luxe codec problem #2

[thundertower]

luxe codec problem

post 84

No, nothing happens when i ctrl+alt+delete, also right click

sorry for not replying earlier, just came home yesterday, personal trip

[amateur]

Hi,

You got yourself reinfected after my initial efforts to help you clean the machine. Yet, I tried again. You then decided to act on your own to reinstall the operating system. At this point, with this in mind, and the reported current state of the machine, with no windows modes accessible and rendering our options severely limited in this forum setting, it would be in the best interest of the machine if you simply format and start over, if any of the following steps do not work.

Place your XP installation CD in the CDRom drive. Press the Windows key + R simultaneously to bring up the Run box (or click Start>Run). If successful, type cmd into the Run box and press enter. That should bring up the DOS cmd window. At the command prompt, type the following in bold:

expand D:\i386\userinit.ex_ C:\windows\system32 and press enter.

Where D is the drive letter of your CD ROM drive, as it's reported in your Attach.txt.

Note .ex_ is underscore, not blank

Note, there's a space between .ex_ and C:

You should see a message something like this:

Quote:

expand D:\i386\userinit.ex_ C:\windows\system32

1 file(s) expanded

Reboot and see if you have your desktop back.

If you were not able to access the command prompt via Run box,

----------------------------------------

Boot to the Recovery Console as you've done before. Insert your XP installation CD. At the command prompt:

Type expand D:\i386\userinit.ex_ C:\windows\system32 and press enter.

Where D is the drive letter of your CD ROM drive, as it's reported in your Attach.txt.

Note .ex_ is underscore, not blank

Note, there's a space between .ex_ and C:

You should see a message something like this:

Quote:

expand D:\i386\userinit.ex_ C:\windows\system32

1 file(s) expanded

Report back and tell me what it says.

=======================

If you don't have the XP installation CD, then at the command prompt:

Type cd C:\ and press enter.

Next,

type dir userinit.exe and press enter. Report back and tell me what it says.

[thundertower]

the other instruction worked, i can now see my desktop, w/ icons and everything, this popped up before the fix

C:\WINDOWS\system32\CF19141.exe
Windows can't find 'C:\WINDOWS\system32\CF19141.exe' make sure you typed the name correctly

[amateur]

Hello,

I am glad that you have your desktop back.

Quote:

the other instruction worked,

Please tell me exactly which one?

Quote:

this popped up before the fix

which fix?

We'll need to check the system for any possible re-infections. However, I would like to make sure that the following guidelines are adhered to during the process until the system is declared clean.

1. Reply back in a timely manner.
2. Do not do any fixes/repairs or downloads/installations of software other than the ones I ask you to.
3. Do not visit any unsavory web sites.

Please post a fresh set of logs, i.e. DDS.txt, Attach.txt and Ark.txt as requested in our pre-posting instructions.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

[thundertower]

i mean after i did the other instruction, that popped up when opening my desktop, now this

"The requested lockup key was not found in any active activation context"



DDS (Ver_09-03-16.01) - NTFSx86
Run by Chikoy Singson at 14:15:31.73 on Thu 04/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1366 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\cz6syy6ci.exe
C:\WINDOWS\TEMP\cz6syy6ci.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\QuickSet\QSUI.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\config\systemprofile\reader_s.exe
C:\WINDOWS\TEMP\1413859842.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chikoy Singson\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: c:\windows\system32\kjsdiowq8oikf.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\kjsdiowq8oikf.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>] c:\docume~1\chikoy~1\locals~1\temp\laxe6d.exe
uRun: [reader_s] c:\documents and settings\chikoy singson\reader_s.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [combofix] c:\windows\system32\cf19141.exe /c c:\combofix\Combobatch.bat
mRun: [reader_s] c:\windows\system32\reader_s.exe
dRun: [svc] c:\program files\thunmail\testabd.exe
dRun: [reader_s] c:\documents and settings\localservice\reader_s.exe
dRun: [<NO NAME>] c:\windows\temp\cz6syy6ci.exe
dRun: [Diagnostic Manager] c:\windows\temp\1413859842.exe
dRun: [Windows Resurections] c:\windows\temp\cz6syy6ci.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {A41FE077-BE53-4882-ADF9-8AD164AF57B6} = 192.168.0.1
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
STS: c:\windows\system32\kjsdiowq8oikf.dll: {b2ba40a2-74f0-42bd-f434-12345a2c8953} - c:\windows\system32\kjsdiowq8oikf.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chikoy~1\applic~1\mozilla\firefox\profiles\3bfsjtv4.default\
FF - prefs.js: browser.search.selectedEngine - Metal-Archives
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-9 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-8-20 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-20 55024]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-9 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-9 359248]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-21 45132]
S1 fgr6849;fgr6849;c:\windows\system32\drivers\fgr6849.sys --> c:\windows\system32\drivers\fgr6849.sys [?]
S2 0190841241125811mcinstcleanup;McAfee Application Installer Cleanup (0190841241125811);c:\windows\temp\019084~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\019084~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubveo532.sys --> c:\windows\system32\drivers\ubVeo532.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-9 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-9 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-9 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-9 40488]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-20 7408]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-9 695624]

=============== Created Last 30 ================

2009-04-30 12:33 0 a------- C:\27.tmp
2009-04-30 12:33 38 a------- C:\26.tmp
2009-04-30 12:33 0 a------- C:\25.tmp
2009-04-30 12:33 0 a------- C:\24.tmp
2009-04-30 12:33 0 a------- C:\23.tmp
2009-04-30 12:33 0 a------- C:\22.tmp
2009-04-30 12:33 0 a------- C:\21.tmp
2009-04-30 12:33 0 a------- C:\20.tmp
2009-04-30 12:33 0 a------- C:\1F.tmp
2009-04-30 12:33 0 a------- C:\1E.tmp
2009-04-30 12:33 0 a------- C:\1D.tmp
2009-04-30 12:33 0 a------- C:\1C.tmp
2009-04-30 12:32 0 a------- C:\1B.tmp
2009-04-30 10:48 172,032 a------- c:\windows\system32\igfxres.dll
2009-04-30 03:44 45,056 a------- c:\windows\system32\userinit.exe
2009-04-22 17:58 30,208 ac------ c:\windows\system32\dllcache\sm87w.dll
2009-04-22 17:57 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-04-22 17:56 32,827 ac------ c:\windows\system32\dllcache\tcptest.exe
2009-04-22 17:56 <DIR> --d----- c:\program files\msn gaming zone
2009-04-22 17:54 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-22 17:54 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-22 17:54 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-22 17:54 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-22 17:54 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-22 17:45 1,086,058 a----r-- c:\windows\SET5F.tmp
2009-04-22 17:45 1,042,903 a----r-- c:\windows\SET59.tmp
2009-04-22 16:32 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-04-22 16:09 22,339 a----r-- c:\windows\SETDC.tmp
2009-04-22 16:09 10,559 a----r-- c:\windows\SETDD.tmp
2009-04-22 16:09 13,753 a----r-- c:\windows\SETA8.tmp
2009-04-22 16:09 1,086,058 a----r-- c:\windows\SET9C.tmp
2009-04-22 16:09 1,042,903 a----r-- c:\windows\SET99.tmp
2009-04-19 13:05 <DIR> --d----- c:\docume~1\chikoy~1\applic~1\Twain
2009-04-19 12:53 0 a------- c:\windows\mqcd.dbt
2009-04-19 12:53 10,240 a------- c:\windows\system32\Packer.dll
2009-04-19 12:53 9 a------- c:\windows\system32\iphy.dll
2009-04-19 12:53 3 a------- c:\windows\system32\fhpatch.dll
2009-04-19 12:53 25 a------- c:\windows\system32\tcpd.dll
2009-04-19 12:53 0 a------- c:\windows\system32\fiplock.dll
2009-04-19 12:53 <DIR> --d----- c:\windows\system32\3361
2009-04-19 12:53 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-04-19 12:52 <DIR> --d----- c:\windows\dhcp
2009-04-19 12:52 0 a------- c:\windows\system32\AC.tmp
2009-04-19 12:52 19,420 a------- c:\windows\system32\AA.tmp
2009-04-19 12:52 80 a------- c:\windows\system32\A3.tmp
2009-04-19 12:52 28,672 a------- c:\windows\system32\inqby.sr
2009-04-19 12:52 32,768 a------- c:\windows\system32\ferryl.cbv
2009-04-19 12:52 32,768 a------- c:\windows\system32\fairy.an
2009-04-19 12:52 28,672 a------- c:\windows\system32\dolman.zt
2009-04-19 12:52 79,360 a------- c:\windows\system32\ashl.nq
2009-04-19 12:51 290,304 a------- C:\yxly.exe
2009-04-19 12:51 54,784 a------- C:\ltqfwhxh.exe
2009-04-19 00:27 182,784 a------- c:\windows\SWREG.exe
2009-04-19 00:27 119,296 a------- c:\windows\sed.exe
2009-04-15 14:38 74,240 a------- c:\windows\system32\zlib.dll
2009-04-15 12:59 2,560 a------- c:\windows\system32\xpsp4res.dll
2009-04-12 20:16 <DIR> a-dshr-- C:\autorun.inf
2009-04-10 00:52 <DIR> --d----- c:\docume~1\chikoy~1\applic~1\McAfee
2009-04-09 20:55 9,039 a------- c:\windows\system32\Config.MPF
2009-04-09 20:52 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-09 20:52 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-09 20:52 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-09 20:52 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-09 20:52 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-04-09 20:52 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-09 20:51 <DIR> --d----- c:\program files\McAfee.com
2009-04-09 20:51 <DIR> --d----- c:\program files\common files\McAfee
2009-04-09 20:51 <DIR> --d----- c:\program files\McAfee
2009-04-09 19:53 20,480 a--sh--- c:\windows\system32\Thumbs.db
2009-04-08 21:03 <DIR> --d----- c:\docume~1\chikoy~1\applic~1\GetRightToGo
2009-04-04 15:30 <DIR> --d----- c:\windows\RegisteredPackages
2009-04-04 15:23 23,392 a------- c:\windows\system32\nscompat.tlb
2009-04-04 15:23 16,832 a------- c:\windows\system32\amcompat.tlb

==================== Find3M ====================

2009-04-30 14:05 15,000 a------- c:\windows\system32\kjsdiowq8oikf.dll
2009-04-30 12:32 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-04-22 17:54 23,412 a------- c:\windows\system32\emptyregdb.dat
2009-04-17 15:41 644 a------- c:\docume~1\chikoy~1\applic~1\wklnhst.dat
2009-04-10 23:54 117,412 a------- c:\windows\hpoins11.dat
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-19 02:22 34 a------- c:\documents and settings\chikoy singson\jagex_runescape_preferences.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2004-08-04 03:00 73,728 a--sh--- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe

============= FINISH: 14:16:17.90 ===============

[thundertower]

oh this one,

Boot to the Recovery Console as you've done before.

[amateur]

Hi,

Your logs show that the system is infected with Virut.

Virut is a polymorphic file infector, infecting all the executable files(.exe), including the system files, and screen saver files(.scr) by way of corrupting them beyond repair. Deleting these files would render the system inoperable as system files are also infected. There's no tool that can fix this infection at the moment. Some tools claim to disinfect it but they also end up corrupting the system files in the end just like the virut itself. Unfortunately, the only option is to back up your personal data and then reformat and reinstall.

Here's some more information on this infection:

http://www.microsoft.com/security/en...=Win32%2fVirut
http://vil.nai.com/vil/content/v_143034.htm
http://www.avast.com/eng/win32-virut.html
http://www.symantec.com/security_res...558-99&tabid=1

Do not back up your personal data to another machine or another internal harddrive, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups. Make sure that you do not back up any *.exe, *.scr, *.htm or *.html files, as well as any compressed files such as *.zip, *.rar and *.cab as they may also contain infected files.

Here is a couple of good guides to walk you through the process of reformat and clean install:

http://www.windowsreinstall.com/winx...tallguides.htm
http://helpdesk.its.uiowa.edu/window...s/reformat.htm

You might also like to have a look at this blog by our colleague, miekiemoes:

http://miekiemoes.blogspot.com/2009/...-throwing.html

Good luck!

[thundertower]

Thank you for the informations, but am i suppose to do this right away or.. microsoft says it's low but seems like its not, though i'll definitely put this in top of priority, again, thank you for saving my computer.

[amateur]

Quote:

Thank you for the informations

You're welcome.

Quote:

but am i suppose to do this right away or..

That's up to you. If this were my computer, I wouldn't waste a second to backup and reformat.

Quote:

microsoft says it's low but seems like its not, though i'll definitely put this in top of priority,

It's a very serious infection.

Quote:

again, thank you for saving my computer.

You're welcome again, but I wish I were able to save it. I was only able to bring it up to a state where you can now back up your personal data, before it's too late.

[thundertower]

One last thing, i have a problem with my IE browser, so having that also affects my antivirus program, dell support system and most of all my windows update, do you have any idea how can i fix this or is this one of the effects of the virus?

[amateur]

The system is riddled with infection, the worst of which is Virut. It cannot be cleaned. It would be a futile effort. Please, don't lose time. Back up and reformat.

[thundertower]

I will, i trust your words, but i've never back up or reformat before, i'll review the links you provided hoping this thread won't get deleted.

[amateur]

Good. The thread will not be deleted.

Good luck again.

[thundertower]

Thank you i appreciate it.

[amateur]

You're welcome.

[thundertower]

Just finished reformatting, reinstalled applications and drivers but having a hard time setting up wireless settings, can't see that wireless icon on network connections, wondering if you could give me hand on this

[amateur]

Hi,

As much as I'd like to help, that is a networking issue, which is out of the scope of this forum, and you'd be better served at the Networking Support forum.

Your ISP may also help you set it up.

[thundertower]

thank you

[amateur]

You're welcome.

Since your malware issues are resolved, this thread will now be archived.

Good luck!