My other half has the below listed PC which about a month ago went into a boot loop on her.
It is a desktop HP Pavillion PC with AMD Sempron 3500 1.99ghz processor
448 mb memory showing in "System" so 512mb
WinXP SP3 installed and IE8 was installed a little while before the error started.
When the PC boots up, it goes into Windows logon screen just fine and you select a User and it starts into Windows just fine. You see icons starting in the systray at bottom (Like McAfee Security Center, wireless drivers, etc) and then after a minute or so of executing the startup programs, it goes to black screen and reboots itself. It will loop this way endlessly.
It will boot up in Safe Mode and when I try and run McAfee Quick Scan, it would first come up with an error:
After saying "Initializing" u get box headed with MCODS.EXE - Application Error and it says "The instruction at "0x61719fc0" referenced memory at "0x0c7e0000". The memory could not be "read". The memory address changes sometimes. After hitting OK, another box would normally pop up saying "Scanning has encountered an error from which it cannot recover. - Error getting scan progress. When finished, you will return to the Home Page"
For several times, I just go back to Home McAfee page and start quick scan again and it would work, but not now, it just repeats the error. It found items and deleted one and quaranteened about 4-8 items and always has one that is listed but nothing done with it. I select it and it shows "repair file" on right side. I click it and a box opens up saying "cleaning file" with progress bar that completes, but back in the list, it doesn't reflect "cleaned" or "repaired" like I would normally see.
The trojan that never seems to get cleaned (and I suspect re-propogates to about 4 other files) is listed by McAfee as a FakeAlert-SpywareGuard.gen.b and shows file as c:\\windows\temp\UACe37b.tmp
I have never been able to find that file in that directory going thru "my computer".
I turned off "auto restart" on F8 windows startup and the blue screen msg is:
DRIVER_IRQL_NOT_LESS_OR_EQUAL and bottom of blue screen showed
STOP: 0x000000D1 (0xE1B53000, 0x00000002, 0x00000000, 0xF2485A9DY)
When I looked at the text version of McAfee scan details, it showed this, if it helps:
NTOSDRNL-HOOK Generic Rootkit.d!rootkit
I have no online access with Safe Boot and no access to CD-ROM drive from windows to try and download some pics, etc that she has no copies of anywhere else, so I'm trying to fix this PC instead of formatting HDD and starting over.
Any suggestions would be very helpful.
Edited by The weatherman, 21 July 2009 - 07:29 PM.
Moved from XP to a more appropriate forum. Tw