1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active BSOD and virus issues - Dell Inspirion B130, Windows XP

Discussion in 'Malware and Virus Removal Archive' started by djsigma, 2010/08/20.

  1. 2010/08/20
    djsigma

    djsigma Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    3
    Likes Received:
    0
    [Active] BSOD and virus issues - Dell Inspirion B130, Windows XP

    I've been reading forums and looking at issues posted and found one similar from May 2009 in this forum. In a nutshell, I was trying to get rid of viruses and malware from my computer.

    But first, let's start at the begining...Initially got the BLUE SCREEN OF DEATH with the following STOP message:

    STOP: 0X00000044 (0X86fc8030, 0X00000D64, 0X00000000, 0X00000000)

    Ran the Microsoft Windows Malicious Software Removal Tool, saw something about the Alureon.H virus attached to the APPDRV.sys (other was system restore points with quarantined stuff for Hiloti.gen trojan), downloaded malwarebytes, ran that and it found all the infected files, got rid of that...now I'm contending with the BSOD message and don't know what to do. I've ran and recd the logs from ComboFix, HijactThis, and the DDS.txt and Attach.txt logs. Hoping someone can point me in the right direction. All this was done in the Safe mode with Networking. I'll post all 4 logs after this initial post.

    Thank you for your time and consideration. I'm hoping this can be reviewed and there is a straightforward solution. Doesn't really matter how long it takes since I have 2 other computers to work on.

    djsigma
     
    djsigma,
    #1
  2. 2010/08/20
    djsigma

    djsigma Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    3
    Likes Received:
    0
    DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
    Run by Hubbert at 2:50:08.67 on Fri 08/20/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.617 [GMT -5:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Hubbert\My Documents\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://mail.yahoo.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ShowLOMControl] 1 (0x1)
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    Trusted Zone: bravenet.com\www
    Trusted Zone: musicmatch.com\online
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.14/uploader2.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    S0 pksdf;pksdf;c:\windows\system32\drivers\mvxeui.sys --> c:\windows\system32\drivers\mvxeui.sys [?]
    S1 acpgvspw;acpgvspw;\??\c:\windows\system32\drivers\acpgvspw.sys --> c:\windows\system32\drivers\acpgvspw.sys [?]
    S1 tfzgaqrb;tfzgaqrb;\??\c:\windows\system32\drivers\tfzgaqrb.sys --> c:\windows\system32\drivers\tfzgaqrb.sys [?]
    S2 gupdate1c968bfd719a396;Google Update Service (gupdate1c968bfd719a396);c:\program files\google\update\GoogleUpdate.exe [2008-12-28 133104]

    =============== Created Last 30 ================

    2010-08-20 07:42:49 0 d-----w- c:\program files\Trend Micro
    2010-08-20 07:00:24 50176 ----a-w- c:\windows\system32\proquota.exe
    2010-08-20 02:45:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-20 02:45:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-19 12:01:19 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYSF1059FCD
    2010-08-19 06:35:08 0 d-----w- C:\ec31b7ac9dd63e1231e938587e
    2010-08-19 03:27:59 77312 ----a-w- c:\windows\MBR.exe
    2010-08-19 03:24:12 389120 ----a-w- c:\windows\system32\CF24642.exe
    2010-08-19 02:32:10 0 d-----w- c:\windows\system32\wbem\Repository
    2010-08-19 02:31:08 0 d-----w- c:\program files\Roxio
    2010-08-16 22:17:09 0 d-----w- c:\docume~1\hubbert\applic~1\Malwarebytes
    2010-08-16 22:16:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-08-16 22:16:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-16 21:43:53 0 d-----w- C:\772c0b4f402b8053cfed572f02685e1f
    2010-08-15 17:59:20 0 d-----w- c:\program files\Garmin
    2010-08-15 16:54:09 0 d-----w- c:\docume~1\hubbert\applic~1\GARMIN
    2010-08-13 12:26:36 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL

    ==================== Find3M ====================

    2010-08-17 04:37:10 181248 ----a-w- c:\windows\amoyixev.dll
    2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
    2010-07-12 23:38:21 8456 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-06-02 03:35:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2008-11-03 09:14:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110320081104\index.dat

    ============= FINISH: 2:50:16.01 ===============
     
    djsigma,
    #2


  3. to hide this advert.

  4. 2010/08/20
    djsigma

    djsigma Inactive Thread Starter

    Joined:
    2010/08/20
    Messages:
    3
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/17/2008 6:41:20 PM
    System Uptime: 8/20/2010 12:32:48 AM (2 hours ago)

    Motherboard: Dell Inc. | | 0GD366
    Processor: Intel(R) Celeron(R) M processor 1.50GHz | Microprocessor | 1496/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 39 GiB total, 10.036 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 0.473 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP630: 8/16/2010 5:13:59 PM - System Checkpoint
    RP631: 8/16/2010 5:13:59 PM - System Checkpoint
    RP632: 8/16/2010 5:13:59 PM - System Checkpoint
    RP633: 8/16/2010 5:13:59 PM - System Checkpoint
    RP634: 8/16/2010 5:13:59 PM - System Checkpoint
    RP635: 8/16/2010 5:13:59 PM - System Checkpoint
    RP636: 8/16/2010 5:13:58 PM - System Checkpoint
    RP637: 8/16/2010 5:13:58 PM - System Checkpoint
    RP638: 8/16/2010 5:13:58 PM - Software Distribution Service 3.0
    RP639: 7/17/2010 12:15:46 AM - System Checkpoint
    RP640: 7/18/2010 12:38:29 AM - System Checkpoint
    RP641: 7/19/2010 12:49:57 AM - System Checkpoint
    RP642: 7/20/2010 8:10:18 AM - System Checkpoint
    RP643: 7/22/2010 1:25:36 AM - System Checkpoint
    RP644: 7/23/2010 2:50:41 AM - System Checkpoint
    RP645: 7/24/2010 3:16:46 AM - System Checkpoint
    RP646: 7/25/2010 8:55:17 AM - System Checkpoint
    RP647: 7/26/2010 11:42:25 PM - System Checkpoint
    RP648: 7/28/2010 1:04:17 AM - System Checkpoint
    RP649: 7/30/2010 1:34:02 AM - System Checkpoint
    RP650: 8/1/2010 10:51:40 PM - System Checkpoint
    RP651: 8/5/2010 11:19:02 PM - System Checkpoint
    RP652: 8/6/2010 11:41:43 PM - System Checkpoint
    RP653: 8/7/2010 11:52:39 PM - System Checkpoint
    RP654: 8/8/2010 3:59:02 PM - Software Distribution Service 3.0
    RP655: 8/9/2010 9:51:43 PM - System Checkpoint
    RP656: 8/11/2010 11:50:17 PM - System Checkpoint
    RP657: 8/12/2010 11:52:50 PM - System Checkpoint
    RP658: 8/14/2010 11:20:51 AM - System Checkpoint
    RP659: 8/15/2010 1:27:52 PM - System Checkpoint
    RP660: 8/16/2010 4:40:50 PM - Software Distribution Service 3.0
    RP661: 8/16/2010 11:55:34 PM - Restore Operation
    RP662: 8/18/2010 12:42:56 AM - System Checkpoint
    RP663: 8/18/2010 9:19:06 PM - Restore Operation

    ==== Installed Programs ======================


    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Media Player
    Adobe Reader 7.0
    Amazon MP3 Downloader 1.0.3
    Any Video Converter 2.5.9
    AOLIcon
    Apple Application Support
    Apple Software Update
    ArcSoft MediaImpression for Kodak
    Audacity 1.2.4
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Broadcom Management Programs
    CCleaner
    Conexant HDA D110 MDC V.92 Modem
    Corel Paint Shop Pro X
    Corel Photo Album 6
    Coupon Printer for Windows
    Critical Update for Windows Media Player 11 (KB959772)
    CutePDF Writer 2.7
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Game Console
    Dell Support 3.1
    Dell System Restore
    Dell Wireless WLAN Card
    Digital Content Portal
    Digital Line Detect
    EarthLink setup files
    EducateU
    ELIcon
    eMusic Download Manager 3.0
    Facebook Plug-In
    Freez FLV to MP3 Converter
    Get High Speed Internet!
    Google Chrome
    Google Earth Plug-in
    Google Gears
    Google Update Helper
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Internal Network Card Power Management
    IrfanView (remove only)
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 15
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Learn2 Player (Uninstall Only)
    Malwarebytes' Anti-Malware
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Expression Web Service Pack 1 (SP1)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Modem Helper
    Mp3tag v2.41
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Musicmatch for Windows Media Player
    Musicmatch® Jukebox
    NetWaiting
    NetZeroInstallers
    Nici v2.10
    OpenOffice.org Installer 1.0
    PowerDVD 5.5
    Qualxserve Service Agreement
    QuickSet
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Roxio Media Manager
    Search Assist
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Sonic DLA
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Synaptics Pointing Device Driver
    TweetDeck
    Ultra Video Converter 4.1.1123
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    Viewpoint Media Player
    WebFldrs XP
    WildTangent Web Driver
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WordPerfect Office 12
    Xvid 1.1.3 final uninstall
    Zune
    Zune Language Pack (ES)
    Zune Language Pack (FR)

    ==== Event Viewer Messages From Past Week ========

    8/20/2010 1:51:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    8/18/2010 10:36:54 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    8/18/2010 10:30:41 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    8/18/2010 10:30:38 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
    8/18/2010 10:07:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
    8/17/2010 9:18:22 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    8/16/2010 11:54:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV avgio avipbb Fips intelppm ssmdrv
    8/16/2010 11:25:10 PM, error: Service Control Manager [7016] - The Quicktime update service has reported an invalid current state 0.
    8/16/2010 1:12:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
    8/16/2010 1:12:21 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2010 1:12:21 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2010 1:12:21 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2010 1:11:49 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/16/2010 1:11:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    8/16/2010 1:05:23 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    8/16/2010 1:05:23 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    8/15/2010 3:54:12 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0014A54BA866 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    8/15/2010 10:42:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.

    ==== End Of File ===========================
     
    djsigma,
    #3
  5. 2010/08/20
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)

    Please start a new thread in the Windows XP forum regarding ....
    This is most likely the result of a hardware driver issue.

    Set up the computer so that it does not automatically restart on system failure .....

    Control Panel > System > Advanced > Startup and Recovery > Settings ....

    Under System failure uncheck 'Automatically restart' and under Write debugging information select 'Kernel memory dump' from the dropdown list and OK out.

    The computer will now show the BSOD in the event of a System failure giving details of the Stop message and the contents of the memory will be dumped to disk.

    Run the dump file through BlueScreenView and post the report in your new thread .....
     
    PeteC,
    #4
  6. 2010/08/20
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I would urge to first get this system cleaned up. I'm pretty sure it is still infected.

    Also note that Java is terribly out of date (and thus vulnerable), but don't make any changes to your system until a Malware expert has had a look at this & you got your system cleaned!
     
    Admin.,
    #5
  7. 2010/08/20
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Please download JavaRa

    If you get this message:
    Problems with the download? Please use this direct link or try another mirror.

    Select the Direct link download unzip it to your Desktop.

    Double click JavaRa.exe then click Remove Older Versions.

    Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

    Next, open JavaRa.exe again, and select Search For Updates.

    Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

    In Vista and Windows 7 run the tool as Administrator.

    ===============

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    crunchie,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...