PC Shuts Off During Windows Boot-up

[Bob356]

PC won't boot-up in the normal mode. Will run in Safe Mode. Running XP SP3.

Error logs messages:
Friday, June 12, 2009 DCOM DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B 726-00C04FB926AF}
Friday, June 12, 2009 Service Control Manager The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
Friday, June 12, 2009 Service Control Manager The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
Friday, June 12, 2009 Service Control Manager The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
Friday, June 12, 2009 Service Control Manager The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
Friday, June 12, 2009 Service Control Manager The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSm b NetBIOS NetBT RasAcd Rdb ss Tcpip
Friday, June 12, 2009 DCOM DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-B F92-0060081ED811}

Have had this problem off and on for over a month. System restore works some of the time to go into normal mode.
No virus detected with Avast Free or previously with ZoneAlarm.
Thx for any help.


DDS (Ver_09-05-14.01) - NTFSx86
Run by BobLim at 22:35:58.02 on Fri 06/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1465 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090612-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\My Downloads\Boot Problem Related\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://ucla.scout.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222721150375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} - hxxp://mail.lycos.com/hanmail-ax/AttachMail.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\boblim\applic~1\mozilla\firefox\profiles\f92xacpa.default\
FF - prefs.js: browser.startup.homepage - hxxp://ucla.scout.com/

============= SERVICES / DRIVERS ===============

R0 MFX;MFX; [x]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-28 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-28 138680]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-28 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-28 352920]

=============== Created Last 30 ================

2009-06-12 14:10 <DIR> --d----- c:\docume~1\boblim\applic~1\Simply Super Software
2009-06-12 13:09 552 a------- c:\windows\system32\d3d8caps.dat
2009-06-10 13:30 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-08 19:46 201,050 a------- c:\windows\system32\nvapps.nvb
2009-06-08 19:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-06-08 19:21 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-06-04 13:03 6,693 a------- C:\78875.sym
2009-06-04 13:03 3,982 a------- c:\windows\kj01d.sys
2009-06-04 12:15 219 a------- c:\windows\z56k2.ini
2009-06-04 12:11 <DIR> --d----- c:\program files\Magic Folders

==================== Find3M ====================

2009-04-28 12:42 4,904 a------- c:\windows\system32\PerfStringBackup.TMP
2009-04-28 12:40 4,212 a---h--- c:\windows\system32\zllictbl.dat

============= FINISH: 22:36:05.98 ===============

[Bob356]

Bump Please

Thx

[tetonbob]

Hi -

Not sure this is malware related.

How long have you had Magic Folders on the machine? It doesn't seem to be fully installed, but I see some references to issues with boot surrounding it, if drivers are left in place, as indicated in the gmer log.

Does the occurrence of the issue coincide with the addition of, or attempted removal of, this application?

Does the machine BSOD upon normal mode start? or just restart? Is the machine set to restart on failure, or BSOD?

AutoRestart on System Failure

Go to Start >> Run - type or copy/paste control sysdm.cpl,,3 & press Enter

• Under Startup and Recovery, Click Settings
• Under System Failure, Uncheck Automatically Restart

Restart the machine, and note the complete STOP error if there is one.

[Bob356]

Thx For Your Response,

No BSOD, the PC just shuts off after attempting to boot up in Windows. I have to turn it on manually to get to the safe mode.

Problem was there prior to installing Magic Folders.

[tetonbob]

Something odd about your DDS log. You ran that in Safe Mode? Was it Safe Mode w/Networking?

[Bob356]

Hi,

it was safe mode only

[tetonbob]

So, you're transferring tools to and logs from the machine using a USB drive or other removable media?

Download CF-querySvc.exe

Double click to run it, then please post the log it produces.

[Bob356]

I may be miss informing you. When I posted the DDS, I was back into Windows from using a system restore point that would work. It sometimes take a few trys before it would boot.

Should I still run the program you suggest.

[tetonbob]

Yes. Also, if DDS will currently run in Normal mode, I'd like to see a current log. No more System Restore for now, please.

[Bob356]

I have been posting on another PC today. I will have to boot up the problem PC and get back online. Not sure how long it will take.

Thx for your help.

[Bob356]

My problem PC booted up in normal mode without the turn-off problem occurring.

Ran DDS again. Ran CF-querySvc, but did not see any log file. Where should I be looking?


DDS (Ver_09-05-14.01) - NTFSx86
Run by Bob at 22:57:45.20 on Tue 06/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1536 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090616-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\My Downloads\Boot Problem Related\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://ucla.scout.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222721150375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} - hxxp://mail.lycos.com/hanmail-ax/AttachMail.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bob\applic~1\mozilla\firefox\profiles\55mlzmye.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://ucla.scout.com/

============= SERVICES / DRIVERS ===============

R0 MFX;MFX; [x]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-28 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-28 138680]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-28 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-28 352920]

=============== Created Last 30 ================

2009-06-13 01:16 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-12 13:09 552 a------- c:\windows\system32\d3d8caps.dat
2009-06-10 13:30 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-08 19:46 201,050 a------- c:\windows\system32\nvapps.nvb
2009-06-08 19:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-06-08 19:21 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-06-04 13:03 6,693 a------- C:\78875.sym
2009-06-04 13:03 3,982 a------- c:\windows\kj01d.sys
2009-06-04 12:15 219 a------- c:\windows\z56k2.ini
2009-06-04 12:11 <DIR> --d----- c:\program files\Magic Folders

==================== Find3M ====================

2009-04-28 12:42 4,904 a------- c:\windows\system32\PerfStringBackup.TMP
2009-04-28 12:40 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-09-29 14:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 22:58:15.07 ===============

[tetonbob]

Hi -

The CF-querySvc log should just open in notepad after a command window opens for a minute or three.

That DDS log looks more normal. Note the differences in the running processes section, the svchost.exe

[tetonbob]

I'm signing off for the night.

To help us eliminate malware as the cause of the issues, and due to possible problems with continued internet access for the duration of an online scan, I'd like you to try to run this onboard scanner.

If normal mode presents issues again, you can run the scan in safe mode.

This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I do not want it to clean--for now, I only want to see a Report of what it finds.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

• Doubleclick the drweb-cureit.exe file.
• Click on Start, and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar, Go to Options>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects, Infected Packages and Malware to Report, then click OK
• Next, tick the Complete Scan radio button.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Ignore and close any windows which open, prompting you to buy DrWeb.
• Post the contents of the log from Dr.Web you saved previously in your next reply.

[Bob356]

Here is the contents of the DrWeb report.

video_downloader_setup.exe\data001;C:\My Downloads\video_downloader_setup.exe;Trojan.PWS.Gamania.19034;;
video_downloader_setup.exe;C:\My Downloads;Archive contains infected objects;;
mfx.exe\#setuppath#\install.exe;C:\My Downloads\File Mgt_List Files\mfx.exe;Probably BACKDOOR.Trojan;;
mfx.exe;C:\My Downloads\File Mgt_List Files;Container contains infected objects;;
ELADownloadInstaller.exe/Easylinkadvisorweb.exe\GTDOWN.OCX;C:\My Downloads\Linksys\ELADownloadInstaller.exe/Easylinkadvisorweb.exe;Adware.Gdown;;
Easylinkadvisorweb.exe;C:\My Downloads\Linksys;Archive contains infected objects;;
ELADownloadInstaller.exe;C:\My Downloads\Linksys;Archive contains infected objects;;
A0066322.exe\pwdump2\pwdump2.exe;C:\System Volume Information\_restore{BB67F767-058D-44F8-8F63-1E55DECA7EF6}\RP531\A0066322.exe;Tool.Pwdump;;
A0066322.exe\pwdump2\samdump.dll;C:\System Volume Information\_restore{BB67F767-058D-44F8-8F63-1E55DECA7EF6}\RP531\A0066322.exe;Tool.Pwdump;;
A0066322.exe;C:\System Volume Information\_restore{BB67F767-058D-44F8-8F63-1E55DECA7EF6}\RP531;Archive contains infected objects;;
install.exe;C:\SYZ_DAT;Probably BACKDOOR.Trojan;;
GTDownLS_125.ocx;C:\WINDOWS\system32;Adware.Gdown;;

Thx again.

[tetonbob]

Ok, nothing really major going on there.

Of all those finds, this is the only one I'd worry about. If you trust it's source, fine, otherwise delete it. This type of file is quite often responsible for rogue/fake alert infections.

C:\My Downloads\video_downloader_setup.exe

The other finds, some are from your Linksys, and some are part of Magic Folders

I'd like you to look at these two FAQs on Magic Folder's site

http://www.pc-magic.com/mfxt.htm#Anchor3
http://www.pc-magic.com/mfxt.htm#t5

Now this, from the DDS log

R0 MFX;MFX; [x]

MFX has no file associated with it, but it's running. Could mean issues.

Several of these in the Event Logs

Quote:

failed to start because of the following error: A device attached to the system is not functioning.

You've told me the issue pre-dates Magic Folders, but this can't be helping. I also don't see Magic Folders in the installed programs. Does this mean you have tried to uninstall it?

We should at least change it's startup designation, and stop it.

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

Quote:

@echo off
sc config MFX start= disabled
sc stop MFX
exit

Double click FixServices.bat. A window will open and close. This is normal.


Other than that, I would suspect an OS corruption, or hardware issue for the restarts. It does not appear to be malware related.

[Bob356]

I have not tried to uninstall Magic folders to date. I will do as you suggest and shut it off.

What do you suggest I do about fixing my problem when it returns again? If its an OS problem should I reload Windows XP or a old ghost image that I have on another HD in the PC?

Thanks very much for help.

[tetonbob]

If the shutdown issue reasserts itself, I would suspect a driver conflict issue (if the machine is always stable in Safe Mode, but won't load Normal Mode), or a hardware issue(faulty RAM, overheating or power supply issue), or a corrupted OS install.

Any of those would be better addressed either back in the Hardware section where you first posted, or in the Windows XP section of the forums.

[tetonbob]

Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help