I don't have the money to repair my computer right now so I'm hoping I can fix it somehow. I've tried reinstalling windows through BIOS (bios was set to boot from cdrom) but the setup disk was not detected. I'm running on windows xp professional service pack 2 but I only have a windows xp pro service pack 3 setup disk that came with my mother's computer. Installaing windows through my admin account is also not working. I was going to create a new partition and delete the old one. I do have 2 spare cd drives that I installed and they all seem to work perfectly so I know that's not an issue.
I was previously on another forum and was advised that I should run rkill, combo-fix, malwarebytes, and hijackthis (ran seperately) and post the logs. Unfortunately I can't get any logs due to some issues. Combo-fix ran for about 24 hours straight and then froze (tried on 2 diff. accounts), mbam also took about an entire day to scan and then froze, hijack this stopped responding at 04 Registry and Start Menu autoruns. I realize I won't be able to get much help without any logs but I'm desperate and its worth a shot. I did get a few logs from Rkill but I don't know if that will help but I'll post them anyways.
First rkill log:
c:\32788R22FWJFW\cmd.cfxxe
c:\32788R22FWJFW\License\iexplore.exe
F:\combo-fix.exe
F:\rkill.scr
c:\WINDOWS\system32\taskmgr.exe
f:\rkill.exe
c:\Documents and Settings\go away virus\Local Settings\Temp\24.tmp\pev.rkexe
c:\32788R22FWJFW\PEV.exe
c:\WINDOWS\system32\net1.exe
Second rkill log:
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\tv\Local Settings\Temp\5.tmp\pev.rkexe
C:\WINDOWS\system32\imapi.exe
The virus did affect the internet connection so I unplugged my ethernet.When combofix completed all stages, I wrote out everything that was deleted before it froze. Deleting Files:
C:\DOCUME~1\tv\LOCALS~1\Temp\dwm.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\93100.exe
C:\Documents and Settings\tv\Local Settings\Temp\dwm.exe
C:\install.exe
C:\WINDOWS\bootkey.dll
C:\WINDOWS\madexml.dll
C:\WINDOWS\system32\0.7258771841655116
C:\WINDOWS\system32\bjinstalle.dll
C:\WINDOWS\system32\bootskey.dll
C:\WINDOWS\system32\drivers\ehzgxybl.sys
C:\WINDOWS\system32\drivers\ghatkqrs.sys
C:\WINDOWS\system32\xegmyryy.ini
C:\xcrashdump.dat
Also the first time I ran combo fix, I got a pop up taht said "rootkit- TDL3 is infected
". At this point, I don't care if I lose any pictures or other software. I would just like to learn how to fix this before classes start.
I was previously on another forum and was advised that I should run rkill, combo-fix, malwarebytes, and hijackthis (ran seperately) and post the logs. Unfortunately I can't get any logs due to some issues. Combo-fix ran for about 24 hours straight and then froze (tried on 2 diff. accounts), mbam also took about an entire day to scan and then froze, hijack this stopped responding at 04 Registry and Start Menu autoruns. I realize I won't be able to get much help without any logs but I'm desperate and its worth a shot. I did get a few logs from Rkill but I don't know if that will help but I'll post them anyways.
First rkill log:
c:\32788R22FWJFW\cmd.cfxxe
c:\32788R22FWJFW\License\iexplore.exe
F:\combo-fix.exe
F:\rkill.scr
c:\WINDOWS\system32\taskmgr.exe
f:\rkill.exe
c:\Documents and Settings\go away virus\Local Settings\Temp\24.tmp\pev.rkexe
c:\32788R22FWJFW\PEV.exe
c:\WINDOWS\system32\net1.exe
Second rkill log:
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\tv\Local Settings\Temp\5.tmp\pev.rkexe
C:\WINDOWS\system32\imapi.exe
The virus did affect the internet connection so I unplugged my ethernet.When combofix completed all stages, I wrote out everything that was deleted before it froze. Deleting Files:
C:\DOCUME~1\tv\LOCALS~1\Temp\dwm.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\93100.exe
C:\Documents and Settings\tv\Local Settings\Temp\dwm.exe
C:\install.exe
C:\WINDOWS\bootkey.dll
C:\WINDOWS\madexml.dll
C:\WINDOWS\system32\0.7258771841655116
C:\WINDOWS\system32\bjinstalle.dll
C:\WINDOWS\system32\bootskey.dll
C:\WINDOWS\system32\drivers\ehzgxybl.sys
C:\WINDOWS\system32\drivers\ghatkqrs.sys
C:\WINDOWS\system32\xegmyryy.ini
C:\xcrashdump.dat
Also the first time I ran combo fix, I got a pop up taht said "rootkit- TDL3 is infected
". At this point, I don't care if I lose any pictures or other software. I would just like to learn how to fix this before classes start.
