Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Vundo, Smitfraud Infections


  • Please log in to reply
21 replies to this topic

#1 daninla29

daninla29

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 12 April 2009 - 01:04 AM

I'm ashamed to admit it but due to my own lack of judgment and careless attitude on 04/06/09 I got tricked into downloading an ActiveX file that the PornTube website made be believe was a necessary download to play porn videos (video codecs?).
As soon as I clicked on it my laptop went into system override/overload. CPU usage shot up to 100%. I started getting these Anti-virus/Spyware/Security alerts and fake warnings saying my PC was infected and needed to purchase and download their software. Of course I did realize then what I had gotten myself into and did not download anything, but my system hasn't been the same ever since.

Since then every time I turn on the PC and try to log-on like I always do as default user/administrator Windows starts and then says "loading user settings/pref." but then my Desktop comes up empty/blank and this happens in safe-mode too. Took me lot of time thru trial and error to find out that if I press ctrl+alt+del and use file>new taskmanager(run) I can start applic/files etc and that's when somehow I discovered by chance that opening the Recycle folder using taskmanager made all the desktop icons, taskbar/startmenu items to come to full view...but of course I realize this isn't the way it should work and I'm probably making things worse this way because I sense there could be some infected files in my recycle bin as well.

For now I have tried Adware, Spybot Search&Destroy, Super Antispyware and even though they could detect the trojans/malware files and tried deleting them but after restart they all pop-up again (some with changed/new filenames).

I followed the forum guidelines posted and also downloaded ATF-cleaner, Malwarebyte's antimalware and Smitfraudfix since it looks like I'd need them based on most of the forum postings here that I've spent hours reading thoroughly before having the guts to finally take action and post my own situation. Hopefully I will be as lucky as the others here who've taken advantage of the generous assistance and time and dedication that your website provides. That's so rare and refreshing.

As instructed, here's DDS.txt log:



DDS (Ver_09-03-16.01) - NTFSx86
Run by D.H at 19:03:37.92 on Sat 04/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.210 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\D.H\Local Settings\Temporary Internet Files\Content.IE5\9M8SC261\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,skeys /i,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {4bc6395c-4691-4a34-bb7b-546b6478f6cd} - c:\windows\system32\xneswff.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [TDispVol] TDispVol.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Kgawemojoke] rundll32.exe "c:\windows\iwuxobuz.dll",e
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-system: DisableLockWorkStation = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
IE: {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1236084962090
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: jzaqjoxp - xneswff.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli x3213x.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\d.h\applic~1\mozilla\firefox\profiles\zld5ppli.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\d.h\application data\mozilla\firefox\profiles\zld5ppli.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\d.h\application data\mozilla\firefox\profiles\zld5ppli.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071102000005.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: XUL Cache: {A7C3F221-4B57-4B71-B6D6-5D7D1E00D101} - c:\documents and settings\d.h\local settings\application data\{A7C3F221-4B57-4B71-B6D6-5D7D1E00D101}

============= SERVICES / DRIVERS ===============

R0 ibvuavxd;ibvuavxd;c:\windows\system32\drivers\ibvuavxd.sys [2002-5-9 23424]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-6 64160]
R0 pciSm;pciSm;c:\windows\system32\drivers\tossmpci.sys [2002-1-7 183295]
R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;c:\windows\system32\drivers\TVALDX.SYS [2002-5-9 6082]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [2002-5-9 966784]
S3 kwhhwqda;TOSHIBA SD Card Host Controller Controller;c:\windows\system32\svchost.exe -k netsvcs [2002-5-9 14336]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S4 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2002-5-9 14336]

=============== Created Last 30 ================

2009-04-11 17:40 <DIR> --d----- c:\program files\Trend Micro
2009-04-11 17:28 <DIR> --d----- c:\docume~1\d.h\applic~1\Malwarebytes
2009-04-11 17:28 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-11 17:28 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 17:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-11 17:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-11 03:13 0 a------- c:\windows\Xtove.bin
2009-04-11 03:13 408 a------- c:\windows\Hxoramabimonusi.dat
2009-04-10 13:43 <DIR> --d----- c:\docume~1\d.h\applic~1\fpguqcau
2009-04-07 01:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-07 01:39 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-07 01:39 <DIR> --d----- c:\docume~1\d.h\applic~1\SUPERAntiSpyware.com
2009-04-07 01:38 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-06 19:44 3,267 a------- c:\windows\lckdm5.dll
2009-04-06 19:34 3,267 a------- c:\windows\epayakid.dll
2009-04-06 19:28 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-06 18:51 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-06 18:49 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-06 18:49 <DIR> --d----- c:\program files\Lavasoft
2009-04-06 14:01 3,267 a------- c:\windows\igiyanacu.dll
2009-04-06 05:45 <DIR> --dsh--- c:\windows\system32\lowsec
2009-04-06 05:36 96,772 a------- c:\windows\msa.exe
2009-04-03 21:48 <DIR> --d----- C:\TPadEnableDis.temp
2009-03-20 22:44 216 a---h--- C:\IPH.PH

==================== Find3M ====================

2009-04-06 12:41 158,720 a------- c:\windows\osunikan.dll
2009-04-06 12:22 252,880 ac------ c:\windows\system32\drivers\SynTP.sys
2009-04-06 12:19 102,912 a------- c:\windows\system32\xneswff.dll
2009-04-06 12:17 31,744 ac------ c:\windows\system32\ntsd.exe
2009-03-20 23:37 55,296 ac------ c:\windows\system32\dvdplay.exe
2009-03-16 12:55 158,208 ac------ c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-03-16 12:50 249,856 a------- c:\windows\system32\00THotkey.exe
2009-03-15 09:42 26,112 ac------ c:\windows\system32\xpsp1hfm.exe
2009-03-09 06:45 249,856 a------- c:\windows\system32\drmupgds.exe
2005-11-07 13:52 551 ac------ c:\program files\xpicleanup.dat
2005-03-10 14:45 265,984 a------- c:\windows\inf\wg511v2\WG511v2XP.sys
2005-03-10 14:45 265,856 a------- c:\windows\inf\wg511v2\WG511v2.sys
2004-08-05 16:06 212,992 a------- c:\windows\inf\wg511v2\CopyWHQLDriver.exe

============= FINISH: 19:04:15.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:08 PM

Posted 12 April 2009 - 02:32 AM

Hello daninla29,

Posted Image

Youch....hard lesson to learn. :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.


Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 daninla29

daninla29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 13 April 2009 - 11:43 PM

Hello Tea,

Thank you so much for your reply. Unfortunately I can't get on my computer anymore because right after I posted here I tried to use Malware byte's ani-malware to see if that can help since I read a few people here who were successful.

What a mistake. I logged on in safe-mode as was instructed and right after it scanned my PC (I think it found like 37 problem files) I selected all files to repair. The log file said it repaired/deleted most files but the rest it said will fix after reboot, I restarted as asked and bye bye computer.

It restarted windows and when it gets to loading personal/user settings it gets stuck in between loading then saving and then starting settings and it goes on and on until I decide to manually shut down.

I tried again this morning to no avail. Same thing. I'm now at sister's house using her computer. Oh, and to make things worse, after all that last night I decided, screw it, I'm going to use the recovery CD (Toshiba laptops come with only recovery CD's, no Windows XP CD). I didn't care to loose everything and start over. I had used it before once a few years back. Well it didn't work this time. It keeps telling me "WRONG MACHINE" ...excuse me?

Do you think if I buy one those Windows XP start-up CD's will it make a difference. I don't even know if they sell them separately like that and how/where to buy them. Also, this is just not the time to buy a new computer.

PS...The same problem happens when I try to start in safe-mode. So I can't do anything. I also tried to go back to "last known good config." that also didn't do anything.

I'm just lost, disheartened and I'm ready to give up.

Daniel

Edited by daninla29, 13 April 2009 - 11:57 PM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:08 PM

Posted 14 April 2009 - 12:09 AM

Hi Daniel,

I'm sorry you're having so much trouble. :)

I logged on in safe-mode as was instructed........

Who told you to do this? Wasn't me, for sure.

Please don't lose heart.....you don't have to pay a dime in most cases to help your computer. I have the best there is on my system, and they are all free products. :step4: Look here at what you can do right now : http://www.free-av.com/en/products/12/avir...cue_system.html

These folks also make the AntiVirus I use on my own system. :step1: Give this a shot and let me know how you come out. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 daninla29

daninla29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 20 April 2009 - 04:26 AM

Hello tea,

I just burned the CD and tried tpo start the PC with it but couldn't start up with it. I checked the CD and it looked like it was a successful buirn, so don't know why it's not able to startup my computer.

Daniel

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:08 PM

Posted 20 April 2009 - 05:00 AM

HHmmm........just out of curiosity try this to see if it boots the system. It's a Linux based registry editor that can boot and look at Windows while in a dormant state. I don't want you to do anything with it, but I'm curious to see if it's the CD or if the machine is just too far gone. http://www.pcregedit.com/ For proper instructions to get the best .iso burned click on user-guide. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 daninla29

daninla29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 20 April 2009 - 06:45 AM

Thank you so much for your speedy response. You're such a kind and helpful person and I still can't believe it each time I receive a response from you. So thank you again.

I'll try the above and let you know a.s.a.p and also will try to use my external DVD Drive just to see if it is my CDROM that might not be functioning that would be the reason why the Rescue CD didn't work. So I'll let you know either way. Thanks again tea.


Daniel

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:08 PM

Posted 20 April 2009 - 06:49 AM

You're welcome. :)

And yes, that's exactly what I was wanting to test out. :thumbup2: Please do let me know.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 daninla29

daninla29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 21 April 2009 - 01:20 PM

I'm back!

With a little more optimism this time. I downloaded & burned a PC RegEdit CD and I'm so relieved to say this time it worked. I was concerned something was wrong with my CD-ROM after failing to boot-up from the Avira Rescue CD.

I read the User Guide for Regedit and all the screen images shown came up the same way on once it successfully booted up from the CD. Reg edit found location of reg. files and listed them all for editing. As instructed, I didn't touich or change anything. Just clicked on file and exited the operation.

After having to watch my laptop for the past 10 days or so fail to start-up and watching it get stuck in "loading user/personal settings" ... "saving personal settings"..."closing personal settings" unending loop and now being able to at least stop that with this CD and actually being able to see my very precious personal files/documents /programs within the registry is like I won the lotto. Even though I know this doesn't solve anything and it still needs to be fixed whatever needs to be fixed in order to get back to healthy normal start-up.

Thank you for sticking on and being so patient with me.

Daniel

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:08 PM

Posted 21 April 2009 - 01:43 PM

Good....so everything is still intact, and your CDROM is okay. :thumbup2: I have to ask.....did you try another burn of the rescue CD then? Also....you're working with 2 computers......are they both desktops? I'd like to know which way I have to go with this......one is much easier than the other. Also, do you have a flash/pen drive?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 daninla29

daninla29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 21 April 2009 - 04:17 PM

-No, I didn't burn another CD, but I'll try this afternoon for sure.
-I am using 2 computers. Both are laptops. The Toshiba laptop (5100-S105) that's down and the HP-Pavilion (dv7-1245dx) that I'm currently on.
-If you prefer/recommend using a desktop for any specific task than I can use my sister's...She lives just 30 minutes away. So if the need arises, it's available.
-I do not have any flash drives, even though I have been wanting to buy one for a while. There's just way too many options to choose from so if you have a specific kind or any favorite one you'd recommend then I'd really appreciate it.

Thanks tea,

Daniel

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:08 PM

Posted 21 April 2009 - 05:06 PM

Hi Dan,

Yes, try to burn another, but burn it at the same setting you used for PC Regedit.....a bit slower. If we were working with 2 desktops I would tell you to slave the hard drive so you could at least get your valuable data off the disk......if the rescue CD doesn't work. It's a lot harder to do with a laptop, and I won't even dare to try here. There is another program that I can give you, if the rescue CD doesn't work, that will not only allow you to see everything, but even allow you to get online. :thumbup2: Let me know how you come out.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 daninla29

daninla29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 24 April 2009 - 11:42 PM

I apologize for the late response, I was feeling under the weather with the flu. I tried burning another Avira Rescue CD with slower speed (x16 instead of x24) but unfortunately still no luck. I can also try the slowest x10 speed if you'd like me to.

I feel like the reason could be because my system cannot startup Windows that's why this one is not working. On the other hand, the other one, RegEdit CD I believe doesn't need Windows to startup and that could be the reason why I was successful. Just a thought.

Thanks a million tea!

Daniel H.

PS...Below is the log file of the burned CD. It said "CD successfully burned" after completion.



User Name : HP
Company Name : CyberLink
CDKey :
OS Version : Vista Home Basic/Premium Service Pack 1
C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe : Version 6.0.0.2325
CBS.dll : Version 7.7.3510

==================================================================

Total physical memory : 3836MB (3928980KB)
Free physical memory : 2631MB (2694408KB)
Memory load : 31 percent

Number of CPU : 2
CPU Name : AMD Turion™ X2 Dual-Core Mobile RM-72
CPU Speed : 2100 MHz

==================================================================

25.4.2009
Task Type : Data Disc

20:25:55, File(cl_DataBurning.cpp), Line(78)
-> Begin burning process
Current drive: <E: HL-DT-ST DVDRAM GSA-T50L SC04>
Current writing speed(x): 16.0
====== Disc Info =======
Disc Type: CD-R
Disc Status: Blank, Appendable
Num. of Sessions: 1 Num. of Tracks: 1
Disc Capacity: 359846LBs
Free Size: 359846LBs Used Size: 0LBs
========================
Burn mode: TAO
FS type: ISO9660_JOLIET
Burn option: w/ buffer underrun protection
Burn option: w/ simulation
Burn option: w/o overburn
Burn option: w/o close disc
Burn option: w/o CD-TEXT
Burn option: w/o verify disc
Burn option: w/o extra long disc

20:25:55, File(cl_Cdwrite.cpp), Line(2671)
-> Setup drive
Sessn: 1, Sessn type: Track At Once
Disc physical format: CDROM_MODE1
Trk: 1, Trk mode: MODE1

20:25:55, File(cl_Cdwrite.cpp), Line(1958)
-> Start session
Sessn: 1, Start trk: 1, Last trk: 1

20:25:55, File(cl_Cdwrite.cpp), Line(1984)
-> Start track
Trk: 1, Track start addr(LBA): 0, Trk size(sectors): 25006, Sector size(bytes): 2048

20:26:34, File(cl_Cdwrite.cpp), Line(2202)
-> Write end track

20:26:37, File(cl_Cdwrite.cpp), Line(2231)
-> Write end session

20:27:07, File(cl_Cdwrite.cpp), Line(2404)
-> Write end/Close disc

20:27:07, File(cl_DataBurning.cpp), Line(437)
-> End burning process

20:28:14, File(cl_DataBurning.cpp), Line(78)
-> Begin burning process
Current drive: <E: HL-DT-ST DVDRAM GSA-T50L SC04>
Current writing speed(x): 16.0
====== Disc Info =======
Disc Type: CD-R
Disc Status: Blank, Appendable
Num. of Sessions: 1 Num. of Tracks: 1
Disc Capacity: 359846LBs
Free Size: 359846LBs Used Size: 0LBs
========================
Burn mode: TAO
FS type: ISO9660_JOLIET
Burn option: w/ buffer underrun protection
Burn option: w/o simulation
Burn option: w/o overburn
Burn option: w/o close disc
Burn option: w/o CD-TEXT
Burn option: w/ verify disc
Burn option: w/o extra long disc

20:28:14, File(cl_Cdwrite.cpp), Line(2671)
-> Setup drive
Sessn: 1, Sessn type: Track At Once
Disc physical format: CDROM_MODE1
Trk: 1, Trk mode: MODE1

20:28:14, File(cl_Cdwrite.cpp), Line(1958)
-> Start session
Sessn: 1, Start trk: 1, Last trk: 1

20:28:14, File(cl_Cdwrite.cpp), Line(1984)
-> Start track
Trk: 1, Track start addr(LBA): 0, Trk size(sectors): 25006, Sector size(bytes): 2048

20:29:04, File(cl_Cdwrite.cpp), Line(2202)
-> Write end track

20:29:07, File(cl_Cdwrite.cpp), Line(2231)
-> Write end session

20:30:06, File(cl_Cdwrite.cpp), Line(2404)
-> Write end/Close disc

20:30:06, File(cl_DataBurning.cpp), Line(437)
-> End burning process

==================================================================

Edited by daninla29, 25 April 2009 - 02:07 AM.


#14 daninla29

daninla29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 25 April 2009 - 09:10 AM

Good morning Tea,

How's your weekend? My weekend is off to a great start because I was finally able to find out what the problem was burning an Avira Rescue CD. I realized (after reading postings in the forums in length) that the my burned CD has a .exe file ext. but the Regedit CD that I was able to successfully burn and boot-up from has a .iso ext. I also read that a bootable CD usually is a .iso file/app/program that is then burned on a CD.

After spending over 3 hours on the forums reading everything related to this, I came across someone's post that mentioned something about this situation and said that if you click on cancel or exit when the pop-up window opens asking you to insert a writable CD before exiting it will ask if you want to save the .iso file on your computer to burn later and to click yes and then burn that .iso file. I just did exactly that and viola! It works now when I try to boot my laptop with the Rescue CD.

I'm a little proud of myself for being able to resolve this issue...even though it required a lot of time reading 100's of postings in the forum. It was well worth it, plus I learned a lot of other things doing it.

Edited by daninla29, 25 April 2009 - 09:14 AM.


#15 daninla29

daninla29
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 25 April 2009 - 10:51 AM

UPDATE: I performed full system scan from the Rescue-boot CD which took about 40 minutes, found 58 records (57 renamed) and 23 warnings. I shutoff and started windows normally but as I expected nothing is changed because as I initially stated when I first posted here, my laptop gets stuck at "loading personal settings" and keeps loading then "saving personal settings" followed by "loading" again...and on and on it goes until I manually shut down.

Also, as I mentioned earlier, this problem started right after I used Malware Byte's Antimalware program to scan for malware which found some and I remember after it finished scanning it noted in the logfile that the malware found could not be deleted but would try to do so after reboot. I rebooted and the problem started right after that. So it has to be related to this program specifically and what changes it made that messed up my personal settings which in turn caused this problem.

Do you think RegEdit CD could help? Since it allows to edit the registry, maybe it could somehow allow to edit registry files that were added/changed/deleted by the Malware Byte's program. Obviously that would require the know-how and knowledge of the actual files that were involved and their whereabouts in order to try and edit the registry, so I better wait and see what you suggest next.

Have a good weekend.


Daniel H.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users