Help please with a virus

Hello.
Will safe mode work?
Start tapping F8 after the post beep to access the advanced menu and boot to "Safe Mode"
Does explorer work in safe mode?

No, explorer in safe mode doesn't work either. Although, after I tapped f8 there were a lot more options than usually such as reboot and return to last known good configuration.

Last edited by t1123d on 24th December 2008, 6:19 am; edited 1 time in total (Reason for editing : more information)

Ah, good.
Do the F8 boot again, but choose the last known good configuration.
See what happens.

Ok. I've tried the last known good configuration and there's no difference.

Hello.
Do you have your XP disc?

No I do not.

Hold tight, having a colleague looking at this.

Ok, thank you very much.

Hello.
Sorry for the delay, but most the staff are offline with it being christmas.
Another idea.

Open the Task Manager again, and launch this new task.
regedit
This should open the registry editor.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

Locate the winlogon key by following the key path above, then on once you have located it, click it and on the right side pane, have a look at the value of "Shell"
Is it "explorer.exe"?

Hello. I'm very sorry that this problem had to stretch out through Christmas. Yes, the data for shell is Explorer.exe.

Okay.
Lets try this.
Reboot your computer, after the beep, start tapping the F12 key.
This should open an advanced menu, and will have a few choices.

Select "Internal Hardrive" and it will boot normally from using this option, does explorer work now?

For some reason the F12 key opens up a different menu with last known configuration on it.


Here's another log from Hijackthis if it helps:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13, on 2008-12-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Danny Y\Desktop\hijackgpthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {ee66d157-7fe2-4cef-8f34-f1ad99ba6849} - C:\WINDOWS\system32\yabajuku.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF3653.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [CPM53cb1096] Rundll32.exe "c:\windows\system32\gomuliwe.dll",a
O4 - HKLM\..\Run: [yojefuyoki] Rundll32.exe "C:\WINDOWS\system32\tuligudo.dll",s
O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\CF3653.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - AppInit_DLLs: c:\windows\system32\gomuliwe.dll,C:\WINDOWS\system32\jinuyeju.dll,C:\WINDOWS\system32\boluvuza.dll
O21 - SSODL: Wizfmmp - {50F823A6-FA52-890C-9518-8A2C721214A5} - C:\WINDOWS\system32\jip.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gomuliwe.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gomuliwe.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)

--
End of file - 4241 bytes

Last edited by t1123d on 28th December 2008, 4:15 am; edited 2 times in total (Reason for editing : mistake/more info)

also there is no my computer icon.

We can restore the my computer.
Lets use MBAM this time.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.