Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

arbitrary shut down/core dumps [Solved]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

That Malwarebytes report only covers updates.

Did it run a scan? If so please refer to post #12 for instructions on how to find the scan log paste it back here.

Next

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download Farbar Service Scanner and run.
 

  • Make sure the following options are checked:

     
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
  • Press Scan
  • A log (FSS.txt) will be created in the same directory the tool is run.
  • Copy and paste the log back here.

So when you return please post

  • MBAM log
  • Fixlog.txt
  • FSS.txt

 


  • 0

Advertisements


#17
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

oh jeeeze....malwarebytes ALMOST completes, shuts down. I restart, corrupted file error dialog box(s). Deleted program / reinstalled...almost completes, shuts down...I HATE THESE MALWARE WRITERS...!!!


Edited by polloq, 24 July 2014 - 10:05 AM.

  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Okay, let's leave that one for now.

 

Please complete the Farbar Recovery Scan fix that I posted.

 

After that

 

If you haven't already run Farbar Service Scanner, leave the FSS scan for now and instead try this:

 

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
 

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

 

So when you return please post

Fixlog.txt

ComboFix.txt


  • 0

#19
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

slooo & mundane....ive seen grass grow faster than my CP runs....lOl....getting there, i believe !!---this is reply to your post # 16, i have NOT run combofix as of yet.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/24/2014
Scan Time: 7:22:29 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.24.09
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: koosk

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296967
Time Elapsed: 32 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-07-2014 01
Ran by koosk at 2014-07-24 19:07:10 Run:2
Running from C:\Users\koosk\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {047C8A40-BDE8-47DE-B0CF-683A00074A43} - \TidyNetwork Update No Task File <==== ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S0 bgqwlcbv; System32\drivers\thsqyxql.sys [X]
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{047C8A40-BDE8-47DE-B0CF-683A00074A43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{047C8A40-BDE8-47DE-B0CF-683A00074A43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Error deleting key. The key could be protected.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
bgqwlcbv => Service deleted successfully.

==== End of Fixlog ====

 

Farbar Service Scanner Version: 21-07-2014
Ran by koosk (administrator) on 24-07-2014 at 20:34:47
Running from "C:\Users\koosk\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****


Edited by polloq, 25 July 2014 - 08:14 AM.

  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Thanks for those.

 

Look forward to the ComboFix one. :)


  • 0

#21
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

ComboFix 14-07-25.01 - koosk 07/26/2014   2:09:49.1.2 - x86
Running from: C:\Users\koosk\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 


  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Hi polloq,

 

That is not the log. Did ComboFix run?


  • 0

#23
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Combo's blue '10 minute scan' lasted hours. That text file is only Combofix.txt created in the folder. At which time I also received a pop up error box that Windows needed the operating system DVD, which I did NOT oblige. I am currently running ComboFix again...trying...
  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

 

Combo's blue '10 minute scan' lasted hours. That text file is only Combofix.txt created in the folder. At which time I also received a pop up error box that Windows needed the operating system DVD, which I did NOT oblige. I am currently running ComboFix again...trying...

 

Trying again is the best option.

 

There are infections out there that mess with permissions in an endeavour to stop removal of the malicious files. I think that might be causing ComboFix to hang. Running it again can often work.

 

We will see what happens. Be good to get it to work if we can but if not, then we will have to look at other options. Make sure you don't touch your machine while ComboFix is running. Any action while it is working can stop it or cause it to hang. :)


  • 0

#25
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I don't even MOVE the cursor, NOR look at it...
Consistantely gets well hung on the C: dos prompt window...
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Yes I think we need to move on.

 

There are application and system errors being reported in the FRST logs.

 

Let's see if we can address them and then look at other actions as necessary.

 

Firstly, have you tried a Startup Repair?

 

If not please, go to Win 7 Startup Repair for instructions on how to carry out a Startup Repair.

 

Try that and come back afterwards and tell me if there is any difference. :)


  • 0

#27
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

searching for OS disq, can not get past 'fault.exe-Apllication Error' dialog box on initial start-up....


  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

I am not a techie but that looks to me as if you might have a hardware problem.
 
Please run Chkdsk:

  • Right click on the Start > Open Windows Explorer.
  • Find the hard drive letter (usually local disk C)  for which you want to run the Chkdsk utility.
  • Right-click on the driver letter and select Properties > Tools.
  • Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
  • Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
  • Click Start.
  • Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer. Shut down your computer and then turn it back on, Chkdsk will run.
 
If you need further help go here for information on how to run Chkdsk in Windows 7
 
Come back and tell me how it went.


  • 0

#29
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Seems 'HAL' has a mind of its' own, upon reboot, chkdsk is automatically done, but not the Automatically Fix File System Error area. shall TRY to to that...

...thanks for YOUR patience...


Edited by polloq, 30 July 2014 - 09:51 AM.

  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

 

but not the Automatically Fix File System Error area. shall TRY to to that...

 

Yes I think that would be a good idea.

 

Also

 

Please use the System File Checker tool (SFC.exe) to check your system and replace files where necessary.

To do this, follow these steps:

  • To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
    sfc /scannow Please note that there is a single space between sfc and /scannow.

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

 

 

Tell me how it all goes. :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP