Continuous Rebooting Cycle in XP(RESOLVED)

**gusman** · 12-12-2005

I am having a problem with xp and the contiuous rebooting cycle that everyone seems to be getting. I saw a similiar post from another user that describes my problem to the T. Here is that user's post and a reply from you guys.:

24-08-2005, 09:15 AM
I'm not very computer savvy so I'll probably explain this like a moron, but here goes...I had just finished installing some windows updates on the website like I have been instructed to do from our IS guys. Incidentally I had also installed a new program, but since this didn't happened to any of the others in the office I don't think this had anything to do with it. Anyway, when I restarted my computer after the update install it would get to the Windows screen and then just shut down and start to reboot again. I tried going into safe mode and debugging but the same thing happened, rebooting over and over in a non-stop cycle. I would have gotten our computer tech to help but he's out of town until next week and I'm having to borrow a co-works computer. Can you help me? If so please keep in mind I'm a self-proclaimed computer idiot so I need everything in basic terms. THANKS!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 10:40:02 AM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\SK9910DM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resourc...scbase2213.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

**Neal** · 12-12-2005

Welcome to DAL,

Unless the Limewire you have is the newest version I suggest you remove it thru add/remove program as it is bundled with spyware.

Your log looks good, lots of Panda stuff in there.

If you can do this:

Please download Webroot SpySweeper from here: SpySweeper

Click the Free Trial link under to "SpySweeper" to download the program.
Install it.
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.

Paste the contents of the session log you copied into your next reply.

**gusman** · 13-12-2005

Thanks for your reply. I have uninstalled Limewire. I am not sure what version it was. I have downloaded Spysweeper and did a full sweep. Here is the report:

3:40 PM: | Start of Session, Monday, December 12, 2005 |
3:40 PM: Spy Sweeper started
3:40 PM: Sweep initiated using definitions version 582
3:40 PM: Starting Memory Sweep
3:48 PM: Memory Sweep Complete, Elapsed Time: 00:08:25
3:48 PM: Starting Registry Sweep
3:51 PM: Registry Sweep Complete, Elapsed Time:00:03:00
3:51 PM: Starting Cookie Sweep
3:51 PM: Found Spy Cookie: 2o7.net cookie
3:51 PM: administrator@2o7[2].txt (ID = 1957)
3:51 PM: Found Spy Cookie: advertising cookie
3:51 PM: administrator@advertising[2].txt (ID = 2175)
3:51 PM: Found Spy Cookie: apmebf cookie
3:51 PM: administrator@apmebf[2].txt (ID = 2229)
3:51 PM: Found Spy Cookie: aptimus cookie
3:51 PM: administrator@aptimus[2].txt (ID = 2233)
3:51 PM: Found Spy Cookie: falkag cookie
3:51 PM: administrator@as-us.falkag[1].txt (ID = 2650)
3:51 PM: Found Spy Cookie: atlas dmt cookie
3:51 PM: administrator@atdmt[2].txt (ID = 2253)
3:51 PM: Found Spy Cookie: casalemedia cookie
3:51 PM: administrator@casalemedia[1].txt (ID = 2354)
3:51 PM: Found Spy Cookie: coremetrics cookie
3:51 PM: administrator@data.coremetrics[1].txt (ID = 2472)
3:51 PM: Found Spy Cookie: overture cookie
3:51 PM: administrator@data2.perf.overture[1].txt (ID = 3106)
3:51 PM: Found Spy Cookie: fastclick cookie
3:51 PM: administrator@fastclick[1].txt (ID = 2651)
3:51 PM: administrator@media.fastclick[2].txt (ID = 2652)
3:51 PM: administrator@microsofteup.112.2o7[1].txt (ID = 1958)
3:51 PM: administrator@msnservices.112.2o7[1].txt (ID = 1958)
3:51 PM: administrator@network.aptimus[1].txt (ID = 2235)
3:51 PM: administrator@overture[2].txt (ID = 3105)
3:51 PM: administrator@perf.overture[1].txt (ID = 3106)
3:51 PM: Found Spy Cookie: qksrv cookie
3:51 PM: administrator@qksrv[2].txt (ID = 3213)
3:51 PM: Found Spy Cookie: questionmarket cookie
3:51 PM: administrator@questionmarket[1].txt (ID = 3217)
3:51 PM: Found Spy Cookie: server.iad.liveperson cookie
3:51 PM: administrator@server.iad.liveperson[2].txt (ID = 3341)
3:51 PM: administrator@sonycorporate.122.2o7[1].txt (ID = 1958)
3:51 PM: Found Spy Cookie: trafficmp cookie
3:51 PM: administrator@trafficmp[2].txt (ID = 3581)
3:51 PM: Found Spy Cookie: tribalfusion cookie
3:51 PM: administrator@tribalfusion[2].txt (ID = 3589)
3:51 PM: Found Spy Cookie: websponsors cookie
3:51 PM: owner@a.websponsors[2].txt (ID = 3665)
3:51 PM: Found Spy Cookie: go.com cookie
3:51 PM: owner@abc.go[1].txt (ID = 2729)
3:51 PM: Found Spy Cookie: about cookie
3:51 PM: owner@about[2].txt (ID = 2037)
3:51 PM: Found Spy Cookie: adknowledge cookie
3:51 PM: owner@adknowledge[1].txt (ID = 2072)
3:51 PM: Found Spy Cookie: specificclick.com cookie
3:51 PM: owner@adopt.specificclick[2].txt (ID = 3400)
3:51 PM: Found Spy Cookie: addynamix cookie
3:51 PM: owner@ads.addynamix[1].txt (ID = 2062)
3:51 PM: Found Spy Cookie: cc214142 cookie
3:51 PM: owner@ads.cc214142[2].txt (ID = 2367)
3:51 PM: owner@app.abc.go[1].txt (ID = 2729)
3:51 PM: Found Spy Cookie: atwola cookie
3:51 PM: owner@atwola[1].txt (ID = 2255)
3:51 PM: Found Spy Cookie: goldenpalace cookie
3:51 PM: owner@banner.goldenpalace[2].txt (ID = 2735)
3:51 PM: Found Spy Cookie: classmates cookie
3:51 PM: owner@classmates[1].txt (ID = 2384)
3:51 PM: owner@cnn.122.2o7[1].txt (ID = 1958)
3:51 PM: Found Spy Cookie: ru4 cookie
3:51 PM: owner@edge.ru4[1].txt (ID = 3269)
3:51 PM: owner@entrepreneur.122.2o7[1].txt (ID = 1958)
3:51 PM: owner@espn.go[1].txt (ID = 2729)
3:51 PM: Found Spy Cookie: exitexchange cookie
3:51 PM: owner@exitexchange[2].txt (ID = 2633)
3:51 PM: owner@experts.about[1].txt (ID = 2038)
3:51 PM: owner@goldenpalace[1].txt (ID = 2734)
3:51 PM: Found Spy Cookie: iwon cookie
3:51 PM: owner@iwon[1].txt (ID = 2883)
3:51 PM: Found Spy Cookie: metareward.com cookie
3:51 PM: owner@metareward[1].txt (ID = 2990)
3:51 PM: owner@microsofteup.112.2o7[1].txt (ID = 1958)
3:51 PM: owner@microsoftwga.112.2o7[1].txt (ID = 1958)
3:51 PM: owner@msnportal.112.2o7[1].txt (ID = 1958)
3:51 PM: owner@msnservices.112.2o7[1].txt (ID = 1958)
3:51 PM: Found Spy Cookie: nextag cookie
3:51 PM: owner@nextag[2].txt (ID = 5014)
3:51 PM: Found Spy Cookie: partypoker cookie
3:51 PM: owner@partypoker[1].txt (ID = 3111)
3:51 PM: owner@pch.122.2o7[1].txt (ID = 1958)
3:51 PM: owner@pcsupport.about[2].txt (ID = 2038)
3:51 PM: Found Spy Cookie: play.pchlotto cookie
3:51 PM: owner@play.pchlotto[2].txt (ID = 3145)
3:51 PM: Found Spy Cookie: reunion cookie
3:51 PM: owner@reunion[2].txt (ID = 3255)
3:51 PM: Found Spy Cookie: adjuggler cookie
3:51 PM: owner@rotator.dex.adjuggler[1].txt (ID = 2070)
3:51 PM: owner@rsi.abc.go[1].txt (ID = 2729)
3:51 PM: owner@rsi.espn.go[1].txt (ID = 2729)
3:51 PM: Found Spy Cookie: pch cookie
3:51 PM: owner@sb.pch[2].txt (ID = 3124)
3:51 PM: Found Spy Cookie: techtarget cookie
3:51 PM: owner@searchwinsystems.techtarget[2].txt (ID = 3500)
3:51 PM: owner@sports-att.espn.go[1].txt (ID = 2729)
3:51 PM: owner@sports.espn.go[1].txt (ID = 2729)
3:51 PM: owner@thunderbolt.adjuggler[1].txt (ID = 2070)
3:51 PM: Found Spy Cookie: redzip cookie
3:51 PM: owner@www.redzip[1].txt (ID = 3250)
3:51 PM: Found Spy Cookie: upspiral cookie
3:51 PM: owner@www.upspiral[1].txt (ID = 3615)
3:51 PM: Cookie Sweep Complete, Elapsed Time: 00:00:12
3:51 PM: Starting File Sweep
3:54 PM: Error: Failed to set action in SSI driver. Element not found.
4:04 PM: Found Adware: apropos
4:04 PM: wingenerics.dll (ID = 50187)
4:34 PM: File Sweep Complete, Elapsed Time: 00:42:30
4:34 PM: Full Sweep has completed. Elapsed time 00:54:13
4:34 PM: Traces Found: 63
4:48 PM: Deleted error log without sending: C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
********
3:14 PM: | Start of Session, Monday, December 12, 2005 |
3:14 PM: Spy Sweeper started
3:14 PM: Sweep initiated using definitions version 582
3:14 PM: Starting Memory Sweep
3:14 PM: Error: Failed to set action in SSI driver. Element not found.
3:15 PM: Error: Failed to set action in SSI driver. Element not found.
3:15 PM: Error: Failed to set action in SSI driver. Element not found.
3:15 PM: Error: Invalid Registry Event Record.
3:15 PM: Error: Failed to set action in SSI driver. Element not found.
3:15 PM: Error: Invalid Registry Event Record.
3:16 PM: Error: Failed to set action in SSI driver. Element not found.
3:16 PM: Error: Failed to set action in SSI driver. Element not found.
3:16 PM: Error: Failed to set action in SSI driver. Element not found.
3:16 PM: Sweep Canceled
3:16 PM: Memory Sweep Complete, Elapsed Time: 00:02:39
3:16 PM: Traces Found: 0
3:22 PM: Deleted error log without sending: C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
3:24 PM: Error: Failed to set action in SSI driver. Element not found.
3:24 PM: Deleted error log without sending: C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
3:39 PM: Your spyware definitions have been updated.
3:40 PM: | End of Session, Monday, December 12, 2005 |
********
3:09 PM: | Start of Session, Monday, December 12, 2005 |
3:09 PM: Spy Sweeper started
3:11 PM: Your spyware definitions have been updated.
3:12 PM: Error: Failed to set action in SSI driver. Element not found.
3:12 PM: Deleted error log without sending: C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
3:14 PM: | End of Session, Monday, December 12, 2005 |

Thanks in advance!

Originally Posted by Neal

Welcome to DAL,

Unless the Limewire you have is the newest version I suggest you remove it thru add/remove program as it is bundled with spyware.

Your log looks good, lots of Panda stuff in there.

If you can do this:

Please download Webroot SpySweeper from here: SpySweeper

Click the Free Trial link under to "SpySweeper" to download the program.
Install it.
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.

Paste the contents of the session log you copied into your next reply.

**gusman** · 13-12-2005

I have since uninstalled and reinstalled Logitech Mouseware. I don't know how this will affect any configurations or not. Just an update. Thanks

**Neal** · 13-12-2005

Ok

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

**gusman** · 13-12-2005

Thanks for your reply!

Logfile of HijackThis v1.99.1
Scan saved at 12:38:42 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://support.gateway.com/eSupport...9721&P=7780935
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resourc...scbase2213.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

Log of AproposFix v1

************

Running from directory:
C:\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C7iP6AwmZgnm]
@="iUdty4 CDDCDDEDhTfYYtuCDDCSFDmYdTemiDiA45u.JIDt3y7u34Dt9w \\011AE4A4"
"Device"="\\\\.\\RDPIIde"
"DriverPath"="C:\\WINDOWS\\System32\\drivers\\dxgl oppy.sys"
"DriverName"="SENdisk"
"HideUninstallerName"="C:\\Program Files\\Msnlayer\\wldkbdro.exe"
"UninstallerPath"="C:\\WINDOWS\\System32\\tsbrdtea .exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\ \Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0 A3A1263-D3B1-4560-9FF9-5071797824FA}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\System32\\vssdsldp.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X7e9aa0b-2d22-208b-1562-e5944ccc01fb}"
"PageFiltering"=dword:00000001
"CrMnTmt"=dword:0036ee80

************

Removing hidden service:
Service SENdisk removed.

Removing hidden folder:
Deletion of folder Msnlayer succeeded!

Deleting files:

Deletion of file C:\WINDOWS\System32\drivers\dxgloppy.sys succeeded!
Deletion of file C:\WINDOWS\System32\qosmdev5.exe succeeded!
Deletion of file C:\WINDOWS\System32\vssdsldp.dll succeeded!
Deletion of file C:\WINDOWS\System32\tsbrdtea.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C7iP6AwmZgnm]
[-HKEY_LOCAL_MACHINE\Software\C7iP6AwmZgnm]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{0A3A1263-D3B1-4560-9FF9-5071797824FA}]

Done!

Finished!

**Neal** · 13-12-2005

How is your computer behaving now?

Have you done a scan with your Panda, if so did it find anything and if it did did it remove everything it found?

Please get these two spyware programs if you don't already have them.

SpyBotS&D

AdawareSE

Reboot between scans and after last scan

There is a new and improved version of AdAware that you need to have installed on your computer. The new version is AdAware SE
If you have AdAware already installed on your system and it's NOT SE go to your Control Panel and click on Add/Remove Programs. Click on AdAware and then REMOVE and then just complete the removal process.

Once it's un-installed go to http://www.lavasoft.de/ and download the FREE version of AdAware SE. Once it's downloaded double click on the new file to start the install process.
Click Next>I accept>Next>Next> then be sure and put a dot in the bullet for Anyone Who uses this computer and then click Next>Next>

In the next dialog box remove the dot in the bullets "Start Scan" and also "Launch Help Files" and click Finish

Now if the program doesn't launch double click on the icon that should now be on your desktop to start AdAware SE

Now click on the button for Check for Updates
If updates are found click on the OK button and after it downloads to 100% click on the Finish button.

Click the Start Button
Click on the link for Customize
in the Main Window under Scan Settings
click on the red X in front of Scan within archives to change it to a green check

Then click on the button on the left labeled Advanced
click on the red X in front of Move deleted files to Recycle Bin to change it to a green check
click on the red X in front of Include Environment Information to change it to a green check

Then click on the button on the left labeled Defaults
click on the Read current settings from system

Then click on the button on the left labeled Tweak
Click on the (+) in front of Scanning Engine to expand the group
click on the red X in front of Obtain Command line of scanned processes to change it to a green check
click on the red X in front of Run scan as background process to change it to a green check
click on the red X in front of Use permanent archive caching to change it to a green check

Click on the (+) in front of Cleaning Engine to expand the group
click on the red X in front of Disable manual quarantine if auto-quarantine is selected to change it to a green check

Click on the (+) in front of Safety Settings to expand the group
click on the red X in front of Reanalyze results after scanning . . . to change it to a green check
click on the red X in front of Write protect system files after repair to change it to a green check

Click on the (+) in front of Log File to expand the group
click on the red X Create Log File for removal operations to change it to a green check

Click on the (+) in front of User Interface to expand the group
click on the red X Remember window positions to change it to a green check
click on the red X Snap windows to desktop borders to change it to a green check
click on the red X Use gridlines in results list to change it to a green check

Click on the (+) in front of Web Update Settings to expand the group
click on the red X Create and save WebUpdate log file to change it to a green check

Click on the (+) in front of Misc settings to expand the group
click on the red X Dump details about unhandled exceptions to disk to change it to a green check

Then click on the button at the bottom right labeled Proceed then click the Next button to start scanning.

Once the scan is complete you'll have a flashing Bug and a brief sound to indicate scanning is complete and Adware is found. Click on the Next and then click on each of the empty boxes to the left of the found items under SCAN SUMMARY. Then hit the Next button. Then OK. This should clean your system of all the found nasties. When it's complete simply close the program until your next scan session. Always ALWAYS check for updates before very scan.
# Reboot
# Post us a fresh HijackThis log afterwards

Thanks

**gusman** · 13-12-2005

Thanks again for your reply. Good news this time!

I downloaded Spybot and Ad awareSE. Spybot found nothing but Ad-awareSE found 52 critical files. After cleaning those up (and rebooting after each scan) I restarted. The first time I restarted I recieved the blue screen of death. KERNEL_STACK_INPAGE_ERROR. This is the first time I saw this. I restarted again and everything loaded up fine! I have complete control over everything now!
With Ad-awareSE when I was checking the red x's under user interface the "remember windows position" was blacked out. other than that everything worked great. I am assuming that this clears up any issues I was having but I would like to get your feedback on this last Hijackthis file.

Thanks so much for your help. Gateway couldn't help, Geeksquad didn't either.

Logfile of HijackThis v1.99.1
Scan saved at 2:54:00 PM, on 12/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://support.gateway.com/eSupport...9721&P=7780935
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resourc...scbase2213.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

**Neal** · 14-12-2005

Log is clean, thanks for the kind remarks.

If you are no longer having any more trouble here is some preventative measures for you.

Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.

http://forums.thatcomputerguy.us/ind...showtopic=1190

Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.

Explained here:
Windows XP: service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Microsoft ME:

http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

RegProtect

This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.

You have the option of allowing(good) items or blocking(bad)items.

http://www.diamondcs.com.au/index.php?page=regprot

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

http://www.microsoft.com/windows/ie/default.asp

2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1

Avast: http://www.avast.com/eng/avast_4_home.html

3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
MS Antispyware beta: http://www.microsoft.com/athome/secu...e/default.mspx

4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Press.cfm?id=134 Coming Soon

OutPost Personal Firewall:
Outpost

5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/

6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

http://www.javacoolsoftware.com/spywareblaster.html

If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/

IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm

*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free

Continuous Rebooting Cycle in XP(RESOLVED)

Continuous Rebooting Cycle in XP(RESOLVED)

Similar Threads

Constant cycle of blue screen - then restart.

Win2k continuous reboot.

End of Life Cycle

Need Help with Ccomputer rebooting cycle.

continuous restart