moneymike59

This is my first post because I did a Google search for a computer forum and this site came up so hopefully you guys can help me.

I don't know what this virus is or how it got into my computer but I'll do my best to tell you guys what it is.

I started with about 35 processes before I got the virus. After I was hit I had well over 50 processes and my computer would restart very quickly, so I went to MSCONFIG and disabled all the processes. Didn't fix the problem but it did stop my computer from restarting as much.

When I first start my computer up Windows XP will start up normal and everything. The problem is about 1 min later everything just freezes up and I am unable to click anything. My mouse still moves but all clicking functions do not work. The only thing I'm able to do is ctrl+alt+delete. That is also the only way I can shut my PC down. The thing is though about the only thing I can do is use Firefox but I have to click on it as soon as the desktop shows up. Another thing is if I am using Firefox and I decide to close it I can't get back into it unless I restart.

One thing I tried was doing an AdAware scan but the weird thing about that is as soon as it gets going and finds many things the PC will just restart on its own. I also dled AVP anti-virus off of download.com and I scan and again while it is finding things the PC will restart on its own.

And when my computer is first started I get a couple error messages. One is Media Ack or something like that and another is NT something.

I did use the virus scan that was in the sticky the last link and it found 107 things but when I tried cleaning them it said that it was unable to clean it.

I also tried System Restore and when it looks like it's working I get a message when I restart that it was unsuccessful. I tried different dates as well.

So any help you guys could give me would be very appreciated.

hells3000

follow sticky instructions

moneymike59

I did use the virus scan that was in the sticky the last link and it found 107 things but when I tried cleaning them it said that it was unable to clean it.

All the other things in the sticky I had already tried.

hells3000

hijack the log then post it have you done that?

moneymike59

Logfile of HijackThis v1.99.1
Scan saved at 11:17:10 PM, on 9/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\etb\pokapoka66.exe
C:\WINDOWS\system\thiuweu.exe
C:\WINDOWS\system32\nsmzvea.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TWlrZQAA\command.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe
C:\WINDOWS\system32\Ote9Wj.exe
C:\WINDOWS\system32\Mlwwa.exe
C:\WINDOWS\System32\imapi.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINDOWS\system32\Vryu.exe
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [guhltr] C:\WINDOWS\system32\nsmzvea.exe r
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O20 - AppInit_DLLs: repairs.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlrZQAA\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

hells3000

know wait and let the experts do there stuff

cell4me

First boot into safe mode and follow the sticky's again!

alanuofm

try running the virus scan in safemode.

go to control panel > uninstall media access

then go to local disk > windows > system 32 > delete command.exe

remove the following lines:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe

O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlrZQAA\command.exe

byteman or buzz will catch the rest.

cell4me

Wow I just did an analysis of your log and you have some bad stuff, wait for someone here to help you! I dont want to steer you in the wrong direction!

moneymike59

About logging into safe mode...I know usually ur usually supposed to press F8 at startup but when I do that on my computer it just asks me what drive I want to boot from. Is there another way to load safe mode?