Need HELP VIRUS SUSPECTED

[jme]

Receiving this message:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Disable or uninstall any anti-virus, disk defragmentation or backup utilities. Check your hard drive configuration, and check for any updated drivers. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical information:
***STOP: 0x00000024 (0x00190203, 0x8637DCA0, 0xC0000102, 0x00000000)

This is on my laptop and I cannot get it past this screen.........any help is greatly appreciated!!!

Jme

[guestolo]

Did you recently install or uninstall any software?
Including drivers
Think carefully, it may be important

Do you have the Windows XP cd?
This is XP isn't it?

[jme]

Yes, it is XP. The most recent thing I can think of is, I downloaded a background picture the day before it happened. I did receive a notification about a pup, but I thought it was harmless......maybe I was wrong. Dell is sending me the CD. I do use auto update from Dell support, so it is totally possibe I may have downloaded new drivers...problem is I am not sure what. I will think about it some more.........

Thanks,
Jme

[guestolo]

Test
Can you get into safe mode?
Sign in with your normal user account

[jme]

[quote name=\'guestolo\' post=\'261759\' date=\'Dec 26 2006, 03:41 PM\']Test
Can you get into safe mode?
Sign in with your normal user account[/quote]

No, once I hit enter on safe mode, a black screen with scrolling text appears for 1 or 2 seconds then the blue screen appears with the above stated error message.
This is the some of the scrolling text
multi disk(0) rddisk(0) partition(2) windows/system32/drivers/ different text on each line after this
Hope this helps
Jme

[guestolo]

Are you able to boot into Safe mode with Command prompt?
Are you able to use "Last know good configuration"?
(It's in the same startup window as safe mode")

Can you shut down and disconnect any periphials from the computer
Eg.. Printer, mouse, etc....
Reboot and see if you can get into Windows



You could run CHKDSK /F as mentioned in the error message
But you would have to get into Normal windows or Safe mode
Or use an XP CD and run it from the Recovery console

Your Dell should have a recovery partition, but you will lose all data
do you have anything important to keep on the computer?
What model of laptop do you have?

[jme]

[quote name=\'guestolo\' post=\'261943\' date=\'Dec 26 2006, 08:27 PM\']Are you able to boot into Safe mode with Command prompt?
Are you able to use "Last know good configuration"?
(It's in the same startup window as safe mode")

Can you shut down and disconnect any periphials from the computer
Eg.. Printer, mouse, etc....
Reboot and see if you can get into Windows
You could run CHKDSK /F as mentioned in the error message
But you would have to get into Normal windows or Safe mode
Or use an XP CD and run it from the Recovery console

Your Dell should have a recovery partition, but you will lose all data
do you have anything important to keep on the computer?
What model of laptop do you have?[/quote]

No, I have tried all of those. I don't have anything attached that didn't come built in to the computer. It is a DELL XPS M140. Monumentally important, no. There are a few things I'd like to save, but nothing that I couldn't live without.

[guestolo]

There are a few things I'd like to save, but nothing that I couldn't live without.

Have you ever tried a bootable CD called
Knoppix
It's a fair size download, but well worth it, it will fit on one CD
You will probably be able to get into the non-bootable XP
You burn knoppix as an .ISO file
Do you have burning software that you can burn ISO image files with?
If not, I have free software you can use
Do you have a CD or DVD burner on the computer your using to communicate with right now?
Once booted with Knoppix, you may be able to access the drive and save your files to an external device
Such as a USB thumbdrive, or even send them to an online address, such as email, if not too big

I take it that the laptop only has one CD/DVD drive, is that correct
and no floppy drive

NOTE: These are the instructions I could find on your laptop to restore the system to factory defaults
Using Dell PC Restore by Symantec
  NOTICE: Using Dell PC Restore permanently deletes all data on the hard drive and removes any
applications or drivers installed after you received your computer. If possible, back up the data before
using PCRestore. Use PC Restore only if System Restore did not resolve your operating system problem.
NOTE: Dell PC Restore by Symantec may not be available in certain countries nor on certain computers.
 
PC Restore restores your hard drive to the operating state it was in when you purchased the
computer. Any programs or files added since you received your computer—including data
files—are permanently deleted from the hard drive. Data files include documents, spreadsheets,
e-mail messages, digital photos, music files, and so on. If possible, back up all data before using
PC Restore.

To use PC Restore:

1.Turn on the computer.
During the boot process, a blue bar with
www.dell.com appears at the top of the screen.
2. Immediately upon seeing the blue bar, press <Ctrl><F11>.
If you do not press <Ctrl><F11> in time, let the computer finish starting, and then res
the computer again.

  NOTICE: If you do not want to proceed with PC Restore, click Reboot in the following step.
3. On the next screen that appears, click Restore.
4. On the next screen, click Confirm.
The restore process takes approximately 6–10 minutes to complete.
5. When prompted, click Finish to reboot the computer.
  NOTE: Do not manually shut down the computer. Click Finish and let the computer completely
reboot.
6. When prompted, click Yes.
The computer restarts. Because the computer is restored to its original operating state, th
screens that appear, such as the End User License Agreement, are the same ones that
appeared the first time the computer was turned on.
7. Click Next.
The
System Restore screen appears and the computer restarts.
8. After the computer restarts, click OK.

Don't do the above restore if you have files you would like to save
I would go with something like Knoppix
If you would like the download link let me know
If you need a small ISO burning software, again, let me know

[jme]

Yes, I do have a DVD/CD burner & software on my desktop. I am not sure how to tell if my software can burn to an .ISO file. I definately want to try the Knoppix. Please just tell me what to do....  My laptop does not have floppy.

[guestolo]

I'm assuming you have high speed internet, such as Cable or DSL
All burning software is a bit different, most can burn image files
But since this bit of software is a small download and ease of use
Can you download and install
[color=\"#0000FF\"]burnatonce[/color]

Afterwards, you will need to download and save to desktop Knoppix
Go to the following link
http://www.knopper.net/knoppix/index-en.html

At the link, you can read the info about knoppix if you want
Click on the DOWNLOAD button
Next page you will want to choose a mirror to download from
Just because a location may be closer to you, it may not always be the fastest connection
I find that the download location from
ftp.kernel.org   [rsync]   [ftp]   [http]   Kernel.Org (California, USA)
is very good speeds if your in North America

You can select it by Clicking  on ftp as eg..
At the new page click on ACCEPT
This will bring you to an Index of what you can download
Scroll down to KNOPPIX_V5.0.1CD-2006-06-01-EN.iso and click on it
Choose SAVE TO DISK and OK
Select the location to download, such as desktop

After download is complete you will want to burn the ISO as is
See if I can remember the instructions  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'\' />
Fire up Burnatonce, put a blank CD into the drive
In burnatonce, select Setting>>Device Settings, this will show you the options
Ensure the speed of write is correct, you can lower it a bit to ensure a good burn
Afterwards, click on the WRITE button or FILE>>New Image
Navigate to KNOPPIX_V5.0.1CD-2006-06-01-EN.iso
and double click on it to Select it
Then click on the WRITE button again
Let it complete the burn process, after it is successful you are ready to try it in the laptop


Hopefully you have something like a USB key or another external device for backup
Or you can use the built in browser to send files to yourself
 I doubt if you have two CD drives
Enter the bios and change first boot device to your CD, entering bios is different on all machines
You will see Setup on first boot, usually on a Dell it's something like the <F2> key or <Delete> key
Once you have saved the change to boot to CD, ensure to put the Knoppix CD into the drive
Power down, connect your external backup if you have one
Power up the machine, hopefully, if everything goes alright, knoppix should be able to boot the machine and you should have
access to all your files folders on the Windows side
You may have to reboot twice if it doesn't see it the first time

Play around with it a bit, if you have questions post back
Your Windows drive will look something like "hda1"
You can right click on it and MOUNT it
You may also see the restoration partition, you don't need to enter that
I know my way around it a bit, but don't use it all the time

I find that any files>>Folders you want to save, it's best just to Copy>>paste them to Knoppix desktop for easy access
If you need to access the Internet, use Mozilla Firefox browser>>It should have an Icon for it at the bottom of the screen
Have fun with it

[jme]

Well, I was able to save the few things I wanted from the computer  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' /> . I received my Dell disks yesterday and I called Dell support and they walked my through it until I had internet access and then remote controlled the rest. I just had to add most of my applications myself. I was wondering if you could give me some input on how to prevent something like this from happening again http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' /> . Maybe my internet security isn't good enough, or I am doing something wrong whith it. How safe is Windows auto update?  I heard people saying that it shouldn't be used to download straight from the site every so often because it can open you up for an attack. I also heard not to use Yahoo Messenger too....is this valid http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wacko.gif\' class=\'bbc_emoticon\' alt=\':wacko:\' /> ?? Anyway, I am currently using the AT&T Yahoo security suite.... Your advice is greatly appreciated, and thanks so much for the help so far!!!! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'\' />
Jme

[guestolo]

Sorry for the delay, what security software do you get with Yahoo internet security?
It may be PC antivirus, Firewall, etc..
Do you have to pay for this, or is it free?

I don't use Yahoo Messenger, so I can't comment
You should leave the computer to Autoupdate at Windows updates
Just for the HighPriorties
It's the safest....
If you need Driver updates, go to the Manufacturers website to get them

I would add some extra protection
Since you just did a restore I'll assume everthing is great
Hold onto that Knoppix CD if you created one
You never know when yourself or friends/family may need it  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />
Just out of curiousity, can I see a fresh hijackthis log please

[jme]

Logfile of HijackThis v1.99.1
Scan saved at 8:27:28 PM, on 12/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167296175562
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

The yahoo security suite has anti spy, antivirus, pop up blocker, parental controls and mail protection. As far as I know, it is offered  free to yahoo subcribers. We get our dsl service through them. I believe they do offer a firewall, but I am not using it. I am using the windows one now.[/size[size="3"]] Thanks again for all your help. Before now, we were using McAffee that we bought at Best Buy... but now, I am not sure I trust it. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />  

[guestolo]

The AV should be adequate, I'm not sure about the Firewall software supplied
Do you know who's Protection engine it's based on?
I would guess it would be CA Personal Firewall which is based off of Tiny Software
It should be a great Firewall protection
It will probably be a better firewall than the one supplied by XP
If you do enable it, you can disable the XP firewall, you don't need more than one running

I would also add the following to your system

*Install  SpywareBlaster 3.5.1 by JavaCool  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"


Also, it may not hurt to add a good Host file

http://www.mvps.org/winhelp2002/hosts.htm
Here's more info on how to download and extract it
http://www.mvps.org/winhelp2002/hosts2.htm
You will want to do this once a month

[jme]

The firewall is the Basic ZoneAlarm firewall. Would this be better than the windows firewall??

[Mod Ryan]

Basic Zonealarm firewall is better than windows firewall, yes, but one i'm currently using is "comodo" and so far so great, i'm sure if you ask questolo, he will give you a link,

Ryan.

[jme]

Thanks Mod Ryan for the info....I was able to download it through the link from the recommended spyware/malware removal and preventative tools topic posted by questolo. I appreciate all the help you and questolo have given me. Any tips for using comodo?? http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

[guestolo]

I think you made a good choice with Comodo
The defaults should do fine
My preference, I disabled the autoupdater, and check manually

If you get a prompt from a program to access the Net
Ensure you trust the application and it's parent and Allow it

Scan for know applications under the Tasks button
There is also a great Help section