Beta
Viewpoint Media Player
WeatherBug
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WordPerfectRecovery
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

============= FINISH: 1:04:08.62 ===============

Ried

I'll be honest, this machine is in a disastrous state. Besides having numerous backdoor trojans and info stealers onboard, Virut is present. (and responsible for bringing all that other junk onboard)

Virut is capable of infecting all the machine's executable files (.exe), screensaver files (.scr), .htm and .html files. The problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts agree that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

You mentioned your friend has emachine install discs - that set would include drivers that his/her machine needs, which may not be compatible with yours. You'd have to find out if it's the exact emachine make and model, and install. Do you have an e-machine recovery partition onboard? It would typically be the D:\ drive.

gamblersgirlky

Ried,
I don't know if I have the recovery console or not.
I tried to put my pics over onto an external hard drive, but the computer kept restarting , with virtual memory errors.
What can I do with the recovery console, if I have one. Will I lose everything?
Is it hard to do? I saw files and programs listed on that DDS that I didn't even know I had. Anybody and everybody gets on that computer and do what they wish, I guess. I will be putting a stop to that.

So I guess there is no way to clean it, then?

Let me say thanks to you and all the other ones for trying to help me, I do appreciate it.

Ried

The Recovery Console is not the same thing as a recovery partition. The recovery partition would have been installed on your emachine, by emachine. It is a partition that contains Windows, and all the drivers you need for your computer. Again, if it came installed on the computer, it would likely be the D: drive.

Do you recall seeing a D:\ drive? When you first boot the computer, do you see any options such as 'press f12 to initiate the recovery partition?

What is the model# of your computer?


Did you try to do this from within Hiren's Windows XP? If so, are you trying to send them all over at one time? Try sending in small groups.

Let me know how that works out for you. If you're still having trouble, I may have another idea for you.

gamblersgirlky

Sorry, Ried, that it is taking so long for me to relpy. I am using a laptop whose spacebar, enter, and backspace keys do not work. All other keys work, so I am using an onscreen keyboard for the spacing and entering.

The computer is a W3107 model and I meant recovery partition in the earlier post. I am getting so tired with this problem, but I am determined, and I will not give up without a fight, But I don't remember seeing it, that doesn't mean it don't.

And yes, I searched for all the jpg files and tried to transfer them in large batches,

Thanks again......

Ried

From Hiren's, open My Computer. How many drives do you see listed there under the Hard Disk Drives?

Are you going to try transferring the pics in smaller batches?

gamblersgirlky

Ried,
I have B:RamDrive, C: Local Disk, H: Local Disk( which has i386,miniNT, Preload,Recovery,etc

Yes, I am going to try to get my favorite pics and most important files as soon as I can.

Thanks and have a great day

Ried

It appears you do have the e-machine recovery partition in the H:\ drive. To be sure, what is the size of that drive in GB? Right click the drive and select Properties.

gamblersgirlky

4.75 gb

Ried

That would be it then.

According to some googling, the emachines recovery partition for your model, is the F10 or F11 key. After you're finished transferring the pics, restart your computer and tap the F10 or F11 key. Hopefully that will launch the Recovery Partition for you.

gamblersgirlky

Sorry Ried,
I had company to pop in..... I may be asking a dumb question....but will the Recovery Partition delete all my personal stuff? I guess I could Google it and see what all it does......Thanks,

Ried

Yes. It will perform what we call a 'destructive recovery'. That means it will wipe your hard drive clean, then reinstall Windows and all e-machine related 'stuff' - so it will be in the same state as when you first purchased it.

gamblersgirlky

OK ,,,, Thanks for all your help, Ried....I do appreciate it.

Ried

Let me know how it goes. If it works for you, be sure to install an AV first.

Here are 2 very good free Antivirus products which are available:

• Avast Free AV
• Avira AntiVir Personal.

Select one of these, or another of your choice. Download, install, update definitions.

Your very next step should be to visit Microsoft's Update page and install all Critical Updates.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

- Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

- Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.

• How did I get infected in the first place?
• PC Safety and Security--What Do I Need?

- Most importantly, Think Prevention

gamblersgirlky

Ried,
I will take your advice for sure and I will come back and post what I did and how things are going. It might take a few days,but I will, I promise.
Thanks,
Gamblersgirl