The Best Stop Error in the World...

[chris_0076]

Well today has been a wonderful day, other than battleing with the dreaded stop error c000021a. More specifically c000021a 0xc0000005 (0x00000000 0x00000000). I have done vast searches of The Google and have yet to come upon anything of noteworthy value. All of the web is full of responses that either do not apply, or I am not able to do in my current state.

 

 

 

 

 

Work Log:

 

 

 

I scanned with Spybot and found Virtumonde so I had it fix it. Then I rebooted and went into safe mode and pulled out my network cable and ran the scan again as well as AdAware and Avast. It was still there so I removed it again and rebooted back in normal mode... and it is still there.

 

 

 

Problems Occurring:

 

Google search links go to random places on first click. (Second time they work just fine.)

 

Lots of Internet Explorer Pop ups when running Firefox.

 

Large quantities of used RAM that are not documented in Task Manager.

 

Programs load slow...(but not they normal slow computer slow) It is like it has to search for where it is then it loads the program instantly.

 

Windows Explorer does the same as loading programs when switching folders.

 

Other odds and ends...

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:38:42 PM, on 12/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\Program Files\Google\Update\GoogleUpdate[Caution: Executable File]

C:\WINDOWS\system32\Pen_Tablet[Caution: Executable File]

C:\WINDOWS\Explorer[Caution: Executable File]

C:\WINDOWS\system32\WTablet\Pen_TabletUser[Caution: Executable File]

C:\WINDOWS\system32\Pen_Tablet[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File]

C:\WINDOWS\System32\regsvr32[Caution: Executable File]

C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: Executable File]

C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv[Caution: Executable File]

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

C:\WINDOWS\system32\wscntfy[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Trend Micro\HijackThis\HijackThis[Caution: Executable File]



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File]

O4 - HKLM\..\Run: [Rxokicozi] rundll32[Caution: Executable File] "C:\WINDOWS\Szane.dat",e

O4 - HKLM\..\Run: [vqwstrwtmiest] C:\WINDOWS\System32\regsvr32[Caution: Executable File] /s "C:\WINDOWS\system32\mnwbmtxjlnhwuouff.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

O4 - HKCU\..\Run: [e7LBFID2j1Preb] C:\Documents and Settings\JUser\Application Data\Microsoft\Windows\qolab[Caution: Executable File]

O4 - HKUS\S-1-5-19\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'Default user')

O4 - Global Startup: Start 3DxWare.lnk = C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv[Caution: Executable File]

O8 - Extra context menu item: &Search - ?p=ZUfox000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: Executable File]/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller[Caution: Executable File]

O16 - DPF: {C62FC49C-C55D-11DA-97D5-000BDB1ABB7B} (NolijWeb.NolijWeb_Logon) - file://\\Katana\Nw\NolijWeb.CAB

O20 - AppInit_DLLs: C:\WINDOWS\system32\wavojami.dll,C:\WINDOWS\system32\mafazupe.dll,C:\WINDOWS\system32\wusiwuto.dll,C:\WINDOWS\system32\mahalemo.dll,fjfvpc.dll,C:\WINDOWS\system32\jutokuki.dll lyedva.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: Executable File]

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File]

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File]

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]

O23 - Service: Google Update Service (gupdate1c96888cdc376f0) (gupdate1c96888cdc376f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate[Caution: Executable File]

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService[Caution: Executable File]

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet[Caution: Executable File]



--

End of file - 5473 bytes

 

 

 

I went into safe mode and ran another Spybot scan and it found 22 things ... I restarted and was able to go into normal mode. It has been working fine so far, but Virtumonde is still here... and I also noticed that it will not allow me to do anything with System Restore at all. I have both a an unchanged named Hijackthis and a changed one.

 

 

 

Anyways here are the logs:

 

 

 

HijackThis[Caution: Executable File]

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:47:29 PM, on 1/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\Program Files\Google\Update\GoogleUpdate[Caution: Executable File]

C:\WINDOWS\system32\Pen_Tablet[Caution: Executable File]

C:\WINDOWS\Explorer[Caution: Executable File]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File]

C:\WINDOWS\System32\regsvr32[Caution: Executable File]

C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: Executable File]

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

C:\WINDOWS\system32\WTablet\Pen_TabletUser[Caution: Executable File]

C:\WINDOWS\system32\Pen_Tablet[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]

C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Trend Micro\HijackThis\HijackThis[Caution: Executable File]



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File]

O4 - HKLM\..\Run: [Rxokicozi] rundll32[Caution: Executable File] "C:\WINDOWS\Szane.dat",e

O4 - HKLM\..\Run: [vqwstrwtmiest] C:\WINDOWS\System32\regsvr32[Caution: Executable File] /s "C:\WINDOWS\system32\mnwbmtxjlnhwuouff.dll"

O4 - HKUS\S-1-5-19\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [msiexec[Caution: Executable File]] msiconf[Caution: Executable File] (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msiexec[Caution: Executable File]] msiconf[Caution: Executable File] (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'Default user')

O4 - Global Startup: Start 3DxWare.lnk = C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv[Caution: Executable File]

O8 - Extra context menu item: &Search - ?p=ZUfox000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: Executable File]/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller[Caution: Executable File]

O16 - DPF: {C62FC49C-C55D-11DA-97D5-000BDB1ABB7B} (NolijWeb.NolijWeb_Logon) - file://\\Katana\Nw\NolijWeb.CAB

O20 - AppInit_DLLs: C:\WINDOWS\system32\wavojami.dll,C:\WINDOWS\system32\mafazupe.dll,C:\WINDOWS\system32\wusiwuto.dll,C:\WINDOWS\system32\mahalemo.dll,fjfvpc.dll,C:\WINDOWS\system32\jutokuki.dll ouyxpw.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: Executable File]

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File]

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File]

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]

O23 - Service: Google Update Service (gupdate1c96888cdc376f0) (gupdate1c96888cdc376f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate[Caution: Executable File]

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService[Caution: Executable File]

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet[Caution: Executable File]



--

End of file - 5493 bytes

 

 

 

Chris_0076[Caution: Executable File]

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:51:34 PM, on 1/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\Program Files\Google\Update\GoogleUpdate[Caution: Executable File]

C:\WINDOWS\system32\Pen_Tablet[Caution: Executable File]

C:\WINDOWS\Explorer[Caution: Executable File]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File]

C:\WINDOWS\System32\regsvr32[Caution: Executable File]

C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: Executable File]

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

C:\WINDOWS\system32\WTablet\Pen_TabletUser[Caution: Executable File]

C:\WINDOWS\system32\Pen_Tablet[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]

C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Trend Micro\HijackThis\Chris_0076[Caution: Executable File]



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {01698E7A-FB68-441C-989D-28B341D1C033} - (no file)

O2 - BHO: (no name) - {0d6d9717-ba61-4f7a-bc2e-18b5aa35fb2a} - (no file)

O2 - BHO: {a71913a9-4f3c-e5a9-a954-f50579d803e1} - {1e308d97-505f-459a-9a5e-c3f49a31917a} - C:\WINDOWS\system32\ouyxpw.dll

O2 - BHO: (no name) - {3E0366A4-9A52-452A-A719-40136CDF182A} - C:\WINDOWS\system32\mlJYrrqP.dll

O2 - BHO: (no name) - {3E47454F-88D6-415F-9487-A6DD9498AFA6} - (no file)

O2 - BHO: (no name) - {4961599b-e270-408a-9751-097d90cfa075} - (no file)

O2 - BHO: (no name) - {4EEFA112-AB29-4CC4-A0D9-8DCEB03A0698} - (no file)

O2 - BHO: (no name) - {532892D1-073F-4CDD-9B6E-3CC601DD0D17} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5746f1d0-f079-4d1f-8f47-1fa761c71237} - (no file)

O2 - BHO: (no name) - {6d5ee4e7-bd4e-4346-94ae-d13cd52f4dba} - (no file)

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcBSJbA.dll

O2 - BHO: (no name) - {73cee713-756c-4db7-9feb-4216a74b421e} - (no file)

O2 - BHO: (no name) - {8FC025C4-FF29-42EB-B948-031AA58040DF} - (no file)

O2 - BHO: (no name) - {A0C04D9F-CF3A-4818-A66B-87DB27DCA9B6} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: agadoo browser enhancer - {BE2D9D94-B96F-170C-0690-CDAA7E2E2313} - C:\WINDOWS\system32\mnwbmtxjlnhwuouff.dll

O2 - BHO: (no name) - {C3CF227F-2834-4B58-80A0-AA02ADA7192A} - (no file)

O2 - BHO: (no name) - {CC4789A4-807F-4193-826D-9BEB1699B429} - (no file)

O2 - BHO: (no name) - {D08A92D9-B5FD-46E1-974C-8A3DA21C2186} - (no file)

O2 - BHO: (no name) - {E480AFE2-95BD-4D2A-8558-1B26BDD52693} - (no file)

O2 - BHO: (no name) - {e7ad38ba-2c55-4595-827e-35e1f16d5dee} - C:\WINDOWS\system32\jujukeyo.dll (file missing)

O2 - BHO: (no name) - {EA149AE3-8CC5-4EC7-8EB7-22EA6E693178} - (no file)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File]

O4 - HKLM\..\Run: [Rxokicozi] rundll32[Caution: Executable File] "C:\WINDOWS\Szane.dat",e

O4 - HKLM\..\Run: [vqwstrwtmiest] C:\WINDOWS\System32\regsvr32[Caution: Executable File] /s "C:\WINDOWS\system32\mnwbmtxjlnhwuouff.dll"

O4 - HKUS\S-1-5-19\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [msiexec[Caution: Executable File]] msiconf[Caution: Executable File] (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msiexec[Caution: Executable File]] msiconf[Caution: Executable File] (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [3DxAssociateFileExts] C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register[Caution: Executable File] "FileExts" (User 'Default user')

O4 - Global Startup: Start 3DxWare.lnk = C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv[Caution: Executable File]

O8 - Extra context menu item: &Search - ?p=ZUfox000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: Executable File]/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller[Caution: Executable File]

O16 - DPF: {C62FC49C-C55D-11DA-97D5-000BDB1ABB7B} (NolijWeb.NolijWeb_Logon) - file://\\Katana\Nw\NolijWeb.CAB

O20 - AppInit_DLLs: C:\WINDOWS\system32\wavojami.dll,C:\WINDOWS\system32\mafazupe.dll,C:\WINDOWS\system32\wusiwuto.dll,C:\WINDOWS\system32\mahalemo.dll,fjfvpc.dll,C:\WINDOWS\system32\jutokuki.dll ouyxpw.dll

O20 - Winlogon Notify: ddcBSJbA - C:\WINDOWS\SYSTEM32\ddcBSJbA.dll

O20 - Winlogon Notify: xxyaBUkL - xxyaBUkL.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice[Caution: Executable File]

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File]

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File]

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]

O23 - Service: Google Update Service (gupdate1c96888cdc376f0) (gupdate1c96888cdc376f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate[Caution: Executable File]

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService[Caution: Executable File]

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet[Caution: Executable File]



--

End of file - 7620 bytes

 

 

 

Turned off all Antivirus software and ran Combofix(as instructed by a support technician from Spybots forums) and it found some rootkits. It restarted and came back up (as well as Avast) now I am getting this stop error and I can not go in via safe mode or last known good configuration. I hope this is a clear and coherent description.

 

 

 

 

 

Any ideas that do not include doing a repair installation?

 

 

 

Well thanks for any help.

 

Chris

[Errdoth]

http://support.microsoft.com/default.aspx?scid=kb;en-us;156669

 

It looks like you're BSOD'ing because your Winlogon[Caution: Executable File] or Csrss[Caution: Executable File] has been removed/is failing/has been stopped.

 

 

 

Can you boot into windows at all, or does it BSOD on startup?

 

Also, what did you use to get rid (if you did) of Virtumonde? Was it something like smitfraudfix, or something else?

[chris_0076]

Yes I have already been to Microsoft's site... I just do not understand their instructions. But if you could explam how I could get started with them I could figure it out. (Being able to use command prompt).

 

 

 

No I can not boot into Windows fully. It makes it to where the log on screen should be then it comes up with thte stop error. I have not yet been able to tell if Virtumonde has been removed because when it ran a scan on reboot it told me to reboot and now I am here. I used Combofix (as instructed by a support technician from Spybots forums)

 

 

 

As I am now using Knoppix does anyone know of a fix using it?

 

 

 

(forgive me of any errors just booted with a Knoppix CD, lacking in spell check)

[sloter]

Do you have the actual windows disc? Or did you buy your computer prebuilt with a recovery CD? I ask becuase most of those recovery cd or recovery partitions don't have the recover mode on them. Can you get into safe mode? To do so restart the computer or turn it on and after it boots out of the post menu press F8 and a menu should pop up select Safe Mode and see if you can boot up. I doubt it bout you can try. I hate to say it but if you have a recovery CD you might be reinstalling the OS.

[chris_0076]

It is a prebuilt from Dell :cry: and I have no clue where thte recovery CD is, but I can get a new one on Teusday. No I can not get into any form of safe mode.

[sloter]

It is a prebuilt from Dell :cry: and I have no clue where thte recovery CD is, but I can get a new one on Teusday. No I can not get into any form of safe mode.

 

If you have a a recovery cd and can't get into windows it isa good bet you will be reinstalling the operating system. IF you had important files you could get a live cd of a linux distro and copy them over from the hard drive to a usb driver or an external hard driver or a cd or what ever.