| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 63709 | 2005-11-20 16:46:00 | Windows XP Boot problem | blaster (9269) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 405886 | 2005-11-20 16:46:00 | Im having a horrible time getting windows XP to boot. I can only boot to safe mode, disable all services and boot normally, then re-enable them so i have internet access. It seems to be something with the SVChost.exe file, and the network connections service. |
blaster (9269) | ||
| 405887 | 2005-11-20 17:02:00 | Logfile of HijackThis v1.99.1 Scan saved at 11:59:18 AM, on 11/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\windows\system32\mdms.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ewido\security suite\SecuritySuite.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Return to Castle Wolfenstein - Platinum Edition\Ventrilo\Ventrilo.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe C:\Program Files\Return To Castle Wolfenstein - Platinum Edition\New Folder (2)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.rr.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {50B523F5-4846-7C0B-7BA1-2AFA56FD629A} - (no file) O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {F87210F6-BCC5-9F77-5131-A54D8A76FF1B} - (no file) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [rtf32.exe] rtf32.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MsUpdate] C:\Program Files\MsUpdate\MsUpdate.exe /auto O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC 2.EXE /P23 "EPSON Stylus C60 Series" /O6 "USB001" /M "Stylus C60" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\RECYCLER\NPROTECT\00002919.rbf O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'mswsck2.dll' missing O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - support.gateway.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - download.ewido.net O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - security.symantec.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - support.gateway.com O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: style32 - C:\WINDOWS\ O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file) O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} - (no file) |
blaster (9269) | ||
| 405888 | 2005-11-20 19:08:00 | Delete the following . Get some decent anti-spyware tools - try Counterspy - it will pick up all those you have . ANd get a legit copy of WIndows . Running processes: C:\windows\system32\mdms . exe C:\Program Files\BigFix\BigFix . exe C:\WINDOWS\system32\msiexec . exe R3 - URLSearchHook: (no name) - {50B523F5-4846-7C0B-7BA1-2AFA56FD629A} - (no file) O3 - Toolbar: (no name) - {F87210F6-BCC5-9F77-5131-A54D8A76FF1B} - (no file) O4 - HKLM\ . . \Run: [SysMemory manager] c:\windows\system32\mdms . exe O4 - HKLM\ . . \Run: [rtf32 . exe] rtf32 . exe O4 - HKLM\ . . \Run: [cfgmgr52] RunDLL32 . EXE C:\WINDOWS\cfgmgr52 . dll,DllRun O4 - HKCU\ . . \Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001 . exe" O4 - HKCU\ . . \Run: [ares] "C:\Program Files\Ares\Ares . exe" -h res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: Real . com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw . dll O10 - Broken Internet access because of LSP provider 'mswsck2 . dll' missing O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - . gateway . com/support/profiler/PCPitStop . CAB" target="_blank">support . gateway . com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=39204" target="_blank">go . microsoft . com . symantec . com/sscv6/SharedContent/common/bin/cabsa . cab" target="_blank">security . symantec . com O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - . gateway . com/support/serialharvest/gwCID . CAB" target="_blank">support . gateway . com O21 - SSODL: SysTray . Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file) O21 - SSODL: SysTray . Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} - (no file) |
pctek (84) | ||
| 405889 | 2005-11-20 20:58:00 | Also download first, before cleaning up, LSPfix ( . snapfiles . com/get/lspfix . html" target="_blank">www . snapfiles . com) which will repair your Winsock problem . Can I also recommend you have a cleanout of your caches as well . A safe and easy program to do this for you is Ccleaner ( . majorgeeks . com/download4191 . html" target="_blank">www . majorgeeks . com) . Use both the cleaner and issues buttons . Some Spyware and Trojans can re-infect while hiding within these caches . |
pheonix (36) | ||
| 405890 | 2005-11-20 21:05:00 | What PCtek forgot to mention is, u turn off system restore, and boot into safe mode. Then tick these, and tick fix checked. Then reboot. C:\windows\system32\mdms.exe O3 - Toolbar: (no name) - {F87210F6-BCC5-9F77-5131-A54D8A76FF1B} - (no file) O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s This belongs to a trojan / worm. And most probably whats stuffing things up. O4 - HKLM\..\Run: [rtf32.exe] rtf32.exe O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MsUpdate] C:\Program Files\MsUpdate\MsUpdate.exe /auto O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O10 - Broken Internet access because of LSP provider 'mswsck2.dll' missing O20 - Winlogon Notify: style32 - C:\WINDOWS\ O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file) O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} - (no file) Bigfix isnt nasty. |
Speedy Gonzales (78) | ||
| 405891 | 2005-11-20 21:14:00 | Delete the following. Get some decent anti-spyware tools - try Counterspy - it will pick up all those you have. ANd get a legit copy of WIndows. Umm how could you tell it wasn't legal? PM if you want |
Myth (110) | ||
| 405892 | 2005-11-20 22:37:00 | this is definetly a legit copy. but i did another copy using the i386 folder, hoping to fix it. im going to delete the other version now. i'll get right on it, thanks. |
blaster (9269) | ||
| 405893 | 2005-11-20 22:44:00 | er, installed via i386. the lspfix is done. working on ccleaner now and will get to the hijackthis next. the only problem with the mdms.exe is it keeps coming back, no matter what i do. | blaster (9269) | ||
| 405894 | 2005-11-20 22:59:00 | from sophos antivirus site:...... Troj/Cimuz-C is a Trojan for the Windows platform. The Trojan starts a proxy server allowing remote users to route HTTP traffic through the infected computer. The Trojan registers itself on several sites to report the availability of the listening proxy server. When first run Troj/Cimuz-C copies itself to <System>\mdms.exe, creates the file <System>\winacpi.dll and also creates a registry entry to run mdms.exe on startup. |
drcspy (146) | ||
| 405895 | 2005-11-20 23:00:00 | try startbutton/run/msconfig ......startup tab to see if it's listed there and also you may want to get 'moveonboot' its an excellent app that allows you to set the sytsem to delete nasty files that wont move in windows......... | drcspy (146) | ||
| 1 2 3 | |||||