Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot fails, BSODs, restarts when loading windows etc..


  • This topic is locked This topic is locked
5 replies to this topic

#1 valvestat

valvestat

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 28 September 2009 - 07:41 AM

Hi there,

Background & probs with Combofix
It was suggested by the guys at the Micro Star forums that I run ComboFix to solve / diagnose any problems with a PC I am trying to fix. After following the guide on the bleepingcomputer webiste, and disabling security software etc.. the program just sits there and doesn't get past the 'This typically doesn't take more than 10 minutes - However...' message.

It does not alter the clock or suggest it is going to do so and it does not get to any of the test stages.

History of problems with computer (lasting one month)

[RARE] BSOD reporting PFN_LIST_CORRUPT (0x8F) - tested drivers and memory (idividually and then both 512 sticks with memtest up to 40 passes) - all tested as working

[FREQUENT] Some cold starts result in restarts at random points in the start-up process (initial checks... login screen... loading windows...) - some restarts result in a dead computer with a flashing HD light though this is quite rare

Tested without cards (except GFX card) / drives etc.. and still have unstable PC. Sometimes, it boots without failure many times in succession - but turning it off for a while, and then turning it back on will provoke the problems. The Pc is clean of dust.

The PC is a work colleagues' and they have used tools to remove virii (pc tools, avg, spybot) - I have scanned it myself with Spybot & AVG

If anyone can give me some advice it'd be most appreciated.

Thanks,
James

------------------------------------------------
Specs of PC

Operating System:
Windows XP Home Edition Service Pack 3 (build 2600)

PSU:
550W PIV 650 by Eye-T (3.3/30a, 5v/32a, 12v/35a)

Processor:
2.40 gigahertz AMD Athlon 64

Main Circuit Board:
Board: K8T Neo 2 V2, MS-7094 1.00

BIOS: Phoenix Technologies, LTD V3.6 10/12/2006

Memory Modules:
GeIL 512MB PC3200 DDR400 x 2 sticks

Display:
256mb NVIDIA GeForce FX 5500

Drives:
2 X 80gb Seagate Baracuda 7200

NEC DVD_RW ND-3520A [CD-ROM drive]
SONY DVD-ROM DDU1615 [CD-ROM drive]

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:31 PM

Posted 29 September 2009 - 08:10 PM

Please download SINO by Artellos from here
  • Save SINO to a place you can remember and run SINO.exe.
  • Then please check the following checkboxes:
    [CODEX]System Info
    Services
    Boot Check
    Tasklist
    Startup Items
    Ipconfig
    Ping
    Netstat

    Shares
    Routing Table[/CODEX]
  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad file will pop up, Please copy and paste the content of the notepad into your next reply.
Note: If you try to interact with the program once it's started scanning it might appear to hang. The scan however will continue.

Edited by garmanma, 29 September 2009 - 08:12 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 valvestat

valvestat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 05 October 2009 - 11:03 AM

Hi garnmanma, thank you for your reply

I ran SINO and got the following mini novel :¬/

-------------------------------------------------------------------------------------------------

System Investigator by Olrik
Log Created On: 1657_05-10-2009
SINO Version: 2.4.9.9

Total RAM: 1022 MB | Free RAM: 489 MB | Pagefile Size: 2460 MB
A: | None | 3 1/2 Inch Floppy Drive
C: | 121484 MB out of 152625 MB Free | Local Fixed Disk
D: | None | CD-ROM Disc
E: | None | CD-ROM Disc
F: | 15 MB out of 1966 MB Free | Removable Disk

<<<< System Information >>>>

Computer Name: K8T-NEO2
Username: Judy
Language Setting: ENG
Windows Directory: C:\WINDOWS
Windows Version: Windows XP Service Pack 3

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[C:\WINDOWS\System32\smss.exe] - Process ID: 576
[csrss.exe] - Process ID: 640
[C:\WINDOWS\system32\winlogon.exe] - Process ID: 664
[C:\WINDOWS\system32\services.exe] - Process ID: 708
[C:\WINDOWS\system32\lsass.exe] - Process ID: 720
[C:\WINDOWS\system32\svchost.exe] - Process ID: 864
[svchost.exe] - Process ID: 932
[C:\WINDOWS\System32\svchost.exe] - Process ID: 976
[C:\WINDOWS\system32\svchost.exe] - Process ID: 1008
[svchost.exe] - Process ID: 1088
[C:\WINDOWS\system32\spoolsv.exe] - Process ID: 1412
[svchost.exe] - Process ID: 1492
[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] - Process ID: 1524
[C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe] - Process ID: 1536
[C:\Program Files\Bonjour\mDNSResponder.exe] - Process ID: 1556
[C:\WINDOWS\system32\svchost.exe] - Process ID: 1600
[C:\WINDOWS\System32\svchost.exe] - Process ID: 1652
[C:\Program Files\Java\jre6\bin\jqs.exe] - Process ID: 1676
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] - Process ID: 1744
[C:\WINDOWS\System32\svchost.exe] - Process ID: 1784
[C:\WINDOWS\system32\nvsvc32.exe] - Process ID: 1836
[C:\WINDOWS\System32\svchost.exe] - Process ID: 1864
[C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe] - Process ID: 1896
[C:\WINDOWS\system32\svchost.exe] - Process ID: 1976
[wmpnetwk.exe] - Process ID: 276
[C:\PROGRA~1\AVG\AVG8\avgemc.exe] - Process ID: 252
[C:\PROGRA~1\AVG\AVG8\avgrsx.exe] - Process ID: 604
[C:\PROGRA~1\AVG\AVG8\avgnsx.exe] - Process ID: 608
[C:\Program Files\AVG\AVG8\avgcsrvx.exe] - Process ID: 880
[C:\Program Files\AVG\AVG8\avgcsrvx.exe] - Process ID: 1084
[C:\WINDOWS\Explorer.EXE] - Process ID: 2424
[C:\WINDOWS\SOUNDMAN.EXE] - Process ID: 2528
[C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe] - Process ID: 2568
[C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe] - Process ID: 2576
[C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] - Process ID: 2592
[C:\PROGRA~1\AVG\AVG8\avgtray.exe] - Process ID: 2616
[C:\Program Files\iTunes\iTunesHelper.exe] - Process ID: 2632
[C:\WINDOWS\system32\ctfmon.exe] - Process ID: 2648
[C:\Program Files\Messenger\msmsgs.exe] - Process ID: 2656
[C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] - Process ID: 2664
[C:\Program Files\Windows Media Player\WMPNSCFG.exe] - Process ID: 2672
[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] - Process ID: 2764
[C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe] - Process ID: 2824
[C:\Program Files\Logitech\SetPoint\SetPoint.exe] - Process ID: 2856
[C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE] - Process ID: 2944
[C:\WINDOWS\system32\wscntfy.exe] - Process ID: 3628
[C:\Program Files\PC Connectivity Solution\ServiceLayer.exe] - Process ID: 3700
[C:\Program Files\iPod\bin\iPodService.exe] - Process ID: 3788
[alg.exe] - Process ID: 3864
[C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe] - Process ID: 1260
[C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe] - Process ID: 3152
[C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe] - Process ID: 3048
[C:\WINDOWS\system32\msiexec.exe] - Process ID: 148
[C:\PROGRA~1\Yahoo!\browser\ycommon.exe] - Process ID: 2376
[C:\Program Files\Yahoo!\browser\ybrwicon.exe] - Process ID: 2352
[C:\WINDOWS\system32\NOTEPAD.EXE] - Process ID: 1356
[C:\DOCUME~1\Judy\LOCALS~1\Temp\SINO\SINO.exe] - Process ID: 1324
[wmiprvse.exe] - Process ID: 500

<<<< Startup Items >>>>

[desktop] - <Startup> - desktop.ini
[CTFMON.EXE] - <HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\system32\CTFMON.EXE
[PcSync] - <HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[desktop] - <Startup> - desktop.ini
[CTFMON.EXE] - <HKU\S-1-5-21-796845957-2025429265-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\system32\ctfmon.exe
[MSMSGS] - <HKU\S-1-5-21-796845957-2025429265-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Messenger\msmsgs.exe" /background
[LDM] - <HKU\S-1-5-21-796845957-2025429265-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[eyeBeam SIP Client] - <HKU\S-1-5-21-796845957-2025429265-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> -
[WMPNSCFG] - <HKU\S-1-5-21-796845957-2025429265-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Windows Media Player\WMPNSCFG.exe
[desktop] - <Startup> - desktop.ini
[CTFMON.EXE] - <HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\system32\CTFMON.EXE
[PcSync] - <HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[desktop] - <Common Startup> - desktop.ini
[HP Digital Imaging Monitor] - <Common Startup> - C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
[InterVideo WinCinema Manager] - <Common Startup> - C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE
[Logitech Desktop Messenger] - <Common Startup> - C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE -startup
[Logitech SetPoint] - <Common Startup> - C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe
[SoundMan] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - SOUNDMAN.EXE
[NvCplDaemon] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[nwiz] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - nwiz.exe /install
[NvMediaCenter] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[Logitech Hardware Abstraction Layer] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - KHALMNPR.EXE
[Adobe Photo Downloader] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[PCSuiteTrayApplication] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[AppleSyncNotifier] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HP Software Update] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[hpqSRMon] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
[ZoneAlarm Client] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
[AVG8_TRAY] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\PROGRA~1\AVG\AVG8\avgtray.exe
[NeroFilterCheck] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS\system32\NeroCheck.exe
[iTunesHelper] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\iTunes\iTunesHelper.exe"
[Malwarebytes Anti-Malware (reboot)] - <HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

<<<< MS Services >>>>

Application Layer Gateway Service (ALG) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\alg.exe
Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Computer Browser (Browser) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
CryptSvc (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Error Reporting Service (ERSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log (Eventlog) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
COM+ Event System (EventSystem) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Help and Support (helpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service (HidServ) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL (HTTPFilter) - Running [Manual | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Server (lanmanserver) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Workstation (lanmanworkstation) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper (LmHosts) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Machine Debug Manager (MDM) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Windows Installer (MSIServer) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\msiexec.exe /V
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) (Nla) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
Pml Driver HPZ12 (Pml Driver HPZ12) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k HPZ12
IPSEC Services (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\spoolsv.exe
System Restore Service (srservice) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
SSDP Discovery Service (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k imgsvc
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services (TermService) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost -k DComLaunch
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Universal Plug and Play Device Host (upnphost) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Management Instrumentation (winmgmt) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Wireless Zero Configuration (WZCSVC) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Alerter (Alerter) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Background Intelligent Transfer Service (BITS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Indexing Service (CiSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\cisvc.exe
ClipBook (ClipSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\clipsrv.exe
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Logical Disk Manager Administrative Service (dmadmin) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\dmadmin.exe /com
Logical Disk Manager (dmserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
DNS Client (Dnscache) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k NetworkService
Wired AutoConfig (Dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k dot3svc
Extensible Authentication Protocol Service (EapHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k eapsvcs
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Health Key and Certificate Management Service (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IMAPI CD-Burning COM Service (ImapiService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\imapi.exe
Messenger (Messenger) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing (mnmsrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\mnmsrvc.exe
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\msdtc.exe
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network DDE (NetDDE) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Network DDE DSDM (NetDDEdsdm) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Net Logon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
NT LM Security Support Provider (NtLmSsp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Removable Storage (NtmsSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Microsoft Office Diagnostics Service (odserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager (RDSessMgr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\sessmgr.exe
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\locator.exe
QoS RSVP (RSVP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\rsvp.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\SCardSvr.exe
MS Software Shadow Copy Provider (SwPrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\dllhost.exe /Processid:{95F670E1-6712-47C0-B9C9-C861993EFE79}
Performance Logs and Alerts (SysmonLog) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\smlogsvc.exe
Uninterruptible Power Supply (UPS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\ups.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\vssvc.exe
Portable Media Serial Number Service (WmdmPmSN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
WMI Performance Adapter (WmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Automatic Updates (wuauserv) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Network Provisioning Service (xmlprov) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs

<<<< Non-MS Services >>>>

Apple Mobile Device (Apple Mobile Device) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
AVG Free8 E-mail Scanner (avg8emc) - Running [Auto | Stoppable | Not_Pausable] - C:\PROGRA~1\AVG\AVG8\avgemc.exe
AVG Free8 WatchDog (avg8wd) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Bonjour Service (Bonjour Service) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Bonjour\mDNSResponder.exe"
hpqcxs08 (hpqcxs08) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
HP CUE DeviceDiscovery Service (hpqddsvc) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
iPod Service (iPod Service) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\iPod\bin\iPodService.exe"
Java Quick Starter (JavaQuickStarterService) - Running [Auto | Stoppable | Pausable] - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Net Driver HPZ12 (Net Driver HPZ12) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k HPZ12
NVIDIA Display Driver Service (NVSvc) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\nvsvc32.exe
SeaPort (SeaPort) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
ServiceLayer (ServiceLayer) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
Windows Live Family Safety (fsssvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
TrueVector Internet Monitor (vsmon) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
YPCService (YPCService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\YPCSER~1.EXE

<<<< Boot.ini >>>>

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : k8t-neo2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC
Physical Address. . . . . . . . . : 00-19-DB-4E-59-AD


<<<< Pinging >>>>

Pinging to www.opendns.com
There was a problem executing a ping to www.opendns.com
This can be due to various reasons. Missing a DNS Server or Internet Connection are the biggest cause of this error.

Pinging to 208.67.222.222
There was a problem executing a ping to 208.67.222.222
This can be due to various reasons. Missing a DNS Server or Internet Connection are the biggest cause of this error.

Pinging to www.youtube.com
There was a problem executing a ping to www.youtube.com
This can be due to various reasons. Missing a DNS Server or Internet Connection are the biggest cause of this error.

Pinging to 208.117.236.69
There was a problem executing a ping to 208.117.236.69
This can be due to various reasons. Missing a DNS Server or Internet Connection are the biggest cause of this error.

localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:

Response - 0ms
Response - 0ms
Response - 0ms
Response - 0ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms


<<<< Netstat >>>>

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 1088
C:\WINDOWS\system32\httpapi.dll
c:\windows\system32\upnphost.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\ole32.dll
[svchost.exe]

TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING 276
[WMPNetwk.exe]

UDP 0.0.0.0:500 *:* 720
[lsass.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 0.0.0.0:4500 *:* 720
[lsass.exe]

UDP 0.0.0.0:1025 *:* 1556
[mDNSResponder.exe]

UDP 0.0.0.0:9370 *:* 2664
[LogitechDesktopMessenger.exe]

UDP 127.0.0.1:1900 *:* 1088
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:5353 *:* 1556
[mDNSResponder.exe]

UDP 127.0.0.1:123 *:* 976
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]


<<<< Routing Table >>>>

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 db 4e 59 ad ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None

Route Table

<<<< Active Shares >>>>

Share: IPC$ - Path:


END OF LOG FILE, Date of Completion: 1657_05-10-2009 ----------

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:31 PM

Posted 05 October 2009 - 08:18 PM

Was the computer disconnected from the internet? If it wasn't, you have ethernet card/driver problems
That is all I could see from the log
Did you uninstall Combofix?


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Note: There's a space between Combofix and /
  • Posted Image


All I can suggest is to submit a DDS / HJT log


Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

There will also be instructions to create a Root Repeal Log

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 valvestat

valvestat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 07 October 2009 - 06:08 AM

Yeah, the computer was disconnected from the net. No I wasn't sure how to uninstall it, thanks for the advice! I'll venture into the HijackThis forums.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:31 PM

Posted 09 October 2009 - 11:25 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/263232/unknown-infection-combofix-doesnt-run-rootrepeal-crashes-pc/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users