Jump to content

Help - computer keeps crashing


Recommended Posts

Hi, recently my antivirus software subscription expired (Trend) and I didn't realize it.  From the day it expired, I've had problems with the computer randomly shutting down on me, or Chrome will crash in the middle of working.  Pandora triggers this especially.  I downloaded ESET NOD32 antivirus software and that's helped a little, but the computer still crashes all the time.

 

attached are the reports I ran. 

 

Thanks!

attach.txt

dds.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

Hi Marius,

 

I completed this step.  My computer crashed the first time I tried to scan it, and the second time I succeeded.  Here is the data:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-10 11:54:29
-----------------------------
11:54:29.353    OS Version: Windows x64 6.2.9200 
11:54:29.353    Number of processors: 4 586 0x2A07
11:54:29.353    ComputerName: KATY  UserName: Katy
11:54:29.478    Initialze error 1 
11:55:06.484    AVAST engine defs: 13091000
11:55:13.016    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003e
11:55:13.016    Disk 0 Vendor: ST500LT012-9WS142 0001SDM1 Size: 476940MB BusType: 11
11:55:13.031    Disk 0 MBR read successfully
11:55:13.047    Disk 0 MBR scan
11:55:13.063    Disk 0 unknown MBR code
11:55:13.078    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
11:55:13.078    Disk 0 scanning C:\Windows\system32\drivers
11:55:13.094    Service scanning
11:55:13.766    Modules scanning
11:55:13.766    Disk 0 trace - called modules:
11:55:13.766    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
11:55:13.781    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e91740]
11:55:13.781    3 CLASSPNP.SYS[fffff88001001fea] -> nt!IofCallDriver -> [0xfffffa80043e3980]
11:55:13.797    5 ACPI.sys[fffff88001167a91] -> nt!IofCallDriver -> \Device\0000003e[0xfffffa80043e3060]
11:55:13.797    AVAST engine scan C:\Windows
11:55:13.813    AVAST engine scan C:\Windows\system32
11:55:13.813    AVAST engine scan C:\Windows\system32\drivers
11:55:13.813    AVAST engine scan C:\Users\Katy
11:55:13.828    AVAST engine scan C:\ProgramData
11:55:13.828    Scan finished successfully
11:55:47.018    Disk 0 MBR has been saved successfully to "C:\Users\Katy\Desktop\MBR.dat"
11:55:47.018    The log file has been saved successfully to "C:\Users\Katy\Desktop\aswMBR.txt"
Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

So that you know: yesterday the computer self-initiated a "refresh", which means it cleaned all the preferences and programs I had installed.  I didn't want it to do this, but I couldn't stop it. 

 

Combofix results:

ComboFix 13-09-10.03 - Katy 09/11/2013   9:39.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3980.2743 [GMT -4:00]
Running from: c:\users\Katy\Downloads\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-11 to 2013-09-11  )))))))))))))))))))))))))))))))
.
.
2013-09-11 14:54 . 2013-09-11 12:15    --------    d-----w-    C:\Windows.old
2013-09-11 14:39 . 2013-09-11 12:11    --------    d-----w-    C:\$SysReset
2013-09-11 12:54 . 2013-09-11 12:54    --------    d-----w-    c:\programdata\P4G
2013-09-11 11:50 . 2013-01-08 00:04    1280768    ----a-w-    c:\windows\system32\FBAgent.exe
2013-09-11 11:31 . 2013-09-11 11:31    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-09-11 11:05 . 2013-09-11 11:05    50784    ----a-w-    c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-09-11 11:05 . 2013-09-11 11:05    17536    ----a-w-    c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-09-11 10:56 . 2013-09-11 11:49    --------    d-----w-    c:\users\Katy
2013-09-11 10:56 . 2013-09-11 10:56    --------    d-----w-    c:\users\guest1
2013-09-04 13:43 . 2013-09-04 13:43    270512    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10215.bin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 11:10 . 2012-07-26 08:13    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S3 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S3 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Katy\AppData\Roaming\Mozilla\Firefox\Profiles\niz18yi4.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-09-11  09:47:15
ComboFix-quarantined-files.txt  2013-09-11 13:47
.
Pre-Run: 424,669,323,264 bytes free
Post-Run: 424,154,152,960 bytes free
.
- - End Of File - - 6BFACD7CC7E1239628A92A2DBF7349CF
 

Link to post
Share on other sites

Looks good!

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v3.003 - Report created 13/09/2013 at 01:08:25
# Updated 07/09/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Katy - KATY
# Running from : C:\Users\Katy\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16384
 

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.73  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 6.0   
Windows Defender           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     11.8.800.168  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Then your computer is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.