 laptop w/win xp only allows me to go to RUN/ Computer 2, no program accessibility |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Nov 30 2008, 11:02 AM
Post
#1
|
|
|
Member  Group: Members Posts: 17 Joined: 29-November 08 Member No.: 262,666  |
Thanks, Thatguy418 CODE 11-30-08 RSIT Log Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-30 10:51:49 Microsoft Windows XP Professional Service Pack 2 System drive C: has 15 GB (77%) free of 19 GB Total RAM: 254 MB (63% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:51 AM, on 11/30/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe E:\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wral.com/ R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: crd - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 5261 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}] AOLSearchHook Class - C:\Program Files\AOL Search\AOLSearch.dll [2007-12-18 111968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}] AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784] "AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-11-01 590848] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112] "SpybotSD TeaTimer"=C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2008-08-04 79408] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe" "C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe" "C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe" "C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 3 months====== 2008-11-30 10:51:49 ----D---- C:\rsit 2008-11-30 10:12:32 ----D---- C:\Program Files\Trend Micro 2008-11-08 23:16:37 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-11-08 23:14:20 ----A---- C:\WINDOWS\system32\MRT.exe 2008-11-07 20:01:55 ----D---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2008-11-04 09:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-11-04 09:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-11-04 09:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-11-04 09:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-11-04 09:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-11-04 09:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-11-04 09:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-11-04 09:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-11-04 09:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-11-04 09:30:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-11-04 09:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-11-04 09:29:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-11-04 09:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-11-04 09:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-11-04 09:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-11-04 09:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-11-04 08:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$ 2008-11-04 08:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$ 2008-11-04 08:57:04 ----A---- C:\WINDOWS\_delis43.ini 2008-11-02 09:41:47 ----D---- C:\WINDOWS\system32\CatRoot_bak 2008-11-02 09:28:21 ----D---- C:\WINDOWS\system32\PreInstall 2008-11-02 09:28:14 ----N---- C:\WINDOWS\system32\spmsg.dll 2008-11-02 09:28:13 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2008-11-02 09:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2008-11-02 09:28:07 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-01 20:07:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-01 20:01:39 ----D---- C:\Program Files\Spybot 2008-11-01 16:28:12 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2008-11-01 16:21:34 ----SHD---- C:\Config.Msi 2008-11-01 16:16:28 ----D---- C:\WINDOWS\system32\appmgmt 2008-11-01 16:06:12 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip 2008-11-01 16:05:59 ----D---- C:\Program Files\WinZip 2008-09-07 20:21:37 ----A---- C:\WINDOWS\ntbtlog.txt 2008-09-05 23:30:42 ----N---- C:\WINDOWS\system32\WgaLogon.dll 2008-09-05 23:30:06 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll 2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe ======List of files/folders modified in the last 3 months====== 2008-11-30 10:36:36 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-30 10:30:02 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-30 10:12:32 ----RD---- C:\Program Files 2008-11-30 10:10:57 ----D---- C:\WINDOWS\Prefetch 2008-11-30 10:05:18 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT 2008-11-09 16:11:47 ----D---- C:\WINDOWS\system32 2008-11-09 12:34:35 ----D---- C:\WINDOWS\Temp 2008-11-09 12:19:37 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-09 12:19:00 ----HD---- C:\WINDOWS\inf 2008-11-09 11:35:25 ----D---- C:\WINDOWS 2008-11-08 23:16:31 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-08 23:14:25 ----D---- C:\WINDOWS\Debug 2008-11-04 09:32:15 ----D---- C:\WINDOWS\system32\drivers 2008-11-04 09:32:08 ----A---- C:\WINDOWS\imsins.BAK 2008-11-04 09:31:55 ----D---- C:\Program Files\Messenger 2008-11-04 09:29:13 ----D---- C:\WINDOWS\WinSxS 2008-11-04 08:59:36 ----D---- C:\Program Files\Internet Explorer 2008-11-04 08:58:36 ----D---- C:\Scrabble 2008-11-02 09:23:55 ----D---- C:\Program Files\Google 2008-11-01 20:41:06 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG7 2008-11-01 16:29:40 ----D---- C:\WINDOWS\SoftwareDistribution 2008-11-01 16:29:36 ----D---- C:\WINDOWS\Help 2008-11-01 16:24:58 ----SHD---- C:\WINDOWS\Installer 2008-11-01 16:24:25 ----D---- C:\Program Files\Common Files\Microsoft Shared 2008-11-01 16:24:22 ----D---- C:\WINDOWS\system32\mui 2008-11-01 16:23:24 ----RSD---- C:\WINDOWS\assembly 2008-11-01 16:17:20 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-11-01 16:17:19 ----D---- C:\Program Files\Common Files 2008-11-01 16:16:55 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2008-11-01 14:59:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968] R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-23 10760] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys [] S1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-11-20 821856] S1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-01-26 4224] S1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-28 27776] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496] S2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-01-26 4960] S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080] S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-04-19 24209] S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-04-19 57404] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 42512] S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-28 247296] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2008-08-04 312880] S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-11-20 418816] S2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-01-26 49664] S2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-23 406528] S2 crd;crd; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe [] S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-28 92792] -----------------EOF----------------- |
 |
 
|
|
Dec 14 2008, 05:37 PM
Post
#2
|
|
 Bleepin' Conundrum Group: Emeritus Posts: 19,461 Joined: 26-April 04 From: 65 miles due East of the "Logic Free Zone", in Md, USA Member No.: 235 |
Hello and welcome to Bleeping Computer
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far. Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:
R, K -------------------- The only easy day was yesterday.
...some do, some don't; some will, some won't (WR) |
|
|
|
|
Dec 19 2008, 05:21 PM
Post
#3
|
|
|
Member Group: Members Posts: 17 Joined: 29-November 08 Member No.: 262,666 |
My laptop is so messed up I can't even get AVG to respond when trying to disengage it's protection. I had to run the DDS program with AVG turned on. Very few things on that computer will respond when clicked/double clicked. Below is a pasted copy of my DDS.txt.
Thank you for any help you can give. The prior owner gave this laptop away becase it kept "crashing" a little while after it would get "fixed". IT guy couldn't figure out the problem. They told me if I don't put too many things on this it should run fine. Not sure what I put on it that messed it up, or if it is something lingering from prior person, but if you can help that would be awesome. DDS (Version 1.0.1) - NTFSx86 Run by Administrator at 16:31:16.59 on Fri 12/19/2008 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_12 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.67 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\AIM\aim.exe C:\Program Files\Spybot\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE E:\dds per bleeping computer for laptop.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.wral.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - c:\program files\aol search\AOLSearch.dll uURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aim toolbar 5.0\aoltb.dll mURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aim toolbar 5.0\aoltb.dll dURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aim toolbar 5.0\aoltb.dll BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot\spybot - search & destroy\SDHelper.dll BHO: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - c:\program files\aol search\AOLSearch.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl uRun: [SpybotSD TeaTimer] c:\program files\spybot\spybot - search & destroy\TeaTimer.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [AVG7_CC] c:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot\spybot - search & destroy\SDHelper.dll IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Notify: igfxcui - igfxsrvc.dll SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll ============= SERVICES / DRIVERS =============== R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2006-9-28 11000] R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-1-26 821856] R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-1-26 4224] R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-1-26 27776] R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-1-26 3968] R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-1-26 10760] R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664] R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2006-9-28 312880] R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2007-1-26 418816] R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2007-1-26 49664] R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2007-1-26 406528] R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-1-26 4960] R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-12-27 24652] S2 crd;crd;c:\docume~1\admini~1\locals~1\temp\ixp001.tmp\poststp.exe [] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512] =============== Created Last 30 ================ ==================== Find3M ==================== 2007-11-20 11:24 0 a------- c:\documents and settings\administrator\ethereal-setup-0.99.0.exe ============= FINISH: 16:31:38.18 ===============
Attached File(s)
|
|
|
|
|
Dec 20 2008, 02:23 AM
Post
#4
|
|
 The BSG Malware Fighter Group: HJT Team Coach Posts: 6,661 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
Hello thatguy418 and welcome to BleepingComputer!
Please note that comments are made in green, links are in red, important things are outlined by using the blue color and the numbered steps I would like you to follow are outlined with orange. Please also take note of the following:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player. Step #3 I see you got Malwarebytes Antimalware on your machine. Please start MBAM, then check for updates. Let updates install and run a scan. Please post back with that Log. Thanks! -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -  |
|
|
|
|
Dec 20 2008, 07:58 PM
Post
#5
|
|
|
Member Group: Members Posts: 17 Joined: 29-November 08 Member No.: 262,666 |
Thank you for your repsonse and direction. I removed all you told me to remove and followed all instructions except those that required access of internet. My computer will not allow me to access internet. So I could not install new java applet. I loaded it to a thumb drive and tried to install from it and copied it from thumb drive to desk top, netiehr would run. ALso went in to safe mode and tried. No luck. Couldn't update MBAM due to the internet issue either. I ran the MBAM scan again and the log is pasted below.
Malwarebytes' Anti-Malware 1.30 Database version: 1410 Windows 5.1.2600 Service Pack 2 12/20/2008 7:53:25 PM mbam-log-2008-12-20 (19-53-25).txt Scan type: Full Scan (C:\|) Objects scanned: 57924 Time elapsed: 24 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
|
|
|
Dec 21 2008, 01:06 PM
Post
#6
|
|
|
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,661 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
hi thatguy418,
lets try whats suggested here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix#restore and get the Internet connection back. Then try this: Please do a scan with Kaspersky Online Scanner (You need to use InternetExplorer or enable IEView in Firefox) Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs.
-------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE - |
|
|
|
|
Dec 21 2008, 06:06 PM
Post
#7
|
|
|
Member Group: Members Posts: 17 Joined: 29-November 08 Member No.: 262,666 |
I posted that I couldn't access internet and therefore couldn't get Windows Restore (don't have xp rof disc either). I deleted that message by means of edit to post this. Then I clicked to open a file from my thumbdrive on laptop and all of a sudden the laptop was responding faster. Still can't access IE by the icon, but if I open a program that can check for updates, it gets out to the net. I dragged the Windows Boot icon on top of the ComboFix icon and program went like a charm. However, not sure how I can access Kaspersky since I can't seem to get an IE window. I'll keep trying though. For now here is the ComboFix log.
By the way, I did load Firefox to thumbdrive and install on laptop. All procesed fine, except a browser still won't open. Thank you for all help given thus far and that yet to come. Thatguy418 ComboFix 08-12-20.05 - Administrator 2008-12-21 18:14:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.109 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 ))))))))))))))))))))))))))))))) . 2008-12-21 18:12 . 2008-12-21 18:12 388,608 --a------ c:\windows\system32\CF31506.exe 2008-12-21 15:58 . 2008-12-21 15:58 <DIR> d-------- c:\windows\LastGood 2008-11-30 17:05 . 2008-11-30 17:05 <DIR> d-------- c:\program files\Lavasoft 2008-11-30 17:05 . 2008-11-30 17:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-30 16:47 . 2008-11-30 16:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-30 15:42 . 2008-11-30 15:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-30 15:42 . 2008-11-30 15:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-30 15:42 . 2008-11-30 15:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-11-30 15:42 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-30 15:42 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-30 15:07 . 2008-11-30 15:09 <DIR> d-------- c:\program files\RegistryFix7 2008-11-30 14:54 . 2008-11-30 14:54 <DIR> d-------- c:\program files\IObit 2008-11-30 14:54 . 2008-11-30 14:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit 2008-11-30 10:51 . 2008-11-30 10:51 <DIR> d-------- C:\rsit 2008-11-30 10:12 . 2008-11-30 10:12 <DIR> d-------- c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-20 21:41 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2008-11-08 01:01 --------- d-----w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2008-11-02 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-02 14:23 --------- d-----w c:\program files\Google 2008-11-02 01:41 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7 2008-11-02 01:07 --------- d-----w c:\program files\Spybot 2008-11-01 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll 2007-11-20 16:24 0 ----a-w c:\documents and settings\Administrator\ethereal-setup-0.99.0.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784] "AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-11-01 590848] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-20 219136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11 122880] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-07-11 61440] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "43594:TCP"= 43594:TCP:kingstest.no-ip.biz S2 crd;crd;c:\docume~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe [] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-28 42512] *Newly Created Service* - PROCEXP90 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.wral.com/ uInternet Connection Wizard,ShellNext = iexplore . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-21 18:16:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-12-21 18:17:47 ComboFix-quarantined-files.txt 2008-12-21 23:17:20 Pre-Run: 15,309,332,480 bytes free Post-Run: 15,316,021,248 bytes free 95 --- E O F --- 2008-11-09 17:23:05 This post has been edited by thatguy418: Dec 21 2008, 06:47 PM |
|
|
|
|
Dec 23 2008, 07:24 AM
Post
#8
|
|
|
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,661 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
Hi thatguy418, Step #1 Please copy and paste the following text into Notepad: CODE sc stop crd sc delete crd del services.bat Save this as "services.bat" Choose to save as *all files and place it on your Desktop. Double-click services.bat. Soon it should disappear from your Desktop; this is fine. Step #2 * Clean your Cache and Cookies in InternetExplorer:
-------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE - |
|
|
|
|
Dec 27 2008, 10:38 AM
Post
#9
|
|
|
Member Group: Members Posts: 17 Joined: 29-November 08 Member No.: 262,666 |
I ran the services.bat file as instructed. It seemed to work as the icon disappeared as you said it would.
Since I can not pull up an IE window nor control panel, I opened IE Properties via control inetcpl.cpl in RUN. I have to use RUN to get anywhere practically on the pc (so when directing me if you know the command for RUN to get to what you ask pelase iclude it in instructions, otherwise I can alwasy search for the prompt online on another computer. In the IE properties every time I clicked delete cookies or temporary files, the properties went to Not Responding. After multiple attempts (and reboots) I moved to next step and typed in cleanmgr in my RUN box. Nothing happened. If you have more ideas or suggestions, please let me know. I am happy to keep trying. My fear is if I reinstall Windows, the computer will continue to freak out periodically since that is the history. Apparently a reinstall doesn't necessarily clean the computer??? Thank you for all the time and suggestions offerend thus far. Thatguy418 |
|
|
|
|
Dec 27 2008, 04:39 PM
Post
#10
|
|
|
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,661 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
Hi Thatguy418,
just reinstalling windows is not enough. Thats correct. You will always need to format drives, to be sure all infections have disappeared. Could you please try the following to see if you can then perform an Onlinescan as suggested above: Please follow this guide on Dial-A-Fix and let me know if your problem still persists. If that wont work, could you also run this please: Download AVG Anti-Rootkit and save to your desktop
Thanks! -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE - |
|
|
|
|
Dec 28 2008, 04:10 PM
Post
#11
|
|
|
Member Group: Members Posts: 17 Joined: 29-November 08 Member No.: 262,666 |
I ran the Dial a Fix (a couple of times as it quit responding). All items ran fine except the Object Linking Libraries. I tried three or four times and it gets to Registering msdaer.dll and stops responding.
I went on and ran the AVG Anti Root kit as directed and both scans came back as no inst alled rootkits found. I await your next suggestion when possible. Thank you, Thatguy418 |
|
|
|
|
Dec 29 2008, 05:04 PM
Post
#12
|
|
|
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,661 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
Hi Thatguy418,
strange problem. Let me check on that, before we continue. How is the pc running in general? Thanks. -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE - |
|
|
|
|
Dec 30 2008, 11:48 PM
Post
#13
|
|
|
Member Group: Members Posts: 17 Joined: 29-November 08 Member No.: 262,666 |
Strange (and frustrating) indeed.
The laptop doesn't run well at all. I can play Spider solitare, go to Run and access many things from there, but can not access hardly any programs via their link on desktop or in start panel. Can't access internet windows at all, but my antivirus was able to update, so somehow internet access can be obtained, just not visibly. Task Manager showed CPU usage at 100% so I researched a fix for that as I had no programs visibly running and didn't know what was making it run so high. Saw a thread where users deleted an AVI fiel from Registry Editor. I did it and it seems to be helping the CPU usage. However when I tried to run the Dial a Fix, it shot up to 100% again until I ended program. I can't function much better, if at any at all, in safe mode either. Feel free to ask more if it helps isolate issues. Any program that you suggest that can be put on a thumb drive from one computer and saved to the laptop, I am happy to try. Thank you for your time and input. |
|
|
|
|
Dec 31 2008, 02:45 AM
Post
#14
|
|
|
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,661 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
Hi thatguy418,
one reason for your high memory usage is that you only have 256 MB of Ram all together. Windows XP itself would need 128 MB to run without any problems (thats half your capacity), but a 512 MB minimum has been referred to as the optimum minimum memory. As for the other stuff, lets try one thing please follow this guide to run sfc /scannow. Whilst you are doing this, I am having at least one more pair of eyes looking at your descriptions, as I am more malware knowledgeable than hardware / software stuff like these  . Should we not get this done here, I suggest you look at our software and hardware sub-forums. We have great helpers there too  .Thanks. -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE - |
|
|
|
|
Dec 31 2008, 08:22 AM
Post
#15
|
|
 Bleeping Curious Group: HJT Team Posts: 7,096 Joined: 8-December 07 From: The Netherlands Member No.: 175,240 |
Edited: Posted to the wrong topic.
This post has been edited by farbar: Dec 31 2008, 09:07 AM --------------------  This is a voluntary free service. However, if you would like to donate click on  |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 06:44 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.