Computer Hope
Software => Computer viruses and spyware => Topic started by: nightowl19632000 on May 30, 2015, 02:28:08 PM
-
I have had the blue screen of death appear two times over the last two days. After I restart, it seems to be slow but ok. I am afraid there is something going on that I need to correct. Also, it seems to take forever to restart my computer. Here are the logs you requested. Thanks!
# AdwCleaner v4.205 - Logfile created 30/05/2015 at 13:52:52
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Pam - PAM-HP
# Running from : C:\Users\Pam\Downloads\adwcleaner_4.205(2).exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v39.0 (x86 en-US)
-\\ Google Chrome v45.0.2414.0
*************************
AdwCleaner[R0].txt - [15376 bytes] - [02/01/2015 22:20:54]
AdwCleaner[R1].txt - [3633 bytes] - [25/05/2015 15:14:37]
AdwCleaner[R2].txt - [1030 bytes] - [30/05/2015 13:41:33]
AdwCleaner[R3].txt - [1090 bytes] - [30/05/2015 13:48:55]
AdwCleaner[S0].txt - [15468 bytes] - [02/01/2015 22:28:20]
AdwCleaner[S1].txt - [3751 bytes] - [25/05/2015 15:21:29]
AdwCleaner[S2].txt - [1016 bytes] - [30/05/2015 13:52:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1075 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/30/2015
Scan Time: 2:17:12 PM
Logfile: MBAM.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.05.30.04
Rootkit Database: v2015.05.24.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Pam
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411853
Time Elapsed: 36 min, 44 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1227895710-2253308091-917287798-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [fececdcc5337a98d6af775ffdb2a5fa1],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1227895710-2253308091-917287798-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT2260173, , [606cc9d0bfcb4de9acbfcab455b007f9],
Registry Values: 2
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1227895710-2253308091-917287798-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbg_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtD0Fzy0CyD0ByE0CyCtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyCyDyBtAzyyEyEzytGtD0CtCtDtGzzzyyDyCtG0F0AtByCtGyBzy0EtCyDyE0FyB0FtC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0EtAzyyB0FzztG0AtDtA0BtGyE0BtByBtG0A0FtAtDtGzzzzyC0FyByByByEyBtByE0E2Q&cr=1323670975&ir=, , [fececdcc5337a98d6af775ffdb2a5fa1]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1227895710-2253308091-917287798-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Vosteran, , [c4086f2a543638fe8cd5d0a4da2bd62a]
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.BundleInstaller.A, C:\Users\Pam\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z, , [13b9aaef5e2c989e1198954c04ffbb45],
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.188
Mozilla Firefox (39.0)
Google Chrome (44.0.2403.9)
Google Chrome (45.0.2414.0)
Google Chrome (Plugins...)
````````Process Check: objlist.exe by Laurent````````[/u]
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
IObit IObit Malware Fighter IMFTips.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]
-
StartupLite
Download StartupLite by MalwareBytes (http://www.malwarebytes.org/StartUpLite.exe) to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
****************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************
Most BSOD's are usually caused by hardware or software failure. You can run some tests on your hard drive and your RAM, if you wish.
-
I have ran StartupLite and everything seems to be fine, and my Java is up to date with no earlier versions on my computer.
-
First of all, bsod is a generic term. We need to know the exact error message. However, I see you did post that data in another thread. I'm not sure why this is in the malware forum, but here are some things we need to know:
1) Did you recently install or update any drivers?
2) Is Windows Update set to install drivers or only critical updates?
3) Has it been only those two bsod's (in the other thread) or are there more? If more, please post in this thread.
4) Have you checked your ram? If not, please do so now as follows: download memtest (http://memtest.org/). Burn it to a cd using a dedicated .iso burning utility (http://www.petri.co.il/how_to_write_iso_files_to_cd.htm), make sure the cd drive is at the top of the boot order in bios, then boot to the newly created cd and run the utility. Let us know the results (it needs to run multiple passes - even overnight is okay)
5) Have you checked your hd? If not, please do so now as follows: http://www.tacktech.com/display.cfm?ttid=287
Make sure you select the tool which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
For Toshiba drives, see here: http://sdd.toshiba.com/main.aspx?Path=ServicesSupport/FujitsuDrivesUSandCanada/SoftwareUtilities#diagnostic
Let us know the results of the hd tests
We'll wait to hear your responses.
-
1) The only driver that was recently updated was by Driver Booster on 5/19/2015 and the update
was to "Realtek High Definition Audio".
2) Windows Update is only set to install critical updates. I don't update the optional updates.
3) There has been more BSOD in the past. These are the ones that I have received:
==================================================
Dump File : 052115-37440-01.dmp
Crash Time : 5/21/2015 11:02:28 AM
Bug Check String :
Bug Check Code : 0x00000101
Parameter 1 : 00000000`00000061
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`009bf180
Parameter 4 : 00000000`00000001
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+748c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18839 (win7sp1_gdr.150427-0707)
Processor : x64
Crash Address : ntoskrnl.exe+748c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\052115-37440-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 287,096
Dump File Time : 5/21/2015 11:09:26 AM
==================================================
==================================================
Dump File : 052915-39639-01.dmp
Crash Time : 5/29/2015 1:40:22 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 00000000`0000000a
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`016456f0
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+446f0
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+748c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\052915-39639-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 287,288
Dump File Time : 5/29/2015 1:43:17 PM
==================================================
==================================================
Dump File : 053015-43805-01.dmp
Crash Time : 5/30/2015 1:10:52 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 00000000`0000000a
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`016456f0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+748c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18839 (win7sp1_gdr.150427-0707)
Processor : x64
Crash Address : ntoskrnl.exe+748c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\053015-43805-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 286,200
Dump File Time : 5/30/2015 1:13:17 PM
==================================================
ALSO I RAN THE JUNK REMOVAL TOOL THAT I HAVE USED IN THE PAST TO GET RID OF MALWARE.
I RAN IT ON 5/25/2015 AND AGAIN ON 5/29/2015 BEFORE DECIDING TO COME BACK TO THE
FORUM THIS TIME. THIS IS THE REPORTS IT HAS GIVEN ME:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Pam on Mon 05/25/2015 at 14:42:57.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Pam\AppData\Roaming\mozilla\firefox
\profiles\5200bplx.default-1391973213089\prefs.js
user_pref("extensions.iobitascsurfingprotection@iobit.com.install-event-fired", true);
user_pref("extensions.xpiState", "{\"app-profile\":{\"[email protected]\":
{\"d\":\"C:\\\\Users\\\\Pam\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles
Emptied folder: C:\Users\Pam\AppData\Roaming\mozilla\firefox\profiles\5200bplx.default-
1391973213089\minidumps [5 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome
\Extensions\bopakagnckmlgajfccecajhnimjiiedh
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/25/2015 at 14:48:34.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.4 (05.29.2015:1)
OS: Windows 7 Home Premium x64
Ran by Pam on Fri 05/29/2015 at 14:01:47.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Failed to delete: [Task] C:\windows\tasks\ImCleanDisabled
Successfully deleted: [Task] C:\windows\system32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\windows\system32\tasks\Driver Booster SkipUAC (Pam)
Successfully deleted: [Task] C:\windows\system32\tasks\Driver Booster Update
Successfully deleted: [Task] C:\windows\system32\tasks\SmartDefrag4_Startup
Successfully deleted: [Task] C:\windows\system32\tasks\Uninstaller_SkipUac_Administrator
Successfully deleted: [Task] C:\windows\system32\tasks\Uninstaller_SkipUac_Pam
Successfully deleted: [Task] C:\windows\tasks\Driver Booster Scan.job
Successfully deleted: [Task] C:\windows\tasks\Driver Booster SkipUAC (Pam).job
Successfully deleted: [Task] C:\windows\tasks\Driver Booster Update.job
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Eventlog\Application\Update Hold Page
~~~ Files
Successfully deleted: [File] C:\windows\syswow64\sho1A35.tmp
Successfully deleted: [File] C:\windows\syswow64\sho4245.tmp
Successfully deleted: [File] C:\windows\syswow64\sho4398.tmp
Successfully deleted: [File] C:\windows\syswow64\sho602B.tmp
Successfully deleted: [File] C:\windows\syswow64\sho74CE.tmp
Successfully deleted: [File] C:\windows\syswow64\sho8117.tmp
Successfully deleted: [File] C:\windows\syswow64\sho93FA.tmp
Successfully deleted: [File] C:\windows\syswow64\shoBA24.tmp
Successfully deleted: [File] C:\windows\syswow64\shoBA32.tmp
Successfully deleted: [File] C:\windows\syswow64\shoC457.tmp
Successfully deleted: [File] C:\windows\syswow64\shoD245.tmp
Successfully deleted: [File] C:\windows\syswow64\shoD752.tmp
Successfully deleted: [File] C:\windows\syswow64\shoDBB8.tmp
Successfully deleted: [File] C:\windows\syswow64\shoF5CD.tmp
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\driver
booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Pam\AppData\Roaming\productdata
~~~ FireFox
Successfully deleted the following from C:\Users\Pam\AppData\Roaming\mozilla\firefox
\profiles\5200bplx.default-1391973213089\prefs.js
user_pref(extensions.iobitascsurfingprotection@iobit.com.install-event-fired, true);
user_pref(extensions.xpiState, {\app-profile\:{\[email protected]\:{\d\:\C:\
\\\Users\\\\Pam\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles
~~~ Chrome
[C:\Users\Pam\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search
provider reset
[C:\Users\Pam\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions
Deleted:
[C:\Users\Pam\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default
search provider reset
[C:\Users\Pam\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] -
Extensions Deleted:
[
oilkkkefbalmbfppgjmgjoefbclebkce
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/29/2015 at 14:06:34.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4) As far as burning CD's or using .iso burning utilities, I have no idea how to do any of that. You
kind of lost me after #3.
-
1) Please uninstall driver booster. NEVER use 3rd party utilities to download or install drivers.
2) Do you have system restore enabled? If so, do you have a restore point that will get you back to before you installed driver booster? If so, please restore the system to that date.
3) At this time I'm not concerned with "junkware" reports. You should be using a good anti virus app and MalwareBytes. If SuperDave suggested anything else that's fine, but other than that please don't use anything other than first tier utilities.
-
Driver Booster has been uninstalled. Yes, I have the system restore enabled, but it only goes back to 5/19/2015. It doesn't go back to before I downloaded and installed Driver Booster.
-
Okay. If you did not have any bsod's prior to 5/19 please go ahead and restore to that date.
-
I was unable to go back to the 19th to restore. I disabled my anti-virus and it still would not let me. This is what showed up on the screen:
System Restore did not complete successfully. Your computer's system files and settings were not changed.
Details:
System Restore could not access a file. This is probably because an anti-virus program is running on the computer. ( The second time I tried to restore, I disabled my anti-virus). Temporarily disable your anti-virus program and retry System Restore.
An unspecified error occurred during System Restore (0X80070005)
You can try system restore again and choose a different restore point. If you continue to see this error, you can try an advanced recovery method.
-
Please try system restore from safe mode. You have a 50/50 shot of it working. This is why I don't use system restore and always recommend that EVERYONE should use disc imaging as their primary backup method. But more about that later.
If you can restore from safe mode, let's see if you still get bsod's. If not, you'll need to go into device manager and start rolling back drivers one at a time and seeing if each one fixes the problem - starting with your network adapter.
As a last resort, if you are on a desktop you can visit the websites of the various hardware providers and download and install their current drivers. If you are on a laptop, obtain all drivers from the website of your laptop manufacturer. Be sure to include the chipset driver.
BTW - for future reference, there is no such thing as an "outdated" driver. Drivers should only be updated if there is a specific need or reason to do so.
-
Also, please don't forget to run the scans on your ram and hd.
-
I tried the system restore in safe mode and unfortunately it did not work. When I go into Device drivers, under network adapters, I have 3 of them that are not working. They are "Microsoft 6to4 adapter", "Microsoft ISATAP Adapter", and "Microsoft Teredo Tunneling Adapter". When I click on properties of each of these, they all say "This device cannot start." The last one that is there "Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet
Controller (NDIS 6.20), says "The device is working properly.
I don't understand how to run the scans on ram and hd if I need to burn a CD or using .iso utilities. I have never done that before. That is very foreign to me.