Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

HJT log - Desktop computer freezes within 3 minutes of loading desktop

This is a discussion on HJT log - Desktop computer freezes within 3 minutes of loading desktop within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hey, I am running a desktop that freezes within 3 minutes of Windows XP and showing the desktop. Keyboard won't


 
 
Thread Tools Search this Thread
Old 05-23-2008, 10:28 PM   #1
Guest
 
Join Date: May 2008
Posts: 9
OS:



Hey,

I am running a desktop that freezes within 3 minutes of Windows XP and showing the desktop. Keyboard won't work and sometimes mouse cursor is able to move. I tried system restore, recovery console (which caused me more grief because it overwrote my Vista MBR), NOD32 scans, Ad-aware scans, Spybot scans, and ClamWin scans. I don't know how this happened. A few days ago, I came back to my computer from watching TV and it was frozen. I had to manually reboot with the button and it's been like this ever after.

D:\ is my Windows XP partition.

Logfile of HijackThis v1.99.1
Scan saved at 6:04:13 PM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\WINDOWS\system32\CTsvcCDA.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\WINDOWS\system32\wscntfy.exe
G:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'd:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O20 - Winlogon Notify: LBTWlgn - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - D:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - Unknown owner - D:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

Any help is greatly appreciated!!!
jqoolio is offline  
Sponsored Links
Advertisement
 
Old 05-27-2008, 11:13 AM   #2
Guest
 
Join Date: May 2008
Posts: 9
OS:



Bump.
jqoolio is offline  
Old 05-30-2008, 09:53 PM   #3
Guest
 
Join Date: May 2008
Posts: 9
OS:



bump?
jqoolio is offline  
Sponsored Links
Advertisement
 
Old 06-01-2008, 08:01 PM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello jqoolio,

I'm not sure you've posted in the correct forum. What leads you to believe malware is the cause of your issues? Did any of your scans indicate infection?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-02-2008, 11:50 PM   #5
Guest
 
Join Date: May 2008
Posts: 9
OS:



I booted into Windows Vista and used ClamWin to scan my Windows XP partition and there were infections. I cleaned them up and XP still won't boot properly. I checked the hardware by unplugging everything except the necessary components but it wouldn't boot normal either. I have 2 different speed RAM sticks and only plugged in 2 of the 4 with the same speeds but that made no difference. I'm using all 4 sticks (w/ 2 different speeds) right now in Vista without any problems. Any one have any ideas or can redirect me to the right thread? TIA.
jqoolio is offline  
Old 06-03-2008, 05:01 AM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Do you recall what ClamWin found?

I'd like a more comprehensive set of logs to assist in detecting any malware that may be present.

As noted in the final step (Step 5) of our sticky topic IMPORTANT - Read This Before Posting For Malware Removal Help....

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-03-2008, 05:42 PM   #7
Guest
 
Join Date: May 2008
Posts: 9
OS:



Sorry, I don't remember the two files ClamWin found but they were trojan files. By the way, does DSS work only in the current, booted OS or does it work for the entire hard drive, regardless of what OS it is in? It might make sense to reiterate that I have Windows Vista and Windows XP under dual boot but my XP freezes before I can do much in it.
jqoolio is offline  
Old 06-03-2008, 08:08 PM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



I'd want you to run it on the XP since that is the OS that is having trouble. Will it load for you in Safe Mode? If so, go ahead and run dss.exe in Safe Mode.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-03-2008, 09:40 PM   #9
Guest
 
Join Date: May 2008
Posts: 9
OS:



I found one of the ClamWin logs and I removed this file: D:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\dzps0pwy.default\Cache\AEFDC12Fd01: Sirius.Annihilator.272 FOUND

DSS Main.txt:

Deckard's System Scanner v20071014.68
Run by Jason on 2008-06-03 21:23:01
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 3 Restore Point(s) --
3: 2008-05-31 07:40:50 UTC - RP3 - Installed EasyCleaner
2: 2008-05-24 04:25:39 UTC - RP2 - Installed VistaBootPRO 3.3
1: 2008-05-24 00:39:44 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jason.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-03 21:24:44
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
G:\dss.exe
G:\Install Files\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://www.update.microsoft.com/wind...?1212221426906
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - D:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - D:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero\Nero 7\Nero
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - Unknown owner - D:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe


--
End of file - 4757 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 catchme - d:\docume~1\jason\locals~1\temp\catchme.sys (file missing)
S3 P2k (Motorola USB Device) - d:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 PortTalk - d:\windows\system32\drivers\porttalk.sys <Not Verified; Beyond Logic https://www.beyondlogic.org; PortTalk Driver V2.0>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 CCALib8 (Canon Camera Access Library 8) - d:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S2 ekrn (Eset Service) - "d:\program files\eset\eset nod32 antivirus\ekrn.exe" <Not Verified; ESET; ESET Smart Security>
S3 FLEXnet Licensing Service - "d:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - d:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 OpcEnum - d:\windows\system32\opcenum.exe (file missing)
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "d:\program files\bonjour\mdnsresponder.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_26011019&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_03EB&SUBSYS_26011019&REV_A2\3&2411E6FE&0&09
Service:

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&2411E6FE&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&2411E6FE&0
Service: i8042prt


-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-05-31 01:07:52 3840 --a------ D:\WINDOWS\system32\drivers\BANTExt.sys
2008-05-31 01:07:52 0 d-------- D:\Program Files\Belarc
2008-05-31 00:43:50 0 d-------- D:\Documents and Settings\All Users\Application Data\NVIDIA
2008-05-31 00:41:31 1519616 --a------ D:\WINDOWS\system32\nwiz.exe
2008-05-31 00:41:30 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
2008-05-31 00:41:30 1662976 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
2008-05-31 00:41:30 466944 --a------ D:\WINDOWS\system32\nvshell.dll
2008-05-31 00:41:28 1466368 --a------ D:\WINDOWS\system32\nview.dll
2008-05-31 00:41:27 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
2008-05-31 00:41:25 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2008-05-31 00:41:24 425984 --a------ D:\WINDOWS\system32\keystone.exe
2008-05-31 00:41:21 40960 --a------ D:\WINDOWS\system32\ChCfg.exe
2008-05-31 00:41:08 0 d-------- D:\WINDOWS\Motorola
2008-05-31 00:40:51 0 d-------- D:\Program Files\Realtek
2008-05-31 00:40:47 487424 --a------ D:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-05-30 23:57:22 0 d-------- D:\WINDOWS\peernet
2008-05-29 11:14:36 0 d-------- D:\Program Files\EasyCleaner
2008-05-29 10:45:05 0 d-------- D:\Documents and Settings\Jason\Application Data\.clamwin
2008-05-29 10:44:58 0 d-------- D:\Program Files\ClamWin
2008-05-29 10:44:58 0 d-------- D:\Documents and Settings\All Users\.clamwin
2008-05-29 10:35:46 53248 --a------ D:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-29 10:34:14 68096 --a------ D:\WINDOWS\zip.exe
2008-05-29 10:34:14 49152 --a------ D:\WINDOWS\VFind.exe
2008-05-29 10:34:14 212480 --a------ D:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-29 10:34:14 136704 --a------ D:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-29 10:34:14 161792 --a------ D:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-29 10:34:14 98816 --a------ D:\WINDOWS\sed.exe
2008-05-29 10:34:14 80412 --a------ D:\WINDOWS\grep.exe
2008-05-29 10:34:14 89504 --a------ D:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-29 10:19:58 0 d-------- D:\WINDOWS\ERUNT
2008-05-23 21:25:43 0 d-------- D:\Program Files\PROnetworks
2008-05-23 17:31:55 0 d-------- D:\WINDOWS\Prefetch
2008-05-22 12:25:37 0 d-------- D:\Documents and Settings\Jason\Application Data\HouseCall 6.6
2008-05-22 11:12:29 0 d-------- D:\Documents and Settings\Jason\.housecall6.6
2008-05-22 05:14:31 0 d-------- D:\Program Files\Panda Security
2008-05-22 03:53:05 0 d--hs---- D:\$RECYCLE.BIN
2008-05-22 03:52:01 0 d--h----- D:\erData
2008-05-21 04:54:09 8126464 --a------ D:\Documents and Settings\Jason\ntuser.dat
2008-05-21 04:54:08 1437696 --a------ D:\Documents and Settings\LocalService\ntuser.dat
2008-05-21 04:21:11 0 dr-h----- D:\Documents and Settings\Jason\Recent
2008-05-21 00:51:27 0 d-------- D:\Program Files\Real
2008-05-21 00:51:27 0 d-------- D:\Program Files\Common Files\Real
2008-05-21 00:50:51 0 d-------- D:\Documents and Settings\Jason\Application Data\Real
2008-05-15 06:36:43 0 d-------- D:\Documents and Settings\Jason\Application Data\Recordpad
2008-05-15 06:36:41 0 d-------- D:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-15 06:36:39 0 d-------- D:\Documents and Settings\Jason\Application Data\NCH Swift Sound
2008-05-15 06:36:08 0 d-------- D:\Program Files\NCH Software
2008-05-15 06:36:05 0 d-------- D:\Program Files\NCH Swift Sound
2008-05-06 14:35:16 0 d-------- D:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-06 14:34:52 0 d--hs---- D:\WINDOWS\CSC
2008-05-03 18:34:04 0 d--h----- D:\Documents and Settings\Administrator\NetHood
2008-05-03 18:34:04 0 d-------- D:\Documents and Settings\Administrator\My Documents
2008-05-03 18:34:04 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
2008-05-03 18:34:04 0 d-------- D:\Documents and Settings\Administrator\Favorites
2008-05-03 18:34:04 0 d-------- D:\Documents and Settings\Administrator\Desktop
2008-05-03 18:34:04 0 d---s---- D:\Documents and Settings\Administrator\Cookies
2008-05-03 18:34:04 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
2008-05-03 18:34:04 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-03 18:34:03 0 d--h----- D:\Documents and Settings\Administrator\Templates
2008-05-03 18:34:03 0 dr------- D:\Documents and Settings\Administrator\Start Menu
2008-05-03 18:34:03 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
2008-05-03 18:34:03 0 d--h----- D:\Documents and Settings\Administrator\Recent
2008-05-03 18:34:03 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
2008-05-03 18:34:03 2097152 --ah----- D:\Documents and Settings\Administrator\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-31 00:40:50 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-05-23 17:25:36 22720 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-05-23 17:25:18 0 d-------- D:\Program Files\Windows Media Connect 2
2008-05-23 17:25:02 0 d-------- D:\Program Files\Windows NT
2008-05-22 11:31:16 0 d-------- D:\Program Files\Common Files
2008-05-22 05:14:32 3151 --a------ D:\WINDOWS\mozver.dat
2008-05-22 04:15:22 0 d-------- D:\Documents and Settings\Jason\Application Data\uTorrent
2008-05-22 04:15:17 0 d-------- D:\Program Files\Active Desktop Calendar
2008-05-22 03:40:39 0 d-------- D:\Program Files\Impulse
2008-05-21 20:05:33 0 d-------- D:\Program Files\Steam
2008-05-21 15:49:08 0 d-------- D:\Documents and Settings\Jason\Application Data\dvdcss
2008-05-21 02:01:30 0 d-------- D:\Documents and Settings\Jason\Application Data\LimeWire
2008-05-15 14:34:29 0 --a------ D:\WINDOWS\system32\FOXIT_PDF
2008-05-15 05:23:36 0 d-------- D:\Program Files\DC++
2008-05-12 17:29:53 0 d-------- D:\Program Files\Lavasoft
2008-05-08 04:11:00 0 d-------- D:\Program Files\Winamp
2008-05-03 18:43:49 0 d-------- D:\Program Files\Common Files\Ahead
2008-05-03 18:08:58 0 d-------- D:\Program Files\Nero
2008-05-01 01:57:48 0 d-------- D:\Program Files\Microsoft IntelliPoint
2008-04-29 22:08:02 0 d-------- D:\Program Files\Common Files\Logishrd
2008-04-28 13:37:05 0 d-------- D:\Documents and Settings\Jason\Application Data\Logitech
2008-04-28 13:35:50 0 d-------- D:\Program Files\Logitech
2008-04-23 01:54:35 0 d-------- D:\Documents and Settings\Jason\Application Data\Lavasoft
2008-04-15 01:21:44 0 d-------- D:\Documents and Settings\Jason\Application Data\Nero
2008-04-14 22:53:52 0 d-------- D:\Documents and Settings\Jason\Application Data\Ahead
2008-04-14 21:48:16 0 d-------- D:\Program Files\uTorrent
2008-04-13 13:15:00 0 d-------- D:\Program Files\Motorola Phone Tools
2008-04-13 13:12:37 0 d-------- D:\Program Files\Avanquest update
2008-04-13 12:43:32 0 d-------- D:\Documents and Settings\Jason\Application Data\InstallShield
2008-04-05 22:30:30 0 d-------- D:\Documents and Settings\Jason\Application Data\Mozilla
2008-04-03 19:15:36 0 d-------- D:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-07-12 13:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 d:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=D:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^PolicyKey.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\PolicyKey.lnk
backup=D:\WINDOWS\pss\PolicyKey.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
D:\Program Files\Active Desktop Calendar\ADC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
"D:\Program Files\ClamWin\bin\ClamTray.exe" --logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
rundll32.exe "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
"D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"D:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
"D:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8554 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-03 21:25:21 ------------
Attached Files
File Type: txt extra.txt (20.7 KB, 33 views)
jqoolio is offline  
Old 06-04-2008, 09:53 AM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



I see you also ran ComboFix. Please post the log - you'll find it at D:\ComboFix.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-04-2008, 12:47 PM   #11
Guest
 
Join Date: May 2008
Posts: 9
OS:



This is whatever I have of the ComboFix log before my computer froze and I had to do a hard boot. I didn't run it in Safe Mode because Safe Mode works fine and I assumed didn't have any errors.

ComboFix 08-05-21.3 - Jason 2008-05-29 10:35:09.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2751 [GMT -7:00]
Running from: G:\Install Files\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 10:19 . 2008-05-29 10:20 <DIR> d-------- D:\WINDOWS\ERUNT
2008-05-29 10:19 . 2008-05-29 10:35 <DIR> d-------- D:\SDFix
2008-05-23 21:25 . 2008-05-23 21:25 <DIR> d-------- D:\Program Files\PROnetworks
2008-05-23 17:28 . 2001-08-23 05:00 13,463,552 --a--c--- D:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-23 17:27 . 2004-05-13 00:39 876,653 --a--c--- D:\WINDOWS\system32\dllcache\fp4awel.dll
2008-05-23 17:26 . 2008-05-23 17:26 749 -rah----- D:\WINDOWS\WindowsShell.Manifest
2008-05-23 17:26 . 2008-05-23 17:26 749 -rah----- D:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-23 17:26 . 2008-05-23 17:26 749 -rah----- D:\WINDOWS\system32\sapi.cpl.manifest
2008-05-23 17:26 . 2008-05-23 17:26 749 -rah----- D:\WINDOWS\system32\nwc.cpl.manifest
2008-05-23 17:26 . 2008-05-23 17:26 749 -rah----- D:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-23 17:26 . 2008-05-23 17:26 488 -rah----- D:\WINDOWS\system32\logonui.exe.manifest
2008-05-23 17:17 . 2001-08-23 05:00 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2008-05-23 17:17 . 2001-08-23 05:00 24,661 --a--c--- D:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-23 17:17 . 2001-08-23 05:00 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2008-05-23 17:17 . 2001-08-23 05:00 13,312 --a--c--- D:\WINDOWS\system32\dllcache\irclass.dll
2008-05-22 12:25 . 2008-05-22 12:30 <DIR> d-------- D:\Documents and Settings\Jason\Application Data\HouseCall 6.6
2008-05-22 11:12 . 2008-05-22 12:26 <DIR> d-------- D:\Documents and Settings\Jason\.housecall6.6
2008-05-22 11:12 . 2008-05-22 11:12 102,664 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-22 05:14 . 2008-05-22 11:29 <DIR> d-------- D:\Program Files\Panda Security
2008-05-22 03:53 . 2008-05-22 03:53 <DIR> d--hs---- D:\$RECYCLE.BIN
2008-05-22 03:52 . 2008-05-22 03:52 <DIR> d--h----- D:\erData
2008-05-21 00:51 . 2008-05-22 11:31 <DIR> d-------- D:\Program Files\Real
2008-05-21 00:51 . 2008-05-22 11:31 <DIR> d-------- D:\Program Files\Common Files\Real
2008-05-15 06:36 . 2008-05-22 11:30 <DIR> d-------- D:\Program Files\NCH Swift Sound
2008-05-15 06:36 . 2008-05-15 06:36 <DIR> d-------- D:\Program Files\NCH Software
2008-05-15 06:36 . 2008-05-15 06:36 <DIR> d-------- D:\Documents and Settings\Jason\Application Data\Recordpad
2008-05-15 06:36 . 2008-05-15 06:36 <DIR> d-------- D:\Documents and Settings\Jason\Application Data\NCH Swift Sound
2008-05-15 06:36 . 2008-05-15 06:36 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-14 03:04 . 2008-05-22 11:32 1,374 --a------ D:\WINDOWS\imsins.BAK
2008-05-03 18:34 . 2008-05-22 04:15 <DIR> d-------- D:\Documents and Settings\Administrator
2008-05-01 19:13 . 2008-05-01 19:13 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ESET
2008-05-01 02:07 . 2008-05-01 02:07 <DIR> d---s---- D:\Documents and Settings\Jason\UserData
2008-05-01 01:57 . 2008-05-01 01:57 <DIR> d-------- D:\Program Files\Microsoft IntelliPoint
2008-04-29 22:18 . 2008-04-29 22:18 <DIR> d-------- D:\Documents and Settings\Jason\WINDOWS
2008-04-29 22:18 . 2008-04-29 22:18 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\LogiShrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 00:25 --------- d-----w D:\Program Files\Windows Media Connect 2
2008-05-22 12:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-22 11:15 --------- d-----w D:\Program Files\Active Desktop Calendar
2008-05-22 11:15 --------- d-----w D:\Documents and Settings\Jason\Application Data\uTorrent
2008-05-22 10:40 --------- d-----w D:\Program Files\Impulse
2008-05-22 03:05 --------- d-----w D:\Program Files\Steam
2008-05-21 22:49 --------- d-----w D:\Documents and Settings\Jason\Application Data\dvdcss
2008-05-21 09:01 --------- d-----w D:\Documents and Settings\Jason\Application Data\LimeWire
2008-05-15 12:23 --------- d-----w D:\Program Files\DC++
2008-05-13 00:29 --------- d-----w D:\Program Files\Lavasoft
2008-05-09 11:40 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-08 11:11 --------- d-----w D:\Program Files\Winamp
2008-05-04 01:43 --------- d-----w D:\Program Files\Common Files\Ahead
2008-05-04 01:08 --------- d-----w D:\Program Files\Nero
2008-05-04 01:08 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
2008-05-02 02:15 --------- d-----w D:\Program Files\ESET
2008-04-30 05:08 --------- d-----w D:\Program Files\Common Files\Logishrd
2008-04-28 20:37 --------- d-----w D:\Documents and Settings\Jason\Application Data\Logitech
2008-04-28 20:36 0 ---ha-w D:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-28 20:35 --------- d-----w D:\Program Files\Logitech
2008-04-28 20:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\Logitech
2008-04-23 08:54 --------- d-----w D:\Documents and Settings\Jason\Application Data\Lavasoft
2008-04-15 08:21 --------- d-----w D:\Documents and Settings\Jason\Application Data\Nero
2008-04-15 05:53 --------- d-----w D:\Documents and Settings\Jason\Application Data\Ahead
2008-04-15 04:48 --------- d-----w D:\Program Files\uTorrent
2008-04-14 04:46 --------- d-----w D:\Documents and Settings\All Users\Application Data\National Instruments
2008-04-13 23:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-04-13 20:15 --------- d-----w D:\Program Files\Motorola Phone Tools
2008-04-13 20:12 --------- d-----w D:\Program Files\Avanquest update
2008-04-13 19:46 --------- d-----w D:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-13 19:43 --------- d-----w D:\Documents and Settings\Jason\Application Data\InstallShield
2008-04-06 05:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 05:30 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-04-04 02:15 --------- d-----w D:\Program Files\Java
2008-04-03 21:06 3,567 ----a-w D:\WINDOWS\system32\drivers\PortTalk.sys
2008-04-03 18:55 0 ---ha-w D:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-03 18:55 0 ---ha-w D:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-03-31 05:40 --------- d-----w D:\Program Files\VLC
.
jqoolio is offline  
Old 06-04-2008, 10:26 PM   #12
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



I'm not finding any malware in these logs. I'd like you to run one more tool, if this comes up clean, your issue is apparently OS related.

Run it from Safe Mode, please.

This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I do not want it to clean--for now, I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, we need to change the default settings.
  • In the Menu Bar, Go to Options>Change Settings.
  • Click on the Actions tab
  • Using the drop down menus, change each item under Objects and Malware to Report
  • Next, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'No to All' if it asks if you want to cure/move the file.
  • After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post the contents of the log from Dr.Web you saved previously in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-06-2008, 12:32 AM   #13
Guest
 
Join Date: May 2008
Posts: 9
OS:



I couldn't wait around any longer so I just restored my Windows XP OS I had imaged right after a fresh install. Thanks for your help but I needed XP back because Vista was ruining my life. =P
jqoolio is offline  
Old 06-06-2008, 06:17 AM   #14
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



That was likely your best course of action since I wasn't finding any malware here.

Thanks for letting me know. Take care.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:30 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts