Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows Update freezes to blue screen

  • This topic is locked This topic is locked
2 replies to this topic

#1 MrChronic


  • Members
  • 4 posts
  • Local time:09:59 AM

Posted 22 July 2009 - 03:03 PM


I do believe that this computer hasnt been updated for quite some time as this is still running XP SP2. The first thing I tried to do was update with Windows update but it stalls into blue screen after several minutes. I have run just about every scan i can on this machine and still cannot get it to respond back to normal. Zone alarm found the "not-a-virus" problem and deleted both instances. When I try and run Malwarebytes it stalls on file netapi32.dll every time whether in safe mode or not.

This machine is pretty slow(I went through the processes) in the pre-read file on this site and to no avail. I notice every start the task bar comes up blue as it is supposed to but then turns the cream color. Here is the DDS log below. Any ideas? The other issue at bootup I get a generic host error with either netcfgx or netcfg error (not sure if this is due to the fact that the owners use DSL and my connection is Cable). Any ideas?

DDS (Ver_09-06-26.01) - NTFSx86
Run by Lisa at 14:42:24.35 on Wed 07/22/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpn1yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:program filesspybot - search & destroySDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:progra~1yahoo!commonyiesrvc.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn1yt.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:program filesyahoo!messengeryhexbmes.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [Microsoft Works Update Detection] c:program filesmicrosoft worksWkDetect.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
mRun: [Camera Detector] c:progra~1acdsys~1acdseeCAMDET~1.EXE
mRun: [AudioHQU] c:program filescreativesbliveaudiohqAHQTBU.EXE
mRun: [IntelliPoint] "c:program filesmicrosoft intellipointpoint32.exe"
mRun: [ZoneAlarm Client] "c:program fileszone labszonealarmzlclient.exe"
uPolicies-explorer: <NO NAME> =
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:progra~1yahoo!commonyiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
Trusted Zone: musicmatch.comonline
DPF: Microsoft XML Parser for Java - file://c:windowsjavaclassesxmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-07-22 14:39 25,992 a------- c:windowssystem32pgdfgsvc.exe
2009-07-22 11:16 <DIR> --ds---- C:ComboFix
2009-07-22 01:37 0 a------- C:rollback.ini
2009-07-22 01:30 <DIR> --d----- c:docume~1lisaapplic~1MailFrontier
2009-07-22 01:23 7,018,528 a--sh--- c:windowssystem32driversfidbox.dat
2009-07-22 01:23 83,084 a--sh--- c:windowssystem32driversfidbox.idx
2009-07-22 01:19 4,212 a---h--- c:windowssystem32zllictbl.dat
2009-07-22 01:19 72,584 a------- c:windowszllsputility.exe
2009-07-22 01:18 1,221,512 a------- c:windowssystem32zpeng25.dll
2009-07-22 01:18 <DIR> --d----- c:windowssystem32ZoneLabs
2009-07-22 01:18 <DIR> --d----- c:program filesZone Labs
2009-07-22 01:18 415,147 a------- c:windowssystem32vsconfig.xml
2009-07-22 01:16 <DIR> --d----- c:windowsInternet Logs
2009-07-22 01:09 3,373,917 a------- c:windows{00000002-00000000-00000009-00001102-00000002-80221102}.BAK
2009-07-22 00:55 <DIR> --d----- C:339875df09ba9b2c38a39921
2009-07-22 00:18 <DIR> --d----- c:program filesCCleaner
2009-07-21 23:04 <DIR> --d----- C:6921d395aee9bf545b13
2009-07-21 22:10 <DIR> --d----- c:docume~1lisaapplic~1Uniblue
2009-07-21 18:40 157,712 a------- c:windowssystem32driverstmcomm.sys
2009-07-21 17:03 <DIR> --d----- C:01dd07a108a1cd3502e3
2009-07-21 14:27 <DIR> a-dshr-- C:cmdcons
2009-07-21 13:50 <DIR> --d----- c:docume~1lisaapplic~1Malwarebytes
2009-07-21 13:49 38,160 a------- c:windowssystem32driversmbamswissarmy.sys
2009-07-21 13:49 19,096 a------- c:windowssystem32driversmbam.sys
2009-07-21 13:49 <DIR> --d----- c:program filesMalwarebytes' Anti-Malware
2009-07-21 13:49 <DIR> --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-07-21 09:35 73,728 a------- c:windowssystem32javacpl.cpl
2009-07-21 09:14 <DIR> --d----- c:windowssystem32dllcachecache
2009-07-21 09:01 219,648 a------- c:windowsPEV.exe
2009-07-21 09:01 161,792 a------- c:windowsSWREG.exe
2009-07-21 09:01 98,816 a------- c:windowssed.exe
2009-07-20 23:20 <DIR> --d----- c:program filesTrend Micro
2009-07-20 17:27 <DIR> --d----- c:windowspss
2009-07-20 14:51 1,060,864 a------- c:windowssystem32MFC71.dll
2009-07-20 14:39 <DIR> --d----- c:docume~1lisaapplic~1mail.com Toolbar
2009-07-20 14:37 <DIR> --d----- c:docume~1lisaapplic~1Skinux

==================== Find3M ====================

2009-07-21 09:34 410,984 a------- c:windowssystem32deploytk.dll

============= FINISH: 14:45:11.29 ===============

Forgot to add the bootup error is W32 related.

Merged posts. ~ OB

Edited by Orange Blossom, 24 July 2009 - 07:31 PM.

BC AdBot (Login to Remove)


#2 syler


  • Malware Response Team
  • 8,150 posts
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:59 PM

Posted 01 August 2009 - 07:54 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt


#3 syler


  • Malware Response Team
  • 8,150 posts
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:59 PM

Posted 05 August 2009 - 06:18 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users