[sxoxuxnxdx]

My desktop and taskbar are missing and I can't seem to keep any windows open for to long (Control Panel, My Computer). My other applications work just fine when I open them up from the task manager.


So I'm running a registered and legal version of Windows XP, I don't have the cd or any of the installation stuff so I wont be able to reinstall Windows on my computer to fix my problem.

Ive tried making sure that I didn't have explorer.exe on the running applications, then running explorer, but that doesn't work either.

I've tried running spybot S&D, Runreg, Symantics, and Spysweeper, and deleted the bad things (after googling it and making sure it was bad) but the problem still persists.

When I run explorer, the taskbar comes in and out...

Heres my Hijack this log:

http://security.symantec.com/sscv6/h...SIVFWMFKPXKBQW

[Spencer2004]

this has happened to me before and it sounds like there is permanent damage done by a virus. its best to reinstall windows or find a repair disk from a mate or the internet.

[evilfantasy]

Please see this post and submit the logs to begin the removal process.

[sxoxuxnxdx]

Alright, So I did all those steps to my computer and it turns out my computer was a mess and it took a lot of stuff out, but my main problem still persists.

My desktop wont show until I run explorer on task manager, and even then it appears for a few seconds and disappears. I can't access any of my folders because they close down within a few seconds but I found out that I can run other programs just fine.

Heres my new HJT file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:13 AM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\xxxwinbait.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\xxxOnSecure.exe
O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [STYLEXP] "C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A7A61125-0EAA-11D1-B22F-0000C08C00C4} (SSDBGrid Control 3.1 - A) - https://www.ext.ch2m.com/ETS/controls/sheridan3_13.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://www.ext.ch2m.com/cgi-bin/controls/ikcntrls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75405C70-8319-41CB-8288-402151999888}: NameServer = 68.28.50.91 68.28.58.92
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 12024 bytes

[evilfantasy]

Can you post the other logs?

Open SUPERAntiSpyware > Preferences > Statistics/Logs tab > Highlight log > View Log..

ESET > Go to C:\Program Files\EsetOnlineScanner\log.txt

--------------------

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Don't use it yet, we will later.

--------------------

We need to disable some protective programs so they do not interfere with any fixes we attempt.


Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

First:

• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
• Choose Exit Spybot S&D Resident

Second:

• Open Spybot S&D
• Click Mode, check Advanced Mode
• Go To Left Panel, Click Tools, then also in left panel, click Resident
• If your firewall raises a question, say OK
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Third:

With both Tea timer and SpyBot closed download ResetTeaTimer.zip

• Unzip the file.
• Double click ResetTeaTimer.bat to remove all entries set by SpyBot's TeaTimer.
• Once it's ran, you can delete it. It will not be needed again.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

--------------------

Disable SpySweeper

You can re-enable it after you're clean.

To disable SpySweeper:

Open Spysweeper click > Options over to the left then > Program Options > Uncheck "load at windows startup"

Over to the left click "shields" and Uncheck all there.

Uncheck "home page shield"

Uncheck "automatically restore default without notification"

--------------------

I am not sure if the Watch Dog Program protects the registry from changes so if it does then disable it.

-------------------

Enable Viewing Of Hidden System Files & Folders

Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select Show hidden files and folders.
• Uncheck Hide protected operating system files (recommended) option.

• Also, make sure there is no checkmark beside Hide file extensions for known file types.
• Click OK.

--------------------

Open Task Manager and choose the Processes tab.

Kill the processes for:

xxxwinbait.exe
xxxOnSecure.exe

--------------------

Open HijackThis and select Do a system scan only then place a check mark next to:

O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\xxxwinbait.exe <<-I think this program is either Hijacked or it is wasn't legitimate RegRun download. It should be winbait.exe but is showing as xxxwinbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\xxxOnSecure.exe <<-I think this program is either Hijacked or it is wasn't legitimate RegRun download. It should be OnSecure.exe but is showing as xxxOnSecure.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?


Close all windows except for HijackThis and click Fix checked

--------------------

Open My Computer and locate then delete these Files and Folders.

C:\WINDOWS\xxxwinbait.exe
C:\PROGRA~1\Greatis\REGRUN~1\xxxOnSecure.exe

--------------------

Run ATF-Cleaner

Make sure that all browser windows are closed.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

--------------------

Next post please add
New HijackThis log
SUPERAntiSpyware log <<-- From the removal instructions
ESET log <<-- From the removal instructions

[sxoxuxnxdx]

I cant access my desktop or my folders though.

Is there a way around that? I tried accessing my files through my browser but it doesnt work

[sxoxuxnxdx]

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2762 (20080102)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=6051a39d0346bc4b8901f101faab2805
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-01-03 08:02:05
# local_time=2008-01-03 01:02:05 (-0700, US Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=601050
# found=48
# scan_time=6894
C:\Documents and Settings\Administrator\Local Settings\Temp\TMP22.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Family\Local Settings\Temp\RCX3.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Family\Local Settings\Temp\TMP28.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\D1B9.tmp Win32/TrojanDownloader.PurityScan.EG trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\D1B9.tmp »NSIS »Yazzle1552OinAdmin.exe Win32/TrojanDownloader.PurityScan.EG trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\RCX10.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\RCX29D2.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP10.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP12.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP13.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP19.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP20C.tmp Win32/TrojanDownloader.Agent.BLS trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP223.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP241.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP288C.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP29D0.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP30.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP36.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP3D.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP65.tmp Win32/TrojanDownloader.Agent.BLS trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP72.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP7766.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP8.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMP9D.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMPD.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mikael\Local Settings\Temp\TMPD0.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\AIM6\aim6.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Symantec Shared\ccApp.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Greatis\RegRunSuite\lsoon.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Greatis\RegRunSuite\OnSecure.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\QuickTime\qttask .exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\QuickTime\qttask.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\mrofinu72.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\mrofinu72.exe.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\winbait.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe. tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\ctfmon.exe.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\hkcmd.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\mllji.exe Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\PMNKIIF.DLL.del Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\RCX416.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\RCX8.tmp Win32/Adware.Virtumonde.CLI application (unable to clean - deleted) 00000000000000000000000000000000

[Kolubive]

how about safe mode?

when widows begin press the F8 bottum repeadetly a windows will be apear use the safe mode to start up

<EDIT> software is best for system security

[evilfantasy]

Quote:

Originally Posted by Kolubive

how about safe mode?

when widows begin press the F8 bottum repeadetly a windows will be apear use the safe mode to start up

<EDIT> software is best for system security

I warned you about talking about piracy on these forums.

[evilfantasy]

Try to get the SUPERAntiSpyware log and a new HijackThis log.