I have another post for my pc, but my laptop went on fritz a few months back too. I put it in the closet until I had time to mess with it. It won't run or open any programs, not Office, Windows Explorer, My computer, etc. I can only access Run and can browse once in there. I was able to load RSIT on it via thumb drive and run it in safe mode as it wouldn't pull up the regular way. I can't access internet on it, or at least IE won't open up. Please see RGIT file and advise, trying to avoid reinstalling OS if possible.

Thanks,
Thatguy418

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K

My laptop is so messed up I can't even get AVG to respond when trying to disengage it's protection. I had to run the DDS program with AVG turned on. Very few things on that computer will respond when clicked/double clicked. Below is a pasted copy of my DDS.txt.

Thank you for any help you can give. The prior owner gave this laptop away becase it kept "crashing" a little while after it would get "fixed". IT guy couldn't figure out the problem. They told me if I don't put too many things on this it should run fine. Not sure what I put on it that messed it up, or if it is something lingering from prior person, but if you can help that would be awesome.


DDS (Version 1.0.1) - NTFSx86
Run by Administrator at 16:31:16.59 on Fri 12/19/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.67 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
E:\dds per bleeping computer for laptop.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.wral.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - c:\program files\aol search\AOLSearch.dll
uURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
dURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot\spybot - search & destroy\SDHelper.dll
BHO: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - c:\program files\aol search\AOLSearch.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [SpybotSD TeaTimer] c:\program files\spybot\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot\spybot - search & destroy\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxsrvc.dll
SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

============= SERVICES / DRIVERS ===============

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-1-26 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-1-26 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-1-26 27776]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-1-26 3968]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-1-26 10760]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2007-1-26 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2007-1-26 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2007-1-26 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-1-26 4960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-12-27 24652]
S2 crd;crd;c:\docume~1\admini~1\locals~1\temp\ixp001.tmp\poststp.exe []
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]

=============== Created Last 30 ================


==================== Find3M ====================

2007-11-20 11:24 0 a------- c:\documents and settings\administrator\ethereal-setup-0.99.0.exe

============= FINISH: 16:31:38.18 ===============

Hello thatguy418 and welcome to BleepingComputer!

Please note that comments are made in green, links are in red, important things are outlined by using the blue color and the numbered steps I would like you to follow are outlined with orange.

Please also take note of the following:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.

Step #1

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform: "Windows".
• Select your Language: "Multi-language".
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• Click Continue and the page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

Step #2

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Step #3

I see you got Malwarebytes Antimalware on your machine. Please start MBAM, then check for updates. Let updates install and run a scan. Please post back with that Log. Thanks!

Thank you for your repsonse and direction. I removed all you told me to remove and followed all instructions except those that required access of internet. My computer will not allow me to access internet. So I could not install new java applet. I loaded it to a thumb drive and tried to install from it and copied it from thumb drive to desk top, netiehr would run. ALso went in to safe mode and tried. No luck. Couldn't update MBAM due to the internet issue either. I ran the MBAM scan again and the log is pasted below.

Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 2

12/20/2008 7:53:25 PM
mbam-log-2008-12-20 (19-53-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 57924
Time elapsed: 24 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hi thatguy418,

lets try whats suggested here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix#restore and get the Internet connection back. Then try this:

Please do a scan with Kaspersky Online Scanner (You need to use InternetExplorer or enable IEView in Firefox)
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

Thanks!

I posted that I couldn't access internet and therefore couldn't get Windows Restore (don't have xp rof disc either). I deleted that message by means of edit to post this. Then I clicked to open a file from my thumbdrive on laptop and all of a sudden the laptop was responding faster. Still can't access IE by the icon, but if I open a program that can check for updates, it gets out to the net. I dragged the Windows Boot icon on top of the ComboFix icon and program went like a charm. However, not sure how I can access Kaspersky since I can't seem to get an IE window. I'll keep trying though. For now here is the ComboFix log.

By the way, I did load Firefox to thumbdrive and install on laptop. All procesed fine, except a browser still won't open.

Thank you for all help given thus far and that yet to come.


Thatguy418

ComboFix 08-12-20.05 - Administrator 2008-12-21 18:14:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.109 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-21 18:12 . 2008-12-21 18:12 388,608 --a------ c:\windows\system32\CF31506.exe
2008-12-21 15:58 . 2008-12-21 15:58 <DIR> d-------- c:\windows\LastGood
2008-11-30 17:05 . 2008-11-30 17:05 <DIR> d-------- c:\program files\Lavasoft
2008-11-30 17:05 . 2008-11-30 17:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-30 16:47 . 2008-11-30 16:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-30 15:42 . 2008-11-30 15:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 15:42 . 2008-11-30 15:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 15:42 . 2008-11-30 15:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-30 15:42 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 15:42 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-30 15:07 . 2008-11-30 15:09 <DIR> d-------- c:\program files\RegistryFix7
2008-11-30 14:54 . 2008-11-30 14:54 <DIR> d-------- c:\program files\IObit
2008-11-30 14:54 . 2008-11-30 14:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit
2008-11-30 10:51 . 2008-11-30 10:51 <DIR> d-------- C:\rsit
2008-11-30 10:12 . 2008-11-30 10:12 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-08 01:01 --------- d-----w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-02 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-02 14:23 --------- d-----w c:\program files\Google
2008-11-02 01:41 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7
2008-11-02 01:07 --------- d-----w c:\program files\Spybot
2008-11-01 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2007-11-20 16:24 0 ----a-w c:\documents and settings\Administrator\ethereal-setup-0.99.0.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-11-01 590848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-20 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11 122880]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-07-11 61440]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:kingstest.no-ip.biz

S2 crd;crd;c:\docume~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe []
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-28 42512]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wral.com/
uInternet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 18:16:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-21 18:17:47
ComboFix-quarantined-files.txt 2008-12-21 23:17:20

Pre-Run: 15,309,332,480 bytes free
Post-Run: 15,316,021,248 bytes free

95 --- E O F --- 2008-11-09 17:23:05

Hi thatguy418,

Step #1

Please copy and paste the following text into Notepad:



Save this as "services.bat" Choose to save as *all files and place it on your Desktop.
Double-click services.bat. Soon it should disappear from your Desktop; this is fine.

Step #2

* Clean your Cache and Cookies in InternetExplorer:

• Close all instances of Outlook Express and Internet Explorer
• Go to Control Panel > Internet Options > General tab
• Click the "Delete Cookies" button
• Next to it, Click the "Delete Files" button
• When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

• Go to Tools > Options.
• Click Privacy in the menu on the left side of the Options window.
• Click the Clear button located to the right of each option (History, Cookies, Cache).
• Click OK to close the Options window
  Alternatively, you can clear all information stored while browsing by clicking Clear All.
  A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

• Go to start > run and type: cleanmgr and click ok.
• Let it scan your system for files to remove.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
• Press OK to remove them.

I ll double check regarding your above described behaviour and will revert with more stuff as soon as possible. Thanks!

I ran the services.bat file as instructed. It seemed to work as the icon disappeared as you said it would.

Since I can not pull up an IE window nor control panel, I opened IE Properties via control inetcpl.cpl in RUN. I have to use RUN to get anywhere practically on the pc (so when directing me if you know the command for RUN to get to what you ask pelase iclude it in instructions, otherwise I can alwasy search for the prompt online on another computer. In the IE properties every time I clicked delete cookies or temporary files, the properties went to Not Responding. After multiple attempts (and reboots) I moved to next step and typed in cleanmgr in my RUN box. Nothing happened.

If you have more ideas or suggestions, please let me know. I am happy to keep trying. My fear is if I reinstall Windows, the computer will continue to freak out periodically since that is the history. Apparently a reinstall doesn't necessarily clean the computer???

Thank you for all the time and suggestions offerend thus far.

Thatguy418

Hi Thatguy418,

just reinstalling windows is not enough. Thats correct. You will always need to format drives, to be sure all infections have disappeared.
Could you please try the following to see if you can then perform an Onlinescan as suggested above:

Please follow this guide on Dial-A-Fix and let me know if your problem still persists.

If that wont work, could you also run this please:

Download AVG Anti-Rootkit and save to your desktop

• Double click avgarkt-setup-1.1.0.42.exe to begin installation.
• Click Next to select the Normal interface.
• Accept the license and follow the prompts to install. (By default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit)
• You will be asked to reboot to finish the installation so click "Finish".
• After rebooting, double-click the icon for AVG Anti-Rootkit on your desktop.
• You will see a window with three buttons at the bottom.
• Click "Search For Rootkits" and the scan will begin.
• You will see the progress bar moving from left to right. The scan will take some so be patient and let it finish.
• When the scan has finished, if anything was found, click "Remove selected items"
• If nothing is found, a message will appear "Congratulations! There were no installed rootkits found on your computer."
• Click close, then select "Perform in-depth Search".
• When the scan has finished, if anything is found, click "Remove selected items"
• Again, if nothing was found, you will see the message "Congratulations! There were no installed rootkits found on your computer."
• Exit AVG ARK.

Note: Close all open windows, programs, and DO NOT USE the computer while scanning. If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted automatically.

Thanks!

I ran the Dial a Fix (a couple of times as it quit responding). All items ran fine except the Object Linking Libraries. I tried three or four times and it gets to Registering msdaer.dll and stops responding.

I went on and ran the AVG Anti Root kit as directed and both scans came back as no inst alled rootkits found.

I await your next suggestion when possible.

Thank you,

Thatguy418

Hi Thatguy418,

strange problem. Let me check on that, before we continue. How is the pc running in general?

Thanks.

Strange (and frustrating) indeed.

The laptop doesn't run well at all. I can play Spider solitare, go to Run and access many things from there, but can not access hardly any programs via their link on desktop or in start panel. Can't access internet windows at all, but my antivirus was able to update, so somehow internet access can be obtained, just not visibly.

Task Manager showed CPU usage at 100% so I researched a fix for that as I had no programs visibly running and didn't know what was making it run so high. Saw a thread where users deleted an AVI fiel from Registry Editor. I did it and it seems to be helping the CPU usage. However when I tried to run the Dial a Fix, it shot up to 100% again until I ended program.

I can't function much better, if at any at all, in safe mode either.

Feel free to ask more if it helps isolate issues. Any program that you suggest that can be put on a thumb drive from one computer and saved to the laptop, I am happy to try.

Thank you for your time and input.

Hi thatguy418,

one reason for your high memory usage is that you only have 256 MB of Ram all together. Windows XP itself would need 128 MB to run without any problems (thats half your capacity), but a 512 MB minimum has been referred to as the optimum minimum memory. As for the other stuff, lets try one thing please follow this guide to run sfc /scannow.

Whilst you are doing this, I am having at least one more pair of eyes looking at your descriptions, as I am more malware knowledgeable than hardware / software stuff like these . Should we not get this done here, I suggest you look at our software and hardware sub-forums. We have great helpers there too .

Thanks.

Edited: Posted to the wrong topic.

Yourhighness,

In my attempt to find a way to trick my computer in to letting me see a browser page, I happened to right click the Windows Update icon in system tray. It had two updates it wanted to do, IE7 and one other. I allowed it to do so, then alowed it to be restarted when it booted back up, all my functions have resumed to full use. I canaccess internet, programs, control panel, windows explorer etc. al without having to go through RUN to get there.

I logged in to Bleepingcomputers to do the scan you told me to do. The computer did ask for the WinXP Professional SP 3 disc. This laptop was given to me used and no OS disc was included. Therefore I can not insert the disk. It says there are some files that are required for Windows to run properly must be copied to the dll cache. Is there any way to get those files without the Win XP Prof disk? I have WinXP Home disc from my desktop, could I use it?

Any scans you want me to run I can now do it appears. Please advise.

Thank you so much!!

Hi there,

I would say any XP version would suffice, as long as its a legitimate one .
Whilst its great to hear that things are better, lets try this first. It cant harm to do it anyway.
Once we know how that went, we ll take it from there and may even wrap things up fast .

YoHi

Yourhighness,
I tried using my XP home cd, but a window appeared stating it was the wrong version of WINDOWS. The disk is legitimate, if I understand that meaning correctly. The CD was purchased at a retail store when I wanted to change OS on another computer. I have since parted that computer out therefor the OS is not in use on that pc, so it should make it legitimate for me to use it on another one. or so I believe.

If there is something I am missing on that please advise.

Is there another forum you would like me to post to now? Or do you have more options to try.

Hi thatguy,

sorry for the delay. Due to personal commitments and a double check with colleagues, I could only post now.
Apologies for the sfc /scannow issue. I was obviously wrong. You do need a CD with the equivalent OS. Whilst your reports of good "behaviour" is great, lets just get another look on your system and see how it goes for a few days, before giving some final recommendations.

• Please download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Thanks!

YourHighness,

No worries I am patient and merely appreciate any guidance and help given.

I downloaded RSIT to desktop, double clicked it, cliked run, clicked continue at disclaimer screen. It ran but only gave me one file. I've pasted it below. I didn't change the time frame shown on disclaimer screen, it defaulted to 1 month. Just to be clear, this problem started in the summer and I just put laptop away for a few months until time availed itself for me to work on the computer.

While I can now access internet and programs on this laptop, it is still very slow to respond, so I know it isn't fixed, but better than it was. Not sure if that is helpful info or not.

Please advise when able. Thank you. Thatguy418

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-08 19:31:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (76%) free of 19 GB
Total RAM: 254 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:03 PM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wral.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5778 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-05 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-11-01 590848]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-05 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2008-08-04 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-05 22:00:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-05 22:00:00 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-05 21:59:58 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-05 21:59:55 ----A---- C:\WINDOWS\system32\java.exe
2009-01-05 21:58:30 ----D---- C:\Program Files\Java
2009-01-05 20:56:47 ----D---- C:\WINDOWS\ie7updates
2009-01-05 20:54:47 ----D---- C:\WINDOWS\WBEM
2009-01-05 20:54:42 ----D---- C:\WINDOWS\system32\en-US
2009-01-05 20:51:51 ----HDC---- C:\WINDOWS\ie7
2009-01-05 20:51:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-05 20:50:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-05 20:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-01-05 20:49:47 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-01-05 20:46:38 ----D---- C:\WINDOWS\network diagnostic
2009-01-05 20:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2009-01-05 20:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-28 00:54:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-25 17:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-25 17:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-25 17:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-25 17:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-25 17:13:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-25 17:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-25 17:12:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-25 17:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-21 18:41:01 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-12-21 18:26:25 ----SHD---- C:\RECYCLER
2008-12-21 18:17:54 ----D---- C:\WINDOWS\temp
2008-12-21 18:17:49 ----A---- C:\ComboFix.txt
2008-12-21 18:12:52 ----A---- C:\WINDOWS\system32\CF31506.exe
2008-12-21 16:10:41 ----A---- C:\Boot.bak
2008-12-21 16:10:30 ----RASHD---- C:\cmdcons
2008-12-21 16:06:51 ----A---- C:\WINDOWS\zip.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\VFIND.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\SWSC.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\SWREG.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\sed.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\grep.exe
2008-12-21 16:06:51 ----A---- C:\WINDOWS\fdsv.exe
2008-12-21 16:06:47 ----D---- C:\WINDOWS\ERDNT
2008-12-21 16:06:47 ----D---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2009-01-08 18:59:09 ----D---- C:\WINDOWS
2009-01-08 18:58:38 ----D---- C:\WINDOWS\system32
2009-01-08 18:58:38 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2009-01-08 18:55:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-08 18:52:17 ----HD---- C:\WINDOWS\inf
2009-01-08 18:52:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-08 18:52:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-08 18:51:58 ----A---- C:\WINDOWS\imsins.BAK
2009-01-05 22:22:20 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-05 22:02:19 ----D---- C:\WINDOWS\Prefetch
2009-01-05 22:01:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-05 21:58:35 ----SHD---- C:\WINDOWS\Installer
2009-01-05 21:58:30 ----RD---- C:\Program Files
2009-01-05 21:04:31 ----D---- C:\WINDOWS\Help
2009-01-05 21:04:31 ----D---- C:\Program Files\Internet Explorer
2009-01-05 20:54:58 ----D---- C:\WINDOWS\system32\config
2009-01-05 20:54:28 ----D---- C:\WINDOWS\Media
2009-01-05 20:04:38 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-12-28 15:47:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-28 15:32:31 ----D---- C:\WINDOWS\system32\drivers
2008-12-28 15:32:29 ----D---- C:\Program Files\Grisoft
2008-12-28 14:54:31 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-28 10:18:52 ----RD---- C:\WINDOWS\Web
2008-12-21 18:16:35 ----A---- C:\WINDOWS\system.ini
2008-12-21 18:15:32 ----D---- C:\WINDOWS\AppPatch
2008-12-21 18:15:32 ----D---- C:\Program Files\Common Files
2008-12-21 16:10:41 ----RASH---- C:\boot.ini
2008-12-21 15:57:26 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-20 19:13:12 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-20 16:41:45 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-11-20 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-01-26 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-28 27776]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-23 10760]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-01-26 4960]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-28 247296]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-04-19 24209]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-04-19 57404]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 42512]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2008-08-04 312880]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-11-20 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-01-26 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-23 406528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-05 152984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-28 92792]

-----------------EOF-----------------

Hi thatguy,


Thats ok. We just want a final look at your pc.


The slow behaviour of your pc is partially due to the low level of Ram memory, your pc has:



Step #1

Please navigate to: Start >> Run... and type Combofix /u and hit Enter. Thanks.

Step #2

Please download the OTCleanIt by OldTimer.

• Please double-click on "OTCleanIt.exe"
• Navigate to the following icon and click it:
• OTCleanIt might ask you to reboot. If it does so, please let it do so.

Note: after reboot, OTCleanIt and your other helper tools downloaded while cleaning your Pc, will be removed. So its oke if it is not there anymore ;) .

Step #3

Please also have a look at the following links, giving some advice and suggestions for preventing future infections:

• So How did I get infected?
• Microsoft - 'Security at home'
• Miekies' prevention suggestions

I recommend you regularly visit the Windows Update Site!

• Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
• By updating your machine, you have one less headache!
• Update ALL Critical updates and any other Windows updates for services/programs that you use.
• If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
• Note that it will download them for you, but you still have to actually click install.
• If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Another recommendation, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:

1. Double-click the Downloaded installer and install the tool to a location of your choice
2. Via the Startmenu, navigate to HostsMan and run the program.
   1. Click "Hosts" in the menu
   2. Click "Manage Updates" in the submenu
   3. Out of the three, select atl east one of them (I have MVPS Host as my main one)
   4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      
3. Click the X to exit the program.
4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Step #4

Please give the hardware section a go, to see if you can do some tuning with additional RAM or if they may have any other suggestions to try and speed up your pc. Thanks.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

thank you so much....I am working on the things you outlined,little by little as time allows. When I can I will look in to more ram. Thanks so much!!!!