Windows explore accessing the Web

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.

 

Before we continue please delete the below as it was not in the correct location as specified anyway:

• C:\Documents and Settings\Administrator\Desktop\MGtools.exe

1. Please go to Add/Remove programs and uninstall the following outdated versions of Java:

• Java(TM) 6 Update 4
• Java(TM) 6 Update 5
• Java(TM) 6 Update 7

2. What is this small file for?

• C:\Documents and Settings\Administrator\Application Data\evf2

3. What do you know about these files?

• C:\Documents and Settings\All Users\Application Data\gvpgdylr.gft
• C:\WINDOWS\Hvexahat.dat

If you do not know then just delete them.

4. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• O2 - BHO: (no name) - {05F29964-F3D2-463F-929D-D296B8748CFa} - C:\WINDOWS\system32\bitsprx432.dll
• O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
• O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
• O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
• O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe

After clicking Fix exit HJT.


5. Now download The Avenger by Swandog469, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

6. Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).

• C:\Documents and Settings\Administrator\Local Settings\Temp
• C:\WINDOWS\TEMP

7. Now I would like for you to download and run Combofix as per these instructions:

A guide and tutorial on using ComboFix

8. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

9. Let me know how things are running now.

 

So what exactly happens when you try to boot normally? Can you get in via safe mode? I will have to consult with my colleagues regarding this.

 

Do you have your XP CD handy?

Can you get into BIOS to see if the hard drive is being detected?

In any case, I think you would be better off working out this problem in the hardware or software forum, and then return here to continue on with what we were doing. I am sorry I cannot assist you personally any further until you have this problem solved.

 

I personally don't think combofix would have caused that to happen. Yes, so post in software, and come back once you are up and running again