[klown69]

No it doesn't give a reason. Just" Windows recovered from a serious error". It started doing it more after I added my gmail back onto my IE home pages list. As long as I don't log into my gmail it seems to do ok. Is it possible I have something residing in my email?

[Advertisements]

Yep it appears to be that - so I will use a programme that looks there where I cannot see

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[Essexboy]

Yep it appears to be that - so I will use a programme that looks there where I cannot see

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[klown69]

ComboFix 11-07-17.03 - Klown 07/17/2011 19:25:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2810 [GMT -5:00]
Running from: c:\documents and settings\Klown.KELLY-CBA445F79\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Klown\Templates\5162qny2ob203v1p2ryg257h14
c:\documents and settings\Klown\WINDOWS
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))
.
.
2011-07-15 15:14 . 2011-07-15 15:14 -------- d-----w- C:\VideoLAN
2011-07-15 14:49 . 2011-07-15 14:49 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-07-15 13:41 . 2011-07-15 13:41 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows1\system32\win32k.sys
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows1\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows1\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows1\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows1\system32\winsrv.dll
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows1\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ------w- c:\windows1\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows1\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ------w- c:\windows1\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows1\system32\drivers\mup.sys
2011-06-22 22:16 . 2011-05-05 23:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows1\system32\drivers\aswSnx.sys [7/15/2011 8:42 AM 441176]
R1 aswSP;aswSP;c:\windows1\system32\drivers\aswSP.sys [7/15/2011 8:42 AM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows1\system32\drivers\aswFsBlk.sys [7/15/2011 8:42 AM 19544]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bartlettfirstassembly.com/
TCP: DhcpNameServer = 10.1.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-17 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-17 19:40:58
ComboFix-quarantined-files.txt 2011-07-18 00:40
.
Pre-Run: 196,365,619,200 bytes free
Post-Run: 196,808,605,696 bytes free
.
- - End Of File - - DADFC0B10FF97D30203E76CA2B680BDE

[klown69]

Ron had me run WhoCrashed and suprisingly Avast seems to be the culprit for the crashes. He has uninstalled Avast and now has MSE installed and it is running it's first scan.

Edited by klown69, 17 July 2011 - 08:03 PM.

[klown69]

Just ran the scan using MSE resulted no threats. We will see if this stops the crashes.

[klown69]

Error signature
BCCode:1000000a BCP1 : 00000000 BCP2 : 00000002 BCP3 : 00000001
BCP4 : 80522718 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

C:\DOCUME~1\KLOWN~1.KEL\LOCALS~1\Temp\WER14e2.dir00\Mini071711-02.dmp
C:\DOCUME~1\KLOWN~1.KEL\LOCALS~1\Temp\WER14e2.dir00\sysdata.xml

This is what the serious error log said.... not sure if it will help but the computer restarted on it's own after the screensaver had run for about 15 minutes. No one even touched the keyboard or mouse.

[Essexboy]

Could you attach the minidump please

c:\documents and settings\Klown\Templates\5162qny2ob203v1p2ryg257h14

This was a bad boy in the old windows

[klown69]

It won't attach even after I winrar it.

[Essexboy]

Could you upload to Mediafire and post the sharing link.

[klown69]

http://www.mediafire...2ftdinadgaqm5rd

[Essexboy]

C:\DOCUME~1\KLOWN~1.KEL\LOCALS~1\Temp\WER14e2.dir00\Mini071711-02.dmp

Unfortunately you sent the MBR data rather than the dump file at the above location

[klown69]

This is the one I sent I thought. I don't know where else to look for it and I have back traced and cannot find the dir it is suppose to be in.
.

C:\DOCUME~1\KLOWN~1.KEL\LOCALS~1\Temp\WER14e2.dir00\Mini071711-02.dmp

Edited by klown69, 18 July 2011 - 03:56 PM.

[Essexboy]

Could you see if there is one in the C:\windows\minidump folder

[klown69]

This is everything in the C:\Windows1\minidump folder.

Edited by klown69, 19 July 2011 - 02:27 PM.

[Essexboy]

Could you zip the three newest and attach them please