Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed A Ton Of Malware With Sdfix But Now Computer Only Runs In Safe Mode...


  • This topic is locked This topic is locked
3 replies to this topic

#1 Lamox

Lamox

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 17 September 2008 - 02:54 PM

Please help me out here guys, just got a new job and on the second day my boss asked me if I know anything about computers and all of a sudden I was stuck with his personal laptop. It was running really bad with tons of popups and fake virus removals so I ran SDFix which reported that everything was removed. After this however the computer starts up with the background picture and nothing else. I can open taskmanager with ctrl-alt-del and browse all files but it freezes up if I try Internet Explorer or any other program. All icons and the start-button are non-existent.

The computer runs fine in safe mode and I got Hijack this installed so please help me to fix this. I will also include the report from SDFix.

Thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:21, on 2008-09-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program\Trend Micro\HijackThis\HijackThis.exe
C:\Program\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.golfdata.se/tour/index.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: {4719ebae-eefb-3939-ac54-a6cdec2ea862} - {268ae2ce-dc6a-45ca-9393-bfeeeabe9174} - C:\WINDOWS\system32\lvxald.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D062D49-82B9-47A2-8E72-15A93FE89559} - C:\WINDOWS\system32\nnnkiJaX.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O3 - Toolbar: InternetAnonymizer - {7873A33B-E2A1-4a0b-A418-B6378908ABAD} - C:\Program\InternetAnonymizer\GIAToolBar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\program\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TerraTec Scheduler] "C:\program\delade filer\TerraTec\Scheduler\TTTimer.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\program\delade filer\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OmniPass] C:\Program\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LG Intelligent Update] C:\Program\lg_swupdate\autoupdate.exe Gilautouc
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\HotKey.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GW Port Controller] C:\Program\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [GIAReg] regsvr32 /s "C:\Program\InternetAnonymizer\GIAToolBar.dll"
O4 - HKLM\..\Run: [GIAN] C:\Program\InternetAnonymizer\traymodule.exe
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [cwriter] C:\Program\Delade filer\TryggPCVerktyg\cookw.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser\batterymiser.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [1c00c15f] rundll32.exe "C:\WINDOWS\system32\bxflhfoj.dll",b
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SRSTrayApp] C:\Program\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemoKit.lnk = C:\program\MemoKit\mk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\oldie\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\program\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216619639703
O16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} (CLoader Object) - http://www.antivirusxp2008.com/tools/virusremover.dll
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.elitgolf.se/controls/IlosoftImageUpload.dll
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujidirekt.se/aurigma2/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: xzulad.dll,pitcpi.dll,myidgs.dll,lvxald.dll,avgrsstx.dll
O21 - SSODL: dRbtcUejRxh - {1C00C1F1-B6AA-6B5B-5658-F9B2579663CA} - C:\WINDOWS\system32\fmkc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: GIA Proxy Service (GIAProxyService) - InternetAnonymizer Corporation - C:\Program\InternetAnonymizer\GIAProxyService.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program\Softex\OmniPass\Omniserv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe

--
End of file - 11384 bytes






SDFix: Version 1.225
Run by Administrat”r on 2008-09-16 at 09:18

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
sysrest.sys

Path :
\??\C:\WINDOWS\system32\sysrest.sys

sysrest.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\rqRIyApP.dll - Deleted
C:\WINDOWS\EPMQ.EXE - Deleted
C:\Documents and Settings\Mats\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk - Deleted
C:\Documents and Settings\Mats\Favoriter\Error Cleaner.url - Deleted
C:\Documents and Settings\Mats\Mina dokument\™vrigt\Error Cleaner.url - Deleted
C:\Documents and Settings\Mats\Favoriter\Privacy Protector.url - Deleted
C:\Documents and Settings\Mats\Favoriter\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Mats\Mina dokument\™vrigt\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\Program\AntiSpywareExpert\ase_se.exe - Deleted
C:\Program\Antivirus2008y\antvrs.exe - Deleted
C:\Program\Antivirus 2008 PRO\antivirus-2008pro.exe - Deleted
C:\Program\Antivirus 2008 PRO\vscan.tsi - Deleted
C:\Program\Antivirus 2008 PRO\zlib.dll - Deleted
C:\Program\Antivirus 2009\av2009.exe - Deleted
C:\Program\Antivirus 2009\av2009[1].exe - Deleted
C:\Program\AV9\av2009.exe - Deleted
C:\Program\VAV\vav.cpl - Deleted
C:\Program\VAV\vav.exe - Deleted
C:\Program\VAV\vav.ooo - Deleted
C:\Program\VAV\vav0.dat - Deleted
C:\Program\VAV\vav1.dat - Deleted
C:\Program\winvi\Uninst.exe - Deleted
C:\Program\winvi\update.exe - Deleted
C:\Program\winvi\version.ini - Deleted
C:\Program\winvi\wupda.exe - Deleted
C:\Program\winvi\dsktp\AC_RunActiveContent.js - Deleted
C:\Program\winvi\dsktp\desktop.html - Deleted
C:\Program\winvi\dsktp\internetDetection.swf - Deleted
C:\Program\winvi\dsktp\settings.sol - Deleted
C:\WINDOWS\kvsdpfeagep.dll - Deleted
C:\Program\AVM\avm0.dat - Deleted
C:\Program\AVM\avm1.dat - Deleted
C:\Program\AVM\avm.cpl - Deleted
C:\Program\AVM\avm.exe - Deleted
C:\Program\AVM\avm.ooo - Deleted
C:\WINDOWS\pebgkxwq.exe - Deleted
C:\WINDOWS\rnopbfgt.dll - Deleted
C:\WINDOWS\rtsplgob.dll - Deleted
C:\WINDOWS\system32\avm.cpl - Deleted
C:\WINDOWS\system32\scui.cpl - Deleted
C:\WINDOWS\system32\sysrest32.exe - Deleted
C:\WINDOWS\system32\vav.cpl - Deleted
C:\WINDOWS\system32\winsrc.dll - Deleted
C:\WINDOWS\system32\winsrc.dll.tmp - Deleted
C:\WINDOWS\xkefqtgs.dll - Deleted
C:\WINDOWS\system32\sysrest.sys - Deleted



Folder C:\Documents and Settings\Mats\Application Data\Antivirus2008y - Removed
Folder C:\Documents and Settings\Mats\Start-meny\Antivirus 2009 - Removed
Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
Folder C:\Program\AntiSpywareExpert - Removed
Folder C:\Program\Antivirus2008y - Removed
Folder C:\Program\Antivirus 2008 PRO - Removed
Folder C:\Program\Antivirus 2009 - Removed
Folder C:\Program\AV9 - Removed
Folder C:\Program\VAV - Removed
Folder C:\Program\winvi - Removed
Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 10:42:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df02680ca]
"0010c694cfe7"=hex:d6,cc,42,21,fe,8f,34,d7,63,2b,63,fe,67,45,00,dc
"0017b0355b63"=hex:55,92,7d,7e,09,b0,d5,74,63,03,d1,7f,3b,51,21,27
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df02680ca]
"0010c694cfe7"=hex:d6,cc,42,21,fe,8f,34,d7,63,2b,63,fe,67,45,00,dc
"0017b0355b63"=hex:55,92,7d,7e,09,b0,d5,74,63,03,d1,7f,3b,51,21,27

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Mats\\Skrivbord\\backup gammal dator\\Program\\Skype\\Phone\\Skype.exe"="C:\\Documents and Settings\\Mats\\Skrivbord\\backup gammal dator\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Program\\Sony Ericsson\\Mobile\\DXP SyncML.exe"="C:\\Program\\Sony Ericsson\\Mobile\\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\\Program\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Temp\\HP_WebRelease\\Setup\\HPZnet01.exe"="C:\\Temp\\HP_WebRelease\\Setup\\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in"
"C:\\Program\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Mats\\Lokala inst„llningar\\Temp\\.ttA.tmp"="C:\\Documents and Settings\\Mats\\Lokala inst„llningar\\Temp\\.ttA.tmp:*:Enabled:enable"
"C:\\program\\WinAntiVirus Pro 2007\\WinAV.exe"="C:\\program\\WinAntiVirus Pro 2007\\WinAV.exe:*:Disabled:WinAntiVirus Pro 2007"
"C:\\program\\Bonjour\\mDNSResponder.exe"="C:\\program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\program\\iTunes\\iTunes.exe"="C:\\program\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 13 Nov 2004 37,376 ...H. --- "C:\oldie\Delade filer\Adobe\ESD\DLMCleanup.exe"
Sat 13 Nov 2004 37,376 A..H. --- "C:\program\delade filer\Adobe\ESD\DLMCleanup.exe"

Finished!

BC AdBot (Login to Remove)

 


m

#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:39 PM

Posted 24 September 2008 - 10:40 AM

Hi Lamox,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Note 1. Please refrain from making any changes to your system from now on as it might prolong handling your log and make the job for both of us more difficult.

Note 2. If you could not get to normal mode you may run "RSIT in Safe Mode with Networking". However if it did not included Hijackthis in log.txt please post a fresh Hijackhtis log also.
  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note 1:The logs will be created in this folder: C:\rsit

      Note 2:The tool takes not more than one minute to scan the system.
  • Tell me if you have run any other tool.

  • Tell me about the current condition of the laptop.


#3 Lamox

Lamox
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 25 September 2008 - 02:21 PM

Hi farbar!

Thanks a lot for your reply but the problem was solved the "easy way"... My boss returned it to the shop he bought it from yesterday and they just reformatted the drive and re-installed windows again. I did manage to backup all the data though so now I'm reinstalling them again together with some software.

Thanks for your help anyway and I will continue to browse the site since you have a lot of good stuff here.

Best regards

Lamox

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:39 PM

Posted 25 September 2008 - 04:13 PM

Thanks for letting me know.

Glad the problem is solved.

This thread will now be closed.
If you need this topic reopened, please send me a PM and I will reopen it for you.
Include the address of this thread in your request.

If you should have a new issue, please start a new topic.

This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users