Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Weird Windows XP problem
New Posts  All Forums:Forum Nav:

Weird Windows XP problem - Page 3

post #21 of 46
Quote:
Originally Posted by m1kcal;13005896 
The possibility that I have a virus is slim to none based on the fact that I reformatted very recently and I haven't downloaded anything fishy yet.

If your connected to the internet then the average time to collect a virus, active or not is somewhere around 7 minutes without any antivirus or up to date software on your OS patches.

People seem to think viruses only come when you click on something or download something. Those are the ones that have permission to do something via your user settings. Most viruses try to keep quiet and hijack entire servers, dns or come across as junk broken files to be compiled later.

Even if you do not have a virus, we need to check for it. If we ignore the existence of a virus completely then we may very well be skipping the one thing that it may be. Start with the most plausible and get into the zebras later.
Edited by Sarec - 4/4/11 at 10:35pm
Windfall
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 Asus P5E3 Premium Wifi XFX HD Radeon 6950 SuperTalent 
Hard DriveOptical DriveOSMonitor
WADFALS1001 WD Black Edition 1TB x 2 Raid 0 DVD-RW DIE VISTA, Using W7 24Inch 1920x1200 
PowerCase
Corsair 750TX Corsair 800D 
  hide details  
Reply
Windfall
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 Asus P5E3 Premium Wifi XFX HD Radeon 6950 SuperTalent 
Hard DriveOptical DriveOSMonitor
WADFALS1001 WD Black Edition 1TB x 2 Raid 0 DVD-RW DIE VISTA, Using W7 24Inch 1920x1200 
PowerCase
Corsair 750TX Corsair 800D 
  hide details  
Reply
post #22 of 46
Thread Starter 
Quote:
Originally Posted by Sarec View Post
Navigate to:
hkey_local_machine\\software\\microsoft\\windows NT\\CurrentVersion\\winlogon
There is a key called "Userinit".. please post back everything in that key. Should only be the userinit however.

Example: C:\\windows\\system32\\userinit.exe,

Also please report everything under the "Shell" key as well. Should just be explorer.exe. I believe.
Under the Userinit key this was in there rdpinit.exe
The Shell key had explorer.exe


Edit:
Quote:
Originally Posted by Sarec View Post
If your connected to the internet then the average time to collect a virus, active or not is somewhere around 7 minutes without any antivirus or up to date software on your OS patches.

People seem to think viruses only come when you click on something or download something. Those are the ones that have permission to do something via your user settings. Most viruses try to keep quiet and hijack entire servers, dns or come across as junk broken files to be compiled later.

Even if you do not have a virus, we need to check for it. If we ignore the existence of a virus completely then we may very well be skipping the one thing that it may be. Start with the most plausible and get into the zebras later.
I have already explained the various virus scans and methods in previous posts
    
CPUMotherboardGraphicsRAM
E6600 @ 2.4 GHz ASUS P5NSLI LGA 775 NVIDIA nForce 570 SLI Intel ATI Radeon 4850 4 gb DDR2 xcros 
Optical DriveOSMonitorKeyboard
HP Windows XP Pro 32-bit LG Plantron Microsoft 
PowerMouseMouse Pad
700W OCZ Logitech mx518 SteelSeries 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
E6600 @ 2.4 GHz ASUS P5NSLI LGA 775 NVIDIA nForce 570 SLI Intel ATI Radeon 4850 4 gb DDR2 xcros 
Optical DriveOSMonitorKeyboard
HP Windows XP Pro 32-bit LG Plantron Microsoft 
PowerMouseMouse Pad
700W OCZ Logitech mx518 SteelSeries 
  hide details  
Reply
post #23 of 46
Ok, I searched all thru the Windows XP Pro registry on a VM that I have and didn't come up with squat. I thought all the startup entries were in one spot in the registry, but since they're not I'll stay away from registry changes for now.

How about doing sfc /scannow
I doubt it'll turn up anything, but I'm runnin' outta fish in the barrel to shoot at.
Big Baby
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E8400 Wolfdale 3.0 Ghz Asrock P45R2000 WiFi 460 GTX 6GB Patriot Viper DDR3 1333 (2x1GB and 2x2GB) 
Hard DriveOptical DriveOSMonitor
Kingston 64GB SSD, 1TB Hitachi and 3 160GB drives ASUS dual layer SATA II DVD burner Windows 7 Pro 64 Bit and a few virtual machines ;) Hanns.G Hi221D 22" LCD Widescreen 
KeyboardPowerCaseMouse
standard junker nothin' fancy. Yet... HIPER 730 W Rosewill Conqueror Logitech Trackball (TrackMan is the model I think) 
Mouse Pad
The Desk! 
  hide details  
Reply
Big Baby
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E8400 Wolfdale 3.0 Ghz Asrock P45R2000 WiFi 460 GTX 6GB Patriot Viper DDR3 1333 (2x1GB and 2x2GB) 
Hard DriveOptical DriveOSMonitor
Kingston 64GB SSD, 1TB Hitachi and 3 160GB drives ASUS dual layer SATA II DVD burner Windows 7 Pro 64 Bit and a few virtual machines ;) Hanns.G Hi221D 22" LCD Widescreen 
KeyboardPowerCaseMouse
standard junker nothin' fancy. Yet... HIPER 730 W Rosewill Conqueror Logitech Trackball (TrackMan is the model I think) 
Mouse Pad
The Desk! 
  hide details  
Reply
post #24 of 46
Quote:
but I'm runnin' outta fish in the barrel to shoot at.
My consternation described poetically.

I've got to hit the hay for the night, but this is going to bother me. I'll be on tomorrow to see if any new ideas cropped up. Plus, my work computer is an XP box - it'll be nice to have a reference to work from.

Good luck in the meantime
Rosemari
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @ 4.0 GHz|1.26250v Asus P6T deluxe V2 XFX AMD Radeon 6950 2GB RF 12 GB G.Skill DDR3 1600 
Hard DriveOSMonitorPower
WD 1 TB Caviar Black 7200 RPM Win 7 64-bit Asus 24" 1080p Corsair TX 750W 
Case
Thermaltake Xaser VI 
  hide details  
Reply
Rosemari
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @ 4.0 GHz|1.26250v Asus P6T deluxe V2 XFX AMD Radeon 6950 2GB RF 12 GB G.Skill DDR3 1600 
Hard DriveOSMonitorPower
WD 1 TB Caviar Black 7200 RPM Win 7 64-bit Asus 24" 1080p Corsair TX 750W 
Case
Thermaltake Xaser VI 
  hide details  
Reply
post #25 of 46
Thread Starter 
Quote:
Originally Posted by Razinhail View Post
Ok, I searched all thru the Windows XP Pro registry on a VM that I have and didn't come up with squat. I thought all the startup entries were in one spot in the registry, but since they're not I'll stay away from registry changes for now.

How about doing sfc /scannow
I doubt it'll turn up anything, but I'm runnin' outta fish in the barrel to shoot at.
it turned out empty
    
CPUMotherboardGraphicsRAM
E6600 @ 2.4 GHz ASUS P5NSLI LGA 775 NVIDIA nForce 570 SLI Intel ATI Radeon 4850 4 gb DDR2 xcros 
Optical DriveOSMonitorKeyboard
HP Windows XP Pro 32-bit LG Plantron Microsoft 
PowerMouseMouse Pad
700W OCZ Logitech mx518 SteelSeries 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
E6600 @ 2.4 GHz ASUS P5NSLI LGA 775 NVIDIA nForce 570 SLI Intel ATI Radeon 4850 4 gb DDR2 xcros 
Optical DriveOSMonitorKeyboard
HP Windows XP Pro 32-bit LG Plantron Microsoft 
PowerMouseMouse Pad
700W OCZ Logitech mx518 SteelSeries 
  hide details  
Reply
post #26 of 46
Quote:
Originally Posted by m1kcal View Post
Under the Userinit key this was in there rdpinit.exe
The Shell key had explorer.exe
There was no userinit.exe in the userinit key?

I do not recognize that rdpinit.exe but that does not mean it does not belong. Removing that could very well fix this or make it impossible for you to log in.

Researching.

EDIT -

Could you download HiJackThis? and please post the log but do NOT make any changes. Download can be found here. http://free.antivirus.com/hijackthis

I use the executable version. Scan if it you wish, I just dl'd it and scanned it myself, but run the first option it comes up with. It would show a log.
Edited by Sarec - 4/4/11 at 10:56pm
Windfall
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 Asus P5E3 Premium Wifi XFX HD Radeon 6950 SuperTalent 
Hard DriveOptical DriveOSMonitor
WADFALS1001 WD Black Edition 1TB x 2 Raid 0 DVD-RW DIE VISTA, Using W7 24Inch 1920x1200 
PowerCase
Corsair 750TX Corsair 800D 
  hide details  
Reply
Windfall
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 Asus P5E3 Premium Wifi XFX HD Radeon 6950 SuperTalent 
Hard DriveOptical DriveOSMonitor
WADFALS1001 WD Black Edition 1TB x 2 Raid 0 DVD-RW DIE VISTA, Using W7 24Inch 1920x1200 
PowerCase
Corsair 750TX Corsair 800D 
  hide details  
Reply
post #27 of 46
Quote:
Originally Posted by Sarec View Post
There was no userinit.exe in the userinit key?

I do not recognize that rdpinit.exe but that does not mean it does not belong. Removing that could very well fix this or make it impossible for you to log in.

Researching.
I believe that's just a Remote Desktop process. Removing it shouldn't kill anything. Then again, disabling the Power Profile Service on my Desktop (which has no battery so it doesn't need a Power Profile Service) also disables my Audio. M$ makes some really odd dependencies sometimes...

EDIT
Quote:
Originally Posted by Sarec View Post
@Razinhail

I have to waste a post on this..

Epic sig quote.
lol Thanks but those weren't my words. I merely... "arranged" them in the... uhh... "proper" order. Yeah, that's it...
Edited by Razinhail - 4/4/11 at 11:14pm
Big Baby
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E8400 Wolfdale 3.0 Ghz Asrock P45R2000 WiFi 460 GTX 6GB Patriot Viper DDR3 1333 (2x1GB and 2x2GB) 
Hard DriveOptical DriveOSMonitor
Kingston 64GB SSD, 1TB Hitachi and 3 160GB drives ASUS dual layer SATA II DVD burner Windows 7 Pro 64 Bit and a few virtual machines ;) Hanns.G Hi221D 22" LCD Widescreen 
KeyboardPowerCaseMouse
standard junker nothin' fancy. Yet... HIPER 730 W Rosewill Conqueror Logitech Trackball (TrackMan is the model I think) 
Mouse Pad
The Desk! 
  hide details  
Reply
Big Baby
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core 2 Duo E8400 Wolfdale 3.0 Ghz Asrock P45R2000 WiFi 460 GTX 6GB Patriot Viper DDR3 1333 (2x1GB and 2x2GB) 
Hard DriveOptical DriveOSMonitor
Kingston 64GB SSD, 1TB Hitachi and 3 160GB drives ASUS dual layer SATA II DVD burner Windows 7 Pro 64 Bit and a few virtual machines ;) Hanns.G Hi221D 22" LCD Widescreen 
KeyboardPowerCaseMouse
standard junker nothin' fancy. Yet... HIPER 730 W Rosewill Conqueror Logitech Trackball (TrackMan is the model I think) 
Mouse Pad
The Desk! 
  hide details  
Reply
post #28 of 46
@Razinhail

I have to waste a post on this..

Epic sig quote.
Windfall
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 Asus P5E3 Premium Wifi XFX HD Radeon 6950 SuperTalent 
Hard DriveOptical DriveOSMonitor
WADFALS1001 WD Black Edition 1TB x 2 Raid 0 DVD-RW DIE VISTA, Using W7 24Inch 1920x1200 
PowerCase
Corsair 750TX Corsair 800D 
  hide details  
Reply
Windfall
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 Asus P5E3 Premium Wifi XFX HD Radeon 6950 SuperTalent 
Hard DriveOptical DriveOSMonitor
WADFALS1001 WD Black Edition 1TB x 2 Raid 0 DVD-RW DIE VISTA, Using W7 24Inch 1920x1200 
PowerCase
Corsair 750TX Corsair 800D 
  hide details  
Reply
post #29 of 46
Thread Starter 
Quote:
Originally Posted by Sarec View Post

EDIT -

Could you download HiJackThis? and please post the log but do NOT make any changes. Download can be found here. http://free.antivirus.com/hijackthis
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.d ll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG10\\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O4 - HKLM\\..\\Run: [AVG_TRAY] C:\\Program Files\\AVG\\AVG10\\avgtray.exe
O4 - HKLM\\..\\Run: [StartCCC] "C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe" MSRun
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~1\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~1\\Office12\\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\\program files\\common files\\microsoft shared\\windows live\\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\\program files\\common files\\microsoft shared\\windows live\\wlidnsp.dll
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package 1) - http://ccfiles.creative.com/Web/soft...5116/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG10\\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\\Program Files\\Windows Live\\Photo Gallery\\AlbumDownloadProtocolHandler.dll
O23 - Service: AMD External Events Utility - AMD - C:\\Windows\\system32\\atiesrxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\\Program Files\\Common Files\\Creative Labs Shared\\Service\\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\\Program Files\\Common Files\\Creative Labs Shared\\Service\\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\\Program Files\\Creative\\Shared Files\\CTAudSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files\\Common Files\\Steam\\SteamService.exe





League of Legends is a game in case it looked unknown to you
    
CPUMotherboardGraphicsRAM
E6600 @ 2.4 GHz ASUS P5NSLI LGA 775 NVIDIA nForce 570 SLI Intel ATI Radeon 4850 4 gb DDR2 xcros 
Optical DriveOSMonitorKeyboard
HP Windows XP Pro 32-bit LG Plantron Microsoft 
PowerMouseMouse Pad
700W OCZ Logitech mx518 SteelSeries 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
E6600 @ 2.4 GHz ASUS P5NSLI LGA 775 NVIDIA nForce 570 SLI Intel ATI Radeon 4850 4 gb DDR2 xcros 
Optical DriveOSMonitorKeyboard
HP Windows XP Pro 32-bit LG Plantron Microsoft 
PowerMouseMouse Pad
700W OCZ Logitech mx518 SteelSeries 
  hide details  
Reply
post #30 of 46
Nothing looks fishy there. Check to see if you have any scripts running at login, Control Panel > Administrative Tools > Computer Management > Local Users and Groups > Users then click on your account name, click the Profile tab and check if anything is in the Logon script: box.
Circuit Breaker
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k 4.7ghz Gigabyte GA-P67A-UD4-B3 GTX 480 4gb G.Skill Ripjaws @ 2133mhz 
Hard DriveOSPowerCase
G.Skill Phoenix Pro 60gb SSD Encom OS 12 Seasonic X650 Thermaltake Spedo Advanced 
  hide details  
Reply
Circuit Breaker
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-2600k 4.7ghz Gigabyte GA-P67A-UD4-B3 GTX 480 4gb G.Skill Ripjaws @ 2133mhz 
Hard DriveOSPowerCase
G.Skill Phoenix Pro 60gb SSD Encom OS 12 Seasonic X650 Thermaltake Spedo Advanced 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Weird Windows XP problem