Windows will not boot up in normal mode. In last known working configuration mode computer will crash to blue screen with following message; STOP 0x0000008E C0x0000005, 0xF792828B, 0xF79B174, 0x00000000
Vistaj.sys - address F792828B base at F7928000 Datestamp 448959a3.
Also explorer opens automatically and popup box says Error caught, your web browser will open to allow you to report error back to tenebril.
Also is when trying to install or unintall certain programs like Symantec computer states that I need to update Microsoft windows installer and will not install program.
Last problem is that when I aatempt to go to sites like symantec browser automatically goes to Microsft.com
I attmepted to clean computer by following your Removal Forum Rules and computer wwill still not start in normal mode. All work I performed was in either, last known good configuration or safe mode.
List of completed procedures:
1. was able to perform the ATF cleaner
2. Completed system restore and flush
3. completed avg scan and received the following log
--------------------------------------------------------- AVG Anti-Spyware -
Scan Report --------------------------------------------------------- + Created
at: 3:04:08 PM 1/15/2007 + Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UrlSidebar ->
Adware.ClearSearch : Cleaned with backup (quarantined). F:\WINDOWS\cpbrkpie.ocx
-> Adware.Coupons : Cleaned with backup (quarantined). HKLM\SOFTWARE\Elitum ->
Adware.EliteBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Elitum\EliteToolBar -> Adware.EliteBar : Cleaned with backup
(quarantined). HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with
backup (quarantined). F:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned
with backup (quarantined). F:\Program Files\NewDotNet\newdotnet7_22.dll ->
Adware.NewDotNet : Cleaned with backup (quarantined). F:\Program
Files\NewDotNet\newdotnet7_48.dll -> Adware.NewDotNet : Cleaned with backup
(quarantined). F:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet :
Cleaned with backup (quarantined). F:\Program Files\NewDotNet\uninstall7_48.exe
-> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Cleaned with backup
(quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} ->
Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink -> Adware.NewDotNet : Cleaned with backup
(quarantined). HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1 -> Adware.NewDotNet :
Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID
-> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CurVer -> Adware.NewDotNet : Cleaned with
backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned
with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net ->
Adware.NewDotNet : Cleaned with backup (quarantined). HKLM\SOFTWARE\New.net ->
Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup
(quarantined). HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with
backup (quarantined).
HKU\S-1-5-21-1343024091-527237240-725345543-1003\Software\New.net ->
Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\drs.n -> Adware.Searchforit : Cleaned with backup
(quarantined). HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins ->
Adware.WebRebates : Cleaned with backup (quarantined). F:\Documents and
Settings\Administrator\Start Menu\Programs\ClockSync -> Adware.WhenU : Cleaned
with backup (quarantined). F:\Documents and Settings\Administrator\Start
Menu\Programs\ClockSync\ClockSync.lnk -> Adware.WhenU : Cleaned with backup
(quarantined). F:\WINDOWS\Downloaded Program Files\ATPartners.inf ->
Downloader.Rameh.c : Cleaned with backup (quarantined). F:\WINDOWS\new_drv.sys
-> Trojan.Small.bs : Cleaned with backup (quarantined). ::Report end
4. unable to install superantispyware due to installation issue mentioned above. (windows installer could not be accessed).
5. Could not install panda, Active X component would not install and computer crashed.
6. completed hijack this scan and received the follwing log
Logfile of HijackThis v1.99.1
Scan saved at 3:47:50 PM, on 1/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\savedump.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Documents and Settings\Kelley\Desktop\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=F:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - F:\WINDOWS\system32\HDBHO.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS Tray] F:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] F:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "F:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "F:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [Spyware Doctor] "F:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Scheduler.lnk = F:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = F:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topprodu...ds/msjavx86.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c420.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa....in/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - ms-its:mhtml:file://C:\ss.MHT!http://www.trafficho...les/initial.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: vistax - F:\WINDOWS\SYSTEM32\vistax.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Configuration Loading - Unknown owner - F:\WINDOWS\System32\svchos1.exe" -service (file missing)
O23 - Service: dlcc_device - Unknown owner - F:\WINDOWS\System32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - F:\WINDOWS\System32\RioMSC.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - F:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
7. completed uninstall scan and received the following log
ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Agere Systems AC'97 Modem v2136D
AVG Anti-Spyware 7.5
ccCommon
Context Display
Cumulus S5.0.9
Dell AIO Printer A960
Dell Photo AIO Printer 924
Dell Picture Studio - Dell Image Expert
DING!
DivX
DivX Player
Form Viewer
HijackThis 1.99.1
Internet Explorer Q822925
Ipswitch WS_FTP Pro
iTunes
J2SE Runtime Environment 5.0 Update 1
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.1_03
Java 2 Runtime Environment, SE v1.4.2_03
Java Web Start
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office XP Professional
Mozilla Firefox (1.0)
MyPublisher BookMaker
Nikon View 4
Norton AntiVirus 2006
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Outlook Express Q823353
QuickTime
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Registry Mechanic 6.0
Rio Internet Update
Rio Music Manager
Rio Music Manager MP3 Encoder
Select CashBack
SiS M650
SPBBC
SpyCatcher 3.0
Spyware Doctor 3.8
Swat It Professional
Symantec
SymNet
TiVo Desktop
TrojanHunter 4.0
Walgreens PhotoShow Express
Windows Blaster Worm Removal Tool (KB833330)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 1a
WinWay Resume Deluxe
Any help you can provide would be much appreciated
Thank You,
Kelley