Author Topic: Virus: Need Help (Read 1954 times)

guestolo · « **Reply #20 on:** March 04, 2009, 12:18:47 PM »

Can you do the following please
Download Security Check by screen317 from here or here and save it to your Desktop.

Unzip SecurityCheck.zip and a folder named Security Check should appear.
Open the Security Check folder and double-click Security Check.bat
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

jujuhound · « **Reply #21 on:** March 04, 2009, 06:14:10 PM »

Results of screen317's Security Check version 0.97.9
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Enabled!
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus SYMLT MSI
Norton AntiVirus Parent MSI
Norton Protection Center
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
AOL Spyware Protection
Spy Sweeper
Malwarebytes' Anti-Malware
HijackThis 2.0.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Norton AntiVirus Engine 16.2.0.7 ccSvcHst.exe
Norton AntiVirus Engine 16.2.0.7 ccSvcHst.exe
Norton AntiVirus Engine 16.2.0.7 ccSvcHst.exe
Norton AntiVirus Engine 16.2.0.7 ccSvcHst.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)

Scan took 32 seconds.
`````````End of Log```````````

guestolo · « **Reply #22 on:** March 05, 2009, 01:19:11 PM »

Can you try a couple more steps for me please
==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat

Save this file on the desktop

Code: [Select]

regedit /e export.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem"
export.txt

Double click on export.bat
A text file should open, copy/paste back here the contents please

In addition:
Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.

jujuhound · « **Reply #23 on:** March 05, 2009, 03:49:24 PM »

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisable8dot3NameCreation"=dword:00000000
"Win31FileSystem"=dword:00000000
"Win95TruncatedExtensions"=dword:00000001

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-05 15:48:32
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT 8AA788A8 ZwAlertResumeThread
SSDT 8AA0E2D8 ZwAlertThread
SSDT 894FD540 ZwAllocateVirtualMemory
SSDT 8AA66B58 ZwAssignProcessToJobObject
SSDT 8A9CC480 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA2C0F020]
SSDT 89612D00 ZwCreateMutant
SSDT 8AD19188 ZwCreateProcess
SSDT 8AD82020 ZwCreateProcessEx
SSDT 896A9B38 ZwCreateSymbolicLinkObject
SSDT 896CDD68 ZwCreateThread
SSDT 8AA78C50 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA2C0F2A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA2C0F800]
SSDT 894FD7D8 ZwDuplicateObject
SSDT 8973AC78 ZwFreeVirtualMemory
SSDT 8AA127D0 ZwImpersonateAnonymousToken
SSDT 8AA6C928 ZwImpersonateThread
SSDT 8ABF93A0 ZwLoadDriver
SSDT 89541FB0 ZwMapViewOfSection
SSDT 8AA32D88 ZwOpenEvent
SSDT 894FDAF8 ZwOpenProcess
SSDT 8AA76608 ZwOpenProcessToken
SSDT 8AD210A8 ZwOpenSection
SSDT 894FD968 ZwOpenThread
SSDT 8950A5F0 ZwProtectVirtualMemory
SSDT 8AD82BE8 ZwQueueApcThread
SSDT 8AD82A80 ZwReadVirtualMemory
SSDT 8AD19368 ZwRenameKey
SSDT 8A428438 ZwResumeThread
SSDT 8AA8A4A8 ZwSetContextThread
SSDT 8AD192F0 ZwSetInformationKey
SSDT 8973A818 ZwSetInformationProcess
SSDT 8AD82D50 ZwSetInformationThread
SSDT 8AA794A8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA2C0FA50]
SSDT 8AA23960 ZwSuspendProcess
SSDT 8AA2C868 ZwSuspendThread
SSDT 8AA1A630 ZwTerminateProcess
SSDT 8AA27280 ZwTerminateThread
SSDT 8AA30880 ZwUnmapViewOfSection
SSDT 894FD070 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3228] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ FF, FB, C3, 83 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] kernel32.dll!VirtualProtect + 1C 7C801AEC 7 Bytes JMP 030A0034
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 030A00B8
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] ole32.dll!CoGetClassObject 775178FE 5 Bytes JMP 030A013F

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8AD82910
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8AD82A08
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8AD82A08
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8AD82910
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8AD82910
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8AD82A08
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8AD82A08
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8AD82910
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8AD82A08
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8AD82910
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8AD82A08
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8AD82910
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8AD82A08
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8AD82A08
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8AD82910

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AD7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[780] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00AD7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs FdRedir.sys (File Disk Redirector/UPEK Inc.)

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \Driver\Tcpip \Device\Ip 8A9D2B18
Device \Driver\Tcpip \Device\Ip 8A8B6118
Device \Driver\Tcpip \Device\Ip 8A42CA08
Device \Driver\Tcpip \Device\Ip 89854228
Device \Driver\Tcpip \Device\Ip 8A2FB318
Device \Driver\Tcpip \Device\Ip 8AC282C8
Device \Driver\Tcpip \Device\Ip 8AA214C0
Device \Driver\Tcpip \Device\Ip 89766438
Device \Driver\Tcpip \Device\Ip 8AD8D170

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp 8A9D2B18
Device \Driver\Tcpip \Device\Tcp 8A8B6118
Device \Driver\Tcpip \Device\Tcp 8A42CA08
Device \Driver\Tcpip \Device\Tcp 89854228
Device \Driver\Tcpip \Device\Tcp 8A2FB318
Device \Driver\Tcpip \Device\Tcp 8AC282C8
Device \Driver\Tcpip \Device\Tcp 8AA214C0
Device \Driver\Tcpip \Device\Tcp 89766438
Device \Driver\Tcpip \Device\Tcp 8AD8D170

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp 8A9D2B18
Device \Driver\Tcpip \Device\Udp 8A8B6118
Device \Driver\Tcpip \Device\Udp 8A42CA08
Device \Driver\Tcpip \Device\Udp 89854228
Device \Driver\Tcpip \Device\Udp 8A2FB318
Device \Driver\Tcpip \Device\Udp 8AC282C8
Device \Driver\Tcpip \Device\Udp 8AA214C0
Device \Driver\Tcpip \Device\Udp 89766438
Device \Driver\Tcpip \Device\Udp 8AD8D170

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp 8A9D2B18
Device \Driver\Tcpip \Device\RawIp 8A8B6118
Device \Driver\Tcpip \Device\RawIp 8A42CA08
Device \Driver\Tcpip \Device\RawIp 89854228
Device \Driver\Tcpip \Device\RawIp 8A2FB318
Device \Driver\Tcpip \Device\RawIp 8AC282C8
Device \Driver\Tcpip \Device\RawIp 8AA214C0
Device \Driver\Tcpip \Device\RawIp 89766438
Device \Driver\Tcpip \Device\RawIp 8AD8D170

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST 8A9D2B18
Device \Driver\Tcpip \Device\IPMULTICAST 8A8B6118
Device \Driver\Tcpip \Device\IPMULTICAST 8A42CA08
Device \Driver\Tcpip \Device\IPMULTICAST 89854228
Device \Driver\Tcpip \Device\IPMULTICAST 8A2FB318
Device \Driver\Tcpip \Device\IPMULTICAST 8AC282C8
Device \Driver\Tcpip \Device\IPMULTICAST 8AA214C0
Device \Driver\Tcpip \Device\IPMULTICAST 89766438
Device \Driver\Tcpip \Device\IPMULTICAST 8AD8D170
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.14 ----

guestolo · « **Reply #24 on:** March 05, 2009, 04:15:34 PM »

Do you have any other users profiles on this computer with Administrator privileges?

jujuhound · « **Reply #25 on:** March 05, 2009, 05:00:06 PM »

No. There is only one user account. However, when I start up in safemode it gives me the option to log in as Administrator in addition to my user account.

guestolo · « **Reply #26 on:** March 05, 2009, 05:25:01 PM »

I'm wondering if your Profile is corrupt
You might want to try creating a new profile, under User Accounts in Control Panel
Give it Administrative privileges
Log out of this account, then log into the new account

Try redownloading either Newest Adobe reader and/or Sun Java from the new account and see if they will install
If they will, we can take steps to transfer everything to that new account

jujuhound · « **Reply #27 on:** March 05, 2009, 07:06:34 PM »

Installation was successful with a new user account

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

guestolo · « **Reply #28 on:** March 05, 2009, 07:18:25 PM »

Let's transfer some files/folders to the new profile
Go to the following link

http://support.microsoft.com/kb/811151
We've already made a new profile, scroll down to
Copy files to the new user profile
I would print out those instructions, so you can follow along easy

In step 1. where it mentions
Log on as a user other than the user whose profile you are copying files to or from.

You might want to do this in Safe mode with the hidden Administrator account
This way you can guarantee your logged off the New user profile and the Corrupt one

Let me know how it goes

NOTE: Take special attention to follow this part closely
Press and hold down the CTRL key while you click each file and subfolder in this folder, except the following files:

* Ntuser.dat
* Ntuser.dat.log
* Ntuser.ini
Remember DO NOT copy thoses files over to the new user

jujuhound · « **Reply #29 on:** March 06, 2009, 06:06:44 PM »

Transfer was successful. Once I went to install the transfered files, it informed me that Java and Adobe Reader had already been installed, so the installation on the new user account must have applied to all users.

Everything seems to be running fine now. If you need me to run and post anything, please let me know. I really do appreciate the time you have taken to assist me, and I plan to make a donation as soon as payday hits.

thanks again!

guestolo · « **Reply #30 on:** March 07, 2009, 01:53:11 AM »

So what User profile you going to keep?
Just curious, If you want to keep the original
Reboot in safe mode with the Admin account and remove the new one you
made

If not, time to move email, bookmarks, etc...
What you going to do? Call me curious

jujuhound · « **Reply #31 on:** March 09, 2009, 03:27:57 PM »

I am going to keep the new account. I've transfered the data between the two, but have yet to delete the old account. I also am going to install SP3 through updates. It recommends a data backup--so I am going to use the Windows Backup Utility for that.

guestolo · « **Reply #32 on:** March 10, 2009, 09:18:41 AM »

I normally just manually backup important Files/folders to an external harddrive or CD/DVD
But it's your option

Once you have your email setup and bookmarks are all in order
And new profile running the way you want
I suggest that you reboot back to Safe mode and sign into hidden Admin account to remove the corrupt User profile

But before you remove the corrupt profile
Can you come back here and we'll just do a bit of cleanup with the tools that we used

jujuhound · « **Reply #33 on:** March 10, 2009, 11:30:47 AM »

No problem, I'll let you know when I have deleted the user profile. Question? What do you mean by backing up email files. I use yahoo, so my email does not seem to be user account specific. Curious as to what email options one might have that would entail a transfer with a new user account---

guestolo · « **Reply #34 on:** March 10, 2009, 11:57:31 AM »

Quote

I'll let you know when I have deleted the user profile

That's not what I asked, let me know just BEFORE you delete the corrupt profile

Quote

What do you mean by backing up email files. I use yahoo, so my email does not seem to be user account specific. Curious as to what email options one might have that would entail a transfer with a new user account---

Sorry, many users use an email client such as Outlook Express, they like to transfer their email too
If you are only using Online based email, don't worry about it

jujuhound · « **Reply #35 on:** March 16, 2009, 03:54:42 PM »

I'm now ready to do some cleanup before we delete the corrupt profile

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #36 on:** March 21, 2009, 08:56:39 PM »

Sorry for the delay
Log into your corrupt profile

Go to START>>RUN>>
copy and paste the following

[color=\"#FF0000\"]combofix /u[/color]
and press enter
This will uninstall ComboFix and it's components

Log off your corrupt user account
Or better yet, reboot into Safe mode and log into the hidden Adminstrator account

Delete the corrupt profile, you shouldn't need to keep anything from that profile, so just Delete files at the prompt
Afterwards, Reboot and log into your new user account

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool
At the link you can read more about it then continue with
Free Download on the right>>Continue Download at next page
Basically it

Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

TheTechGuide Forum

News:

Author Topic: Virus: Need Help (Read 1954 times)

guestolo

Virus: Need Help

jujuhound

Virus: Need Help

guestolo

Virus: Need Help

jujuhound

Virus: Need Help

guestolo

Virus: Need Help

jujuhound

Virus: Need Help

guestolo

Virus: Need Help

jujuhound

Virus: Need Help

guestolo

Virus: Need Help

jujuhound

Virus: Need Help

guestolo

Virus: Need Help

jujuhound

Virus: Need Help

guestolo

Virus: Need Help

jujuhound

Virus: Need Help

guestolo

Virus: Need Help

jujuhound

Virus: Need Help

guestolo

Virus: Need Help