Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP freezes randomly when gaming.


  • This topic is locked This topic is locked
51 replies to this topic

#1 cooldudenz

cooldudenz

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:03:10 PM

Posted 11 February 2010 - 11:33 PM

Hi im having problems with my computer freezeing wile playing games. Im running Windows XP Pro SP3
It will just lock up & only thing i can do is restart, I just reinstalled windows because of the problem yet it is still happening ( Tho had about 2 days were it was ok after reinstall )

Drivers are all up to date apart from BOIS. ( BOIS was up to date before reinstall so dont think that will help )
I have done a RAM test with memtest86 and had no errors.
It is not overheating highest temp ive seen is 55c & at times it will crash after 2 minutes in game with temp only 40 - 46c
I have DirectX 9.0C Installed.
I have Spybot, AVG & Adaware installed, Had 1 or 2 small virused which i have removed.

Here is my HJT log, Thanks for any help you can provide.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:22 PM, on 12/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Steel\Desktop\Install files\HijackThis.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1264935740921
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:03:10 PM

Posted 17 February 2010 - 02:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


#3 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:03:10 PM

Posted 17 February 2010 - 06:41 PM

New post as instructed with HJT, gmer & DDS logs.

Im running Windows XP Pro SP3
It will just lock up & only thing i can do is restart, I just reinstalled windows because of the problem yet it is still happening ( Tho had about 2 days were it was ok after reinstall )

Drivers are all up to date apart from BOIS. ( BOIS was up to date before reinstall so dont think that will help )
I have done a RAM test with memtest86 and had no errors.
It is not overheating highest temp ive seen is 55c & at times it will crash after 2 minutes (sometimes seconds) in game with temp only 40 - 46c
I have DirectX 9.0C Installed.
I have Spybot, AVG & Adaware installed, Had 1 or 2 small virus's which i have removed.
Also a note that AVG does not seem to have any option to close the program so all scans were done with AVG running.

See attached files for Gmer & DDS logs


HighJack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:36 PM, on 18/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Documents and Settings\Steel\Desktop\Install files\HijackThis.exe

O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\FLV Downloader\MoyeaCatcher.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1264935740921
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 4352 bytes

Attached Files

  • Attached File  DDS.zip   4.92KB   16 downloads
  • Attached File  ark.txt   4.42KB   17 downloads


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:10 PM

Posted 17 February 2010 - 07:57 PM

Hello cooldudenz,

I have merged your new topic with your previously existing topic to avoid confusion. Please keep all posts regarding this issue to this topic.

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:03:10 PM

Posted 19 February 2010 - 04:43 PM

Hello cooldudenz and Welcome to BleepingComputer.

I'm DocSatan and I will be helping you with your "Malware" related computer problems. Please give me some time to research your Log and I will get back to you ASAP. thumbup2.gif

In the meantime:

1. Please TRACK this Topic
  • At the top-right of this thread, click on the button.
  • In the list that drops down, click on
  • Place a tick-mark next to Immediate E-Mail Notification
  • Then click on
  • You will now receive an e-mail as soon as a Reply is made to this Topic. smile.gif
2. Do Not Make Any Changes to the "Infected" Computer.
  • Once you have posted a NEW DDS Log, Do Not make any changes to the computer. I will be researching the DDS Log that you post and any changes made to the system might interfere with the FIX that I prepare for you. Examples of "Changes":
    • Deleting Files/Folders
    • Installing/Uninstalling Programs
    • Running Anti-Virus, Anti-Malware, Anti-Spyware, etc., Programs
3. Please do not seek Help with this issue at another Computer Help Forum
  • While we are working together I must insist that you do not seek help with this matter at any other Help Forum.
  • Having multiple (more than one) Forums provide help for the same computer issue will result in confusion with preparing a Fix.
  • It is also not fair to the Volunteer who is helping you, as her/his time will be wasted trying to fix a computer that someone else is also trying to fix.
  • So, if you have posted at another Computer Help Forum for this same issue I would ask that you choose which Forum that you wish to stay with and inform the other Forum(s) that you no longer require their assistance.
4. Throughout the course of us working together, I will be posting step-by-step procedures for you to follow on your computer.
  • If at any time you do not fully understand what I have said, or you are not exactly sure what you are supposed to do, then please stop there and Post back to this topic and ask your questions. That way I will be able to more clearly explain the step/procedure and we won't have to worry about any steps being done incorrectly. smile.gif

Doc.

#6 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:03:10 PM

Posted 20 February 2010 - 01:00 PM

Hello cooldudenz,

Some Questions:
  1. Did you have those 2 Viruses before or after the Reinstall?
    • Can you post the logs from the Tool that identified them?
  2. Was your Reinstall a Reformat+Reinstall or just a Reinstall over the existing Operating System?
  3. Are you having any other Symptoms other than the computer freezing/locking up when Gaming?
  4. Did you make the following Explorer Policy Changes:
    • uPolicies-explorer: NoSMHelp = 1 (0x1)
    • NoResolveTrack = 1 (0x1)
    • NoSMConfigurePrograms = 1 (0x1)
    • NoDesktopCleanupWizard = 1 (0x1)
    • NoSMHelp = 1 (0x1)
    • NoResolveTrack = 1 (0x1)
    • NoSMConfigurePrograms = 1 (0x1)

1. Please upload the following file to Jotti.org
  • At the top of the page that opens, Click on Browse
  • Navigate to this file: st320hg.sys found here: c:\windows\system32\drivers\
  • Double click on st320hg.sys
  • Now click on Submit at the top of the Jotti web page.
  • The file will now be scanned by Jotti. The web page will change during the scanning process.
  • When the scan is finished, there will be 2 different sections on the page.
  • Copy and Paste both sections into your next reply here.

2. What I need in your next reply:
  • Jotti results
  • Answer to my questions above
  • Any problems?

Doc.

#7 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:03:10 PM

Posted 21 February 2010 - 03:44 AM

Yes i did have the virus's after reinstall. It was a complete format & reinstall of windows. I no the my pen drives ect were infected but AVG cleaned them when i put them in.
I have AVG i dont no how to find the logs tho. The VirusVault shows a few things tho..

Tracking Cookie webtrends
Worm/Generic_c.ZS
Potentially harmful program RemoteAdmin.BX
Worm/Generic_c.ZS
Trojan - Generic16.MPN
Trojan - Generic13.BBHJ
Trojan - Generic13.BBHJ
Trojan - Dropper.Generic.ASKP
Trojan - Crypt.GWH
Trojan - Crypt.GWH
CouponBar

It is only when gaming that it freezes no other time, Anygame

& yes a few policys have been changed but have used it like this for years & never had crashing problems from it.

All jotti scanners said nothing found.

File size: 85696 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 1c8ea975c252ceb11eefb553ed42c6df
SHA1: f120d7cf70ac3ef1603f41bb48407fb696c81d98

Filename: st320hg.sys
Status: Scan finished. 0 out of 20 scanners reported malware.

Edited by cooldudenz, 21 February 2010 - 03:45 AM.


#8 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:03:10 PM

Posted 21 February 2010 - 01:14 PM

Hello cooldudenz,

1. Disable Spybot Search & Destroy's TeaTimer
TeaTimer will interfere with our fix and has to be temporarily disabled. Please follow the steps below to disable TeaTimer:
  • Open Spybot - Search & Destroy
  • On the tool bar on top, click on Mode and then on Advanced mode
  • Another window will pop-up asking if you are sure you want to use Advanced Mode, click Yes
    • This will add 3 options to the bottom left of the Window.
  • On the bottom left of the window, click on Tools
  • On the left hand side of the window, click on Resident (Red and White Shield icon)
  • Under "Resident Protection Status" (just underneath the Big Red and White Shield) Un-Check Resident "TeaTimer" (Protection of over-all system settings) active
  • Now exit Spybot Search & Destroy.


2. Please Download ComboFix
Here is a Tutorial on using ComboFix: A guide and tutorial on using ComboFix
  • Save it to your Desktop
  • Do NOT run ComboFix yet
  • Here is an alternative link to download ComboFix, if the above one is not working for you:

3. Disable Your AntiVirus and AntiSpyware Programs
  • You should be able to Right-Click on the program's icon in the System Tray and get an option to shut-down/disable each program.
  • These programs may interfere with our fix. We will re-enable them when we are done.

4. Double click on ComboFix.exe that you just saved to your Desktop
  • Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. The Recovery Console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • It is strongly recommended to have the Recovery Console installed on your machine before doing any malware removal.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


NOTE: If the Microsoft Windows Recovery Console is already installed, you will not receive a prompt from ComboFix regarding the Recovery Console.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

5. Re-enable Your AntiVirus and AntiSpyware Programs That You Disabled in Step 2.

6. What I need in Your Next Reply:
  • ComboFix.txt


#9 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:03:10 PM

Posted 21 February 2010 - 06:28 PM

Hi Doc, I have run ComboFix & installed the recovery console.

When closing AVG there was no option anywere to shut the program down so i stopped it starting on startup tho these processes were still running when i ran Combo.
avgcsrvx.exe
avgrsx.exe
avgchsvx.exe

I have attached the log

Cheers.

Attached Files

  • Attached File  log.txt   15.93KB   21 downloads


#10 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:03:10 PM

Posted 22 February 2010 - 02:29 PM

Hi cooldudenz,

Your computer is missing some important files:
  • beep.sys
  • wscntfy.exe
  • regsvc.dll

Please download SystemLook from one of the links below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :filefind
    beep.sys
    wscntfy.exe
    regsvc.dll
    tcpip.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#11 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:03:10 PM

Posted 22 February 2010 - 04:24 PM

Thanks Doc, Im at work atm but ill do that at lunch ( About 1hr 1/2 ), Just a question tho about regsvc.dll, Is it really needed & does it allow for remote editing of my computer, Just from what i gather from the description " Remote Registry Service "

Thanks.

#12 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:03:10 PM

Posted 22 February 2010 - 05:48 PM

System Look Log.

Attached Files



#13 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:03:10 PM

Posted 23 February 2010 - 12:25 PM

QUOTE(cooldudenz @ Feb 22 2010, 04:24 PM) View Post
Just a question tho about regsvc.dll, Is it really needed & does it allow for remote editing of my computer, Just from what i gather from the description " Remote Registry Service "
  • Yes, that particular service does allow for Remote Access to the computer's Registry. It's for companies and ITs mostly, but it does provide a possible security issue being enabled. You can disable it easy enough. I can provide info on that later if you like.
  • Since it is a windows file, I would like to return it to your computer.

Questions
  • I am assuming that the malware that you had removed these files that are missing. Any chance that you have deleted them yourself?
  • And do you have your Operating System Installation CD with you?

Doc.


#14 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:03:10 PM

Posted 23 February 2010 - 02:20 PM

No i didnt remove them myself i would guess it was the malware, & yes i do have my XP disk.

And yes i would like to disable the remote access afterwards.

Cheers

#15 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:03:10 PM

Posted 24 February 2010 - 05:23 PM

Hi cooldudenz,

Lets move copies of those missing files from your XP CD back on to your computer. Please have your XP CD handy:

1. Run System File Checker (SFC)
You must be logged on to an account with Administrator privileges
  • Click on Start-->Run, type: sfc /scannow (a space must be present between c and /)
  • Press Enter
  • The Windows File Protection window will pop up, stating:
    "Please wait while Windows verifies that all protected Windows are intact and in their original versions"
  • You should then receive a message stating:
    "Files that are required for Windows to run properly must be copied to the DLL Cache"
  • Insert your XP CD and click Retry.

2. Please post a new ComboFix log

Please let me know if you experienced any problems.

Doc.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users