Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

> laptop w/win xp only allows me to go to RUN/ Computer 2, no program accessibility
thatguy418
post Nov 30 2008, 11:02 AM
Post #1


Member
**

Group: Members
Posts: 17
Joined: 29-November 08
Member No.: 262,666
I have another post for my pc, but my laptop went on fritz a few months back too. I put it in the closet until I had time to mess with it. It won't run or open any programs, not Office, Windows Explorer, My computer, etc. I can only access Run and can browse once in there. I was able to load RSIT on it via thumb drive and run it in safe mode as it wouldn't pull up the regular way. I can't access internet on it, or at least IE won't open up. Please see RGIT file and advise, trying to avoid reinstalling OS if possible.

Thanks,
Thatguy418


CODE
11-30-08 RSIT Log Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-30 10:51:49
Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (77%) free of 19 GB
Total RAM: 254 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:51 AM, on 11/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
E:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wral.com/
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: crd - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5261 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AOL Search\AOLSearch.dll [2007-12-18 111968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-11-01 590848]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]
"SpybotSD TeaTimer"=C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2008-08-04 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2008-11-30 10:51:49 ----D---- C:\rsit
2008-11-30 10:12:32 ----D---- C:\Program Files\Trend Micro
2008-11-08 23:16:37 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-08 23:14:20 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-07 20:01:55 ----D---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-04 09:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 09:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 09:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-04 09:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 09:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-04 09:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 09:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 09:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 09:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 09:30:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 09:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 09:29:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-04 09:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 09:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 09:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-04 09:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 08:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-04 08:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-04 08:57:04 ----A---- C:\WINDOWS\_delis43.ini
2008-11-02 09:41:47 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-02 09:28:21 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-02 09:28:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-02 09:28:13 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-11-02 09:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-02 09:28:07 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 20:07:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-01 20:01:39 ----D---- C:\Program Files\Spybot
2008-11-01 16:28:12 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-01 16:21:34 ----SHD---- C:\Config.Msi
2008-11-01 16:16:28 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-01 16:06:12 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-11-01 16:05:59 ----D---- C:\Program Files\WinZip
2008-09-07 20:21:37 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-05 23:30:42 ----N---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 23:30:06 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe

======List of files/folders modified in the last 3 months======

2008-11-30 10:36:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-30 10:30:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 10:12:32 ----RD---- C:\Program Files
2008-11-30 10:10:57 ----D---- C:\WINDOWS\Prefetch
2008-11-30 10:05:18 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2008-11-09 16:11:47 ----D---- C:\WINDOWS\system32
2008-11-09 12:34:35 ----D---- C:\WINDOWS\Temp
2008-11-09 12:19:37 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-09 12:19:00 ----HD---- C:\WINDOWS\inf
2008-11-09 11:35:25 ----D---- C:\WINDOWS
2008-11-08 23:16:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-08 23:14:25 ----D---- C:\WINDOWS\Debug
2008-11-04 09:32:15 ----D---- C:\WINDOWS\system32\drivers
2008-11-04 09:32:08 ----A---- C:\WINDOWS\imsins.BAK
2008-11-04 09:31:55 ----D---- C:\Program Files\Messenger
2008-11-04 09:29:13 ----D---- C:\WINDOWS\WinSxS
2008-11-04 08:59:36 ----D---- C:\Program Files\Internet Explorer
2008-11-04 08:58:36 ----D---- C:\Scrabble
2008-11-02 09:23:55 ----D---- C:\Program Files\Google
2008-11-01 20:41:06 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-11-01 16:29:40 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-01 16:29:36 ----D---- C:\WINDOWS\Help
2008-11-01 16:24:58 ----SHD---- C:\WINDOWS\Installer
2008-11-01 16:24:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-01 16:24:22 ----D---- C:\WINDOWS\system32\mui
2008-11-01 16:23:24 ----RSD---- C:\WINDOWS\assembly
2008-11-01 16:17:20 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-11-01 16:17:19 ----D---- C:\Program Files\Common Files
2008-11-01 16:16:55 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-01 14:59:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-23 10760]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
S1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-11-20 821856]
S1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-01-26 4224]
S1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-28 27776]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
S2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-01-26 4960]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-04-19 24209]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-04-19 57404]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 42512]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-28 247296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2008-08-04 312880]
S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-11-20 418816]
S2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-01-26 49664]
S2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-23 406528]
S2 crd;crd; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe []
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-28 92792]

-----------------EOF-----------------
Go to the top of the page
 
+Quote Post
2 Pages V  < 1 2  
 Start new topic
Replies (15 - 21)
thatguy418
post Jan 5 2009, 09:46 PM
Post #16


Member
**

Group: Members
Posts: 17
Joined: 29-November 08
Member No.: 262,666
Yourhighness,

In my attempt to find a way to trick my computer in to letting me see a browser page, I happened to right click the Windows Update icon in system tray. It had two updates it wanted to do, IE7 and one other. I allowed it to do so, then alowed it to be restarted when it booted back up, all my functions have resumed to full use. I canaccess internet, programs, control panel, windows explorer etc. al without having to go through RUN to get there.

I logged in to Bleepingcomputers to do the scan you told me to do. The computer did ask for the WinXP Professional SP 3 disc. This laptop was given to me used and no OS disc was included. Therefore I can not insert the disk. It says there are some files that are required for Windows to run properly must be copied to the dll cache. Is there any way to get those files without the Win XP Prof disk? I have WinXP Home disc from my desktop, could I use it?

Any scans you want me to run I can now do it appears. Please advise.

Thank you so much!!
Go to the top of the page
 
+Quote Post
Yourhighness
post Jan 6 2009, 02:42 PM
Post #17


The BSG Malware Fighter
******

Group: HJT Team Coach
Posts: 6,672
Joined: 20-April 06
From: Hamburg
Member No.: 64,788
Hi there,

I would say any XP version would suffice, as long as its a legitimate one smile.gif.
Whilst its great to hear that things are better, lets try this first. It cant harm to do it anyway.
Once we know how that went, we ll take it from there and may even wrap things up fast smile.gif.

YoHi


--------------------
I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm
- "How did I get infected?" - "Safe-hex" - Member of UNITE -
Go to the top of the page
 
+Quote Post
thatguy418
post Jan 6 2009, 07:55 PM
Post #18


Member
**

Group: Members
Posts: 17
Joined: 29-November 08
Member No.: 262,666
Yourhighness,
I tried using my XP home cd, but a window appeared stating it was the wrong version of WINDOWS. The disk is legitimate, if I understand that meaning correctly. The CD was purchased at a retail store when I wanted to change OS on another computer. I have since parted that computer out therefor the OS is not in use on that pc, so it should make it legitimate for me to use it on another one. or so I believe.

If there is something I am missing on that please advise.

Is there another forum you would like me to post to now? Or do you have more options to try.
Go to the top of the page
 
+Quote Post
Yourhighness
post Jan 8 2009, 04:01 PM
Post #19


The BSG Malware Fighter
******

Group: HJT Team Coach
Posts: 6,672
Joined: 20-April 06
From: Hamburg
Member No.: 64,788
Hi thatguy,

sorry for the delay. Due to personal commitments and a double check with colleagues, I could only post now.
Apologies for the sfc /scannow issue. I was obviously wrong. You do need a CD with the equivalent OS. Whilst your reports of good "behaviour" is great, lets just get another look on your system and see how it goes for a few days, before giving some final recommendations.
  • Please download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks!


--------------------
I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm
- "How did I get infected?" - "Safe-hex" - Member of UNITE -
Go to the top of the page
 
+Quote Post
thatguy418
post Jan 8 2009, 07:47 PM
Post #20


Member
**

Group: Members
Posts: 17
Joined: 29-November 08
Member No.: 262,666

YourHighness,

No worries I am patient and merely appreciate any guidance and help given.

I downloaded RSIT to desktop, double clicked it, cliked run, clicked continue at disclaimer screen. It ran but only gave me one file. I've pasted it below. I didn't change the time frame shown on disclaimer screen, it defaulted to 1 month. Just to be clear, this problem started in the summer and I just put laptop away for a few months until time availed itself for me to work on the computer.

While I can now access internet and programs on this laptop, it is still very slow to respond, so I know it isn't fixed, but better than it was. Not sure if that is helpful info or not.

Please advise when able. Thank you. Thatguy418

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-08 19:31:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (76%) free of 19 GB
Total RAM: 254 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:03 PM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wral.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5778 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-05 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-11-01 590848]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-05 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2008-08-04 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-05 22:00:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-05 22:00:00 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-05 21:59:58 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-05 21:59:55 ----A---- C:\WINDOWS\system32\java.exe
2009-01-05 21:58:30 ----D---- C:\Program Files\Java
2009-01-05 20:56:47 ----D---- C:\WINDOWS\ie7updates
2009-01-05 20:54:47 ----D---- C:\WINDOWS\WBEM
2009-01-05 20:54:42 ----D---- C:\WINDOWS\system32\en-US
2009-01-05 20:51:51 ----HDC---- C:\WINDOWS\ie7
2009-01-05 20:51:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-05 20:50:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-05 20:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-01-05 20:49:47 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-01-05 20:46:38 ----D---- C:\WINDOWS\network diagnostic
2009-01-05 20:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2009-01-05 20:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-28 00:54:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-25 17:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-25 17:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-25 17:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-25 17:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-25 17:13:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-25 17:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-25 17:12:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-25 17:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-21 18:41:01 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-12-21 18:26:25 ----SHD---- C:\RECYCLER
2008-12-21 18:17:54 ----D---- C:\WINDOWS\temp
2008-12-21 18:17:49 ----A---- C:\ComboFix.txt
2008-12-21 18:12:52 ----A---- C:\WINDOWS\system32\CF31506.exe
2008-12-21 16:10:41 ----A---- C:\Boot.bak
2008-12-21 16:10:30 ----RASHD---- C:\cmdcons
2008-12-21 16:06:51 ----A---- C:\WINDOWS\zip.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\VFIND.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\SWSC.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\SWREG.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\sed.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\grep.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\fdsv.exe
2008-12-21 16:06:47 ----D---- C:\WINDOWS\ERDNT
2008-12-21 16:06:47 ----D---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2009-01-08 18:59:09 ----D---- C:\WINDOWS
2009-01-08 18:58:38 ----D---- C:\WINDOWS\system32
2009-01-08 18:58:38 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2009-01-08 18:55:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-08 18:52:17 ----HD---- C:\WINDOWS\inf
2009-01-08 18:52:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-08 18:52:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-08 18:51:58 ----A---- C:\WINDOWS\imsins.BAK
2009-01-05 22:22:20 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-05 22:02:19 ----D---- C:\WINDOWS\Prefetch
2009-01-05 22:01:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-05 21:58:35 ----SHD---- C:\WINDOWS\Installer
2009-01-05 21:58:30 ----RD---- C:\Program Files
2009-01-05 21:04:31 ----D---- C:\WINDOWS\Help
2009-01-05 21:04:31 ----D---- C:\Program Files\Internet Explorer
2009-01-05 20:54:58 ----D---- C:\WINDOWS\system32\config
2009-01-05 20:54:28 ----D---- C:\WINDOWS\Media
2009-01-05 20:04:38 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-12-28 15:47:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-28 15:32:31 ----D---- C:\WINDOWS\system32\drivers
2008-12-28 15:32:29 ----D---- C:\Program Files\Grisoft
2008-12-28 14:54:31 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-28 10:18:52 ----RD---- C:\WINDOWS\Web
2008-12-21 18:16:35 ----A---- C:\WINDOWS\system.ini
2008-12-21 18:15:32 ----D---- C:\WINDOWS\AppPatch
2008-12-21 18:15:32 ----D---- C:\Program Files\Common Files
2008-12-21 16:10:41 ----RASH---- C:\boot.ini
2008-12-21 15:57:26 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-20 19:13:12 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-20 16:41:45 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-11-20 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-01-26 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-28 27776]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-23 10760]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-01-26 4960]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-28 247296]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-04-19 24209]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-04-19 57404]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 42512]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2008-08-04 312880]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-11-20 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-01-26 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-23 406528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-05 152984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-28 92792]

-----------------EOF-----------------
Go to the top of the page
 
+Quote Post
Yourhighness
post Jan 11 2009, 09:49 AM
Post #21


The BSG Malware Fighter
******

Group: HJT Team Coach
Posts: 6,672
Joined: 20-April 06
From: Hamburg
Member No.: 64,788
Hi thatguy,

QUOTE
I downloaded RSIT to desktop, double clicked it, cliked run, clicked continue at disclaimer screen. It ran but only gave me one file. I've pasted it below. I didn't change the time frame shown on disclaimer screen, it defaulted to 1 month. Just to be clear, this problem started in the summer and I just put laptop away for a few months until time availed itself for me to work on the computer.

Thats ok. We just want a final look at your pc.

QUOTE
While I can now access internet and programs on this laptop, it is still very slow to respond, so I know it isn't fixed, but better than it was. Not sure if that is helpful info or not

The slow behaviour of your pc is partially due to the low level of Ram memory, your pc has:

QUOTE
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-08 19:31:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (76%) free of 19 GB
Total RAM: 254 MB (50% free)


Step #1

Please navigate to: Start >> Run... and type Combofix /u and hit Enter. Thanks.

Step #2

Please download the OTCleanIt by OldTimer.
  • Please double-click on "OTCleanIt.exe"
  • Navigate to the following icon and click it:
  • OTCleanIt might ask you to reboot. If it does so, please let it do so.
Note: after reboot, OTCleanIt and your other helper tools downloaded while cleaning your Pc, will be removed. So its oke if it is not there anymore ;) .

Step #3

Please also have a look at the following links, giving some advice and suggestions for preventing future infections:I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache!
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Another recommendation, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atl east one of them (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Step #4

Please give the hardware section a go, to see if you can do some tuning with additional RAM or if they may have any other suggestions to try and speed up your pc. Thanks.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!


--------------------
I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm
- "How did I get infected?" - "Safe-hex" - Member of UNITE -
Go to the top of the page
 
+Quote Post
thatguy418
post Jan 12 2009, 10:40 PM
Post #22


Member
**

Group: Members
Posts: 17
Joined: 29-November 08
Member No.: 262,666
thank you so much....I am working on the things you outlined,little by little as time allows. When I can I will look in to more ram. Thanks so much!!!!
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »
 

2 Pages V  < 1 2
Reply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 26th November 2009 - 12:06 PM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.