Help needed.
Results 1 to 6 of 6

Thread: Help needed.

Hybrid View

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    7

    Help needed.

    I'm at a WinXP SP2.It has been automatically updated recently.
    The machine reboots for no apparent reason and also freezes.When one turns it on for the first time, it fails to boot for several times. Sometimes the BIOS configuration changes the boot device priorities and the systems date/time automagically. I receive the message to try f2 to reconfigure the system or it will load default value, then it freezes. Sometimes the characters are scrambled, sometimes it just freezes at the countdown to load default. It also displays a message which I can't truly read because there are many characters missing, but I'm quite sure it says something about a missing file on some Windows Folder and that I should place the Windows Installer cd in the driver. Then it iniatializes normally.
    For some reason system volume information is not accessible.
    Unhackme used to find a driver named machndrj.sys, but whenever I rebooted to complete the healing process it said that the file didn't exist. He finds it no more. Msconfig denies me the changes I try to make even though the user has administrator's privileges.AVG system area check finds nothing, not even when aimed at the system volume information folder.Complete detailed test always stops and sometimes reboot the system;until then,finds nothing.NOD32 says that the path to system volume information is invalid;right-click > properties says that the folder is empty.AVG finds some password protected files but no threats.

    Nod32 says:
    c:\pagefile.sys is blocked.At some point in the scan, the computer reboots.

    This is the Hijackthis log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:35:11, on 13/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Arquivos de programas\GbPlugin\GbpSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
    C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
    C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe
    C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
    C:\Arquivos de programas\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\ARQUIV~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Arquivos de programas\Eset\nod32kui.exe
    C:\Arquivos de programas\iTunes\iTunesHelper.exe
    C:\Arquivos de programas\Lexmark 7100 Series\ezprint.exe
    C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
    C:\Arquivos de programas\UnHackMe\hackmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\lxbxcoms.exe
    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Arquivos de programas\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com.br/8SEPTBR030000TBR...BSiteFinalMSGR
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
    O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Arquivos de programas\Lexmark 7100 Series\lxbxmon.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Arquivos de programas\Lexmark 7100 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Arquivos de programas\Lexmark 7100 Series\ezprint.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Arquivos de programas\UnHackMe\hackmon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?1608e3ac1dd445ea945ee3b9c1130fec
    O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?1608e3ac1dd445ea945ee3b9c1130fec
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mp...bPluginABN.cab
    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br...bPluginUni.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{964F8589-F38F-448B-8622-241D7BA636F0}: NameServer = 200.149.55.142 200.165.132.154
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O20 - Winlogon Notify: __GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehabn.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
    O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
    O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

  2. #2
    Junior Member
    Join Date
    Aug 2006
    Posts
    7
    I forgot to say:

    Thanks to any attention you may place on the subject.

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    you might try this if your system can stay online long enough.

    From a command prompt:

    sfc /scannow

    make sure you have your windows XP cd in the drive..

    that will scan your system files and replace them if they are changed / corrupted.
    =

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Location
    Texas
    Posts
    168
    Ok for the rebooting issue, I would blow any dust out of the cpu fan and make sure its seated properly. Also check the capacitors on the board and if possible run a memory test. Capacitors and memory would account for the random reboots as well as overheating.

    As for the drive not reading, try running chkdsk with the /R option on the harddrive.

    If you want the geeksquad method of cleaning a pc of infection. Run adaware, then avg anti spy, followed by spysweeper and spyware doctor.

    As for msconfig try running a program from sysinternals called autoruns. It is a lot more powerful and can even tell you if something has attached to explorer.
    <chsh> I've read more interesting technical discussion on the wall of a public bathroom than I have at AO at times

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    NOD32, AVG, G-Buster(?), UnhackMe(?), Spyware Doctor...

    Too many things scanning. What are you afraid of?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi, I cannot see anything obviously wrong in the HijackThis! log.

    As well as what has already been suggested:

    Sometimes the BIOS configuration changes the boot device priorities and the systems date/time automagically.
    If you have a multimeter, test the CMOS battery. Otherwise just replace it, they are not expensive.

    Use this free software to test your RAM:

    http://www.memtest86.com/

    Just download the free tool. The prices that you see are for the CD version

    Try running your AV/malware scans in safe mode. That way only one tool at a time will be running.

    Use the Event Viewer to see if there are any messages in the system logs.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Similar Threads

  1. Replies: 79
    Last Post: November 26th, 2006, 12:48 PM
  2. Customizing Back|Track....Need Some Help
    By earthrocker in forum Newbie Security Questions
    Replies: 7
    Last Post: August 5th, 2006, 03:43 PM
  3. Help needed Network Technology
    By FanacooL in forum Hardware
    Replies: 15
    Last Post: December 15th, 2004, 05:56 AM
  4. Odd Firewall Recomandations Needed.
    By NoTx in forum Firewall & Honeypot Discussions
    Replies: 10
    Last Post: August 13th, 2003, 07:46 PM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides