HELP ME WITH WINXP PRO PROBlems

[Nariman]

Am using WinXP Pro SP1 Licenced.
I am facing two problems.
1) On and often the system reboots without any warning.

2} Have Liteon 16X DVD drive. Have got the drive tested on two individual systems along with DIGIT JAN 05 DVD. On both the systems Pro Evolution Soccer Demo installs without any problem.
Only on my System after installation I get ERROR 1628 Failed to complete installation.

Can this be due to corrupt Windows Installer?

NEED HELP ASAP. I do not want to reinstall windows.

Nariman

 

[yehmeriidhain]

Be clear ... Tell me whether it reboots or resets ... if it resets then it might be bcz of some RAM problem .....

Just check it by using another RAM slab from ur frd ..
I think ur computer is resetting ..am i right???

 

[iinfi]

possible soln

if ur OS reboots after counting down from 60 seconds then it cud b due to blaster or sasser worm

in that case download the latest patch from Micrisoft's website...

in case the OS starts to countdown while u r downloading ....

just type "shutdown -h" @ command prompt or at Start Menu -> run dialog box

repair the existing winXP by reinstalling it ...
u wont lose data

 

[theraven]

and what does shutdown -h do ??

the command is shutdown -a
and besides i dun think its a sasser/blaster problem
why ?

1) On and often the system reboots without any warning.

thats y


could be ur psu could be ur memory could be other spyware
try booting into safe mode and tell us if anythigns wrong
also post ur hijack this log file here
and also try running sfc /scannow from start => run after popping in ur windows xp cd

and as soon as u can install sp2

 

[Nariman]

Hi theraven.
Here is my hijack file
Logfile of HijackThis v1.98.2
Scan saved at 7:14:29 PM, on 1/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\dap\DAP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Download\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.sify.com/bbhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.sify.com/bbhome
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\dap\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\dap\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [iolo System Mechanic Utility Bar] "C:\Program Files\iolo\System Mechanic 5\SMUtilityBar.exe"
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\dap\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\dap\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - *components.viewpoint.com/MTSInstal...known&unknown&*gameboy.com/sp/vp/content.html
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - *security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} (MINICLIPTOOLBAR) - *www.miniclip.com/toolbar/minicliptoolbar.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - *security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - *a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - *www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - *download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - *www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - *www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - *ds1.downloadtech.net/cn1060/pcpowerscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BFE6409-26A5-4755-BC1A-4762AA3AD71E}: NameServer = 172.16.1.1,202.9.145.6,202.9.136.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA814FDF-87A7-4DF7-8985-76A21C406377}: NameServer = 202.144.115.4,202.144.66.6,202.9.136.6
Regards
Nariman

 

[theraven]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.sify.com/bbhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.sify.com/bbhome
have u set this ? its not harmful but remove it if u want

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O10 - Hijacked Internet access by New.Net
these multiple entries SHOULD NOT BE FIXED
Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org to remove this

O16 - DPF: {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} (MINICLIPTOOLBAR) - *www.miniclip.com/toolbar/minicliptoolbar.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - *www.nick.com/common/groove/gx/GrooveAX27.cab
check if u know this .. otherwise fix it

O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - *ds1.downloadtech.net/cn1060/pcpowerscan.cab
same as above

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BFE6409-26A5-4755-BC1A-4762AA3AD71E}: NameServer = 172.16.1.1,202.9.145.6,202.9.136.6
If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.

O17 - HKLM\System\CCS\Services\Tcpip\..\{EA814FDF-87A7-4DF7-8985-
76A21C406377}: NameServer = 202.144.115.4,202.144.66.6,202.9.136.6
same as above

 

[Nariman]

hELLO.
I am geting confused in respect of the following entries.

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~17\NEWDOT~2.DLL,NewDotNetStartup -s

O10 - Hijacked Internet access by New.Net
these multiple entries SHOULD NOT BE FIXED
Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org to remove this

Ran spybot S&D. All clear.
Ran LSPFix and am bogged down. It opens with a screen showing WINSOCK 2 REPAIR UTILITY and below it are two boxes "KEEP" and "REMOVE"
Under KEEP there are 4 files memntioned as under
MSWSOCK.DLL ........ TCPIP
WININF.DLL ................. NTDS
NEWDOTNET6 .................. NEW NET SPACE PROVIDER
ISVPSP.DLL ................... PROTOCOL HOLDER

The REMOVE BOX is blank.

I simply cannot transfer the files from KEEP to REMOVE.

What should I do ?

Furthermore while installing PRIVACY DEFENDER 3.0 after proceeding with the installation I get message
ERROR while decompressing file
C:\Windows\System32\MSCOMCT2.OCX, err = -9

What should I do now ?
Nariman

 

[theraven]

remove the O4 entry using hjt
there were 4-5 O10 entries ... of .NET . THOSE shouldnt be fixed using HJT
get an updated version of spybot to remove it
forget lspfix
as for the ocx file replace it with the one from ur cd and try
if u have sp2 installed make sure ur cd is one with sp2 slipstreamed