Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Several Infections


  • This topic is locked This topic is locked

#16
klown69

klown69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
No it doesn't give a reason. Just" Windows recovered from a serious error". It started doing it more after I added my gmail back onto my IE home pages list. As long as I don't log into my gmail it seems to do ok. Is it possible I have something residing in my email?
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep it appears to be that - so I will use a programme that looks there where I cannot see

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#18
klown69

klown69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
ComboFix 11-07-17.03 - Klown 07/17/2011 19:25:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2810 [GMT -5:00]
Running from: c:\documents and settings\Klown.KELLY-CBA445F79\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Klown\Templates\5162qny2ob203v1p2ryg257h14
c:\documents and settings\Klown\WINDOWS
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))
.
.
2011-07-15 15:14 . 2011-07-15 15:14 -------- d-----w- C:\VideoLAN
2011-07-15 14:49 . 2011-07-15 14:49 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-07-15 13:41 . 2011-07-15 13:41 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows1\system32\win32k.sys
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows1\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows1\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows1\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows1\system32\winsrv.dll
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows1\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ------w- c:\windows1\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows1\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ------w- c:\windows1\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows1\system32\drivers\mup.sys
2011-06-22 22:16 . 2011-05-05 23:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows1\system32\drivers\aswSnx.sys [7/15/2011 8:42 AM 441176]
R1 aswSP;aswSP;c:\windows1\system32\drivers\aswSP.sys [7/15/2011 8:42 AM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows1\system32\drivers\aswFsBlk.sys [7/15/2011 8:42 AM 19544]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bartlettfirstassembly.com/
TCP: DhcpNameServer = 10.1.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-17 19:40:58
ComboFix-quarantined-files.txt 2011-07-18 00:40
.
Pre-Run: 196,365,619,200 bytes free
Post-Run: 196,808,605,696 bytes free
.
- - End Of File - - DADFC0B10FF97D30203E76CA2B680BDE
  • 0

#19
klown69

klown69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Ron had me run WhoCrashed and suprisingly Avast seems to be the culprit for the crashes. He has uninstalled Avast and now has MSE installed and it is running it's first scan.

Edited by klown69, 17 July 2011 - 08:03 PM.

  • 0

#20
klown69

klown69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Just ran the scan using MSE resulted no threats. We will see if this stops the crashes.
  • 0

#21
klown69

klown69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Error signature
BCCode:1000000a BCP1 : 00000000 BCP2 : 00000002 BCP3 : 00000001
BCP4 : 80522718 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

C:\DOCUME~1\KLOWN~1.KEL\LOCALS~1\Temp\WER14e2.dir00\Mini071711-02.dmp
C:\DOCUME~1\KLOWN~1.KEL\LOCALS~1\Temp\WER14e2.dir00\sysdata.xml

This is what the serious error log said.... not sure if it will help but the computer restarted on it's own after the screensaver had run for about 15 minutes. No one even touched the keyboard or mouse.
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the minidump please

c:\documents and settings\Klown\Templates\5162qny2ob203v1p2ryg257h14

This was a bad boy in the old windows
  • 0

#23
klown69

klown69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
It won't attach even after I winrar it.
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you upload to Mediafire and post the sharing link.
  • 0

#25
klown69

klown69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
http://www.mediafire...2ftdinadgaqm5rd
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

C:\DOCUME~1\KLOWN~1.KEL\LOCALS~1\Temp\WER14e2.dir00\Mini071711-02.dmp

Unfortunately you sent the MBR data rather than the dump file at the above location
  • 0

#27
klown69

klown69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
This is the one I sent I thought. I don't know where else to look for it and I have back traced and cannot find the dir it is suppose to be in.
.

C:\DOCUME~1\KLOWN~1.KEL\LOCALS~1\Temp\WER14e2.dir00\Mini071711-02.dmp


Edited by klown69, 18 July 2011 - 03:56 PM.

  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you see if there is one in the C:\windows\minidump folder
  • 0

#29
klown69

klown69

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
This is everything in the C:\Windows1\minidump folder.

7-19-2011 3-24-14 PM.jpg

Edited by klown69, 19 July 2011 - 02:27 PM.

  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you zip the three newest and attach them please
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP