Dell Dim C521, desktop, AMD processor, 1 gig ram, about 1 year old
XP Pro, SP3,,now running IE 8

This started a couple of weeks ago. We would intermittently get the blue screen saying:::
-----------------------------------------------------------------------
A problem has been detected and windows has been shut down to prevent damage to your computer.

SET_OF_INVALID_CONTEXT

If this is the first time you-ve seen this top error screen, restart your computer. If this screen appears again follow these steps:

check to make sure any new hardware or softwasre is properly installed. If this a new installation ask your hardware or software manufacturer of any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. I fyou need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup options and select Safe Mode

Technical Info:
**** STOP 0x00000030
(0xB28FE670, 0XB32F9CC4, 0XB32F9C50, 0X00000000)

Beginning a dump of physical memory.
Contact your system administrator or technical support group for further assistance.
-----------------------------------------------------------------------

I have updated the BIOS, this did not help.
Sometimes I can get to the internet, sometimes McAfee pops up a message that says
A buffer overflow was detected and blocked on your computer
process c:\program files\internet explorer\iexplorer.exe,
The blue screen can happen with anything or nothing is running.

sometimes is says the buffer overflow is with wuauclt.exe and sometimes svchost.exe.

I have run McAfee virus scanner and it found nothing.
malwarebytes and super anti spyware just found tracking cookies. which were deleted.

Finally, after running ccleaner, superantispyware, malwarebytes, mcafee antivirus, (several times) we got the blue screen to go away, except for when we would reboot or turn off the computer. the blue screen would still come up and we would have to turn the computer off with the i/o button.

Then about 3 days ago my husband let a windows update be applied when prompted and we started getting this window coming up, like a command prompt window running a script

:certgr >> LibMain: DLL_PROCESS_ATTACH, hInstDLL=0
:certgr >> DllRegisterServer called
:certgr >> DllRegisterServer: crypt32 found, installing cert hooks
:certgr >> SetHooks called
:certgr >> __IAT_HookAPI: lpszDllName=crypt32
:certgr >> IAT_HookAPI: dwAPIHash=D058D0FF
:certgr >> IAT_HookAPI: lpHookFunc=00E043E4
:certgr >> NB: single-thread decr in APIstatic buff used=
:certgr >> GetAPINameByHash: PFXImportCertStore
:certgr >> IAT_HookAPI: lpOrigFunc addr found=77AEFF8F
:certgr >> __IAT_HookAPI: lpszDllName=crypt32
:certgr >> IAT_HookAPI: dwAPIHash=E5ECCAE9
:certgr >> IAT_HookAPI: lpHookFunc=00E044AA
:certgr >> NB: single-thread decr in APIstatic buff used=
:certgr >> GetAPINameByHash: CertFindCertificateInStore
:certgr >> IAT_HookAPI: lpOrigFunc addr found=77A96CA4
:certgr >> __IAT_HookAPI: lpszDllName=ntdll
:certgr >> IAT_HookAPI: dwAPIHash=960851C1
:certgr >> IAT_HookAPI: lpHookFunc=00E03B90
:certgr >> NB: single-thread decr in APIstatic buff used=
:certgr >> GetAPINameByHash: LdrGetProcedureAddress
:certgr >> IAT_HookAPI: lpOrigFunc addr found=00CC340C
:certgr >> __IAT_HookAPI: lpszDllName=ntdll
:certgr >> IAT_HookAPI: dwAPIHash=04586AC0
:certgr >> IAT_HookAPI: lpHookFunc=00E03A6F
:certgr >> NB: single-thread decr in APIstatic buff used=
:certgr >> GetAPINameByHash: LdrLoadDll
:certgr >> IAT_HookAPI: lpOrigFunc addr found=00CC3256
:certgr >> DllRegisterServer: about to exit
:certgr >> thrExportCerts entered, waiting...
:certgr >> thrExportCerts wait finished, proceeding
:certgr >> EnumCerts called (sleep 6 sec)
:certgr >> EnumCerts finished

this would start with every application that was run. the computer help forum on help2go directed me to you.

I have run ccleaner
superantispyware (cleaned adware cookies)
malwarebytes (log will be supplied)
panda active scan (cleaned Generic Trojan, w32/PrettyPark, JS/kak.worm)

after the panda active scan (last night) I was finally able to do the windows update and install IE7. We were up to date on all critical windows updates, but were running IE6, now we are running IE7.

I was also able to install and run spybotSD tonight, fixed
Fraud.MSAntispyware2009
Virtumonde.sdn

The certgr script thing is gone.
the last time I rebooted, it actually rebooted normally,
finally we may have cleaned things up, but I need some expert opinion
to see if we are clean.

Please let me know what else I need to scan or clean...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11, on 07/30/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\4 Warn Alert\TrueWeather.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070502
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 4 Warn Alert.lnk = C:\Program Files\Common Files\4 Warn Alert\TrueWeather.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://www.abebooks.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.trendsecure.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.....;/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://amcmailcls2.faa.gov/iNotes6W.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7927 bytes

Malwarebytes logs, nothing found

Malwarebytes' Anti-Malware 1.37
Database version: 2191
Windows 5.1.2600 Service Pack 3
07/30/09 11:10:32 PM
mbam-log-2009-07-30 (23-10-32).txt
Scan type: Full Scan (C:\|)
Objects scanned: 143936
Time elapsed: 56 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:


okay, even though the certgr script thing is gone,
the blue screen is definitely still happening.

I let the error be reported to MS and for the first time it went through without says the error report was corrupted.

This time it said:
Follow these steps to solve the problem with a device driver.

You received this message because a device driver installed on your computer caused windows to stop unexpectedly. This type of error is referred to as a "stop error". A stop error requires you to restart your computer.
Trouble shooting
Depending on which situation is applicable toyour, do one of the following:
- If this problem occurred after you installed a new hardware device on your computer, the problem might be caused by the device driver.
- If this problem occurred after you installed new software, the software might have installed a driver that caused the problem. Try uninstalled the software.
- If you don't know the specific driver or or software, try performing a System Restore.
- Go online to check for updated drivers for a device driver on the Windows Update Website
- For information about your support options, go online to suupport.dell.com website.

We did not install any new hardware and did not knowingly install any new programs.
I have tried to do a system restore, but it goes to blue screen when it tries to reboot and then says the restore was not successful.

Any suggestions about which driver to try to fix?

We have installed no new programs or hardware.
Most of the time it won't let me run executables, sometimes it won't let me open "add/remove programs" from the control panel.
I was able to install IE 8 tonight, IE 7 was a dog.

help2go sent me to nutnworks, nutnworks sent me to you.
Please advise.