IE redirects and some programs won't run

Dell / Xps710
December 2, 2009 at 17:59:02
Specs: Windows XP Pro SP2
For about a week now, I've been attempting to eradicate viruses from my wife's computer. It started with an awful bout of the "Antivirus System Pro", which I eventually used Spyware Doctor to clean up. Malwarebytes didn't find it.

All was OK for a few days, but then my wife started complaining of internet redirects. 50% of the time, her searches or link jumps go to random web-sites and sometimes pop-up several IEs in different languages and other odd things.

Now when her computer starts, I need to go into Task Manager and kill several processes that are churning, taking up 100% of the system resources. They are "acstart16.exe", "acstart17.exe", and "hpqthb08.exe". I know one of those is for AutoCAD and another is something for our HP printers, but I don't know why they suddenly stopped loading.

On top of that, there are some programs that won't start. Word, IE, and several other "productivity" programs start just fine, but things like her Hallmark Card thing and Creative Memories don't start at all...they just suck up system resources and don't allow anything else to happen.

I have run Spyware Doctor several times, as well as Malwarebytes, both on "Full Scan" settings. I have (not by choice) rebuilt my Services and have gone through my Add/Remove Programs and tried to lean everything down and find the stupid bug.

I have also performed the "exe fix" to correct any problems with registry associations.

I just ran ComboFix and it has produced a log, which follows. During the scan, ComboFix indicated it had found a "rootkit" thing which required that it re-start my computer to continue the scan.

Obviously, I would much appreciate ANY thoughts.

Very sincerely,

Keith

ComboFix 09-12-02.05 - Carolyn 12/02/2009 20:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2813.2425 [GMT -5:00]
Running from: k:\prime design - koster\Downloads\Virus removal\Combofix\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Carolyn\Local Settings\Temporary Internet Files\plot.log
c:\windows\kb913800.exe
c:\windows\system32\bszip.dll
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-02 22:38 . 2009-12-02 22:38 -------- d-sh--w- c:\documents and settings\Carolyn\PrivacIE
2009-12-02 22:19 . 2009-12-02 22:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-02 22:14 . 2009-12-02 22:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-02 22:14 . 2009-12-02 22:14 -------- d-sh--w- c:\documents and settings\Carolyn\IETldCache
2009-12-02 22:10 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-02 22:10 . 2009-12-02 22:11 -------- d-----w- c:\windows\ie8updates
2009-12-02 22:10 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-02 22:10 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-02 22:09 . 2009-12-02 22:10 -------- dc-h--w- c:\windows\ie8
2009-12-02 02:10 . 2009-12-02 02:23 218 ----a-w- C:\stream.dat
2009-11-30 12:56 . 2009-11-30 12:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-11-26 00:12 . 2009-11-26 00:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-25 23:32 . 2009-11-25 23:32 -------- d-----w- c:\documents and settings\Carolyn\Local Settings\Application Data\Threat Expert
2009-11-25 23:07 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-25 23:06 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-25 23:06 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-25 23:06 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-25 23:06 . 2009-12-03 01:28 -------- d-----w- c:\program files\Spyware Doctor
2009-11-25 23:06 . 2009-11-25 23:19 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-25 23:06 . 2009-11-25 23:06 -------- d-----w- c:\documents and settings\Carolyn\Application Data\PC Tools
2009-11-25 23:06 . 2009-11-25 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-25 23:06 . 2009-12-03 01:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-25 23:06 . 2009-11-25 23:00 34131864 ----a-w- c:\temp\sdsetup.exe
2009-11-25 22:40 . 2009-11-25 22:40 4045528 ----a-w- c:\temp\mbam-setup.exe
2009-11-25 21:54 . 2009-11-25 21:54 2148 ----a-w- c:\temp\avscan.reg
2009-11-25 19:02 . 2009-11-25 21:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-25 18:32 . 2009-11-25 18:32 -------- d-----w- c:\documents and settings\Keith\Application Data\HotSync
2009-11-25 18:31 . 2009-11-25 18:31 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\Apple Computer
2009-11-25 17:45 . 2009-12-01 14:18 -------- d-----w- c:\documents and settings\Carolyn\Local Settings\Application Data\qqkfly
2009-11-24 00:37 . 2009-11-25 15:24 79488 ----a-w- c:\documents and settings\Carolyn\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 16:45 . 2009-11-12 16:45 1794456 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 23:32 . 2007-06-20 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-02 23:31 . 2007-01-20 14:29 189720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 23:00 . 2007-01-20 14:23 -------- d-----w- c:\program files\Google
2009-12-02 22:44 . 2007-10-15 20:50 -------- d-----w- c:\program files\Palm
2009-12-02 22:42 . 2007-01-27 05:04 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-02 22:41 . 2007-01-20 14:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-02 22:41 . 2007-11-14 14:05 -------- d-----w- c:\program files\Cosmi
2009-12-02 22:40 . 2008-01-22 02:53 -------- d-----w- c:\program files\Microsoft LifeCam
2009-12-02 22:37 . 2005-08-17 02:54 -------- d-----w- c:\program files\GemMaster
2009-12-02 22:36 . 2007-10-15 20:51 -------- d-----w- c:\program files\Common Files\DataViz
2009-12-02 17:49 . 2007-03-21 13:00 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-12-02 17:49 . 2007-03-29 13:43 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-12-02 17:07 . 2007-01-26 18:38 -------- d-----w- c:\program files\Land Desktop 2005
2009-11-29 18:04 . 2007-01-20 13:57 105344 ----a-w- c:\windows\system32\drivers\nvatabus.sys
2009-11-25 22:42 . 2009-08-10 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-13 18:15 . 2007-11-20 14:46 -------- d-----w- c:\documents and settings\Carolyn\Application Data\Move Networks
2009-11-12 16:45 . 2009-09-11 12:38 143976 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\uninstall.exe
2009-11-12 16:45 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-11-05 08:02 . 2009-10-09 19:11 369208 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-16 07:03 . 2007-01-31 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-10-06 07:01 . 2007-01-20 14:23 -------- d-----w- c:\program files\Microsoft Works
2009-09-11 14:03 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 12:38 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-11 12:38 . 2009-09-11 12:38 1686272 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-09-10 19:54 . 2009-08-10 14:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-08-10 14:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-08 7630848]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2004-11-24 172032]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"HPHUPD06"="c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2004-12-16 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-12-16 622592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-08-08 86016]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-03-02 18944]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-11-08 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2009-4-16 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\WINDOWS\\system32\\hphmon06.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/25/2009 6:06 PM 207792]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/25/2009 6:06 PM 359624]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
S4 gupdate1c9c82d3a73e5c9;Google Update Service (gupdate1c9c82d3a73e5c9);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2009 1:14 PM 133104]
S4 MSSQL$NR2005;MSSQL$NR2005;c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005 --> c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005 [?]
S4 SQLAgent$NR2005;SQLAgent$NR2005;c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE -i NR2005 --> c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE -i NR2005 [?]
S4 Symcd2ktwa;Symcd2ktwa; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 18:14]

2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 18:14]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-kudtnlmv - c:\documents and settings\Carolyn\Local Settings\Application Data\qqkfly\xujnsysguard.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-02 20:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x8B00F369]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ccfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9edb7b4
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Drive -> SendCompleteHandler -> NDIS.sys @ 0xb9da0ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9dadb21
SendHandler -> NDIS.sys @ 0xb9d8b87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\WININET.dll
.
Completion time: 2009-12-02 20:53
ComboFix-quarantined-files.txt 2009-12-03 01:52

Pre-Run: 191,058,956,288 bytes free
Post-Run: 193,084,473,344 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 9DB498106C4BCBA0D5A0885591004F1A


See More: IE redirects and some programs wont run

Report •


#1
December 2, 2009 at 18:17:06
Download Gmer.exe from the following link.

Link1

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

#2
December 2, 2009 at 20:26:27
THANK YOU!!!!!

Wow...that took a while and was just a little boring.

The Gmer log is as follows:

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-02 23:27:07
Windows 5.1.2600 Service Pack 2
Running: jrve5tu6.exe; Driver: C:\DOCUME~1\Carolyn\LOCALS~1\Temp\uwtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9E9AE52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E7BCDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E7BED0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9E9B640]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9E9B8F4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9E99B44]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9E9BD60]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9E9B112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9E7B984]

Code \??\C:\DOCUME~1\Carolyn\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8140360, 0x24517E, 0xE8000020]
? C:\DOCUME~1\Carolyn\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat 95E40C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


Report •

#3
December 2, 2009 at 21:22:10
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\temp\avscan.reg
Driver::
Symcd2ktwa
Folder::
c:\documents and settings\Carolyn\Local Settings\Application Data\qqkfly

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

Related Solutions

#4
December 2, 2009 at 22:18:16
Please find the new ComboFix log as follows:

ComboFix 09-12-02.05 - Carolyn 12/03/2009 0:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2813.2423 [GMT -5:00]
Running from: k:\prime design - koster\Downloads\Virus removal\Combofix\ComboFix.exe
Command switches used :: k:\prime design - koster\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FILE ::
"c:\temp\avscan.reg"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Carolyn\Local Settings\Application Data\qqkfly
c:\temp\avscan.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Symcd2ktwa


((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-02 22:38 . 2009-12-02 22:38 -------- d-sh--w- c:\documents and settings\Carolyn\PrivacIE
2009-12-02 22:19 . 2009-12-02 22:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-02 22:14 . 2009-12-02 22:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-02 22:14 . 2009-12-02 22:14 -------- d-sh--w- c:\documents and settings\Carolyn\IETldCache
2009-12-02 22:10 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-02 22:10 . 2009-12-02 22:11 -------- d-----w- c:\windows\ie8updates
2009-12-02 22:10 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-02 22:10 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-02 22:09 . 2009-12-02 22:10 -------- dc-h--w- c:\windows\ie8
2009-12-02 02:10 . 2009-12-02 02:23 218 ----a-w- C:\stream.dat
2009-11-30 12:56 . 2009-11-30 12:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-11-26 00:12 . 2009-11-26 00:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-25 23:32 . 2009-11-25 23:32 -------- d-----w- c:\documents and settings\Carolyn\Local Settings\Application Data\Threat Expert
2009-11-25 23:07 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-25 23:06 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-25 23:06 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-25 23:06 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-25 23:06 . 2009-12-03 05:37 -------- d-----w- c:\program files\Spyware Doctor
2009-11-25 23:06 . 2009-11-25 23:19 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-25 23:06 . 2009-11-25 23:06 -------- d-----w- c:\documents and settings\Carolyn\Application Data\PC Tools
2009-11-25 23:06 . 2009-11-25 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-25 23:06 . 2009-12-03 05:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-25 23:06 . 2009-11-25 23:00 34131864 ----a-w- c:\temp\sdsetup.exe
2009-11-25 22:40 . 2009-11-25 22:40 4045528 ----a-w- c:\temp\mbam-setup.exe
2009-11-25 19:02 . 2009-11-25 21:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-25 18:32 . 2009-11-25 18:32 -------- d-----w- c:\documents and settings\Keith\Application Data\HotSync
2009-11-25 18:31 . 2009-11-25 18:31 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\Apple Computer
2009-11-24 00:37 . 2009-11-25 15:24 79488 ----a-w- c:\documents and settings\Carolyn\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 16:45 . 2009-11-12 16:45 1794456 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 23:32 . 2007-06-20 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-02 23:31 . 2007-01-20 14:29 189720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 23:00 . 2007-01-20 14:23 -------- d-----w- c:\program files\Google
2009-12-02 22:44 . 2007-10-15 20:50 -------- d-----w- c:\program files\Palm
2009-12-02 22:42 . 2007-01-27 05:04 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-02 22:41 . 2007-01-20 14:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-02 22:41 . 2007-11-14 14:05 -------- d-----w- c:\program files\Cosmi
2009-12-02 22:40 . 2008-01-22 02:53 -------- d-----w- c:\program files\Microsoft LifeCam
2009-12-02 22:37 . 2005-08-17 02:54 -------- d-----w- c:\program files\GemMaster
2009-12-02 22:36 . 2007-10-15 20:51 -------- d-----w- c:\program files\Common Files\DataViz
2009-12-02 17:49 . 2007-03-21 13:00 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-12-02 17:49 . 2007-03-29 13:43 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-12-02 17:07 . 2007-01-26 18:38 -------- d-----w- c:\program files\Land Desktop 2005
2009-11-29 18:04 . 2007-01-20 13:57 105344 ----a-w- c:\windows\system32\drivers\nvatabus.sys
2009-11-25 22:42 . 2009-08-10 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-13 18:15 . 2007-11-20 14:46 -------- d-----w- c:\documents and settings\Carolyn\Application Data\Move Networks
2009-11-12 16:45 . 2009-09-11 12:38 143976 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\uninstall.exe
2009-11-12 16:45 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-11-05 08:02 . 2009-10-09 19:11 369208 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-16 07:03 . 2007-01-31 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-10-06 07:01 . 2007-01-20 14:23 -------- d-----w- c:\program files\Microsoft Works
2009-09-11 14:03 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 12:38 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-11 12:38 . 2009-09-11 12:38 1686272 ----a-w- c:\documents and settings\Carolyn\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-09-10 19:54 . 2009-08-10 14:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-08-10 14:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-03_01.49.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-26 05:28 . 2009-12-03 06:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-01-26 05:28 . 2009-12-03 01:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-01-26 05:28 . 2009-12-03 06:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-01-26 05:28 . 2009-12-03 01:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-02 22:19 . 2009-12-03 01:35 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-12-02 22:19 . 2009-12-03 06:01 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2007-01-26 05:28 . 2009-12-03 06:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-01-26 05:28 . 2009-12-03 01:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-08 7630848]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2004-11-24 172032]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"HPHUPD06"="c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2004-12-16 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-12-16 622592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-08-08 86016]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-03-02 18944]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-11-08 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2009-4-16 237568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\WINDOWS\\system32\\hphmon06.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/25/2009 6:06 PM 207792]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/25/2009 6:06 PM 359624]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
S4 gupdate1c9c82d3a73e5c9;Google Update Service (gupdate1c9c82d3a73e5c9);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2009 1:14 PM 133104]
S4 MSSQL$NR2005;MSSQL$NR2005;c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005 --> c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005 [?]
S4 SQLAgent$NR2005;SQLAgent$NR2005;c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE -i NR2005 --> c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE -i NR2005 [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 18:14]

2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 18:14]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 01:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x8AFB9369]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ccfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9edb7b4
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Drive -> SendCompleteHandler -> NDIS.sys @ 0xb9da0ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9dadb21
SendHandler -> NDIS.sys @ 0xb9d8b87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(584)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\dllhost.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\eHome\ehmsas.exe
c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2009-12-03 01:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-03 06:18
ComboFix2.txt 2009-12-03 01:53

Pre-Run: 193,110,462,464 bytes free
Post-Run: 192,917,426,176 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 1BA0AFF82512EF591AEF840B06A3C5FE


Report •

#5
December 2, 2009 at 23:04:59
Are you still being redirected, having pop-ups or other problems?.

Delete Gmer from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


Report •

#6
December 3, 2009 at 04:55:44
Nothing has changed. Still being redirected to different web sites during Google searches. Sometimes redirects to different page than home page upon open.

"Startup" programs that used to load without a problem still don't load and hang up system on startup. I need to go into Task Manager and kill the same three tasks (discussed in original post) before the computer is useable.

Still can only run a few programs, but 50% of the programs won't start...only churn.

Where do you think I should go from here?


Report •

#7
December 3, 2009 at 04:56:53
I did not remove ComboFix or run ATF Cleaner. Was waiting for direction.

Report •

#8
December 3, 2009 at 11:29:33
We are backing up since we started with a lot less info that normal to better help find the bad files.

Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

You may need to download the to a usb drive or cd and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.

Rkill

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.

If nothing happens or if the tool does not run, please let me know in your next reply.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Download Registry Search and doubleclick to start it. Enter kudtnlmv in the top edit box and click "Ok". Notepad will be opened with text in it (the file will be saved in the program's folder as well). Post this text.


Report •

#9
December 3, 2009 at 20:40:24
I've decided to 'do over'. Currently reformatting main drive and re-installing XP. Have W7 Pro once I get the system stable.

Thank you everyone for your help. I'll have 10 hours into rebuilding the system and will have a "new" computer. I could have been 20 hours into this process and my wife never be confortable that everything was fixed.

Thank you so much for your assistance. You guys rock. This infection was just too deep for me.


Report •


Ask Question