Member Panel

joe5

Do you know how to backup all the data you want to keep? And do you have/know where to find needed drivers and such?

Installing itself is pretty easy , have a look here:

http://www.windowsreinstall.com/win9...exfullpage.htm

Just ask what you want to know more.

PS , to illustrate this is roughly the malware that is showing in youre hjt log:
(this is an rough and incomplete list)

C:\USBSTORAGE\USBDETECTOR.EXE - Unknown
C:\WINDOWS\SYSTEM\USBMONIT.EXE - Unknown
C:\WINDOWS\SYSTEM\XABLEN.EXE - Unknown
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=34332 - Nasty
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html - Nasty
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= - Nasty
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= - Nasty
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html - Nasty
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= - Nasty
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= - Nasty
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=34332 - Nasty
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html - Nasty
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= - Nasty
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= - Nasty
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html - Nasty
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= - Nasty
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html - Nasty
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) - Nasty
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - (no file) - Nasty
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL - Nasty
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing) - Nasty
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing) - Nasty
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL (file missing) - Nasty
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL - Nasty
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\PROGRAM FILES\TBONAS\TBONLCHR.DLL (file missing) - Nasty
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\DSR.DLL - Nasty
O2 - BHO: XBTB08143 - {4A34B4F8-19E5-46d9-B2C9-DA6DB8C8A65C} - C:\PROGRA~1\WEB100~1\WEB1000.DLL - Unknown
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3 D87A5B78442D3AC1 - {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL (file missing) - Nasty
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL (file missing) - Nasty
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file) - Nasty
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) - Nasty
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\SYSTEM\MTC.DLL (file missing) - Nasty
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing) - Nasty
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\PROGRAM FILES\TBONAS\TBONLCHR.DLL (file missing) - Nasty
O3 - Toolbar: Web1000 Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\PROGRAM FILES\WEB1000 TOOLBAR\WEB1000.DLL - Unknown
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe - Unknown
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot - Nasty
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe - Nasty
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe - Unknown
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngi neMain - Unknown
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe - Nasty
O4 - HKLM\..\Run: [dcsopqhgokj] C:\WINDOWS\SYSTEM\XABLEN.EXE - Unknown
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\F99FXSZ5BPTHD.EXE - Unknown
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe - Nasty
O4 - HKLM\..\Run: [zwzcr] C:\WINDOWS\zwzcr.exe - Unknown
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe - Nasty
O4 - HKLM\..\Run: [yEee6FI] C:\AVTEQFNX.EXE - Unknown
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\UOZDGA.exe - Unknown
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\RHFLOR.exe - Unknown
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET - Unknown
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe" - Unknown
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd - Unknown
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY - Unknown
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS - Nasty
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm - Nasty
O8 - Extra context menu item: Show Original Image - res://C:\PROGRAM FILES\DMV X-STREAM\XSTREAM.EXE/227 - Possibly nasty
O8 - Extra context menu item: Show All Original Images - res://C:\PROGRAM FILES\DMV X-STREAM\XSTREAM.EXE/250 - Possibly nasty
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing) - Nasty
O9 - Extra button: Web1000 Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\PROGRAM FILES\WEB1000 TOOLBAR\WEB1000.DLL - Possibly nasty
O9 - Extra 'Tools' menuitem: Web1000 Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\PROGRAM FILES\WEB1000 TOOLBAR\WEB1000.DLL - Possibly nasty
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.ht m (file missing) (HKCU) - Possibly nasty
O10 - Hijacked Internet access by WebHancer - Nasty
O10 - Hijacked Internet access by WebHancer - Nasty
O10 - Hijacked Internet access by WebHancer - Nasty
O15 - Trusted Zone: *.greg-search.com - Nasty
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab - Nasty
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab - Possibly nasty
O16 - DPF: {D14D6793-9B65-11D3-80B6-00500487BDBA} - http://files.cc.cometsystems.com/cc2...3-333-ccct.cab - Nasty
O16 - DPF: {A587DAFF-DE03-4721-90CD-44BA8F047A03} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab - Possibly nasty
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://punkrockinrose1621.myphotoalb...UploadTool.cab - Possibly nasty
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c5.cab - Nasty
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...6_download.cab - Nasty
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab - Nasty
O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.faces.com/Scripts/ImageUploader2.CAB - Possibly nasty
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2NET\BT2PLU~1.DLL (file missing) - Possibly nasty
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2NET\BT2PLU~1.DLL - Possibly nasty
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini (file missing) - Possibly nasty
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM) - Possibly nasty

And there will be plenty more that doesn't show up in here.

asa_sniper

Looks like I missed a little huh lol.

joe5

One or two maybe , lol.

ih8bills

:o WOW....

I guess it was a bit more than a coorupted video driver --eh?

xTRx-- my friend-- after you reinstall (my condolences )

get yourself some protection:

http://free.grisoft.com/doc/2/lng/us/tpl/v5

http://www.zonelabs.com/store/conten...try=US&lang=en

http://swatit.org/

http://www.lavasoft.de/software/adaware/

http://www.safer-networking.org/en/download/

every one of the above is respected,effective, and
FREE-OF-CHARGE

xTRx

gah =S im not sure how that happened. I let one of my friends borrow my laptop over the weekend so i guess that was my mistake. I had protection it was mcafee, but the more they updated the more my laptop couldn't function well, it only has 64mb of ram. I'll try and see what i can do. And thanks for the info and stuff everyone. i appreciate it

ih8bills

I haven't used McAfee in a long time-- so I'm not sure exactly what they protect against, what version you were using-- etc. But firewall/ Antivirus alone is NOT enough these days... Sooo -- if your computer was slowing with each update-- and you had protection active then-- it indicates to me that you already very likely HAD many of the infections listed above.

I have:

a good hardware router/firewall
Zone Alarm 6 Suite
AVG 7
Spybot
Ad-Aware SE Pro
Pest Patrol (active protection running)
Trojan Hunter 4.5 (active)
****-Cleaner
I update everything religiously/ several of the programs are set to auto-scan
I run windows update all the time
I have several email-alert subscriptions warning me of newly discovered threats-- and telling me how to check my rig.

There's probably more to add-- but some things have become so automatic-- I don't even think about them anymore.

So call me paranoid

xTRx

Just to let you all know, everythings back to normal. It wasn't as bad as I thought it was but im glad i cleaned it out and reinstalled things. Everythings running much smoother and my screen is back to normal as well.

I also have spyware and anti virus protection, so it won't happen most likely anymore.

thanks for your help everyone