Infection Popup At Bootup [Solved]

Try Mediafire
Also could you locate and copy/paste the contents of this file C:\AUTOEXEC.BAT (right click and select edit )

Here u go. it's on mediafire. The link is


http://www.mediafire...04e75f6e8ebb871


Also I right clicked on autoexec.bat>>>edit.... empty

OK that is the normal windows folder. I have so far tried every trick that I could find - but there must be a solution somewhere, it is just a matter of finding it

I will continue my search

ok thank you. I will wait for your reply

OK another thought could you locate the following file and copy/paste the contents again right click and select edit

c:\windows\system.ini

ok here is my system.ini file. I just opened with notepad and copied and pasted here


; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[NotBoosted]
Dummy.Dummy=1

Another one to try

In the explorer window, go to Tools / Options / View tab / uncheck Restore previous folder windows at logon.

It's already unchecked

Not sure if this will show you anything but I did a rooter log. Not sure but there seems to be a couple of strange process's in the first couple of lines. The ones that have ?? at the beginning of them. The ftp stuff I have deleted so it doesn't exist on my system now. I took this scan about 5 1\2 hours ago


Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:78520 Mo/Free:3509 Mo)
D:\ [Fixed] - NTFS - (Total:78528 Mo/Free:475 Mo)
E:\ [Fixed] - NTFS - (Total:238472 Mo/Free:3878 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Thu 03/12/2009|12:13

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
---------- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
---------- C:\Program Files\Google\Quick Search Box\qsb.exe
---------- C:\IObit\Advanced SystemCare 3\AWC.exe
---------- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
---------- C:\Program Files\Portrait Displays\Pivot Software\floater.exe
---------- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
---------- C:\ICQ\ICQ.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Mozilla Firefox\firefox.exe
---------- C:\Winamp\winamp.exe
---------- C:\Documents and Settings\Elvis\Desktop\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Elvis\Recent\BulletProof FTP Client & Server v2.4.3 (inc crack & upgrade).rar.lnk
C:\DOCUME~1\Elvis\Recent\BulletProof.FTP.Client.v2.59.0.51.Incl.Keygen.WinAll-BRD.rar.lnk
C:\DOCUME~1\Elvis\Recent\keygen.rar.lnk


1 - "C:\Rooter$\Rooter_1.txt" - Thu 03/12/2009|12:12
2 - "C:\Rooter$\Rooter_2.txt" - Thu 03/12/2009|12:13

----------------------\\ Scan completed at 12:13

No they are legitimate - and you can see where the infections come from

Yes I can see that also. Just wondering why its not showing up what it changed to cause the popup when windows bootsup. I'm investigating on my side also but not having much luck. Everything says its a registry problem but I can't find anything in the registry where its saying to look. Hopefully you can have better luck then I am.

I think I will have to send you back to the real experts here as I have reached the limit of my system knowledge. But, you are now free of malware. If you post back in your original thread and let them know that we have looked at the usual registry areas for this error and have been unable to resolve it then they may have a better idea of where to go from here. I have found a fix for the system32 popup on Kellys Korner No 260 right but that is cured now I believe

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
• On the dialogue box that appears select Create a Restore Point
• Click NEXT
• Enter a name e.g. Clean
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
• In the Drop down box that appears select your main drive e.g. C
• Click OK
• The System will do some calculation and the display a dialogue box with TABS
• Select the More Options Tab.
• At the bottom will be a system restore box with a CLEANUP button click this
• Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Secunia Software inspector To check your programme update status
• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

Ok I have created new system restor.
I have newest java
I started superantispyware
I have avast running also

I wanted to thank you again for all your help. I do recommend Geekstogo.com to all my friends and I especially tell everyone how helpful you have been and your patience and knowledge of fixing infections in my system. Thank you so much and have a great day.


Ron

Cheers Ron my pleasure