PDA

View Full Version : Computer System - Destroyed



Dresden
04-21-2007, 06:59 PM
Hey all, I've a question about additional options for reviving my sister's laptop. It was pretty much run into the ground when she gave it to me to fix (i.e. 5+ minute boot time, internet ability disabled, etc.)


~Initial Actions~

1. Ad-Aware SE Personal - 125 traces detected and deleted; 1 trojanproxy (virus that messed up the internet capability?) detected and deleted

2. Registry Fix v5.5 - 16 high risk problems detected and deleted; 16 medium-risk problems detected and deleted; 29 low-risk problems detected and deleted

3. Spybot S&D - 48 problems detected and deleted

4. RegFix v6.1 - 201 problems detected and deleted

5. AVG 7.5 Free Edition - Nothing detected (which I thought was odd)

6. [Run] -> [msconfig] - Normal startup


~Result~

1. Boot time has not improved
2. Internet still impaired
3. CPU resource usage always runs close to or at 100%

---

As disgusting as it is to say, I'm impressed at how some people manage to neglect their PC to this extent. Hopefully, there is another path in which to pursue to fix this!

Thanks!

Dresden

classicsoftware
04-21-2007, 07:58 PM
Is this Dresden as in Germany or as in the Laptop has been Firebombed?

Please download a copy of Hijackthis (http://www.subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41). Unzip it into a permanent folder and choose the option to scan and create a log. Post the Contents of the log here for review.

p.s.

Welcome to http://www.pcguide.com/ubb/pcgubb.gif forums....

Dresden
04-22-2007, 06:26 PM
This would be as in Dresden, Germany. Beautiful city, great name.

I can't believe I forgot to use HijackThis... *slap*

Anyway, thank you. Much obliged.

-Dres

Dresden
04-22-2007, 06:33 PM
And the results of Hijackthis v2.0 as requested:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:32:21 PM, on 4/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {1B92DB1F-378D-7476-F24E-6AE33997F9CF} - C:\WINDOWS\System32\cnk.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\System32\tuvuvsp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C0909ED-7847-4FA2-81DB-93B4749F6F7E} - C:\WINDOWS\System32\mljgg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BDE3ECF9-D267-4287-82FA-1AFCA46DB200} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qsdrqrzbtrc.dll
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O20 - Winlogon Notify: mljgg - C:\WINDOWS\System32\mljgg.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: tuvuvsp - C:\WINDOWS\SYSTEM32\tuvuvsp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\Documents and Settings\Kelly\ie_update.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7637 bytes

classicsoftware
04-22-2007, 07:35 PM
First disable Tea-Timer:

Turn off TeaTimer to remove those entries. Open Spybot S&D in advanced mode, click Tools > Resident, and remove the check from "Resident Tea-Timer". Reboot after unchecking the entry.


Next, please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4)
to your desktop.
Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click *OK*.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the *Scan for Vundo* button." when
VundoFix appears at reboot.

Please open a HJT scan and put checks by:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {1B92DB1F-378D-7476-F24E-6AE33997F9CF} - C:\WINDOWS\System32\cnk.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\System32\tuvuvsp.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9C0909ED-7847-4FA2-81DB-93B4749F6F7E} - C:\WINDOWS\System32\mljgg.dll
O2 - BHO: (no name) - {BDE3ECF9-D267-4287-82FA-1AFCA46DB200} - (no file)

O20 - Winlogon Notify: mljgg - C:\WINDOWS\System32\mljgg.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: tuvuvsp - C:\WINDOWS\SYSTEM32\tuvuvsp.dll

Close all open windows except HJT and press Fix checked... (you only need to be concerned about open windows, don't worry about programs running in background like your antivirus and firewall)...

Reboot and post a fresh HJT log along with the VundoFix log... Report back on how things are going...

Also, this entry:
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

Indicates you are using MSCONFIG to stop programs from loading. Please enable everything after the fixes, but before you post your next HJT log.

I'm trying to get to Germany next spring. I was there this past summer and had a great time. Never been to Dresden though....