Windows 2000 server rebooting

ramon82 · 09-02-2008

I have been having a strange problem. My Windows 2000 server is sometimes rebooting after giving a quick BSOD....The last line in the SYSTEM event log following the reboot was this:
01-09-2008 11:59:17 AM Save Dump Information None 1001 N/A SERVER-A The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xe4ff3428, 0x00000000, 0xf74f4c9e, 0x00000001). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\MEMORY.DMP.
The hijackthis log is this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:54 AM, on 02-09-2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\WEBSER~1\bi n\Apache.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
c:\teamware\server\i500\i500stack\RFC1006D.EXE
C:\WINNT\System32\llssrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\WEBSER~1\bi n\Apache.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\ePO\MSSQL\Binn\sqlservr.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\snmptrap.exe
C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
c:\teamware\server\tosvc.exe
c:\teamware\server\tostart.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\ismserv.exe
c:\teamware\server\toentdir.exe
c:\teamware\server\i500\bin\odssched.exe
c:\teamware\server\i500\bin\odscomms.exe
c:\teamware\server\i500\bin\odsmdsa.exe
c:\teamware\server\i500\bin\odssdsa.exe
c:\teamware\server\i500\bin\odssdsa.exe
c:\teamware\server\i500\bin\odssdsa.exe
c:\teamware\server\i500\bin\odsshad.exe
c:\teamware\server\i500\i500ldap\mtldapd.exe
c:\teamware\server\i500\i500ldap\odsldapv3.exe
c:\teamware\server\toserver.exe
c:\teamware\server\tombdisp.exe
c:\teamware\server\tomime.exe
c:\teamware\server\tomprep.exe
c:\teamware\server\toemsend.exe
c:\teamware\server\to3xbox.exe
c:\teamware\server\tohttp.exe
c:\teamware\server\tohttp.exe
c:\teamware\server\toalarm.exe
c:\teamware\server\toimap4.exe
c:\teamware\server\toalert.exe
c:\teamware\server\toaluser.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINNT\system32\Atiptaxx.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\robocopy.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackTh is.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = McAfee - Antivirus Software and Intrusion Prevention Solutions
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 142.191.42.98:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 142.191.3.20
O1 - Hosts: 142.191.3.20 mail.techlab.com.mt
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://142.191.31.10/webpages/DMWebX.ocx
O16 - DPF: {4EABBB94-847F-45CB-8C70-99AE8E88635A} (WebClient Control) - http://142.191.25.25/WebCamX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126528307562
O16 - DPF: {E8775171-BF76-42EC-A093-55E16A45C375} (prjTWAttachmentListG.TWAttachmentList) - https://www.snt.com.mt/prjTWAttachmentListG.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = techlab.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{30EE7ADA-AD51-481C-A3D3-5E414189010E}: NameServer = 142.191.3.20,194.159.36.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = techlab.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{30EE7ADA-AD51-481C-A3D3-5E414189010E}: NameServer = 142.191.3.20,194.159.36.19
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = techlab.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{30EE7ADA-AD51-481C-A3D3-5E414189010E}: NameServer = 142.191.3.20,194.159.36.19
O23 - Service: Apache2 - Apache Software Foundation - C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\WEBSER~1\bi n\Apache.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee ePolicy Orchestrator 3.0.1 Event Parser (EVENTPARSER301) - Network Associates, Inc. - C:\Program Files\Network Associates\ePO\3.0.1\EVENTPARSER.EXE
O23 - Service: FSC ServerView Services - Fujitsu Siemens Computers - C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\SER VER~1\SnmpTrap\AlarmService.exe
O23 - Service: RFC1006 Transport Service (ISOSTACK.RFC1006) - ISOCOR - c:\teamware\server\i500\i500stack\RFC1006D.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee ePolicy Orchestrator 3.0.1 Server (NAIMSERV301) - Network Associates, Inc. - C:\Program Files\Network Associates\ePO\3.0.1\NAIMSERV.EXE
O23 - Service: Server Control Service (SrvCtrl) - Fujitsu Siemens Computers GmbH - C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe
O23 - Service: Teamware Server v7.1 (TeamWAREOffice5) - Unknown owner - c:\teamware\server\tosvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7247 bytes

CAN YOU KINDLY HELP ME PLS

chiaz · 09-06-2008

Hello.

Please download Malwarebytes' Anti-Malware by clicking the link below:
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

==============================================

Ok. Let's have you download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, so that we may continue cleansing the system:

MBAM log
C:\ComboFix.txt
New HijackThis log

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

Crush · 04-03-2009

Hello,

This thread has been moved into the Unfinished HJT forum due to inactivity. Please follow the procedure at the top of the forum if you still require assistance

Regards,
Crush
PCHF Security Team Leader

09-02-2008	#1
ramon82 Bronze Member Join Date: Aug 2008 Posts: 57 PC Experience: Experienced	Windows 2000 server rebooting I have been having a strange problem. My Windows 2000 server is sometimes rebooting after giving a quick BSOD....The last line in the SYSTEM event log following the reboot was this: 01-09-2008 11:59:17 AM Save Dump Information None 1001 N/A SERVER-A The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xe4ff3428, 0x00000000, 0xf74f4c9e, 0x00000001). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\MEMORY.DMP. The hijackthis log is this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:04:54 AM, on 02-09-2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\WEBSER~1\bi n\Apache.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\System32\svchost.exe c:\teamware\server\i500\i500stack\RFC1006D.EXE C:\WINNT\System32\llssrv.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\WEBSER~1\bi n\Apache.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Network Associates\ePO\MSSQL\Binn\sqlservr.exe C:\WINNT\system32\ntfrs.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\locator.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\snmp.exe C:\WINNT\System32\snmptrap.exe C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe c:\teamware\server\tosvc.exe c:\teamware\server\tostart.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\System32\dns.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\WINNT\System32\ismserv.exe c:\teamware\server\toentdir.exe c:\teamware\server\i500\bin\odssched.exe c:\teamware\server\i500\bin\odscomms.exe c:\teamware\server\i500\bin\odsmdsa.exe c:\teamware\server\i500\bin\odssdsa.exe c:\teamware\server\i500\bin\odssdsa.exe c:\teamware\server\i500\bin\odssdsa.exe c:\teamware\server\i500\bin\odsshad.exe c:\teamware\server\i500\i500ldap\mtldapd.exe c:\teamware\server\i500\i500ldap\odsldapv3.exe c:\teamware\server\toserver.exe c:\teamware\server\tombdisp.exe c:\teamware\server\tomime.exe c:\teamware\server\tomprep.exe c:\teamware\server\toemsend.exe c:\teamware\server\to3xbox.exe c:\teamware\server\tohttp.exe c:\teamware\server\tohttp.exe c:\teamware\server\toalarm.exe c:\teamware\server\toimap4.exe c:\teamware\server\toalert.exe c:\teamware\server\toaluser.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\McAfee\Common Framework\UpdaterUI.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\WINNT\system32\Atiptaxx.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINNT\system32\cmd.exe C:\WINNT\system32\robocopy.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackTh is.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = McAfee - Antivirus Software and Intrusion Prevention Solutions R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 142.191.42.98:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 142.191.3.20 O1 - Hosts: 142.191.3.20 mail.techlab.com.mt O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://142.191.31.10/webpages/DMWebX.ocx O16 - DPF: {4EABBB94-847F-45CB-8C70-99AE8E88635A} (WebClient Control) - http://142.191.25.25/WebCamX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126528307562 O16 - DPF: {E8775171-BF76-42EC-A093-55E16A45C375} (prjTWAttachmentListG.TWAttachmentList) - https://www.snt.com.mt/prjTWAttachmentListG.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = techlab.com O17 - HKLM\System\CCS\Services\Tcpip\..\{30EE7ADA-AD51-481C-A3D3-5E414189010E}: NameServer = 142.191.3.20,194.159.36.19 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = techlab.com O17 - HKLM\System\CS1\Services\Tcpip\..\{30EE7ADA-AD51-481C-A3D3-5E414189010E}: NameServer = 142.191.3.20,194.159.36.19 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = techlab.com O17 - HKLM\System\CS2\Services\Tcpip\..\{30EE7ADA-AD51-481C-A3D3-5E414189010E}: NameServer = 142.191.3.20,194.159.36.19 O23 - Service: Apache2 - Apache Software Foundation - C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\WEBSER~1\bi n\Apache.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McAfee ePolicy Orchestrator 3.0.1 Event Parser (EVENTPARSER301) - Network Associates, Inc. - C:\Program Files\Network Associates\ePO\3.0.1\EVENTPARSER.EXE O23 - Service: FSC ServerView Services - Fujitsu Siemens Computers - C:\PROGRA~1\FUJITS~1\SERVER~2\SERVER~1\scripts\SER VER~1\SnmpTrap\AlarmService.exe O23 - Service: RFC1006 Transport Service (ISOSTACK.RFC1006) - ISOCOR - c:\teamware\server\i500\i500stack\RFC1006D.EXE O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee ePolicy Orchestrator 3.0.1 Server (NAIMSERV301) - Network Associates, Inc. - C:\Program Files\Network Associates\ePO\3.0.1\NAIMSERV.EXE O23 - Service: Server Control Service (SrvCtrl) - Fujitsu Siemens Computers GmbH - C:\Program Files\Fujitsu Siemens\ServerView Agents\Server Control\SrvCtrl.exe O23 - Service: Teamware Server v7.1 (TeamWAREOffice5) - Unknown owner - c:\teamware\server\tosvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 7247 bytes CAN YOU KINDLY HELP ME PLS

09-06-2008	#2
chiaz Senior Security Analyst Join Date: Jun 2006 Location: Singapore Posts: 5,176 PC Experience: PC Guru	Re: Windows 2000 server rebooting Hello. Please download Malwarebytes' Anti-Malware by clicking the link below: http://www.besttechie.net/tools/mbam-setup.exe Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ============================================== Ok. Let's have you download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2 The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, so that we may continue cleansing the system: MBAM log C:\ComboFix.txt New HijackThis log Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

04-03-2009	#3
Crush Tech Support Team Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,112 PC Experience: Always Learning New Things	Re: Windows 2000 server rebooting Hello, This thread has been moved into the Unfinished HJT forum due to inactivity. Please follow the procedure at the top of the forum if you still require assistance Regards, Crush PCHF Security Team Leader __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
downloader.generic.7 trojan	oddnjeff	[Pending] HJT Logs	7	04-03-2009 12:42 AM
Fixed: Malaware inside?	mkmk	[Fixed] Hijackthis! Logs	3	06-04-2008 10:36 AM
Keyboard shortcuts	MadGamer	Unfinished Threads	4	06-10-2007 11:57 PM
[FIXED] Windows Media Player problem	Bencho	Windows XP/2000	15	11-15-2005 11:57 AM
Information: New XP PC? Take a look at this.	Hengis	Various Tutorials	2	08-02-2005 08:19 PM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode