New Major Geeks user requiring urgent help!!

Hi guys.

Came accross this forum when I experienced major problems with Malware/Viruses. Carried out all but the last step in the Windows XP Cleaning procedure but now I'm having major difficulty. (This is a seperate computer).

I had a lot of malware, so my Anti-Virus software obviously wasn't working.

I went through Super Anti-Spyware, SpyBot, Malware reomver but then when I rebooted I got ablue screen of death with the following:

PAGE_FAULT_IN_NONPAGED_AREA

blah, blah, blah...

*** STOP: 0x00000050 (OxFFFFFFFE, 0x00000000, 0x8A9F8ECA, 0x00000000)

Can anybody PLEASE help me!!!

Pete.

 

Chaslang,

Thanks for your prompt response. Yes it was as much as I had, the "blah, blah, blah" bit was just to save me typing the full generic blue death screen info.

I have had to complete a full re-install, however, I now have another problem. I mentioned that I was working off another computer, well this now also has a virus, probably caused by my checking files on an external back-up drive used to back up the original laptop prior to the crash, even though I virus checked this drive with AVG prior to using it on the second PC.

I will now complete all necessary checks listed in the "READ & RUN ME FIRST" section of this forum and post the necessary logs.

Thanks again for your prompt response. Any advice you could give regarding my external hard drive would be appreciated.

Pete.

 

Chaslang,

I have now completed all steps as listed in the READ & RUN ME FIRST and Windows XP Cleaning Procedure and have attached my logs accordingly.

Some issues to report during the cleaning procedure:

Issue 1 During the Spybot scan, the following message was displayed:

(to the effect of Not all infections have been removed as some are currently in use. These maybe removed after a restart. Can Spybot start after restart? Yes/No

I entered Yes, the system rebooted and Spybot recommenced before Explorer started. During the scan, the system crashed and a blue death screen was displayed with the following message:

A problem has been detected and Windows has been shutdown to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen apprears again follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the Stop message, disable the driver or check with the manufacturer for driver updates. Try changing vidoe adapter.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, Press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical Information:

*** STOP: 0x0000008E (0xC0000005, 0xF760F889, 0xA925DC2C, 0x00000000)

*** Lbd.sys - Address F760F889 base at F760D000, Datestamp 49805dde

Issue 2 During the Cobofix scan, the following message was displayed:

Combofix has detected the presence of rootkill activity and needs to reboot the machine. Kindly note down on paper, the name of each file. We may need it later:

C:\WINDOWS\system32\twex.exe

- End of issues -

Thanks for your continuing assistance.

Pete.

 

Attached are Spybot report and MGLogs(zipped)

 

Chaslang,

Right, I went through all steps, with the exception of the removal of Windows Messanger. My friend wanted to retain this program, however, if it is a problem, I will remove it.

Also, I tried to remove Macphee, using Control Panel>Add or Remove Programs, but it would not uninstall, any advice would be appreciated. I manually closed Macphee down after each reboot.

I checked to see if C;\WINDOWS\systems32\sessmgr.exe was missing from the system and it was. I therefore copied accross this file from another computer, so this file is now present.

Viewpoint Media Player removed. Sorry I must have missed this during the inital cleaning procedure.

Ran C:\MGtools\analyse.exe and selected F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe, and fixed it.

Ran Combofix after copying and pasteing the necessary script and I attach C:\ComboFix.txt as requested.

Lastes version of Java installed.

CCleaner ran, and thenI also ran the registry cleaner as well. (Should I have done this?)

Now, this is where the problems started.

When it rebooted and all the programs loaded, AVG displayed a virus in C:\WINDOWS\system32\charmap.exe The virus was listed as Win32/Heur.

Spybot crashed at this point.

I then closed down all anti-spyware and anti-virus software and before I could do anything alse the computer rebooted it's self. This became a constant loop, of restarting the rebooting then restarting etc.

I had to boot in Safe Mode. I then tried to carry out the last of your instructions by going to C:\MGtools\GetLogs.bat, the process started but during the process, the computer crashed and displayed a blue death screen with the following on it:

A problem has been detected and Windows has been shut down to prevent damage
to your computer.

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've see this stop error screen,
restart your computer. If this screen appreas again, follow
these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use safe mode to remove or disable components, restart
your computer, press F8 to select Advanced Startup Options, and then
select safe mode.

Technical Information:

*** STOP: 0X00000050 (0XFFFFFFFE, 0X00000000, 0X86368ECA, 0X00000000)


Beginning dump of physical memory
Pysicla memory dump complete.
Contact your system administrator or technical support group for further
assistance.

I restarted the computer again in Safemode and reinstalled the registry back up previoisly created in the registry clean up side of Spybot, and rebooted.

This time the computer was stared in Normal mode and did not reboot it's self again.

However, I have lost all Wireless capabilities.

I tried to recomplete the C:\MGTools\GetLogs.bat procedure but each time it crashed and displayed the same blue death screen as detailed above.

I checked the modified date of the MGlogs.zip and it has been modified during the procedure but I don't think it will be a complete log, although I have attached this log.

Computer is displaying several infections picked up during the daily AVG Scan

Over to you Sir! Thanks for your help thus far.

 

Chaslang,

Just a quick note to thank you for your help and patience!

I have had to do a complete reinstall, which although I didn't want to, has proved to be the only viable alternative.

I appreciate all you guys for giving up your valuble time free of charge.

Once again, thanks.

Pete.