[Essexboy]

Do you have access to your windows XP disc so that I can verify your file structure

[Advertisements]

no. i dont, also i restarted the pc just now because i guess windows needed to make some updates, and when it booted up, it stayed on for 1 min then re-booted on its own.

[8cimi]

no. i dont, also i restarted the pc just now because i guess windows needed to make some updates, and when it booted up, it stayed on for 1 min then re-booted on its own.

[Essexboy]

Did it then stay on ?

[8cimi]

yes
sry im here right now so il lcheck the thread ever1-5 in now. yes its staying on now.

[Essexboy]

Did you download SP2 from the net ?

[8cimi]

sp2? (once again im sry for the delay in a reply, im reading and its very interesting 'Finger prints of the Gods' by Graham Hancock (not a novel)

[Essexboy]

OK lets try this then and see what happens

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.


If it asks for your disc then browse to C:\WINDOWS\ServicePackFiles

im reading and its very interesting 'Finger prints of the Gods' by Graham Hancock (not a novel)

Aye I've read that one as well

[8cimi]

ok so it did start running but when it asked me (like you said) about my cd, I had 3 options
1:hit retry
2:more information (brought up a window stating I either inserted the wrong cd or that my cd drive was not functioning)
3:cancel

cancel was the only one that made any progress and when I clicked it, it in turn brought a window
heading" windows file protection
and it read" if you cancel, windows might require you to insert a CD later. are you sure you want to skip this file" yes or no. this so I was left with no choise but to hit yes, it went on to do its thing, and then the same thing happened " it asked me (like you said) about my cd, I had 3 options"

so I did the same thing. After a couple times more of going through the same thing, and error window (finanaly -.-)
came up
heading :
winlogon.exe application error
and it read as follows:
the instruction "0x7c9111de" reference memory at "0x00000400", the memory could not be 'read"

then theres an ok button, so i click it and hte pc re-boots.

[8cimi]

btw windows is actually looking like 'classic' mode now its not round and blue and more. YES!
getting better perhaps?

[8cimi]

ok well i tried otmoveit for kciks, and i worked i pasted what you tod me and these are the results.

< c:\sro_client.exe /s >
c:\Silkroad\sro_client.exe moved successfully.
< c:\bndfxdh.exe /s >
c:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\bndfxdh.exe moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon\\ deleted successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08032008_183011


btw, im very amazed how well youve been able to help without actaully being here.

[8cimi]

ok i ran the atf cleaner


finally somethign else worked fine, is my pc kinda safe now?i want to be a little more ready now =/.
I know i only have the basic xp firewall, also a friend justnow told me of 2 things, sanbboxie and opendns , these good? and waht else can i do ?

[8cimi]

hello again. ok everything was going smooth, then all of sudden the pc rebooted, when it did i noticed that i had no more error windows I was extatic to say the least, I go turn off the pc and it says windows needs to update when i shutdown, so I shut down and a boot up agian, guess what? all the errors came back. and i got this really long error window not liek form before it read liek this.

headline: windows cannot find 1&Id=d83dc8bc-dd9l-4c84-b160-4cbf33baaa5&LCID=1033&05=5.12600.2000100.2.2'

then the window said the smae thing with this added:
make sure you typed the name correctly and then try again to search for a file click the start button and then search.

and then for some reason (out of frustration) i ran combo fix

and it ran just fin untill this error window poped up

the instruction at "0x7e42c96a" reference memeory at "0x93a7eb8" the memory could not be "written"

also im using IE becuase fire fox stoped working, when i click on it it says it has encountered a problem.

[8cimi]

I was able to drag and drop the windows console file onto the combo fix and this time also able to click yes on the window that pops up. it all went through exept, one error window did come up it read
headline: CF9242.exe
and the window read: the application failed to initialized pro... (0xc00000096)

[8cimi]

ComboFix 08-08-01.05 - Jesus 2008-08-03 21:23:34.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1673 [GMT -4:00]
Running from: C:\Documents and Settings\Jesus\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jesus\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-03 18:30 . 2008-08-03 18:30 <DIR> d-------- C:\_OTMoveIt
2008-08-03 12:29 . 2008-08-03 12:29 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-03 11:11 . 2008-08-03 11:11 <DIR> d-------- C:\Program Files\OpenDNS Updater
2008-08-03 10:37 . 2008-08-03 10:37 <DIR> d-------- C:\Deckard
2008-08-01 20:15 . 2008-08-01 20:15 331 --ah----- C:\IPH.PH
2008-07-31 16:53 . 2008-07-31 16:53 102 --a------ C:\emsf.bat
2008-07-07 13:47 . 2008-07-07 13:47 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-07 13:47 . 2008-07-07 13:47 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-07 13:47 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-07 10:50 . 2008-07-07 10:50 <DIR> d-------- C:\Program Files\StreamingStar
2008-07-07 10:50 . 2008-08-03 19:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 10:47 . 2008-07-07 10:47 <DIR> d-------- C:\WINDOWS\system32\WinFox
2008-07-07 10:47 . 2008-07-07 10:47 <DIR> d-------- C:\WINDOWS\system32\WinFast
2008-07-07 10:47 . 2008-07-07 10:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 23:34 --------- d-----w C:\Program Files\Opera 9
2008-08-01 05:45 --------- d-----w C:\Program Files\Bazooka Scanner
2008-07-31 20:42 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-07-07 14:50 --------- dc----w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-07 14:50 --------- d-----w C:\Documents and Settings\Jesus\Application Data\uTorrent
2008-07-07 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek
2008-07-07 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-07 14:47 --------- d-----w C:\Program Files\tamasoftware
2008-07-07 14:47 --------- d-----w C:\Documents and Settings\Jesus\Application Data\U3
2008-07-07 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-07 14:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 14:46 --------- d-----w C:\Program Files\Absolute Poker
2008-07-07 14:33 --------- d-----w C:\Program Files\QuickTime
2008-07-07 14:33 --------- d-----w C:\Program Files\Apple Software Update
2008-06-29 03:32 --------- d-----w C:\Documents and Settings\Jesus\Application Data\dvdcss
2008-06-23 21:23 --------- d-----w C:\Program Files\Widestep Software
2008-06-23 19:30 --------- d-----w C:\Program Files\Windows Live
2008-06-23 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-22 01:44 --------- d-----w C:\Program Files\DC++
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 18:37 --------- d-----w C:\Program Files\Saitek
2008-06-07 20:06 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2004-07-22 14:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-20 02:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-20 02:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-16 18:30 3,858 ----a-w C:\Program Files\directx redist.txt
2004-07-09 18:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 13:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 13:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 08:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 08:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 07:03 62,976 ----a-w C:\Program Files\DSETUP.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 10:10 131072]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 10:10 233472]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [2008-06-09 13:07 209408]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 10:38 78008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 11:29 40960 C:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ezShieldProtector for Px"=C:\WINDOWS\system32\ezSP_Px.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Documents and Settings\\Jesus\\Desktop\\SRO_NEW_Full-Client_Downloader.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 10:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 WUSB54GSSVC;WUSB54GSSVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GS.exe []
S3 SaiH80C1;SaiH80C1;C:\WINDOWS\system32\DRIVERS\SaiH80C1.sys [2007-10-05 10:19]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-07 13:47]
S3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 23:04]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c594d57-6061-11dc-8e27-a4c471764370}]
\Shell\AutoRun\command - LinksysConnectPC.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-04 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jesus\Application Data\Mozilla\Firefox\Profiles\w8z3ldes.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 21:25:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-08-03 21:27:42
ComboFix-quarantined-files.txt 2008-08-04 01:26:40
ComboFix2.txt 2008-08-04 01:07:15
ComboFix3.txt 2008-08-02 20:53:09
ComboFix4.txt 2007-09-12 03:28:35

Pre-Run: 102,806,732,800 bytes free
Post-Run: 102,778,572,800 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

139 --- E O F --- 2008-08-04 00:48:26


the combo fix drag and drop window log.

[8cimi]

I also just ran hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:30 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jesus\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jesus\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB1C4B0-D02D-42CE-8D8F-045DD03FDD02}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 4640 bytes