Author Topic: virus won't let me access my computer! (Read 15077 times)

Altezza · « **on:** May 05, 2009, 08:08:01 AM »

hi there,

I've got a teeny bit of an emergency here...and I feel ill about it...

Compaq Presario 2500, using Windows XP, Professional, Version 2002, SP2. Intel (R) Celeron(R) CPU 2.60GHz, 2.59 GHz 448 MB of RAM. The router is a "Netgear" system (Rangemax Wireless -N Notebook Adapter).

Anyway, this morning I went to turn on the computer and the Avira Antivirus that I have, alerted me to the fact that some virus was attempting to do something evil. I've had this alert before for other viruses, so I wasn't terribly concerned. I just chose the option "send to quarantine," and thought that would be the end of it. Well, it was the end of my computer! I can log onto Windows, my wallpaper comes up...and then that's it, nothing else. No icons, no bar at the bottom, no nothing!! I can still get Task Manager to come up, but nothing else.

I tried rebooting in Safe Mode, both under Admin and under my user profile...same thing happens. I can log in...then I just get a blank screen....

Please, please, please....if anyone can help me.... $:-\$

harry 48 · « **Reply #1 on:** May 05, 2009, 08:23:55 AM »

http://www.computerhope.com/forum/index.php/topic,46313.0.html

go to above and post 3 logs an expert will see tham , harry

Altezza · « **Reply #2 on:** May 05, 2009, 08:35:26 AM »

I'm sorry Harry, but I can't run any scans...I can't do much of anything. I can't get the bar at the bottom, I can't see my icons...

The only thing I can do right now is cry a lot, and eat chocolate....which of course doesn't help my computer...but I really don't know what else to do...

harry 48 · « **Reply #3 on:** May 05, 2009, 08:39:01 AM »

have you tried a system resotre

Altezza · « **Reply #4 on:** May 05, 2009, 08:40:24 AM »

No....how would I go about doing that?

Archer · « **Reply #5 on:** May 05, 2009, 08:48:42 AM »

Can You boot in command prompt?
If so, try to do the system restore with help of this link: http://support.microsoft.com/kb/304449

harry 48 · « **Reply #6 on:** May 05, 2009, 08:53:15 AM »

click start

go to programes

go to accessories

go to system tools

go to system restore and click

use the calender to go back to before you think it happened and click next and follow through , this might be easier , harry

Archer · « **Reply #7 on:** May 05, 2009, 08:56:22 AM »

Harry, it seems like You do not read the question.

There're no 'Start', 'Programs' etc available.

Altezza · « **Reply #8 on:** May 05, 2009, 09:03:35 AM »

Yes, sorry Harry... perhaps I didn't explain well enough. I cannot click Start, nor can I access any programs.

Archer, thank you for your advice as well. And I apologize for being an idiot here...but what do you mean "boot in command prompt?" Like Safe-Mode?

Archer · « **Reply #9 on:** May 05, 2009, 09:05:06 AM »

Yes, select the 'Safe mode with command prompt' option.

Altezza · « **Reply #10 on:** May 05, 2009, 09:39:52 AM »

Well....something happened....I'm not sure what it means tho....

I booted up in Safe Mode with Command Prompt.

Now a little window popped up entitled cmd.exe

There is a blinking cursor, inviting me to do something. Before it there is the command C:\Documents and Settings\user>

.....please tell me this is a good thing.....? $:-\$

thnx

Archer · « **Reply #11 on:** May 05, 2009, 09:54:02 AM »

Follow the link: http://support.microsoft.com/kb/304449. It should help You to do the System restore.

Altezza · « **Reply #12 on:** May 05, 2009, 10:07:29 AM »

*sigh*.....

I did as you suggested, and I got another little pop up window that said that System Restore was not on, and that I have to sign in under Normal Mode, turn it on and then try again.....which as you know, I cannot do.....

I think I'm getting an ulcer.....

atittaya23 · « **Reply #13 on:** May 05, 2009, 10:36:02 AM »

Since I don't ask you to delete anything, I hope this is ok with the forum moderator.

If you can get Task Manager, click on the Applications Tab, click New Task and type explorer.exe. With any luck, your desktop will start. And you can follow the step at http://www.computerhope.com/forum/index.php/topic,46313.0.html and post all the require logs and wait the Malware Removal Specialist to help you.

If you still can't get your desktop back then I think your explorer.exe is corrupted. But please, wait for the forum's trust helpers to come in and give you further advice.

Altezza · « **Reply #14 on:** May 05, 2009, 10:40:09 AM »

Thanks atittaya23...I will wait for a mod to confirm your advice. Or at least I'll TRY to wait!

I'm so frantic right now...I so need this computer to function...it's my only source of minimal income right now, and without it, I'm just totally frakked...

Thank you again. And anyone else that can confirm at's suggestion, please feel free to chime in...

atittaya23 · « **Reply #15 on:** May 05, 2009, 10:50:53 AM »

I thought about sending a pm to the mod before I posted my last post but, unfortunately, all the staff are all appeared to be off-line. So, just hold on a little bit longer and someone will be here very soon.

Altezza · « **Reply #16 on:** May 05, 2009, 11:13:24 AM »

Thanks....you're very helpful.

Perhaps I'll take this time to go get some lunch...all this stress is making me hungry.

ty again....

harry 48 · « **Reply #17 on:** May 05, 2009, 12:22:03 PM »

its me again , what happens if you right click an empty screen

Altezza · « **Reply #18 on:** May 05, 2009, 12:32:26 PM »

hi harry

hold please....going to give that a try.......

....................................... ..........................

thank you for waiting....the results are nothing happens. I tried in Safe Mode for Admin, under my user profile, and in Normal Mode...nothing. Not even an hour glass...

*sigh*

How do you feel about atittaya23's suggestion? Shall I give it a try?

evilfantasy · « **Reply #19 on:** May 05, 2009, 12:36:26 PM »

Try this.

Also do you have another computer to burn a disk with?

Quote from: atittaya23 on May 05, 2009, 10:36:02 AM

If you can get Task Manager, click on the Applications Tab, click New Task and type explorer.exe. With any luck, your desktop will start. And you can follow the step at http://www.computerhope.com/forum/index.php/topic,46313.0.html and post all the require logs and wait the Malware Removal Specialist to help you.

If you still can't get your desktop back then I think your explorer.exe is corrupted. But please, wait for the forum's trust helpers to come in and give you further advice.

harry 48 · « **Reply #20 on:** May 05, 2009, 12:49:36 PM »

Altezza , your with a top man now he will sort you out , harry

Altezza · « **Reply #21 on:** May 05, 2009, 12:56:33 PM »

Thanks harry and atittaya23...you've both been so helpful!

And thanks evilfantasy for jumping in...

I will try as suggested, thnx. As for burning a disc...at this very moment I do not. Within a couple of hours that should be a possibility however. Is there anything I can do to prepare? What will I need to burn?

millions of thanks again to all...

Altezza · « **Reply #22 on:** May 05, 2009, 01:14:35 PM »

oh frak!

i tried it, and then i got a pop up window saying that it is "impossible to find the file 'explorer.exe' Make sure the pathway (?) and file name are correct and retry." (sorry if these are not the precise words...I'm working on an Italian version of Windows, and translating as we go along....)

before I decide whether to shoot or hang myself....is there any hope for my poor laptop??

(and for those that take things literally...no, I am not seriously considering suicide...it's just that I am theatrical by nature, and rather upset about losing not only my JOB because it's now looking as tho my project will NOT be done, but also losing all my writing and photos that are locked inside that computer...*sigh*)

thx

Altezza · « **Reply #23 on:** May 05, 2009, 01:54:54 PM »

my apologies for the emotional response earlier. i think the barometric pressure is weighing heavy on my mood today...

anyway, burning a disc? what did you have in mind evilfantasy?

atittaya23 · « **Reply #24 on:** May 05, 2009, 02:28:22 PM »

Do you still have your Windows XP CD around? If not, then you'll need some disc to burn.

Altezza · « **Reply #25 on:** May 05, 2009, 02:58:26 PM »

No...I don't have my windows CD. I was very stupid when I bought this computer, I bought it used. It was my first computer, and it never even occured to me to ask for the Windows CD.

Come to think of it though...it did come with some other CDs...I just moved from Italy to the United States, and my things are a bit of a mess. I may need a while to locate those discs...but I'll let you know what they are ASAP.

ty

Altezza · « **Reply #26 on:** May 05, 2009, 03:11:04 PM »

Ok....I found that I have a "Documentation Library" disc, and three quick restore system recovery cds. they are for SP1 however.

are these useful?

evilfantasy · « **Reply #27 on:** May 05, 2009, 04:03:35 PM »

You can try the restore CD's but I doubt they will work.

You will need to burn this to a disk and use it. All of the instructions are included.

Avira AntiVir Rescue System

* Download the Avira AntiVir Rescue System
* Place a blank CD in your burner and double-click on the downloaded file.
* The program will automatically burn the CD for you.
* Place the burned CD into the affected computer and start the computer with the CD in the CD tray.
* On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
* Click on the Configuration button.

- Select Scan all files
- Select Try to repair infected files and Rename files, if they cannot be removed
- Select Scan for dialers
- Select Scan for joke programs (Jokes)
- Select Scan for games
- Select Scan for spyware (SPR)

* Click on Virus scanner
* Click on Start scanner at the bottom of the screen

Let us know how it goes.

Altezza · « **Reply #28 on:** May 05, 2009, 05:03:35 PM »

Thanks...I'll give it a shot, and let you know the outcome.

In the meantime, I forgot that I did run a SAS scan and a HijackThis scan the other day and posted it here on CH as my computer was acting strangely. No one got around to looking at it yet...but does anything look amiss here to you?

SAS scan log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/02/2009 at 09:38 PM

Application Version : 4.0.1154

Core Rules Database Version : 3875
Trace Rules Database Version: 1823

Scan type : Complete Scan
Total Scan Time : 01:54:48

Memory items scanned : 371
Memory threats detected : 0
Registry items scanned : 5618
Registry threats detected : 1
File items scanned : 25311
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@ez-tracks[2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@revsci[2].txt
C:\Documents and Settings\user\Cookies\user@media6degrees[1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@bravenet[1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt

Trojan.SVCHost/Fake
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe#Debugger [ "c:\windows\system32\uiakbacq.old" ]

Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.01.32, on 03/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4524 bytes

evilfantasy · « **Reply #29 on:** May 05, 2009, 05:12:54 PM »

That version of SUPERAntiSpyware is out of date. Can you update and run it again?

Altezza · « **Reply #30 on:** May 05, 2009, 05:26:12 PM »

nope, sorry....just tried. i can't get online....it says my router card is not plugged in...which it is...

what a mess...sorry.

Note: In Safe Mode, using Task Manager, I was able to find out the name of the bug that did this to me. Opening Avira thru the Task Manager, I saw this:

"Virus or unwanted program 'TR/Crypt.FKM.Gen[trojan]'
detected in file 'C:\\WINDOWS\system32\uiakbacq.old.
Action performed: Move file to quarantine"

thnx

Altezza · « **Reply #31 on:** May 05, 2009, 07:37:26 PM »

Tried the Avira Rescue System. However, CD did not work in affected computer. Booted with CD in, and the entire system froze. Could not even log into Windows. When CD drive was opened, the computer started again, I was able to log onto Windows as before, but nothing had changed, still no desktop.

I have written Avira to see if there is a way to use the Rescue System with a flashdrive instead of a CD. I am awaiting their response.

As always, any suggestions you might have are welcome.

thnx

evilfantasy · « **Reply #32 on:** May 05, 2009, 08:03:47 PM »

You might be able to use it from a flash drive but since you are not able to use the computer...... it probably won't work. Plus if it won't boot from the CD then I'm sure it wouldn't boot from a Flash Drive either.

Since you can open Avira through Task manager can you also run it?

I'm wondering if this is even a virus to blame.

Altezza · « **Reply #33 on:** May 06, 2009, 03:10:20 PM »

Hello again.

I finally heard from Avira, and they just gave me the instructions on how to burn their disc. Not the info I needed...giving up on that, as you suggested it wouldn't work anyway.

However, digging around in Task Manager today I discovered how to access nearly all my files, and even get online. That done, I got the updated SAS as you suggested and ran another scan. I ran another HijackThis scan afterwards as well. Here are the logs for the new scans:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/06/2009 at 01:29 PM

Application Version : 4.26.1002

Core Rules Database Version : 3879
Trace Rules Database Version: 1827

Scan type : Complete Scan
Total Scan Time : 03:06:38

Memory items scanned : 365
Memory threats detected : 0
Registry items scanned : 5744
Registry threats detected : 1
File items scanned : 53283
File threats detected : 5

Adware.Tracking Cookie
   C:\Documents and Settings\user\Cookies\user@roiservice[1].txt
   C:\Documents and Settings\user\Cookies\user@revsci[1].txt
   C:\Documents and Settings\user\Cookies\user@kontera[2].txt
   C:\Documents and Settings\user\Cookies\[email protected][1].txt
   C:\Documents and Settings\user\Cookies\user@euroclick[2].txt

Trojan.SVCHost/Fake
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe#Debugger [ "c:\windows\system32\uiakbacq.old" ]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.39.47, on 06/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4562 bytes

thx...any of your thoughts are welcome at this point

evilfantasy · « **Reply #34 on:** May 06, 2009, 03:22:28 PM »

How is the computer running now?

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Altezza · « **Reply #35 on:** May 15, 2009, 02:39:29 PM »

Hi

My apologies for the delay in getting back to you. After all this...I believe your thought on this not being a virus was correct. After looking around on the internet, I saw other people had the same kind of problem as I have, after deleting AdAware, which is something I did. I didn't mention it before, because I completely forgot actually.

At any rate, I have surrendered. My computer has had nothing but problems since the day I bought it. It was used, cheap, and as I was to assume with time, most likely stolen. The copy of Windows was not registered, so I could never get help from MS, couldn't download things I needed and so on.

So, the time has come. I'm just wiping the thing clean, and starting over with a new install of Windows. That should just about take care of everything I hope.

Thank you so much to everyone that helped me through this. I truly appreciate CH being here...you guys have been a great help to me time and again. As well as being teachers! If any good has come from two years of dinkin' around with this laptop from *censored*...I certainly have learned A LOT!!! Actually, I'm looking into some IT classes now...I actually love learning all this stuff!

thanks again to all

evilfantasy · « **Reply #36 on:** May 15, 2009, 02:40:40 PM »

Thanks for letting me know.

Computer Hope Forum

News:

Author Topic: virus won't let me access my computer! (Read 15077 times)

Altezza

harry 48

Altezza

harry 48

Altezza

Archer

harry 48

Archer

Altezza

Archer

Altezza

Archer

Altezza

atittaya23

Altezza

atittaya23

Altezza

harry 48

Altezza

evilfantasy

harry 48

Altezza

Altezza

Altezza

atittaya23

Altezza

Altezza

evilfantasy

Altezza

evilfantasy

Altezza

Altezza

evilfantasy

Altezza

evilfantasy

Altezza

evilfantasy