Ahh well... My computer recently got a pretty bad infection, i've battled it a bit so far. I'll let you guys know what I have done so you know where i'm at. Also I would REALLY prefer not to do a format and windows reinstall.

What i've done thus far...

Ran the repair option with the windows XP disk. This finally let me get into safe mode. After tinkering and battling with the thing for hours last night I finally got it to read my network card and finally got it connected using safe mode with networking support.

Ran AVG, Malwarebytes, HJT, Spybot, Adaware.. This has accomplished nothing, when I load into windows normally it freezes after a few seconds.

Disabled all startup items just for SnG's to no avail.

I have done the prework in safemode with network support.

Malwarebytes:

Malwarebytes' Anti-Malware 1.40
Database version: 2656
Windows 5.1.2600 Service Pack 2 (Safe Mode)

8/19/2009 11:45:58 AM
mbam-log-2009-08-19 (11-45-58).txt

Scan type: Quick Scan
Objects scanned: 86589
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:26 AM, on 8/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingle Instance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

--
End of file - 3220 bytes


Any help from you lovely people would be awesome! And thanks!

Well you don't have XP SP3 and that is not a full HJT log, please provide a full log and obtain SP3.

That's the full log in Safe Mode unfortunately. I will not be updating to SP3 until this issue is resolved. The last time I was advised to update to SP3 on my friends infected laptop I was working on, all it did was prevent me from booting into Windows period....

WGA Diagnostic Tool


Please follow this WGA troubleshooting procedure:

• Download and install the WGA Diagnostic Tool: WGA Diagnostic Tool
• This is a direct download
• Click Run and Run again
• Click Continue
• Please be patient it takes a few seconds to run.
• Click Copy
• Next open Notepad, in the empty pane right click and select Paste

Please post (reply) with the results.

Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {968391F3-FBEE-4E7B-BE33-2E12267BFC3E}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Opera\opera.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.2180]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{968391F3-FBEE-4E7B-BE33-2E12267BFC3E}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HHHFT</PKey><PID>76477-OEM-2162012-47914</PID><PIDType>3</PIDType><SID>S-1-5-21-329068152-220523388-839522115</SID><SYSTEM><Manufacturer>System Manufacturer </Manufacturer><Model>Product Name </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="3"/><Date>20030424000000.000000+000</Date></BIOS><HWID>408A339F0184A05F</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1D490:First International Computer, Inc
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

Hello again Parma,

The WGA log is missing a few most critical lines at the top. I was hoping to give the benefit of the doubt and assume it was because you've run it in Safe Mode. But I just performed a test on my PC here at the office in Safe Mode with Networking and received a complete WGA report.

The lines specifically that are missing are those that state that your Operating System is Genuine. Without the WGA intact, it appears that the Operating System on the computer you are troubleshooting is not valid.

As per PCHF Rules, we are unable to offer support to systems running unauthorized software. A purchase and installation of a retail edition of the OS or a return to Original installed OS through use of a Factory Restore/Recovery partition are options that would allow us to proceed with your support.

I am well aware of that issue, its how I purchased the PC on craigslist. Another SOL case huh? Guess i'm gonna try to pull another one out of my ****.