Virus Issue

Hello all
i am hemant mahale from India

recently i visited to this site and found very useful, i have read one post running cmd and msconfig cause Windows XP to reboot. and the solution is also meeting to my problem but i observed while trying, to all those solution my computer restarts automatically. even if i want to run hijack this for logfile it wont let me do that, suddenly my pc get restarts.
even though i tried sysinternal utility provided by Microsoft, that also gives same problem i mean if i want to run killbox or HJT or any other application which is performing system scan pc restarts automatically, i am also not able to start it in to SAFE mode, suddenly the Blue screen appears.


Pls Help me

if u want more details pls let me knwo.....

Rgds

Hemant

What does the blue screen say?

__________________
My Home Page

The Error message i seen on screen is Stop 0x0000007B(0xf7aee524,0x00000034,0x00000000,0x0000 0000) Check for viruses on your computer run chkdsk /f to check HDD etc etc......


i have also ran that utility with chkdsk /f /r option and no error found on the machine....

the system configuration is HCL machine with

512 MB DDR RAM, 160 GB HDD, Intel IV D processor, and intel chipset..

Is your computer operable?
When does the BSOD error happen?

Navigate to: C:\Windows\Minidump folder.
If you see any .dmp files, zip all of them, and attach zipped file to your next reply.

__________________
My Home Page

Broni thanks for your instant replies,

Here is the file, i searched my entire hdd and found these two dump files

pls check d dmp file
there is also another dmp file on my system, memory.dmp and file size is near abt 1 gb
but not able to zip dat file, Bro, 1 doubt i just wanted to clear from you,
do you think its any Hardware issue? or Virus also may be a cause for BSOD......

Attached Files

Mini042009-01.zip (8.9 KB, 2 views)

You never answered:
Did you find only one .dmp file in C:\Windows\Minidump
IfBSODhappens all the time, you should have more files there.
That one file is inconclusive.
It lists PFN_LIST_CORRUPT error, which may indicate RAM problem, but I don't want to judge anything from one .dmp file.

You need to say little bit more about the circumstances, when the restart happens.

Download System Information for Windows: SIW | Download to your Desktop.
Get SIW Standalone (English-Only).
Double click on siw.exe to run the program.
Go File>Create Report File>HTML
Save the file to known location.
Zip the file, and attach it to your next reply.

__________________
My Home Page

Hey Broni

as u asked me earlier yes my pc is operable and BSOD happens everytime when i tried to boot my pc in safe mode or if i tried to run GMER s/w which scans pc for virus infection,
in GMER s/w situation it either restarts or gave me BSOD screen, another thing is m not able to dwnld SIW s/w my browser shows me "ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.gtopala.com/download/siw-setup.exe

The following error was encountered:

* Zero Sized Reply

Squid did not receive any data for this request.

Your cache administrator is root.
Generated Mon, 27 Apr 2009 05:52:15 GMT by netserv (squid/2.6.STABLE6) "

Error message, my network admin has installed firewall over our network so dat may be a problem for me to download this utility, would there be any other way to downlad this utility...


Pls help me,

Broni i found 1 more strange problem, if i want to shutdown d pc its not happening pc restarts so for proper shutdown i have to unplugged power cord, is it give u any idea about how i can cleaned the virus?

Nobody said virus, yet, but it may be a good idea to check.

Download HijackThis:
TrendSecure | Download TrendMicro HijackThis
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

I'll move the thread, if necessary.

__________________
My Home Page

Goood morning Broni

i have run the s/w on system it has generated the log

pls see below





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:16 AM, on 4/29/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\server.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwserver.exe
C:\Program Files\F-Secure\Management Server 5\apache.exe
C:\Program Files\F-Secure\Management Server 5\Web Reporting\bin\fspmwrservice.exe
C:\Program Files\F-Secure\Management Server 5\Web Reporting\firebird\bin\fbserver.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\F-Secure\Management Server 5\Web Reporting\runtime\bin\fspmwr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Management Server 5\apache.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\F-Secure\Management Server 5\bin\rotatelogs.exe
C:\Program Files\F-Secure\Management Server 5\bin\rotatelogs.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\SysMax\postgres.exe
C:\WINDOWS\system32\SysMax\postmaster.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.100.197:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 172.*;http://cmifpedc;192.168.*.*;<local>
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\SysMax\postgres.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cmifpe.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{63293CA0-55F7-41A0-9C5D-AEDBB7CF1063}: NameServer = 172.16.0.4,172.16.20.4,172.16.60.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cmifpe.com
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Automatic Update Server (FSAUS) - BackWeb - C:\Program Files\F-Secure\FSAUS.PM\bin\server.exe
O23 - Service: F-Secure Policy Manager Server (fsms) - Unknown owner - C:\Program Files\F-Secure\Management Server 5\apache.exe
O23 - Service: F-Secure Policy Manager Web Reporting (fspmwr) - Unknown owner - C:\Program Files\F-Secure\Management Server 5\Web Reporting\bin\fspmwrservice.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

--
End of file - 4302 bytes