Jump to content

Laptop was refusing to start my programs a week ago. Worked around it, but...


Recommended Posts

Hi everyone, I could use some help.

I should have posted this last week when my laptop started acting up, but back then I was in the boonies where my only connection was a cellphone modem that had intermittent service at best, whose top speed was 11% of 460kbps, and I usually had only 2 hours of net access a day, at hours I was typically asleep at...

Anyway, down to business.

A week or so ago my computer started blocking programs shortly after normal startup. I could still run them in safe mode and also a few seconds after normal startup (some of them crashed a minute later though), but afterwards it would give me an error and not start them. I updated my security suite (which was a painfully slow process) then ran a full scan. It removed a couple tracking cookies, but the problem persisted, so I reinstalled and updated MBAM and ran a full scan with that. MBAM reported something wrong with my security center, which was probably because I set it not to nag me about automatic updates/virus protection/firewall since it loaded before my security suite did and kept on telling me I didn't have one.

I managed to work around it by reinstalling the programs I use most, but now that I'm back in town I'd like to have my system looked at before I do a backup.

So here are my logs:

dds.txt

attach.txt

Thanks!

Link to post
Share on other sites

It was this error, mostly: http://support.micro....com/kb/2669244

It started... well, looking at the log myself, more like two weeks ago. My mother pestered me to install iTunes since she wanted to update her copy of Words with Friends (and didn't bring her own laptop). So I buy more net time from my carrier and spend an entire night downloading the installer, only for it not to work once installed. I begin to google for a possible fix, and go through a few blogs and forum links, but mom gets sick of waiting and says never mind, so I say okay, and uninstall it.

Then I decide on a whim to visit the Digimon World Online page and find out that it was its first anniversary, and an event was running. So I update my game and play the event, and even decide to change my phone wallpaper to something Digimon-related... and, while my phone (nokia 5130 c-2) is connected via usb and acting as a modem through Nokia PC Suite's One-Touch Access, I drag an image to my phone memory card's image file folder, but my hand slips and I end up dropping it into the memory card's root directory instead. I remember thinking 'oh, that could be bad', but since nothing happened immediately, I thought nothing of it and changed my wallpaper to that image.

After that, something happened (I don't remember what exactly) that made me restart my computer, only to realize afterwards that my phone was still connected to it the whole time. I think it started acting weird about then... since I remember thinking, 'oh crap, I booted with my phone still on usb.' The first sign that something was amiss was when PC suite refused to start, giving me the error 'loading language failed'. I freaked out for a bit since that was the only way I had to connect to the internet at that time, but it fixed itself after changing my phone wallpaper to something else, moving that image in the root folder into my image folder, then testing a particularly large (1.7ish GB... it was a backup of my Sims installation) archive with 7zip.

So I was a happy camper... except after that, Digimon World Online's launcher refused to start, giving me a memory access error. So I google for a possible fix and was advised to make a .txt file saying 'GDMO.exe true' and rename it into a .bat so I can skip the launcher. So I do that, and it works, but I wonder if I could fix it completely so I restart my computer on using Last Known Good Configuration, except when I did that, everything started giving me that error I linked to at the top.

PC suite gave me the 'loading language failed' error again, so I tried to run MBAM, but then I got Run-time error '383' 'Text' property is read-only. I found out I could still connect to the internet using Network Connections, but I didn't really want to spend another night downloading the MBAM installer, so I used an installer I had downloaded just before the trip to reinstall it... and then MBAM downloads the new version anyway...

So several hours later, MBAM is up and running a full scan. Apart from a few tracking cookies and the usual Security Center issue, there are apparently no problems. But I'm still getting those access errors, and what's worse, my security suite started acting up right after the scan. The text in the main menu got replaced with some generic text... it still ran a scan whenever I connected my phone, though.

So I boot into Safe Mode and lo and behold, everything-- well, not exactly works, but at least the access errors stop. When I restart I find out that it actually takes a few seconds after startup for the errors to start appearing. If, within that small window of time, I started a program, it would run without giving me that error. Of course, getting it to stay running afterwards was a different matter entirely.

I considered doing a system restore, but the thing is, my security suite doesn't like system restores. It stops working and disables my internet everytime I do a restore with it still installed and I can't even uninstall it without reverting the restoration first because of the security suite's self-protection.

Of course if I did that, I would have to reinstall it and update it again from scratch on that crappy connection... so I decided to just screw it and leave fixing it for when I got back home. I figured that if MBAM managed to work after getting reinstalled, then the rest of my stuff would, too. Luckily, I had downloaded most of the installers before I left for the boonies just in case something like this happened, so it wasn't so bad.

And then, when I finally get back home and turn my laptop on, I find, that apart from my security suite (which still had that weird generic text), the problem had gone and fixed itself.

So then I reinstalled it and updated windows, and came here...

Link to post
Share on other sites

  • Staff

Okay thanks for the update.

Please update MBAM, run a Quick Scan, and post its log.

Don't attach anything unless otherwise instructed.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

...Would it be bad to say I already read this thread: http://forums.malwar...howtopic=116991 and thought I'd try what they were doing before posting myself?

I've already run, in this order:

dds.com

RogueKiller

TDSSKiller

ComboFix (twice, since it restarted my computer while I was napping waiting for it to finish the first time, and I missed the part on the guide where it said ComboFix was supposed to close on its own. The second time I was there when it restarted my computer, and my security suite asked if I wanted to block it... repeatedly)

AdwCleaner (on scan, but not on delete)

Security Check (...or maybe not; I can't find checkup.txt)

dds.com (I ran it again just before posting, because I couldn't find the logs from the first scan)

Anyway, here's the logs you asked for. This will be the third time I ran ComboFix.

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.09.11

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Keiichi :: COMPUTER [administrator]

10/10/2012 6:15:02 AM

mbam-log-2012-10-10 (06-29-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 200993

Time elapsed: 13 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

While downloading ComboFix again, I got an an error saying:

ComboFix.exe

This file exists with Read Only attributes.

Please use a different file name.

...so I deleted the old one. Is that ok?

ComboFix 12-10-09.01 - Keiichi 10/10/2012 6:49.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.613 [GMT 8:00]

Running from: c:\documents and settings\Keiichi\Desktop\ComboFix.exe

AV: Outpost Security Suite Pro *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

FW: Outpost Security Suite Pro *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

* Resident AV is active

.

.

.

((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))

.

.

2012-10-08 03:26 . 2012-09-07 09:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-08 03:26 . 2012-10-08 03:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-08 02:04 . 2012-10-08 02:04 -------- d-----w- C:\2a1555a4882c524c9dd684

2012-10-08 00:59 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-10-08 00:22 . 2011-02-02 09:04 242040 ----a-w- c:\windows\system32\drivers\VBEngNT.sys

2012-10-08 00:22 . 2011-06-15 06:21 764880 ----a-w- c:\windows\system32\drivers\SandBox.sys

2012-10-08 00:22 . 2011-06-15 06:22 284632 ----a-w- c:\windows\system32\drivers\afwcore.sys

2012-10-08 00:21 . 2011-03-28 10:55 32472 ----a-w- c:\windows\system32\drivers\afw.sys

2012-10-08 00:21 . 2012-10-09 22:07 -------- d-----w- c:\windows\system32\Filt

2012-10-08 00:21 . 2012-10-08 00:21 -------- d-----w- c:\program files\Agnitum

2012-10-08 00:21 . 2012-10-08 00:21 -------- d-----w- c:\documents and settings\Keiichi\Application Data\Agnitum

2012-10-08 00:20 . 2012-10-08 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum

2012-10-07 23:42 . 2012-06-02 07:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-09-27 06:43 . 2012-09-27 06:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-09-24 00:26 . 2012-09-24 00:28 -------- d-----w- c:\documents and settings\Keiichi\Application Data\vlc

2012-09-23 23:54 . 2012-09-23 23:54 -------- d-----w- c:\documents and settings\Keiichi\Local Settings\Application Data\HandBrake

2012-09-23 23:53 . 2012-09-23 23:54 -------- d-----w- c:\documents and settings\Keiichi\Application Data\HandBrake

2012-09-23 23:41 . 2012-09-24 00:30 -------- d-----w- C:\VideoLAN

2012-09-23 22:10 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll

2012-09-20 01:06 . 2012-09-20 01:20 -------- d-----w- c:\windows\SxsCaPendDel

2012-09-19 17:57 . 2012-09-19 17:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2012-09-19 17:46 . 2012-09-20 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-09-19 17:45 . 2012-09-19 17:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2012-09-13 03:17 . 2012-09-27 08:06 -------- d-----w- c:\program files\Maxis

2012-09-12 23:36 . 2012-09-12 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2012-09-09 23:30 . 2012-10-08 00:16 -------- d-----w- c:\documents and settings\Keiichi\Application Data\DMCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-03 09:30 . 2012-09-03 09:12 477240 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-08-28 15:14 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]

@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]

2011-07-13 13:22 287872 ----a-w- c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-08-10 3138632]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4236:TCP"= 4236:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R0 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [10/8/2012 8:22 AM 764880]

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [10/8/2012 8:21 AM 32472]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [10/8/2012 8:22 AM 284632]

R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [9/2/2011 8:57 PM 26624]

R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [10/8/2012 8:22 AM 78656]

R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2/17/2004 5:58 PM 292352]

R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2/17/2004 5:59 PM 273536]

R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [10/8/2012 8:22 AM 242040]

R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [10/8/2012 8:22 AM 84312]

S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [10/8/2012 8:21 AM 2200832]

S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [1/5/2012 11:42 PM 75624]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [3/1/2012 4:26 AM 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [3/1/2012 4:26 AM 8576]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - VBCoreNT.0

*Deregistered* - VBCoreNT.1

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.15.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-10 07:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\VBCoreNT.1]

"ImagePath"="\SystemRoot\System32\Filt\tmp\tku63k63.vbt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-789336058-1060284298-1957994488-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):6a,5c,b1,9b,ed,16,2d,aa,cf,3f,ef,2f,4f,43,54,f4,b6,f3,7e,78,98,

ef,39,4a,a2,49,4b,48,fb,56,75,e7,16,bc,68,a3,ff,d3,85,e5,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a4ed483a-b2f6-47f2-b9e0-b835c7616c3a}]

@Denied: (Full) (Everyone)

"Model"=dword:00000119

"Therad"=dword:0000001e

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\l3codeca.acm

c:\windows\system32\mp3fhg.acm

c:\windows\system32\divxa32.acm

c:\windows\system32\vorbis.acm

c:\windows\system32\ac3acm.acm

c:\windows\system32\lameACM.acm

c:\windows\system32\IEFRAME.dll

.

- - - - - - - > 'explorer.exe'(2236)

c:\windows\system32\WININET.dll

c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2012-10-10 07:07:20

ComboFix-quarantined-files.txt 2012-10-09 23:07

.

Pre-Run: 20,086,095,872 bytes free

Post-Run: 20,114,976,768 bytes free

.

- - End Of File - - 4EB29C22D67D9FD581949361E94B4636

And here's the new dds log.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30

Run by Keiichi at 8:15:22 on 2012-10-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.560 [GMT 8:00]

.

AV: Outpost Security Suite Pro *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

FW: Outpost Security Suite Pro *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe" -automount

mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost security suite pro\ie_bar.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349652649473

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

TCP: DhcpNameServer = 192.168.15.1

TCP: Interfaces\{BF7F4C15-821D-4C17-BE39-5434750F6786} : DhcpNameServer = 192.168.15.1

.

============= SERVICES / DRIVERS ===============

.

R0 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2012-10-8 764880]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2012-10-8 32472]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2012-10-8 284632]

R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [2011-9-2 26624]

R3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2012-10-8 78656]

R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2004-2-17 292352]

R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2004-2-17 273536]

R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2012-10-8 242040]

R3 VBFilt;VBFilt;c:\windows\system32\filt\VBFilt.dll [2012-10-8 84312]

S2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2012-10-8 2200832]

S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-3-1 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-3-1 8576]

.

=============== Created Last 30 ================

.

2012-10-08 17:38:28 -------- d-sha-r- C:\cmdcons

2012-10-08 17:18:37 256000 ----a-w- c:\windows\PEV.exe

2012-10-08 17:18:37 208896 ----a-w- c:\windows\MBR.exe

2012-10-08 17:18:36 518144 ----a-w- c:\windows\SWREG.exe

2012-10-08 17:18:35 98816 ----a-w- c:\windows\sed.exe

2012-10-08 03:26:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-08 03:26:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-08 02:04:09 -------- d-----w- C:\2a1555a4882c524c9dd684

2012-10-08 00:59:21 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-10-08 00:22:32 242040 ----a-w- c:\windows\system32\drivers\VBEngNT.sys

2012-10-08 00:22:31 764880 ----a-w- c:\windows\system32\drivers\SandBox.sys

2012-10-08 00:22:20 284632 ----a-w- c:\windows\system32\drivers\afwcore.sys

2012-10-08 00:21:45 32472 ----a-w- c:\windows\system32\drivers\afw.sys

2012-10-08 00:21:32 -------- d-----w- c:\windows\system32\Filt

2012-10-08 00:21:32 -------- d-----w- c:\program files\Agnitum

2012-10-08 00:21:32 -------- d-----w- c:\documents and settings\keiichi\application data\Agnitum

2012-10-08 00:20:57 -------- d-----w- c:\documents and settings\all users\application data\Agnitum

2012-10-07 23:42:20 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-09-23 23:54:20 -------- d-----w- c:\documents and settings\keiichi\local settings\application data\HandBrake

2012-09-23 23:53:26 -------- d-----w- c:\documents and settings\keiichi\application data\HandBrake

2012-09-23 23:41:46 -------- d-----w- C:\VideoLAN

2012-09-23 22:10:03 221184 ----a-w- c:\windows\system32\wmpns.dll

2012-09-20 01:06:58 -------- d-----w- c:\windows\SxsCaPendDel

2012-09-19 17:46:24 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-09-13 03:17:45 -------- d-----w- c:\program files\Maxis

.

==================== Find3M ====================

.

2012-09-03 09:30:37 477240 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 8:16:10.86 ===============

Link to post
Share on other sites

Yes. I got a blue screen while loading windows earlier, and my laptop's at it again.

Well, when I started the thread, I just wanted to know if it was safe to back up my files so I could do a clean reinstall of Windows. I mean, I wouldn't want to put whatever's wrong with my laptop right back in afterwards.

I ran all those tools before I started this thread, thinking the person in the other topic and I had similar problems, but when I thought about it, maybe they weren't so similar after all, so I posted this thread.

Link to post
Share on other sites

  • Staff

Hi,

Let's see what caused the blue screen first. I highly doubt this is malware related. If it were me, I would just backup your important documents, photos, etc., then format your hard drive and reinstall Windows.

Download BlueScreenView and save it to your Desktop.

  • Double click on BlueScreenView.exe file to run the program.
  • When it finishes scanning, click Edit --> Select All.
  • Click File --> Save Selected Items
  • Save the report as BSOD.txt to your Desktop.
  • Post the contents of BSOD.txtin your next reply.

Link to post
Share on other sites

...BlueScreenView isn't giving me anything. (Maybe it's because I ran CCleaner yesterday.)

Well, since it doesn't appear to be a malware problem, I guess I'll just go ahead and back up my stuff then reformat and reinstall Windows... unless there's anything else I need to do?

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.