Jump to content

Recommended Posts

Hello, Can someone help me please?

Running a Windows 8.1. System and got a BSOD. After a few restarts i finally got through but I wasnt able to do a refresh or a restore. (all this started after taking my computer to a repair store to replace keyboard form spilling water on it). It is running slow now ... I ran Avira, Malwarebytes, CCleaner, SpybotS&D, and only found one entry from Spybot. After removing it it did seem to run faster but at time things take a while ..for instance when i rightcick an Icon it took a while before the menu came up. Here is the hijacthis log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:17:14 PM, on 12/29/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Monica\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 8166 bytes
 
Link to post
Share on other sites

If you think that you're infected, please post the HiJackThis logfile over in the Malware Removal forums at this link:  https://forums.malwarebytes.org/index.php?/forum/7-malware-removal-help/

 

For BSOD help please provide this information so we can provide a complete analysis (from the Pinned Topic at the top of the forum):  https://forums.malwarebytes.org/index.php?/topic/170037-blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

Should you have problems with the perfmon report, please disregard it (I don't use it very much anyway).

Should the app lock up for more than 15 minutes while searching for Network information (it does this in my copy of W10), go ahead and kill the app. 
Then navigate to the Documents folder and zip up the 18 reports in the SysnativeFileCollectionApp folder - then upload that with your next post.

If that doesn't work, then you can try this new app (from a friend of mine):  http://omgdebugging.com/bsod-inspector/
When done a Notepad document will open with the name of the file and it's location.
By default it'll be a .zip file located on your Desktop
Simply upload the .zip file with your next post and we'll move on from there.
***********************************************************************************************************

 

Link to post
Share on other sites

I'm running late for work, but wanted to post back here quickly.

There's no sign of BSOD's after a quick look at the reports.

As such, the BSOD's are most likely due to hardware problems (this isn't 100% - but it's enough to get a start).

Please start with these free hardware diagnostics:  http://www.carrona.org/hwdiag.html

 

I'll post back later today or in the AM (UTC-5, East Coast of the US).

Link to post
Share on other sites

Hey. I dont have any blank Cd's. SO I am unable to do the boot scans. I did however (before your reply)
 run a SFC command it could not repair the errors, I then attempt the Dism /Online /Cleanup-Image /RestoreHealth
and I get error 0x80240021 DISM Failed. No operation was performed.
When doing the Diskpart command I get alot of partitions...is this typical?

Partition 1 recovery
Partition 2 system
Partition 3 reserve
Partition 4 primary
Partition 5 recovery
Partition 6 primary

I'm trying to upload the CBS and dism logs. but the cbs wont upload file is too bigdism.log....

Link to post
Share on other sites

I didn't see your last post before I responded.  I'll address it later on in this post.

 

 

Your UEFI/BIOS (version F.37) dates from 2013.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  FYI, there are many Windows Update failures in the WER section of the MSINFO32 report.  Please let us know if you have difficulty in getting Windows Updates.

 

No evidence of BSOD's in the WER section of MSINFO32 (the cleaning of the system may have removed them also).

I'd suggest posting over in the Am I Infected section for more specific assistance:    http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

 

The partitions that you list are normal.  Windows takes up 5 or 6 and then the OEM manufacturer can add more.

I don't know how to read DISM logs (or CBS logs).

But to get the CBS log uploaded - just upload it to a free file hosting service (such as OneDrive or DropBox) and post a link to it here.

I'd suggest doing this in the Windows 8 forums where those with more experience can take a look at it. Make sure to mention the CBS log in the topic title.

While waiting for help there, try these things:

 

There's not many experts at fixing Windows Updates.
I am not one of them.
But the few experts that there are a sorely overworked - so getting a reply will be difficult.
I'll continue to attempt to help here, but please bear with me.


First, please try the Windows Update troubleshooter/fixes listed here:
Windows Update Troubleshooter:  https://support.microsoft.com/en-us/gp/windows-update-issues/en-us
Windows Update Troubleshooter KB article:  https://support.microsoft.com/en-us/kb/2714434
Reset Windows Update Components KB article:  https://support.microsoft.com/en-us/kb/971058

Then, if that doesn't fix the Windows Update problem, please do the following 2 things. (copied from here:  http://www.sysnative.com/forums/windows-update/4736-windows-update-forum-posting-instructions.html):

 

Run SFCFix

    This free tool of neimiro's creation (see above link) is a very good starting point for the diagnosis and repair of all Windows Update and System File Checker corruptions. We therefore need you to run this tool prior to collecting logfiles.

        -  First download and run a copy of the tool from http://www.sysnative.com/niemiro/apps/SFCFix.exe.
        -  Work through any on-screen prompts and then await completion (runtime is approximately 15 minutes).
        -  Once it has finished, if there are any unrepaired corruptions (the tool will notify you if it has succeeded in repairing all corruptions if they're simple in which case we're no longer needed) or unresolved problems with your computer, you need to post us the complete logfile which opens on exit. Simply copy (Ctrl-A, Ctrl-C) and paste (Ctrl-V) the entire logfile into your new thread (also know as a 'topic'). How to create a new thread is shown later on in this post.

Export CBS folder
NOTE:  This is not for me (I can't read them).  This is in case you decide to post in the OS forums asking for help from the experts. 

        -  On Windows 8/10, press the Windows key, type This PC, and press Enter.
        -  On Windows Vista/7, click the Start button StartButton_16x16.gif then click Computer.
        -  Double-click on the C: drive, under the Hard Disk Drives category, and then scroll down to, and double click on the Windows folder.
        -  Find and double click on the Logs folder.
        -  Right-click on the CBS folder, and select Copy.
        -  Go back to your Desktop, right-click on it, and select Paste. You should now see a copy of the CBS folder appear on your Desktop called CBS.
        -  Right-click on this new folder, and navigate through Send to, and select Compressed (zipped) folder.
        -  A new file, also called CBS (CBS.zip), but this time with a different icon, will be created.


As for the first item (SFCFix), just copy and paste into your post as indicated.
For the second item (CBS log), if you'd like it analyzed, start a post in the OS forums, then zip it up and upload it with your next post there (it's not needed in this topic as I can't read it).
If it's too big to upload (or you get an error), just upload it to a free file hosting service (such as OneDrive or DropBox).  Ensure that it's shared and then post a link to it here.
Link to post
Share on other sites

Sorry for not being more specific (I forgot I was at MalwareBytes :(  ).

I meant the Bleeping Computer Windows 8 forums located here:  http://www.bleepingcomputer.com/forums/f/209/windows-8-and-windows-81/

 

But you can also get help with CBS logs at:

- http://www.sysnative.com

- http://www.eightforums.com

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.