Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

9 month old Dell kernel data inpage error blue screen crash


  • Please log in to reply
56 replies to this topic

#1 Gary's Girl

Gary's Girl

  • Members
  • 343 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky
  • Local time:02:18 AM

Posted 23 April 2009 - 01:17 PM

Dell Inspiron 1721; Vista; Service Pack 1 regularly updated; AMD Athlon 64X2 Dual Core Processor, 1.9 GHz; 3 GB RAM; 250 GB HDD with 137 GB free space. Using AVG paid subscription with current updates; SuperAntiSpyware paid subscription with current updates; SpywareBlaster, also updated regularly; and Ad-Aware Plus, also updated. SuperAntiSpyware found a trojan last week (Trojan.Dropper/Gen), but said it fixed it.

It has been fine until yesterday - except that the playback on sound and video that are on the HDD or online have been hanging up for some reason that I haven't figured out; and there's a notice popping up every day or so that the network controller has stopped working, but Windows can't fix it - - but then it always starts up again right away. I think I may need a new driver, but haven't been able to find one for it.

It has seemed a bit slower the past couple of days, but that's the only other sign of trouble before the crash. The only thing different is that I installed iTunes and Quicktime day before yesterday and then uninstalled iTunes last night. Nothing else has changed recently.

Yesterday, as music was playing, the computer hung up and began beeping loudly with the music skipping sort of like a bad CD would - - but the music was on the HDD not a CD. Then the blue screen - - and that hung up - - and I had to turn off the unit manually. It was a kernel data inpage error, whatever that means. Since then, the machine seems a bit off it's usual efficiency. Browser screens 'tremble' occasionally, that's weird. And some functions sometimes are slower than usual.

The only other concern I have is that I tried out a streaming movie site. The site didn't work well and I have to wonder about it. It claimed to have free movies to view legally. Not having used movies sites before and therefore not being savvy about them, I think now it was probably naive to think you could get something for free without a hitch.

Any suggestions or advice? The computer is still under warranty, but just thought to check if it might be something simple I could fix before calling Dell and shipping it off.

Thanks!

SDW

Edited by HomesickInTexas, 23 April 2009 - 01:27 PM.


BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:03:18 AM

Posted 23 April 2009 - 09:03 PM

We can take a look with malwarebytes.

Hi and welcome to BleepingComputer :thumbsup:

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
If teatimer was already off proced with this next
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 Gary's Girl

Gary's Girl
  • Topic Starter

  • Members
  • 343 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky
  • Local time:02:18 AM

Posted 24 April 2009 - 12:59 AM

Greetings! Thank you so much for your help! The scan completed and found nothing. Here is the log:

Malwarebytes' Anti-Malware 1.36
Database version: 2035
Windows 6.0.6001 Service Pack 1

4/24/2009 12:54:45 AM
mbam-log-2009-04-24 (00-54-45).txt

Scan type: Quick Scan
Objects scanned: 68798
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Today, the computer hung up again while watching a video on ABC.com and another time while listening to music that is on the HDD. Both times it sounded like a CD that was hung up. Both times I stopped the playback immediately and the computer didn't crash to the blue screen either time. However, it's still acting suspiciously. But no infections found, that's good, right?

Thanks again,
SDW

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:18 AM

Posted 24 April 2009 - 01:03 AM

Please download and run Processexplorer


http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply
Chewy

No. Try not. Do... or do not. There is no try.

#5 Gary's Girl

Gary's Girl
  • Topic Starter

  • Members
  • 343 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky
  • Local time:02:18 AM

Posted 24 April 2009 - 01:13 AM

Hello, DaChew - - hope I did this right. Here's the log, and thank you for your assistance.

Process PID CPU Description Company Name
System Idle Process 0 96.34
Interrupts n/a 0.77 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 500 Windows Session Manager Microsoft Corporation
csrss.exe 580 Client Server Runtime Process Microsoft Corporation
wininit.exe 636 Windows Start-Up Application Microsoft Corporation
services.exe 768 0.77 Services and Controller app Microsoft Corporation
svchost.exe 944 Host Process for Windows Services Microsoft Corporation
WmiPrvSE.exe 3720 WMI Provider Host Microsoft Corporation
unsecapp.exe 5132 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
svchost.exe 1008 Host Process for Windows Services Microsoft Corporation
svchost.exe 1064 Host Process for Windows Services Microsoft Corporation
Ati2evxx.exe 1140 ATI External Event Utility EXE Module ATI Technologies Inc.
Ati2evxx.exe 1584 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1168 Host Process for Windows Services Microsoft Corporation
audiodg.exe 1320 Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 1240 Host Process for Windows Services Microsoft Corporation
wlanext.exe 1784 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
dwm.exe 784 0.77 Desktop Window Manager Microsoft Corporation
svchost.exe 1252 Host Process for Windows Services Microsoft Corporation
taskeng.exe 1108 Task Scheduler Engine Microsoft Corporation
GoogleUpdate.exe 2112 Google Installer Google Inc.
taskeng.exe 2120 Task Scheduler Engine Microsoft Corporation
SLsvc.exe 1356 Microsoft Software Licensing Service Microsoft Corporation
svchost.exe 1396 Host Process for Windows Services Microsoft Corporation
svchost.exe 1560 Host Process for Windows Services Microsoft Corporation
WLTRYSVC.EXE 1760
BCMWLTRY.EXE 1776 Dell Wireless WLAN Card Wireless Network Controller Dell Inc.
spoolsv.exe 536 Spooler SubSystem App Microsoft Corporation
svchost.exe 852 Host Process for Windows Services Microsoft Corporation
AEstSrv.exe 2084 Andrea filters APO access service (32-bit) Andrea Electronics Corporation
AppleMobileDeviceService.exe 2152 Apple Mobile Device Service Apple Inc.
Wrapper.exe 2200
java.exe 2528 Java™ Platform SE binary Sun Microsystems, Inc.
avgwdsvc.exe 2240 AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgrsx.exe 2596 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
avgnsx.exe 2624 AVG Network scanner Service AVG Technologies CZ, s.r.o.
svchost.exe 2324 Host Process for Windows Services Microsoft Corporation
McciCMService.exe 2416 mcci+McciCMService Motive Communications, Inc.
mdm.exe 2520 Machine Debug Manager Microsoft Corporation
svchost.exe 3724 Host Process for Windows Services Microsoft Corporation
stacsv.exe 3780 STacSV Module IDT, Inc.
svchost.exe 3816 Host Process for Windows Services Microsoft Corporation
svchost.exe 3856 Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 3912 Microsoft Windows Search Indexer Microsoft Corporation
SearchProtocolHost.exe 304 Microsoft Windows Search Protocol Host Microsoft Corporation
SearchFilterHost.exe 5524 Microsoft Windows Search Filter Host Microsoft Corporation
WXRSS.exe 4020 Wavexpress TVTonic Core Service Wavexpress, Inc.
XAudio.exe 4052 Modem Audio Service Conexant Systems, Inc.
avgemc.exe 4064 AVG E-Mail Scanner AVG Technologies CZ, s.r.o.
avgcsrvx.exe 2696 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
ehsched.exe 4588 Windows Media Center Scheduler Service Microsoft Corporation
ehrecvr.exe 4748 Windows Media Center Receiver Service Microsoft Corporation
wmpnetwk.exe 5204 Windows Media Player Network Sharing Service Microsoft Corporation
AAWService.exe 1032 Ad-Aware Service Application Lavasoft
AAWTray.exe 6064 Ad-Aware Tray Application Lavasoft
sprtsvc.exe 300 SupportSoft Agent Service SupportSoft, Inc.
lsass.exe 780 Local Security Authority Process Microsoft Corporation
lsm.exe 796 Local Session Manager Service Microsoft Corporation
csrss.exe 648 Client Server Runtime Process Microsoft Corporation
winlogon.exe 700 Windows Logon Application Microsoft Corporation
explorer.exe 1376 Windows Explorer Microsoft Corporation
Apoint.exe 2932 0.77 Alps Pointing-device Driver Alps Electric Co., Ltd.
ApMsgFwd.exe 3496 ApMsgFwd Alps Electric Co., Ltd.
hidfind.exe 3640 Alps Pointing-device Driver Alps Electric Co., Ltd.
WLTRAY.EXE 2944 Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc.
sttray.exe 2952 Sigmatel Audio system tray application IDT, Inc.
avgtray.exe 2964 AVG Tray Monitor AVG Technologies CZ, s.r.o.
EMBARQHelpHelper.exe 3012 mcci+McciTrayApp Motive Communications, Inc.
chrome.exe 4988 Google Chrome Google Inc.
chrome.exe 2996 Google Chrome Google Inc.
chrome.exe 5724 Google Chrome Google Inc.
chrome.exe 4904 Google Chrome Google Inc.
TextTwist.exe 5112 TextTwist Game GameHouse, Inc.
ntvdm.exe 4624 NTVDM.EXE Microsoft Corporation
procexp.exe 4648 0.77 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
ApntEx.exe 3600 Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
wmpnscfg.exe 5220 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
sprtcmd.exe 492 SupportSoft, Inc.
notepad.exe 172 Notepad Microsoft Corporation

SDW

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:18 AM

Posted 24 April 2009 - 01:23 AM

Reboot, and capture a new log before connecting to the internet or opening any other program
Chewy

No. Try not. Do... or do not. There is no try.

#7 Gary's Girl

Gary's Girl
  • Topic Starter

  • Members
  • 343 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky
  • Local time:02:18 AM

Posted 24 April 2009 - 01:44 AM

Here's the new log:

Process PID CPU Description Company Name
System Idle Process 0 50.00
Interrupts n/a 0.77 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 444 Windows Session Manager Microsoft Corporation
csrss.exe 580 Client Server Runtime Process Microsoft Corporation
wininit.exe 636 Windows Start-Up Application Microsoft Corporation
services.exe 772 Services and Controller app Microsoft Corporation
svchost.exe 952 Host Process for Windows Services Microsoft Corporation
unsecapp.exe 3696 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
WmiPrvSE.exe 3600 WMI Provider Host Microsoft Corporation
svchost.exe 1008 Host Process for Windows Services Microsoft Corporation
svchost.exe 1052 49.23 Host Process for Windows Services Microsoft Corporation
Ati2evxx.exe 1144 ATI External Event Utility EXE Module ATI Technologies Inc.
Ati2evxx.exe 1572 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1216 Host Process for Windows Services Microsoft Corporation
audiodg.exe 1344 Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 1252 Host Process for Windows Services Microsoft Corporation
wlanext.exe 1820 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
dwm.exe 1480 Desktop Window Manager Microsoft Corporation
svchost.exe 1268 Host Process for Windows Services Microsoft Corporation
taskeng.exe 568 Task Scheduler Engine Microsoft Corporation
GoogleUpdate.exe 2164 Google Installer Google Inc.
taskeng.exe 2148 Task Scheduler Engine Microsoft Corporation
SLsvc.exe 1384 Microsoft Software Licensing Service Microsoft Corporation
svchost.exe 1432 Host Process for Windows Services Microsoft Corporation
svchost.exe 1592 Host Process for Windows Services Microsoft Corporation
WLTRYSVC.EXE 1752
BCMWLTRY.EXE 1776 Dell Wireless WLAN Card Wireless Network Controller Dell Inc.
AAWService.exe 1800 Ad-Aware Service Application Lavasoft
spoolsv.exe 288 Spooler SubSystem App Microsoft Corporation
svchost.exe 456 Host Process for Windows Services Microsoft Corporation
AEstSrv.exe 2876 Andrea filters APO access service (32-bit) Andrea Electronics Corporation
AppleMobileDeviceService.exe 2912 Apple Mobile Device Service Apple Inc.
Wrapper.exe 2940
java.exe 3196 Java™ Platform SE binary Sun Microsystems, Inc.
avgwdsvc.exe 2972 AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgrsx.exe 3412 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
avgnsx.exe 3420 AVG Network scanner Service AVG Technologies CZ, s.r.o.
svchost.exe 3000 Host Process for Windows Services Microsoft Corporation
McciCMService.exe 3164 mcci+McciCMService Motive Communications, Inc.
mdm.exe 3296 Machine Debug Manager Microsoft Corporation
svchost.exe 3896 Host Process for Windows Services Microsoft Corporation
sprtsvc.exe 3964 SupportSoft Agent Service SupportSoft, Inc.
stacsv.exe 3996 STacSV Module IDT, Inc.
svchost.exe 4068 Host Process for Windows Services Microsoft Corporation
svchost.exe 2064 Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 284 Microsoft Windows Search Indexer Microsoft Corporation
SearchProtocolHost.exe 5992 Microsoft Windows Search Protocol Host Microsoft Corporation
SearchFilterHost.exe 6004 Microsoft Windows Search Filter Host Microsoft Corporation
WXRSS.exe 1164 Wavexpress TVTonic Core Service Wavexpress, Inc.
XAudio.exe 1208 Modem Audio Service Conexant Systems, Inc.
avgemc.exe 2188 AVG E-Mail Scanner AVG Technologies CZ, s.r.o.
avgcsrvx.exe 2864 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
ehsched.exe 5252 Windows Media Center Scheduler Service Microsoft Corporation
ehrecvr.exe 5324 Windows Media Center Receiver Service Microsoft Corporation
lsass.exe 784 Local Security Authority Process Microsoft Corporation
lsm.exe 792 Local Session Manager Service Microsoft Corporation
csrss.exe 648 Client Server Runtime Process Microsoft Corporation
winlogon.exe 700 Windows Logon Application Microsoft Corporation
explorer.exe 1692 Windows Explorer Microsoft Corporation
Apoint.exe 2448 Alps Pointing-device Driver Alps Electric Co., Ltd.
ApMsgFwd.exe 2636 ApMsgFwd Alps Electric Co., Ltd.
hidfind.exe 2772 Alps Pointing-device Driver Alps Electric Co., Ltd.
WLTRAY.EXE 2456 Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc.
sttray.exe 2464 Sigmatel Audio system tray application IDT, Inc.
avgtray.exe 2528 AVG Tray Monitor AVG Technologies CZ, s.r.o.
EMBARQHelpHelper.exe 2540 mcci+McciTrayApp Motive Communications, Inc.
AAWTray.exe 2552 Ad-Aware Tray Application Lavasoft
sprtcmd.exe 2652 SupportSoft, Inc.
procexp.exe 5832 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
ApntEx.exe 2792 Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.

Thanks again!

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:18 AM

Posted 24 April 2009 - 01:54 AM

http://www.pcpitstop.com/pcpitstop/default.asp

take this test and when done copy the link in the location bar back here in a reply
Chewy

No. Try not. Do... or do not. There is no try.

#9 Gary's Girl

Gary's Girl
  • Topic Starter

  • Members
  • 343 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky
  • Local time:02:18 AM

Posted 24 April 2009 - 02:08 AM

http://www.pcpitstop.com/betapit/sec.asp?conid=22038755

Is that what you needed?

Chewy - - I'm going to sleep, but will check back for further instructions tomorrow. Thanks again for your help. Have a great night!

SDW

Edited by HomesickInTexas, 24 April 2009 - 02:17 AM.


#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:18 AM

Posted 24 April 2009 - 02:49 AM

This system had a CPU load of 71% during testing. This usually indicates that one or more programs were running that may have interfered with test measurements and may be causing slow performance.


Let's keep looking for malware but your list of installed programs and running processes needs a lot of work

the wrapper.exe?
Chewy

No. Try not. Do... or do not. There is no try.

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:18 AM

Posted 24 April 2009 - 03:12 AM

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

post that older SAS log that showed the trojan
Chewy

No. Try not. Do... or do not. There is no try.

#12 Gary's Girl

Gary's Girl
  • Topic Starter

  • Members
  • 343 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky
  • Local time:02:18 AM

Posted 24 April 2009 - 05:02 PM

Chewy - good afternoon. Our DSL has been down all day, so I'm just getting back to you. Embarq is SO unstable here. Anyway, I hope you're still available to help me out and I really appreciate all you've done so far!

Hopefully, this is OK - - I used my copy of SuperAnti-Spyware to start the scan, which is running now in safe mode (started the scan after downloading and running ATF). If you need me to download another free copy instead, I will do that. It usually takes a couple of hours to run when not in safe mode, so it will probably take some time for the scan to run. As soon as it finishes, I will post the logs.

Will you also be able to help with the 'lot of work' you said that other stuff needs? I'm not very technical at all. Did try to download the drivers PitStop says it needs, but can't get them to install (downloaded from Dell's wesite). Most of that other stuff, I'll need help with because I'm just not sure what to do about most of it.

I have the windows defrag set to run weekly, yet PitStop said it was badly fragmented. Do you want me to defrag it?

Googled 'wrapper.exe' and it seems it works with a lot of programs, including Java, which is the only program I have that was in the list I looked at on http://www.neuber.com/taskmanager/process/wrapper.exe.html.

Is it possible for you to let me know what might be a good time to find you in the forum so we can work back and forth in real time? Hopefully, our internet connection will stay up for the night. Will post the logs and await further instructions.

Can't thank you enough!
SDW

Edited by HomesickInTexas, 24 April 2009 - 05:08 PM.


#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:18 AM

Posted 24 April 2009 - 05:15 PM

Try to get that SAS log

Wait on any drivers till I tell you they are needed

Do you use the bluetooth? That seemed to be the big problem

Do disk cleanup after removing any frivulous programs, especially any weird players or codec packages

We will need to defrag but let's clean up processes and programs first
Chewy

No. Try not. Do... or do not. There is no try.

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:18 AM

Posted 24 April 2009 - 05:19 PM

http://www.bleepingcomputer.com/startups/w....exe-15850.html

where wrapper is located and what calls it up to run are the key issues

if you look at properties of the file in process explorer
Chewy

No. Try not. Do... or do not. There is no try.

#15 Gary's Girl

Gary's Girl
  • Topic Starter

  • Members
  • 343 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky
  • Local time:02:18 AM

Posted 24 April 2009 - 06:19 PM

Hello, Chewy. The scan didn't find anything; here is the first log - the one just completed:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/24/2009 at 05:59 PM

Application Version : 4.26.1000

Core Rules Database Version : 3859
Trace Rules Database Version: 1811

Scan type : Complete Scan
Total Scan Time : 01:16:18

Memory items scanned : 290
Memory threats detected : 0
Registry items scanned : 6355
Registry threats detected : 0
File items scanned : 138449
File threats detected : 0


Here's the other one:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/14/2009 at 01:42 AM

Application Version : 4.26.1000

Core Rules Database Version : 3842
Trace Rules Database Version: 1797

Scan type : Complete Scan
Total Scan Time : 02:13:21

Memory items scanned : 726
Memory threats detected : 0
Registry items scanned : 6269
Registry threats detected : 0
File items scanned : 29683
File threats detected : 4

Adware.Tracking Cookie
C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Cookies\sharon@revsci[1].txt
C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Cookies\sharon@tracking.foxnews[1].txt

Trojan.Dropper/Gen
C:\USERS\SHARON\APPDATA\LOCAL\TEMP\MIA3977.TMP\DATA\MICROSOFT VISUAL C++ RUNTIME 9.0 (INCLUDES ATL AND MFC) SERVICE PACK 1\915FF0F9\CD46533A\AAWDRIVERTOOL.EXE
C:\USERS\SHARON\APPDATA\LOCAL\TEMP\MIA8D8F.TMP\DATA\MICROSOFT VISUAL C++ RUNTIME 9.0 (INCLUDES ATL AND MFC) SERVICE PACK 1\915FF0F9\CD46533A\AAWDRIVERTOOL.EXE

I use the bluetooth occasionally, but not all the time. Does it need to be turned off? How?

In process explorer, the wrapper.exe has a PID number of 2688. There is no other info there. The description and company name are both blank.

I'll run disk cleaner, but I'm not sure what you want me to uninstall first. Can you elaborate for me? I'm looking at the list of installed programs in Control Panel, and I'm just not sure what can go:
Maybe DivX Web Player? Do I need that? I don't know if it came with the computer or not.
Apple Mobile Device Support? Don't know what that is.
I use CCleaner all the time.
DAO 3.5 - don't know what it does;
Pitstop said to uninstall Jasc Paint Shop, so I will, though I will miss it as I do alot of DTP;
I use Quicktime sometimes, does it need to go?
I use Skype to communicate with our oversees missionaries, is it OK to keep it?
Adobe Flash - use it sometimes;
Advanced audio FX engine - don't know what it is as there's no company listed with it;
Use the Amazon downloader all the time as I'm a worship leader at our church and often purchase music on Amazon;
Other than the programs I use to work with and a couple of small games, I think the rest are system programs. Can you advise?

OK, am gonna unistall Jasc and wait for further instructions.

Thanks once again, you are very much appreciated on this side,
SDW

P.S. Have uninstalled Jasc and DivX and the patch that was supposed to make Jasc compatible with Vista, but PitStop said it didn't work rigth; also uninstalled a couple of other little programs I didn't use much. Here's the wrapper thing: File Path: C:\Programs\ATI\WebPAM\jetty\extra\win32\wrapper.exe - - I went into Windows Defender Startup window and took it out of the startup - - I know for sure it hasn't always been there, as I try to keep unnecessary things out of my startup. Found this: "If a "non-Microsoft" .exe file is located in the C:\Windows or C:\Windows\System32 folder, then there is a high risk for a virus, spyware, trojan or worm infection!" on http://www.neuber.com/taskmanager/process/wrapper.exe.html.

Also, went ahead and ran disk cleanup and it cleared 177 KB.

Edited by HomesickInTexas, 24 April 2009 - 07:29 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users