Getting destroyed by Virtumonde. I can't run Kaspersky because it never finishes updating in IE. I've got a 10Mbit connection, so it shouldn't take over 30 seconds to get the program running (instead of at least ten minutes). If you want me to try again, just say so.

Also, unfortunately, it seems as though my notepad has somehow been disabled. Going to start-->run-->notepad, which normally brings up notepad, does not do this. Nothing happens. Same goes for regedit.

After working my way into the Hijack this directory to find the log file itself, and running that through wordpad (which seems unaffected), I'm left with this...which seems rather small.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:07 PM, on 9/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

--
End of file - 1809 bytes

Hello UdakW and welcome to Safer Networking Forums.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

Since I am still in training, I have to let experts check the content of my fixes before I post them so please be patient.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


I will be back as soon as possible with your first instructions!

I appreciate the offer of help, but I've gotten to the point where numerous windows programs (notepad, wordpad, mspaint, regedit, etc...) are no longer working. I have no choice but to just throw in the towel and reformat.

I can't view logs (unless I view them in firefox) from Hijackthis, I can't connect my computer to the internet unless I want 35 new detections from spybot...I've been beaten, plain and simple. I'm retreating my important files to a separate HD, and then starting anew.

Word of warning to everyone else--Daemon Tools got me. I'm not sure if it was the attempt to uninstall the free version, or what, but everything hit the fan after that. Guaranteed I'm never using that software again.

Thanks for letting me know your decision