I guess I have malware...done what I can, need more help...

jtktft · Mar 17, 2011

I was directed to post over here in this section for my problem listed below. I have gone through all of the preliminary steps besides downloading and running the spyware doctor and other malware detection programs because I can only run in safe mode and can't access the internet.

I have a 2006 Compaq Presario 5005V with XP Home Edition. After leaving a hotel on vacation a couple weeks ago my computer wouldn't log onto the internet and I held the power button to shut down. After that it wouldn't restart. I did a recovery install of XP and was able to get the computer to turn on. Just prior to booting up completely, the computer would turn off and keep going through that cycle again and again. I researched since then and have the error codes and the event log information. I have tried everything I knew how to in Microsoft's information about fixing code: c000021a and nothing has worked. So here are all of the error codes on the BSOD and the event log info.

c00021a fatal system error. Windows subsystem process terminated unexpectedly 0x0000005 at 0x7c9106c3, 0x0058f36c (this last code has varied a couple of times) but this is the one most frequently appearing.

The event log has 6 events all saying "device attached to the system is not functioning. EventID: 7001.

I have tried unplugging everything from USB and power source. I have tried last known good config. I have corrected registry errors. I can't do an inplace reinstall of XP because it was pre-installed on the computer and my disk doesn't have that feature.

I would appreciate any help you can give me. Thanks!

TimW · Mar 17, 2011

Malware rarely causes BSOD's. However, if you want us to check your system, you need to follow these instructions. Do as much as you can in safe mode if that is all you are able to boot to. Download the scanning tools to another computer and transfer them via CD.

READ & RUN ME FIRST. Malware Removal Guide

jtktft · Mar 25, 2011

I have followed all of the steps in the guide and run the programs I could. I couldn't run Malwarebytes Anti-Malware because I need an active internet connection but I can't do that because I'm in safemode. Also, combofix needed to update something as well via the internet but couldn't do that as well for the same reason but I still ran the program without it.

Let me know if you find anything and/or what to do next. I appreciate the help very much.

TimW · Mar 25, 2011

You should not be having uTorrent running at start up!! And unless Spyware Doctor is a paid for version, uninstall it.

You need to uninstall these:
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6

I am not seeing any malware in your system. I suggest that you repost in the software forum for additional assistance.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

If you are running Win 7, Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures pointed to by step 7 of the READ ME
for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

Help Support MajorGeeks
Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

MajorGeeks on FaceBook

Log in or Sign up

I guess I have malware...done what I can, need more help...

jtktft Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jtktft Private E-2

Attached Files:

RootRepeal report 03-21-11 (20-56-02).txt

MGlogs.zip

SUPERAntiSpyware Scan Log - 03-22-2011 - 20-19-11.log

combofixlog.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member