Gotta keep the kids off the computer. Have run several virus scans and spyware, anything found has been removed, but still can't open My Computer etc., from desktop, nor control panel through Start. When I boot and press F8, nothing happens, just boots normally. When I boot with the Windows XP disc in the drive, the start up asks if I want to boot from the disc, press any key, which I do then it boots up normally! Everything else seems good, the kids can hear music, use Office functions, the printer works, IE and FireFox seem fine.
Not sure where to start as I am a bit of a novice at all this.
Suggestions gratefully accepted.
Goach 0 Newbie Poster
jbennet 1,618 Most Valuable Poster Team Colleague Featured Poster
stick in xp disk
start -> run -> type "sfc /scannow"
wait. reboot.
This will check for missing ro corrupt files. After that run a scan with Malwarebytes Anti-Malware and post a log.
Goach 0 Newbie Poster
This is the log from when things were barely working and numerous viruses and stuff was found.
I have did the sfc /scannow and am just running the malaware scan.
will post in a bit
Goach
Malwarebytes' Anti-Malware 1.31
Database version: 1580
Windows 5.1.2600 Service Pack 3
12/30/2008 10:58:40 PM
mbam-log-2008-12-30 (22-58-40).txt
Scan type: Quick Scan
Objects scanned: 52614
Time elapsed: 4 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 16
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\gayujoje.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tipukuvu.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8746e052-59bd-473f-ab48-2c5d375e15f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8746e052-59bd-473f-ab48-2c5d375e15f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96cfe229-dc4f-4faa-92a6-8ea0c7b795ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96cfe229-dc4f-4faa-92a6-8ea0c7b795ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{96cfe229-dc4f-4faa-92a6-8ea0c7b795ce} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\geyoletija (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tipukuvu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tipukuvu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\tipukuvu.dll -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Customer\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\bppebx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gayujoje.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tipukuvu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bepikize.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kadageko.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yozogate.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zutokewa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqqyk.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
jbennet 1,618 Most Valuable Poster Team Colleague Featured Poster
Goach 0 Newbie Poster
Vundofix did not find anything. The last scan with malawarbytes did not see anything either.
Still can't open the originally mentioned things!
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.