Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help - My Computer Crashes Constantly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please Help - My Computer Crashes Constantly

Unread postby ndmmxiaomayi » January 29th, 2008, 11:47 pm

Hi,

Did you download these files?

1. C:\Documents and Settings\Gopu\Shared\microsoft home server new.zip
2. C:\Program Files\DIGStream\digstream.exe

If you didn't, add these to OTMoveIt2 for removal.

Please download OTMoveIt2.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt2.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

Code: Select all
L:\Program Files\Yahoo!\YPSR\Quarantine
L:\WINNT\system32\Freeze.exe
L:\WINNT\system32\msg118.dll
L:\WINNT\system32\msguard.dll
L:\WINNT\Temp\temp.cab
C:\WINDOWS\system32\drivers\etc\cache03\ret.bat
C:\WINDOWS\system32\drivers\etc\cache03\tftp8675


Click on MoveIt! (2).

Click on Exit (3).

Please refer to this picture for using OTMoveIt.

Image

A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers.

Please copy and paste this log in your next reply.

Next...

If you already have SDFix, please delete this copy and download it again as it's being updated regularly.

  1. Please download SDFix by AndyManchesta and save it to your desktop.
  2. Double click on SDFix.exe. By default, it will install to C:\.
  3. Click on Install.

Please print out or save this set of instructions as you will not have internet access during the fix.

Next, boot into Safe Mode.

  1. When you see BIOS screen, start pressing F8.
  2. A boot menu will appear shortly.
  3. Using the up down arrows, select Safe Mode and press the Enter key.
  4. Windows will now load.
  5. Log in to your usual account.
  6. Navigate to C:\SDfix (if you installed it to the default location, otherwise, locate where you installed it)
  7. Double click on RunThis.bat
  8. Type Y to begin the cleanup process.
  9. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  10. Press any key to reboot.
  11. When the PC restarts the tool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  12. Once the desktop icons load, the SDFix report will open on screen. You can also find the report in SDFix folder, named Report.txt.

In your next reply, please post:

  1. SDFix report (C:\SDFix\report.txt)
  2. A new HijackThis log
  3. OTMoveIt2 log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Re: Please Help - My Computer Crashes Constantly

Unread postby vetteengr » January 30th, 2008, 9:19 pm

L:\Program Files\Yahoo!\YPSR\Quarantine\ppq79A.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq796.tmp\FLEOK moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq796.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq791.tmp\SideSearch moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq791.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq790.tmp\BHO moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq790.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq78E.tmp\CAB38028.8610392245 moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq78E.tmp\CAB38017.3203348264 moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq78E.tmp\CAB38004.7580918519 moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq78E.tmp\CAB37998.5250454861 moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq78E.tmp\CAB37997.3557295833 moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq78E.tmp\CAB37988.7980045833 moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq78E.tmp\CAB37946.803696956 moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq78E.tmp\CAB37915.9035949074 moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq78E.tmp\CAB37897.8676810069 moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq78E.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq77A.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq779.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq773.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq768.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq765.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq764.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq741.tmp\Client\Skins\Green2 moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq741.tmp\Client\Skins moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq741.tmp\Client\PlayLists moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq741.tmp\Client\Languages moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq741.tmp\Client\Install moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq741.tmp\Client\Help\HelpFile moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq741.tmp\Client\Help moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq741.tmp\Client\DB moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq741.tmp\Client moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq741.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq6FF.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq66B.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq60D.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq603.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq5FE.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F5.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E7.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq1299.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine\ppq1268.tmp moved successfully.
L:\Program Files\Yahoo!\YPSR\Quarantine moved successfully.
L:\WINNT\system32\Freeze.exe moved successfully.
L:\WINNT\system32\msg118.dll NOT unregistered.
L:\WINNT\system32\msg118.dll moved successfully.
L:\WINNT\system32\msguard.dll NOT unregistered.
L:\WINNT\system32\msguard.dll moved successfully.
L:\WINNT\Temp\temp.cab moved successfully.
C:\WINDOWS\system32\drivers\etc\cache03\ret.bat moved successfully.
C:\WINDOWS\system32\drivers\etc\cache03\tftp8675 moved successfully.
C:\Program Files\DIGStream\digstream.exe moved successfully.

OTMoveIt2 v1.0.16 log created on 01302008_191807
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm

Re: Please Help - My Computer Crashes Constantly

Unread postby vetteengr » January 30th, 2008, 11:01 pm

SDFix: Version 1.134

Run by Gopu on Wed 01/30/2008 at 07:30 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm

Re: Please Help - My Computer Crashes Constantly

Unread postby vetteengr » January 30th, 2008, 11:02 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:08 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\Kodak Utilities\PTS\Kodak Picture Transfer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Gopu\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HFFSRV] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak Picture Transfer.lnk = C:\Program Files\Kodak\Kodak Utilities\PTS\Kodak Picture Transfer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 9680061093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9680039015
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10825 bytes
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm

Re: Please Help - My Computer Crashes Constantly

Unread postby ndmmxiaomayi » January 31st, 2008, 1:36 am

Hi,

The SDFix report is incomplete.

Please post the full report.

It's located at C:\SDFix\report.txt
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Please Help - My Computer Crashes Constantly

Unread postby vetteengr » January 31st, 2008, 9:02 pm

Oooops



SDFix: Version 1.134

Run by Gopu on Wed 01/30/2008 at 07:30 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:




Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 20:14:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d2189ae]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ee180fdf
"s2"=dword:a474a384
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:d2,cb,46,6e,23,81,53,fb,9e,1b,5b,c0,8c,30,12,4d,0f,d5,e2,c0,3a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d2189ae]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:d2,cb,46,6e,23,81,53,fb,9e,1b,5b,c0,8c,30,12,4d,0f,d5,e2,c0,3a,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 27 Jan 2008 690,969 A..H. --- "C:\Program Files\Hide Files and Folders\iuninst.exe"
Sun 20 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 15 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BITF.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BITD.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT11.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITB.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT10.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT12.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BITE.tmp"
Tue 26 Jun 2007 589,824 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\tl5gxn6d.TMP"
Sun 20 May 2007 4,348 A..H. --- "C:\Documents and Settings\Gopu\My Documents\My Music\License Backup\drmv1key.bak"
Tue 19 Jun 2007 20 A..H. --- "C:\Documents and Settings\Gopu\My Documents\My Music\License Backup\drmv1lic.bak"
Tue 19 Jun 2007 400 A.SH. --- "C:\Documents and Settings\Gopu\My Documents\My Music\License Backup\drmv2key.bak"
Sun 20 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Sun 20 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Sun 20 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"
Sun 20 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch7\lock.tmp"
Sun 20 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch8\lock.tmp"
Sun 20 May 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch9\lock.tmp"

Finished!
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm

Re: Please Help - My Computer Crashes Constantly

Unread postby ndmmxiaomayi » January 31st, 2008, 10:06 pm

Know anything about this program?

C:\Program Files\Hide Files and Folders
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Please Help - My Computer Crashes Constantly

Unread postby vetteengr » January 31st, 2008, 11:19 pm

yes.. its a program that allows you to hide specific files or folders. Its something I downloaded...
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm

Re: Please Help - My Computer Crashes Constantly

Unread postby ndmmxiaomayi » January 31st, 2008, 11:59 pm

OK.

Let's try another scanner to see if there are any leftover files.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log as well as a new HijackThis log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Please Help - My Computer Crashes Constantly

Unread postby vetteengr » February 4th, 2008, 9:55 pm

Hi.. I give up... my Internet Explorer just stay up... It just keeps crashing.. so I can't run the online scan...
vetteengr
Regular Member
 
Posts: 33
Joined: November 13th, 2006, 4:55 pm

Re: Please Help - My Computer Crashes Constantly

Unread postby ndmmxiaomayi » February 11th, 2008, 3:22 am

Hi,

Sorry for the late reply.

Can you post a new HijackThis log please.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Please Help - My Computer Crashes Constantly

Unread postby 'KotaGuy » February 20th, 2008, 1:13 pm

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware