Computer Hope
Software => Computer viruses and spyware => Topic started by: jewelz on February 01, 2012, 06:28:59 PM
-
Hi
My computer keeps crashing (blue screens), I originally posted on the Microsoft forum but they thought it may be a malware problem so asked me to post here.
I tried to follow the Virus and Spyware section Guidelines but encountered a few problems...
Re: Step A: Antivirus
I had Avast installed, although it said that it was running correctly it would freeze and blue screen at about 1% every time that I ran it. I un installed that and installed AVG same problem - seemed to go a little further but came across some files that it could not access, froze, blue screen, etc. I tried both programs in Safe Mode, they both froze. So had to give up on the virus check.
Re: Step 3: SUPERAntiSpyware
This froze the first time that I ran it and on the second attempt another blue screen about 15 minutes in.
Also tried it in Safe Mode but it stopped scanning after around 10 minutes.
Not sure if this means anything but it seems to freeze at the same point every time:
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE 12\1033\PPINTL.DLL
Can you help please? Should I just keep going through the list of programs?
Thank you
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Download BlueScreenView to your desktop.
BlueScreenView (http://www.nirsoft.net/utils/blue_screen_view.html)
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.
-
Your Guide asked me to run CC Cleaner earlier which I did and the Minidump logs came up and were all deleted at the time. When I have just tried running the Bluescreen program again there was nothing in the folder. All that I have are what was in there when I ran it earlier:
==================================================
Dump File : Mini013012-02.dmp
Crash Time : 30/01/2012 20:48:43
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0x00000001
Parameter 2 : 0xff252525
Parameter 3 : 0x00000000
Parameter 4 : 0xa957fbc8
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+76c78
Stack Address 2 : ntkrnlpa.exe+344d8
Stack Address 3 : ntkrnlpa.exe+352cc
Computer Name :
Full Path : C:\Windows\Minidump\Mini013012-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini013012-01.dmp
Crash Time : 30/01/2012 03:01:24
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x0804ffeb
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x82a405e5
Caused By Driver : iastor.sys
Caused By Address : iastor.sys+3a5e5
File Description : Intel Matrix Storage Manager driver - ia32
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 7.6.0.1011
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : iastor.sys+3a5e5
Stack Address 2 : iastor.sys+3fa06
Stack Address 3 : ntkrnlpa.exe+aa32b
Computer Name :
Full Path : C:\Windows\Minidump\Mini013012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini012912-01.dmp
Crash Time : 29/01/2012 20:33:12
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82504fdf
Parameter 3 : 0xbebc5b4c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+b5fdf
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+b5fdf
Stack Address 1 : ntkrnlpa.exe+210bb2
Stack Address 2 : ntkrnlpa.exe+4ac7a
Stack Address 3 : ntkrnlpa.exe+49df5
Computer Name :
Full Path : C:\Windows\Minidump\Mini012912-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini012812-01.dmp
Crash Time : 28/01/2012 03:40:48
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x824f3e7b
Parameter 3 : 0x8eedab8c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+ede7b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+ede7b
Stack Address 1 : ntkrnlpa.exe+205693
Stack Address 2 : ntkrnlpa.exe+2058fd
Stack Address 3 : ntkrnlpa.exe+205a4e
Computer Name :
Full Path : C:\Windows\Minidump\Mini012812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini012112-01.dmp
Crash Time : 21/01/2012 21:29:42
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8253a010
Parameter 3 : 0xba243614
Parameter 4 : 0x00000000
Caused By Driver : aswSnx.SYS
Caused By Address : aswSnx.SYS+34c4c
File Description : avast! Virtualization Driver
Product Name : avast! Antivirus System
Company : AVAST Software
File Version : 6.0.1367.0
Processor : 32-bit
Crash Address : ntkrnlpa.exe+ee010
Stack Address 1 : fltmgr.sys+1e896
Stack Address 2 : fltmgr.sys+1f805
Stack Address 3 : fltmgr.sys+1ff0b
Computer Name :
Full Path : C:\Windows\Minidump\Mini012112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini012012-01.dmp
Crash Time : 20/01/2012 18:21:46
Bug Check String : DRIVER_CORRUPTED_EXPOOL
Bug Check Code : 0x000000c5
Parameter 1 : 0x01437a50
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x8253c770
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : ntkrnlpa.exe+ee770
Stack Address 2 : ntkrnlpa.exe+ed858
Stack Address 3 : ntkrnlpa.exe+b2626
Computer Name :
Full Path : C:\Windows\Minidump\Mini012012-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini011712-01.dmp
Crash Time : 17/01/2012 08:38:13
Bug Check String : APC_INDEX_MISMATCH
Bug Check Code : 0x00000001
Parameter 1 : 0x9695e98b
Parameter 2 : 0x00000000
Parameter 3 : 0xffff0000
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+be98b
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4afe7
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini011712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini010912-01.dmp
Crash Time : 09/01/2012 20:31:18
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x824d1fdf
Parameter 3 : 0xae129b4c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+b5fdf
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+b5fdf
Stack Address 1 : ntkrnlpa.exe+210bb2
Stack Address 2 : ntkrnlpa.exe+4ac7a
Stack Address 3 : ntkrnlpa.exe+49df5
Computer Name :
Full Path : C:\Windows\Minidump\Mini010912-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini010712-01.dmp
Crash Time : 07/01/2012 20:32:21
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82503fdf
Parameter 3 : 0xbf0f7414
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+b5fdf
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+b5fdf
Stack Address 1 : ntkrnlpa.exe+21bd9c
Stack Address 2 : ntkrnlpa.exe+21bee0
Stack Address 3 : ntkrnlpa.exe+2177cd
Computer Name :
Full Path : C:\Windows\Minidump\Mini010712-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini010512-01.dmp
Crash Time : 05/01/2012 19:49:45
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x82500770
Parameter 3 : 0xb32aa96c
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+ee770
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+ee770
Stack Address 1 : ntkrnlpa.exe+ed858
Stack Address 2 : aswSP.SYS+a176
Stack Address 3 : aswSP.SYS+11ac5
Computer Name :
Full Path : C:\Windows\Minidump\Mini010512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini120111-01.dmp
Crash Time : 01/12/2011 03:36:45
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x81cfb886
Parameter 3 : 0x8a5226dc
Parameter 4 : 0x00000000
Caused By Driver : NETw4v32.sys
Caused By Address : NETw4v32.sys+bfc44
File Description : Intel® Wireless WiFi Link Driver
Product Name : Intel® Wireless WiFi Link Adapter
Company : Intel Corporation
File Version : 11.5.0.32
Processor : 32-bit
Crash Address : ntkrnlpa.exe+ed886
Stack Address 1 : fltmgr.sys+1e892
Stack Address 2 : fltmgr.sys+1f801
Stack Address 3 : fltmgr.sys+1ff07
Computer Name :
Full Path : C:\Windows\Minidump\Mini120111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
Dump File Size : 139,080
==================================================
-
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
Hello,
thanks for your reply,
1) I updated SUPERAntiSpyware again and ran it again, same problem, stopped about 15 minutes in when it got to:
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE 12\1033\PPINTL.DLL
then froze.
2) I then updated and ran Malwarebytes, same issue, stopped at 7 mins, 57 secs when it got to:
C:\PROGRAM Files\MICROSOFT OFFICE\OFFICE 12\Wordcnvpxy.cnv
then froze.
I tried it again in Safe Mode, same issue, froze a few minutes in at: C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE 12\XLCPRTID.XML
These are the files from DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Jewelz at 21:41:56 on 2012-02-02
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\AERTSrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jewelz\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080614
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080614
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [Google Update] "c:\users\Jewelz\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [<NO NAME>]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{44BF9867-13A7-4C4A-8AB3-0CFE6E2AF744} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\Jewelz\appdata\roaming\mozilla\firefox\profiles\5ato6w99.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\Jewelz\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? MBAMSwissArmy;MBAMSwissArmy
R? McComponentHostService;McAfee Security Scan Component Host Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? AERTFilters;Andrea RT Filters Service
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? FontCache;Windows Font Cache Service
S? O2MDRDR;O2MDRDR
S? O2SDRDR;O2SDRDR
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SSPORT;SSPORT
.
=============== Created Last 30 ================
.
2012-02-02 21:04:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-02 07:44:35 -------- d-sh--w- C:\found.000
2012-02-01 22:01:54 -------- d-----w- c:\users\Jewelz\appdata\roaming\AVG2012
2012-02-01 21:59:58 -------- d--h--w- c:\programdata\Common Files
2012-02-01 21:58:11 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-01 21:58:11 -------- d-----w- c:\programdata\AVG2012
2012-02-01 21:57:07 -------- d-----w- c:\program files\AVG
2012-02-01 21:56:09 -------- d-----w- c:\programdata\MFAData
2012-02-01 02:16:25 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{be294a22-1fdf-4b31-b650-eb71856dd724}\offreg.dll
2012-02-01 02:12:16 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{be294a22-1fdf-4b31-b650-eb71856dd724}\mpengine.dll
2012-01-25 21:39:47 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 21:39:45 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 21:39:44 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 21:39:43 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-25 21:39:41 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 21:39:40 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-25 15:14:04 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-01-13 07:52:42 -------- d-----w- c:\users\Jewelz\appdata\roaming\Maxthon3
2012-01-13 07:52:16 -------- d-----w- c:\program files\Maxthon3
2012-01-12 19:36:43 -------- d-----w- c:\users\Jewelz\appdata\local\Apple Computer
2012-01-11 16:49:22 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 16:49:22 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 16:49:20 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:49:18 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:49:17 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 16:49:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 16:49:13 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:49:12 497152 ----a-w- c:\windows\system32\qdvd.dll
.
==================== Find3M ====================
.
2012-01-12 19:06:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 10:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 05:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 21:42:41.49 ===============
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.0
Apple Application Support
Apple Software Update
AVG 2012
Browser Address Error Redirector
CCleaner
Compatibility Pack for the 2007 Office system
CRON-O-METER 0.9.9
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
DivX Setup
EDocs
Free Mp3 Wma Converter V 2.1
FreeMind
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 6 Update 5
Malwarebytes Anti-Malware version 1.60.1.1000
Maxthon 3
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC100_CRT_SP1_x86
Miro
Mozilla Firefox 8.0.1 (x86 en-GB)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Suite
OpenOffice.org 3.3
Opera 11.60
PC Connectivity Solution
PowerDVD
QuickSet
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Samsung ML-1510_700 Series
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sonic CinePlayer Decoder Pack
Spotify
Spybot - Search & Destroy
SpywareBlaster 4.5
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
Winamp
Winamp Detector Plug-in
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
.
==== End Of File ===========================
-
Good post. I appreciate it! Thanks for guiding. ;D ;D
-
Save these instructions so you can have access to them while in Safe Mode.
Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
- Double click the setup file to run it.
- Click Next to continue.
- Accept the License agreement and click on next.
- It will, by default, install it to your desktop folder. Click Next.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- Hidden Startup Objects
- System Memory
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
-
Hi again,
I downloaded this software, following all instructions, and ran it, it got to 25% before it froze, Just to be sure I ran it another two times didn't get further than 21% the second and 22% the third before freezing.
Any idea what to try next?
Thanks
-
Please describe this freezing to me. How long does it last? Do you have to do a hard reboot to get it going again?
-
Mostly the countdown stops altogether and when I try to click on anything on the screen it's completely non responsive. In other cases it gets to a certain file and does not move, while the countdown continues (I have waited over two hours before) often by this stage the software controls (pause/stop/etc) are unresponsive, if they are not and it allows me to click for instance the stop or pause button the computer then becomes unresponsive.
In both cases I am not able to shut down the computer in the normal way, I try Ctrl+Alt+Del which may let me into the initial screen occasionally but then becomes unresponsive so I have to press the power button on machine.
-
Ok. Let's try this to see what's eating up your memory.
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
File attached...
[year+ old attachment deleted by admin]
-
StartupLite
Download StartupLite by MalwareBytes (http://www.malwarebytes.org/StartUpLite.exe) to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
***************************************************
This is going to take some investigation on your part to discover what's causing the freezing. Firstly, AVG is a resource hog and you should consider changing to something like MicroSoft Security Essentials to lighten the load.
URL=http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html]Microsoft Security Essentials for Windows Vista\Windows 7[/URL] - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
Next, keep Task Manager running at all times on your computer. (CTRL+ALT+Delete) When the computer starts to freeze try to open the Task Manager and check to see what process is taking the most memory. Try stopping the process and see what happens.
-
Thanks for your reply, this is what I have done since your last post:
===== StartupLite =====
Downloaded and ran this program, I recieved 6 pop-up messages as follows:
Error on value: SunJavaUpdatSched. There was an error creating a MSConfig key.
Error on value: Quicktime Task. There was an error creating a MSConfig key.
Error on value: IgFXTray. There was an error creating a MSConfig key.
Error on value: HotkeyScmds. There was an error creating a MSConfig key.
Error on value: Persistence. There was an error creating a MSConfig key.
All actions executed succesfully! Changes will take effect after the system is restarted.
(Restarted as requested)
===== Security Essentials =====
Uninstalled AVG and have now installed Security Essentials which allowed me to run a full scan with the result "No threats were detected on your computer during this scan"
===== SUPERAntiSpyware =====
I attempted to run this program again, with the followng results:
The program stopped (C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE 12\1033\PPINTL.DLL) after approximately 10 minutes.
At this point Windows Task Manager was showing the following:
dwm.exe = 12,652k
SUPERAntiSpyware.exe = 129,444k
explorer.exe = 7,308k
I selected SUPERAntiSpyware in the Task Manager and tried to end the process, I got the rotating green circle which tells you that it is processing the request before "Windows Task Manager (Not responding)" appeared at the top of the screen. All software stopped responding at this stage.
Safe Mode: Retried in Safe Mode, stopped at approximately 10 minutes (at same file as above). Windows Task Manager showed the following:
MSMpeng.exe = 22,172k
SUPERAntiSpyware.exe = 128,328k
System = 15,448k (NT Kernal + System)
Explorer.exe = 11,600k
I selected MSMpeng.exe to end process, machine became unresponsive.
In both cases I had to use the power button to restart machine.
===== Malwarebytes =====
I attempted to run this program again:
The program stopped at 11 minutes,37 secs (C:\PROGRAM Files\MICROSOFT OFFICE\OFFICE 12\Wordcnvpxy.cnv)
BSOD then the computer restarted itself.
just before the BSOD Task Manager showed the following:
dwm.exe = 14,108
mbam.exe = 81,548
office.bin = 792
-
Download BlueScreenView to your desktop.
BlueScreenView (http://www.nirsoft.net/utils/blue_screen_view.html)
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.
-
==================================================
Dump File : Mini020512-02.dmp
Crash Time : 05/02/2012 04:45:11
Bug Check String : ATTEMPTED_WRITE_TO_READONLY_MEMORY
Bug Check Code : 0x000000be
Parameter 1 : 0x835b0d01
Parameter 2 : 0x43d02121
Parameter 3 : 0x88f6fa50
Parameter 4 : 0x0000000b
Caused By Driver : netbt.sys
Caused By Address : netbt.sys+26d01
File Description : MBT Transport driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 : netbt.sys+26d01
Stack Address 3 : TDI.SYS+2f02
Computer Name :
Full Path : C:\Windows\Minidump\Mini020512-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
==================================================
Dump File : Mini020512-01.dmp
Crash Time : 05/02/2012 03:58:04
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 0x00000030
Parameter 2 : 0x86d5d968
Parameter 3 : 0xa7056000
Parameter 4 : 0x8b804030
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18533 (vistasp2_gdr.111025-0338)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+1e0fa8
Stack Address 2 : ntkrnlpa.exe+203838
Stack Address 3 : ntkrnlpa.exe+7cb68
Computer Name :
Full Path : C:\Windows\Minidump\Mini020512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,080
==================================================
-
Please do this even if you don't have your OS disk. Please let me know what happens.
1/ Click the Start button.
2/ From the Start Menu, Click All programs followed by Accessories.
3/ In the Accessories menu, Right Click on the Command Prompt option.
4/ From the drop down menu that appears, Click on the Run as administrator option.
5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.
6/ In the Command Prompt window, type: sfc /scannow and then press Enter.
7/ A message will appear stating that the system scan will begin.
8/ Be patient because the scan may take some time.
9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.
10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.
11/ After the scan has completed, Close the command prompt window.
-
I followed the instructions above, when complete it gave the following message:
Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log windir\Logs\CBS.Log. For example C:\Windows\Logs\CBS\CBS.log
(I was not asked to provide the disk)
I located the file, but it's too big to attach, should I post here?
-
I followed the instructions above, when complete it gave the following message:
Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log windir\Logs\CBS.Log. For example C:\Windows\Logs\CBS\CBS.log
(I was not asked to provide the disk)
I located the file, but it's too big to attach, should I post here?
Yes, please. I would like to see it. You may need to break it up into multiple posts if it's that large.
-
Tried to post in the message but am having problems, as it's cutting out bits, so I have attached in two parts to two messages, hope that is OK.
[year+ old attachment deleted by admin]
-
Part 2
[year+ old attachment deleted by admin]
-
Is your computer still crashing? Do you have the OS disk or can you borrow one? It will have to be the same OS that's on your machine.
-
Yes still crashing. I have a Vista re-installation disk which came with the machine.
-
Yes still crashing. I have a Vista re-installation disk which came with the machine.
Boot from the disk and see if you can do a repair.
-
Ok, I changed the settings to boot from disc, and re-started the machine but it is struggling to boot from the re-install disc (also tried selecting to boot from disc (F12) when re-starting ). When it can't it just runs Windows as normal.
Initially I was unable to see the disc in Computer/E:, but it shows up fine now and I can explore what's on the disc, but still will not allow me to boot from it at start-up.
I don't think that there is a problem with the DVD/CD Drive as I've tried other discs in it and it plays all of them fine. Any other ideas please?
-
I will check with a colleague to see if he has any suggestions.
-
Open the Start Menu.
2. Click on the Computer button.
3. Right click on your hard drive and click on Properties.
4. Click on the Tools tab.
5. Click on Check Now under the Error checking section. (See circled in red below)
(http://www.vistax64.com/attachments/tutorials/173d1232211462t-check-disk-chkdsk-properties.jpg)
. Click on Continue in the UAC prompt.
7. Make sure both options are checked. (See screenshot below)
NOTE: The Automatically fix file system errors box will be checked by default.
8. Click on the Start button.
(http://www.vistax64.com/attachments/tutorials/174d1180977149-check-disk-chkdsk-check-now.jpg)
9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)
10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.
(http://www.vistax64.com/attachments/tutorials/175d1232211462t-check-disk-chkdsk-schedule.jpg)
11. Restart your computer.
********************************************
Download Combofix from any of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://"http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html") for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
-
Thanks for your reply,
My machine came partitioned, so I have (C:) with my files on and (D:) Recovery with the system files, I ran Check Disc on (D:) a few days ago: Tools > Check Now, etc (No re-scheduled disc check/restart asked for) and when it completed it said that it had found and fixed some errors.
I ran it again on both drives this morning and this was the result:
(D:) After clicking on the Check Now button, checking the box and starting, the check ran and I received a message box telling me that no faults were found.
(C:) As per your description it asked for a re-scheduled restart, when I re-started the machine Check Disc ran, got to 73% and stopped. I ran this twice and both times stopped at exactly the same point.
I downloaded and installed ComboFix, text file content posted below:
ComboFix 12-02-09.04 - Jewelz 10/02/2012 7:25.1.2 - x86
Running from: c:\users\Jewelz\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jewelz\Desktop\msg.txt
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 07:32 . 2012-02-10 07:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-10 07:23 . 2012-02-10 07:23 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC2CA020-99FA-422A-89BC-F4989B237BF3}\MpKsl7a499d79.sys
2012-02-09 21:56 . 2012-01-17 04:39 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC2CA020-99FA-422A-89BC-F4989B237BF3}\mpengine.dll
2012-02-06 20:04 . 2012-01-17 04:39 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-05 01:50 . 2011-10-04 17:22 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF20F389-2B2F-4D64-8273-01AECBA278C1}\gapaengine.dll
2012-02-05 01:43 . 2012-02-05 01:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-05 01:42 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-03 20:16 . 2012-02-03 20:16 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-02 21:04 . 2012-02-05 09:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-02 07:44 . 2012-02-02 07:44 -------- d-----w- C:\found.000
2012-02-01 21:59 . 2012-02-01 21:59 -------- d--h--w- c:\programdata\Common Files
2012-02-01 21:56 . 2012-02-05 01:32 -------- d-----w- c:\programdata\MFAData
2012-02-01 02:16 . 2012-02-01 02:16 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE294A22-1FDF-4B31-B650-EB71856DD724}\offreg.dll
2012-02-01 02:12 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE294A22-1FDF-4B31-B650-EB71856DD724}\mpengine.dll
2012-01-26 00:49 . 2012-01-26 00:49 -------- d-----w- c:\users\Jewelz\AppData\Roaming\Template
2012-01-25 21:39 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 21:39 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 21:39 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 21:39 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-25 21:39 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 21:39 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-25 15:14 . 2011-11-10 05:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-01-13 07:52 . 2012-01-13 07:53 -------- d-----w- c:\users\Jewelz\AppData\Roaming\Maxthon3
2012-01-13 07:52 . 2012-01-13 07:52 -------- d-----w- c:\program files\Maxthon3
2012-01-12 19:36 . 2012-01-30 03:03 -------- d-----w- c:\users\Jewelz\AppData\Local\Apple Computer
2012-01-12 19:35 . 2012-01-12 19:35 -------- d-----w- c:\program files\Safari
2012-01-11 16:49 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 16:49 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 16:49 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:49 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:49 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 16:49 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 16:49 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:49 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-11-29 03:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 19:06 . 2011-11-29 04:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 15:24 . 2011-11-30 13:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 17:55 . 2011-12-03 17:55 161792 ----a-w- c:\windows\system32\msls31.dll
2011-12-03 17:55 . 2011-12-03 17:55 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-03 17:55 . 2011-12-03 17:55 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-03 17:55 . 2011-12-03 17:55 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-03 17:55 . 2011-12-03 17:55 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-12-03 17:55 . 2011-12-03 17:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-03 17:55 . 2011-12-03 17:55 367104 ----a-w- c:\windows\system32\html.iec
2011-12-03 17:55 . 2011-12-03 17:55 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-12-03 17:55 . 2011-12-03 17:55 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-03 17:55 . 2011-12-03 17:55 152064 ----a-w- c:\windows\system32\wextract.exe
2011-12-03 17:55 . 2011-12-03 17:55 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-12-03 17:55 . 2011-12-03 17:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-12-03 17:55 . 2011-12-03 17:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-03 17:55 . 2011-12-03 17:55 11776 ----a-w- c:\windows\system32\mshta.exe
2011-12-03 17:55 . 2011-12-03 17:55 101888 ----a-w- c:\windows\system32\admparse.dll
2011-12-03 17:55 . 2011-12-03 17:55 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-12-03 17:55 . 2011-12-03 17:55 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-23 13:37 . 2011-12-13 22:04 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 04:21 . 2011-11-29 02:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-22 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-22 4907008]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-14 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jewelz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Jewelz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 03:59 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2011-11-01 15:40 1053056 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-22 77824]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL7A499D79
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-29 02:10]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-29 02:10]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1900899137-3597166765-57595471-1000Core.job
- c:\users\Jewelz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29 03:26]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1900899137-3597166765-57595471-1000UA.job
- c:\users\Jewelz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-29 03:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080614
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jewelz\AppData\Roaming\Mozilla\Firefox\Profiles\5ato6w99.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 07:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-10 07:35:08
ComboFix-quarantined-files.txt 2012-02-10 07:34
.
Pre-Run: 115,614,625,792 bytes free
Post-Run: 115,545,063,424 bytes free
.
- - End Of File - - BAC03D71C12A54AD819D612ED5E600F2
-
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
Done....
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 8830B000
Module End: 883D2000
Hidden: Yes
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\tracking.log
Status: Access denied
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Scan complete and 'No threats found'.
-
Ok. That sounds good. Are you still having problems?
-
Yes, still crashing from time to time for no reason. Sounds like it's not due to any virus though, what do you think?
-
Yes, still crashing from time to time for no reason. Sounds like it's not due to any virus though, what do you think?
Usually crashing is caused by hardware or software problems and the BlueScreen View showed that most were "Caused By Driver : ntkrnlpa.exe. ." ntkrnlpa.exe is a core component of the Vista NT Kernel. The SFC scan showed that "Windows Resource Protection found corrupt files but was unable to fix some of them." I suspect this is the problem.
We should do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
**************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!