brianvander
07-06-2005, 06:25 PM
Hey everyone,
System basic stats:
P3 650, 512M, 30G, XP Home, Outlook, Mozilla, (no IE), AVG7, Ad-Aware are updated and used weekly. CWS Shredder, About Buster & HijackThis are installed but not routinely used. Currently no internet/network due to this problem. (I have a second machine that is accessable to the net)
So last night I booted up my home PC (XP Home), XP started to load (as in it showed the XP logo with the lower bar scrolling) but then reset and loaded the "Windows failed to shutdown properly please choose one of the following options, Safe mode, etc..." If any mode of startup is selected: Safe mode, Safe Mode w/ Networking, Normal, Last saved, etc... its appears to start to load XP again but resets and returns to the Safe Mode Startup menu.
I have removed the my drive and inserted a borrowed drive (XP Pro, brand spanking new, no software installed yet, just the OS), I set this one up as the Master with my old drive as Slave. Upon boot, after it first checked the Master the Slave drive just spins... (spin, spin, spin, spin, reset, pause, spin spin, spin, spin, reset, pause... and repeats this for some time)
So my "temp" setup is as follows:
C: 40G HDD w/ XP Pro
E: partition 1 of a 30G HDD w/ XP Home
F: partition 2 of E:
G: Partition 3 of E:
I finally got a XP 'repair' screen (for lack of a better word), which ran a CHKDSK...
CHKDSK is verifying files (stage 1 of 3)
CHKDSK is verifying indexes (Stage 2 of 3)
CHKDSK is verifying Sy??? ???? (Stage 3 of 3) - I didnt catch all of this one, but it seemed to 'fix' some bad sectors and continued with the booting sequence. Upon the completion of the CHKDSK, the Master drive booted and I was able to view the contents of my personel 'slave' drive.
I have installed AVG7, Ad-Aware, HJT & AboutBuster onto the 'new' Master drive and scaned the Slave drive, no virus were found, 18 critical ads removed (scanned twice, log attached is for second scan), nothing to report from AboutBuster, HJT log file attached as well.
Even after running AVG, Ad-aware & HJT, when I re-install the drive as the master again, it still boots up into the Safe Mode Startup Menu and as before, any selection will only re-start the machine into Safemode Startup menu again.
ANY IDEA's Anyone......
Thanks
BrianV
Logs:
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, July 06, 2005 2:43:57 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):8 total references
TopSearch(TAC index:5):1 total references
Virtumonde(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
7-6-2005 2:43:57 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 572
ThreadCreationTime : 7-6-2005 8:08:29 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 7-6-2005 8:08:31 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 7-6-2005 8:08:32 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 7-6-2005 8:08:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 7-6-2005 8:08:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 7-6-2005 8:08:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 7-6-2005 8:08:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1080
ThreadCreationTime : 7-6-2005 8:08:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1124
ThreadCreationTime : 7-6-2005 8:08:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1236
ThreadCreationTime : 7-6-2005 8:08:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1456
ThreadCreationTime : 7-6-2005 8:08:34 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1548
ThreadCreationTime : 7-6-2005 8:08:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1648
ThreadCreationTime : 7-6-2005 8:08:35 PM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE
#:14 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ProcessID : 1656
ThreadCreationTime : 7-6-2005 8:08:35 PM
BasePriority : Normal
#:15 [compass tray manager.exe]
FilePath : C:\Compass\
ProcessID : 1664
ThreadCreationTime : 7-6-2005 8:08:35 PM
BasePriority : Normal
FileVersion : 3, 0, 11, 0
ProductVersion : 3.0.11
ProductName : Compass Tray Manager Utility
CompanyName : Compass Technologies Inc.
FileDescription : Compass Tray Manager Utility
InternalName : Compass Tray Manager
LegalCopyright : Copyright (C) 2005
OriginalFilename : Compass Tray Manager.EXE
Comments : Utility for Starting Compass Services from System Tray.
#:16 [sqlmangr.exe]
FilePath : C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
ProcessID : 1688
ThreadCreationTime : 7-6-2005 8:08:35 PM
BasePriority : Normal
FileVersion : 2000.080.0760.00
ProductVersion : 8.00.760
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Service Manager
InternalName : SQLMANGR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation
OriginalFilename : SQLMANGR.exe
Comments : NT INTEL X86
#:17 [compassserver.exe]
FilePath : c:\Compass\
ProcessID : 1912
ThreadCreationTime : 7-6-2005 8:08:40 PM
BasePriority : Normal
FileVersion : 3, 0, 40, 0
ProductVersion : 3.0.40
ProductName : Compass Server Module
CompanyName : Compass Technologies, Inc.
FileDescription : Compass Server
InternalName : Compass Server
LegalCopyright : Copyright (C) 2005
OriginalFilename : CompassServer.exe
Comments : Bundled Version 3.0.40
#:18 [compasswkinterface.exe]
FilePath : c:\Compass\
ProcessID : 1932
ThreadCreationTime : 7-6-2005 8:08:41 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 40
ProductVersion : 3, 0, 0, 40
ProductName : Compass WKInterface Module
CompanyName : Compass Technologies, Inc.
FileDescription : Compass WKInterface
InternalName : Compass WKInterface
LegalCopyright : Copyright (C) 2005
OriginalFilename : WKInterface.EXE
Comments : Compass WKInterface 3.0.0.40
#:19 [sqlservr.exe]
FilePath : C:\Compass\MSDE\MSSQL$COMPASSACCESS\Binn\
ProcessID : 1992
ThreadCreationTime : 7-6-2005 8:08:41 PM
BasePriority : Normal
FileVersion : 2000.080.0760.00
ProductVersion : 8.00.760
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86
#:20 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1364
ThreadCreationTime : 7-6-2005 8:08:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:21 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2668
ThreadCreationTime : 7-6-2005 8:24:12 PM
BasePriority : Normal
FileVersion : 7,0,0,301
ProductVersion : 7.0.0.301
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:22 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 3704
ThreadCreationTime : 7-6-2005 9:25:24 PM
BasePriority : Normal
FileVersion : 7,0,0,312
ProductVersion : 7.0.0.312
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:23 [avgemc.exe]
FilePath : C:\Program Files\Grisoft\AVG Free\
ProcessID : 3776
ThreadCreationTime : 7-6-2005 9:25:25 PM
BasePriority : Normal
FileVersion : 7,0,0,320
ProductVersion : 7.0.0.320
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:24 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3892
ThreadCreationTime : 7-6-2005 9:27:01 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
MRU List Object Recognized!
Location: : C:\Documents and Settings\Access Control\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1445873198-89400395-771976571-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1445873198-89400395-771976571-1005\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Virtumonde Object Recognized!
Type : File
Data : A0000582.exe
Category : Malware
Comment :
Object : E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\
Virtumonde Object Recognized!
Type : File
Data : A0000583.exe
Category : Malware
Comment :
Object : E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\
TopSearch Object Recognized!
Type : File
Data : A0000584.dll
Category : Data Miner
Comment :
Object : E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\
FileVersion : 1, 0, 0, 9
ProductVersion : 1, 0, 0, 0
ProductName : Altnet Inc. TopSearch
CompanyName : Altnet Inc.
FileDescription : TopSearch
InternalName : TopSearch
LegalCopyright : Copyright Altnet Inc. © 2002
OriginalFilename : TopSearch.dll
Virtumonde Object Recognized!
Type : File
Data : A0000585.exe
Category : Malware
Comment :
Object : E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
2:58:16 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:19.0
Objects scanned:155719
Objects identified:4
Objects ignored:0
New critical objects:4
HJT:
Logfile of HijackThis v1.99.0
Scan saved at 3:03:18 PM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Compass\Compass Tray Manager.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\Compass\CompassServer.exe
c:\Compass\CompassWKInterface.exe
C:\Compass\MSDE\MSSQL$COMPASSACCESS\Binn\sqlservr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CompassServiceManager] C:\Compass\Compass Tray Manager.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: SafeAxis Workstation.lnk = C:\Compass\SafeAxis.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Compass Archive Utility - Compass Technologies Inc. - c:\Compass\Compass Archive Utility.exe
O23 - Service: Compass ASCII Utility - Compass Technologies, Inc. - c:\Compass\Compass ASCII Utility.exe
O23 - Service: Compass Server - Compass Technologies, Inc. - c:\Compass\CompassServer.exe
O23 - Service: Compass WKInterface - Compass Technologies, Inc. - c:\Compass\CompassWKInterface.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
About Buster:
Scanned at: 3:04:55 PM on: 7/6/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done
System basic stats:
P3 650, 512M, 30G, XP Home, Outlook, Mozilla, (no IE), AVG7, Ad-Aware are updated and used weekly. CWS Shredder, About Buster & HijackThis are installed but not routinely used. Currently no internet/network due to this problem. (I have a second machine that is accessable to the net)
So last night I booted up my home PC (XP Home), XP started to load (as in it showed the XP logo with the lower bar scrolling) but then reset and loaded the "Windows failed to shutdown properly please choose one of the following options, Safe mode, etc..." If any mode of startup is selected: Safe mode, Safe Mode w/ Networking, Normal, Last saved, etc... its appears to start to load XP again but resets and returns to the Safe Mode Startup menu.
I have removed the my drive and inserted a borrowed drive (XP Pro, brand spanking new, no software installed yet, just the OS), I set this one up as the Master with my old drive as Slave. Upon boot, after it first checked the Master the Slave drive just spins... (spin, spin, spin, spin, reset, pause, spin spin, spin, spin, reset, pause... and repeats this for some time)
So my "temp" setup is as follows:
C: 40G HDD w/ XP Pro
E: partition 1 of a 30G HDD w/ XP Home
F: partition 2 of E:
G: Partition 3 of E:
I finally got a XP 'repair' screen (for lack of a better word), which ran a CHKDSK...
CHKDSK is verifying files (stage 1 of 3)
CHKDSK is verifying indexes (Stage 2 of 3)
CHKDSK is verifying Sy??? ???? (Stage 3 of 3) - I didnt catch all of this one, but it seemed to 'fix' some bad sectors and continued with the booting sequence. Upon the completion of the CHKDSK, the Master drive booted and I was able to view the contents of my personel 'slave' drive.
I have installed AVG7, Ad-Aware, HJT & AboutBuster onto the 'new' Master drive and scaned the Slave drive, no virus were found, 18 critical ads removed (scanned twice, log attached is for second scan), nothing to report from AboutBuster, HJT log file attached as well.
Even after running AVG, Ad-aware & HJT, when I re-install the drive as the master again, it still boots up into the Safe Mode Startup Menu and as before, any selection will only re-start the machine into Safemode Startup menu again.
ANY IDEA's Anyone......
Thanks
BrianV
Logs:
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, July 06, 2005 2:43:57 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):8 total references
TopSearch(TAC index:5):1 total references
Virtumonde(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
7-6-2005 2:43:57 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 572
ThreadCreationTime : 7-6-2005 8:08:29 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 7-6-2005 8:08:31 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 7-6-2005 8:08:32 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 7-6-2005 8:08:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 7-6-2005 8:08:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 7-6-2005 8:08:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 7-6-2005 8:08:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1080
ThreadCreationTime : 7-6-2005 8:08:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1124
ThreadCreationTime : 7-6-2005 8:08:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1236
ThreadCreationTime : 7-6-2005 8:08:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1456
ThreadCreationTime : 7-6-2005 8:08:34 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1548
ThreadCreationTime : 7-6-2005 8:08:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1648
ThreadCreationTime : 7-6-2005 8:08:35 PM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE
#:14 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ProcessID : 1656
ThreadCreationTime : 7-6-2005 8:08:35 PM
BasePriority : Normal
#:15 [compass tray manager.exe]
FilePath : C:\Compass\
ProcessID : 1664
ThreadCreationTime : 7-6-2005 8:08:35 PM
BasePriority : Normal
FileVersion : 3, 0, 11, 0
ProductVersion : 3.0.11
ProductName : Compass Tray Manager Utility
CompanyName : Compass Technologies Inc.
FileDescription : Compass Tray Manager Utility
InternalName : Compass Tray Manager
LegalCopyright : Copyright (C) 2005
OriginalFilename : Compass Tray Manager.EXE
Comments : Utility for Starting Compass Services from System Tray.
#:16 [sqlmangr.exe]
FilePath : C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
ProcessID : 1688
ThreadCreationTime : 7-6-2005 8:08:35 PM
BasePriority : Normal
FileVersion : 2000.080.0760.00
ProductVersion : 8.00.760
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Service Manager
InternalName : SQLMANGR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation
OriginalFilename : SQLMANGR.exe
Comments : NT INTEL X86
#:17 [compassserver.exe]
FilePath : c:\Compass\
ProcessID : 1912
ThreadCreationTime : 7-6-2005 8:08:40 PM
BasePriority : Normal
FileVersion : 3, 0, 40, 0
ProductVersion : 3.0.40
ProductName : Compass Server Module
CompanyName : Compass Technologies, Inc.
FileDescription : Compass Server
InternalName : Compass Server
LegalCopyright : Copyright (C) 2005
OriginalFilename : CompassServer.exe
Comments : Bundled Version 3.0.40
#:18 [compasswkinterface.exe]
FilePath : c:\Compass\
ProcessID : 1932
ThreadCreationTime : 7-6-2005 8:08:41 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 40
ProductVersion : 3, 0, 0, 40
ProductName : Compass WKInterface Module
CompanyName : Compass Technologies, Inc.
FileDescription : Compass WKInterface
InternalName : Compass WKInterface
LegalCopyright : Copyright (C) 2005
OriginalFilename : WKInterface.EXE
Comments : Compass WKInterface 3.0.0.40
#:19 [sqlservr.exe]
FilePath : C:\Compass\MSDE\MSSQL$COMPASSACCESS\Binn\
ProcessID : 1992
ThreadCreationTime : 7-6-2005 8:08:41 PM
BasePriority : Normal
FileVersion : 2000.080.0760.00
ProductVersion : 8.00.760
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86
#:20 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1364
ThreadCreationTime : 7-6-2005 8:08:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:21 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2668
ThreadCreationTime : 7-6-2005 8:24:12 PM
BasePriority : Normal
FileVersion : 7,0,0,301
ProductVersion : 7.0.0.301
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:22 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 3704
ThreadCreationTime : 7-6-2005 9:25:24 PM
BasePriority : Normal
FileVersion : 7,0,0,312
ProductVersion : 7.0.0.312
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:23 [avgemc.exe]
FilePath : C:\Program Files\Grisoft\AVG Free\
ProcessID : 3776
ThreadCreationTime : 7-6-2005 9:25:25 PM
BasePriority : Normal
FileVersion : 7,0,0,320
ProductVersion : 7.0.0.320
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:24 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3892
ThreadCreationTime : 7-6-2005 9:27:01 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
MRU List Object Recognized!
Location: : C:\Documents and Settings\Access Control\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1445873198-89400395-771976571-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1445873198-89400395-771976571-1005\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Virtumonde Object Recognized!
Type : File
Data : A0000582.exe
Category : Malware
Comment :
Object : E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\
Virtumonde Object Recognized!
Type : File
Data : A0000583.exe
Category : Malware
Comment :
Object : E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\
TopSearch Object Recognized!
Type : File
Data : A0000584.dll
Category : Data Miner
Comment :
Object : E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\
FileVersion : 1, 0, 0, 9
ProductVersion : 1, 0, 0, 0
ProductName : Altnet Inc. TopSearch
CompanyName : Altnet Inc.
FileDescription : TopSearch
InternalName : TopSearch
LegalCopyright : Copyright Altnet Inc. © 2002
OriginalFilename : TopSearch.dll
Virtumonde Object Recognized!
Type : File
Data : A0000585.exe
Category : Malware
Comment :
Object : E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 12
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12
2:58:16 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:19.0
Objects scanned:155719
Objects identified:4
Objects ignored:0
New critical objects:4
HJT:
Logfile of HijackThis v1.99.0
Scan saved at 3:03:18 PM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Compass\Compass Tray Manager.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\Compass\CompassServer.exe
c:\Compass\CompassWKInterface.exe
C:\Compass\MSDE\MSSQL$COMPASSACCESS\Binn\sqlservr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CompassServiceManager] C:\Compass\Compass Tray Manager.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: SafeAxis Workstation.lnk = C:\Compass\SafeAxis.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Compass Archive Utility - Compass Technologies Inc. - c:\Compass\Compass Archive Utility.exe
O23 - Service: Compass ASCII Utility - Compass Technologies, Inc. - c:\Compass\Compass ASCII Utility.exe
O23 - Service: Compass Server - Compass Technologies, Inc. - c:\Compass\CompassServer.exe
O23 - Service: Compass WKInterface - Compass Technologies, Inc. - c:\Compass\CompassWKInterface.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
About Buster:
Scanned at: 3:04:55 PM on: 7/6/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done