Member Avatar for Catalana

Hello all,

I have a strange situation going on:

First, I cannot reboot the computer. Once rebooted the computer signs off and never comes on. Second, if I unplug the computer or turn it off, when I start it up, the monitor does not come on - I have to keep unplugging the computer and eventually it will restart the monitor, but not every time. This may be connected to the no reboot problem. Symptoms are the monitor, an LG W2061TQ, has the power button flashing. When I can get it all started, the monitor comes up normally.

Computer is an HP a1600n, XP Pro SP3, 1GB RAM, 3.06 BIOS, 2GB HD.

I ran the suggested diagnostics, etc., and here are the results:

Windows malicious software removal tool yields "no malicious software"

ATF-Cleaner removed everything

GMEROne:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-03 06:35:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD2000JS-60NCB1 rev.10.02E02
Running: kgv15mpx.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pxldrpob.sys


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GMERTwo:

Had to run GMER several times. The first couple of times, I lost the mouse and keyboard during the scan. The 3rd time, I THINK it finished running and I was able to save GMERTwo. Just after saving though the computer locked up and I had to reboot. Here's the log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-03 09:20:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD2000JS-60NCB1 rev.10.02E02
Running: kgv15mpx.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pxldrpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF2E7B6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF2E7B574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF2E7BA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF2E7B14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF2E7B64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF2E7B08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF2E7B0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF2E7B76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF2E7B72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF2E7B8AE]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Here's the mbam log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5238

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/3/2010 12:39:49 PM
mbam-log-2010-12-03 (12-39-49).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 468131
Time elapsed: 2 hour(s), 37 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1475\A0170703.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170734.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170740.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170726.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170727.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170730.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170731.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170732.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170733.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170735.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170737.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1476\A0170738.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1479\A0171359.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP1479\A0171361.DLL (PUP.FunWebProducts) -> Not selected for removal.


had to reboot as usual by turning the computer off.


DDS would not run. On double clicking, a DOS window came up (empty) but nothing happend. Tried several times. Even reloaded the program and tried again - same results every time.

When the computer comes up without the monitor, I believe the computer is running but, of course, I cannot see anything because it hasn't started the monitor.

I appreciate any help!!

  • 3 Contributors
  • 6 Replies
  • 157 Views
  • 1 Month Discussion Span
  • Latest Post Latest Post by Catalana
Member Avatar for jholland1964

Forgive me for being a bit confused but some of your post makes no sense:
I cannot reboot the computer. Once rebooted the computer signs off and never comes on.
If the computer never comes on then how did you run the scans? By your post below and the logs it obviously Does come on.

if I unplug the computer or turn it off, when I start it up, the monitor does not come on - I have to keep unplugging the computer and eventually it will restart the monitor, but not every time.

Everything the MBA-M scan found were in System Restore but you didn't remove them, why? The instructions are very clear, Remove All.

This honestly to me does not sound like a malware problem but a power problem especially with the monitor problem too. I suppose there could be malware that affects the monitor though I honestly have not heard of any.

Have you tried booting to Safe Mode?

Edited by jholland1964 because: n/a
Member Avatar for Catalana

thanks for taking a look!

I guess that does sound funny. I'll try for a better explanation.

When I do a restart, the computer acts as though I signaled for a shutdown. Just goes off and stays off. That is a problem when trying to do some activities like mbam. It wants to restart the computer but it doesn't come back up afterward.

Maybe that's the issue with the log. I did remove the issues mbam found.

Anyway, I came up in safe mode and will run mbam again and post the log.

Besides not being able to complete a restart, the other issue is the monitor not coming back up. I'll try it with another monitor and get back to you.

Thanks!!

Member Avatar for jholland1964

When you do boot to Safe Mode, choose Safe Mode with networking. This will allow you to go online in order to update MBA-M.

Member Avatar for Catalana

As you suggested, the computer seems to be virus free at this point. Mbam ran again and the system is clean.

When I did a restart after the last time I ran mbam, surprise, the monitor came up. I thought it was fixed. However, it does not come up normally every time - indeed, most of the time, after restarting several times for a test.

I'm thinking it must be something in the bios? But I'm not knowledgeable enough to know what.

When the problem occurs, the system is restarted - right away, the fan starts and does not cut off, the monitor light turns on and then starts blinking and the system continues to reboot (I guess because I can't tell what is happening because the monitor seems to go into hibernation.

When it comes up normally, the fan starts and then stops - the monitor lights up and the flash screen shows up. then it goes dark normally and finally comes back with the windows is starting page.

Member Avatar for caperjack

try turning off the monitor ,and leave it off until windows boots completely ,with monitor turned off .turn on the computer ,go walk the dog [or go have a pee,lol]and then turn on the monitor when you get back to see what happened

Edited by caperjack because: n/a
Member Avatar for Catalana

Thanks guys, this one turned out to be a bad processor. I'm thinking a heat issue, since the heat sink material seemed separated when a friend removed the assembly. We put another mother board in but there are few new XP motherboards floating around here so now am having issues with drivers...appreciate the help!!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.