Hi all.
I am trying to help my nextdoor neighbour sort his XP PC. He has had people look at it and they have installed windows again over the top of the last installation and then downloaded SP3 and installed it. He now has no access to the internet or most programs (IE, Modem dialup, etc) either because they can't be found or Administrator doesn't have sufficient perms!
Can anyone shed any light on this for me? Here is his HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:16, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Update] ssms.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\RunServices: [Windows Update] ssms.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Test321] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1231104455437
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101458142968
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 8199 bytes

Any help much appreciated.
Noodles

Hello

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.


Your computer is loaded with viruses, when you install windows on top of the current installation, all the viruses will not be removed, you need to format and do a clean install of windows to remove it all.



Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Thanks so much.
I will give this a go. If there is no internet connectivity can I dl windows recovery console to a clean PC from somewhere and take it on a flash drive or cd?
Thanks again.
Stay happy,
Noodles

All you have to do after combofix is reboot your computer

Not looking good. I cant get combofix to run. Just about 12 errors like the attached images. Any ideas?
Noodles

Lets rename it and try again. After you rename it from the download, if it still won't run than try running it in safemode.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.






To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

I booted to safe mode and tried again but got a message to say combofix was infected with a virus patching virut.
I downloaded another copy and took it on a usb drive & it is the same.
<sigh>

oops
Must have been posting at the same time. Will rename and get back to you.
Noodles

Noodles,

By pass CF for the moment and run this program please

Download Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe) to the desktop:

Doubleclick the drweb-cureit icon to start the program.
press start
Allow the program to run the initial express scan
This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.
Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it.

Once the short scan has finished, check the Complete scan box on the left side, even if nothing was found on the initial scan.
Then click the small green arrow button on the right under the Dr.Web Antivirus picture to start the complete scan. (This scan will take several hours)
During this complete scan - if Dr.Web finds an infection a window will pop up requesting your attention. Select the Cure button.
Note:(If the file cannot be cured, Dr.Web will automatically delete the file)
Once the scan is complete, on the menu bar, click file and choose report list.
Save the report to your desktop. The report will be called DrWeb.csv
Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum.
Close Dr.Web Cureit.
Please post the Dr.Web.txt report in your next reply

Still the same running it in safe mode renamed to combo-fix.
Nood

Ok, see you in a few hours man!Thanks for your help.
noodles

Ken.
Full scan is running but it has found a lot of virut infections. Here is the list from the initial scan if it helps. Will post the full one when its done.
Cheers,
Noodles

aim.exe;c:\program files\aim;Win32.Virut.30;Cured.;
setpoint.exe;c:\program files\logitech\setpoint;Win32.Virut.30;Cured.;
msmsgs.exe;c:\program files\messenger;Win32.Virut.30;Cured.;
setup50.exe;c:\program files\outlook express;Win32.Virut.30;Cured.;
sprtcmd.exe;c:\program files\talktalk\bin;Win32.Virut.30;Cured.;
dragdiag.exe;c:\program files\thomson\speedtouch usb;Win32.Virut.30;Cured.;
mswmccds.exe;c:\program files\windows media connect;Win32.Virut.30;Cured.;
mswmcls.exe;c:\program files\windows media connect;Win32.Virut.30;Cured.;
wmpnetwk.exe;c:\program files\windows media player;Win32.Virut.30;Cured.;
wmpnscfg.exe;c:\program files\windows media player;Win32.Virut.30;Cured.;
fresdg.exe;c:\recycler\s-1-5-21-0243556031-888888379-781863308-1455;Win32.Virut.30;Cured.;
fresdg.exe;c:\recycler\s-1-5-21-0243556031-888888379-781863308-1455;Win32.HLLW.Lime.18;Deleted.;
pqlmq.exe;c:\recycler\s-1-5-21-0243636035-3055115376-381863306-1556;Win32.Virut.30;Cured.;
pqlmq.exe;c:\recycler\s-1-5-21-0243636035-3055115376-381863306-1556;Win32.HLLW.Lime.18;Deleted.;
winmap.exe;c:\recycler\s-1-5-21-8142616083-0670439428-442896258-1580;Win32.HLLW.Lime.18;Deleted.;
popcaploader.dll;c:\windows\downloaded program files;Program.PopcapLoader;;
explorer.exe;c:\windows;Win32.Virut.30;Cured.;
unregmp2.exe;c:\windows\inf;Win32.Virut.30;Cured.;
xpnetdiag.exe;c:\windows\network diagnostic;Win32.Virut.30;Cured.;
sisusbrg.exe;c:\windows;Win32.Virut.30;Cured.;
alg.exe;c:\windows\system32;Win32.Virut.30;Cured.;
cisvc.exe;c:\windows\system32;Win32.Virut.30;Cured.;
clipsrv.exe;c:\windows\system32;Win32.Virut.30;Cured.;
dllhost.exe;c:\windows\system32;Win32.Virut.30;Cured.;
dmadmin.exe;c:\windows\system32;Win32.Virut.30;Cured.;
ie4uinit.exe;c:\windows\system32;Win32.Virut.30;Cured.;
imapi.exe;c:\windows\system32;Win32.Virut.30;Cured.;
locator.exe;c:\windows\system32;Win32.Virut.30;Cured.;
logon.scr;c:\windows\system32;Win32.Virut.30;Cured.;
logonui.exe;c:\windows\system32;Win32.Virut.30;Cured.;
lssas.exe;c:\windows\system32;Win32.HLLW.Lime.3;Deleted.;
mnmsrvc.exe;c:\windows\system32;Win32.Virut.30;Cured.;
msdtc.exe;c:\windows\system32;Win32.Virut.30;Cured.;
msiexec.exe;c:\windows\system32;Win32.Virut.30;Cured.;
netdde.exe;c:\windows\system32;Win32.Virut.30;Cured.;
nvsvc32.exe;c:\windows\system32;Win32.Virut.30;Cured.;
nwiz.exe;c:\windows\system32;Win32.Virut.30;Cured.;
regsvr32.exe;c:\windows\system32;Win32.Virut.30;Cured.;
rsvp.exe;c:\windows\system32;Win32.Virut.30;Cured.;
rundll32.exe;c:\windows\system32;Win32.Virut.30;Cured.;
scardsvr.exe;c:\windows\system32;Win32.Virut.30;Cured.;
services.exe;c:\windows\system32;Win32.Virut.30;Cured.;
sessmgr.exe;c:\windows\system32;Win32.Virut.30;Cured.;
shmgrate.exe;c:\windows\system32;Win32.Virut.30;Cured.;
smlogsvc.exe;c:\windows\system32;Win32.Virut.30;Cured.;
spoolsv.exe;c:\windows\system32;Win32.Virut.30;Cured.;
spoolsvc.exe;c:\windows\system32;Win32.HLLW.Lime.3;Deleted.;
ssms.exe;c:\windows\system32;Trojan.MulDrop.13814;Deleted.;
svchost.exe;c:\windows\system32;Win32.Virut.30;Cured.;
sysmgr.exe;c:\windows\system32;Win32.HLLW.Recycler.6;Deleted.;
ups.exe;c:\windows\system32;Win32.Virut.30;Cured.;
userinit.exe;c:\windows\system32;Win32.Virut.30;Cured.;
vssvc.exe;c:\windows\system32;Win32.Virut.30;Cured.;
wmiapsrv.exe;c:\windows\system32\wbem;Win32.Virut.30;Cured.;
wdfmgr.exe;c:\windows\system32;Win32.Virut.30;Cured.;
vsnp2uvc.exe;c:\windows;Win32.Virut.30;Cured.;
runmgr.exe;e:\recyclers;Win32.HLLW.Lime.18;Deleted.;

A long process, but here you go;

Its too long to paste in here so have attached it.

D drive had a CD in that I took with CF on.
Stay happy,
Noodles

Is too big to attach as well even in 2 bits

Does this work Ken?
http://www.sendspace.com/file/cj6qyv
Noodles

Noodles,

I have some bad news for you. Your infected with an uncleanable virus named Virut What this virus has done is tinfected every exe file on your computer, even the files in the backup folder are infected so restoring them does no good. The only recourse you have is to do a complete format and reinstall windows. A system repair won't work, I mean you have to take the hard drive down to bare metal, delete all the partitions and start from scratch. Most of or all of your programs are infected as well. I am afraid that outside of maybe your pictures, all else is lost.

http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html


If you need help reinstalling windows left me know and I can link you to some tech support forums that can help you.

Ken

Thanks Ken.
I have tried this 4 times now and it seems something is up as I am having trouble even with a clean installation. Maybe the boot sector of the hd although I am not sure yet.
Many thanks for all your help.
Noodles

Noodles,

Post here for help reinstalling windows. Its important that partitions are deleted and you need to start from scratch creating a new partition, format and reinstall. FYI....worked with a poster on this forum about a month ago and he could not figure out what was happening, he said when he posted that he formatted and reinstalled windows 4 times and was still infected, what he was doing was after the reinstall he was installing all his programs and what not from backups he had made to a disk and of course they where infected as well and the loop just kept going . If you look through the DrWeb log you posted, you will see many of your programs infected as well as many critical windows files, and DrWebs report is just the tip of the iceburg.


Do this, post here and make sure you let them know that I helped you here at SaferNetworking, that your infected with Virut and need to do a complete format and reinstall.

http://forums.whatthetech.com/Microsoft_Windows_f119.html



Post back here and link me to the thread after you post and I will be able to join in and make them fully aware of whats going on

Thanks Ken.
I have properly formatted and repartitioned etc but am now thinking it might be a hardware problem too. Am running Hiren to see what I can find out and will maybe run memtest too.
I will keep you posted if I can find out what has gone on.
Thanks again for all your help and patience.
Stay happy,
Noodles :bigthumb:

Could be a combo of Virut and hardware. Thanks for letting me know .

Ken :)

Ken.
Just to let you know; looks like it has been a combination of virut and hardware. Ran the tools and everything came up fine until it got to the motherboard when it just hung. A number of times. Strangely enough every time I tried to reinstall there was an unknown device not installing properly which I thought was the onboard sound card.
Anyway, looks like the MB is dead so am rebuilding it with a different machine.
Thanks again Ken.
Stay happy,
Noodles

Noodles,

Before I got into Malware Removal I was a system builder, I must have built over a dozen systems from the ground up along with upgrading older systems, and the one thing I learned from experienced builders was to use Intel MBs and Processors, why I asked , and was told THEY JUST WORK. I still am using a system I built when XP made its debut, a bit outdated now but still chugging along like a champ, it has never given me one bit of trouble. That and along with using memory from Crucial , all my systems have been winners.

You can post here for any advice you may need
http://forums.whatthetech.com/System_Building_and_Upgrading_f127.html

Good Luck,

Ken