Jump to content

Need Assistance Removing Malware


Kybone

Recommended Posts

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Hi TwinHeadedEagle,

 

I apologize for the delay. I was out of town without access to the internet since last week. At this point, do you believe everything is okay?

 

I will run the DelFix tool and get back to you.

 

Thanks,

Kyle

Link to post
Share on other sites

Great! Thank you so much for all of your help. Do you have any further tips on anti-malware software, or any other utilities I should run regularly?

 

Also, I have been using the SeaMonkey browser as an alternative to Chrome, FireFox, and IE (my least favorite of all). I have looked into other browsers, and will most likely be downloading Midori next. Do you have any thoughts on this? My primary concern is low memory usage and stability.

 

Thanks again,

Kyle

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Hi TwinHeadedEagle,

 

Thank you for re-opening the message. I apologize for having been away from the computer. I was out of town over the holidays and am getting back into the routine of things.

 

I have been experiencing a variety of issues:

 

1) I have been getting the feared "blue screen" from time to time.

2) Start up time is taking much longer than when the system was cleaned.

3) I have been getting some error messages upon start up

 

I have ran Malwarebytes and it resulted in nothing new.

 

Do you have any advice?

 

Thank you,

Kyle

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

I was running Malwarebytes again at the time of your reply. It took 2 nearly two hours before I was once again greeted with the "blue screen."

 

It automatically restarted, and I have run Farbar, as you instructed. The results are attached.

 

Thanks,

Kyle

Addition.txt

FRST.txt

Link to post
Share on other sites

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Link to post
Share on other sites

TwinHeadedEagle,

 

I did some further poking around, and per the advice of another source, did a Search in Farbar for "services.exe" and came across several versions. I have created a fixlist myself. I will run the fix in Farbar if you agree.

fixlist.txt

Search.txt

Link to post
Share on other sites

I haven't done the fix. I only did a search and it showed FIVE different "services.exe"

 

I wanted to verify with you before doing anything else. Should I not fix the services?

Link to post
Share on other sites

Ok. The scan ran, my computer restarted and I got the blue screen again. It automatically restarted and generated the log file. I have attached it here. Please let me know what to do next.

 

Thanks,

Kyle

ComboFix.txt

Link to post
Share on other sites

Hi THE,

 

I have done as you instructed, and have yet to get the dreaded blue screen! I will let you know if anything happens.

 

Thanks,

Kyle

Link to post
Share on other sites

System Information (local)

computer name: KYLE-PC
windows version: Windows Vista Service Pack 2, 6.0, build: 6002
windows dir: C:\Windows
Hardware: Studio XPS 1640, Dell Inc., 0U785D
CPU: GenuineIntel Intel® Core2 Duo CPU P8600 @ 2.40GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 4257153024 total


 

Crash Dump Analysis

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Wed 1/14/2015 6:32:31 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini011415-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22DBB3)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000006, 0xFFFFF80002A73BB3, 0xFFFFFA60057E16A8, 0xFFFFFA60057E1080)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Wed 1/14/2015 6:32:31 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x7E (0xFFFFFFFFC0000006, 0xFFFFF80002A73BB3, 0xFFFFFA60057E16A8, 0xFFFFFA60057E1080)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug check description: This bug check indicates that a system thread generated an exception that the error handler did not catch.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Wed 1/7/2015 1:49:41 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini010615-04.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22DBB3)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000006, 0xFFFFF80002848BB3, 0xFFFFFA60055A96A8, 0xFFFFFA60055A9080)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Tue 1/6/2015 6:53:23 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini010615-03.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x22DBB3)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000006, 0xFFFFF80002832BB3, 0xFFFFFA60049126A8, 0xFFFFFA6004912080)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Tue 1/6/2015 6:50:53 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini010615-02.dmp
This was probably caused by the following module: Unknown ()
Bugcheck code: 0x0 (0x0, 0x0, 0x0, 0x0)
Error: CUSTOM_ERROR
A third party driver was identified as the probable root cause of this system error.
Google query: CUSTOM_ERROR



On Tue 1/6/2015 4:20:27 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini010615-01.dmp
This was probably caused by the following module: Unknown ()
Bugcheck code: 0x0 (0x0, 0x0, 0x0, 0x0)
Error: CUSTOM_ERROR
A third party driver was identified as the probable root cause of this system error.
Google query: CUSTOM_ERROR



On Sun 1/4/2015 1:52:50 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini010415-02.dmp
This was probably caused by the following module: Unknown ()
Bugcheck code: 0x0 (0x0, 0x0, 0x0, 0x0)
Error: CUSTOM_ERROR
A third party driver was identified as the probable root cause of this system error.
Google query: CUSTOM_ERROR



On Sun 1/4/2015 1:35:18 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini010415-01.dmp
This was probably caused by the following module: Unknown ()
Bugcheck code: 0x0 (0x0, 0x0, 0x0, 0x0)
Error: CUSTOM_ERROR
A third party driver was identified as the probable root cause of this system error.
Google query: CUSTOM_ERROR



On Sat 12/20/2014 5:52:40 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini122014-02.dmp
This was probably caused by the following module: Unknown ()
Bugcheck code: 0x0 (0x0, 0x0, 0x0, 0x0)
Error: CUSTOM_ERROR
A third party driver was identified as the probable root cause of this system error.
Google query: CUSTOM_ERROR



On Sat 12/20/2014 8:48:10 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini122014-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x57AD0)
Bugcheck code: 0x7A (0xFFFFF6FC4003D6C8, 0xFFFFFFFFC0000185, 0x5FE32820, 0xFFFFF88007AD9D64)
Error: KERNEL_DATA_INPAGE_ERROR
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the requested page of kernel data from the paging file could not be read into memory.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



 

Conclusion

28 crash dumps have been found and analyzed. Only 10 are included in this report.
Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further. 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.