[bessie]

Hello there,

First off, thank you for your time. I have used you guys in the past (and donated ) and have always found you to be very prompt and helpful. Secondly, I ran CleanUp!, AdAware, CWShredder, Spybot, all clean, ran Trend Housecall which found & removed 3 malware infections, ran TrojanHunter 2x, found two Trojans each time, cleaned & removed (supposedly), ran it again and the system came up A-OK. (P.S. Just in case you need to know, I use AVG as my anti-virus program, and automatic updates for Windows, Express Install.)

Okay, here's the scene. My computer had been freezing up quite a bit, I thought it was because I was running too many programs. Then one day, in the middle of printing something, the whole screen went blank and I got a fatal error message. I was told to shut down my puter ASAP, then reboot and check to see if any new intsalled apps were running okay. So I did, everything seemed fine. (I recently installed Picassa, but they're cool, right?) Ran a bunch of anti-virus programs, etc., and nothing showed up. Then, three days later, I try to turn on my computer, and I get the F1 error message. Over and over and over. Spent an hour on the phone with Dell, had me disconnect and reconnect all the cables inside the computer, they concluded that my motherboard or hard drive was fried, as for some reason my computer wasn't recognizing the hard drive. *sobs* Hung up and called a techie dude, who told me Dell was full of Dog Poop, and that most likely it was a software issue, seeing as my computer is less than two years old and I don't regularly beat on it. So I try, just one more time, to turn on the computer, which of course gives me the F1 error message, so I just randomly beat the keyboard out of frustration, and bingo! Windows starts loading. Seriously, I have no idea why. But now I am totally petrified that it is going to happen again. I'm actually quite astonished after running Trend Housecall and TrojanHunter that my computer is infected, as I generally am quite diligent about keeping all my anti-nasties up to date and I run them often.
So, my question to you, deer G2G, is there something that I am missing?

Thank you in advance for taking the time to look at my world, and sorry if this is overly verbose.


Logfile of HijackThis v1.99.1
Scan saved at 1:37:13 PM, on 9/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Amy.D8MBFB51.003\Desktop\Unused Desktop Shortcuts\HijackThis-1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.accuradio.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1137895881768
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Edited by bessie, 28 September 2006 - 02:38 PM.

[Advertisements]

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.


As much as I would like to disagree with Dell, I don't find anything malicious or even unusual in your log that would indicate malware as a culprit. What can you tell me about the "F1" error? What exactly does it say on your screen?


Let's see if your computer logged anything that will point us in the right direction.

Click Start -> Run -> eventvwr.msc

Look in SYSTEM and APPLICATIONS for anything in the last day.
Double click on anything you see with a red X, press the Copy button, and then paste it here in your next reply.

[Buckeye_Sam]

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.


As much as I would like to disagree with Dell, I don't find anything malicious or even unusual in your log that would indicate malware as a culprit. What can you tell me about the "F1" error? What exactly does it say on your screen?


Let's see if your computer logged anything that will point us in the right direction.

Click Start -> Run -> eventvwr.msc

Look in SYSTEM and APPLICATIONS for anything in the last day.
Double click on anything you see with a red X, press the Copy button, and then paste it here in your next reply.

[bessie]

Hi Sam,

I appreciate your help tremendously, and of course I understand how busy you folks must be. Thank you very much for taking the time to look at my log.

I haven't received the F1 message since 9/23, although my computer continues to freeze up and eventually I have to restart it. Forgive my foggy memory, but the F1 message that started this whole thing was "press F1 to reboot, F2 for System Menu". I kept pressing F1, *beep*, the screen eventually told me that no hard drive was found. This is when I called Dell, or New Delhi as I like to say (har har), and after testing all the cables, they told me that either my motherboard or my hard drive was fried. My computer was down for about a day, and just on a whim I turned it back on with the Dell Diagnostics CD in there, at which point I got the F1 error message again, at which point I banged on the computer in frustration, and suddenly a sign said, "We're sorry, Windows will now start up". Or something like that.

I then promptly went to G2G, downloaded some new free software that I hadn't used before, and found the 2 Trojans and a little bit of Spyware, which was removed. I just don't understand why it keeps freezing up. I checked my Win Patrol activity, and the only thing I don't recognize is: C:\WINDOWS\SYSTEM32\DLA\TFSWCTRL.EXE

Maybe it was just a glitch? This is completely ridiculous, but I'm afraid to take out the Dell Diagnostics CD. I'm somehow convinced that the computer is booting from the CD-drive, as for just a split second after I turn on the computer, and before Windows starts loading, I receive that same F1 message. But as I obviously know nothing about computers, I realize this is probably blatant paranoia. I won't bother mentioning the "funny"noises from my computer either.

Here is the info you requested for the past day (4 errors):

Your computer has lost the lease to its IP address 192.168.100.2 on the Network Card with network address 00159A993EF7.

The IPSEC Services service terminated with the following error:
The authentication service is unknown.

The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.

The IP address lease 70.171.216.214 for the Network Card with network address 00159A993EF7 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Thanks again for your time, Sam. P.S. Linux is looking really good right now.

[Buckeye_Sam]

I won't bother mentioning the "funny"noises from my computer either.

Are you really getting funny noises? Because that could indicate a problem with your hard drive.

Did you recently install or update Real Player?


Let's see if we can get rid of those BSOD screens for you.


Right click on My Computer and select Propertes.
Select the Hardware tab and then open up Device Manager.

In Device Manager select View -> Show hidden devices.
Now you should see Non-Plug and play drivers. Expand that by clicking on the plus(+) sign.
Right click on MCSTRM and select Disable.



Now click Start -> Run -> cmd and hit enter.
Enter in this command and hit enter.

chkdsk /f

Answer Y if you are asked to run it on the next restart.
Type in exit to close the command window.


Reboot your computer.


Let me know how it goes. Do you notice any difference?

[bessie]

Morning Sam,

Yes, my computer does make a bit of a grinding noise at start up, but it only started doing that after the nice man from Dell had me unplug-replug all the cables. So perhaps I did something wrong? Anyway, it is slight and I could be totally wrong, but the computer sounded different when I started it just now, after following your directions.

No, I didn't recently install or update Real Player. Real Player is dead to me.

Everything seems to be working well now. Did I totally just waste your time?

[Buckeye_Sam]

Oh no, it definitely is not a waste of time. At least not for me.

It sounds like its working better, but you may want to post into the hardware forum for some advice on those noises. I know that can indicate problems with a hard drive. But they'll be much better suited to advise you on the hardware forum.

http://www.geekstogo...php?a...&s=&f=9


I'll keep this thread open for a week or so in case you have other issues that pop up.

[bessie]

Thank you so much, Sam. You are the best. Go Buckeyes! (Heading over to PayPal right now, and then I'll go check out the hardware forum.)

[Buckeye_Sam]

Thank you!

[Buckeye_Sam]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.