1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

XP Booting Problem, really weird malware???

Discussion in 'Virus & Other Malware Removal' started by flyerphann, May 1, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. flyerphann

    flyerphann Thread Starter

    Joined:
    Apr 30, 2010
    Messages:
    11
    At the urging of a helpful person in another thread, i was asked to repost my problem here, along with
    the comments he had so far. Hoping someone out there can help!! Will do exactly what anyone says, but remember i'm not an expert. Again, thanks for any help!!

    flyerphann
    Junior Member with 3 posts. Join Date: Apr 2010
    Experience: Needs things spelled out
    30-Apr-2010, 03:55 PM #1
    XP booting problem, really weird
    All, thanks in advance for reading this, and any help or assistance you can all provide. Usually if i
    have a problem, i can find a solution in these groups, but this one just has been weird, and i don't
    understand in the slightest what is going on. Any suggestions on what/why is appreciated!!!
    Here's the problem. There are a few symptoms, so hopefully they will be related somehow.
    Windows crashed a few days ago. Upon booting back up, I was asked to choose between going into
    safe mode, last good config or booting normally. Unfortunately i had no keyboard at that point, so it
    would boot normally. The no keyboard is weird #1, as i had one if i go into the bios.
    When it did boot windows, the splash screen appears, then the screen went black. I rebooted a few
    times hoping it would do something. I found that if i left it like that for 15-20 minutes, voila, the
    logon screen came up. So long delay after splash screen was weird #2. Oh, and to make it a little
    weirder, when logon screen came up, i could magically use the keyboard!!
    Not done yet. When windows comes up after the logon, the background comes up, but no icons, and
    no taskbar. That's weird #3. i can use ctrl-alt-del to bring up the task manager and run some things,
    and had internet connectivity (iexplore worked fine). Some icons did come up eventually, and i think
    that may have been from me killiing explore.exe and restarting it. Maybe.
    Ok, now, here's where i'm at. I was able to force it to boot into safe mode at next reboot. Still took a
    while to get into it, but when i did, icons came up with no problem. So that seemed good. I did a system
    restore back and week, the restore then booted me into windows normally.
    It still did take a while to boot, but after Norton did it's one-click fix stuff to and i updated virus
    definitions, icons came up and everything seemed to work okay. Then today, after shutting down the
    machine last night, the problem was back. Ugh.
    Any idea on what to do or what the problem could be?????
    I"m curious what happens after the splash screen. could it be looking for hardware that isn't responding
    or a file is corrupt? This problem originally occured after accidentilly putting an SDHD card into an old
    SD slot. I'd thought maybe the USB stack got corrupted, and then fixed with restore, but now i'm
    assuming not.
    THanks again if you have any ideas. If there's something i need to do, while i work with computers, it's
    not this type of thing, so detailed instructions would be amazingly helpful.
    Report Edit Quote Reply

    BillVB
    Junior Member with 17 posts. Join Date: Apr 2010
    Experience: Advanced
    30-Apr-2010, 09:26 PM #2
    I have a feeling that the Windows God is angry at you, but I'll give it a try anyway.
    Just answer this question: Can you try and give me a list of the running processes when you launch Task Manager?
    Also, look on the networking tab of the Task Manager, without running any Internet-using application, now, is there high usage?
    Report Quote Reply

    flyerphann
    Junior Member with 3 posts. Join Date: Apr 2010
    Experience: Needs things spelled out
    01-May-2010, 06:39 AM #3
    thanks. i really do aprecciate it.
    here's a list of processes, as they are running right now. we left the computer on overnight, so i'm not
    sure how many of these come up at boot.
    ctfmon.exe
    cidaemon.exe
    ccSvcHst.exe
    taskmgr.exe
    itype.exe
    alg.exe
    bgsvcgen.exe
    AppleMobileDeviceService.exe
    svchost.exe
    spoolsv.exe
    svchost.exe
    svchost.exe
    explorer.exe
    svchost.exe
    svchost.exe
    explorer.exe
    svchost.exe
    svchost.exe
    ArcNameService.exe
    svchost.exe
    realsched.exe
    nvsvc32.exe
    svchost.exe
    svchost.exe
    lsass.exe
    services.exe
    winlogin.exe
    csrss.exe
    ccSvcHst.exe
    MDM.exe
    smss.exe
    iPodService.exe
    jqs.exe
    iTunesHelper.exe
    cisvc.exe
    mDNSResponder.exe
    System
    System Idle Process
    That's all of them, unless i mis-typed. To answer your other question, networking was at 0%, if i bring
    up a homepage, it jumps up to a whopping 0.8% ;-)
    A couple other things i've noted, that i don't know if they mean anything, but i think are related.
    Looking back at the event properties for when this started, i see a couple errors that are there. The
    first is
    'The Security Services Driver (x86) service failed to start due to the following error: The system cannot
    find the file specified'.
    About 7 minutes later (maybe that was my weird error black screen length that time) I see one about
    the N360 Services timing out. There are about 10-11 'information' blurbs between the two, although
    they pretty much all occur right after the first error. Not sure if those are normal. I also see i have some
    warnings from the last day, and even before the problem started about disk read in paging system. Not
    sure how common that normally is.
    Report Edit Quote Reply

    BillVB
    Junior Member with 17 posts. Join Date: Apr 2010
    Experience: Advanced
    14 Minutes Ago, #4
    Oh dear...
    The whole thing sounds like it's caused by malware, but I can't really see any evidence.
    Do you have any security software installed because they should be able to pick it up?
    My advice to you would be: Copy this thread (including my comments) to the HJT and Malware Removal area,they will be able to help you.
    Report Quote Reply
    BillVB

    flyerphann
    Junior Member with 3 posts. Join Date: Apr 2010
    Experience: Needs things spelled out
    2 Minutes Ago, #5
    i have Norton installed, the free version that comes with comcast. Is there an easy way to copy the
    thread over? i see i can highlight one message at a time...
    Thanks for the advice.
     
  2. flyerphann

    flyerphann Thread Starter

    Joined:
    Apr 30, 2010
    Messages:
    11
    some more information, in case this will help.

    i did a reboot with windows xp chkdsk running at start. said everything was fine. it did sit on the
    last screen for a little bit. not sure how long. that could have replaced the long black screen i had
    before, but i was in another room for a bit.

    once into xp, icons still missing. they popped up 19-20 minutes later. i had opened iexplore,
    downloaded registry magic or something and was running that. it hadn't fixed anything, so i think
    it just is taking 20 minutes for them to pop up.

    it did say there were 5 problems with my 'start up', but won't fix those things without downloading
    the full version. not sure if that could be the 20 minutes after login or not...the fact i get about that
    long before the login screen comes up too makes me think virus, but norton hasn't found anything,
    and if it's doing something during load up i'm not sure it would find it.

    again, any help is appreciated!!
     
  3. flyerphann

    flyerphann Thread Starter

    Joined:
    Apr 30, 2010
    Messages:
    11
    I was asked by someone to post the ntbtlog file after my next reboot. Here it is, in case it helps. I see
    lots of things, but i don't understand any of it...help! :)

    Service Pack 3 5 2 2010 16:26:52.500
    Loaded driver \WINDOWS\system32\ntoskrnl.exe
    Loaded driver \WINDOWS\system32\hal.dll
    Loaded driver \WINDOWS\system32\KDCOM.DLL
    Loaded driver \WINDOWS\system32\BOOTVID.dll
    Loaded driver ACPI.sys
    Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
    Loaded driver pci.sys
    Loaded driver isapnp.sys
    Loaded driver pciide.sys
    Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    Loaded driver MountMgr.sys
    Loaded driver ftdisk.sys
    Loaded driver dmload.sys
    Loaded driver dmio.sys
    Loaded driver PartMgr.sys
    Loaded driver VolSnap.sys
    Loaded driver atapi.sys
    Loaded driver disk.sys
    Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    Loaded driver fltmgr.sys
    Loaded driver sr.sys
    Loaded driver SYMEFA.SYS
    Loaded driver PxHelp20.sys
    Loaded driver KSecDD.sys
    Loaded driver WudfPf.sys
    Loaded driver Ntfs.sys
    Loaded driver NDIS.sys
    Loaded driver Mup.sys
    Loaded driver agp440.sys
    Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
    Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
    Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
    Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
    Loaded driver \SystemRoot\System32\DRIVERS\e100b325.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ltmdmnt.sys
    Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
    Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
    Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
    Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
    Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
    Loaded driver \SystemRoot\system32\drivers\Afc.sys
    Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
    Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
    Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    Loaded driver \SystemRoot\system32\drivers\cmuda.sys
    Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
    Loaded driver \SystemRoot\System32\Drivers\RootMdm.sys
    Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
    Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
    Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
    Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
    Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
    Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
    Loaded driver \SystemRoot\system32\DRIVERS\RimSerial.sys
    Loaded driver \SystemRoot\System32\DRIVERS\rdpdr.sys
    Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
    Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
    Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\SymIM.sys
    Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
    Loaded driver \SystemRoot\System32\DRIVERS\update.sys
    Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
    Loaded driver \SystemRoot\system32\drivers\windrvr6.sys
    Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
    Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
    Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
    Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
    Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
    Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
    Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
    Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
    Loaded driver \SystemRoot\System32\Drivers\Null.SYS
    Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
    Did not load driver \SystemRoot\System32\DRIVERS\i8042prt.sys
    Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys
    Loaded driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
    Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
    Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
    Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
    Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
    Loaded driver \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    Loaded driver \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
    Loaded driver \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
    Loaded driver \SystemRoot\System32\Drivers\N360\0308000.029\SYMIDS.SYS
    Loaded driver
    Loaded driver \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
    Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys
    Loaded driver \SystemRoot\System32\drivers\afd.sys
    Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
    Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
    Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
    Loaded driver \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
    Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
    Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
    Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    Loaded driver \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
    Loaded driver \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
    Loaded driver \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\usbccgp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbscan.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys
    Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\Wdf01000.sys
    Loaded driver \SystemRoot\system32\DRIVERS\NuidFltr.sys
    Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
    Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
    Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
    Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
    Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
    Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
    Loaded driver \SystemRoot\System32\Drivers\MCSTRM.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
    Did not load driver \SystemRoot\system32\DRIVERS\rp_skt32.sys
    Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
    Loaded driver
    Loaded driver
    Did not load driver \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
    Loaded driver \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
    Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
    Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
    Loaded driver \SystemRoot\system32\drivers\splitter.sys
    Loaded driver \SystemRoot\system32\drivers\aec.sys
    Loaded driver \SystemRoot\system32\drivers\swmidi.sys
    Loaded driver \SystemRoot\system32\drivers\DMusic.sys
    Loaded driver \SystemRoot\system32\drivers\kmixer.sys
    Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
    Loaded driver \SystemRoot\system32\drivers\kmixer.sys
    Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
    Loaded driver \SystemRoot\system32\drivers\kmixer.sys
    Loaded driver \SystemRoot\system32\drivers\kmixer.sys
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please do the following:

    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT


    [​IMG]
    Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and post it in your next reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920381

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice