Options
AHHH!! PC starts up, opens loads of Explorer and Calculator windows then closes!!
Hi all. First time here, apologies if I seem to be wasting anyones time but I don't have the foggiest idea of what to do!!
As my topic suggests, my PC boots ok but then opens a load of internet explorer and calculator windows then shuts itself down. It won't stay on long enough to run any kind of anti spyware etc and it's getting to the stage where I just want to lob it out of the window!!!
I'm using a mate's PC just so I can try and search the net and post this for some help!
Any advice you could offer would be most appreciated.
Thanks so much
Sarah
PS. great forum!!!
As my topic suggests, my PC boots ok but then opens a load of internet explorer and calculator windows then shuts itself down. It won't stay on long enough to run any kind of anti spyware etc and it's getting to the stage where I just want to lob it out of the window!!!
I'm using a mate's PC just so I can try and search the net and post this for some help!
Any advice you could offer would be most appreciated.
Thanks so much
Sarah
PS. great forum!!!
0
Comments
Hi there, no it doesn't
Can you get into Windows in safe mode with out it opening these windows?
Turn the PC on, tap F8 repeatedly until you see the boot menu, select safe mode.
If that is ok...take a look in Start > All Programs > Startup anything odd there?
Not sure if Hijackthis will run in safe mode, see if you can download that, put it on a USB key then install it on the PC in safe mode, see if you can run it an post the results of its scan.
Is the PC in question connected to broadband internet? If yes...try disconnecting the ethernet cable before going into Windows...does that change the behaviour?
Thanks for your help.
Managed to run in safe mode, didn't seem to want to open any windows and then close itself down,,,which is good!
Was also able to run HJT - results here:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:09:33, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
G:\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mad Cat Women's Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 3559 bytes
Hope it makes sense to you, just a load of blurb to me - but then I guess that's why I've asked for help!
If I run the PC in normal mode and remove the cable it still wants to shut down. It's bizarre, it's almost like it gives me a false sense of security, one moment as soon as I fire the PC up it goes all weird and another time it'll go an hour or more and be fine - don't tell me, I'm making it worse everytime I turn it on?!
Hope to hear from you soon
Sarah
Here's how I would proceed - first lets see if its spyware:
First off things run very slowly in Safe Mode so be patient !
-Use your mate's PC to download the latest version of either spybot or AVG's free spyware program --- put the file on either a USB stick or a CDROM.
-Boot your PC in safe mode WITH networking and load the file onto your desktop
-Install the software --- then choose to download updates (have a cup of tea)
-Now scan the system hopefully you find something - delete whatever it finds and reboot normally -- hopefully things are OK
If not - you need to repeat the above but with a virus scanner and certainly you can also have your AVG do a scan as well
Good luck
Firstly, thanks HW - tried running AVG in safe mode and just found out that yes, actually my PC will do stupid things then turn itself off in that too!!!!!!
Good grief, should I give up now?!?!!?!?
Never give up
Victory will be yours.
Only the weak give in.
Eat at Joe's.
But seriously, it sounds like it's a bit of malware.
Couple things to try
- I would still try running a spyware scanner just to clear that issue
- You could try to boot in safe mode with networking and go to Mcafee or AVG and try to run their on-line scanner - this can take a lot of time but may solve the problem
- lastly --- (desperate measure) you can go into \Windows and rename exlporer.exe to something like 123explorer.exe and the the same thing for calc.exe found in \Windows\system32
this may foul-up the virus or Bat script as it eill get a system error upon trying to launch those files
Don't give up yet:)
Two things:
1) You currently have an older version of HijackThis that is no longer being used. Delete the version you have now, and then grab the latest from Here
2) There is nothing showing in the log above, but a log from safe mode is not very useful.
I would like to see a log from HijackThis:
Hi Trogan
Well I managed to get the updated HJT and run it in normal mode with literally seconds to spare before my PC shut itself down once more!!
So here's the log in normal mode (and the uninstall manager list below that)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:19, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mad Cat Women's Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4104 bytes
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8
Adobe Stock Photos 1.0
AVG 7.5
Azureus
C-Media WDM Audio Driver
DivX
DivX Converter
DivX Converter
DivX Player
FriendBlasterPro
HijackThis 2.0.2
Intel(R) Extreme Graphics 2 Driver
IsoBuster 2.0
J2SE Runtime Environment 5.0 Update 10
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Nero 6 Ultra Edition
Nimo Codecs Pack v5.0 (Remove Only)
PowerDVD
TuneUp Utilities 2006
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
Xvid 1.1.2 final uninstall
ZoneAlarm Security Suite
Thanks for all your help guys!
Sarah
I see you have ZoneAlarm Security Suite (which contains an Anti-Virus) and AVG Anti-Virus. There should only be one Anti-Virus program running any computer. If you use AVG Anti-Virus, ensure the Anti-Virus on ZoneAlarm Security Suite is disabled.
Still nothing malicious showing in either log.
*If you're unable to do the following in Normal Mode, do it in Safe Mode*
Please download Deckard's System Scanner (DSS) to your desktop.
Deckard's System Scanner v20071014.68
Run by Administrator on 2007-12-27 20:15:51
Computer is in Safe Mode.
-- System Restore
Failed to create restore point; computer is in safe mode.
-- Last 1 Restore Point(s) --
1: 2007-12-27 20:10:17 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 503 MiB (512 MiB recommended).
-- HijackThis (run as Administrator.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:31 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
G:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3440 bytes
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
-- Device Manager: Disabled
No disabled devices found.
-- Scheduled Tasks
2007-12-18 20:00:01 350 --a
C:\WINDOWS\Tasks\At21.job
2007-12-18 19:00:00 350 --a
C:\WINDOWS\Tasks\At20.job
2007-12-18 13:00:00 350 --a
C:\WINDOWS\Tasks\At14.job
2007-12-18 12:00:00 350 --a
C:\WINDOWS\Tasks\At13.job
2007-12-18 11:00:00 350 --a
C:\WINDOWS\Tasks\At12.job
2007-12-18 10:00:00 350 --a
C:\WINDOWS\Tasks\At11.job
2007-12-18 09:00:00 350 --a
C:\WINDOWS\Tasks\At10.job
2007-12-18 08:00:00 350 --a
C:\WINDOWS\Tasks\At9.job
2007-12-18 07:00:00 350 --a
C:\WINDOWS\Tasks\At8.job
2007-12-18 06:00:00 350 --a
C:\WINDOWS\Tasks\At7.job
2007-12-18 05:00:00 350 --a
C:\WINDOWS\Tasks\At6.job
2007-12-18 04:00:00 350 --a
C:\WINDOWS\Tasks\At5.job
2007-12-18 03:00:00 350 --a
C:\WINDOWS\Tasks\At4.job
2007-12-18 02:00:00 350 --a
C:\WINDOWS\Tasks\At3.job
2007-12-18 01:00:00 350 --a
C:\WINDOWS\Tasks\At2.job
2007-12-18 00:00:00 350 --a
C:\WINDOWS\Tasks\At1.job
2007-12-17 23:00:00 350 --a
C:\WINDOWS\Tasks\At24.job
2007-12-17 22:00:00 350 --a
C:\WINDOWS\Tasks\At23.job
2007-12-17 21:00:00 350 --a
C:\WINDOWS\Tasks\At22.job
2007-12-16 18:00:00 350 --a
C:\WINDOWS\Tasks\At19.job
2007-12-16 17:00:00 350 --a
C:\WINDOWS\Tasks\At18.job
2007-12-16 16:00:00 350 --a
C:\WINDOWS\Tasks\At17.job
2007-12-16 15:00:00 350 --a
C:\WINDOWS\Tasks\At16.job
2007-12-16 14:00:00 350 --a
C:\WINDOWS\Tasks\At15.job
2007-12-14 18:24:51 390 --a
C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2007-11-27 and 2007-12-27
2007-12-27 19:35:52 0 d
C:\Program Files\Trend Micro
2007-12-27 19:32:09 276000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-27 18:47:01 0 d
C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-27 18:46:32 0 d--h
C:\Documents and Settings\Administrator\Templates
2007-12-27 18:46:32 0 dr
C:\Documents and Settings\Administrator\Start Menu
2007-12-27 18:46:32 0 dr-h
C:\Documents and Settings\Administrator\SendTo
2007-12-27 18:46:32 0 d--h
C:\Documents and Settings\Administrator\Recent
2007-12-27 18:46:32 0 d--h
C:\Documents and Settings\Administrator\PrintHood
2007-12-27 18:46:32 524288 --ah
C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-27 18:46:32 0 d--h
C:\Documents and Settings\Administrator\NetHood
2007-12-27 18:46:32 0 d
C:\Documents and Settings\Administrator\My Documents
2007-12-27 18:46:32 0 d--h
C:\Documents and Settings\Administrator\Local Settings
2007-12-27 18:46:32 0 d
C:\Documents and Settings\Administrator\Favorites
2007-12-27 18:46:32 0 d
C:\Documents and Settings\Administrator\Desktop
2007-12-27 18:46:32 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-12-27 18:46:32 0 dr-h
C:\Documents and Settings\Administrator\Application Data
2007-12-27 18:46:23 0 d
C:\WINDOWS\CSC
2007-12-27 18:07:54 0 d
C:\WINDOWS\system32\appmgmt
2007-12-08 19:41:43 0 dr-h
C:\$VAULT$.AVG
2007-12-08 16:51:56 0 d
C:\Documents and Settings\Sarah\Application Data\AVG7
2007-12-08 16:51:50 0 d
C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-08 16:51:22 0 d
C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 16:51:22 0 d
C:\Documents and Settings\All Users\Application Data\avg7
2007-12-08 14:03:02 0 d
C:\Documents and Settings\Sarah\.housecall6.6
2007-12-08 13:55:23 0 d
C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-08 00:36:00 0 d
C:\505fb30ff05c7786a8
2007-12-08 00:33:39 0 d
C:\bcb9759eb722e16bba8ac78e5e
2007-12-07 20:48:45 0 d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 19:46:21 0 d
C:\WINDOWS\pss
-- Find3M Report
2007-12-27 20:08:10 4212 ---h
C:\WINDOWS\system32\zllictbl.dat
2007-12-19 13:36:20 0 d
C:\Program Files\Azureus
2007-12-07 23:30:41 512 --a
C:\ScanSectorLog.dat
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 02:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 02:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 02:36 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/27/2007 11:36 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
-- End of Deckard's System Scanner: finished at 2007-12-27 20:16:59
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 3.06GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.06GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 502.79 MiB / 387.07 MiB
Pagefile Memory (total/avail): 1241.39 MiB / 1176.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1946.79 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.55 GiB total, 70 GiB free.
D: is Fixed (NTFS) - 55.9 GiB total, 6.03 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (FAT32)
[URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - SAMSUNG SV0813H - 74.56 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.55 GiB - C:
[URL="file://\\.\PHYSICALDRIVE1"]\\.\PHYSICALDRIVE1[/URL] - ST360020A - 55.9 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.9 GiB - D:
[URL="file://\\.\PHYSICALDRIVE2"]\\.\PHYSICALDRIVE2[/URL] - - 3.9 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 3.91 GiB - G:
-- Security Center
AUOptions is disabled.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: ZoneAlarm Security Suite Firewall v7.0.462.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.462.000 (Check Point, LTD.) Outdated
AV: AVG 7.5.516 v7.5.516 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SARAH-804FB1601
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\SARAH-804FB1601
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=MINIMAL
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=SARAH-804FB1601
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles
Sarah (admin)
Administrator (admin)
-- Add/Remove Programs
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
FriendBlasterPro --> "C:\Program Files\FriendBlasterPro\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IsoBuster 2.0 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Program Files\NimoCodec Pack\uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log
Event Record #/Type4463 / Warning
Event Submitted/Written: 12/27/2007 06:08:03 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C
Event Record #/Type4462 / Warning
Event Submitted/Written: 12/27/2007 06:07:54 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C
Event Record #/Type4450 / Error
Event Submitted/Written: 12/27/2007 11:36:37 AM
Event ID/Source: 100 / AVG7
Event Description:
2007-12-27 11:36:37,843 SARAH-804FB1601 [002008:002016] ERROR 000 AVG7.AM service module run failed: Error 0x80040154
Event Record #/Type4391 / Warning
Event Submitted/Written: 12/18/2007 09:40:11 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type4385 / Warning
Event Submitted/Written: 12/18/2007 09:37:49 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
-- Security Event Log
No Errors/Warnings found.
-- System Event Log
Event Record #/Type7348 / Error
Event Submitted/Written: 12/27/2007 08:16:34 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Avg7Core
Avg7RsW
Avg7RsXP
Fips
intelppm
IPSec
KLIF
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
vsdatant
Event Record #/Type7347 / Error
Event Submitted/Written: 12/27/2007 08:16:34 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31
Event Record #/Type7346 / Error
Event Submitted/Written: 12/27/2007 08:16:34 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error:
%%31
Event Record #/Type7345 / Error
Event Submitted/Written: 12/27/2007 08:16:34 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31
Event Record #/Type7344 / Error
Event Submitted/Written: 12/27/2007 08:16:34 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31
-- End of Deckard's System Scanner: finished at 2007-12-27 20:16:59
Thanks once again!!!
Sarah
Download ComboFix to your Desktop.
- Double click on Combofix.exe & follow the prompts.
- When the scan has finished, it shall produce a log for you. Post that log in your next reply
Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Urgh, what a way to spend your Christmas holidays!! I've tried normal and safe mode and can't get the damn thing to stay "alive" long enough to run the scan, talk about really doing my head in!! Is there anything I can do to stop it shutting itself down long enough to run the scans??
When did the problem start?
Have you installed any new hardware or software recently?
Have I got a completed buggered machine here?!
Thanks for all your patience (mine's running very thin!)
In terms of error messages, if it's getting as far as Windows and I try and do something Internet Explorer pops up then the calculator (upto 50 windows each!!!) it then says it can't complete what I wanted it to do as it's closing down - the last error message said something about DLSS - does that make sense? it only appeared very briefly.
No new hardware or software - other than updating AVG and ZoneAlarm. The problem started about 2 weeks ago BUT I thought I'd got rid of it with Spybot as it stopped until today but Spybot doesn't find anything now!!
Click Start > Run > type: shutdown -a > Press OK.
Let me know if that makes a difference.
Will back tomorrow for round 2!!!
Thanks for all the help
So I'm back!!!
Successfully ran Combofix (but in safe mode only) after many, many attempts, here's the log:
ComboFix 07-12-21.4 - Sarah 2007-12-28 19:21:32.2 - NTFSx86 MINIMAL
Running from: G:\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.
2007-12-27 20:05 . 2007-12-27 20:05 <DIR> d
C:\Deckard
2007-12-27 19:35 . 2007-12-27 19:35 <DIR> d
C:\Program Files\Trend Micro
2007-12-27 19:32 . 2007-12-27 21:38 310,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-27 19:32 . 2007-12-27 21:38 6,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-27 18:47 . 2007-12-27 18:49 <DIR> d
C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-27 18:41 . 2007-11-14 16:05 75,248 --a
C:\WINDOWS\zllsputility.exe
2007-12-27 18:40 . 2007-12-19 13:24 170,496 --a
C:\xDB15.tmp
2007-12-08 16:51 . 2007-12-27 18:22 <DIR> d
C:\Documents and Settings\Sarah\Application Data\AVG7
2007-12-08 16:51 . 2007-12-08 16:51 <DIR> d
C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-08 16:51 . 2007-12-08 16:51 <DIR> d
C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 16:51 . 2007-12-08 16:54 <DIR> d
C:\Documents and Settings\All Users\Application Data\avg7
2007-12-08 14:03 . 2007-12-08 14:25 <DIR> d
C:\Documents and Settings\Sarah\.housecall6.6
2007-12-08 13:55 . 2007-12-08 13:55 <DIR> d
C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-08 00:33 . 2007-12-08 00:34 <DIR> d
C:\bcb9759eb722e16bba8ac78e5e
2007-12-07 20:48 . 2007-12-08 12:52 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 15:20
d
w C:\Documents and Settings\Sarah\Application Data\Azureus
2007-12-19 13:36
d
w C:\Program Files\Azureus
2007-12-08 13:49 92,534 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_08_10_58_53_small.dmp.zip
2007-12-07 23:30 512 ----a-w C:\ScanSectorLog.dat
2007-11-14 16:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-05-20 09:06 16,427,668 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_20_10_04_52_full.dmp.zip
2007-05-02 06:40 16,446,052 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_01_22_05_07_full.dmp.zip
2007-04-23 16:41 16,407,520 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_21_06_04_40_full.dmp.zip
2007-02-27 19:42 116,233 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_27_18_44_39_small.dmp.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 02:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 02:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 02:36]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-27 11:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-08 16:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-14 18:24:51 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-12-18 00:00:00 C:\WINDOWS\Tasks\At1.job"
"2007-12-18 09:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-18 10:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-18 11:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-18 12:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-18 13:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-16 14:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-16 15:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-16 16:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-16 17:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-16 18:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-18 01:00:00 C:\WINDOWS\Tasks\At2.job"
"2007-12-18 19:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-18 20:00:01 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-17 21:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-17 22:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-17 23:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\F5ju382O.exe
"2007-12-18 02:00:00 C:\WINDOWS\Tasks\At3.job"
"2007-12-18 03:00:00 C:\WINDOWS\Tasks\At4.job"
"2007-12-18 04:00:00 C:\WINDOWS\Tasks\At5.job"
"2007-12-18 05:00:00 C:\WINDOWS\Tasks\At6.job"
"2007-12-18 06:00:00 C:\WINDOWS\Tasks\At7.job"
"2007-12-18 07:00:00 C:\WINDOWS\Tasks\At8.job"
"2007-12-18 08:00:00 C:\WINDOWS\Tasks\At9.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 19:23:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-28 19:24:11
Nothing in the ComboFix log. I'm not sure what is causing the shut downs at the moment.
I was chatting with the tech guys at work today, they gave me a DOS disk called Avast BART CD - heard of it? I've started to run it (takes about 3-4 hours apparently) have you any idea what I should do with the results?!
""I would recommend putting your xp cd in and going to start->->->run and type SFC /SCANNOW this is a utility that will scan for corrupt system files and replace them from the cd. If it does replace any files and your cd is not xp with sp2 you will have to rerun the servicepack to get the files up to date.""
You would need to boot in safe or normal mode - put your XP CD in and use the Run feature
Hmm, could do that but I stupidly bought my PC from PCWorld so only have a recovery CD and not the full Windows programme, would it work with this (I bet that's a really dense question! lol)