Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows stop error 0x804dc11d

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows stop error 0x804dc11d

Unread postby Dodge Caravan » May 4th, 2008, 9:54 am

Hey, my problem is that when i log onto windows normally i get a blue screen windows stop error which reads

IRQL_NOT_LESS_OR_EQUAL

If this is the first time you have seen this Stop error screenm restart your
computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If
this is a new installation, ask your hardware or software manufacturer for
any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or
software. Disable BIOS memory options such as caching or shadowing. If you
need to use safe mode to remove or disable components, restart your computer,
press F8 to select Advanced Startup options, and then select safe mode.

Technical Information:

*** STOP: 0x0000000A (0x00000000,0x00000001,0x00000002,0x804DC11D)


Now i can still start up in safe mode and if disconnect my internet i can start windows normally but as soon as i plug the interest back in i get the blue screen and same error message. Some places say that this error can be from hardware but if i can use my computer in safe mode (internet works in safe mode) and use it in normal mode without internet how can it be hardware.

Also i do not know if this a coincidence, but the first time i saw this message a few days ago was the same day just before the blue screen actually that my sister got a virus by downloading the "activex object" there are some sites that say this is a codec for video but it is a virus. I ran some antispy ware stuff like avg and spyware doctor but they did nothing. I was reading into using "Combofix" but was hesitant, so have not used it yet.

I have pasted my HJT log file, i am running Windows XP home sp2, 512 ram, 2.4 ghz,

Any help would be much appreciated thanks a lot!!!

Logfile of HijackThis v1.99.1
Scan saved at 12:19:01 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Spyware Doctor\pctsAuxs.exe
C:\Spyware Doctor\pctsSvc.exe
C:\Spyware Doctor\pctsTray.exe
C:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dodge Caravan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BC69676-0B0E-ED53-2A1E-09814B209C60} - C:\WINDOWS\system32\lzzsgom.dll (file missing)
O2 - BHO: Video - {414B0283-2228-4F26-8BB3-C2211FA99223} - C:\WINDOWS\worad.dll
O2 - BHO: (no name) - {4507A8EC-5346-58CC-214A-5C3941F3BB55} - C:\WINDOWS\system32\mfcsz32.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\kmpiwibr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DVA Gate - {AEAFB69D-EDE2-47C8-BDBA-D8938DE059D3} - C:\WINDOWS\qnmargolewk.dll
O2 - BHO: gooochi browser optimizer - {ebbc473f-c6c9-dd4f-5ed5-26c34d426e33} - C:\WINDOWS\system32\{e263ee66-e13b-0daa-ac5b-fbe136e00cd7}.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DU Meter] C:\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Msn Configuration Loader] msngms.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [partvgatypecamp] C:\Documents and Settings\All Users\Application Data\Stop Up Part Vga\Grimdale.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.USYP_0002_N91M1708] "c:\documents and settings\dodge caravan\application data\sysprotectscannerinstall[1].exe" -nag
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\rdjfwikg.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\tjowhhue.dll",setvm
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [soft2] C:\WINDOWS\142092562.exe
O4 - HKLM\..\Run: [osCheck] "C:\Norton 2007\osCheck.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe" /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\pwinkodn.exe SED001
O4 - HKLM\..\Run: [ISTray] "C:\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunServices: [Msn Configuration Loader] msngms.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DALE ATOM] C:\DOCUME~1\DODGEC~1\APPLIC~1\PARTON~1\Junk bolt phone.exe
O4 - HKCU\..\Run: [Msn Configuration Loader] msngms.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Creative Detector] C:\Creative2\media source\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WeatherEye] C:\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/c ... /it1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11111111-1111-1111-1111-111930632492} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.easywww.info/safe/payloadexe.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_30.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o ... winrep.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/clas ... ,3,2,20802
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/active ... anager.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... owdown.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{487A8018-330F-414D-9C98-657C302063E5}: NameServer = 204.97.212.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F969D0A-E813-4690-A602-E9826E749B58}: NameServer = 204.97.212.10
O17 - HKLM\System\CS8\Services\Tcpip\..\{487A8018-330F-414D-9C98-657C302063E5}: NameServer = 204.97.212.10
O17 - HKLM\System\CS9\Services\Tcpip\..\{487A8018-330F-414D-9C98-657C302063E5}: NameServer = 204.97.212.10
O17 - HKLM\System\CS10\Services\Tcpip\..\{487A8018-330F-414D-9C98-657C302063E5}: NameServer = 204.97.212.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\systt6.dll icmufecl.dll
O20 - Winlogon Notify: trafkbdy - C:\WINDOWS\system32\trafkbdy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: E404Helper - {5a818245-085a-41df-aa55-fff2a4e7548f} - e404d.dll (file missing)
O21 - SSODL: vadokmxt - {484AC22E-CA14-4653-8CDE-D6C15F6EAEC6} - C:\WINDOWS\vadokmxt.dll
O21 - SSODL: wdpoefan - {DD36E21E-7117-4E2B-80A6-50D67C17D893} - C:\WINDOWS\wdpoefan.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netti32.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM+ System Service - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Norton 2007\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Dodge Caravan
Active Member
 
Posts: 9
Joined: May 4th, 2008, 9:44 am
Advertisement
Register to Remove

Re: Windows stop error 0x804dc11d

Unread postby ndmmxiaomayi » May 4th, 2008, 2:00 pm

Hi,

Welcome to Malware Removal.

Your log is heavily infected.

One of the infections allow attackers to steal sensitive info, particularly your credit card and Windows licenses.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Please let me know your decision.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows stop error 0x804dc11d

Unread postby ndmmxiaomayi » May 5th, 2008, 12:43 am

You've also posted here - http://forums.techguy.org/malware-remov ... dc11d.html

May I draw your attention to the Forum Guidelines on Multi-Posting

  • If you wish to continue here, please notify the other forums so they can close your threads.

  • If you wish to be helped elsewhere let me know so I can close your thread here.

If I do not hear back from you on this matter within 24 hours, this thread will be closed.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows stop error 0x804dc11d

Unread postby Dodge Caravan » May 5th, 2008, 12:42 pm

Hey thanks for the speedy reply, i have posted that i will no longer be needing the other websites help, i am sorry for dbl posting i wasnt sure anyone was going to answer me.

I really didnt think my computer was this bad, i have gotten rid of viruses in the past but this one wont go away....I have changed my passwords from a clean computer and would like to make an attempt to fix my computer, i am not to sure where my OS cd is and will tyr to find it. Also if i backup my files say on a usb drive, will the backedup files also contain the viruses?

Thanks
Dodge Caravan
Active Member
 
Posts: 9
Joined: May 4th, 2008, 9:44 am

Re: Windows stop error 0x804dc11d

Unread postby ndmmxiaomayi » May 5th, 2008, 1:52 pm

Hi,

First of all, you have 2 antivirus programs installed. That is not recommended as they may cause conflicts and lower your computer's security instead.

Please choose to keep either Symantec Antivirus (also known as Norton Antivirus) or AVG Antivirus. If you have already paid for Symantec Antivirus and the subscription isn't going to run out soon, I suggest you remove AVG Antivirus instead. You can re-install AVG Antivirus if you decide not to renew Symantec Antivirus subscription when it ends.

If you want to remove Symantec and it is giving you a hard time to remove it, please download Norton Removal Tool and save it to your desktop.

Run it to remove Norton. After this, please restart your computer.

Next...

  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.

In your next reply, please post:

  1. A new HijackThis log
  2. The Uninstall list
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows stop error 0x804dc11d

Unread postby Dodge Caravan » May 6th, 2008, 10:49 am

Sorry for the delay, backing up my files took some time, i will post my new HTJ log tonight
Dodge Caravan
Active Member
 
Posts: 9
Joined: May 4th, 2008, 9:44 am

Re: Windows stop error 0x804dc11d

Unread postby Dodge Caravan » May 6th, 2008, 10:35 pm

hey, i have uninstalled norton with the remvoal tool. But my computer may have gotten worse, safe mode does not work now it doesnt load up after i click on a user its just black with the safe mode written in 4 corners. Starting up normally was freezing till i used last known working config. Also one time when i started i got a message that system 32 file stoped and my comp will restart in 1 min, i dont know if this is the old blaster worm back, i ran a fix for the blaster worm i had from way back when and it said i didn't have the worm on my comp.

Here are the two logs:

Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.0
Adobe MPEG Encoder
Adobe Photoshop 7.0
Adobe Premiere 6.5
Adobe Premiere Pro 2.0
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Alcohol Toolbar
AOL
AVG 7.5
BearShare
BitTorrent 3.4.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Classic PhoneTools
Codec Pack - All In 1 6.0.2.3
Compatibility Pack for the 2007 Office system
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
Creative Jukebox Driver
Creative Mass Storage Drivers
Creative MediaSource
Creative MuVo V100
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro
Creative Zen Micro (PlaysForSure)
Creative Zen MicroPhoto
CureROM Pro 2.0.3
DAO
Deewoo Network Manager removal
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DellSupport
Digital Line Detect
DivX Player
DivX Pro Codec Adware
DU Meter
DVD Decrypter (Remove Only)
DVDSentry
EA downloader
EA SPORTS online 2005
EA SPORTS™ NBA LIVE 08
Enhancement Browser Tools Gooochi
FLV Player 1.3.3
Game Elements PC Recoil Pad
GameShadow
Haali Media Splitter
HijackThis 1.99.1
Hotfix for Windows XP (KB926239)
HP Photo Printing Software
HP Precisionscan Pro 3.1
HP Share-to-Web
HyperLoad
Image Transfer
ImageMixer for Sony
ImageStation Easy Upload Tools
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
ISI ResearchSoft - Export Helper
iTunes
Jasc Animation Shop 3
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java(TM) 6 Update 5
Kazaa Lite K++ v2.4.3
Lame ACM MP3 Codec
Likno Web Button Maker
Lyra Personal Audio Player (RD1021/1071/1075)
Madden NFL 08
MathType 5
Matroska Pack
Messenger Plus! 3 & Sponsor
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
MISource
Modem Helper
Mozilla Firefox (2.0.0.14)
Musicmatch® Jukebox
MyDVD
Nero 7 Demo
NetWaiting
NVIDIA Windows 2000/XP Display Drivers
O&O Defrag Professional Edition
Paint Shop Pro 7
PDF-to-Word 2.1 Demo
PokerStars
Pop-Up Stopper
PowerDVD
PowerISO
Print Server
QuickTime
Quivic
RealPlayer
RegistryFix v3.0
Replay Converter 2.60 B
Safety Bar
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Shizmoo Web Games
Shockwave
Sierra Utilities
Snood for Windows version 3.01-W
Sony USB Driver
Sophos Anti-Rootkit 1.3.1
Sound Blaster Live!
SPSS 11.0 for Windows Student Version
Spyware Doctor 5.5
Street Fighter 2 Plus Champion Edition
Ulead Photo Explorer 8.0 SE Basic
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB PC Camera 302
WinAce Archiver 2.0
WinAVIVideoConverter
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
WordPerfect Office 11
XoftSpy



Logfile of HijackThis v1.99.1
Scan saved at 10:21:09 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Spyware Doctor\pctsAuxs.exe
C:\Spyware Doctor\pctsSvc.exe
C:\Spyware Doctor\pctsTray.exe
C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\All Users\Application Data\bgnuvkhg\loxszobo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\DU Meter\DUMeter.exe
C:\Pop-Up Stopper\dpps2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\iTunes\iTunesHelper.exe
C:\DAEMON Tools\daemon.exe
C:\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\pwinkodn.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\Creative2\media source\Detector\CTDetect.exe
C:\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Documents and Settings\Dodge Caravan\Desktop\HijackThis.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Sony Image Transfer\SonyTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BC69676-0B0E-ED53-2A1E-09814B209C60} - C:\WINDOWS\system32\lzzsgom.dll (file missing)
O2 - BHO: Video - {414B0283-2228-4F26-8BB3-C2211FA99223} - C:\WINDOWS\worad.dll
O2 - BHO: (no name) - {4507A8EC-5346-58CC-214A-5C3941F3BB55} - C:\WINDOWS\system32\mfcsz32.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\kmpiwibr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DVA Gate - {AEAFB69D-EDE2-47C8-BDBA-D8938DE059D3} - C:\WINDOWS\qnmargolewk.dll
O2 - BHO: gooochi browser optimizer - {ebbc473f-c6c9-dd4f-5ed5-26c34d426e33} - C:\WINDOWS\system32\{e263ee66-e13b-0daa-ac5b-fbe136e00cd7}.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DU Meter] C:\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Msn Configuration Loader] msngms.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [partvgatypecamp] C:\Documents and Settings\All Users\Application Data\Stop Up Part Vga\Grimdale.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.USYP_0002_N91M1708] "c:\documents and settings\dodge caravan\application data\sysprotectscannerinstall[1].exe" -nag
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\rdjfwikg.dll",setvm
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\tjowhhue.dll",setvm
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [soft2] C:\WINDOWS\142092562.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\pwinkodn.exe SED001
O4 - HKLM\..\Run: [ISTray] "C:\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{e263ee66-e13b-0daa-ac5b-fbe136e00cd7}.dll" DllInit
O4 - HKLM\..\RunServices: [Msn Configuration Loader] msngms.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DALE ATOM] C:\DOCUME~1\DODGEC~1\APPLIC~1\PARTON~1\Junk bolt phone.exe
O4 - HKCU\..\Run: [Msn Configuration Loader] msngms.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Creative Detector] C:\Creative2\media source\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WeatherEye] C:\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servle ... 6.000000b5
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\pwinkodn.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/c ... /it1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11111111-1111-1111-1111-111930632492} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.easywww.info/safe/payloadexe.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_30.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o ... winrep.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestation.com/common/clas ... ,3,2,20802
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/active ... anager.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... owdown.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{487A8018-330F-414D-9C98-657C302063E5}: NameServer = 204.97.212.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F969D0A-E813-4690-A602-E9826E749B58}: NameServer = 204.97.212.10
O17 - HKLM\System\CS8\Services\Tcpip\..\{487A8018-330F-414D-9C98-657C302063E5}: NameServer = 204.97.212.10
O17 - HKLM\System\CS9\Services\Tcpip\..\{487A8018-330F-414D-9C98-657C302063E5}: NameServer = 204.97.212.10
O17 - HKLM\System\CS10\Services\Tcpip\..\{487A8018-330F-414D-9C98-657C302063E5}: NameServer = 204.97.212.10
O17 - HKLM\System\CS11\Services\Tcpip\..\{487A8018-330F-414D-9C98-657C302063E5}: NameServer = 204.97.212.10
O17 - HKLM\System\CS12\Services\Tcpip\..\{487A8018-330F-414D-9C98-657C302063E5}: NameServer = 204.97.212.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\systt6.dll icmufecl.dll
O20 - Winlogon Notify: trafkbdy - C:\WINDOWS\system32\trafkbdy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: E404Helper - {5a818245-085a-41df-aa55-fff2a4e7548f} - e404d.dll (file missing)
O21 - SSODL: vadokmxt - {484AC22E-CA14-4653-8CDE-D6C15F6EAEC6} - C:\WINDOWS\vadokmxt.dll
O21 - SSODL: wdpoefan - {DD36E21E-7117-4E2B-80A6-50D67C17D893} - C:\WINDOWS\wdpoefan.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netti32.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COM+ System Service - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

thanks a lot
Dodge Caravan
Active Member
 
Posts: 9
Joined: May 4th, 2008, 9:44 am

Re: Windows stop error 0x804dc11d

Unread postby ndmmxiaomayi » May 9th, 2008, 1:24 am

Hi,

Hi,

Sorry for the delay.

I have no idea that removing Norton would cause problems. :(

At this rate, I have no idea how safe it is to proceed with the cleaning up without further destroying your computer, to that extent that I can't recover it.

I would recommend that you backup all your files, reformat and re-install Windows.

I see that you have already backed up your files. Are they on a USB drive? If so, there's a chance that your USB drive may be infected and will infect your computer when plugged in.

That's due to a feature of Windows. Windows will automatically run external storage devices, and malware has taken advantage of this. When you insert a USB device or other external storage devices, Windows will attempt to detect a file named autorun.inf on the device. If this file is found, it will run the program in this autorun.inf file. Malware alters this file to run and infect your computer.

After you've reformatted and re-installed Windows, please do the following before restoring your backed up files to be sure that they aren't infected:

  • Insert a known clean USB stick into a USB port.
  • Click Start > My Computer
  • Right click on the drive represented by it (on my computer it's F:) and choose Properties
  • Click the Autoplay tab.
  • Check Select an action to perform and then Take no action
  • Click OK

Now you can insert your USB drive and scan it for viruses. If your backed up files are infected, you will need to remove them.

If there are no infected backup files, you can reset the drive to run as you wish afterwards (or not, as you wish).

If you can't find your Windows disc, you can borrow the disc from your friend, but it has to be of the same version. If the version of Windows installed is Windows XP Home, you will need to borrow an XP Home disc to install.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows stop error 0x804dc11d

Unread postby Dodge Caravan » May 9th, 2008, 9:57 am

I have backed up some on a usb and most on dvds, would you recommend i try a windows repair so i dont loose everything? also this might be a dumb question but is my windows cd key the number on the side of my physcial computer (box). Becuase i got a program that tells extracts ur cd key and it is diff from the one on the side of my computer.

Thanks a lot
Dodge Caravan
Active Member
 
Posts: 9
Joined: May 4th, 2008, 9:44 am

Re: Windows stop error 0x804dc11d

Unread postby ndmmxiaomayi » May 9th, 2008, 10:32 am

Hi,

Repairing XP means you only restore Windows XP back to it was before, but you get to keep your programs. However, this also means that malware will still be present on your system as well. Thus I won't recommend that you repair XP.

Please use the CD key found on the side of your computer.

Before that, please also note down the CD key extracted by the program in case the one on your box doesn't work.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows stop error 0x804dc11d

Unread postby Dodge Caravan » May 9th, 2008, 1:36 pm

yea i wrote them both down....is there any difference from using boot disks or changing the boot order in the BIOS?
Dodge Caravan
Active Member
 
Posts: 9
Joined: May 4th, 2008, 9:44 am

Re: Windows stop error 0x804dc11d

Unread postby ndmmxiaomayi » May 9th, 2008, 2:16 pm

What sort of boot disks are you using, may I know?

Changing the boot order is necessary if you want the disc to boot up, rather than the hard disk. Most computers, by default, boot up from the hard disk, not their CD/DVD drives or some other drives.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Windows stop error 0x804dc11d

Unread postby Dodge Caravan » May 9th, 2008, 4:05 pm

they are from microsofts site
http://www.microsoft.com/downloads/deta ... laylang=en

i have used them on my old computer.

also if i reformat before i connect the internet back (post reformat) i will have to put some antivirus software cuz im sure my isp address is linked to viruses, would AVG be enough or would you recommend sometheing else also, like spyware doctor etc...?

Is there a way to disable auto run on dvd's?

Thanks a lot
Dodge Caravan
Active Member
 
Posts: 9
Joined: May 4th, 2008, 9:44 am

Re: Windows stop error 0x804dc11d

Unread postby Shaba » May 10th, 2008, 5:09 am

@The_Napster: You are not allowed to reply to any threads in Malware Removal forum. I deleted your reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Windows stop error 0x804dc11d

Unread postby ndmmxiaomayi » May 10th, 2008, 9:35 am

Hi,

There's not much difference in using Microsoft Boot Disks to set up Windows. Do note that you will still need the Windows CD to complete the installation as said in the Microsoft website.

To disable Autorun for DVDs, it's the same steps as disabling Autorun for USB drives.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware