Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HijackThis Log File

Started by TheGrooby , Feb 06 2007 01:38 PM

  • Please log in to reply

#1
TheGrooby
Posted 06 February 2007 - 01:38 PM

TheGrooby

    Member

  • Member
  • PipPip
  • 59 posts
Here is a log file from HijackThis. I'm wanting to clean the crap off my computer as well as fix a problem I've been having recently. That problem is I cannot boot into Safe Mode. When I get to the option menu during boot up I pick Safe Mode and it then reboots right back to the same boot menu and will continually loop like that until I choose boot normally and then it will load Windows fine.

Logfile of HijackThis v1.99.1
Scan saved at 2:34:39 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Chris\Desktop\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {2018FED1-4613-38BA-6925-1AE4CEBABE9D} - C:\WINDOWS\system32\yxaojh.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2018FED1-4613-38BA-6925-1AE4CEBABE9D} - C:\WINDOWS\system32\yxaojh.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\system32\FNTS~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Snasz] C:\Program Files\Common Files\??stem\s?chost.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1153989402421
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassi...sic/FlashAX.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - -e,te-110-12-0000245, (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  • 0

Advertisements

#2
TheGrooby
Posted 06 February 2007 - 02:58 PM

TheGrooby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
...
  • 0

#3
TheGrooby
Posted 06 February 2007 - 05:02 PM

TheGrooby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Can anyone help please?
  • 0

#4
TheGrooby
Posted 06 February 2007 - 09:29 PM

TheGrooby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Trying again.
  • 0

#5
sari
Posted 08 February 2007 - 12:09 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
TheGrooby,

Please don't bump your log. It makes it appear as if you've gotten responses and we're much more likely to skip over it. We're all volunteers and we help as quickly as we can, but we can't answer immediately.

1. Download ComboFix.exe using either of these links:

* bleepingcomputer.com

* techsupportforum.com

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please post the combofix log and a new hijackthis log in your reply.

sari
  • 0

#6
TheGrooby
Posted 08 February 2007 - 12:50 PM

TheGrooby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
"Chris" - 07-02-08 13:44:13 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\BattyRun.dll
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wtscc.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\Program Files\Common Files\{3C5E8~1
C:\Program Files\Batty
C:\Program Files\outlook
C:\Program Files\PSHope
C:\Program Files\winupdate
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Chris
C:\qoobox\purity\DOCUME~1\Chris\My Documents
C:\qoobox\purity\DOCUME~1\Chris\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\Chris\My Documents\MBOLS~1
C:\qoobox\purity\DOCUME~1\Chris\My Documents\MCROSO~1
C:\qoobox\purity\Program Files\Common Files\STEM~1
C:\qoobox\purity\WINDOWS\RACLE~1
C:\qoobox\purity\WINDOWS\STEM~1
C:\qoobox\purity\WINDOWS\SYSTEM32\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2007-01-08 to 2007-02-08 ))))))))))))))))))))))))))))))))))


2007-02-06 17:24 <DIR> d-------- C:\Program Files\BitTorrent
2007-02-06 16:58 <DIR> d-------- C:\Program Files\LITE DELETE SIGN
2007-02-06 16:58 <DIR> d-------- C:\Program Files\BitRoll
2007-02-06 16:58 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\LITE DELETE SIGN
2007-02-06 16:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\film option bib global
2007-02-06 14:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-06 01:47 2,432 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-02-06 01:47 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
2007-02-06 01:47 <DIR> d-------- C:\Program Files\Winamp
2007-02-05 18:45 51,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhlayer.sys
2007-02-05 18:45 30,592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhfile.sys
2007-02-05 18:45 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-02-05 18:45 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\PC Tools
2007-02-05 17:49 <DIR> d-------- C:\Program Files\Analog Devices
2007-02-01 00:19 <DIR> d-------- C:\Program Files\Vodei
2007-02-01 00:08 <DIR> d-------- C:\Program Files\BitGrabber
2007-01-29 18:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\FlashAX
2007-01-27 13:23 26,112 --a------ C:\WINDOWS\b2.exe
2007-01-16 21:26 <DIR> d-------- C:\Program Files\uTorrent
2007-01-16 21:26 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\uTorrent
2007-01-16 00:44 <DIR> d-------- C:\Program Files\BearShare Applications
2007-01-14 13:29 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\àdobe
2007-01-12 14:36 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\Uniblue
2007-01-12 14:05 845,312 --a------ C:\WINDOWS\SYSTEM32\Smab.dll
2007-01-12 14:05 719,872 --a------ C:\WINDOWS\SYSTEM32\devil.dll
2007-01-12 14:05 70,656 --a------ C:\WINDOWS\SYSTEM32\yv12vfw.dll
2007-01-12 14:05 70,656 --a------ C:\WINDOWS\SYSTEM32\i420vfw.dll
2007-01-12 14:05 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-01-12 14:05 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-01-12 14:05 306,688 --a------ C:\WINDOWS\SYSTEM32\avisynth.dll
2007-01-12 14:05 27,648 --a------ C:\WINDOWS\SYSTEM32\AVSredirect.dll
2007-01-12 14:05 240,128 --a------ C:\WINDOWS\SYSTEM32\x.264.exe
2007-01-12 14:05 217,073 --a------ C:\WINDOWS\meta4.exe
2007-01-12 14:05 <DIR> d--hs---- C:\WINDOWS\SYSTEM32\ShellDHCP
2007-01-12 14:04 <DIR> d-------- C:\Program Files\eRightSoft
2007-01-11 19:55 <DIR> d-------- C:\Program Files\UltraMon
2007-01-11 19:55 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2007-01-11 19:55 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\Realtime Soft
2007-01-11 19:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Realtime Soft
2007-01-11 18:23 <DIR> d--hs---- C:\WINDOWS\Q2hyaXM
2007-01-11 18:03 198,144 --a------ C:\WINDOWS\SYSTEM32\_psisdecd.dll
2007-01-11 17:49 92,485 --a------ C:\tdd.exe
2007-01-11 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NVIDIA
2007-01-11 15:57 208,896 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2007-01-11 15:56 <DIR> d-------- C:\DOCUME~1\Chris\Application Data\nView_Wallpaper
2007-01-11 02:40 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 02:37 <DIR> d-------- C:\Program Files\Common Files\DeskShare Shared


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-08 13:44 -------- d-------- C:\Program Files\mozilla firefox
2007-02-08 04:38 384 --a------ C:\WINDOWS\SYSTEM32\dvcstatebkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2007-02-08 04:38 384 --a------ C:\WINDOWS\SYSTEM32\dvcstate-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2007-02-07 14:53 -------- d-------- C:\DOCUME~1\Chris\Application Data\registry booster
2007-02-06 17:31 -------- d-------- C:\DOCUME~1\Chris\Application Data\bittorrent
2007-02-05 18:33 -------- d-------- C:\DOCUME~1\Chris\Application Data\adobe
2007-02-05 18:16 -------- d-------- C:\Program Files\canon
2007-02-05 18:15 -------- d-------- C:\Program Files\azureus
2007-01-17 16:11 -------- d-------- C:\DOCUME~1\Chris\Application Data\adobeum
2007-01-12 14:36 -------- d-------- C:\Program Files\uniblue
2007-01-11 18:18 -------- d--h----- C:\Program Files\installshield installation information
2007-01-11 18:18 -------- d-------- C:\Program Files\cyberlink
2006-12-29 20:12 -------- d-------- C:\Program Files\motorola phone tools
2006-12-29 20:06 -------- d-------- C:\Program Files\liveupdate
2006-12-29 20:06 -------- d-------- C:\DOCUME~1\Chris\Application Data\installshield
2006-12-28 14:26 -------- d-------- C:\DOCUME~1\Chris\Application Data\arcsoft
2006-12-26 22:24 -------- d-------- C:\DOCUME~1\Chris\Application Data\canon
2006-12-25 17:53 -------- d-------- C:\Program Files\arcsoft
2006-12-25 17:51 -------- d--h----- C:\Program Files\canonbj
2006-12-23 14:14 -------- d-------- C:\Program Files\ultima online 2d
2006-12-13 19:45 -------- d-------- C:\Program Files\acoustica mp3 to wave converter plus
2006-12-13 19:42 -------- d-------- C:\Program Files\mp3 wav converter
2006-12-09 14:43 -------- d-------- C:\DOCUME~1\Chris\Application Data\azureus
2006-12-08 12:01 -------- d-------- C:\Program Files\xvid
2006-12-08 11:59 -------- d-------- C:\Program Files\gspot
2006-11-17 19:21 208896 --a------ C:\WINDOWS\SYSTEM32\nvudisp.exe
2006-11-17 17:29 888832 --a------ C:\WINDOWS\SYSTEM32\nvmobls.dll
2006-11-17 17:29 86016 --a------ C:\WINDOWS\SYSTEM32\nvmctray.dll
2006-11-17 17:29 81920 --a------ C:\WINDOWS\SYSTEM32\nvwddi.dll
2006-11-17 17:29 794624 --a------ C:\WINDOWS\SYSTEM32\nvcplui.exe
2006-11-17 17:29 7700480 --a------ C:\WINDOWS\SYSTEM32\nvcpl.dll
2006-11-17 17:29 581632 --a------ C:\WINDOWS\SYSTEM32\nvhwvid.dll
2006-11-17 17:29 5644288 --a------ C:\WINDOWS\SYSTEM32\nvoglnt.dll
2006-11-17 17:29 5619712 --a------ C:\WINDOWS\SYSTEM32\nvdisps.dll
2006-11-17 17:29 466944 --a------ C:\WINDOWS\SYSTEM32\nvshell.dll
2006-11-17 17:29 4541824 --a------ C:\WINDOWS\SYSTEM32\nv4_disp.dll
2006-11-17 17:29 45056 --a------ C:\WINDOWS\SYSTEM32\nvmccsrs.dll
2006-11-17 17:29 442368 --a------ C:\WINDOWS\SYSTEM32\nvappbar.exe
2006-11-17 17:29 425984 --a------ C:\WINDOWS\SYSTEM32\keystone.exe
2006-11-17 17:29 35840 --a------ C:\WINDOWS\SYSTEM32\nvcodins.dll
2006-11-17 17:29 35840 --a------ C:\WINDOWS\SYSTEM32\nvcod.dll
2006-11-17 17:29 311296 --a------ C:\WINDOWS\SYSTEM32\nvexpbar.dll
2006-11-17 17:29 3047424 --a------ C:\WINDOWS\SYSTEM32\nvgames.dll
2006-11-17 17:29 2924544 --a------ C:\WINDOWS\SYSTEM32\nvvitvs.dll
2006-11-17 17:29 286720 --a------ C:\WINDOWS\SYSTEM32\nvnt4cpl.dll
2006-11-17 17:29 229376 --a------ C:\WINDOWS\SYSTEM32\nvmccs.dll
2006-11-17 17:29 212992 --a------ C:\WINDOWS\SYSTEM32\nvapi.dll
2006-11-17 17:29 188416 --a------ C:\WINDOWS\SYSTEM32\nvmccss.dll
2006-11-17 17:29 1662976 --a------ C:\WINDOWS\SYSTEM32\nvwdmcpl.dll
2006-11-17 17:29 1622016 --a------ C:\WINDOWS\SYSTEM32\nwiz.exe
2006-11-17 17:29 159811 --a------ C:\WINDOWS\SYSTEM32\nvsvc32.exe
2006-11-17 17:29 147456 --a------ C:\WINDOWS\SYSTEM32\nvcolor.exe
2006-11-17 17:29 1470464 --a------ C:\WINDOWS\SYSTEM32\nview.dll
2006-11-17 17:29 1339392 --a------ C:\WINDOWS\SYSTEM32\nvdspsch.exe
2006-11-17 17:29 1236992 --a------ C:\WINDOWS\SYSTEM32\nvwss.dll
2006-11-17 17:29 1019904 --a------ C:\WINDOWS\SYSTEM32\nvwimg.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"CTHelper"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"MaxtorOneTouch"="C:\\PROGRA~1\\Maxtor\\OneTouch\\Utils\\OneTouch.exe"
"MXOBG"="C:\\WINDOWS\\MXOALDR.EXE"
"nwiz"="nwiz.exe /install"
"RemoteControl"="C:\\WINDOWS\\system32\\rmctrl.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"CanonMyPrinter"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"UltraMon"="\"C:\\Program Files\\UltraMon\\UltraMon.exe\" /auto"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=hex:01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AFFDACD891CE231C.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\win.tmp 568 bytes
C:\WINDOWS\WindowsShell.Manifest 4096 bytes
C:\WINDOWS\WindowsUpdate.log 81920 bytes
C:\WINDOWS\WINHELP.EXE 258048 bytes
C:\WINDOWS\WINHLP32.EXE 286720 bytes
C:\WINDOWS\wininit.ini 48 bytes
C:\WINDOWS\WINNT.BMP 49152 bytes
C:\WINDOWS\WINNT256.BMP 49152 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WinSxS\InstallTemp
C:\WINDOWS\WinSxS\Manifests
C:\WINDOWS\WinSxS\Policies
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
C:\WINDOWS\wmsetup.log 408 bytes
C:\WINDOWS\WMSysPr8.prx 159744 bytes
C:\WINDOWS\WMSysPr9.prx 319488 bytes
C:\WINDOWS\x2.64.exe 503808 bytes
C:\WINDOWS\Zapotec.bmp 12288 bytes
C:\WINDOWS\_DEFAULT.PIF 4096 bytes
C:\WINDOWS\_MSRSTRT.EXE 4096 bytes
C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF 4935680 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 37

********************************************************************

Completion time: 07-02-08 13:47:09






Logfile of HijackThis v1.99.1
Scan saved at 1:50:14 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
R3 - URLSearchHook: (no name) - {2018FED1-4613-38BA-6925-1AE4CEBABE9D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2018FED1-4613-38BA-6925-1AE4CEBABE9D} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1153989402421
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassi...sic/FlashAX.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  • 0

#7
sari
Posted 10 February 2007 - 05:51 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
TheGrooby,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

In your next post, I need to see the report.txt from the sdfix, the nolop.log, and a new hijackthis log.

Thanks,

sari
  • 0

#8
TheGrooby
Posted 11 February 2007 - 02:54 AM

TheGrooby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I have a slight issue with Safe Mode... I cannot boot into Safe Mode. For reference visit my other thread on this problem: http://www.geekstogo...de-t148013.html

I did not attempt to run SDFix in normal mode. I did run NoLop and also have a new HJT log file.

NoLop Log:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Chris\Desktop
[2/11/2007]
[3:45:41 AM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\AFFDACD891CE231C.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Creative
C:\Documents and Settings\Administrator\Application Data\Gtek
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
C:\Documents and Settings\Administrator\Application Data\Lavasoft
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\Sonic
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avanquest Software
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\Canonbj
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Dell Photo Printer 720
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Element5
C:\Documents and Settings\All Users\Application Data\Film Option Bib Global
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nalsoft
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Nvidia Corporation
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Realtime Soft
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Scansoft
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Chris\Application Data\.abc
C:\Documents and Settings\Chris\Application Data\Adobe
C:\Documents and Settings\Chris\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Chris\Application Data\Ahead
C:\Documents and Settings\Chris\Application Data\Aim
C:\Documents and Settings\Chris\Application Data\Apple Computer
C:\Documents and Settings\Chris\Application Data\Arcsoft
C:\Documents and Settings\Chris\Application Data\Azureus
C:\Documents and Settings\Chris\Application Data\Bittorrent
C:\Documents and Settings\Chris\Application Data\Bpftp
C:\Documents and Settings\Chris\Application Data\Canon
C:\Documents and Settings\Chris\Application Data\Corel
C:\Documents and Settings\Chris\Application Data\Creative
C:\Documents and Settings\Chris\Application Data\Cyberlink
C:\Documents and Settings\Chris\Application Data\Dvdcss
C:\Documents and Settings\Chris\Application Data\Gtek
C:\Documents and Settings\Chris\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Chris\Application Data\Identities
C:\Documents and Settings\Chris\Application Data\Installshield
C:\Documents and Settings\Chris\Application Data\Jasc Software Inc
C:\Documents and Settings\Chris\Application Data\Lavasoft
C:\Documents and Settings\Chris\Application Data\Leadertech
C:\Documents and Settings\Chris\Application Data\Lite Delete Sign
C:\Documents and Settings\Chris\Application Data\Macromedia
C:\Documents and Settings\Chris\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\Chris\Application Data\Microgaming
C:\Documents and Settings\Chris\Application Data\Microsoft
C:\Documents and Settings\Chris\Application Data\Mozilla
C:\Documents and Settings\Chris\Application Data\Netmedia Providers -- EMPTY Directory
C:\Documents and Settings\Chris\Application Data\Newsleecher
C:\Documents and Settings\Chris\Application Data\Nview_wallpaper
C:\Documents and Settings\Chris\Application Data\Pc Tools
C:\Documents and Settings\Chris\Application Data\Polyview -- EMPTY Directory
C:\Documents and Settings\Chris\Application Data\Publish Providers -- EMPTY Directory
C:\Documents and Settings\Chris\Application Data\Real
C:\Documents and Settings\Chris\Application Data\Realtime Soft
C:\Documents and Settings\Chris\Application Data\Registry Booster
C:\Documents and Settings\Chris\Application Data\Seven Zip
C:\Documents and Settings\Chris\Application Data\Sonic
C:\Documents and Settings\Chris\Application Data\Sonic Foundry
C:\Documents and Settings\Chris\Application Data\Sony
C:\Documents and Settings\Chris\Application Data\Stormfront
C:\Documents and Settings\Chris\Application Data\Sun
C:\Documents and Settings\Chris\Application Data\Talkback
C:\Documents and Settings\Chris\Application Data\Thunderbird
C:\Documents and Settings\Chris\Application Data\Uniblue -- EMPTY Directory
C:\Documents and Settings\Chris\Application Data\Utorrent
C:\Documents and Settings\Chris\Application Data\Walgreens
C:\Documents and Settings\Chris\Application Data\?dobe
C:\Documents and Settings\Default User\Application Data\Creative
C:\Documents and Settings\Default User\Application Data\Gtek
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft





HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 3:52:58 AM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
R3 - URLSearchHook: (no name) - {2018FED1-4613-38BA-6925-1AE4CEBABE9D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2018FED1-4613-38BA-6925-1AE4CEBABE9D} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1153989402421
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassi...sic/FlashAX.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  • 0

#9
sari
Posted 11 February 2007 - 01:10 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
TheGrooby,

There is a fix for the safemode boot loop that you describe. It requires the XP cd, which you don't have. However, what we can do is have you download the recovery console iso image - I can give you a link to that. You'll then need to burn this to a cd as an image, and then boot from that. Let me know if you know how to do this before we continue, so I can make sure I give you complete instructions.

sari

Edited by sari, 11 February 2007 - 01:25 PM.

  • 0

#10
TheGrooby
Posted 11 February 2007 - 06:32 PM

TheGrooby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

TheGrooby,

There is a fix for the safemode boot loop that you describe. It requires the XP cd, which you don't have. However, what we can do is have you download the recovery console iso image - I can give you a link to that. You'll then need to burn this to a cd as an image, and then boot from that. Let me know if you know how to do this before we continue, so I can make sure I give you complete instructions.

sari


Yes, I know how to burn an image. All I need is to be pointed to the ISO to download and I'll use that CD to repair the problem.
  • 0

Advertisements

#11
sari
Posted 11 February 2007 - 07:28 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
TheGrooby,

http://www.atribune....ownloads/rc.iso. Copy this image first.

1. Configure the computer to start from the CD-ROM or DVD-ROM drive. For information about how to do this, see your computer documentation, or contact your computer manufacturer.
2. Insert the Windows XP CD-ROM into your CD-ROM or DVD-ROM drive, and then restart your computer.
3. When you receive the "Press any key to boot from CD" message, press a key to start your computer from the Windows XP CD-ROM.
4. When you receive the "Welcome to Setup" message, press R to start the Recovery Console.
5. If you have a dual-boot or multiple-boot computer, select the installation that you have to use from the Recovery Console.
6. When you are prompted, type the administrator password, and then press ENTER (if none was set, leave it blank and press ENTER).
7. At the command prompt, type bootcfg /list, and then press ENTER. The entries in your current Boot.ini file appear on the screen.
8. At the command prompt, type bootcfg /rebuild, and then press ENTER. This command scans the hard disks of the computer for Windows XP, Microsoft Windows 2000, or Microsoft Windows NT installations, and then displays the results. Follow the instructions that appear on the screen to add the Windows installations to the Boot.ini file. For example, follow these steps to add a Windows XP installation to the Boot.ini file:

a. When you receive a message that is similar to the following message:
Total Identified Windows Installs: 1
[1] C:\Windows
Add installation to boot list? (Yes/No/All)
Press Y hit ENTER.

b. When, you receive a message that is similar to the following message:
Enter Load Identifier
This is the name of the operating system. Type the name of your operating system, and then press ENTER. The name is either Microsoft Windows XP Professional or Microsoft Windows XP Home Edition.

c. When you receive a message that is similar to the following:
Enter OS Load options
Type /fastdetect, and then press ENTER.

Take the CD out of the drive.

Type exit then press ENTER.

Note The instructions that appear on your screen may be different, depending on the configuration of your computer.

If this works, then run the sdfix for me and post the log from that and a new hijackthis log.

sari
  • 0

#12
TheGrooby
Posted 11 February 2007 - 09:08 PM

TheGrooby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
...

Edited by TheGrooby, 11 February 2007 - 09:12 PM.

  • 0

#13
TheGrooby
Posted 11 February 2007 - 10:35 PM

TheGrooby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I downloaded the file and burnt the ISO to a CD. I restarted the computer and booted from the CD. The setup program began loading drivers and then loaded the welcome screen. At that point I pressed R and received the message "No hard drive disks were found in your computer, please check that all drives are powered on and connected properly. Setup cannot continue. Press F3 to restart." I'm stuck again. :whistling:
  • 0

#14
sari
Posted 13 February 2007 - 03:36 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
TheGrooby,

Is it only with recovery console you have this issue? Are you posting from that computer, or a different one?

sari
  • 0

#15
TheGrooby
Posted 13 February 2007 - 04:00 PM

TheGrooby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts

TheGrooby,

Is it only with recovery console you have this issue? Are you posting from that computer, or a different one?

sari


I am posting from the same computer that I am having this issue with. I'm only having that problem with the recovery console or when I attempt to reinstall Windows (I wasn't going to reinstall, I just wanted to see if it would work). Otherwise my computer has no issues with the HD. I can read/write files and access anything on the HD with no problems once normal Windows is booted.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP