[RossSewage]

Thanks in advance!

Problem seemed to manifest after I download a torrent of an .avi file.

- computer restarts out of the blue
- mad amount of pop ups
- won't recognize USB flash device
- desktop background image w/ text "warning dangerous spyware following viruses were found on your computer: trojan horse, pass capture and etc. Your private information may be potentially transferred to third parties. Please, check the computer using advance software. Thanks."
- taskbar popup of "warning! computer is infected"
- ntdll64.exe error (send error report or don't send) on start up and at other various intervals.





DDS (Ver_09-05-14.01) - NTFSx86
Run by Erin at 11:20:24.95 on Sun 05/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.191 [GMT -3:00]

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Erin\Application Data\ptidle\ptidle.exe
C:\Documents and Settings\Erin\Application Data\Twain\Twain.exe
C:\Documents and Settings\Erin\Application Data\digifast\digifast.exe
C:\Documents and Settings\Erin\Application Data\Microsoft\Windows\yjfdjls.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Erin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.weather.com/newscenter/hurricanecentral/2008/ike.html
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CPV: {15421b84-3488-49a7-ad18-cbf84a3efaf6} - c:\program files\wwshow\WWShow.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {8f64d665-e01a-47a2-850e-eb78301fe947} - c:\windows\system32\mawivawo.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Jcore class: {d88e1558-7c2d-407a-953a-c044f5607cea} - c:\program files\jcore\Jcore2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ptidle] "c:\documents and settings\erin\application data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [Twain] c:\documents and settings\erin\application data\twain\Twain.exe
uRun: [DigiFast] c:\documents and settings\erin\application data\digifast\digifast.exe
uRun: [edTwD] c:\documents and settings\erin\application data\microsoft\windows\yjfdjls.exe
mRun: [SpywareBot] c:\program files\spywarebot\SpywareBot.exe -boot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Framework Windows] frmwrk32.exe
mRun: [vanuvozuya] Rundll32.exe "c:\windows\system32\tofanuwo.dll",s
mRun: [0011c821] rundll32.exe "c:\windows\system32\miwajiho.dll",b
mRun: [CPM0322fbbd] Rundll32.exe "c:\windows\system32\sezerabo.dll",a
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
AppInit_DLLs: c:\windows\system32\yozugifi.dll c:\windows\system32\sezerabo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sezerabo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\sezerabo.dll
LSA: Notification Packages = scecli c:\windows\system32\yozugifi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\erin\applic~1\mozilla\firefox\profiles\qsc7cswb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.rushisaband.com
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - component: c:\program files\mozilla firefox\components\dfff.dll
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: d:\mozilla plugins\npitunes.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-5-27 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-27 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-7-6 147640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-12 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-7-6 250040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-7-6 348344]

=============== Created Last 30 ================

2009-05-16 13:42 1,425,817 ---sh--- c:\windows\system32\ohijawim.ini
2009-05-14 17:11 <DIR> --d----- c:\docume~1\erin\applic~1\digifast
2009-05-14 17:06 <DIR> --d----- c:\docume~1\erin\applic~1\Twain
2009-05-14 17:01 <DIR> --d----- c:\program files\WWShow
2009-05-14 16:56 <DIR> --d----- c:\program files\Jcore
2009-05-14 14:35 <DIR> --d----- c:\program files\Lavasoft
2009-05-14 13:40 1,425,817 ---sh--- c:\windows\system32\anevenoy.ini
2009-05-13 17:08 1,400 a------- c:\windows\system32\ahtn.htm
2009-05-13 17:08 4,785 a------- c:\windows\system32\warning.gif
2009-05-13 17:07 104,960 a------- c:\windows\system32\ntdll64.exe
2009-05-13 17:07 1 a------- c:\windows\system32\uniq.tll
2009-05-13 17:07 19,456 a------- c:\windows\system32\frmwrk32.exe
2009-05-13 17:07 19,456 a------- c:\windows\system32\loader49.exe
2009-05-13 17:06 111,025 a------- c:\windows\system32\net.net
2009-05-13 16:57 1,398,493 ---sh--- c:\windows\system32\ujakemij.ini
2009-05-13 16:52 <DIR> --d----- c:\docume~1\erin\applic~1\ptidle
2009-05-13 16:52 165,376 a------- c:\windows\system32\prnet.tmp
2009-05-12 16:26 <DIR> --d----- C:\temp internet files
2009-05-12 15:59 <DIR> --d----- C:\The Office - Season 5
2009-05-09 09:18 <DIR> --d----- c:\program files\Regensoft
2009-05-09 09:18 <DIR> --d----- c:\program files\AviSynth 2.5
2009-05-09 09:18 <DIR> --d----- c:\program files\Ipod Video Converter
2009-05-02 15:32 <DIR> --d----- c:\program files\Codec Pack - All In 1
2009-04-19 13:51 6,144 a--sh--- C:\Thumbs.db

==================== Find3M ====================

2009-05-16 13:42 87,040 a--sh--- c:\windows\system32\sezerabo.dll
2009-05-16 13:42 78,848 a--sh--- c:\windows\system32\miwajiho.dll
2009-05-14 13:40 49,664 a--sh--- c:\windows\system32\merilaro.dll
2009-05-14 13:40 86,528 a--sh--- c:\windows\system32\romabotu.dll
2009-05-13 16:57 87,040 a--sh--- c:\windows\system32\fulefoze.dll
2009-05-13 16:57 79,872 -------- c:\windows\system32\jimekaju.dll
2009-05-02 15:32 737,280 ac------ c:\windows\iun6002.exe
2009-03-06 11:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 21:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 15:09 78,336 ac------ c:\windows\system32\ieencode.dll
2001-10-05 11:53 21,866 ac------ c:\program files\common files\tppupd2k.dll
2009-02-14 13:40 49,664 a--sh--- c:\windows\system32\mawivawo.dll
2009-02-14 13:40 49,664 a--sh--- c:\windows\system32\tofanuwo.dll
2009-02-14 13:40 49,664 a--sh--- c:\windows\system32\yozugifi.dll
2008-09-14 14:49 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091420080915\index.dat

============= FINISH: 11:21:01.93 ===============

 

[Gringo_pr]

Hello and Welcome to the forums!

My name is ****** and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Somethings to remember while we are working together.

• 1.Please do not run any other tool untill instructed to do so!
  2.Please reply to this thread, do not start another!
  3.Please tell me about any problems that have occurred during the fix.
  4.Please tell me of any other symptoms you may be having as these can help also.
  5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am going over your logs now and will be back as soon as possible with your instructions.


******

 

[Gringo_pr]

Hello RossSewage

thank you for waiting.

We need to disable part of avast before we use the next tool.

To disable Avast:

• Right Click on the Avast icon in the system tray
• Click on Program Settings...
• Click on Troubleshooting
• Place a tick next to Disable avast! self-defense module
• Click OK
  • At the prompt that appears, click Yes
• Right Click on the Avast icon in the system tray and click Stop On-Access protection
  • At the prompt that appears, click Yes

Run combofix

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT- Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on combofix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review

• In your next post I need the following
  
  • 1.log from combofix please
    2. let me know of any problems you may of had and let me know how the computer is doing now.

******

 

[RossSewage]

******,

My problems have now been compounded by the fact that I am unable to log in to either of my two accounts. I attempt to log in as either user but it logs me right back out and sends me back to the user screen. Thus I'm unable to do anything you suggested in the previous post.

How should we proceed.

Thanks.

 

[Gringo_pr]

Hello RossSewage

Are you able to boot into safe mode?

Boot into Safe Mode

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

If you cannot boot into safe mode please let me know.

If you are able to, please do the following

download combofix from a clean computer ( the computer you are posting from now ) from one of the links below and pass combofix to a flash drive so it can be transfered to the desktop of the infected computer

Link 1
Link 2
Link 3

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Also let me know if you have the disk to reinstall or if you have disks to restore the PC.

:information and logs:

• In your next post I need the following
  
  • 1.please post the log from combofix if you were able to run it
    2.are you able to now log into your normal account?
    3.what type of disks do you have?

******

 

[RossSewage]

******,

Even in safe mode I am unable to log into either account. Same as before: I get logged out immediately after trying to log in. Computer is running slower than before to the point where the mouse is lagging when trying to click on user icon.

Also, I've noticed a third account has been created "administrator". I didn't create it myself, and only noticed it after booting in safe mode.

I believe I possess the necessary disks:

- Driver and Utilities...Dell Dimension Resource CD w/ device drivers, diagnostics and utilities & computer documentation

- OS Reinstallation CD for XP Home Edition.

Am I missing anything?

 

[Gringo_pr]

Hello RossSewage

I would like you to do the following

• 1.Insert the original Windows XP CD (Windows XP with Service Pack 2 is preferred, but not required) and reboot the computer. You may need to configure your computer to boot from the CD-ROM drive.
  
  2.When the Windows XP Setup has started, press "R" to "repair the Windows XP installation using Recovery Console".
  
  3.Select the Windows installation to repair (generally this is C:\Windows) by typing its number and then pressing ENTER.
  
  4.Type the Administrator password and press ENTER.
  
  5.Type the following commands:

D:				 	[ENTER] 
CD I386					[ENTER]
EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32	[ENTER]

• NOTE: If your CD-ROM drive has a different letter assigned to it, enter "X:" instead, where X is the appropriate drive letter.
  
  After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.
  
  Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer. You should now be able to log on as normally.

******

 

[RossSewage]

I don't know what to do here. I turn on the computer and insert the CD but at no point does the Windows XP CD actually load. The computer starts as it would normally and I'm at the log in screen and back where I started. I've tried pressing "R" as you said but I'm not getting anything. Frustration.

 

[Gringo_pr]

Hello RossSewage

We need to enter the bios to change the order of which the computer wants to boot from

press the delete key {Del} or F1 or F2 or ESC enter the bios setup program,

Once you enter the bios setup, you will (usually) end up in the first basic setup screen for your system. This is where the time and date, floppy drive and hard disk parameters are set. There may be another screen or section for hard disk or IDE auto detection. If utilized, this will set the hard disk parameters in this first Basic setup screen.

The boot sequence for system start up will usually be in the ADVANCED (or BOOT with Phoenix bios) section. This is where you can choose the boot device order. For the average user, the sequence is A: (or floppy drive), CDROM drive, then the first IDE hard disk (labeled 0 or 1, depending on how your system is designed).

then go to save and exit the bios.

after you have done this then try the instrutions I gave to you before.

******

 

[RossSewage]

******,

Made a bit of headway but still encountered a roadblock or perhaps I am doing something wrong. Upon entering the recovery console and typing C:\>Windows to select the windows installation to repair it says "command not recognized".

Here's what it would resemble:


Microsoft Windows XP(TM) Recovery Console
The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and Restart computer

C:\>Windows the command is not recognized
C:\>

Am I skipping something or missing a step somewhere along the lines?

 

[Gringo_pr]

Hello RossSewage

Yes we are making headway.

while at the c: prompt ( C:/ > )Type in each of the commands I've highlighted in bold:

D:
press the Enter key

CD I386
press the Enter key

EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32
press the Enter key​

NOTE: If your CD-ROM drive has a different letter assigned to it than D: enter whatever that drive letter is.

After entering "EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.

Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer. You should now be able to log on as normally.

******

 

[RossSewage]

******,

Okay. Before I was not given the screen with the C:\Windows highlighted and given the option to select the number of the hardrive, I was only simply allowed to insert commands. Now I'm the stage where I have to enter the administrators password and guess what......I have no clue what it is. What now?

Edit: got past the password delimma. Now when typing CD I386 I get a message saying cannot find the specified file or directory.

Edit 2: Assuming there's no way around not being able to find CD I386, would I be able to hook up my computer to another as a slave drive, install the necessary file/folder transfer it to my hard drive and try and proceed?

 

[RossSewage]

******,

Finally managed to get the file copied...under the F: drive. Stupid me. Should have recognized the problem. So now when I try to boot up again...the comp stops at the "Windows is loading screen" so I now cannot even get to the icons for the user accounts.

 

[Gringo_pr]

Hello RossSewage

ok we have copied the file over so now I want you to go back into the bios and put the boot order back the way it was or put the default settings back.


******

 

[RossSewage]

Okay, I'm back into windows...computer already running noticeably much better, downloaded ComboFix, restarted my computer and now my mouse is giving me problems....its on and works well but when the windows screen loads I cannot move the cursor to change the user. Ugh.

 

[Gringo_pr]

Hello RossSewage

use the arrow keys on the keyboard to go to the user you need and put in the password.

******

 

[Gringo_pr]

Hello RossSewage

How are things going? can you send me the log from combofix?

You can find it here C:\ComboFix.txt .


******

 

[amateur]

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html