Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Restore window "PC Performance & Stability analysis rep


  • This topic is locked This topic is locked

#106
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
After restarting, I got this:
WindowsBlockStartupPrograms.gif

RunBlockProgram.gif

But when I check Windows Defender, MBAM is classified as permitted:
WindowsDefenderClassifiedPr.gif

And I also got this popup on the desktop after a few minutes (which I just closed):
Ad_popup.gif

Edited by maezhou, 12 November 2011 - 05:23 PM.

  • 0

Advertisements


#107
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Allow it to run by unblocking it

Any other problems ?
  • 0

#108
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I was modifying my post when you posted your reply. Please see the popup I added (some sort of Ad)

Attached Thumbnails

  • Ad_popup.gif

  • 0

#109
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Only thing is this popup still comes up every now and then:
Internet_Explorer_stopped_w.gif

and then followed by another pop-up saying "Internet Explorer is restarting"
And then IE browser will open up.
If i'm sitting in front of the machine, I just close the browser.
But one time (like just now), I was not in front of the machine, and probably the popup error came up and IE browser opened - and was left open for a couple of minutes,
Then all of a sudden, what sounds like a radio station came up on the background, with just the blank IE browser on the desktop.
Not sure if that was because of the IE or something else.

And not sure as well why, but the harddisk capacity which has an unused 53GB space before, now only has 42GB.
Is it because of the Service Pack 2 that I've tried a lot of times to install, but always failed?

Edited by maezhou, 13 November 2011 - 03:00 AM.

  • 0

#110
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#111
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
NOthing's happening if I double click on aswMBR.exe
  • 0

#112
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is a bit baffling.. Are you using a USB to add or run programmes

Delete combofix from the desktop

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#113
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
No, i'm not using any USB. Yes, the application is on the desktop.

I've deleted ComboFix and downloaded it again, saved it on the desktop and run it.

Here's the log:

ComboFix 11-11-13.03 - Owner 11/13/2011 17:18:49.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1121 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\windows\system32\shimg.dll
c:\windows\system32\spsys.log
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 02:02 . 2011-11-14 02:05 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-11-14 02:02 . 2011-11-14 02:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-14 02:02 . 2011-11-14 02:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 00:38 . 2011-11-14 00:38 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BA0FCA8-8D76-451C-836A-C0EE47807A01}\offreg.dll
2011-11-12 21:25 . 2011-11-12 21:25 -------- d-----w- c:\programdata\ErrorEND
2011-11-12 21:25 . 2011-11-12 21:25 -------- d-----w- c:\program files\ErrorEND
2011-11-12 19:32 . 2011-11-12 19:32 140760 ----a-w- c:\windows\system32\WRusr.dll
2011-11-12 19:32 . 2011-11-12 19:32 106312 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-11-12 19:28 . 2011-11-14 00:42 -------- d-----w- c:\programdata\WRData
2011-11-12 18:26 . 2011-11-12 18:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Webroot
2011-11-12 18:26 . 2011-11-12 19:32 -------- d-----w- c:\program files\Webroot
2011-11-12 18:26 . 2011-11-12 18:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Webroot
2011-11-12 18:26 . 2009-11-06 23:19 1563008 ----a-w- c:\windows\WRSetup.dll
2011-11-11 21:27 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BA0FCA8-8D76-451C-836A-C0EE47807A01}\mpengine.dll
2011-11-10 08:25 . 2011-11-10 08:25 -------- d-----w- C:\found.000
2011-11-10 01:58 . 2011-11-10 01:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\McAfee
2011-11-09 09:05 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-11-09 09:05 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-11-09 07:43 . 2011-11-09 07:43 -------- d-----w- c:\windows\system32\SPReview
2011-11-09 04:40 . 2011-11-09 04:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!
2011-11-09 04:24 . 2011-11-09 04:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2011-11-08 20:57 . 2011-11-08 20:57 -------- d-----w- c:\windows\system32\EventProviders
2011-10-23 17:13 . 2011-10-23 17:13 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\programdata\Malwarebytes
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-22 21:43 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-22 16:37 . 2011-10-22 16:37 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 02:16 . 2011-10-04 03:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-12-17 13:57 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-12 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-09-01 4669440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NVC"="c:\program files\Nortel\Nortel VPN Client\Nvc.exe" [2010-03-01 1717600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2011-11-12 605272]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2011-11-7 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOL DDI.lnk - c:\ddi\AOLICON.exe [N/A]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
VPN Client.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2528014064-590018410-3601204245-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-03 835208]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2011-11-12 605272]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2011-11-12 106312]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-09-20 204800]
S2 NvcSvcMgr;Nortel VPN Client;c:\program files\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2010-03-01 628072]
S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys [2010-03-01 68688]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [2010-03-01 40016]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 05:16]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 05:16]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 08:07]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 08:07]
.
2011-11-14 c:\windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
- c:\windows\system32\msfeedssync.exe [2011-07-28 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.sg.globalsources.com:3333
uInternet Settings,ProxyOverride = globalsources.com;www2.variety.com;*.local;<local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: d-addicts.com
Trusted Zone: d-addicts.net
Trusted Zone: globalsources.com\bugzero
Trusted Zone: globalsources.com\exchange
Trusted Zone: globalsources.com\merlion
Trusted Zone: globalsources.com\www
Trusted Zone: google.com\mail
Trusted Zone: variety.com\www
Trusted Zone: variety.com\www2
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.35.28.28,10.71.20.53
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 18:03
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-13 18:22:51
ComboFix-quarantined-files.txt 2011-11-14 02:22
ComboFix2.txt 2011-11-05 17:18
ComboFix3.txt 2011-11-04 05:19
.
Pre-Run: 45,018,853,376 bytes free
Post-Run: 45,416,165,376 bytes free
.
- - End Of File - - 0D65886D81BD2FE5BCBD32A43E2B9FE9

Edited by maezhou, 13 November 2011 - 08:26 PM.

  • 0

#114
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see you are using ErrorEND. I have been able to find out very little information on this programme and I would strongly recommend against using any registry cleaning programmes as they can cause more problems than they fix

On completion of this run could you let me know the current state of play

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#115
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I've already uninstalled ErrorEnd., I got that from this page: http://www.wiki-erro...wiki=0xC004D401
Which I mentioned on my 12 November 2011 - 02:48 PM post.

I'm getting the permission to continue alert if I double-click on tdsskiller.exe:
TDSS_program_permission.jpg

But nothing happened after clicking on Continue :yes:

I tried right-click and choose Run as administrator, still the same, nothing happened. Like I never clicked it. :)

Edited by maezhou, 14 November 2011 - 10:19 PM.

  • 0

Advertisements


#116
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run this MS Fixit and then try again please, from safe mode if need be
  • 0

#117
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I was able to run MicrosoftFixit50566 on Normal mode.

I got these screens after running MicrosoftFixit50566:
MicrosoftFixIt_Processed.gif
MicrosoftFixIt_restart.gif

I was just wondering when I clicked on it to run, I got the message to close IE browser, but I don't have IE open. :)
I just clicked on the Continue button (nor sure if it's Continue or Proceed) for MicrosoftFixit50566 to continue.

By the way, the harddisk capacity returned to normal (I posted earlier that the harddisk free space before was 53GB and reduced to 42GB).

Edited by maezhou, 15 November 2011 - 10:22 PM.

  • 0

#118
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Update on the harddisk free space:
Free space is now 42GB again :)
  • 0

#119
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now retry either aswMBR or TDSSKiller from safe mode in necessary
  • 0

#120
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Using Normal mode, I tried to run aswMBR - still the same, nothing happened.
Then I tried TDSSKill, and got the same.

I tried to run them on Safe Mode with networking, and also got the same reaction -- nothing. :)

Update:
I have been working on my laptop for a couple of hours since. And then I got 2 of this set of popup notifications:
Internet_Explorer_stopped_w.gif
Sorry, I don't have a screenshot of the other pop-up after this "Internet Explorer has stopped working" screen pop-up, but it says "Internet Explorer is restarting..."

Then I got the BSOD again after the second set of pop-up.

Edited by maezhou, 17 November 2011 - 02:58 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP