Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Recovery - Blue Screen


  • This topic is locked This topic is locked
4 replies to this topic

#1 LISurfcaster

LISurfcaster

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 05 May 2011 - 12:56 PM

Greetings,

I am trying to help a friend clean up his computer )windows XP Home edition). He had/has the Windows Recovery trojan. I installed AVG which eliminated some of the suspect files however the result was a computer that boots up to a blue screen with no ability to launch Windows explorer. I attempted to remove the virus using the uninstall guide however Malwarebytes does not install - I get an Access Error message at the end of the installation process.

I have done everything I am able to do to try and fix the situation...now its in the hands of the EXPERTS...thanks.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 13:13:53.40 on Thu 05/05/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.684 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar =
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ldMFchcXrFP] c:\documents and settings\all users\application data\ldMFchcXrFP.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\bjstat~1.lnk - c:\documents and settings\owner\cnmss Canon MP360 Series Printer (Local).exe
Trusted Zone: musicmatch.com\online
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-19 64288]
.
=============== Created Last 30 ================
.
2011-05-05 15:00:34 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Threat Expert
2011-05-04 13:34:53 -------- d-----w- c:\windows\system32\NtmsData
2011-05-04 13:32:41 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-05-04 13:02:43 -------- d-----w- c:\docume~1\owner\applic~1\AVG10
2011-05-04 13:01:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-05-04 13:00:59 -------- d-----w- c:\program files\AVG
2011-05-04 12:57:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-05-04 12:46:21 -------- d-----w- c:\program files\GridinSoft Trojan Killer
.
==================== Find3M ====================
.
2011-05-04 14:58:50 24576 ----a-w- c:\windows\system32\userinit.exe
.
============= FINISH: 13:14:32.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 LISurfcaster

LISurfcaster
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 11 May 2011 - 09:17 PM

Reply no longer needed...

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:48 PM

Posted 12 May 2011 - 10:40 AM

Thanks for letting us know. DO you have any questions or should I close the thread?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 LISurfcaster

LISurfcaster
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 12 May 2011 - 11:23 AM

I wwas able to resolve the issues with the computer...no questions...thread closed.

RS

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:48 PM

Posted 12 May 2011 - 12:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users