Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

During XP loading, PC keeps restarting [RESOLVED]

Started by hadugen , Jul 04 2008 11:23 PM

  • This topic is locked This topic is locked

#1
hadugen
Posted 04 July 2008 - 11:23 PM

hadugen

    Member

  • Member
  • PipPip
  • 22 posts
Hi there.

Basically there are 2 problems here. It's getting annoying especially when I need to get my work done.
My PC keeps restarting during XP loading. This goes on for several times before getting into the login interface.
Sometimes I see it restarting for 10 times.

Secondly, whenever I browse either using IE or Firefox, it hangs and I have to restart it and the first problem comes into place again.
I've identified certain websites that will cause my pc to hang. Those are Mocca, Singnet, Livejournal. Is there anything wrong with my browsers?
I've just upgraded Firefox to the latest version though.

Here is the DSS log in case you need it.

Deckard's System Scanner v20071014.68
Run by AdiBzZz on 2008-07-05 13:09:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as AdiBzZz.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:44 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Comodo\Firewall\CPF.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\AdiBzZz\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\AdiBzZz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singnet.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ntu.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136171186776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136171170092
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/Med...geUploader4.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://selftest.supp...rg/ESTPTest.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5596 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-06-30 00:11:28 0 dr-h----- C:\Documents and Settings\AdiBzZz\Recent
2008-06-29 00:19:48 0 d-------- C:\Documents and Settings\Guest.R1\Application Data\Adobe
2008-06-15 12:38:57 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee


-- Find3M Report ---------------------------------------------------------------

2008-07-05 12:51:42 202 --a------ C:\WINDOWS\system32\PSLOG
2008-07-05 04:45:29 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-06-26 21:57:44 2656 --a------ C:\WINDOWS\desctemp.dat
2008-06-25 23:46:03 0 d-------- C:\Documents and Settings\AdiBzZz\Application Data\Mozilla
2008-06-18 22:31:57 0 d-------- C:\Documents and Settings\AdiBzZz\Application Data\Image Zone Express
2008-06-18 22:19:34 0 d-------- C:\Program Files\Panda Security
2008-06-18 21:55:47 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-06-18 21:55:00 0 d-------- C:\Program Files\Common Files
2008-06-15 12:17:07 0 d-------- C:\Documents and Settings\AdiBzZz\Application Data\U3
2008-06-05 15:07:53 0 d-------- C:\Program Files\Common Files\Motive
2008-05-29 22:36:28 112949 --a------ C:\WINDOWS\hpoins07.dat
2008-05-29 22:31:12 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-29 22:30:57 0 d-------- C:\Program Files\HP
2008-05-29 21:40:29 0 d-------- C:\Program Files\Common Files\HP
2008-05-29 12:13:09 71241 --a------ C:\WINDOWS\hpqins04.dat
2008-05-29 12:09:03 70789 --a------ C:\WINDOWS\hpqins05.dat
2008-05-29 12:07:15 70721 --a------ C:\WINDOWS\hpqins01.dat
2008-05-22 23:34:06 0 d-------- C:\Documents and Settings\AdiBzZz\Application Data\Adobe
2008-05-22 23:34:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-22 23:01:52 0 d-------- C:\Program Files\AVG
2008-05-15 23:27:39 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-15 21:20:36 0 d-------- C:\Program Files\EPSON


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [04/20/2008 11:24 PM]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 11:17 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1bfe90-49d6-11dd-baad-0050bfa5f5a0}]
AutoRun\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe
open\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603669a0-4906-11dd-baab-0050bfa5f5a0}]
AutoRun\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe
open\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7211ba70-38d5-11db-9866-0050bfa5f5a0}]
AutoRun\command- I:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-05 13:12:20 ------------

Edited by hadugen, 04 July 2008 - 11:31 PM.

  • 0

Advertisements

#2
Essexboy
Posted 05 July 2008 - 11:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you have been using an infected USB drive. Lets see if we can clean it up

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1bfe90-49d6-11dd-baad-0050bfa5f5a0}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603669a0-4906-11dd-baab-0050bfa5f5a0}
C:\xop32.exe /s
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

THEN

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

FINALLY FOR NOW

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Logs required : OTMoveit and Combofix
  • 0

#3
hadugen
Posted 05 July 2008 - 09:34 PM

hadugen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1bfe90-49d6-11dd-baad-0050bfa5f5a0} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1bfe90-49d6-11dd-baad-0050bfa5f5a0}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603669a0-4906-11dd-baab-0050bfa5f5a0} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603669a0-4906-11dd-baab-0050bfa5f5a0}\\ deleted successfully.
< C:\xop32.exe /s >
File/Folder C:\xop32.exe not found.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_103722





ComboFix 08-07-05.1 - AdiBzZz 2008-07-06 11:06:37.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.429 [GMT 8:00]
Running from: C:\Documents and Settings\AdiBzZz\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-06 10:37 . 2008-07-06 10:37 <DIR> d----c--- C:\_OTMoveIt
2008-07-03 22:17 . 2008-07-03 22:17 <DIR> d----c--- C:\Deckard
2008-07-02 23:16 . 2008-07-02 23:16 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-15 12:38 . 2008-06-15 12:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-06-11 14:20 . 2008-04-14 19:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 15:17 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-02 15:16 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-29 13:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-18 14:31 --------- d-----w C:\Documents and Settings\AdiBzZz\Application Data\Image Zone Express
2008-06-18 14:19 --------- d-----w C:\Program Files\Panda Security
2008-06-18 13:55 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-15 04:17 --------- d-----w C:\Documents and Settings\AdiBzZz\Application Data\U3
2008-06-05 07:07 --------- d-----w C:\Program Files\Common Files\Motive
2008-05-29 14:31 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-29 14:30 --------- d-----w C:\Program Files\HP
2008-05-29 13:40 --------- d-----w C:\Program Files\Common Files\HP
2008-05-22 15:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 15:01 --------- d-----w C:\Program Files\AVG
2008-05-22 15:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-22 14:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-05-15 15:27 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-15 13:20 --------- d-----w C:\Program Files\EPSON
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2004-10-01 07:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2005-12-14 07:53 3,072 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2004-08-16 03:55 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-04-20 23:24 1115728]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 23:17 1232152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\program files\\Real Player\\realplay.exe"=
"D:\\program files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\program files\\AVG\\AVG8\\avgupd.exe"=
"D:\\program files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"69:UDP"= 69:UDP:Print Server Utility TFTP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-02 23:16]
R2 avg8emc;AVG8 E-mail Scanner;D:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-02 23:17]
R2 avg8wd;AVG8 WatchDog;D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 23:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-02 23:17]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59]
R3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 21:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7211ba70-38d5-11db-9866-0050bfa5f5a0}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 11:11:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
Completion time: 2008-07-06 11:15:03
ComboFix-quarantined-files.txt 2008-07-06 03:14:44
ComboFix2.txt 2008-04-19 03:30:07

Pre-Run: 33,810,079,744 bytes free
Post-Run: 33,821,745,152 bytes free

108 --- E O F --- 2008-06-11 15:27:08
  • 0

#4
Essexboy
Posted 06 July 2008 - 04:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems are you experiencing now ?
  • 0

#5
hadugen
Posted 06 July 2008 - 06:35 AM

hadugen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Same problem. It keeps restarting...and pc still hangs.
  • 0

#6
Essexboy
Posted 06 July 2008 - 06:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a tidy up first and see where we can go from there

Please download ATF Cleaner by Atribune.
This program is for XP, Vista and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

THEN

Download and run Auslogic Disk defragmenter

On completion please post a new DSS log

By going Start>Run and then copying in the following
"%userprofile%\desktop\dss.exe" /config
  • 0

#7
hadugen
Posted 08 July 2008 - 08:46 AM

hadugen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Deckard's System Scanner v20071014.68
Run by AdiBzZz on 2008-07-08 22:35:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as AdiBzZz.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:45 PM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AdiBzZz\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\AdiBzZz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singnet.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ntu.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136171186776
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136171170092
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/Med...geUploader4.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://selftest.supp...rg/ESTPTest.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5841 bytes

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-07 19:34:19 0 d-------- C:\Documents and Settings\AdiBzZz\Application Data\Auslogics
2008-07-07 19:34:11 0 d-------- C:\Program Files\Auslogics
2008-07-06 11:01:41 68096 --a------ C:\WINDOWS\zip.exe
2008-07-06 11:01:41 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-06 11:01:41 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-06 11:01:41 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-06 11:01:41 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-06 11:01:41 98816 --a------ C:\WINDOWS\sed.exe
2008-07-06 11:01:41 80412 --a------ C:\WINDOWS\grep.exe
2008-07-06 11:01:41 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-30 00:11:28 0 dr-h----- C:\Documents and Settings\AdiBzZz\Recent
2008-06-29 00:19:48 0 d-------- C:\Documents and Settings\Guest.R1\Application Data\Adobe
2008-06-15 12:38:57 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee


-- Find3M Report ---------------------------------------------------------------

2008-07-08 21:51:45 202 --a------ C:\WINDOWS\system32\PSLOG
2008-07-06 22:28:12 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-06-26 21:57:44 2656 --a------ C:\WINDOWS\desctemp.dat
2008-06-25 23:46:03 0 d-------- C:\Documents and Settings\AdiBzZz\Application Data\Mozilla
2008-06-18 22:31:57 0 d-------- C:\Documents and Settings\AdiBzZz\Application Data\Image Zone Express
2008-06-18 22:19:34 0 d-------- C:\Program Files\Panda Security
2008-06-18 21:55:47 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-06-18 21:55:00 0 d-------- C:\Program Files\Common Files
2008-06-15 12:17:07 0 d-------- C:\Documents and Settings\AdiBzZz\Application Data\U3
2008-06-05 15:07:53 0 d-------- C:\Program Files\Common Files\Motive
2008-05-29 22:36:28 112949 --a------ C:\WINDOWS\hpoins07.dat
2008-05-29 22:31:12 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-29 22:30:57 0 d-------- C:\Program Files\HP
2008-05-29 21:40:29 0 d-------- C:\Program Files\Common Files\HP
2008-05-29 12:13:09 71241 --a------ C:\WINDOWS\hpqins04.dat
2008-05-29 12:09:03 70789 --a------ C:\WINDOWS\hpqins05.dat
2008-05-29 12:07:15 70721 --a------ C:\WINDOWS\hpqins01.dat
2008-05-22 23:34:06 0 d-------- C:\Documents and Settings\AdiBzZz\Application Data\Adobe
2008-05-22 23:34:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-22 23:01:52 0 d-------- C:\Program Files\AVG
2008-05-15 23:27:39 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-15 21:20:36 0 d-------- C:\Program Files\EPSON


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [04/20/2008 11:24 PM]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 11:17 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1bfe90-49d6-11dd-baad-0050bfa5f5a0}]
AutoRun\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe
open\command- I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7211ba70-38d5-11db-9866-0050bfa5f5a0}]
AutoRun\command- I:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-08 22:37:29 ------------
  • 0

#8
Essexboy
Posted 08 July 2008 - 11:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have the extra text, it will be in C:\deckard\scanner as that is where the information I need will reside
  • 0

#9
hadugen
Posted 09 July 2008 - 07:06 AM

hadugen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Celeron processor
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 767.55 MiB / 464.25 MiB
Pagefile Memory (total/avail): 1492.42 MiB / 1204.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1956.64 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 40 GiB total, 31.49 GiB free.
D: is Fixed (NTFS) - 71.79 GiB total, 58.26 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 4.89 GiB total, 1.93 GiB free.
H: is Fixed (NTFS) - 7.7 GiB total, 6.25 GiB free.

\\.\PHYSICALDRIVE1 - ST313620A - 12.59 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 4.89 GiB - G:
\PARTITION1 - Extended w/Extended Int 13 - 7.7 GiB - H:

\\.\PHYSICALDRIVE0 - WDC WD1200BB-22FTA0 - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 40 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 71.79 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\\program files\\Real Player\\realplay.exe"="D:\\program files\\Real Player\\realplay.exe:*:Enabled:RealPlayer"
"D:\\program files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="D:\\program files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\program files\\AVG\\AVG8\\avgupd.exe"="D:\\program files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"D:\\program files\\AVG\\AVG8\\avgemc.exe"="D:\\program files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\AdiBzZz\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=R1
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\AdiBzZz
LOGONSERVER=\\R1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AdiBzZz\LOCALS~1\Temp
TMP=C:\DOCUME~1\AdiBzZz\LOCALS~1\Temp
USERDOMAIN=R1
USERNAME=AdiBzZz
USERPROFILE=C:\Documents and Settings\AdiBzZz
windir=C:\WINDOWS




-- Add/Remove Programs ---------------------------------------------------------

--> "C:\WINDOWS\UnSb0009.exe" "D:\program files\ZeroSpy\UNINST0.SBU"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVG Free 8.0 --> D:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Easy DVD Player 2.0 --> "D:\Program Files\Easy DVD Player\unins000.exe"
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:D:\Program Files\FLV Player\Uninstall\uninstall.xml"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0.6) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.6 (en)"
PrintServer Utilities --> C:\Program Files\InstallShield Installation Information\{38697498-F4AA-4A8A-81F6-C09446AD020D}\setup.exe -runfromtemp -l0x0009 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy 1.4 --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8039 / Error
Event Submitted/Written: 07/08/2008 10:36:24 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type8036 / Error
Event Submitted/Written: 07/07/2008 10:51:33 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type8028 / Warning
Event Submitted/Written: 07/07/2008 07:39:14 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type8016 / Success
Event Submitted/Written: 07/06/2008 06:09:46 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8010 / Warning
Event Submitted/Written: 07/06/2008 00:07:26 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- System Event Log ------------------------------------------------------------

Event Record #/Type25 / Warning
Event Submitted/Written: 07/06/2008 10:42:49 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk4\D during a paging operation.

Event Record #/Type24 / Warning
Event Submitted/Written: 07/06/2008 10:42:38 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk4\D during a paging operation.

Event Record #/Type23 / Warning
Event Submitted/Written: 07/06/2008 10:42:18 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk4\D during a paging operation.

Event Record #/Type22 / Warning
Event Submitted/Written: 07/06/2008 10:41:43 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk4\D during a paging operation.

Event Record #/Type21 / Error
Event Submitted/Written: 07/06/2008 10:41:34 AM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk4\D.



-- End of Deckard's System Scanner: finished at 2008-07-09 19:46:11 ------------
  • 0

#10
Essexboy
Posted 09 July 2008 - 01:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

An error was detected on device \Device\Harddisk4\D during a paging operation.

This is what is causing your problems
Can you run a chkdsk on drive D and ensure that the drivers are loaded correctly for that drive

CHKDSK

CHECK DMA
  • 0

Advertisements

#11
hadugen
Posted 10 July 2008 - 07:47 AM

hadugen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
How do I get rid of all those errors?
  • 0

#12
Essexboy
Posted 10 July 2008 - 01:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you click the links in my previous post they will take you to detailed instructions on how to fix them. If you are still having problesm or if that resolves it please let me know
  • 0

#13
hadugen
Posted 11 July 2008 - 07:21 AM

hadugen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
yup..i followed the instructions...apparently it's still having the same problems.
  • 0

#14
Essexboy
Posted 11 July 2008 - 09:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you update on what problems you are experiencing now
  • 0

#15
hadugen
Posted 11 July 2008 - 09:35 AM

hadugen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
pc keeps restarting...pc hangs when i surf either by firefox or IE.
sometimes i just leave the pc idle for sometime....it went off to restart itself.

Edited by hadugen, 11 July 2008 - 09:36 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP