Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect, jemacpv redirect, random BSOD [Solved]


  • This topic is locked This topic is locked

#61
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
And still the same errors ?

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab select advanced mode and click start
Posted Image

Select the items in the red surround (remove the ticks from the rest ) and tick restart system when finished

  • 0

Advertisements


#62
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
The Firewall is now on!!

However, Windows still doesn't recognize that AVG is on.

I am now looking at Windows Update. It says "Most recent check for updates: Never". I told it to check for updates, and told me about only one, IE8 -- though there had been two updates waiting in the queue from Friday.

Anyway, it *crosses fingers* looks good.

What next? Champagne, or defragging, or something else?
  • 0

#63
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Phew I had nearly exhausted my armoury there :beer:

OK lets clear the rubbish away, there is a fix for when security centre does not recognise the AV - I just need to find it amongst my plethora of fixes :lol: I will post it once I find it

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#64
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
And continuing on.. This is a known problem with AVG so lets try to fix it

Open an elevated command prompt by doing the following :

Go Start > All Programs > Accessories
Right click command prompt and select Run as Administrator
In the black box that opens type or copy/paste the following command :

winmgmt /salvagerepository

If the command was successful, you should see the message WMI repository has been salvaged. Restart Windows and see if the Security Center issue is resolved.

If you receive the error "WMI repository salvage failed" when running the above command, running the command the second time might help.
  • 0

#65
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thank you very much for everything! You should be seeing a token of my gratitude in your PayPal account. I despair at the thought of what I would have done without you.

Is there any way of tracing where I got the infection? I do not use the usual P2P sites, but I do occasionally get files via MegaUpload. Is it likely that the virus came from there? AVG was already scanning everything I DLed, of course, and was monitoring my websurfing. Should I ditch AVG for Avast?
  • 0

#66
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Is there any way of tracing where I got the infection

It probably came via an infected web page, as obfuscated js script. There is an example of one below


AVG was already scanning everything I DLed, of course, and was monitoring my websurfing. Should I ditch AVG for Avast?

Now we get into personal opinion here :lol: which can be many and varied

Avast has a nifty little shield called webshield. What this does is scan the internet pages as they are downloaded and detects these js malformations, as soon as it detects one it closes that connection immediately
There are again some examples here and here

Personally I use it, if you decide to change then let me know and I will walk you through it

Thank you for the donation, it is greatly appreciated :wub:
  • 0

#67
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Well, I *do* want to change my antivirus program to Avast. What do I do?
  • 0

#68
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK here we go

First download Avast to the desktop - Direct link
Then download the AVG uninstaller to the desktop
Disconnect from the internet
Remove AVG via Programs and Features
Reboot
Run the AVG uninstaller


Run the Avast set up file - a reboot may be required
Accept the default settings
When it starts properly it will ask you to register.. This is so that they can calculate how many servers are required for updating
Select the free option and fill in the small form

Now to remove the two annoyances
Click the orange blob and the main GUI will open
Select settings



Go to the community tab and deselect the two community features

Now to set Autosandbox to ask.
This is an option where Avast will ask you whether to run a programme sandboxed (i.e. Virtual) or normally
From the GUI select > Additional Protection > Autosandbox
Then select Settings
Then set the drop down box to ask
OK out of this


Now just forget it, it will auto update every two hours without any requirement for action on your part
Also Avast will speak to you :lol:
When an update has been done, when malware is detected etc..

Additional options not set by default are right click scan and screensaver scan
On the settings page select Basic
Tick show special scans
This will enable both


Then from windows set Avast as your screensaver

Things to note :

On installation it will offer a boot scan. This is where it will scan before windows loads:
Not really necessary unless you want to try it out

How often do you do a full scan:
Personally I do one a month if I remember, otherwise I just leave it to the shields and the screen saver


Any further questions then just shout
  • 0

#69
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Meanwhile, [bleep], I just came back to the puter after being away for several hours and there was a BSOD while I was gone. The thing is, I normally go weeks or months without a bluescreen -- except during this infestation, when I was getting them every few hours.

The details:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.256.6
Locale ID: 1033

Additional information about the problem:
BCCode: a0
BCP1: 00000009
BCP2: C0000001
BCP3: 00000001
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\Mini011712-01.dmp
C:\Users\Mary Ellen\AppData\Local\Temp\WER-14471744-0.sysdata.xml
C:\Users\Mary Ellen\AppData\Local\Temp\WER67CB.tmp.version.txt

Distressingly, the two AppData files are not to be seen (I have the system to set to reveal all Hidden files, of course). This was something that also happened during the infestation.

I've got the Minidump, but can't figure out how to read it. I installed the Debugging Tools, but can't seem to get the right Symbols, and the instructions would actually be more useful if they were in Ancient Greek (which my offspring can read). I am attaching the Minidump for your edification. No I'm not, it says I don't have permission.

How do I find out if I've still got a bugger in there? I'm afraid to install/uninstall anything until I know.
  • 0

#70
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you zip the minidump - which will allow the upload and I will then check it out
  • 0

Advertisements


#71
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here you go.

Attached Files


  • 0

#72
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

On Tue 1/17/2012 12:40:45 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini011712-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xCDB3F)
Bugcheck code: 0xA0 (0x9, 0xFFFFFFFFC0000001, 0x1, 0x0)
Error: INTERNAL_POWER_ERROR
Bug check description: This bug check indicates that the power policy manager experienced a fatal error.
This problem might be caused by a thermal issue.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


This is the plain English decode - so lets check the temps on your system

Download Speedfan (The download link is to the right), and install it. Once it's installed, run the program and post here the information it shows.
The information I want you to post is the stuff that is circled in the example picture I have attached.
To make sure we are getting all the correct information it would help us if you were to attach a screenshot like the one below of your Speedfan results.

To do a screenshot please have click on your Print Screen on your keyboard.
  • It is normally the key above your number pad between the F12 key and the Scroll Lock key
  • Now go to Start and then to All Programs
  • Scroll to Accessories and then click on Paint
  • In the Empty White Area click and hold the CTRL key and then click the V
  • Go to the File option at the top and click on Save as
  • Save as file type JPEG and save it to your Desktop
  • Attach it to your next reply

Posted Image
  • 0

#73
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here you are. I actually used the Snipping Tool instead of screencap, it's very handy for this sort of thing.

Attached Thumbnails

  • speedfan.JPG

  • 0

#74
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I use the snipping tool all the tool, I find it the easiest way

OK your Graphics card is showing a high temperature

Is it a laptop or desktop ?

And does it get warm, with the fans being on for a protracted period ?
  • 0

#75
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Desktop. <i>And does it get warm, with the fans being on for a protracted period ?</i>

Not that I've noticed. Only part of the case is currently very slightlywarm to the touch, and I don't think I hear a fan at the moment
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP