PING.EXE (100% CPU)

BlackenBlue · May 28, 2012

yes, only account on this machine, and have taken special care to run everything I can "as administrator" cause I know windows can be a bit funny about permissions

D-FRED-BROWN · May 28, 2012

Let's make sure there aren't any corrupted system files by running sfc/ scannow. See this link for instructions on doing so: http://www.vistax64.com/tutorials/66978-system-files-sfc-command.html (Just do /scannow for the time being).

I'm going to call it a night. You may want to leave this running overnight as it may take a little while.

D-FRED-BROWN · May 28, 2012

After it finishes, please enter the following in an elevated command prompt:

findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

Please paste or attach report, titled sfcdetails.txt. Let me know how things go .

BlackenBlue · May 28, 2012

All done, didn't take nearly as long as I expected, it said it found a few things it couldn't repair at the end (I'm guessing that was simply because of the scan only parameters).

2012-05-28 00:24:11, Info CSI 00000006 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:11, Info CSI 00000007 [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:16, Info CSI 00000009 [sR] Verify complete

2012-05-28 00:24:16, Info CSI 0000000a [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:16, Info CSI 0000000b [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:21, Info CSI 0000000d [sR] Verify complete

2012-05-28 00:24:21, Info CSI 0000000e [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:21, Info CSI 0000000f [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:23, Info CSI 00000011 [sR] Verify complete

2012-05-28 00:24:23, Info CSI 00000012 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:23, Info CSI 00000013 [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:24, Info CSI 00000015 [sR] Verify complete

2012-05-28 00:24:24, Info CSI 00000016 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:24, Info CSI 00000017 [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:25, Info CSI 00000019 [sR] Verify complete

2012-05-28 00:24:26, Info CSI 0000001a [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:26, Info CSI 0000001b [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:27, Info CSI 0000001d [sR] Verify complete

2012-05-28 00:24:27, Info CSI 0000001e [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:27, Info CSI 0000001f [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:28, Info CSI 00000021 [sR] Verify complete

2012-05-28 00:24:29, Info CSI 00000022 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:29, Info CSI 00000023 [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:30, Info CSI 00000025 [sR] Verify complete

2012-05-28 00:24:30, Info CSI 00000026 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:30, Info CSI 00000027 [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:31, Info CSI 00000029 [sR] Verify complete

2012-05-28 00:24:32, Info CSI 0000002a [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:32, Info CSI 0000002b [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:33, Info CSI 0000002d [sR] Verify complete

2012-05-28 00:24:33, Info CSI 0000002e [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:33, Info CSI 0000002f [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:35, Info CSI 00000031 [sR] Verify complete

2012-05-28 00:24:35, Info CSI 00000032 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:35, Info CSI 00000033 [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:37, Info CSI 00000035 [sR] Verify complete

2012-05-28 00:24:37, Info CSI 00000036 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:37, Info CSI 00000037 [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:39, Info CSI 00000039 [sR] Verify complete

2012-05-28 00:24:39, Info CSI 0000003a [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:39, Info CSI 0000003b [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:41, Info CSI 0000003d [sR] Verify complete

2012-05-28 00:24:41, Info CSI 0000003e [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:41, Info CSI 0000003f [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:43, Info CSI 00000041 [sR] Verify complete

2012-05-28 00:24:43, Info CSI 00000042 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:43, Info CSI 00000043 [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:45, Info CSI 00000045 [sR] Verify complete

2012-05-28 00:24:46, Info CSI 00000046 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:46, Info CSI 00000047 [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:51, Info CSI 00000049 [sR] Verify complete

2012-05-28 00:24:52, Info CSI 0000004a [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:52, Info CSI 0000004b [sR] Beginning Verify and Repair transaction

2012-05-28 00:24:58, Info CSI 0000004d [sR] Verify complete

2012-05-28 00:24:58, Info CSI 0000004e [sR] Verifying 100 (0x00000064) components

2012-05-28 00:24:58, Info CSI 0000004f [sR] Beginning Verify and Repair transaction

2012-05-28 00:25:03, Info CSI 00000052 [sR] Verify complete

2012-05-28 00:25:03, Info CSI 00000053 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:25:03, Info CSI 00000054 [sR] Beginning Verify and Repair transaction

2012-05-28 00:25:08, Info CSI 00000057 [sR] Verify complete

2012-05-28 00:25:08, Info CSI 00000058 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:25:08, Info CSI 00000059 [sR] Beginning Verify and Repair transaction

2012-05-28 00:25:13, Info CSI 0000005b [sR] Verify complete

2012-05-28 00:25:13, Info CSI 0000005c [sR] Verifying 100 (0x00000064) components

2012-05-28 00:25:13, Info CSI 0000005d [sR] Beginning Verify and Repair transaction

2012-05-28 00:25:24, Info CSI 00000067 [sR] Verify complete

2012-05-28 00:25:24, Info CSI 00000068 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:25:24, Info CSI 00000069 [sR] Beginning Verify and Repair transaction

2012-05-28 00:25:37, Info CSI 0000006b [sR] Verify complete

2012-05-28 00:25:37, Info CSI 0000006c [sR] Verifying 100 (0x00000064) components

2012-05-28 00:25:37, Info CSI 0000006d [sR] Beginning Verify and Repair transaction

2012-05-28 00:25:44, Info CSI 0000006f [sR] Verify complete

2012-05-28 00:25:45, Info CSI 00000070 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:25:45, Info CSI 00000071 [sR] Beginning Verify and Repair transaction

2012-05-28 00:25:50, Info CSI 00000073 [sR] Verify complete

2012-05-28 00:25:50, Info CSI 00000074 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:25:50, Info CSI 00000075 [sR] Beginning Verify and Repair transaction

2012-05-28 00:25:59, Info CSI 00000077 [sR] Verify complete

2012-05-28 00:25:59, Info CSI 00000078 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:25:59, Info CSI 00000079 [sR] Beginning Verify and Repair transaction

2012-05-28 00:26:08, Info CSI 0000007b [sR] Verify complete

2012-05-28 00:26:08, Info CSI 0000007c [sR] Verifying 100 (0x00000064) components

2012-05-28 00:26:08, Info CSI 0000007d [sR] Beginning Verify and Repair transaction

2012-05-28 00:26:19, Info CSI 00000081 [sR] Verify complete

2012-05-28 00:26:20, Info CSI 00000082 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:26:20, Info CSI 00000083 [sR] Beginning Verify and Repair transaction

2012-05-28 00:26:34, Info CSI 00000085 [sR] Verify complete

2012-05-28 00:26:34, Info CSI 00000086 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:26:34, Info CSI 00000087 [sR] Beginning Verify and Repair transaction

2012-05-28 00:26:51, Info CSI 00000089 [sR] Verify complete

2012-05-28 00:26:51, Info CSI 0000008a [sR] Verifying 100 (0x00000064) components

2012-05-28 00:26:51, Info CSI 0000008b [sR] Beginning Verify and Repair transaction

2012-05-28 00:26:59, Info CSI 0000008d [sR] Verify complete

2012-05-28 00:26:59, Info CSI 0000008e [sR] Verifying 100 (0x00000064) components

2012-05-28 00:26:59, Info CSI 0000008f [sR] Beginning Verify and Repair transaction

2012-05-28 00:27:02, Info CSI 00000091 [sR] Verify complete

2012-05-28 00:27:02, Info CSI 00000092 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:27:02, Info CSI 00000093 [sR] Beginning Verify and Repair transaction

2012-05-28 00:27:05, Info CSI 00000095 [sR] Verify complete

2012-05-28 00:27:05, Info CSI 00000096 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:27:05, Info CSI 00000097 [sR] Beginning Verify and Repair transaction

2012-05-28 00:27:08, Info CSI 00000099 [sR] Verify complete

2012-05-28 00:27:09, Info CSI 0000009a [sR] Verifying 100 (0x00000064) components

2012-05-28 00:27:09, Info CSI 0000009b [sR] Beginning Verify and Repair transaction

2012-05-28 00:27:21, Info CSI 000000b9 [sR] Verify complete

2012-05-28 00:27:21, Info CSI 000000ba [sR] Verifying 100 (0x00000064) components

2012-05-28 00:27:21, Info CSI 000000bb [sR] Beginning Verify and Repair transaction

2012-05-28 00:27:24, Info CSI 000000bd [sR] Verify complete

2012-05-28 00:27:25, Info CSI 000000be [sR] Verifying 100 (0x00000064) components

2012-05-28 00:27:25, Info CSI 000000bf [sR] Beginning Verify and Repair transaction

2012-05-28 00:27:30, Info CSI 000000c1 [sR] Verify complete

2012-05-28 00:27:30, Info CSI 000000c2 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:27:30, Info CSI 000000c3 [sR] Beginning Verify and Repair transaction

2012-05-28 00:27:35, Info CSI 000000c5 [sR] Verify complete

2012-05-28 00:27:36, Info CSI 000000c6 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:27:36, Info CSI 000000c7 [sR] Beginning Verify and Repair transaction

2012-05-28 00:27:46, Info CSI 000000c9 [sR] Verify complete

2012-05-28 00:27:46, Info CSI 000000ca [sR] Verifying 100 (0x00000064) components

2012-05-28 00:27:46, Info CSI 000000cb [sR] Beginning Verify and Repair transaction

2012-05-28 00:27:52, Info CSI 000000cd [sR] Verify complete

2012-05-28 00:27:52, Info CSI 000000ce [sR] Verifying 100 (0x00000064) components

2012-05-28 00:27:52, Info CSI 000000cf [sR] Beginning Verify and Repair transaction

2012-05-28 00:28:01, Info CSI 000000d1 [sR] Verify complete

2012-05-28 00:28:02, Info CSI 000000d2 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:28:02, Info CSI 000000d3 [sR] Beginning Verify and Repair transaction

2012-05-28 00:28:06, Info CSI 000000d5 [sR] Verify complete

2012-05-28 00:28:06, Info CSI 000000d6 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:28:06, Info CSI 000000d7 [sR] Beginning Verify and Repair transaction

2012-05-28 00:28:12, Info CSI 000000d9 [sR] Verify complete

2012-05-28 00:28:12, Info CSI 000000da [sR] Verifying 100 (0x00000064) components

2012-05-28 00:28:12, Info CSI 000000db [sR] Beginning Verify and Repair transaction

2012-05-28 00:28:22, Info CSI 000000e4 [sR] Verify complete

2012-05-28 00:28:22, Info CSI 000000e5 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:28:22, Info CSI 000000e6 [sR] Beginning Verify and Repair transaction

2012-05-28 00:28:35, Info CSI 00000104 [sR] Verify complete

2012-05-28 00:28:36, Info CSI 00000105 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:28:36, Info CSI 00000106 [sR] Beginning Verify and Repair transaction

2012-05-28 00:28:45, Info CSI 00000108 [sR] Verify complete

2012-05-28 00:28:45, Info CSI 00000109 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:28:45, Info CSI 0000010a [sR] Beginning Verify and Repair transaction

2012-05-28 00:29:06, Info CSI 0000010c [sR] Verify complete

2012-05-28 00:29:07, Info CSI 0000010d [sR] Verifying 100 (0x00000064) components

2012-05-28 00:29:07, Info CSI 0000010e [sR] Beginning Verify and Repair transaction

2012-05-28 00:29:20, Info CSI 00000110 [sR] Verify complete

2012-05-28 00:29:21, Info CSI 00000111 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:29:21, Info CSI 00000112 [sR] Beginning Verify and Repair transaction

2012-05-28 00:29:30, Info CSI 00000114 [sR] Verify complete

2012-05-28 00:29:30, Info CSI 00000115 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:29:30, Info CSI 00000116 [sR] Beginning Verify and Repair transaction

2012-05-28 00:29:37, Info CSI 00000118 [sR] Verify complete

2012-05-28 00:29:37, Info CSI 00000119 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:29:37, Info CSI 0000011a [sR] Beginning Verify and Repair transaction

2012-05-28 00:29:42, Info CSI 0000011c [sR] Verify complete

2012-05-28 00:29:42, Info CSI 0000011d [sR] Verifying 100 (0x00000064) components

2012-05-28 00:29:42, Info CSI 0000011e [sR] Beginning Verify and Repair transaction

2012-05-28 00:29:48, Info CSI 00000121 [sR] Verify complete

2012-05-28 00:29:48, Info CSI 00000122 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:29:48, Info CSI 00000123 [sR] Beginning Verify and Repair transaction

2012-05-28 00:30:01, Info CSI 00000125 [sR] Verify complete

2012-05-28 00:30:02, Info CSI 00000126 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:30:02, Info CSI 00000127 [sR] Beginning Verify and Repair transaction

2012-05-28 00:30:11, Info CSI 00000129 [sR] Verify complete

2012-05-28 00:30:12, Info CSI 0000012a [sR] Verifying 100 (0x00000064) components

2012-05-28 00:30:12, Info CSI 0000012b [sR] Beginning Verify and Repair transaction

2012-05-28 00:30:18, Info CSI 0000012d [sR] Verify complete

2012-05-28 00:30:18, Info CSI 0000012e [sR] Verifying 100 (0x00000064) components

2012-05-28 00:30:18, Info CSI 0000012f [sR] Beginning Verify and Repair transaction

2012-05-28 00:30:31, Info CSI 00000131 [sR] Verify complete

2012-05-28 00:30:31, Info CSI 00000132 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:30:31, Info CSI 00000133 [sR] Beginning Verify and Repair transaction

2012-05-28 00:30:39, Info CSI 00000135 [sR] Verify complete

2012-05-28 00:30:39, Info CSI 00000136 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:30:39, Info CSI 00000137 [sR] Beginning Verify and Repair transaction

2012-05-28 00:30:45, Info CSI 00000139 [sR] Verify complete

2012-05-28 00:30:45, Info CSI 0000013a [sR] Verifying 100 (0x00000064) components

2012-05-28 00:30:45, Info CSI 0000013b [sR] Beginning Verify and Repair transaction

2012-05-28 00:30:55, Info CSI 0000013d [sR] Verify complete

2012-05-28 00:30:56, Info CSI 0000013e [sR] Verifying 100 (0x00000064) components

2012-05-28 00:30:56, Info CSI 0000013f [sR] Beginning Verify and Repair transaction

2012-05-28 00:31:06, Info CSI 00000142 [sR] Verify complete

2012-05-28 00:31:07, Info CSI 00000143 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:31:07, Info CSI 00000144 [sR] Beginning Verify and Repair transaction

2012-05-28 00:31:13, Info CSI 00000146 [sR] Verify complete

2012-05-28 00:31:13, Info CSI 00000147 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:31:13, Info CSI 00000148 [sR] Beginning Verify and Repair transaction

2012-05-28 00:31:20, Info CSI 0000014a [sR] Verify complete

2012-05-28 00:31:20, Info CSI 0000014b [sR] Verifying 100 (0x00000064) components

2012-05-28 00:31:20, Info CSI 0000014c [sR] Beginning Verify and Repair transaction

2012-05-28 00:31:26, Info CSI 0000014e [sR] Verify complete

2012-05-28 00:31:26, Info CSI 0000014f [sR] Verifying 100 (0x00000064) components

2012-05-28 00:31:26, Info CSI 00000150 [sR] Beginning Verify and Repair transaction

2012-05-28 00:31:34, Info CSI 00000152 [sR] Verify complete

2012-05-28 00:31:34, Info CSI 00000153 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:31:34, Info CSI 00000154 [sR] Beginning Verify and Repair transaction

2012-05-28 00:31:43, Info CSI 00000156 [sR] Verify complete

2012-05-28 00:31:43, Info CSI 00000157 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:31:43, Info CSI 00000158 [sR] Beginning Verify and Repair transaction

2012-05-28 00:31:51, Info CSI 0000015a [sR] Verify complete

2012-05-28 00:31:51, Info CSI 0000015b [sR] Verifying 100 (0x00000064) components

2012-05-28 00:31:51, Info CSI 0000015c [sR] Beginning Verify and Repair transaction

2012-05-28 00:31:55, Info CSI 0000015e [sR] Verify complete

2012-05-28 00:31:55, Info CSI 0000015f [sR] Verifying 100 (0x00000064) components

2012-05-28 00:31:55, Info CSI 00000160 [sR] Beginning Verify and Repair transaction

2012-05-28 00:32:02, Info CSI 00000162 [sR] Verify complete

2012-05-28 00:32:02, Info CSI 00000163 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:32:02, Info CSI 00000164 [sR] Beginning Verify and Repair transaction

2012-05-28 00:32:08, Info CSI 00000166 [sR] Verify complete

2012-05-28 00:32:09, Info CSI 00000167 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:32:09, Info CSI 00000168 [sR] Beginning Verify and Repair transaction

2012-05-28 00:32:14, Info CSI 0000016a [sR] Verify complete

2012-05-28 00:32:14, Info CSI 0000016b [sR] Verifying 100 (0x00000064) components

2012-05-28 00:32:14, Info CSI 0000016c [sR] Beginning Verify and Repair transaction

2012-05-28 00:32:24, Info CSI 0000016e [sR] Verify complete

2012-05-28 00:32:24, Info CSI 0000016f [sR] Verifying 100 (0x00000064) components

2012-05-28 00:32:24, Info CSI 00000170 [sR] Beginning Verify and Repair transaction

2012-05-28 00:32:29, Info CSI 00000172 [sR] Verify complete

2012-05-28 00:32:30, Info CSI 00000173 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:32:30, Info CSI 00000174 [sR] Beginning Verify and Repair transaction

2012-05-28 00:32:34, Info CSI 00000176 [sR] Verify complete

2012-05-28 00:32:35, Info CSI 00000177 [sR] Verifying 100 (0x00000064) components

2012-05-28 00:32:35, Info CSI 00000178 [sR] Beginning Verify and Repair transaction

2012-05-28 00:32:42, Info CSI 0000017a [sR] Verify complete

2012-05-28 00:32:42, Info CSI 0000017b [sR] Verifying 4 components

2012-05-28 00:32:42, Info CSI 0000017c [sR] Beginning Verify and Repair transaction

2012-05-28 00:32:42, Info CSI 0000017e [sR] Verify complete

2012-05-28 00:32:42, Info CSI 0000017f [sR] Repairing 0 components

2012-05-28 00:32:42, Info CSI 00000180 [sR] Beginning Verify and Repair transaction

2012-05-28 00:32:42, Info CSI 00000182 [sR] Repair complete

D-FRED-BROWN · May 29, 2012

Sorry for the delay.

Okay, I think we're good to go to install SP2. Do a manual install from here: http://www.microsoft...s.aspx?id=16468

Let me know how things go. If you encounter a crash again, perform a system restore back to the most recent restore point and we'll carry on from there.

BlackenBlue · May 29, 2012

:wacko: dl update, saved to downloads folder, run, agree to EULA, Preparing computer for update, "You must install Service Pack 1 before you can install SP2"

...Bugga

D-FRED-BROWN · May 29, 2012

In Add or Remove programs, do you see an entry for Service Pack 1?

BlackenBlue · May 29, 2012

Nope, nor is there one that was successful in my update history, many many unsuccessful ones though

D-FRED-BROWN · May 29, 2012

Go ahead and attempt to install SP1 from here: http://www.microsoft.com/en-us/download/details.aspx?id=30

Keep me posted.

BlackenBlue · May 29, 2012

Blue Screened during install, partmgr.sys, Restored.

D-FRED-BROWN · May 29, 2012

Question: when you're trying to update, you don't happen to have any USB drives inserted, do you?

BlackenBlue · May 29, 2012

Negative Ghost Rider, no external HDs or removable media

D-FRED-BROWN · May 29, 2012

I'd like to get some more info about that particular file on your system:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind
partmgr.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

BlackenBlue · May 29, 2012

SystemLook 30.07.11 by jpshortstuff

Log created at 13:41 on 29/05/2012 by Shoescifer

Administrator - Elevation successful

========== filefind ==========

Searching for "partmgr.sys"

C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys --a---- 56376 bytes [10:12 26/05/2012] [07:42 19/01/2008] 3B38467E7C3DAED009DFE359E17F139F

C:\Windows\System32\drivers\partmgr.sys --a---- 49256 bytes [08:51 02/11/2006] [09:50 02/11/2006] 555A5B2C8022983BC7467BC925B222EE

C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6000.16386_none_df65518fbd847fbf\partmgr.sys --a---- 49256 bytes [08:51 02/11/2006] [09:50 02/11/2006] 555A5B2C8022983BC7467BC925B222EE

-= EOF =-

D-FRED-BROWN · May 29, 2012

Let's replace the existing one with a more recent stored copy:

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys | C:\Windows\System32\drivers\partmgr.sys
Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things go.

BlackenBlue · May 29, 2012

It BlueScreened during the scan, and then once again when trying to boot back, ran startup repair from the disk, booted up unassisted, I was amazed to find that ComboFix was open once I logged in and tabulating a report. I hope there'/s some useful information in there for you....

ComboFix 12-05-25.01 - Shoescifer 05/29/2012 15:02:01.4.2 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2046.1117 [GMT -5:00]

Running from: c:\users\Shoescifer\Desktop\ComboFix.exe

Command switches used :: c:\users\Shoescifer\Desktop\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

--------------- FCopy ---------------

.

c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys --> c:\windows\System32\drivers\partmgr.sys

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))

.

2012-05-29 20:09 . 2012-05-29 20:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-05-29 20:09 . 2012-05-29 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-29 06:06 . 2012-05-15 06:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDA8B80D-4B51-49AA-908F-901E21F5B2AC}\mpengine.dll

2012-05-29 04:38 . 2012-05-29 08:46 -------- d-----w- C:\0ee755ddd88ee6b3d08d97a7a94f79

2012-05-28 05:32 . 2006-11-02 09:50 50792 ----a-w- c:\windows\system32\drivers\termdd.sys

2012-05-27 23:58 . 2012-05-27 23:58 -------- d-----w- c:\program files\Common Files\Java

2012-05-27 23:58 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-27 21:23 . 2012-05-27 21:25 -------- d-----w- c:\program files\Oracle

2012-05-27 18:07 . 2012-05-27 18:07 -------- d-----w- c:\windows\CheckSur

2012-05-26 17:24 . 2012-05-26 17:24 -------- d-----w- c:\windows\system32\EventProviders

2012-05-26 10:10 . 2012-05-26 20:06 -------- d-----w- C:\a9294f6d8eb38cef5d3a

2012-05-26 05:14 . 2012-05-26 12:36 -------- d-----w- C:\91f982185cd6ecaba702

2012-05-25 22:53 . 2012-05-25 22:53 -------- d-----w- c:\program files\ESET

2012-05-25 17:30 . 2012-05-25 17:31 -------- d-----w- c:\program files\ERUNT

2012-05-25 07:26 . 2012-05-25 17:37 3993600 ----a-w- c:\program files\GUT7E0A.tmp

2012-05-25 07:26 . 2012-05-25 07:26 -------- d-----w- c:\program files\GUM7E09.tmp

2012-05-25 06:43 . 2012-05-29 21:30 -------- d-----w- c:\users\Shoescifer\AppData\Local\temp

2012-05-25 05:36 . 2012-05-25 18:01 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-22 04:17 . 2012-05-26 05:42 -------- d-----w- C:\perflogs

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-25 05:38 . 2010-04-09 03:32 495160 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-05-25 05:38 . 2006-11-02 08:58 270336 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-04 23:47 . 2011-06-27 09:14 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 20:56 . 2010-10-31 00:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-16 02:26 . 2010-01-16 02:26 800544 ----a-w- c:\program files\jre-6u17-windows-i586-iftw-rv.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2012-05-29 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"P17RunE"="P17RunE.dll" [2008-03-28 14848]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99010816.sys]

@=""

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

"Google Update"="c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe" /c

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ

ipripsvc REG_MULTI_SZ iprip

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000Core.job

- c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840902920-1704781909-3159423318-1000UA.job

- c:\users\Shoescifer\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 10:01]

.

2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{9DE75119-81A1-4BA2-A9F4-CAF78063A6EA}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

Trusted Zone: malwarebytes.org\forums

TCP: DhcpNameServer = 10.0.0.1

DPF: {8D7624E2-F8CB-412B-9132-FD571DBA78FB}

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-29 16:30

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:38,b8,14,9e,15,6d,db,d8,eb,95,d0,e1,08,e8,3f,16,24,c7,c4,3f,8b,51,e8,

41,d1,f4,3c,0b,d2,d6,b2,f8,c0,f2,52,df,5d,c9,b2,bb,c0,f6,b0,a4,66,7b,8a,15,\

"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

.

[HKEY_USERS\S-1-5-21-840902920-1704781909-3159423318-1000\Software\SecuROM\License information*]

"datasecu"=hex:82,5f,4e,37,f7,b5,e9,84,f4,8c,49,0e,5e,e9,e2,c3,e2,44,9c,b7,87,

b2,36,e8,8f,7e,bc,1d,8f,1c,43,01,db,f2,de,38,89,6e,ab,1d,d4,20,69,45,eb,38,\

"rkeysecu"=hex:dc,44,49,72,7d,37,2a,e1,3b,1d,55,01,31,75,e2,de

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\System32\tcpsvcs.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\windows\system32\nfsclnt.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2012-05-29 16:34:24 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-29 21:34

ComboFix2.txt 2012-05-25 17:59

ComboFix3.txt 2012-05-25 06:43

ComboFix4.txt 2012-05-25 06:18

.

Pre-Run: 30,571,380,736 bytes free

Post-Run: 30,706,405,376 bytes free

.

- - End Of File - - 4D0AB7528D21DB9C3E86EB05CE80EE01

D-FRED-BROWN · May 29, 2012

Go ahead and re-run the System Look search from this previous post: http://forums.malwarebytes.org/index.php?showtopic=110299&view=findpost&p=555766 and include the new log it creates.

BlackenBlue · May 29, 2012

SystemLook 30.07.11 by jpshortstuff

Log created at 17:27 on 29/05/2012 by Shoescifer

Administrator - Elevation successful

========== filefind ==========

That time it look only a few seconds

here ya go

Searching for "partmgr.sys"

C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys ------- 56376 bytes [10:12 26/05/2012] [07:42 19/01/2008] 3B38467E7C3DAED009DFE359E17F139F

C:\Windows\System32\drivers\partmgr.sys --a---- 49256 bytes [08:51 02/11/2006] [09:50 02/11/2006] 555A5B2C8022983BC7467BC925B222EE

C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6000.16386_none_df65518fbd847fbf\partmgr.sys --a---- 49256 bytes [08:51 02/11/2006] [09:50 02/11/2006] 555A5B2C8022983BC7467BC925B222EE

-= EOF =-

D-FRED-BROWN · May 29, 2012

i know I asked you about USB "drives", but do you have anything at all plugged into any of your USB ports? Any printers, card readers, docking stations, etc.?

BlackenBlue · May 29, 2012

Oh erm... I have a GE dual scroll mouse, a logitech G11 keyboard and a small HP printer (that has no power going to it) all of which are connected through my USB ports... could this be an issue?

D-FRED-BROWN · May 29, 2012

Honestly, it could very well be that- I've had past experiences with a computer (Windows XP) refusing to boot after too many USB ports were used up.

Try unplugging the printer and re-running the CFScript. Do you perhaps have a mouse or keyboard that isn't connected through USB, that you could temporariliy use?

BlackenBlue · May 29, 2012

Damn I thought I had a USB -> PS2 converter round here somewhere, suppose not though unfortunately I dont have any user interfaces that don't use USB.....

I unplugged the printer, (it may be worth noting that I have two usb slots in the back and two in front, to avoid any other issues I moved both mouse and keyboard to the back))

since I'm still a little wary of ComboFix I wanted to ensure that this (below) is the CFscript.txt you want me to run

FCopy::

C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys | C:\Windows\System32\drivers\partmgr.sys

Reboot::

D-FRED-BROWN · May 29, 2012

Yep, that's the script.

Usually the printer is the one that causes problems, so I think you should be fine with the mouse and keyboard.

BlackenBlue · May 29, 2012

... Dammit dude, Stop Error on restart again, had to use Startup Repair again to get back here

ComboFix 12-05-25.01 - Shoescifer 05/29/2012 18:00:14.5.2 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2046.969 [GMT -5:00]

Running from: c:\users\Shoescifer\Desktop\ComboFix.exe

Command switches used :: c:\users\Shoescifer\Desktop\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

--------------- FCopy ---------------

.

c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys --> c:\windows\System32\drivers\partmgr.sys

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))

.

2012-05-29 23:07 . 2012-05-29 23:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-05-29 23:07 . 2012-05-29 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp