covered in turds

covered in turds

hey hey. My computer is covered in turds and I have checked and re checked my files, processes, startup, hijack this, virus checkers online and off, and there is just something up with the pooter.

first off the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 00:37:58, on 29/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB002" /M "Stylus D88"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} - http://www.download.five.tv/Download/five_3_4_0_8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://loopyloosy.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146584861424
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://www.download.five.tv/Download/Entriq_3_4_0_10_Silent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E35C6AD4-5385-478F-8198-D5F28011696F}: NameServer = 212.139.132.41 212.139.132.42
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

I am running XP sp2, firefox 2.0.0.1, I use the avast anti virus which has just recently been installed, after having avg for ages, it picked up 3 viruses when it ran in boot up, which could not be fixed, so I removed (i know I can be over zealous), and KPF4 firewall. I rarely use messenger, always scan my files, have no wallpaper, 4 desktop icons, and try to have as little as possible on startup. SO its really pissing me off when it happens, as im not stupid with computers, and i know the crack a bit more than some.

So basically the trouble with the computer is switching it on. It takes about 20 goes to get it on, it either just stops when loading, and the black windows screen is on with the blue loading bar underneath - been on for 30mins before, not got past it. OR, it comes on fine, but once the desktop is on the computer, the mouse and keyboard wont work, or they work for 2 seconds, then that crashes the computer. In the past it has had some kind or problem with beeping for a continuous period on startup, but this is a mouse related incident, and has not happened for a while.

When this problem has stopped, and you can get it working, there is nothing else wrong with the computer.

I ran a virus check before, and it seems as though I have been infected with a trojan - its in the chest, but bare with me for an update, as it has yet to finish, yes i know im online while its checking but i was trying to check all my processes meanwhile.

Thanks so much if anyone can spot what the crack is. Its doing my head in like!

Lu

I'm really tired.. but having scanned over that I'm thinking it could be Motherboard related from the symptoms you've expressed..

Next time it crashes, hit F8 on reboot (after the BIOS screen, before Windows starts to load) to get a list of startup options.

Then, select the option to disable auto restart when it crashes.

next time it get crashes it will blue screen, giving you a STOP alert and error code (eg. STOP: 0x000000F)

Post the code and the troublesome file (probably a .sys file) if you can get it

Another thing you could try would be to boot into recovery console and run chkdsk /r, this will find and fix any issues with your hard disk.

ok update on this shit,

avast found 2 trojan horses on the pooter last night.

File name A0112561.dll
Folder : F:\System Volume Information\_restore{ABBEFF0B-4310-4763-9636-47336F84F63C}-\RP349
Size of file 454656
Last modification time 14/04/2002 23:29
Time of transfer to Chest 29/01/07 10:44
Category Infected files
Virus description Win32:Small-FU [Trj]
File ID 5

File name MEMORY.DMP
Folder C:\WINDOWS
Size of file 251215872
Last modification time 24/01/07 06:23
Time of transfer to chest 28/01/07 23:45
Category: Infected files
Virus description : Win32:SdBot-gen44 [Trj]
File ID 4


whaddo I do?

and if i need to checkdisk, is that just done from the C:\Drive by clicking checkdsk?

lemme know ta

BUMP

Your HJThis log looks fine, but delete
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
if you no longer run webroot spysweeper.

Avast found the trojan in a system restore folder on your F drive (likely where the trojan was stored within something, check all stuff on your F drive. Btw turn system restore off! Use System menu in Control Panel) and in a memory dump that was created after the last crash. If avast didn't find it when starting up (during the memory test) then it is most likely gone, but set avast to do a boot-time scan at highest sensitivity and to scan within archives, to make sure the source file has gone. Oh, and don't use IE!

aah I didnt spot system restore, i thought i had it off on the c drive, but its for all your hard drives isnt it!!

I only have IE so I can update shit from windows. I use firefox!!!

This whole F drive thing is doing my head in.

Its a massive drive which was added later on. It seems to have a version of windows on, I need to check that my version is running from C which i am 99.9% positive it is, but to double check apparently I have to unplug it then start the pooter. Im scared and I dont want to do that.

I cant format it, when I try it just says it cant.

I need help with it

Thanks dodgy
btw do i remove these files i now have in my chest??

lu

What do you do for a job?

I think someone is scared of losing his geek crown

Was just testing...

Windows will be running from the C drive, 99% sure of that, if it wasn't you'd notice it crapping out all the time (more than usual anyway ), it doesn't like anywhere else other than C and throws a wobbly when you try doing owt like installing/saving stuff.

If you want to double check & make sure without unplugging it, download Process Monitor from here: http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx - run it and it will show you the system processes' (programs, those that are part of Windows) full path (look for summinck like svchost.exe) so you can see if they're running from C or F.

Hmm, at a guess it is likely that a process is running from there or using it. If Windows is on C, use Process Monitor as above and see if anything is running or using something from F. If it's nothing critical then you may be able to kill the process, then format F. Otherwise you may have to format the drive either using the XP cd or something like GParted (which may be scary but will be relatively easy).

You're welcome Just leave them in the chest, they can't get out again.

I'm a student. I (quite literally) don't get out much anymore...

It'll be safe, I'll be disappearing again soon enough

Reet, have downloaded the process monitor, and apart from Utorrent (which I was using at the time to download video into F:/, it seems there is

EXPLORER.EXE x3. One is create file, one is QueryFullSizeInforationVolume, and the other is close file. Their path just shows up as F:\ on the screen, but when I look at properties, its saying the path is C:\WINDOWS\Explorer.exe

Whats the crack there?

And because im so silly, I would need an explanation as to how to format from the XP cd, as the last time i tried, it wouldnt let me again

Ta very much computer boffins

That means windows is running from the C drive (goody), and at a guess the three explorer processes are being used for writing/accessing whatever file(s) it is you're torrenting.

Formatting with XP cd - if XP still won't let you, follow the instructions here til you're at Step 5, then don't delete the Windows partition (on C, but delete the partition that is on the F: drive instead, then re-create it and format. Then cancel the install and reboot.

A better idea though would be to use this - http://www.ultimatebootcd.com/ - use Active Killdisk on the drive to get rid of everything on it, no need to re-partition/format. Didn't think of that earlier...

cheers dodgy, but my hard drive crashed and started making death clicks, so i recieved help here and all was well. It has now decided to not start properly, freezing when I do owt, have tried to repair it, although it says I have an admin password which I dont GRR, but when doing the workaround of shift and f10 when it is installing to get to the user accounts it fucking freezes again. Think i might just get a new pooter. Its fucking shit!!!

Oops, missed that thread

Got confused in that other thread - your CDROM and HD are on separate IDE cables aren't they? If your BIOS has an option along the lines of 'reset to optimised defaults' - do it, or just reset to defaults, in case it's a config issue. Check that all of the cable connections, memory & pci/agp/pci-e cards in the case are snugly fitted, and that all of the fans are running whilst it's powered on (especially the cpu fan, also feel if there's excessive heat coming from your graphics card - if you have one). Also find the hardware monitor page in the BIOS, and check the cpu temperature, anything over 60c straight after you've turned it on may be a cause for concern - overheating can cause hard locks.

Use that boot cd I linked above & run the right hard drive diagnostic utility for the model of that 40GB HD (eg Seatools Desktop if it's a seagate HD). If it finds nowt, run Salvation HDD Scan and Repair (it will check for bad sectors on the hard disk). If again nowt, run Memtest86+ on it and leave running for ~12 hours, it'll test your memory, and will count up errors if there are any.

If none of those three find anything it could be good or bad news. Possibly good news if they all ran without freezing themselves - the installation of Windows could be screwed & that's fixable (killdisk and re-install), or the HD does have a problem (either physical or a configuration issue, poss with the mainboard) & it's replaceable/re-configurable. Poss bad news that it could be something completely different causing the freezes (I've suffered hard locks before due to AGP graphic cards and certain chipsets which wasn't fixable).

Hopefully the above might find summinck anyways, good luck

the only thing i can think of, is at the start of the installation - we did a quick NTFS format.


Might be worth doing what dodgy said, checking for errors - then do a re-install with a FULL NTFS format

so its all your fucking fault MoS?




The only thing I can think of really Is that I noticed when I was in the pooter, that the 2 fans that are in there - one works, but it is next to the original HD, and the other one just has a little twitch, like a mental patient. There is no fan near this 40GB HD, although it has been running fine without that, but i suppose now AAAAAL the shit is running off it, it will heat up more.

Im getting fucking sick of it now like, im going to have to spend another day on it soon. I would rather spend my time on my dissertation like but hey, It would be handy to have it up and running. I mean, my laptop is all singing and dancing, but its no PC you know??

Another thing, when I had repaired it with the CD, it asked me to restart to do more shit, but when I restarted it froze.

Now im lucky if I get it passed CHECKING NAVRAM... It only sometimes gets further than that. I will be checking the cables and things, but I cant be arsed yet lol.

Ill keep you updated, THANKS SO MUCH FOR YOUR HELP people.

I don't know what I could give you in return? Ebay shopping tips, freebie websites, an essay on "Using a range of examples, compare and contrast the concepts of Political Extremism and the political mainstream. How do these concepts assist our understanding of the British political system?"

or not.....

Yes, it is.

Is that broken fan on the motherboard or on the case? If it's on the motherboard, that's the cpu fan - if it's not working then that's most likely your problem right there. You could try removing it from the heatsink (the large metal thing it'll be attached to, either by screws or clips, which itself is attached to the motherboard and covers the cpu) and try cleaning it in case dust has blocked it. One or more of the fan blades may be bent and stopping it from spinning, if the fan is plastic you should be able to re-bend them. If that doesn't work, either the bearings or the motor has gone, meaning you'll have to get a replacement - get a new heatsink/fan combo.

If the broken fan is on the case, you can try cleaning/bending blades, if not get a replacement. It more than likely will not be the main problem though, but could be contributing. Make sure to check the cpu fan though.

Older hard drives aren't too bad with heat compared to newer larger/faster ones. You could unscrew the hard drive from the case, then move it so it is in the fan's 'dead zone' - right in the cantre of the fan's alignment. This'll get a nice breeze both above and below the HD.

It sounds like an old pc, if you've had it 5 or more years without a hardware failure before this then it's done pretty damn well. Plus you must be learning something whilst trying to fix it, so you'll be 100x better prepared for something similar in future. Look on the positive side!

That's freezing whilst checking the CMOS memory - which could mean it is a problem with the BIOS/CMOS memory, a problem with your mainboard memory, or a problem whilst first accessing XP's bootloader on the MBR of your hard drive. Before doing all that stuff in my last post which will test for the last two possibilities, use the 'clear CMOS' jumper on your motherboard - you may have to do some googling for your motherboard/pc model to find instructions & where the jumper is if you don't have the motherboard manual handy or can't spot the jumper (it'll be pretty close to the wee battery). Or post your motherboard/pc model here & some nice person will find the instructions if you can't

A cup of tea?

Hmm - this thread was showing last post "09-02-07 10:51 PM by loopyloosy" Sly bump in case the post above has been missed ^^

why is you confused dodgy?

I just cant be chewed to do it yet tis all