Jump to content

I'm infected


Recommended Posts

Here's the symptoms:

Windows 7 with SP1 32 bit on a Dell Optiplex.

When booted fresh performance is great. Starts to slow down after a few hours; if I don't do anything about it, it grinds to nearly a halt. Takes forever to launch windows, apps go into "not responding" mode.

Looking at Taskmgr and Resource Monitor, I see that CPU usage is at 100%. The two processes using most of it are the NT Kernel and System Interrupts. One or two other processes will grab maybe 5-10% for a fraction of a second in an apparent round-robin pattern.

I have installed the paid-version of Malwarebytes and Xoftspyse, both have run repeatedly and not found malware. Malwarebytes HAS found registry issues and cleaned them, but with no affect.

In reading various blogs I've seen suggestions that when the Sys Interrupts is thrashing like mine, the actual issue is something in another process generating a flood of not-handle-able interrupts. Before all this started, I was using McAfee with all its options. Firewall, site advisor, malware blocker, etc. It had gotten to the point where McAfee was hogging the pc. It seemed to want to download updates every few hours, then launch a full scan even though I had those scheduled for once a week. I would cancel the downloads but could not interrupt the scans. Even if it was not scanning or downloading, it was using cpu and I suspected generating the interrupts. I deinstalled it to see what would happen. After reboot the system appeared great for a few hours, then back to same.

Looking at what else is doing anything I looked for background processes that run constantly. Two that appeared to be busy for no good reason were the Windows Media Player network module and the Windows indexer. I scanned their images specifically with mwb but it found nothing. I used msconfig to prevent their starting and rebooted. While the system ran like a champ after that for a time, this morning it is back to 100% flatlined CPU without them. I also started windows in safe mode and ran mwb, but found nothing.

Now I am following the steps outline in the pinned post "what do I do" if MWB fails to rectify.

Please note:

- The several annotations in the Attach file about processes terminating unexpectedly are from me killing them to see if anything would change.

- The mbam log zip contains two logs from June 14 - I ran one for C: drive only, then ran another to look at my USB drive G:

- I also attach an mbam log from June 1, when nine files were found to be infected with a Trojan. Those files have been on my pc since 2005. The ones on G: are from backups I ran since then.

Thanks!

Don Cooley

Here is dds.txt:

========================================================

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Don at 9:53:50 on 2011-06-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2037.1247 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\AERTSrv.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Windows\system32\dlcjcoms.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\XoftSpySE6\XoftSpySE.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uStart Page = about:blank

uWindow Title = Internet Explorer provided by Dell

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex

\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [XoftSpySE] "c:\program files\xoftspyse6\XoftSpySE.exe" -NM -hidesplash

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:

\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: bemopro.com\pwa

Trusted Zone: go.com\espn

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9B57C630-AA6E-440D-8D44-D34542E5531A} - hxxps://www103.livemeeting.com/etc/static/CHArapid2/2011-02-04-19-44-

58/MailObjects.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DDF05789-6DC3-44B0-BBD9-234215A70398} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared

\office14\MSOXMLMF.DLL

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\c42fs3w6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\c42fs3w6.default\extensions

\browserhighlighter@ebay.com\components\Shim.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\don\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\don\appdata\roaming\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\users\don\appdata\roaming\mozilla\firefox\profiles\c42fs3w6.default\extensions\{195a3098-0bd5-4e90-ae22-

ba1c540afd1e}\plugins\npGarmin.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 216008]

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-1 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-31 22712]

R3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2010-9-29 582424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9d5a9204d8fc3;Google Update Service (gupdate1c9d5a9204d8fc3);c:\program files\google\update\GoogleUpdate.exe

[2009-5-15 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-15 133104]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-13 80136]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-13 35368]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-13 34376]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-13 40648]

S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2009-9-9 55176]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared

\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-17 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-19 1343400]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\microsoft sql server\100\shared\sqladhlp.exe"

--> c:\program files\microsoft sql server\100\shared\SQLADHLP.EXE [?]

S4 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader

\NitroPDFReaderDriverService.exe [2011-1-14 196912]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn

\sqlagent.exe" -i sqlexpress --> c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [?]

.

=============== Created Last 30 ================

.

2011-06-15 13:31:30 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}

2011-06-15 02:56:35 -------- d-----w- c:\program files\common files\XoftSpySE

2011-06-15 00:36:36 -------- d-----w- c:\users\don\appdata\local\PackageAware

2011-06-14 12:32:40 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f13043f4-09a0-

45ac-b49d-2418d56cdf4a}\mpengine.dll

2011-06-13 21:37:08 -------- d-----w- C:\10ffcb2ba65a1833da

2011-06-13 20:56:32 -------- d-----w- C:\c52d95bfce19470e4e35003f6308

2011-06-12 11:22:14 -------- d-----w- c:\windows\pss

2011-06-12 09:46:01 -------- d-----w- c:\programdata\XoftSpySE

2011-06-12 09:45:55 -------- d-----w- c:\program files\XoftSpySE6

2011-06-12 03:13:13 319456 ----a-w- c:\windows\DIFxAPI.dll

2011-06-11 13:40:11 -------- d-----w- c:\users\don\appdata\roaming\DriverCure

2011-06-11 13:40:10 -------- d-----w- c:\users\don\appdata\roaming\ParetoLogic

2011-06-11 13:37:51 -------- d-----w- c:\program files\common files\ParetoLogic

2011-06-11 13:37:47 -------- d-----w- c:\programdata\ParetoLogic

2011-06-11 13:37:47 -------- d-----w- c:\program files\ParetoLogic

2011-06-10 01:08:02 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore

\Microsoft.MediaCenter.Sports.UI.dll

2011-06-10 01:07:48 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup

\markup.dll

2011-06-10 01:07:37 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll

2011-06-10 01:07:34 539968 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight

\SpotlightResources.dll

2011-05-31 18:46:57 -------- d-----w- c:\users\don\appdata\roaming\Malwarebytes

2011-05-31 18:41:25 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-31 18:41:19 -------- d-----w- c:\programdata\Malwarebytes

2011-05-31 18:41:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-31 18:41:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-30 13:05:24 -------- d-----w- C:\57a0664707972d764301e629853f03b1

2011-05-28 15:01:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-25 21:34:32 -------- d-----w- c:\users\don\appdata\roaming\MS

2011-05-25 21:34:32 -------- d-----w- c:\users\don\appdata\local\MS

2011-05-25 13:46:06 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-24 22:18:27 -------- d-----w- C:\Office Samples

2011-05-18 00:30:43 -------- d-----w- c:\windows\system32\SPReview

2011-05-18 00:02:59 81920 ----a-w- c:\windows\system32\userenv.dll

2011-05-18 00:01:43 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-05-18 00:01:43 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-05-18 00:01:43 363008 ----a-w- c:\windows\system32\wbemcomn.dll

2011-05-18 00:01:43 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-05-18 00:01:26 697344 ----a-w- c:\windows\system32\SmiEngine.dll

2011-05-18 00:01:16 209920 ----a-w- c:\windows\system32\PkgMgr.exe

2011-05-18 00:01:16 189952 ----a-w- c:\windows\system32\wdscore.dll

2011-05-18 00:00:28 323072 ----a-w- c:\windows\system32\drvstore.dll

2011-05-18 00:00:27 257024 ----a-w- c:\windows\system32\dpx.dll

2011-05-17 23:00:18 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-05-17 23:00:17 219136 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-05-17 22:17:21 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-05-17 18:47:14 -------- d-----w- c:\program files\Microsoft SQL Server

2011-05-17 18:45:59 -------- d-----w- C:\1caeb1888929657969af305bc6

2011-05-17 15:48:34 -------- d-----w- c:\program files\MSDN

2011-05-17 15:43:38 -------- d-----w- c:\users\don\appdata\local\Microsoft_Corporation

2011-05-17 03:36:27 -------- d-----w- c:\program files\Business Objects

2011-05-17 03:35:41 -------- d-----w- c:\program files\Microsoft Device Emulator

2011-05-17 02:16:02 -------- d-----w- c:\programdata\PreEmptive Solutions

2011-05-16 23:20:45 -------- d-----w- c:\program files\HTML Help Workshop

2011-05-16 23:20:44 -------- d-----w- c:\program files\CE Remote Tools

2011-05-16 23:04:53 75792 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document

explorer 2008\install.res.2052.dll

2011-05-16 23:04:52 97296 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document

explorer 2008\install.res.1036.dll

2011-05-16 23:04:52 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document

explorer 2008\install.res.3082.dll

2011-05-16 23:04:52 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document

explorer 2008\install.res.1031.dll

2011-05-16 23:04:52 95248 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document

explorer 2008\install.res.1040.dll

2011-05-16 23:04:52 91152 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document

explorer 2008\install.res.1033.dll

2011-05-16 23:04:52 81424 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document

explorer 2008\install.res.1041.dll

2011-05-16 23:04:52 79888 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document

explorer 2008\install.res.1042.dll

2011-05-16 23:04:52 76304 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document

explorer 2008\install.res.1028.dll

2011-05-16 23:04:52 562688 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document

explorer 2008\install.exe

.

==================== Find3M ====================

.

2011-05-18 00:41:35 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-03-30 16:51:44 34376 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2011-03-30 16:51:42 40648 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2011-03-30 16:51:42 216008 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-03-30 16:51:36 80136 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-03-30 16:51:36 35368 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 02:57:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

.

============= FINISH: 9:55:00.61 ===============

Attach.zip

mbam-log-2011-06-14 (21-12-55).zip

ark.txt

mbam-log-2011-06-01 (19-30-41).zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Doubt this is malware related.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

See if the behavior persists there.

Next (back in Normal Mode), please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Doubt this is malware related.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

See if the behavior persists there.

Next (back in Normal Mode), please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Thanks.

When I ran in safe mode the issue was not present. However, what I've observed since posting the above is that after a reboot the issue is gone. As long as I stay active it stays gone. If I leave the machine long enough for the windows timeout to display the login screen, then when I click my login icon and the system resumes, the cpu usage goes to 100 and stays until I reboot. Illustration attached. I've not tried leaving it alone in safe mode to see what happens. I'll try that later, but will go ahead with the pcpitstop test now.

post-84497-0-50529000-1308311276.jpg

Link to post
Share on other sites

PC Pitstop tests won't run. I used IE9, confirmed activeX was enabled as instructed, disabled popup blocker, etc. It says it can't install; when I run its activeX test, it says "ActiveX is not supported"

Their explanation says: "If you see the message 'ActiveX is not supported', then your browser doesn't recognize ActiveX at all. Netscape, Opera, or other browsers usually do not support ActiveX. "

I'm posting this to their forum as well.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Doubt this is malware related.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

See if the behavior persists there.

Next (back in Normal Mode), please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Still no luck with PCPitstop but I ran Windows Performance Analyzer and let the system time out and resumed it. The etl is attached. It looks like halmacpi.dll is quiet before timeout, then chattering after resume. Could it be infected, or just bad code from MS? Can/should I replace this dll?

Link to post
Share on other sites

Hi,

Click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

-screen317

Looks like it is not happy with master file table.

I deleted all the progress records:

The type of the file system is NTFS.

The volume is in use by another process. Chkdsk

might report errors when no corruption is present.

Volume label is OS.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...

File verification completed.

334 large file records processed.

0 bad file records processed.

0 EA records processed.

108 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...

Index verification completed.

0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...

Security descriptor verification completed.

35238 data files processed.

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

The master file table's (MFT) BITMAP attribute is incorrect.

The Volume Bitmap is incorrect.

Windows found problems with the file system.

Run CHKDSK with the /F (fix) option to correct these.

297169239 KB total disk space.

72773732 KB in 220383 files.

113452 KB in 35239 indexes.

0 KB in bad sectors.

437619 KB in use by the system.

65536 KB occupied by the log file.

223844436 KB available on disk.

4096 bytes in each allocation unit.

74292309 total allocation units on disk.

55961109 allocation units available on disk.

Link to post
Share on other sites

  • Staff

Looks like a lot of hard drive corruption here. It may be the cause of your issues.

Click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk /f

Press Enter.

It should prompt you to reboot to do the disk check. Follow the prompts and let it.

Reboot and follow the instructions in post #6 again. Post the log. Also see if there's any improvement.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.