Malware /Motherboard Failure

Hello all,

I have an XP computer my friend asked me to look over. Unfortunately I got started in October and am now getting back to it. I am attaching the logs.

I am wondering if motherboard failure is eminent. I got the blue screen "unmountable..." Didn't have the Windows CD to work with, but was able to recover using Norton Ghost, which happened to be installed. (Used ctrl+F11 during boot).

Anyway, would one of you talented techs take a look at the reports and tell me if the issue is a remaining virus mimicing motherboard failure or it is doomed.

Only four uploads allowed. Hoping I can add SAS log next.

Thanks all,

Dkgoodwin
^

 

And here is the SAS log.

dkgoodwin

 

Hello dkgoodwin,

Does it say Unmountable boot volume (0xED)? If so, that is a sign of hard drive corruption. Might end up needing to replace the hard drive but usually it's not necessary if you are able to correct the corruption. Your motherboard however, is not related to this type of BSOD and is probably just fine.

If you would like me to check for malware, you need to first update all of the specified programs: SAS, MBAM, ComboFix and MGtools.
Then run scans of each again.

 

Thanks for replying, yes that was it, I knew I didn't have to type the whole thing out.


Also after all the AV scans and tests etc... still really slow booting up. That along w/ BSOD made me think something might be failing, but again I was concerned it might be a virus giving the impression of failure.

Thanks. Dkg

 

The computer is not online and has not been since that set of scans were run, so I didn't think to re-run them. Sorry.

dkg

 

Uploading new scans -

 

And last log -

Thank you,

Dkg

 

Other than a potentially failing hard drive, you also have a very low amount of memory installed:

Code:

Total Physical Memory	512.00 MB

For today's standards we would recommend 2GB. 1GB bare minimum.
You should notice a performance increase afterwards.

Did not see any malware in your logs, but here are a few things you can do to tidy up a bit.

http://img853.imageshack.us/img853/6741/addremovexp.gif From Add/Remove Programs (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 27

http://img823.imageshack.us/img823/2039/msnmsg.gif Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

http://img825.imageshack.us/img825/2648/hjt.gif Run C:\MGtools\analyse.exe by double-clicking it (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Choose "Do a system scan only" and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4

http://img195.imageshack.us/img195/9049/javaz.gif Now install the current version of Sun Java from: jre-7u2-windows-i586.exe

_____________________________________________

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Take care and be safe!

 

To attempt to correct the hard drive corruption resulting in 0XED BSOD. Try the below software:

http://majorgeeks.com/Puran_Defrag_Free_Edition_d6360.html

Install and choose Boot Time Defrag on the C: and D: drive -> Restart-Defrag-Restart + Full Disk Check

 

Thank you thisisu - you are terrific at looking these things over. And you do it so quickly and with a broad view too.

Thanks so much.

dkg

 

You're welcome. Be safe