TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Arpan on May 23, 2009, 04:33:30 AM
-
I am having lot of viruses in my comp....pls help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00, on 2009-05-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)v\
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Online.com
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe update.com
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\WINDOWS\system32\sopidkc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\SOFTWARE\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Online.com
O4 - Startup: Adobe update.com
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AshEvtSvc - Unknown owner - C:\WINDOWS\System32\AshEvtSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6721 bytes
-
After posting above logfile i installed a fresh copy of windows thinking it wud solve my problem but all my efforts gone in vain still those viruses pop up. please help me out
-
Download ComboFix from one of these locations:
[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]
--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]
With Avast, you can Right click on it's icon by the clock and choose to "Stop On Access Protections"
Ok the prompt
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
-
ComboFix 09-05-23.01 - sonal 05/24/2009 0:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2672 [GMT 5.5:30]
Running from: c:\documents and settings\sonal\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\LocalService\Application Data\1259558419.exe
c:\documents and settings\sonal\reader_s.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\ThunMail
c:\program files\ThunMail\testabd.dll
c:\program files\ThunMail\testabd.ex_
c:\windows\system32\3361
c:\windows\system32\3361\mlog
c:\windows\system32\AshEvtSvc.exe
c:\windows\system32\aston.mt
c:\windows\system32\comsa32.sys
c:\windows\system32\dpcxool64.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\fxe.sp
c:\windows\system32\nvaux32.dll
c:\windows\system32\oezevmzi.dll
c:\windows\system32\paso.el
c:\windows\system32\reader_s.exe
c:\windows\system32\sysfldr.dll
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wjneipfr.dll
c:\windows\system32\wjneipfr32.dll
c:\windows\ynh.dx
D:\Autorun.inf
E:\Autorun.inf
[color=\"blue\"]Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{95CC29D4-18EF-49B7-BF7D-D8E3820B4366}\RP3\A0000313.sys[/color]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_ASC3360PR
-------\Legacy_ASHEVTSVC
-------\Legacy_DHCPSRV
-------\Legacy_SOPIDKC
-------\Service_6to4
-------\Service_asc3360pr
-------\Service_AshEvtSvc
-------\Service_DhcpSrv
-------\Service_restore
-------\Service_sopidkc
((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
.
2009-05-23 18:33 . 2009-05-23 18:37 95198 ----a-w c:\windows\system32\drivers\31709f35.sys
2009-05-23 16:08 . 2004-08-03 22:58 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys
2009-05-23 16:08 . 2004-08-03 23:10 85376 ----a-w c:\windows\system32\drivers\NABTSFEC.sys
2009-05-23 16:08 . 2004-08-03 23:10 17024 ----a-w c:\windows\system32\drivers\CCDECODE.sys
2009-05-23 16:08 . 2004-08-03 23:10 19328 ----a-w c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-23 16:07 . 2001-08-17 13:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-23 16:07 . 2004-08-03 23:10 78464 ----a-w c:\windows\system32\drivers\usbvideo.sys
2009-05-23 16:07 . 2004-08-03 19:26 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-23 16:07 . 2004-08-03 19:26 4096 ----a-w c:\windows\system32\ksuser.dll
2009-05-23 16:07 . 2004-08-03 22:59 57472 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-23 16:06 . 2001-08-17 13:46 6400 ----a-w c:\windows\system32\drivers\enum1394.sys
2009-05-23 16:04 . 2004-08-04 01:07 19968 -c--a-w c:\windows\system32\dllcache\agt040e.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 18:36 . 2004-08-04 01:07 182912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-23 18:35 . 2004-08-04 01:07 577024 ----a-w c:\windows\system32\user32.dll
2009-05-23 18:11 . 2009-05-23 18:11 44 ----a-w c:\windows\system32\4A.tmp
2009-05-23 15:48 . 2009-05-23 13:54 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-23 15:43 . 2009-05-23 15:43 0 ----a-w c:\windows\system32\38.tmp
2009-05-23 15:43 . 2009-05-23 15:43 80 ----a-w c:\windows\system32\D.tmp
2009-05-23 15:39 . 2009-05-23 15:39 -------- d-----w c:\documents and settings\sonal\Application Data\AVGTOOLBAR
2009-05-23 15:13 . 2009-05-23 10:52 22720 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-23 14:34 . 2009-05-23 14:34 44 ----a-w c:\windows\system32\7.tmp
2009-05-23 14:19 . 2005-12-29 10:05 98304 ------r C:\RECYCLER .scr
2009-05-23 14:19 . 2005-12-29 10:05 98304 ------r C:\Qoobox .scr
2009-05-23 14:19 . 2005-12-29 10:05 98304 ------r C:\Program Files .scr
2009-05-23 14:19 . 2005-12-29 10:05 98304 ------r C:\Intel .scr
2009-05-23 14:19 . 2005-12-29 10:05 98304 ------r C:\dell .scr
2009-05-23 14:19 . 2005-12-29 10:05 98304 ------r C:\ComboFix .scr
2009-05-23 14:19 . 2005-12-29 10:05 98304 ------r C:\cmdcons .scr
2009-05-23 14:19 . 2005-12-29 10:05 98304 ------r C:\32788R22FWJFW .scr
2009-05-23 14:19 . 2005-12-29 10:05 98304 ------r C:\$AVG8.VAULT$ .scr
2009-05-23 13:54 . 2009-05-23 13:54 -------- d-----w c:\program files\AVG
2009-05-23 13:49 . 2009-05-23 13:49 44 ----a-w c:\windows\system32\5C.tmp
2009-05-23 13:10 . 2009-05-23 13:10 44 ----a-w c:\windows\system32\11.tmp
2009-05-23 13:10 . 2009-05-23 13:10 0 ----a-w c:\windows\system32\F.tmp
2009-05-23 13:10 . 2009-05-23 13:10 44 ----a-w c:\windows\system32\C.tmp
2009-05-23 12:03 . 2009-05-23 12:03 -------- d-----w c:\program files\CONEXANT
2009-05-23 12:01 . 2009-05-23 12:01 -------- d-----w c:\program files\SigmaTel
2009-05-23 12:01 . 2009-05-23 11:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-23 11:56 . 2009-05-23 11:56 -------- d-----w c:\program files\Modem Diagnostic Tool
2009-05-23 11:43 . 2009-05-23 11:43 426 ----a-w c:\documents and settings\sonal\Autoexec.bat
2009-05-23 11:35 . 2009-05-23 11:15 -------- d-----w c:\program files\Dell
2009-05-23 11:35 . 2009-05-23 11:35 -------- d-----w c:\documents and settings\sonal\Application Data\InstallShield
2009-05-23 11:27 . 2009-05-23 11:27 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-23 11:25 . 2009-05-23 11:25 -------- d-----w c:\program files\Intel
2009-05-23 11:15 . 2009-05-23 11:15 10134 ----a-r c:\documents and settings\sonal\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2009-05-23 10:56 . 2009-05-23 10:56 -------- d-----w c:\program files\microsoft frontpage
2009-05-23 10:55 . 2009-05-23 10:55 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-23 02:50 . 2005-12-29 10:05 135168 ---h--r C:\Thumbs.com
2009-04-23 02:50 . 2005-12-29 10:05 135168 ----a-r C:\System Volume Information .scr
2009-04-23 02:50 . 2005-12-29 10:05 135168 ------r C:\WINDOWS .scr
.
[color=\"blue\"]Infected c:\windows\system32\user32.dll hex repaired[/color]
------- Sigcheck -------
[-] 2004-08-04 01:07 25600 5C6331B64BF35DF76285B928FFE8501A c:\windows\system32\svchost.exe
[-] 2004-08-04 01:07 14336 BDAC56658CBB4AFF9A3B7D13819710CD c:\windows\system32\dllcache\svchost.exe
[-] 2004-08-04 01:07 1142272 29BEFA7658F8F73BECAABDD580E652B2 c:\windows\explorer.exe
[-] 2004-08-04 01:07 26624 64D5B4936BC20494D6F1DF50844D4610 c:\windows\system32\ctfmon.exe
[-] 2004-08-04 01:07 15360 07A84336C2761512D1D73036DC4C99E9 c:\windows\system32\dllcache\ctfmon.exe
[-] 2004-08-04 01:07 102400 3A50B165283AF164E0AE85E257A2799D c:\windows\system32\spoolsv.exe
[-] 2004-08-04 01:07 155136 37095D5B2BBCAFB9332DEAA7097A86EF c:\windows\system32\wuauclt.exe
[-] 2004-08-04 01:07 134144 B16BF187456B740E63DE4AB25032AD74 c:\windows\system32\userinit.exe
[-] 2004-08-04 01:07 24576 A7F66DDCEDC5BFCC20BD3599BB7FF5EB c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
c:\documents and settings\sonal\Start Menu\Programs\Startup\
Adobe Online.com [2009-5-23 98304]
Adobe update.com [2009-5-23 98304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[color=\"RED\"] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Thumbs.com"=
"c:\\Documents and Settings\\sonal\\Start Menu\\Programs\\Startup\\Adobe Online.com"=
"c:\\WINDOWS\\system32\\OEM02Srv.exe"=
"c:\\ComboFix\\NirCmd.cfexe"=
R?2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:37 AM 25600]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [5/23/2009 4:59 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [5/23/2009 4:59 PM 7424]
S3 OEM002Srv;Creative OEM002 RunApp Service;c:\windows\system32\OEM02Srv.exe [5/23/2009 4:59 PM 172032]
S3 sndintd;sndintd;\??\c:\windows\system32\sndintd.sys --> c:\windows\system32\sndintd.sys [?]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-OEM02Mon.exe - c:\windows\OEM02Mon.exe
HKLM-Run-Broadcom Wireless Manager UI - c:\windows\system32\WLTRAY.exe
HKLM-Run-SigmatelSysTrayApp - c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe
HKU-Default-Run-reader_s - c:\documents and settings\sonal\reader_s.exe
.
------- Supplementary Scan -------
.
mStart Page =
.
.
------- File Associations -------
.
scrfile=%1
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\stacsv.exe
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\sonal\Start Menu\Programs\Startup\Adobe Online.com
c:\documents and settings\sonal\Start Menu\Programs\Startup\Adobe update.com
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-05-23 0:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-23 18:40
Pre-Run: 49,301,147,648 bytes free
Post-Run: 49,260,720,128 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
226
-
Your computer is badly infected, I would of opted for a Clean Install of XP rather than a Reinstall over the top approach
Just to verify, let's see if we can clear some problems, see what we have left to deal with
If you do have a copy of this next tool, delete it as we need the latest
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")
Temporarily disable your AntiVirus software so it won't interfere with this scan
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found:(http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
(http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
- After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer
- After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
-
I tried removing these creepy viruses for the first time through AVG antivirus and because of which my imp folders in D: are no more visible as they detected positive. I mean it was really imp data.. Can i get that data back by any chance??
After performing full system scan through avg, it asked me to restart computer so i did that and now it is not showing desktop icons. I mean system restarted properly, xp welcome screen also showed up. As soon as my wallpaper was visible, system did not preactically hung up but icons are not coming up even if pc was kept idle for 15-30 min.
Shall i consider the option of installing fresh copy of windows one more time? But i m worried i may loose my imp data on D: which went missing only during avg system scan. Please show me the way to get my data back......
-
I really wish you wouldn't of run AVG for this infection
What do you mean by Imp data?
Can you bring up the Task Manager?
-
[quote name=\'guestolo\' post=\'462935\' date=\'May 24 2009, 03:25 AM\']I really wish you wouldn't of run AVG for this infection
What do you mean by Imp data?
Can you bring up the Task Manager?[/quote]
task manager, no chance......
I told you right now i cant even start my pc properly....it waits idle at wallpaper level without desktop icons
By Imp data means i meant pictures, very precious. can u get me back, pls dont say no...pls!!!
-
I'm hoping we don't have to say No
Roll up your sleeves, you have a bit of work to do, but it won't be that bad
let me know the following
Do you have an external thumbdrive, or similiar that you can save your documents too?
Have you ever use a Linux distro to boot to windows?
I was thinking of Ubuntu, but let me know if you have your own version
Do you know how to get to your bios to change to boot order to start by CD on the infected computer?
You seem to have access to another computer, do you have a Blank CDR that you can burn an image file too?
Let me know the above and we'll take it from there
Do you have a Fast Internet connection?
-
[quote name=\'guestolo\' post=\'462939\' date=\'May 24 2009, 03:38 AM\']I'm hoping we don't have to say No
Roll up your sleeves, you have a bit of work to do, but it won't be that bad[/quote]
I m ready to do anything to get those pictures back.
let me know the following
Do you have an external thumbdrive, or similiar that you can save your documents too?
I have a pen drive to store data. i have dvd's also.
Have you ever use a Linux distro to boot to windows?
I was thinking of Ubuntu, but let me know if you have your own version
Do you know how to get to your bios to change to boot order to start by CD on the infected computer?
No, i have never used linux in my entire life but i do own one copy of ubuntu linux. I have never evn opened it but i am ready to try my luck. I know how to change boot pref in BIOS.
You seem to have access to another computer, do you have a Blank CDR that you can burn an image file too?
Let me know the above and we'll take it from there
Do you have a Fast Internet connection?
This problem is with my laptop and i m replying you through my desktop. and i do have a avg isp connection..
lets rock n roll....
-
Well, your copy of Ubuntu might be different than mine
Since it's the Laptop that has the problem, we'll have to stick with the Pendrive
Have you had the Pendrive inserted to the Desktop already? It could have infected files on it
Scan it with an updated AntiVirus to be safe
Then afterwards
On your laptop, set it to boot from CD first, it may already be set that way
Put your version of Ubuntu into the CD bay
Shut down the computer manually
Insert the Pendrive into the infected computer
Boot up the computer and boot into Ubuntu, depending on version, you should have a default option
To run it from CD and don't make any changes on the computer
Get to that part please, then post back
Edit>>Can you let me know what version of Ubuntu your running please
-
[quote name=\'guestolo\' post=\'462941\' date=\'May 24 2009, 04:02 AM\']Well, your copy of Ubuntu might be different than mine
Since it's the Laptop that has the problem, we'll have to stick with the Pendrive
Have you had the Pendrive inserted to the Desktop already? It could have infected files on it
Scan it with an updated AntiVirus to be safe
Then afterwards
On your laptop, set it to boot from CD first, it may already be set that way
Put your version of Ubuntu into the CD bay
Shut down the computer manually
Insert the Pendrive into the infected computer
Boot up the computer and boot into Ubuntu, depending on version, you should have a default option
To run it from CD and don't make any changes on the computer
Get to that part please, then post back
Edit>>Can you let me know what version of Ubuntu your running please[/quote]
i have 6.06 LTS version of ubuntu.Rest i"ll do & let u know.Should i just format my pendrive thru desktop & then insert it in laptop.
-
Go ahead and format the pendrive, I have never used that version of Ubuntu
But give it a shot, it should still run on CD and no need to install
Let me know if it gives you the option to Make NO changes to the computer
-
I have to step out for a bit, I'll be back in a while to see how your making out
-
[quote name=\'guestolo\' post=\'462944\' date=\'May 24 2009, 04:23 AM\']Go ahead and format the pendrive, I have never used that version of Ubuntu
But give it a shot, it should still run on CD and no need to install
Let me know if it gives you the option to Make NO changes to the computer[/quote]
I am facing problem while using ubuntu from cd. initially it gave me 4-5 options, i didnt do anything. it automatically started and shell has opened up now. no graphical interfae, is it fine???
-
the exact text of problem is
"failed to start the X server{ur graphical interface}. it is likely that it is not setup correctly. wud u like to view the x server output to diagnos the problem?
yes no
tell me what should i do???
-
Did you notice the following
Boot up the computer and boot into Ubuntu, depending on version, you should have a default option
To run it from CD and don't make any changes on the computer
Are you running from CD? You aren't trying to install it are you?
EDIT> keep in mind, I've never used the version of Ubuntu you have, so I don't know the exact boot options
At the screen for Alternative Startup modes, I believe you select F4
Then try selecting safe graphics mode
Afterwards, try booting to LiveCD
-
[quote name=\'guestolo\' post=\'462949\' date=\'May 24 2009, 07:37 AM\']Did you notice the following
Boot up the computer and boot into Ubuntu, depending on version, you should have a default option
To run it from CD and don't make any changes on the computer
Are you running from CD? You aren't trying to install it are you?
EDIT> keep in mind, I've never used the version of Ubuntu you have, so I don't know the exact boot options
At the screen for Alternative Startup modes, I believe you select F4
Then try selecting safe graphics mode
Afterwards, try booting to LiveCD[/quote]
I cud start ubuntu thru safe graphics mode & even desktop icons showed up. Now what exactly need to be done to "boot to liveCD ".
-
Sorry, meant, choose Safe graphics mode, you are just booting with the Live CD
My version, you choose safe graphics, then hit Enter to select to continue booting without making changes
Are you still on the Desktop of Ubuntu?
If you click on Places in the top menu bar, do you see your drives listed?
If you didn't name your volumes, they should be indicated by size
What exactly is your D: drive? A seperate partition?
Did you create this partition
-
[quote name=\'guestolo\' post=\'462956\' date=\'May 24 2009, 06:05 PM\']Sorry, meant, choose Safe graphics mode, you are just booting with the Live CD[/quote]
What does booting with live cd mean??
My version, you choose safe graphics, then hit Enter to select to continue booting without making changes
even i had to do the same way but what does booting without changes mean in this ref??
Are you still on the Desktop of Ubuntu?
If you click on Places in the top menu bar, do you see your drives listed?
If you didn't name your volumes, they should be indicated by size
i do see them but when i tried opening them, error came stating "unable to mount the selected volume".
there was an option to seek more details on that error. it stated..
error:device/dev/sda5 is not removable
error:could not execute pmount
What exactly is your D: drive? A seperate partition?
Did you create this partition
Yes, i created this separate partition long back when i first installed win xp.
-
A knoppix CD might be easier as it will automount internal drives
But let's try the following
This will be easier if your using Firefox in Ubuntu, so you can copy/paste some instructions
In Ubuntu, click on PLACES>>COMPUTER
Double click on your drive Windows is installed on
You will probably get the error it couldn't mount
In the error box, click on Details.....
I need the info in the quote box below right after the following: For example type on the command line:
as eg.. it will look like the following
mount -t ntfs-3g /dev/sda1 /media/disk -o force
IF you don't post this back Exactly as you see on your screen, we won't be able to do it properly
-
[quote name=\'guestolo\' post=\'462973\' date=\'May 25 2009, 12:11 AM\']You will probably get the error it couldn't mount
In the error box, click on Details.....[/quote]
The error details of the drive in which windows is installed is same as i mentioned in my previous post.
In the error box, click on Details.....
I need the info in the quote box below right after the following: For example type on the command line:
as eg.. it will look like the following
IF you don't post this back Exactly as you see on your screen, we won't be able to do it properly
I did not understand what exactly you asked me to do in the above lines but still i tried what i could understand. Here is the screen shot of command line instructions i had typed. Explain me if i have done something wrong.
-
Edit>>Get out of Terminal for now, I need you on the desktop of Ubuntu
In Ubuntu, click on PLACES at the top>>COMPUTER
Double click on your drive Windows is installed on
You will probably get the error it couldn't mount
In the error box, click on Details.....
-
[quote name=\'guestolo\' post=\'463005\' date=\'May 25 2009, 08:53 AM\']In Ubuntu, click on PLACES>>COMPUTER
Double click on your drive Windows is installed on
You will probably get the error it couldn't mount
In the error box, click on Details.....[/quote]
When i clicked on show more details in the error box. it stated..
error:device/dev/sda5 is not removable
error:could not execute pmount
There is only one option left to click "ok" button.
edit:
error:device/dev/sda1 is not removable
error:could not execute pmount
-
Let's see what we can do with just that info
Open up Terminal
On the top menu bar click on Applications>>Accessories>>Terminal
Let me know when you have Terminal open, don't do anything with it yet
-
I m ready with terminal open..
-
Right after the ~$ can you type the following, or copy/paste it if your running Firefox from within Ubuntu
Exactly as following:
sudo /bin/bash
Hit Enter on your keyboard, there is a single space after sudo
Let me know what happens, don't type anything after that
-
command executed successfully and in the next line now i can see...
root@ubuntu:~#
-
great, I hope your copy/pasting these, the next command isn't so bad, but the next after is a bit long
Let me know if your copy/pasting these commands please
type, or copy/paste the next command exactly
[color=\"#800080\"]mkdir /media/disk[/color]
Hit Enter on keyboard
single space after mkdir
-
command was successful. well i am actually typing it because i'm replying from my desktop. I will type the command, no worries....
-
type the following exactly,
[color=\"#9932CC\"]mount -t ntfs-3g /dev/sda1 /media/disk -o force[/color]
hit Enter
note the single spaces
after mount>-t>ntfs-3g>/dev/sda1>/media/disk>-o>force
-
command resulted as follows:
root@ubuntu:~# mount -t ntfs-3g /dev/sda1 /media/disk -o force
mount: unknown filesystem type 'ntfs-3g'
root@ubuntu:~#
-
darn, I don't think your version of Ubuntu has the correct package on disk
We could try an updated version of Ubuntu, but maybe we should stick with knoppix as it should mount the drives a lot easier
I posted instructions a long time ago, see if I can find them
-
oh, that is quite tiring for you, isnt it?
By the way I am ok with any version you say, no problem at all.
-
Actually what happen in Terminal as root if you type the following exactly
[color=\"#4169E1\"]sudo mount /dev/sda1 /media/disk -t ntfs[/color]
-
It executed successfully leaving no visible results just as follows...
root@ubuntu:~# sudo mount /dev/sda1 /media/disk -t ntfs
root@ubuntu:~#
-
I'm not quite sure how much access you will have with that
But can you do the following, minimize the Terminal box
Then click on Places and your XP drive, what happens?
-
It neither gives any error nor it executes successfully. I mean hitting enter on that drive practically does nothing.
-
Is there an icon on the desktop for that drive?
What do you mean hitting Enter does nothing?
-
Can you type this command in terminal as root
[color=\"#800080\"]sudo mount /dev/sda1 /media/disk -t ntfs -o nls=utf8,umask=0222[/color]
See if you have access to the drive afterwards
-
above command resulted like this....
root@ubuntu:~# sudo mount /dev/sda1 /media/disk -t ntfs -o nls=utf8,umask=0222
mount: /dev/sda1 already mounted or /media/disk busy
mount: according to mtab, /dev/sda1 is already mounted on /media/disk
root@ubuntu:~#
I meant even after hitting enter or clicking open after doing right click on that drive, it does not display the contents of that drive.
-
There is no icon available on the desktop for any of the hard disk drives.
-
Close down all open windows
The go to PLACES>>COMPUTER
Can you see the drive you want to access?
Try opening them through there
-
Till now I was opening it from places->computer itself but it was not doign any actions.Now after closing down all windows when i tried to double click on the drive through places->computer, it is giving error stating...
The folder contents could not be displayed.
You do not have the permissions necessary to view the contents of "disk".
-
How many disks do you have related to XP in Computer
You can only open the one we mounted
Do you see the ones related to your C: and D: drive?
Edit>>Arpan, I see your veering off and reading another topic right now, I'm not going to be online much longer tonight, so stay with me
Edit again, I'm probably checking out fairly quick for the night, in the meantime
Why don't you try knoppix instead
If you have your own burning software that will burn ISO (Image files), you won't need burnatonce
Here's a copy/paste of instructions I posted earlier
download and install
[color=\"#0000ff\"]burnatonce 0.99.5[/color] (http://\"http://www.burnatonce.net/downloads\")
Onto a working computer
I'm assuming you have high speed internet, you'll need it
Go to the following link
http://www.knopper.net/knoppix/index-en.html (http://\"http://www.knopper.net/knoppix/index-en.html\")
At the link, you can read the info about knoppix if you want
Click on the DOWNLOAD button
Next page you will want to choose a mirror to download from
Just because a location may be closer to you, it may not always be the fastest connection
I find that the download location from
ftp.kernel.org [rsync] [ftp] [http] Kernel.Org (California, USA)
is very good speeds if your in North America
You can select it by Clicking on ftp as eg..
At the new page click on ACCEPT
This will bring you to an Index of what you can download
Scroll down to KNOPPIX_V5.1.1CD-2007-01-04-EN.iso>>713064 KB and click on it
Choose SAVE TO DISK and OK
Select the location to download, such as desktop
After download is complete you will want to burn the ISO as is
Fire up Burnatonce, put a blank CD into the drive>>again, you don't need Burnatonce if you have your own burning software
In burnatonce, select Setting>>Device Settings, this will show you the options
Ensure the speed of write is correct, you can lower it a bit to ensure a good burn
Afterwards, click on the WRITE button or FILE>>New Image
Navigate to KNOPPIX_V5.1.1CD-2007-01-04-EN.iso
and double click on it to Select it
Then click on the WRITE button again
Let it complete the burn process, after it is successful you are ready to try it in the nonbootable computer
-
I am sorry about that. I do understand the importance of your time.
Well i have only 1 hard drive which divided into 3 partitions containing
1. 50GB - XP drive
2. 90GB - D drive - normal data
3. 90GB - E drive - recently formatted to eliminate viruses from atleast one partition but i dont think it helped.
I tried opening the 50 GB drive and we mounted this drive only.
-
I edited my last instructions, as I'm limited on time tonight
Can you try my instructions with Knoppix, if it loads to desktop, it should be much easier to mount drives
Simply right click a drive and give it Read and Write access
-
I guess it will take little longer to download this file and as you are leaving for the day, why dont you just post next instructions such as what needs to be done to retrieve data after i can see the contents of D: with this knoppix one.
This will be really helpful if you can stay for few more minutes.
-
I'm leaning towards knoppix, as you have an older copy of Ubuntu
But try this
In Computer, right click on your drive and choose to UNMOUNT volume
When it's be unmounted, close Computer
Then open Terminal
Type the following in
sudo /bin/bash
Hit Enter
Then the following
sudo mount /dev/sda1 /media/disk -t ntfs -o nls=utf8,umask=0222
Hit Enter
close Terminal afterwards
Open Places>>Computer>>and try and open the drive
If that doesn't work, try the Knoppix route, you'll have it done a lot quicker than I can reply back
-
Also, do you think your Pictures are still on your D: drive?
I don't know why, but I thought you said Avg moved them to quarantine, funny it would move Pictures?
If there still on D:
If so, you can clean install XP to C:
Then access D:
Backup what you need, Format all disks and clean install once again to ensure that Virut infection is gone
-
I have unmounted the volume. By closing the computer, I hope you meant to restart the computer because i have done so.
One weird thing happens when i try to restart or shut down this ubuntu, it ejects the cd but does not close down. One brown screen is constantly visible not doing anything even if it is kept for 45-50 min just like it is frozen. When this happened yesterday i had to continuously hold the power button on my laptop to shut it down so that i can start it again. Do you understand the cause of this problem?
-
Computer was a location on Ubuntu, didn't mean for you to restart, didn't ask you to?
It ejects the cd but does not close down. One brown screen is constantly visible not doing anything even if it is kept for 45-50 min just like it is frozen
That's by design, they usually supply additional instructions
Take out the Cd from the tray, close the tray, Hit Enter on your keyboard
-
See the pictures on D: were stored in a folder and that folder is missing after AVG virus scan. So I think it has moved the entire folder to quarantine because i cant see that folder as my windows is not working as i mentioned earlier and i still have to try knoppix to find out whether that folder is still available in D:
For the option of backing up that folder, I have already it. After taking backing up when i tried to open it, that folder did not open at all same like it happened to me in ubuntu right now. I guess it was because of that virus. You know bcoz of this virus every single file and folder was showing as of 132 KB individually whereas D: drive properties showed around 35GB of data.
I am worried that installing fresh copy of windows may wipe out pictures in the quarantine folder, does it happen this way?
-
[quote name=\'guestolo\' post=\'463033\' date=\'May 25 2009, 10:54 AM\']But try this
In Computer, right click on your drive and choose to UNMOUNT volume
When it's be unmounted, close Computer
Then open Terminal
Type the following in
sudo /bin/bash
Hit Enter
Then the following
sudo mount /dev/sda1 /media/disk -t ntfs -o nls=utf8,umask=0222
Hit Enter
close Terminal afterwards
Open Places>>Computer>>and try and open the drive
If that doesn't work, try the Knoppix route, you'll have it done a lot quicker than I can reply back[/quote]
This trick did not work. After executing the second command, error stated drive could not be mounted and so the places->computer also showed unable to mount the selected drive.
Just to remind you I did this after restarting the computer.
-
I hope your download Knoppix as we speak
You could of had a good portion of it downloaded already
Did you do the following?
mkdir /media/disk
P.S. I'm off to bed
-
Hey sorry, couldnt reply yesterday.
Im ready with knoppix. I inserted the cd and it worked well. I can see the drives on desktop itself. I can even see the contents of these drives(folder containing those pictures). No problem of mounting and all exactly as you said but i cant access them. Tell me how to retrieve them..
-
[quote name=\'Arpan\' post=\'463060\' date=\'May 26 2009, 01:08 AM\']Hey sorry, couldnt reply yesterday.
Im ready with knoppix. I inserted the cd and it worked well. I can see the drives on desktop itself. I can even see the contents of these drives(folder containing those pictures). No problem of mounting and all exactly as you said but i cant access them. Tell me how to retrieve them..[/quote]
Not sure what you mean by you can't access them?
What errors are you getting, if any/
Where are the files located that you need to backup? What partition?
Right click on the drive and give Read and Write Access
-
When i double clicked on the sda5 icon on desktop, it displayed all the contents of then D: including folder containing those pictures. I didnt get any virus as such but i could not see contents of the folder containing pictures on the D: i.e. sda5. There are in all 3 partition.
The read and write permissions should be given to everyone or the owner only??
-
Close down ALL open Windows so your on the Desktop of Knoppix
RIGHT CLICK on the Drive your trying to access
Select "Change Read/Write mode"
You should get a prompt asking if your sure you want to change to this mode
Select YES
Not sure why you would get a prompt to Everyone or Owner, but if you do, choose Owner
See if that helps
-
I have taken back up of all imp data including those pictures. Thank you very very much for helping me retrieve those pictures.
Now, shall i format the whole hard drive and do a clean installation of win xp??
Is this enough or do i have to take any other measure before installing xp?
-
Before installing XP I formatted every drive. Copied back all the data from the desktop. Now i havent seen any virus through avast antivirus.
Shall I check with any other antivirus? What shall i do to cross check that my laptop is virus free and running healthy?
-
Make sure that you scan any removeable drives that you backed up to
Such as your Flash drives
Let me know the outcome, I take it you don't have a Hidden partition for a Recovery partition, is that correct?
Can you start a new topic and begin with a Hijackthis log for your laptop, let's make sure it's clean
-
[quote name=\'guestolo\' post=\'463159\' date=\'May 31 2009, 01:38 AM\']Make sure that you scan any removeable drives that you backed up to
Such as your Flash drives[/quote]
I have formatted that flash drive.
Let me know the outcome, I take it you don't have a Hidden partition for a Recovery partition, is that correct?
I did not understand this part.
Can you start a new topic and begin with a Hijackthis log for your laptop, let's make sure it's clean
I will wait for you to explain me the above part and then i will start new topic. is that okay?
-
This is getting way to confusing, I'm answering to 2 topics about the same thing i think?/?
Go back to the other topic and continue please
-
ok sir. I am sorry about this.