Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Various problems may be a bug [RESOLVED]

Started by fodelement , Jul 25 2008 08:38 PM

  • This topic is locked This topic is locked

#1
fodelement
Posted 25 July 2008 - 08:38 PM

fodelement

    New Member

  • Member
  • Pip
  • 7 posts
This computer was given to my family and the HDD was left as is from the previous owner. The computer had many infections but most were found and removed with various virus scanners. After most of the infections were removed I then went to add remove programs to get rid of the useless junk. After I uninstalled limewire then steam I decided to uninstall of AOL. Add removed programs then crashed and would not open again. I decided to restart the computer but the computer hangs on the screen windows is shutting down and I must unplug the wire from the power supply. After the computer was back on I went to add remove programs and it was blank. I do not even prompt that the list is being populated. In safe mode add remove programs works, and the computer shuts down/restarts properly from it. After running the viruses scanners again it found 120 infections in aol so I deleted them but nothing is working still. The computer itself has also slowed down dramatically since this event.


I also ran HijackThis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:43 PM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm035YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1142453056054
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160320342106
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5156 bytes
  • 0

Advertisements

#2
greyknight17
Posted 26 July 2008 - 06:43 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

I recommend uninstalling Avast Antivirus. Most likely it's causing the slowdown since you have AVG installed also.

Did you also remove McAfee Spamkiller? It looks like some files are missing from it.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm035YYUS
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

c:\program files\mcafee\

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

Edited by greyknight17, 26 July 2008 - 06:44 PM.

  • 0

#3
fodelement
Posted 27 July 2008 - 07:03 AM

fodelement

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you greyknight17

My only question is how do I remove Avast if I can not get to add/remove programs?




After running combofix my keyboard will no longer work. It is a PS/2 type plug.



ComboFix 08-07-26.1 - Owner 2008-07-27 10:31:05.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-27 07:42 . 2008-07-27 07:42 <DIR> d-------- C:\Program Files\iPod
2008-07-27 07:41 . 2008-07-27 07:42 <DIR> d-------- C:\Program Files\iTunes
2008-07-26 12:22 . 2008-07-26 12:22 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-25 22:19 . 2008-07-25 22:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-25 21:55 . 2008-07-25 21:55 2 --a------ C:\WINDOWS\msoffice.ini
2008-07-25 20:00 . 2008-07-25 20:00 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-25 20:00 . 2008-07-25 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-25 19:50 . 2008-07-25 19:50 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-25 19:50 . 2008-07-25 19:50 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-25 19:50 . 2008-07-25 19:50 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-25 19:50 . 2008-07-25 19:50 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-25 19:49 . 2008-07-25 19:49 <DIR> d-------- C:\Program Files\AVG
2008-07-25 19:49 . 2008-07-25 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 19:49 . 2008-07-25 19:49 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-25 19:39 . 2008-07-25 19:39 <DIR> d-------- C:\VundoFix Backups
2008-07-25 19:38 . 2008-07-25 19:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 10:08 . 2008-07-25 10:08 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-24 16:41 . 2008-07-24 18:22 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-24 16:21 . 2008-07-24 16:21 <DIR> d-------- C:\Program Files\WinPcap
2008-07-22 21:52 . 2008-07-22 21:54 <DIR> d-------- C:\Program Files\Snood
2008-07-22 18:42 . 2008-07-22 18:42 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-22 18:42 . 2008-07-22 18:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-07-22 17:28 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-22 17:28 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-22 17:27 . 2008-02-19 14:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-22 17:26 . 2008-07-22 17:27 <DIR> d-------- C:\Documents and Settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 02:12 --------- d-----w C:\Program Files\Common Files\AOL
2008-07-26 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-07-26 01:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2008-07-22 22:16 --------- d-----w C:\Program Files\McAfee.com
2008-07-22 21:29 --------- d-----w C:\Program Files\Common Files\Adobe
2006-07-10 03:16 24,192 ----a-w C:\Documents and Settings\Owner\usbsermptxp.sys
2006-07-10 03:16 22,768 ----a-w C:\Documents and Settings\Owner\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-25 19:49 1235736]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Desktop Application Director 8.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Desktop Application Director 8.LNK
backup=C:\WINDOWS\pss\Corel Desktop Application Director 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 19:44 1200128 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
--a------ 2006-03-30 14:31 296488 c:\PROGRA~1\McAfee.com\MPS\mscifapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2005-08-11 23:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-16 09:27 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-11 00:15 111816 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--a------ 2005-08-10 13:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"MskService"=2 (0x2)
"MpfService"=2 (0x2)
"mcupdmgr.exe"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Spssys;Toshiba SPS Service;C:\WINDOWS\system32\drivers\spssys.sys []
R3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
R3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys []
R3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys []
R3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys []
R3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys []
R3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys []
R4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\System32\Drivers\avgrkx86.sys [2008-07-25 19:50]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\DRIVERS\aswSP.syS [2008-07-19 10:35]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-07-25 19:50]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-25 19:49]
S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-25 19:49]

.
Contents of the 'Scheduled Tasks' folder
2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!-J:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0 []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 10:34:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
Completion time: 2008-07-27 10:40:33
ComboFix-quarantined-files.txt 2008-07-27 14:40:10
ComboFix2.txt 2008-07-27 14:13:32

Pre-Run: 61,714,681,856 bytes free
Post-Run: 61,686,243,328 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

169 --- E O F --- 2008-02-13 19:12:00

Edited by fodelement, 27 July 2008 - 08:47 AM.

  • 0

#4
greyknight17
Posted 27 July 2008 - 08:02 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Can you remove Avast in Safe Mode? Is it still not working in Normal Mode now after running Combofix?

Did you have problems running Combofix? Looks like you had to run it twice there....post the original log from C:\Combofix\Combofix2.txt

Delete this file:

C:\WINDOWS\msoffice.ini
  • 0

#5
fodelement
Posted 28 July 2008 - 12:31 PM

fodelement

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I have called up the people who gave us the computer and they have found the windows installer disc. So I will just re-install windows, its not like we used the computer yet anyway.

Thanks for the help.
  • 0

#6
greyknight17
Posted 30 July 2008 - 10:37 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP