Jump to content

Internet Browser Issues. Also Blue Screen of Death, Restarts


Recommended Posts

Hi,

Currently need help.

Issues encountered:

1. I first had search engine issues. Eg I'd search on Hotmail, get results. Click on a result that was meant to go to hotmail.com

Instead it went to some irrelevant site. Issue has been there for a few weeks?

2. So I did a system restore yesterday. This caused more issues.

Upon my startup programs finishing loading, right near the end, I get a blue screen of death and it restarts.

3. Undoing the restore caused the same thing. Now it seems to have ceased and I can at least do things but restarts also occurred when running some virus scan/anti-spyware programs.

4. Firefox and Internet explorer now do not work. When opening they crash right away or load a page cannot be displayed. Chrome works fine though.

5. I've tried to use Malwarebytes' program to clean out whatever is killing my machine. It will not open up.

Can anyone please assist with what I can do to fix this problem. eg do I do something in safe mode? Something in normal mode. how do I run Malwarebytes's program

Sam

Link to post
Share on other sites

Hi,

Got home and started doing as per this webpage: http://www.malwarebytes.org/forums/index.php?showtopic=9573

Ran Malwarebytes' Anti-Malware (got it to work by changing its name) with quick scan. Nothing really found that was bad or removed. Log file:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4897

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

21/10/2010 5:39:06 PM

mbam-log-2010-10-21 (17-39-06).txt

Scan type: Quick scan

Objects scanned: 178469

Time elapsed: 7 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Samuel\downloads\anti-malware-pro-v04.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Windows\System32\VolumeMSPrLam.dll (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.

Defrogger went fine. Disabled and restarted. Results file:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 18:53 on 21/10/2010 (Samuel)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

Unable to read sptd.sys

SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

DDS, ran 3 to 5 times. It never produced any the 2 result log files.

GMER Rootkit Scanner, downloaded and ran. Again never completed. It either crashed and closed down, or if I ran as administrator, it eventually gave blue screen of death and restarted PC. This occurred in both normal startup and safe mode.

I have not re-run De-Frogger yet since my system is definitely not clean yet.

So it seems fairly unhealthy since I cannot even complete DDS or GMER. Does any expert know what to do?

Please help,

Sam

Hi,

Currently need help.

Issues encountered:

1. I first had search engine issues. Eg I'd search on Hotmail, get results. Click on a result that was meant to go to hotmail.com

Instead it went to some irrelevant site. Issue has been there for a few weeks?

2. So I did a system restore yesterday. This caused more issues.

Upon my startup programs finishing loading, right near the end, I get a blue screen of death and it restarts.

3. Undoing the restore caused the same thing. Now it seems to have ceased and I can at least do things but restarts also occurred when running some virus scan/anti-spyware programs.

4. Firefox and Internet explorer now do not work. When opening they crash right away or load a page cannot be displayed. Chrome works fine though.

5. I've tried to use Malwarebytes' program to clean out whatever is killing my machine. It will not open up.

Can anyone please assist with what I can do to fix this problem. eg do I do something in safe mode? Something in normal mode. how do I run Malwarebytes's program

Sam

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hi Elise,

Currently at work so I will have to do the steps you've mentioned tonight.

My Firefox and Internet Explorer are now working again from what I tried before arrived at work. So that is good.

But I still am getting the search redirect issue.

So do I still to go through with what you've responded with or go I back to trying to run DSS and GMER??

Sam

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Ok no problem. So are you stating to uninstall any registry cleaner/s once we've finished here and issues are rooted out?

Also this link did not work. http://www.pcsupportadvisor.com/sasample/E1209.pdf

Log attached.

Sam

Hello there,

I notice the presence of Uniblue Registry Booster Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners for several reasons.

Link to post
Share on other sites

Also restarted upon posting the previous post. Got an error popup during loading startup programs.

Whether it will help, or it's just a once-off and nothing to worry about, not sure.

Image attached

Ok no problem. So are you stating to uninstall any registry cleaner/s once we've finished here and issues are rooted out?

Also this link did not work. http://www.pcsupportadvisor.com/sasample/E1209.pdf

Log attached.

Sam

post-56246-1287784691_thumb.jpg

Link to post
Share on other sites

Hi again, please let me know how things are running after the following fix.

Best is indeed to uninstall any reg cleaners. I see you also have registry mechanic. Of course it is up to you, but as explained they really do not improve things and in worst case can mess up things pretty badly.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kcxekj"=-

File::
c:\users\Samuel\AppData\Roaming\mscdexnta.dll
c:\windows\System32\drivers\jxbfok.sys

Driver::
vwohlohv

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi Elise,

I have now uninstalled any registry cleaners. Removed RegMechanic and RegBooster

Things are going well. They became well from yesterday when the browsers were working again.

And somehow my system became faster too. It has stayed this way since running your directions like Combo-Fix.

I re-ran Conbo-Fix again, results attached.

One thing is, I killed the PC upon shutting down (held power button on CPU box for over 5 seconds) as it seemed to just die and I could not move the mouse or anything.

Upon restarting, I chose to do normally by-passing safe mode or any other method.

Now I got screen (image attached) that said it could not save results... yet I still got a results file (also attached) Whether this is normal........

Let me know when I can re-enable things like Windows Defender which were disabled as per earlier instructions.

Please let me know of results.

I've also noticed that eg I deleted the internet explorer shortcut on desktop earlier today, yet now it's there again. Same for another desktop shortcut. From seeing one of the result logs earlier this was deleted:

[Torrentsworld.net] - WWE Elimination Chamber 2010 HDTV XviD-XS torrent [torrentfantasies net].torrent

Yet it is still there.

Let me know what to do. Or eg whether I have to re-run again and just let it run no matter how long it takes to shut down.

Thanks,

Sam

Hi again, please let me know how things are running after the following fix.

Best is indeed to uninstall any reg cleaners. I see you also have registry mechanic. Of course it is up to you, but as explained they really do not improve things and in worst case can mess up things pretty badly.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kcxekj"=-

File::
c:\users\Samuel\AppData\Roaming\mscdexnta.dll
c:\windows\System32\drivers\jxbfok.sys

Driver::
vwohlohv

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

post-56246-1287827257_thumb.jpg

ComboFix.txt

Link to post
Share on other sites

I shut down after report was complete. Unlike last time, upon loading start-up programs, this time I got no \Roaming\mscdexnta.dll error so that's good.

Hi Elise,

I have now uninstalled any registry cleaners. Removed RegMechanic and RegBooster

Things are going well. They became well from yesterday when the browsers were working again.

And somehow my system became faster too. It has stayed this way since running your directions like Combo-Fix.

I re-ran Conbo-Fix again, results attached.

One thing is, I killed the PC upon shutting down (held power button on CPU box for over 5 seconds) as it seemed to just die and I could not move the mouse or anything.

Upon restarting, I chose to do normally by-passing safe mode or any other method.

Now I got screen (image attached) that said it could not save results... yet I still got a results file (also attached) Whether this is normal........

Let me know when I can re-enable things like Windows Defender which were disabled as per earlier instructions.

Please let me know of results.

I've also noticed that eg I deleted the internet explorer shortcut on desktop earlier today, yet now it's there again. Same for another desktop shortcut. From seeing one of the result logs earlier this was deleted:

[Torrentsworld.net] - WWE Elimination Chamber 2010 HDTV XviD-XS torrent [torrentfantasies net].torrent

Yet it is still there.

Let me know what to do. Or eg whether I have to re-run again and just let it run no matter how long it takes to shut down.

Thanks,

Sam

Link to post
Share on other sites

I've also noticed that eg I deleted the internet explorer shortcut on desktop earlier today, yet now it's there again.
Combofix indeed stores some default settings. Mainly so a user can access internet explorer, in case malware had hidden it.

P2P WARNING

-------------------

Going over your logs I noticed that you have LimeWire installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Hi,

Uninstalled and installed latest Java. Then ran MBAM.

Log here:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4924

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

24/10/2010 10:42:14 AM

mbam-log-2010-10-24 (10-42-14).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 444677

Time elapsed: 11 hour(s), 40 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

What next?

Sam

Combofix indeed stores some default settings. Mainly so a user can access internet explorer, in case malware had hidden it.

P2P WARNING

-------------------

Going over your logs I noticed that you have LimeWire installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Looks good! Do you have any problems left? Lets do one last scan to check for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Looks all ok. Haven't noticed any problems.

ESET result attached

Looks good! Do you have any problems left? Lets do one last scan to check for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png


      ESETScan.txt
Link to post
Share on other sites

Nothing serious there, just some leftovers. Which means you are good to go! :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete Rootkit Unhooker and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Thanks for your help. Great work. Appreciate it!

You can close this then.

Nothing serious there, just some leftovers. Which means you are good to go! :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete Rootkit Unhooker and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.