Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Computer Screwed Up by Redirect Virus
   
BullGuard Antivirus Forum > Virus > Virus Questions > Computer Screwed Up by Redirect Virus  
Forum Quick Jump
 
New Topic Post reply to : Computer Screwed Up by Redirect Virus Printable version of : Computer Screwed Up by Redirect Virus
[ << Previous Thread | Next Thread >> ]

Krilb
New Member


Date Joined Nov 2009
Total Posts : 5
  		   Posted 11-2-2009 1:07 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
I think I have a Redirect virus. My Bit Defender has been disabled and I can't enable it. My IE won't work, nor will System Restore and many Control Panel items in my XP Pro SPII. rundll32.exe is missing.

When I try to update Malwarebytes Anti - Malaware, Ad aware and Spybot in Firefox the link doesn't work. When running these Appz I get a BSOD after a few minutes with the error message 0X0000008E.

When I do a Google search for virus and trojan issues I get redirected to other sites rather than the one listed. Same happens when I try to access some of my bookmarked sites.

I was thinking of trying ComboFix but would appreciate advice before doing so.
-------------------------------------------------------------------------------------------------------------------------------------
I attach my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 09:39:42, on 31/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Fix-It\mxtask.exe
C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\Fix-It\mxtask.exe
C:\Program Files\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tony Wells\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\XYplorer\XYplorer.exe
C:\Documents and Settings\Tony Wells\My Documents\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss. exe,
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WRShell.BHO - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files\Web Research\WRShell.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NewzCrawlerRSSAutodiscovery2 Object - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - C:\PROGRA~1\NEWZCR~1\NCRSSA~1.DLL
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MSOFFI~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {C99EC891-4A46-4C9C-AB54-397B2BD492BA} - (no file)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Web Research Toolbar - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files\Web Research\WRShell.dll
O3 - Toolbar: Web Research Editing Bar - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files\Web Research\WRShell.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\DownloadStudio\WebDLBar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Desktop Search CE - {435FAE9B-81A9-49D8-A0B1-A85ED3121976} - C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchBand300000061.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tony Wells\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [Windows Thumbnails] C:\WINDOWS\system32\winthumb.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\MS Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MSOFFI~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: New &NetMark - C:\Program Files\NetMarks Manager\OpenNM.htm
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\Omnipage 15\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe in NewzCrawler - file://C:\Program Files\NewzCrawler\context.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\DownloadStudio\ds_rss.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: Web Research: Save Link Address As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#110
O8 - Extra context menu item: Web Research: Save Page Area (Frame) - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#102
O8 - Extra context menu item: Web Research: Save Page Area (Frame) As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#106
O8 - Extra context menu item: Web Research: Save Picture - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#101
O8 - Extra context menu item: Web Research: Save Picture As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#108
O8 - Extra context menu item: Web Research: Save Selected Targets As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#111
O8 - Extra context menu item: Web Research: Save Selection - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#104
O8 - Extra context menu item: Web Research: Save Selection As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#109
O8 - Extra context menu item: Web Research: Save Target - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#103
O8 - Extra context menu item: Web Research: Save Target As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#107
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: NetMarks Manager - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: New &NetMark - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\DownloadStudio\DownloadStudio.exe
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: TweakIE 3.0 - {79F436C2-3CA2-45A4-A52E-694B23DFFA88} - C:\Program Files\TweakIE 3.0\TweakIE.exe
O9 - Extra 'Tools' menuitem: TweakIE 3.0 - {79F436C2-3CA2-45A4-A52E-694B23DFFA88} - C:\Program Files\TweakIE 3.0\TweakIE.exe
O9 - Extra button: DownloadStudio - {7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - C:\Program Files\DownloadStudio\WebDLBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MSOFFI~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {A02676A0-9F00-11D6-8FE3-0040D005E5DC} - C:\Program Files\BookmarkManagerPro\Bmp.exe
O9 - Extra 'Tools' menuitem: Bookmark Manager Pro - {A02676A0-9F00-11D6-8FE3-0040D005E5DC} - C:\Program Files\BookmarkManagerPro\Bmp.exe
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra button: Bmp - {D1C84700-E074-11D6-8FE4-0040D005E5DC} - C:\Program Files\BookmarkManagerPro\Bmp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe...nttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1232083179109
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MSOFFI~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdnet.dll
O20 - Winlogon Notify: iifCtUoN - iifCtUoN.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Alerter - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Unknown owner - C:\WINDOWS\system32\basfipm.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: DirectX Service (DirectGazn) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Eraser Service (EraserThread) - Unknown owner - C:\Program Files\Secure Clean PC\erasrv.exe (file missing)
O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQL$LIFESTYLE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$LIFESTYLE\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Network Magic\nmsrvc.exe
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Roxio UPnP Renderer 11 - Unknown owner - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxLiveShare9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: BitDefender Threat Scanner (scan) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\ProShowGold\ScsiAccess.exe
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: SQLAgent$LIFESTYLE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$LIFESTYLE\Binn\sqlagent.EXE (file missing)
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: SystemSuite Task Manager - Unknown owner - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service (file missing)
O23 - Service: Windows Time (w32time) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: YPCService - Unknown owner - C:\WINDOWS\system32\YPCSER~1.EXE (file missing)
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16745
  		   Posted 11-2-2009 1:58 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
Hello Krilb and welcome to BG smile
 
 
Please download and run rkill:
It will only take a moment.
Then download Combofix from:
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 And save to the desktop.

Close all other browser windows.
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.




Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

Krilb
New Member


Date Joined Nov 2009
Total Posts : 5
  		   Posted 11-2-2009 4:19 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
When I ran rkill, I got the error message: encountered a problem and needs to close.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16745
  		   Posted 11-2-2009 4:54 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
Ok. See if you can run combofix.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

Krilb
New Member


Date Joined Nov 2009
Total Posts : 5
  		   Posted 11-2-2009 5:38 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
I tried to run it but got the error message:"Another program is running this file. Not safe to continue. The contents of Combofix may have been compromised. Download a fresh copy from bleepingcomputer. You may be infected by a file patching virus 'Virut'."

I downloaded a fresh copy and changed the name before running it but the same error message came up. This time the error box was headed 32788R22FWJFW/hidec.exe.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16745
  		   Posted 11-3-2009 6:17 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
 
I have some suspicions that this could be pretty bad, but let's run a scan to see what we're dealing with.
Download  CureIt to the desktop:
http://www.freedrweb.com/cureit/?lng=en
 
 
Click on CureIt Download - button.
 
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Move dot to Complete scan
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Please post the Dr.Web report in your next reply.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

Krilb
New Member


Date Joined Nov 2009
Total Posts : 5
  		   Posted 11-3-2009 12:01 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
Thanks for all your help.
Tried the link but again it was blocked by the virus. I downloaded it to my laptop and copied it to the pc. When I ran it I got the message: Some files could not be created. Close all appz and reboot.

I attach a list of what is running in memory which I obtained using a utility and it shows quite a lot of malware:

Operating system : Microsoft Windows XP Professional 2.0 2600
TUT version : 4.84
PC network name : TWPC
Up Time : 1 Hour, 1 Minute, 15 Seconds
Generated on 3-Nov-2009 at 10:06:30
Country Locale : United Kingdom

Task List


Status Task Name CPU Memory Started Manufacturer
Unknown 15 — 2.41 MB 3-Nov-2009 9:07:14
Unknown 958zg8tg — 4.62 MB 3-Nov-2009 9:55:07 Doctor Web, Ltd.
Unknown FastNetSrv — 5.07 MB 3-Nov-2009 9:07:35 Netopsystems A
Unknown InstallShield Licensing Service — 1.24 MB 3-Nov-2009 9:06:15 Macrovision
Unknown lsm32 1% 11.81 MB 3-Nov-2009 10:05:22 nxsb vjsrlf xkbr
Unknown reader_s — 2.00 MB 3-Nov-2009 9:09:01
Unknown reader_s — 2.07 MB 3-Nov-2009 9:07:12
Unknown restorer32_a — 1.84 MB 3-Nov-2009 9:09:01
Unknown restorer32_a — 1.92 MB 3-Nov-2009 9:07:13
Unknown t38byz — 3.11 MB 3-Nov-2009 9:53:53 Doctor Web, Ltd.
Unknown VRT9 — 6.57 MB 3-Nov-2009 9:06:55 Andreas Hauslade
Unknown XYplorer — 12.70 MB 3-Nov-2009 9:53:16 www.xyplorer.com
User's Choice AppleMobileDeviceService — 2.32 MB 3-Nov-2009 9:06:05 Apple Inc.
User's Choice DesktopSearchService — 18.00 MB 3-Nov-2009 9:09:02 Copernic Inc.
User's Choice GoogleToolbarNotifier — 1.63 MB 3-Nov-2009 9:09:03 Google Inc.
User's Choice GoogleUpdate — 1.52 MB 3-Nov-2009 9:09:02 Google Inc.
User's Choice GoogleWebAccClient — 6.32 MB 3-Nov-2009 9:09:21
User's Choice KService — 10.99 MB 3-Nov-2009 9:06:15 Kontiki Inc.
User's Choice mDNSResponder — 3.57 MB 3-Nov-2009 9:06:05 Apple Inc.
Multiple Possibilities OUTLOOK — 82.76 MB 3-Nov-2009 9:18:02 Microsoft Corporation
OK cmd — 2.50 MB 3-Nov-2009 9:07:13 Microsoft Corporation
OK csrss — 4.69 MB 3-Nov-2009 9:05:50 Microsoft Corporation
OK ctfmon — 3.73 MB 3-Nov-2009 9:09:01 Microsoft Corporation
OK Explorer — 59.59 MB 3-Nov-2009 9:08:18 Microsoft Corporation
OK firefox 7% 128.65 MB 3-Nov-2009 9:11:41 Mozilla Corporation
OK lsass — 1.29 MB 3-Nov-2009 9:05:54 Microsoft Corporation
OK mxtask — 21 MB 3-Nov-2009 9:06:05 Avanquest North America, Inc.
OK mxtask — 24.23 MB 3-Nov-2009 9:06:15 Avanquest North America, Inc.
OK nmsrvc — 4.86 MB 3-Nov-2009 9:06:20 Pure Networks, Inc.
OK RoboTaskBarIcon — 6.86 MB 3-Nov-2009 9:09:06 Siber Systems
OK schedul2 — 2.35 MB 3-Nov-2009 9:06:05 Acronis
OK ScsiAccess — 0.95 MB 3-Nov-2009 9:06:15
OK services — 7.13 MB 3-Nov-2009 9:05:53 Microsoft Corporation
OK smss — 0.38 MB 3-Nov-2009 9:05:35 Microsoft Corporation
OK spoolsv — 5.71 MB 3-Nov-2009 9:05:56 Microsoft Corporation
OK svchost — 19.09 MB 3-Nov-2009 9:08:12 Microsoft Corporation
OK svchost — 2.69 MB 3-Nov-2009 9:08:19 Microsoft Corporation
OK svchost — 7.30 MB 3-Nov-2009 9:05:56 Microsoft Corporation
OK svchost 2% 16.61 MB 3-Nov-2009 9:08:18 Microsoft Corporation
OK svchost — 3.52 MB 3-Nov-2009 9:05:55 Microsoft Corporation
OK svchost — 24.79 MB 3-Nov-2009 9:05:55 Microsoft Corporation
OK svchost — 4.65 MB 3-Nov-2009 9:05:55 Microsoft Corporation
OK svchost — 3.89 MB 3-Nov-2009 9:09:04 Microsoft Corporation
OK svchost — 2.69 MB 3-Nov-2009 9:08:19 Microsoft Corporation
OK svchost — 2.54 MB 3-Nov-2009 9:09:10 Microsoft Corporation
OK svchost — 5.34 MB 3-Nov-2009 9:05:55 Microsoft Corporation
OK svchost — 2.65 MB 3-Nov-2009 9:10:08 Microsoft Corporation
OK svchost — 4.71 MB 3-Nov-2009 9:07:13 Microsoft Corporation
OK svchost — 6.11 MB 3-Nov-2009 9:11:46 Microsoft Corporation
OK svchost — 11.09 MB 3-Nov-2009 9:17:44 Microsoft Corporation
OK svchost — 5.60 MB 3-Nov-2009 9:07:09 Microsoft Corporation
OK svchost — 4.24 MB 3-Nov-2009 9:06:15 Microsoft Corporation
OK svchost — 7.09 MB 3-Nov-2009 9:07:23 Microsoft Corporation
OK UltimateTroubleshooter — 1.89 MB 3-Nov-2009 9:51:34 AnswersThatWork.com
OK UltimateTroubleshooter 2% 29.09 MB 3-Nov-2009 9:51:35 AnswersThatWork.com
OK WasherSvc — 5.07 MB 3-Nov-2009 9:06:17 Webroot Software, Inc.
OK winlogon — 3.88 MB 3-Nov-2009 9:05:52 Microsoft Corporation
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16745
  		   Posted 11-5-2009 7:50 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
I´m afraid it is game over:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

Krilb
New Member


Date Joined Nov 2009
Total Posts : 5
  		   Posted 11-5-2009 2:03 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
Thanks for all your efforts, it's very much appreciated.

The blog is spot on. Now, I can't even get past the User screen in XP without getiing a BSOD. I reinstalled Windows, in the hope that I could retrieve the data that isn't backed up, and my settings started to load and it looked good and then bang..........BSOD (Fatal Error C000021a).

I just want to get my data so that I can then format and reinstall.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16745
  		   Posted 11-5-2009 2:21 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
Ok, I suggest you make a Rescue Cd:
 
And get your data out.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

Krilb
New Member


Date Joined Nov 2009
Total Posts : 5
  		   Posted 11-11-2009 12:07 (GMT +1)    Quote: Computer Screwed Up by Redirect VirusAlert an admin about: Computer Screwed Up by Redirect Virus
I tried it but found the copy command difficult to work. I have used Ubontu www.ubuntu.com and it has been brilliant and easy to use and I am now copying my files to my external drive.

Thanks again for all your help.
Back to Top
 
New Topic Post reply to : Computer Screwed Up by Redirect Virus Printable version of : Computer Screwed Up by Redirect Virus
 
Forum Information
Currently it is Monday, March 15, 2010 8:53 PM (GMT +1)
There are a total of 76.223 posts in 17.603 threads.
In the last 3 days there were 11 new threads and 77 reply posts. View Active Threads
Who's Online
This forum has 31141 registered members. Please welcome our newest member, bippedibopp.
37 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Myspace.com.exe msn virus (1)15-03-2010 19:12:47 (markusg)
Not enough specific information on website about Game Mode (2)15-03-2010 18:46:01 (kerrykathy)
My computer is running slow (2)15-03-2010 18:05:53 (Dev1ce)
Can't perform a full system scan (0)15-03-2010 17:24:02 (booboo1)
Another Pesky Redirect Issue (7)15-03-2010 12:52:00 (markusg)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard