TechSpot

Made it to Step 8 - need expertise

By RXILAND
Dec 4, 2008
  1. After son opened attachment "is this a picture of you", my pc Windows XP home version began doing strange things;
    - hourglass attached to mouse and wouldn't go away as though something unable to load in background (still doing this)
    - system started to get very slow
    - when I went to log into my account I would be booted out and a message "Page_fault_in_nonpaged_area" and I would have to reboot

    I have no clue what virus this is although I did notice some file names during the scans such as zlob.downloader and virtumundo...I have attached the logs as per removal instructions but have no clue what to do next.

    - My updated McAfee scan also detected some "cut wail" files and are now quarantined.

    I would sincerely appreciate any sound advice
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    From a malware point of view, your logs are clean. If McAfee has quarantined all processes for cutwail, they are now out of your system and can be deleted.

    Scan will show what process they are checking for, usually at lower left of screen. That does not mean that you have the infection. It's part of the program's database.

    You are slow because you have too many programs ans processes starting at boot. This make the startup slower, the surfing slower because all that starts on boot runs in the background. It will also make shutdown slower because each of those programs and processes have to close.

    You have control over this by unchecking everything on the Startup menu except the antivirus program, firewall, touchpad if on laptop. Every thing else can be started manually when needed:
    Start> Run> msconfig> enter> Selective Startup> Startup menu> UNCHECK all but the processes mentioned above> Apply> OK> Reboot

    NOTE: you will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup to retain the changes.

    To check for the source of the error:
    Start> Run> cmd> type in eventvwr
    Do this on each the System and the Applications logs:
    Please ignore Warnings. Don't paste the entire log.
     
  3. RXILAND

    RXILAND TS Rookie Topic Starter Posts: 22

    System and Application logs

    Bobbye;
    I thank you for your response! I am posting the errors around the time of being booted out of my computer as suggested:

    APPLICATION ERRORS
    Event Type: Error
    Event Source: Application Error
    Event Category: None
    Event ID: 1000
    Date: 12/2/2008
    Time: 4:08:59 PM
    User: N/A
    Computer: DF37SC61
    Description:
    Faulting application dlbtbmon.exe, version 1.0.5.0, faulting module hid.dll, version 5.1.2600.5512, fault address 0x00001ab4.

    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 64 6c 62 ure dlb
    0018: 74 62 6d 6f 6e 2e 65 78 tbmon.ex
    0020: 65 20 31 2e 30 2e 35 2e e 1.0.5.
    0028: 30 20 69 6e 20 68 69 64 0 in hid
    0030: 2e 64 6c 6c 20 35 2e 31 .dll 5.1
    0038: 2e 32 36 30 30 2e 35 35 .2600.55
    0040: 31 32 20 61 74 20 6f 66 12 at of
    0048: 66 73 65 74 20 30 30 30 fset 000
    0050: 30 31 61 62 34 0d 0a 01ab4..


    Event Type: Error
    Event Source: MsiInstaller
    Event Category: None
    Event ID: 11706
    Date: 12/2/2008
    Time: 4:18:11 PM
    User: DF37SC61\Shonna
    Computer: DF37SC61
    Description:
    Product: Microsoft Office 2000 SR-1 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Standard. The Windows installer cannot continue.

    For more information, see Help and Support Center go.microsoft.com/fwlink/events
    Data:
    0000: 7b 30 30 30 32 30 34 30 {0002040
    0008: 39 2d 37 38 45 31 2d 31 9-78E1-1
    0010: 31 44 32 2d 42 36 30 46 1D2-B60F
    0018: 2d 30 30 36 30 39 37 43 -006097C
    0020: 39 39 38 45 37 7d 998E7}


    Event Type: Error
    Event Source: crypt32
    Event Category: None
    Event ID: 8
    Date: 12/2/2008
    Time: 8:09:29 PM
    User: N/A
    Computer: DF37SC61
    Description:
    Failed auto update retrieval of third-party root list sequence number from: download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


    For more information, see Help and Support Center go.microsoft.com/fwlink/events.asp

    SYSTEM ERRORS:

    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10005
    Date: 12/2/2008
    Time: 8:09:39 PM
    User: NT AUTHORITY\SYSTEM
    Computer: DF37SC61
    Description:
    DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}


    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7001
    Date: 12/2/2008
    Time: 8:10:26 PM
    User: N/A
    Computer: DF37SC61
    Description:
    The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
    A device attached to the system is not functioning.


    Event Type: Error
    Event Source: Dhcp
    Event Category: None
    Event ID: 1002
    Date: 12/2/2008
    Time: 8:18:32 PM
    User: N/A
    Computer: DF37SC61
    Description:
    The IP address lease 192.168.100.11 for the Network Card with network address 000F9F274409 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).


    Naturally there are multiple errors from the 2nd onward but these are the repetitive errors.
    Your knowledge is most sincerely appreciated!
    Shonna
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Nice job. Here's the breakdown:
    1. App Error: 1000> Faulting application dlbtbmon.exe, version 1.0.5.0, faulting module hid.dll Date: 12/2/2008 Time: 4:08:59 PM
    2. 11706, MsiInstaller> No valid source could be found for product Date: 12/2/2008 Time: 4:18:11 PM
    3. Event 8, Source crypt32 Date: 12/2/2008 Time: 8:09:29 PM
    4. Event Source: DCOM Date: 12/2/2008 Time: 8:09:39 PM
    5. 7001, Service Control Manager, Date: 12/2/2008 Time: 8:10:26 PM
    The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
    A device attached to the system is not functioning.
    The service needs some hardware to be present in order to run

    If NetBIOS over Transmission Control Protocol/Internet Protocol (TCP/IP) is disabled, this error will occur.
    See next post for last Event.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    6. Event Source: DHCP, Event ID: 1002 Date: 12/2/2008Time: 8:18:32 PM

    The IP address lease 192.168.100.11 for the Network Card with network address 000F9F274409 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

    This usually resolves after DHCPNACK is sent and rec'd. If not, see below:

    This behavior can occur because the DHCP server service is not bound to a statically-configured Transmission Control Protocol/Internet Protocol (TCP/IP) adapter, which is usually the internal adapter.

    NOTE: If the network cable is not attached to the network, Windows will not allow any service to bind to TCP/IP.

     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...