Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:Malware-gen trojan infection


  • Please log in to reply

#91
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
security check aborted itself

UNSUPPORTED OPERATING SYSTEM! ABORTED!
  • 0

Advertisements


#92
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Kaspersky may have eaten Junkware Removal Tool or prevented it from working. You did right click on it and Run As Admin?



Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

IF it is still locking up when you close the lid
see if you wait one minute after plugging it in if it will then go to sleep when the lid is closed and wake up when you open it. It could be that it gets caught switching between battery and AC mode.


IF you don't plug it in first does it go to sleep when you close the lid and awaken OK when you open it?

Does it go to Sleep and come out of it if you put it to sleep from the Start, Shutdown arrow, Sleep option?

You can go into Control Panel, Power Options, One of the plans should be checked. Click on its Change Plan Settings then on Change Advanced Power Settings. Find Power Buttons and Lid and click on the + in front of it. There should be an option for what happens when the lid is closed. Try changing it to something else.
  • 0

#93
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
yes, JRT i ran as admin.

sfc /scannow ran no problems. windows resource protection did not find any integrity violations.
  • 0

#94
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
vew logs

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/10/2013 6:30:03 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/10/2013 11:06:03 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\04a4745dff40.

Log: 'System' Date/Time: 05/10/2013 11:05:25 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/10/2013 11:05:25 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/10/2013 6:31:34 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/10/2013 11:06:33 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/10/2013 11:16:46 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <ONEINDEX14://{S-1-5-21-2271316084-460775634-2034437219-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 05/10/2013 11:05:21 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-2271316084-460775634-2034437219-1000:
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\trust
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\Root
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\My
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\CA
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\Disallowed
  • 0

#95
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\04a4745dff40.



This is supposed to be your fingerprint reader. Perhaps a reinstall of the fingerprint reader driver would help:
Look on the PC maker's website for the latest driver for it or if they don't have anything you can try:

http://h10025.www1.h...118737&sw_lang=


Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Run the FixIt here:
http://support.micro...b;en-US;2545227


Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <ONEINDEX14://{S-1-5-21-2271316084-460775634-2034437219-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)



a. Go to Start > Control Panel.
b. Double click on the Indexing Options.
c. Click on the Advanced button.
d. Click on on Restore Defaults.

or you can just turn it off:

http://www.howtogeek...h-in-windows-7/




Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-2271316084-460775634-2034437219-1000:
Process 2784 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000


Hopefully a newer version of Kaspersky will fix these errors. This could cause problems with Kaspersky and with shutdown so you should at least try to get a newer install.
  • 0

#96
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
for indexing, i don't have a restore defaults option, iit says troubleshooting delete & rebuild index.
would any of this cause web pages or start up to be really slow? also, can any of this contribute to the blue pscreen i gat a little while back?
i captured a snip of it in two parts

Attached Thumbnails

  • Capture1.PNG
  • Capture2.PNG

  • 0

#97
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Try: delete & rebuild index


Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
  • 0

#98
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
bsod txt file

==================================================
Dump File : 100413-22916-01.dmp
Crash Time : 10/3/2013 9:24:42 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`080b5060
Parameter 3 : fffff800`00b9c3d8
Parameter 4 : fffffa80`11340010
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+72f40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.22411 (win7sp1_ldr.130801-1934)
Processor : x64
Crash Address : ntoskrnl.exe+72f40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\100413-22916-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 985,136
Dump File Time : 10/4/2013 6:06:01 AM
==================================================

==================================================
Dump File : 093013-21933-01.dmp
Crash Time : 9/30/2013 6:37:13 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`07d31a10
Parameter 3 : fffff800`00b9c3d8
Parameter 4 : fffffa80`0f523b40
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+72f40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.22411 (win7sp1_ldr.130801-1934)
Processor : x64
Crash Address : ntoskrnl.exe+72f40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\093013-21933-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 980,472
Dump File Time : 9/30/2013 6:50:32 PM
==================================================
  • 0

#99
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
did the delete and rebuild of the index files
  • 0

#100
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Looks like this hotfix applies to your BSOD:

http://support.micro....com/kb/2459268
  • 0

Advertisements


#101
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
there were 3 of them to choose from, i chose the x64 version over the x86 or ia64
  • 0

#102
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
im not sure where to install this hotfix, drive c program files?
  • 0

#103
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I think you just have to save it somewhere and run it by right clicking and Run As Admin. If it's asking for a location it must be unpacking them first so it doesn't matter C:\ is as good as any.
  • 0

#104
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
yes, its a zip file
  • 0

#105
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Save it somewhere then right click on it and Extract All. It will create a folder of the same name in the same location and then open the folder. You should have a setup.exe or other .exe file to right click on and Run As Admin.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP