ent

I don't know how much detail you want, but I've transcribed the whole thing below. By the way, this is a Dell computer and there are scads of hardware diagnostics built in that I can get to by pressing F12 on boot. I've been running a variety of them and haven't found anything amiss yet. Regarding backups, I happened to do one a few days ago. ----- A problem has been detected and Windows has been shut down to prevent damage to your computer. If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps. Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F for hard drive corruption and then restart your computer. Technical information: *** STOP: 0x0000007B (0xF791F524,0xC0000034,0x00000000,0x00000000)

I've been a software engineer for 30+ years, so I've learned a few things. I ran chkdsk /r and it ran for a long time, but didn't seem to find any errors. At least, it didn't report any and when it was done, it didn't list any bad sectors in the totals. I don't know if this means that it successfully fixed errors or it didn't find any. I'm still getting the blue screen.

(I meant to say "I still get the blue screen".)

I was able to boot from CD and run the recovery console. I found what appeared to be the backup in erdnt\Hiv-backup. There was no erdnt\subs. I ran the batch command and it said that it was copying files. But when I restart, I still the the blue screen. While I was there, I ran a chkdsk /P and it reported that there were errors. I did not run chkdsk /F to fix them.

When I run the recovery console on startup, I get the blue screen before I see any options.

The recovery console was already installed. I forgot to mention that I tried to boot up with the recovery option and got the same result. Yes, I should have the install disk somewhere.

I followed your instructions and Combofix did some things, then said that it needed to reboot, and upon restart I got the blue screen of death. Now I'm unable to boot up at all. I get the BSoD, no matter how I try to start (normal, last known good, safe, safe with networking, safe with command prompt). What now?

My symptoms have been: * spontaneous popups * cannot run MBAM because mbam.exe doesn't exist * after un- and re-installing MBAM, mbam.exe still doesn't exist * get "error loading c:\windows\system32\dorugeba.dll" message on boot * cannot boot to safe mode with networking -- get blue screen of death * got one BSOD when running normally Your help is appreciated! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:04:07 AM, on 11/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\WINDOWS\Explorer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\PROGRA~1\RCrawler\RCrawler.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\CapsUnlock\CapsUnlock.exe C:\Program Files\FlashTray Pro\FlashTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\RootkiRevealer\RootkitRevealer.exe C:\DOCUME~1\BILLEN~1\LOCALS~1\Temp\EVBYUMDVDYTQ.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Firefox\firefox.exe C:\Documents and Settings\Bill Entwistle\Desktop\winlogin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070418 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 F2 - REG:system.ini: Shell=Explorer.exe logon.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Registry Crawler] C:\PROGRA~1\RCrawler\RCrawler.exe -TRAYONLY O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [surezadil] Rundll32.exe "c:\windows\system32\dorugeba.dll",a O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - S-1-5-18 Startup: Alarm.lnk = C:\Program Files\Alarm\Alarm.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: FlashTray.lnk = C:\Program Files\FlashTray Pro\FlashTray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Alarm.lnk = C:\Program Files\Alarm\Alarm.exe (User 'Default user') O4 - .DEFAULT Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe (User 'Default user') O4 - .DEFAULT Startup: FlashTray.lnk = C:\Program Files\FlashTray Pro\FlashTray.exe (User 'Default user') O4 - Startup: Alarm.lnk = C:\Program Files\Alarm\Alarm.exe O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe O4 - Startup: FlashTray.lnk = C:\Program Files\FlashTray Pro\FlashTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.netflix.com O15 - Trusted Zone: *.pandora.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177138576847 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177467272937 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - O20 - AppInit_DLLs: mijoroso.dll c:\windows\system32\dorugeba.dll O21 - SSODL: pirovebob - {04d7d960-4f27-46d5-93ed-16ca2147be51} - c:\windows\system32\dorugeba.dll (file missing) O22 - SharedTaskScheduler: gahurihor - {04d7d960-4f27-46d5-93ed-16ca2147be51} - c:\windows\system32\dorugeba.dll (file missing) O23 - Service: 0258161238559076mcinstcleanup - - (no file) O23 - Service: 0327391238561196mcinstcleanup - - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: EVBYUMDVDYTQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\BILLEN~1\LOCALS~1\Temp\EVBYUMDVDYTQ.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LW - Unknown owner - C:\DOCUME~1\BILLEN~1\LOCALS~1\Temp\LW.exe (file missing) O23 - Service: mcmscsvc - Unknown owner - (no file) O23 - Service: McNASvc - Unknown owner - (no file) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 11932 bytes