Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


The Description For Event Id ( 65535 ) In Source ( Stacsv ) Cannot Be Found.

  • This topic is locked This topic is locked
2 replies to this topic

#1 yavrn


  • Members
  • 2 posts
  • Local time:02:39 PM

Posted 24 September 2008 - 06:07 PM

The drivers for my Sony DVD (IDT (SigmaTel High Definition audio Codec)) won't load on boot. Get application log errors when loading the desktop on boot regarding the following:

Faulting application sttray.exe, version 1.0.5607.0, faulting module unknown, version, fault address 0x00000004.


The description for Event ID ( 65535 ) in Source ( STacSV ) cannot be found. The local
computer may not have the necessary registry information or message DLL files to display
messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve
this description; see Help and Support for details. The following information is part of
the event: Connection to the Storage interface failed.

The box is running Windows XP Media Center Edition SP2. Dell Inspiron 9150.

I ran ComboFix and recieved the following log:

ComboFix 08-09-19.10 - lamarr 2008-09-20 10:23:19.1 - NTFSx86
Running from: C:\Documents and Settings\lamarr\Desktop\ComboFix.exe
Command switches used :: C:\Documents and
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions

C:\Documents and Settings\lamarr\Cookies\lamarr@ehg-darksideprod.hitbox[1].txt

((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20

2008-09-20 10:00 . 2008-09-20 10:11 <DIR> d-------- C:\Movies
2008-09-20 09:54 . 2008-09-20 09:56 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-20 09:54 . 2008-09-20 09:59 <DIR> d-a------ C:\Documents and Settings\All
Users.WINDOWS\Application Data\TEMP
2008-09-12 16:11 . 2008-09-12 16:11 <DIR> d-------- C:\Program Files\Microsoft

(((((((((((((((((((((((((((((((((((((((( Find3M Report
2008-09-20 14:18 --------- d-----w C:\Documents and Settings\All
Users.WINDOWS\Application Data\Symantec
2008-09-20 13:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-30 21:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points
*Note* empty entries & legit default entries are not shown

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[2007-01-10 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IDTSysTrayApp"="sttray.exe" [2007-09-05 C:\WINDOWS\sttray.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk -
C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2008-07-07
F1U201.401.lnk - C:\Program Files\Belkin\F1U201.401\usbshare.exe [2006-03-23 135168]
QuickBooks Update Agent.lnk - C:\Program Files\Common
Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 972064]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"EnableFirewall"= 0 (0x0)

"C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

S2 SC1BLPT;SC1BLPT;C:\WINDOWS\system32\SC1BLPT.SYS [2003-06-04 54488]

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
------- Supplementary Scan -------
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 10:26:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

Completion time: 2008-09-20 10:30:08
ComboFix-quarantined-files.txt 2008-09-20 14:29:25

Pre-Run: 112,944,435,200 bytes free
Post-Run: 113,042,210,816 bytes free

[boot loader]
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition"
/noexecute=optin /fastdetect

96 --- E O F --- 2008-09-12 07:03:04

BC AdBot (Login to Remove)


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer

  • Malware Response Team
  • 12,304 posts
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:39 AM

Posted 04 October 2008 - 10:08 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer

  • Malware Response Team
  • 12,304 posts
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:39 AM

Posted 07 October 2008 - 09:05 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users