Error Message Saying: "Your system could become unstable"

Discussion in 'Windows Vista Performance' started by SpikeDelight, Jan 12, 2008.

  1. SpikeDelight

    SpikeDelight Guest

    I keep getting this error message when I start up my computer or when it
    comes away from sleep mode. It just started around yesterday or 2 days ago.
    It reads:

    Your system could become unstable

    A potential problem has been detected and Windows has been
    shutdown buggy application to prevent damage to your computer.
    ****WXYZ.SYS - AddressF73120AE base at C00000, DateStamp
    36b072A3
    Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)

    I have no idea what this is but it seems like it's serious. The only thing
    is the incorrect grammar (Windows has been shutdown buggy application) makes
    me suspicious. If someone could help me out that would be great.
     
    SpikeDelight, Jan 12, 2008
    #1
    1. Advertising

  2. It is a virus. Here is a post in another forum from Amol Sable, Security
    Analyst (Secur-i Group), with a link to rid yourself of the virus:

    Common symptoms:
    ================================================================================
    ==============

    1]Systems drives show red cross in front of each drive icon [probably
    showing disconnected state of the logical drive]

    2]System alerts:
    a] NT_kernel error 1256
    b] A potential problem has been detected and Windows has been shutdown buggy
    application to prevent damage to your computer.
    ****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
    Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)

    3]Several pos*.tmp files created in system drive.

    4]Two new shortcuts created on Desktop
    a] Windows Update [ http://storageprotector.com/clean/p=60&gai....]
    b] Help an Support Center [ http://storageprotector.com/clean/p=61&gai....]

    Both point to some suspicious links [not the authentic Windows Update
    Server]


    Screenshot of an infected desktop with a few alerts:
    http://img265.imageshack.us/img265/8682/sceenkb9.jpg

    ================================================================================
    ==============

    Discussion:
    Interestingly, there's a thread initiated in the bitDefender AntiVirus
    Forum - since YESTERDAY, discussing this issue:
    http://forum.bitdefender.com/index.php?showtopic=3561

    ================================================================================
    ==============

    Fix:
    VundoFix AND Combofix utilities are successfully used to detect several
    malicious files indicating infection. This utility also has an option of
    removing the infection.

    VundoFix
    http://www.tinyurl.com/9uaag

    Combofix
    http://tinyurl.com/22n35l



    --
    Dustin Harper

    http://www.vistarip.com


    "SpikeDelight" <> wrote in message
    news:...
    >I keep getting this error message when I start up my computer or when it
    > comes away from sleep mode. It just started around yesterday or 2 days
    > ago.
    > It reads:
    >
    > Your system could become unstable
    >
    > A potential problem has been detected and Windows has been
    > shutdown buggy application to prevent damage to your computer.
    > ****WXYZ.SYS - AddressF73120AE base at C00000, DateStamp
    > 36b072A3
    > Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)
    >
    > I have no idea what this is but it seems like it's serious. The only
    > thing
    > is the incorrect grammar (Windows has been shutdown buggy application)
    > makes
    > me suspicious. If someone could help me out that would be great.
    >
    >
     
    Dustin Harper, Jan 12, 2008
    #2
    1. Advertising

  3. SpikeDelight

    SpikeDelight Guest

    Thank you but neither of these applications work. After the VundoFix is done
    scanning for files when I press Remove Vundo it just restarts my computer
    immediately. And the ComboFix won't open. A message comes up saying that
    it's not a valid system32 application.

    "Dustin Harper" wrote:

    > It is a virus. Here is a post in another forum from Amol Sable, Security
    > Analyst (Secur-i Group), with a link to rid yourself of the virus:
    >
    > Common symptoms:
    > ================================================================================
    > ==============
    >
    > 1]Systems drives show red cross in front of each drive icon [probably
    > showing disconnected state of the logical drive]
    >
    > 2]System alerts:
    > a] NT_kernel error 1256
    > b] A potential problem has been detected and Windows has been shutdown buggy
    > application to prevent damage to your computer.
    > ****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
    > Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)
    >
    > 3]Several pos*.tmp files created in system drive.
    >
    > 4]Two new shortcuts created on Desktop
    > a] Windows Update [ http://storageprotector.com/clean/p=60&gai....]
    > b] Help an Support Center [ http://storageprotector.com/clean/p=61&gai....]
    >
    > Both point to some suspicious links [not the authentic Windows Update
    > Server]
    >
    >
    > Screenshot of an infected desktop with a few alerts:
    > http://img265.imageshack.us/img265/8682/sceenkb9.jpg
    >
    > ================================================================================
    > ==============
    >
    > Discussion:
    > Interestingly, there's a thread initiated in the bitDefender AntiVirus
    > Forum - since YESTERDAY, discussing this issue:
    > http://forum.bitdefender.com/index.php?showtopic=3561
    >
    > ================================================================================
    > ==============
    >
    > Fix:
    > VundoFix AND Combofix utilities are successfully used to detect several
    > malicious files indicating infection. This utility also has an option of
    > removing the infection.
    >
    > VundoFix
    > http://www.tinyurl.com/9uaag
    >
    > Combofix
    > http://tinyurl.com/22n35l
    >
    >
    >
    > --
    > Dustin Harper
    >
    > http://www.vistarip.com
    >
    >
    > "SpikeDelight" <> wrote in message
    > news:...
    > >I keep getting this error message when I start up my computer or when it
    > > comes away from sleep mode. It just started around yesterday or 2 days
    > > ago.
    > > It reads:
    > >
    > > Your system could become unstable
    > >
    > > A potential problem has been detected and Windows has been
    > > shutdown buggy application to prevent damage to your computer.
    > > ****WXYZ.SYS - AddressF73120AE base at C00000, DateStamp
    > > 36b072A3
    > > Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)
    > >
    > > I have no idea what this is but it seems like it's serious. The only
    > > thing
    > > is the incorrect grammar (Windows has been shutdown buggy application)
    > > makes
    > > me suspicious. If someone could help me out that would be great.
    > >
    > >

    >
     
    SpikeDelight, Jan 13, 2008
    #3
  4. SpikeDelight

    Malke Guest

    SpikeDelight wrote:
    > Thank you but neither of these applications work. After the VundoFix is done
    > scanning for files when I press Remove Vundo it just restarts my computer
    > immediately. And the ComboFix won't open. A message comes up saying that
    > it's not a valid system32 application.


    When all else fails, run HijackThis and post your log in one of the
    specialty forums listed below (not here, please):

    http://aumha.org/downloads/hijackthis.zip
    http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
    another tutorial
    http://aumha.net/ - Click on the HijackThis forum. Read the announcement
    and the stickies *first*.
    http://www.atribune.org/forums/index.php?showforum=9
    http://aumha.net/viewforum.php?f=30
    http://www.bleepingcomputer.com/forums/forum22.html
    http://castlecops.com/forum67.html
    http://www.dslreports.com/forum/cleanup
    http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
    http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
    http://gladiator-antivirus.com/forum/index.php?showforum=170
    http://spywarewarrior.com/viewforum.php?f=5
    http://forums.techguy.org/54-security/
    http://forums.tomcoyote.org/


    Malke
    --
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic!"
    MS-MVP Windows - Shell/User
     
    Malke, Jan 13, 2008
    #4
  5. SpikeDelight

    Francisco Guest

    Alguien me puede ayudar por favor



    Logfile of HijackThis v1.99.1
    Scan saved at 12:26:59 p.m., on 28/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Archivos comunes\Apple\Mobile Device
    Support\bin\AppleMobileDeviceService.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Archivos de programa\Bonjour\mDNSResponder.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\Archivos de programa\Microsoft SQL Server\MSSQL$RIIAL\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\iTunes\iTunesHelper.exe
    C:\Archivos de programa\iTunes\iTunesHelper .exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Archivos de programa\WinZip\WZQKPICK.EXE
    C:\Archivos de programa\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\ARCHIV~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Francisco\Configuración local\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    wmplayer.exe //ICWLaunch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    Vínculos
    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes -
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F3 - REG:win.ini: load=C:\WINDOWS\system32\awvtr.exe
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
    - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos
    de programa\google\googletoolbar2.dll
    O3 - Toolbar: VelocidadSimple toolbar -
    {4AD56E6F-7074-41EE-8A40-583C2C76EFCD} - C:\Archivos de
    programa\VelocidadSimple\SCToolbar.dll
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor]
    "C:\ARCHIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Archivos de programa\Trend
    Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [ec760852] rundll32.exe "C:\WINDOWS\system32\dwhrpgdu.dll",b
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de
    programa\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de
    programa\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de
    programa\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos
    comunes\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de
    programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de
    programa\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [cwriter] C:\Archivos de
    programa\VelocidadSimple\cwriter.exe
    O4 - HKLM\..\Run: [VelocidadSimple] C:\Archivos de
    programa\VelocidadSimple\scrmain.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG
    Anti-Spyware 7.5\avgas .exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [math online] C:\DOCUME~1\FRANCI~1\DATOSD~1\THUNKB~1\Road
    locks.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Archivos de
    programa\Winsos\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows
    Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Archivos de
    programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Orb] "C:\Archivos de programa\Winamp
    Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [AROReminder] C:\Archivos de programa\Advanced Registry
    Optimizer\aro.exe -rem
    O4 - HKCU\..\Run: [updateMgr] C:\Archivos de programa\Adobe\Acrobat
    7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [slide.exe] c:\archivos de programa\slide\slide.exe
    O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe"
    /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
    O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos
    comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de
    programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Administrador de servicios.lnk = C:\Archivos de
    programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de
    programa\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de
    programa\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Abrir en nueva ficha de fondo -
    res://C:\Archivos de programa\Windows Live
    Toolbar\Components\es-xl\msntabres.dll.mui/229?92e6449290814811838e2ddb4d5f0728
    O8 - Extra context menu item: Abrir en nueva ficha en primer plano -
    res://C:\Archivos de programa\Windows Live
    Toolbar\Components\es-xl\msntabres.dll.mui/230?92e6449290814811838e2ddb4d5f0728
    O8 - Extra context menu item: Add to Windows &Live Favorites -
    http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel -
    res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de
    programa\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Estadísticas del componente Web Anti-Virus -
    {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky
    Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
    - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer -
    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows
    Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
    {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Archivos de programa\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de
    programa\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\archivos de programa\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
    C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
    http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
    Center Base Module) -
    http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
    Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
    http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} -
    C:\Archivos de programa\Archivos comunes\Pure Networks Shared\puresp3.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
    C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de
    programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Archivos de
    programa\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service
    (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de
    programa\Archivos comunes\Apple\Mobile Device
    Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development
    Group - C:\Archivos de programa\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de
    programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos
    de programa\Bonjour\mDNSResponder.exe
    O23 - Service: DomainService - Unknown owner -
    C:\WINDOWS\system32\itnwspyc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
    C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet
    Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de
    programa\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Archivos de
    programa\Ahead\InCD\InCDsrv.exe
    O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos
    de programa\iPod\bin\iPodService.exe
    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner -
    C:\WINDOWS\system32\windows
    O23 - Service: MSSQL$RIIAL - Unknown owner - c:\Archivos de
    programa\Microsoft SQL Server\MSSQL$RIIAL\Binn\sqlservr.exe" -sRIIAL (file
    missing)
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner -
    C:\Archivos de programa\Pure Networks\Network
    Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure
    Networks, Inc. - C:\Archivos de programa\Pure Networks\Network
    Magic\nmsrvc.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Unknown
    owner - C:\Archivos de programa\Trend Micro\Internet Security\SfCtlCom.exe
    (file missing)
    O23 - Service: SQLAgent$RIIAL - Unknown owner - c:\Archivos de
    programa\Microsoft SQL Server\MSSQL$RIIAL\Binn\sqlagent.EXE" -i RIIAL (file
    missing)
    O23 - Service: Trend Micro Unauthorized Change Prevention Service
    (TMBMServer) - Unknown owner - C:\Archivos de programa\Trend
    Micro\BM\TMBMSRV.exe" /service (file missing)
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner -
    C:\ARCHIV~1\TRENDM~1\INTERN~2\TmPfw.exe (file missing)
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner -
    C:\Archivos de programa\Trend Micro\Internet Security\TmProxy.exe (file
    missing)
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner -
    C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe



    "Malke" wrote:

    > SpikeDelight wrote:
    > > Thank you but neither of these applications work. After the VundoFix is done
    > > scanning for files when I press Remove Vundo it just restarts my computer
    > > immediately. And the ComboFix won't open. A message comes up saying that
    > > it's not a valid system32 application.

    >
    > When all else fails, run HijackThis and post your log in one of the
    > specialty forums listed below (not here, please):
    >
    > http://aumha.org/downloads/hijackthis.zip
    > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
    > http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
    > another tutorial
    > http://aumha.net/ - Click on the HijackThis forum. Read the announcement
    > and the stickies *first*.
    > http://www.atribune.org/forums/index.php?showforum=9
    > http://aumha.net/viewforum.php?f=30
    > http://www.bleepingcomputer.com/forums/forum22.html
    > http://castlecops.com/forum67.html
    > http://www.dslreports.com/forum/cleanup
    > http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
    > http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
    > http://gladiator-antivirus.com/forum/index.php?showforum=170
    > http://spywarewarrior.com/viewforum.php?f=5
    > http://forums.techguy.org/54-security/
    > http://forums.tomcoyote.org/
    >
    >
    > Malke
    > --
    > Elephant Boy Computers
    > www.elephantboycomputers.com
    > "Don't Panic!"
    > MS-MVP Windows - Shell/User
    >
     
    Francisco, Jan 28, 2008
    #5
  6. SpikeDelight

    Francisco Guest

    este mi

    Logfile of HijackThis v1.99.1
    Scan saved at 12:26:59 p.m., on 28/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Archivos comunes\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Archivos de programa\Bonjour\mDNSResponder.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\Archivos de programa\Microsoft SQL Server\MSSQL$RIIAL\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\iTunes\iTunesHelper.exe
    C:\Archivos de programa\iTunes\iTunesHelper .exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Archivos de programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Archivos de programa\WinZip\WZQKPICK.EXE
    C:\Archivos de programa\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\ARCHIV~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Francisco\Configuración local\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    wmplayer.exe

    //ICWLaunch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride =

    *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    Vínculos
    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes -

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F3 - REG:win.ini: load=C:\WINDOWS\system32\awvtr.exe
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

    C:\Archivos de programa\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos
    de

    programa\google\googletoolbar2.dll
    O3 - Toolbar: VelocidadSimple toolbar -
    {4AD56E6F-7074-41EE-8A40-583C2C76EFCD} -

    C:\Archivos de programa\VelocidadSimple\SCToolbar.dll
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor]

    "C:\ARCHIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Archivos de programa\Trend
    Micro\Internet

    Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [ec760852] rundll32.exe "C:\WINDOWS\system32\dwhrpgdu.dll",b
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de
    programa\QuickTime\QTTask.exe"

    -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de
    programa\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de

    programa\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos

    comunes\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de
    programa\Adobe\Reader

    8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de
    programa\Adobe\Photoshop

    Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [cwriter] C:\Archivos de
    programa\VelocidadSimple\cwriter.exe
    O4 - HKLM\..\Run: [VelocidadSimple] C:\Archivos de

    programa\VelocidadSimple\scrmain.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG

    Anti-Spyware 7.5\avgas .exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [math online] C:\DOCUME~1\FRANCI~1\DATOSD~1\THUNKB~1\Road
    locks.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Archivos de
    programa\Winsos\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows

    Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Archivos de

    programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Orb] "C:\Archivos de programa\Winamp
    Remote\bin\OrbTray.exe"

    /background
    O4 - HKCU\..\Run: [AROReminder] C:\Archivos de programa\Advanced Registry

    Optimizer\aro.exe -rem
    O4 - HKCU\..\Run: [updateMgr] C:\Archivos de programa\Adobe\Acrobat

    7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [slide.exe] c:\archivos de programa\slide\slide.exe
    O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe"
    /nosplash

    /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
    O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos

    comunes\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de
    programa\Adobe\Acrobat

    6.0\Distillr\acrotray.exe
    O4 - Global Startup: Administrador de servicios.lnk = C:\Archivos de

    programa\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de

    programa\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de

    programa\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Abrir en nueva ficha de fondo -
    res://C:\Archivos de

    programa\Windows Live

    Toolbar\Components\es-xl\msntabres.dll.mui/229?92e6449290814811838e2ddb4d5f0728
    O8 - Extra context menu item: Abrir en nueva ficha en primer plano -

    res://C:\Archivos de programa\Windows Live

    Toolbar\Components\es-xl\msntabres.dll.mui/230?92e6449290814811838e2ddb4d5f0728
    O8 - Extra context menu item: Add to Windows &Live Favorites -

    http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel -

    res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Archivos

    de programa\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de

    programa\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Estadísticas del componente Web Anti-Virus -

    {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky

    Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

    C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer -

    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows

    Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
    Diagnostic\xpnetdiag.exe

    (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Archivos

    de programa\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de
    programa\Messenger\msmsgs.exe

    (file missing)
    O10 - Unknown file in Winsock LSP: c:\archivos de programa\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
    C:\Archivos

    de programa\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

    http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
    Center Base

    Module) -
    http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
    Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -

    http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

    C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    C:\ARCHIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} -
    C:\Archivos de

    programa\Archivos comunes\Pure Networks Shared\puresp3.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de
    programa\Archivos

    comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Archivos de

    programa\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service
    (file

    missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de
    programa\Archivos

    comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development
    Group -

    C:\Archivos de programa\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Archivos de

    programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos
    de

    programa\Bonjour\mDNSResponder.exe
    O23 - Service: DomainService - Unknown owner -
    C:\WINDOWS\system32\itnwspyc.exe (file

    missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
    C:\Archivos de

    programa\Archivos comunes\Macrovision Shared\FLEXnet

    Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de

    programa\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Archivos de

    programa\Ahead\InCD\InCDsrv.exe
    O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de

    programa\iPod\bin\iPodService.exe
    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner -

    C:\WINDOWS\system32\windows
    O23 - Service: MSSQL$RIIAL - Unknown owner - c:\Archivos de
    programa\Microsoft SQL

    Server\MSSQL$RIIAL\Binn\sqlservr.exe" -sRIIAL (file missing)
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner -

    C:\Archivos de programa\Pure Networks\Network
    Magic\WebServer\bin\nmraapache.exe" -k

    runservice (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure
    Networks, Inc.

    - C:\Archivos de programa\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Unknown
    owner -

    C:\Archivos de programa\Trend Micro\Internet Security\SfCtlCom.exe (file
    missing)
    O23 - Service: SQLAgent$RIIAL - Unknown owner - c:\Archivos de
    programa\Microsoft SQL

    Server\MSSQL$RIIAL\Binn\sqlagent.EXE" -i RIIAL (file missing)
    O23 - Service: Trend Micro Unauthorized Change Prevention Service
    (TMBMServer) -

    Unknown owner - C:\Archivos de programa\Trend Micro\BM\TMBMSRV.exe" /service
    (file

    missing)
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner -

    C:\ARCHIV~1\TRENDM~1\INTERN~2\TmPfw.exe (file missing)
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner -
    C:\Archivos de

    programa\Trend Micro\Internet Security\TmProxy.exe (file missing)
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner -
    C:\Archivos

    de programa\Windows Live\installer\WLSetupSvc.exe


    ------------------------------------------------------------------------------------------
    "SpikeDelight" wrote:

    > I keep getting this error message when I start up my computer or when it
    > comes away from sleep mode. It just started around yesterday or 2 days ago.
    > It reads:
    >
    > Your system could become unstable
    >
    > A potential problem has been detected and Windows has been
    > shutdown buggy application to prevent damage to your computer.
    > ****WXYZ.SYS - AddressF73120AE base at C00000, DateStamp
    > 36b072A3
    > Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)
    >
    > I have no idea what this is but it seems like it's serious. The only thing
    > is the incorrect grammar (Windows has been shutdown buggy application) makes
    > me suspicious. If someone could help me out that would be great.
    >
    >
     
    Francisco, Jan 28, 2008
    #6
  7. SpikeDelight

    Malke Guest

    Francisco wrote:
    > este mi
    >
    > Logfile of HijackThis v1.99.1


    (snip)

    Francisco -

    1. You've posted to an English-speaking newsgroup. You should find a
    Spanish-speaking one in this list here:

    http://aumha.org/nntp.htm - list of MS newsgroups

    Look for groups with *.es.

    2. You also posted to an old, closed thread. You should make a new one.

    3. We don't analyze HijackThis logs in the MS newsgroups because a) of
    privacy issues; b) and because it takes a great deal of time and
    expertise to analyze HJT logs and you won't get the help you need in a
    newsgroup. Instead, register at one of the specialty forums listed below
    (in no particular order) and post your log there to get guided help.
    Read the posting FAQ first at whatever forum you choose.

    http://aumha.org/downloads/hijackthis.zip
    http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
    another tutorial
    http://aumha.net/ - Click on the HijackThis forum. Read the announcement
    and the stickies *first*.
    http://www.atribune.org/forums/index.php?showforum=9
    http://aumha.net/viewforum.php?f=30
    http://www.bleepingcomputer.com/forums/forum22.html
    http://castlecops.com/forum67.html
    http://www.dslreports.com/forum/cleanup
    http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
    http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
    http://gladiator-antivirus.com/forum/index.php?showforum=170
    http://spywarewarrior.com/viewforum.php?f=5


    Malke
    --
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic!"
    MS-MVP Windows - Shell/User
     
    Malke, Jan 28, 2008
    #7
  8. SpikeDelight

    Guest

    --The exact thing is happening to me and i am running Windows XP SP2 What
    can I do or where can I go to solve this problem??
    Kelly


    "SpikeDelight" wrote:

    > I keep getting this error message when I start up my computer or when it
    > comes away from sleep mode. It just started around yesterday or 2 days ago.
    > It reads:
    >
    > Your system could become unstable
    >
    > A potential problem has been detected and Windows has been
    > shutdown buggy application to prevent damage to your computer.
    > ****WXYZ.SYS - AddressF73120AE base at C00000, DateStamp
    > 36b072A3
    > Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)
    >
    > I have no idea what this is but it seems like it's serious. The only thing
    > is the incorrect grammar (Windows has been shutdown buggy application) makes
    > me suspicious. If someone could help me out that would be great.
    >
    >
     
    , Jan 31, 2008
    #8
  9. SpikeDelight

    Guest

    On 31 Jan, 01:40,
    <.> wrote:
    > --The exact thing is happening to me and i am running Windows XP SP2 What
    > can I do or where can I go to solve this problem??
    > Kelly
    >
    >
    >
    > "SpikeDelight" wrote:
    > > I keep getting this error message when I start up my computer or when it
    > > comes away from sleep mode.  It just started around yesterday or 2 days ago.  
    > > It reads:

    >
    > > Your system could become unstable

    >
    > > A potential problem has been detected and Windows has been
    > > shutdown buggy application to prevent damage to your computer.
    > > ****WXYZ.SYS- AddressF73120AE base at C00000, DateStamp
    > > 36b072A3
    > > Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)

    >
    > > I have no idea what this is but it seems like it's serious.  The only thing
    > > is the incorrect grammar (Windows has been shutdown buggy application) makes
    > > me suspicious.  If someone could help me out that would be great.- Hide quoted text -

    >
    > - Show quoted text -


    I have just spent the last two days trying to detect and remove this
    from one of the systems here where i work. This finally did the trick
    for me. With a little manual help afterwards

    http://www.superantispyware.com

    Download install the above. Complete a full update and then a full
    system scan.

    Remove any detected Spyware/ Malware

    Down load hijack this and post the results then someone can look at
    what is left and advise you further.

    Grayzieuk
     
    , Feb 19, 2008
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gary

    receive error message saying codec 22 req'd

    Gary, Apr 14, 2008, in forum: Windows Vista Music, Pictures and Video
    Replies:
    0
    Views:
    193
  2. Stephanie

    error message saying to reinstall

    Stephanie, Jan 21, 2004, in forum: Windows Media Player
    Replies:
    1
    Views:
    124
    Chris Lanier
    Jan 21, 2004
  3. Dave L.

    "error message saying Windows needs to close"

    Dave L., Mar 2, 2004, in forum: Windows Media Player
    Replies:
    1
    Views:
    173
    Chris Lanier [MVP]
    Mar 2, 2004
  4. ACE90112

    i keep getting error message saying i need codecs

    ACE90112, Nov 7, 2004, in forum: Windows Media Player
    Replies:
    3
    Views:
    143
    Chris Lanier [MVP]
    Nov 9, 2004
  5. Fatedone
    Replies:
    0
    Views:
    121
    Fatedone
    Jul 2, 2005
Loading...

Share This Page