• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Help please!

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
H

HellHead

New Member
Joined
Dec 9, 2008
My primary problem is when I start my computer and load the task manager, I see cmd.exe and services.exe rapid-spawning without me doing anything. If I close most of the cmd.exe, it stops the spawning, but if I close all of them, it seems to not allow me to load anything in a web browser, yet I can IM and use uTorrent.
I can barely use Google because I can't properly open a large amount of anything I search. It either redirects me to some generic search or won't load at all.
Also, after a long duration of time, I get a blue screen and a restart.
This all started a few days ago immediately when I clicked to unblock something on a legit site with my NoScript. As soon as I clicked, I got a blue screen and a restart.
I've done multiple scans with NOD32 and FixVundo and found nothing.
 
if i were you, i wouldnt waste any more time.
back up the hard disk with all your files, fe-format and fresh install the OS, then re-install all drivers and hardware, THEN install a GOOD antivirus, and then install your apps.

trying to fight something like that i feel is a waste of valuable time, and will send you mad / over the edge.
i keep all my lethal chemicals and medication double locked now.
 
Thanks for the advice. Unfortunately, I don't have the OS disc as this was put together at a friend's place. I'm a bit of a computer nub, so when you say backup my files and reformat and such, would I be able to save ALL of my files? I have about 500GB worth of stuff that I really, really don't want to part ways with.
I've posted on a few other forums, so I guess I'll do this as a very last resort if I'm able.
 
im guessing you are using windows.
now depending on where you have specified you save your stuff, it usually all goes into your "profile".
if you have two hard disks i would copy your stuff over to that and do a complete fresh install.
 
Yes, XP.
All I have besides my 700GB hd is a 111GB external hd which is full.
If it really comes down to it, I guess I'll have to make a list of everything and track down what I can later.
Would be a crying shame.
 
You want to start the system up in safemode. Once in safemode, insert a USB key with several spyware/antivirus tools. Run HiJackThis from the USB key, save a log file then exit HJT, and post the log message here so we can tell you what to do. That will stop any active infections, then from that point all that is left is cleaning up the damage/garbage.

Here are some more complete guides if you are more comfortable following them:
http://www.ocforums.com/showthread.php?t=379516

EDIT: :welcome: to the forums!
 
Last edited:
Alrighty, thanks for the welcome, and here's the log:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:22:26 AM, on 12/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Archive\Computer\Programs\HijackThis\HijackThis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {088FEE77-65EA-4176-8CE2-3535242079BF} - (no file)
O2 - BHO: (no name) - {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: {dd09b6a8-3e9e-fb1b-a304-b8835733eaed} - {deae3375-388b-403a-b1bf-e9e38a6b90dd} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [tdss] C:\DOCUME~1\Owner\LOCALS~1\Temp\23706890.exe
O4 - HKLM\..\RunOnce: [ ] C:\WINDOWS\System32\cmd.exe /C del /Q C:\WINDOWS\system32\rdssrv.exe C:\WINDOWS\system32\rdshost.dll C:\WINDOWS\system32\hdfkt.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [USDownloader] "C:\Documents and Settings\Owner\Desktop\Archive\Computer\Programs\USDownloader\USDownloader-Lite\USDownloader.exe"
O4 - Startup: Styler.lnk = ?
O4 - Startup: ZMatrix.lnk = C:\Program Files\ZMatrix\matrix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAE9CE4B-836A-4756-B6F0-C9D2C2238CDB}: NameServer = 74.5.116.246,75.5.116.246
O20 - Winlogon Notify: ljJCtTMD - ljJCtTMD.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 6302 bytes
 
i see a few that looks interesting, in particular

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKLM\..\RunOnce: [tdss] C:\DOCUME~1\Owner\LOCALS~1\Temp\23706890.exe
O4 - HKLM\..\RunOnce: [ ] C:\WINDOWS\System32\cmd.exe /C del /Q C:\WINDOWS\system32\rdssrv.exe C:\WINDOWS\system32\rdshost.dll C:\WINDOWS\system32\hdfkt.dll


edit: Tdss seems to be a Rootkit according to google searches.
cursor XP seems to be fine

and the runonce seems to be a Rootkit too, or some trojan downloader.
 
Last edited:
I have 2 parts. First section is all the items you should checkmark and fix with HJT, because they are either definetly not needed or definetly problem files. The second section is stuff I would personally remove if I were cleaning up your PC. Note that cleaning those ones up may break your customizations, or worse - I would accept that and worry about it once I knew the machine was clean and usable again.

Code: 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {088FEE77-65EA-4176-8CE2-3535242079BF} - (no file)
O2 - BHO: (no name) - {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - (no file)
O2 - BHO: {dd09b6a8-3e9e-fb1b-a304-b8835733eaed} - {deae3375-388b-403a-b1bf-e9e38a6b90dd} - (no file)
O4 - HKLM\..\RunOnce: [tdss] C:\DOCUME~1\Owner\LOCALS~1\Temp\23706890.exe
O4 - HKLM\..\RunOnce: [ ] C:\WINDOWS\System32\cmd.exe /C del /Q C:\WINDOWS\system32\rdssrv.exe C:\WINDOWS\system32\rdshost.dll C:\WINDOWS\system32\hdfkt.dll
O4 - HKCU\..\Run: [USDownloader] "C:\Documents and Settings\Owner\Desktop\Archive\Computer\Programs\U SDownloader\USDownloader-Lite\USDownloader.exe"
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAE9CE4B-836A-4756-B6F0-C9D2C2238CDB}: NameServer = 74.5.116.246,75.5.116.246
O20 - Winlogon Notify: ljJCtTMD - ljJCtTMD.dll (file missing)

Recommended because stardock is garbage, and a lot of customization stuff is similar to "free smilies" (download free smily pack, install, devil spawns inside your PC). Refer to warning above - this could break apps you have installed and are actually using:
Code: 
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Styler.lnk = ?
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

Once you have finished fixing things with HJT you can reboot normally instead of with safemode and you can make sure things are working and let us know what problems you still have. The infection you had should no longer be active, but there may be settings and other damage the infection caused that we still need to fix. If your detailed about any further problems you have, we can fix it quicker.
 
I cleaned all those entries with HT except 017 as that has to do with my internet setup. I tried cleaning it, but was then unable to connect to anything in browsers, so I restored it.
Aside from that, just about everything seems to be as it was in regular boot mode, unfortunately.
One plus is when I boot and load task manager, there's no more rapid-spawning, which hasn't occured since I ran a couple of those cleaners that were recommended.
I'm still having the same problem with Google and Yahoo search as well as FireFox and MSN IM being unstable and crashing. Also, certain pages still aren't loading.
Would you like me to run another HT log in safe mode and post it? Would running it in regular boot mode show anything safe mode wouldn't, or just convolute it?
 
Do those name servers in 017 belong to your ISP? I was assuming they were inserted by malware, which often redirects connections to its own name servers so that they can server up ads instead of the content your looking for. If you know those addresses are valid DNS servers, then your fine.

Go ahead and run HJT in regular boot mode, then we can see what processes are running at least. You can enclose the log file in vBulletin CODE tags, like this but remove the spaces after the first braquet [ code]past log file here[ /code].

You said Firefox is crashing, is IE crashing also? Which pages refuse to load?
 
I would recommend that if the suggestions above does not work..I would purchase a larger drive than the one you currently have. The only reason I say larger is that you mentioned 500gigs worth of stuff you have. Once you do that...transfer all important files over to the new larger drive, format the 750...make a partition of 60gigs for operating system and programs...and keep the remainder of the 750 for extra storage...

With a setup similar to this you can always reformat the 60gig portion when ever you get ready without worrying about the 500gigs of stuff...

my 2 cents
 
IMOG: I thought it did, but I'm unsure now. I thought it had something to do with when I forwarded a port a while back, but it doesn't match any of my settings that I checked. I've removed it again and the browser is working fine so far, so I'll leave it unless I need to restore it again. IE isn't crashing and the majority of pages that don't load seem to do more with technical sites, similar to this, where one would go to for help.

AMD'er: Thanks for the tip. I definitely intend to do so when I get some cash laid back.


Code: 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:06:45 AM, on 12/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\Desktop\Archive\Computer\Programs\HijackThis\HijackThis\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [ ] C:\WINDOWS\System32\cmd.exe /C del /Q C:\WINDOWS\system32\rdssrv.exe C:\WINDOWS\system32\rdshost.dll C:\WINDOWS\system32\hdfkt.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: ZMatrix.lnk = C:\Program Files\ZMatrix\matrix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

--
End of file - 4803 bytes


Edit: And once again, I had to restore 017.
 
It looks like you missed removing this line:

O4 - HKLM\..\RunOnce: [ ] C:\WINDOWS\System32\cmd.exe /C del /Q C:\WINDOWS\system32\rdssrv.exe C:\WINDOWS\system32\rdshost.dll C:\WINDOWS\system32\hdfkt.dll

Can you clarify about line 017? I see it isn't there in the scan, and you said things were no longer crashing. Then at the end you said you had to restore it? I'm not clear on why or what the problem was.

You might want to also check the windows host file to ensure that doesn't contain redirects that are breaking your connections to certain pages:
http://en.wikipedia.org/wiki/Hosts_file
 
017 is odd because it doesn't match anything in my ipconfig. The problem with it is shortly after when I clean it with HijackThis, I'm unable to connect to any sites at all in browsers and I don't know any way around that except for restoring it. Things still crash in normal boot, regardless.
 
What are the contents of your host file? Open it with notepad and post the contents here, it is located in C:\system32\drivers\etc\

The 017 entry belongs to Embarq - if they are your ISP, that entry is harmless. The 04 entry in my last post still needs to go, thats a problem for sure.

This link explains why I'm concerned about the 017 entry:
http://www.bleepingcomputer.com/tutorials/tutorial42.html#O17Diag

If you are interested and can get logmein installed on the machine, create a logmein account and install logmein on this computer. (that might be hard with the problems your having) You could PM me the login details for the logmein account you created, and I would be happy to take a first hand look - I'm sure I could get it fixed if I could look at it first hand. You might need to bring the logmein site up via IP if it does not load using logmein.com: 74.201.74.60
 
Last edited:
For host, "127.0.0.1 localhost" - Is that what you're looking for?
I cleaned that 04 entry as well.
Yes, Embarq is my provider, but I couldn't load that bleepingcomputer page, though.
I'll see if I can get that logmein set up in the meantime.
And is it possible to get my mouse working in safe mode? It's an older p.o.s. that has the two screw-ins. (9-pin, I think.)
 
Your host file is fine if thats all it contains.

If you can't load bleepingcomputer.com, can you ping it from the command prompt? I'm still wondering if something is interfering with DNS requests, or if TCP/IP is muxed up.

I'm still trying to figure out what could keep you from loading certain pages, since everything we've covered so far hasn't been the problem.

I have no idea about the mouse, its older than my PC experience.
 
It's weird, when I ping that site, it says 0% loss, but the round trip is all 0 ms...compared to pinging other sites that have various ms round trips. The only thing I know is I had that Vundo trojan a while back and it did the same thing in regards to blocking certain sites, but it didn't make things crash like this.
 
You must log in or register to reply here.

Similar threads

dfonda
Looking forward to playing Starfield again.(Can't)
Replies
10
Views
552
dfonda
dfonda
E
  • Solved
New build, weird issue. Would appreciate some help. Thanks!
2
Replies
36
Views
4K
bitbangerff
bitbangerff
Vger70
AMD 7950X overclock help
2
Replies
29
Views
4K
Zerileous
Zerileous
ptm
New 13700k build - need help please
Replies
3
Views
1K
ptm
ptm
Vishera
  • Solved
SSD seems to be dying, any way to fix it?
Replies
12
Views
1K
EarthDog
EarthDog
Back