Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly Infected - Slow Computer


  • Please log in to reply
10 replies to this topic

#1 yass

yass

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 28 September 2010 - 12:44 AM

Hi there. I have Windows Vista and the computer has been running very slow (esepcially at start it - about 5 mintes), it takes and often I get the "Window Explorer has suddenly stopped working". Then after that it can either return to normal and other times it restarts and other times it shuts down. Also the Windows Update is not happening succesfully. It throws error code 643 and 646. Today after running MBAM and Super antispyware it only got 1 update of 14. I have attached a picture.

I have also attached the logs of my MBAM quick scan and the Super antispyware full scan. Please help.
Thanks very much.

Windows update problem:
http://img814.imageshack.us/img814/4314/wi...dateproblem.jpg

MBAM quick Scan logs:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4707

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/27/2010 9:41:02 PM
mbam-log-2010-09-27 (21-41-02).txt

Scan type: Quick scan
Objects scanned: 139616
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 30
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 15
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Application (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FullBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Temp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\PerfectOptimizer.ini (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\report.html (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.

Super anitspyware logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/27/2010 at 10:07 PM

Application Version : 4.43.1000

Core Rules Database Version : 5592
Trace Rules Database Version: 3404

Scan type	   : Quick Scan
Total Scan Time : 00:16:29

Memory items scanned	  : 739
Memory threats detected   : 0
Registry items scanned	: 2416
Registry threats detected : 7
File items scanned		: 12464
File threats detected	 : 59

Adware.Tracking Cookie
	C:\Users\Al Hardan\AppData\Roaming\Microsoft\Windows\Cookies\al_hardan@adbrite[2].txt
	C:\Users\Al Hardan\AppData\Roaming\Microsoft\Windows\Cookies\al_hardan@zedo[2].txt
	C:\Users\Al Hardan\AppData\Roaming\Microsoft\Windows\Cookies\al_hardan@adecn[4].txt
	C:\Users\Al Hardan\AppData\Roaming\Microsoft\Windows\Cookies\al_hardan@zedo[1].txt
	C:\Users\Al Hardan\AppData\Roaming\Microsoft\Windows\Cookies\al_hardan@doubleclick[1].txt
	C:\Users\Al Hardan\AppData\Roaming\Microsoft\Windows\Cookies\al_hardan@invitemedia[1].txt
	C:\Users\Al Hardan\AppData\Roaming\Microsoft\Windows\Cookies\al_hardan@atdmt[1].txt
	C:\Users\Al Hardan\AppData\Roaming\Microsoft\Windows\Cookies\al_hardan@ad.wsod[2].txt
	C:\Users\Al Hardan\AppData\Roaming\Microsoft\Windows\Cookies\al_hardan@atdmt[2].txt
	C:\Users\Al Hardan\AppData\Roaming\Microsoft\Windows\Cookies\al_hardan@adecn[2].txt
	2mdn.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	a.ads2.msads.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	adimages.scrippsnetworks.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	ads2.msads.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	b.ads2.msads.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	bannerfarm.ace.advertising.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	broadcast.piximedia.fr [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	cache.specificmedia.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	cdn.euroclick.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	cdn.eyewonder.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	cdn1.eyewonder.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	cdn4.specificclick.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	content.oddcast.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	core.insightexpressai.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	googleads.g.doubleclick.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	hs.interpolls.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	ia.media-imdb.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	interclick.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	m1.2mdn.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	m1.au.2mdn.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media-att.pictela.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media-macys2.pictela.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media.away.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media.monster.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media.mtvnservices.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media.nbclosangeles.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media.nbcnewyork.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media.nbcwashington.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media.resulthost.org [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media.scanscout.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media.tattomedia.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media.y3.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media1.break.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	media10.washingtonpost.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	mediaforgews.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	msnbcmedia.msn.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	objects.tremormedia.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	oddcast.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	parksandresorts2.wdpromedia.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	richmedia247.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	s0.2mdn.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	secure-us.imrworldwide.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	serving-sys.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	spe.atdmt.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	speed.pointroll.com [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	static.2mdn.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	udn.specificclick.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]
	yieldmanager.edgesuite.net [ C:\Users\Al Hardan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXSVMR4R ]

Adware.MyWebSearch/FunWebProducts
	HKU\S-1-5-21-60227912-1593780548-3356452365-1000\SOFTWARE\FunWebProducts
	HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
	HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
	HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
	HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
	HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
	HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32

Adware.MyWebSearch
	C:\USERS\AL HARDAN\APPDATA\LOCALLOW\MYWEBSEARCH\BAR\SETUPS\MWSAUTSP.EXE

Edited by hamluis, 28 September 2010 - 12:23 PM.
Removed blank lines ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 28 September 2010 - 04:02 PM

Thanks hamluis for removing the blank space sorry about that.

Sorry but I made a mistake in the topic title. The computer is not slow but the startup is slow.

I have an update:
Overnight while i was running the MBAM full scan the computer automatically shut down. Then when I restarted and logged in it gave me a message "Windows has recovered from an unexpected shutdown". This is what happens before but I was able to click solutions this time and it gave a report:
Problem signature:
  Problem Event Name:	BlueScreen
  OS Version:	6.0.6002.2.2.0.768.3
  Locale ID:	1033

Additional information about the problem:
  BCCode:	1a
  BCP1:	00004000
  BCP2:	88C809D8
  BCP3:	008E0000
  BCP4:	00227949
  OS Version:	6_0_6002
  Service Pack:	2_0
  Product:	768_1

Files that help describe the problem:
  C:\Windows\Minidump\Mini092810-04.dmp
  C:\Users\Al Hardan\AppData\Local\Temp\WER-4498881-0.sysdata.xml
  C:\Users\Al Hardan\AppData\Local\Temp\WERE408.tmp.version.txt

Read our privacy statement:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

I had disconnected from the internet before i ran the full mbam scan overnight but when I checked logs and at 3:21am windows updates were made.


Edit:
Microsoft got back and helped fix our install updates problem. The steps they sent were:

Step 1: Modify a Registry Key
=======================

1. Access the link http://go.microsoft.com/?linkid=9737449
2. Click "Fix this problem" and click "Run" in the "File Download" dialog box.
3. Follow the steps in this wizard.

Now try Update to see if the issue has been resolved. Please let us know if this step has resolved it. If not, please proceed to the next step.

Step 2: Turn off UAC
=================

1. Click Start. Type MSCONFIG in the Start Search bar and press Enter.
Note: If UAC window prompts for permission to continue, please click Continue.

2. Click Tools.
3. Highlight Disable UAC, click Launch.
4. Restart the computer and test the issue again.
Note: If you turn on UAC, please launch Enable UAC
After rebooting the system without UAC, please try to perform update again.

If the steps do not work, let's refer to the following steps to manually download and install the updates.

After this all the updates went through.


Here are the results of the full MBAM scan:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4707

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/29/2010 5:26:57 AM
mbam-log-2010-09-29 (05-26-57).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 311505
Time elapsed: 1 hour(s), 32 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Only 1 file was affected and it was removed but my computer is still slow to startup. :thumbsup:

Edited by yass, 29 September 2010 - 04:00 PM.


#3 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 05 October 2010 - 02:01 AM

Hi there staff. I know everyone is busy but is it ok if I use this post to bump this topic? I'm afraid of my topic being forgotten about if it falls off the topic page. Can you please inform me what to do in future situations like this (where my topic is not getting attn for a weeks time+), should i just leave it unbumped or should i do a weekly bump?

Edited by yass, 05 October 2010 - 02:02 AM.


#4 JacobHall

JacobHall

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 09 October 2010 - 03:14 PM

If you bump your thread, it automatically pushes it to the bottom of the pile, as advisors will think you are being helped by someone

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:55 AM

Posted 09 October 2010 - 04:30 PM

If you bump your thread, it automatically pushes it to the bottom of the pile, as advisors will think you are being helped by someone

That is the case in the Virus, Trojan, Spyware, and Malware Removal Logs forum.

For the Minidump involving sysdata.xml, please see Examining Errors (the information pertains to Windows XP but its useful for explaining the issue in newer operating systems).

Error Message: "The system has recovered from a serious error.
C:\Windows\Minidump020404-01.dmp
C:\Docume~1\Darle~1\Locals~1\Temp\Wer5E.tmp.diroo\sysdata.xml"

This error message reveals a problem with a memory dump (an inventory of the contents of computer memory; sometimes referred to as a minidump). It seems the OS created a memory dump file but forgot about it, so it's attempting to create the file again. The resulting conflict leads to a serious error and the sudden system meltdown.

The minidump error is sometimes associated with an outdated video driver...so one potential solution is to download a driver update for the video card...


Applications can produce user-mode minidump files, which contain a useful subset of the information contained in a crash dump file. Applications can create minidump files very quickly and efficiently. Because minidump files are small, they can be easily sent over the internet to technical support for the application.

A minidump file does not contain as much information as a full crash dump file, but it contains enough information to perform basic debugging operations.

About Minidump Files

Troubleshooting for these kinds of issues can be arduous and time consuming. There are no shortcuts.You can also try BlueScreenView which enables you to investigate the cause of a system crash by analyzing the content of the Minidump files that are created during each crash.

If your computer/browser seems to be slow, please refer to Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness and poor performance besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, too many browser Add-ons/toolbars, failure to clear browser cache, not enough RAM, dirty hardware components, etc. As you use your system it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential. Incompatible browser extensions and add-ons can impact system performance and cause compatibility issues such as application hangs (freezing).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 11 October 2010 - 12:57 AM

Oh ok thank you very much Super Panda.
Thanks quietman for the topics on the blue screen Ill read about it as that's the more annoying bug. The slowness is actually at startup should I still read those articles on the slow computer?

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:55 AM

Posted 11 October 2010 - 06:21 AM

The slowness is actually at startup should I still read those articles on the slow computer?

Yes. There are suggestions that address dealing with too many programs that load at startup which in turn slows down a machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 14 October 2010 - 09:03 PM

Ok thanks again quietman. I've been reading a lot on the links you gave me. Im hoping to find some time tomorrow or day after to check over the computer.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:55 AM

Posted 14 October 2010 - 09:59 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 07 November 2010 - 11:25 PM

Hi quietman now I am just getting a blue screen and cant even get to the OS. Please help. :(

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:55 AM

Posted 08 November 2010 - 07:42 AM

Have you tried using Last Known Good Configuration or System Restore from a command prompt in Safe Mode to return to a previous state before the problems began?

Crashes (BSOD), unexpected shutdowns, sudden freezing, random restarting, and booting problems could be symptomatic of a variety of things to include hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and sometimes malware. Even legitimate programs like CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) can trigger crashes, various stop error messages and system hangs so you may or may not be dealing with multiple issues. If the computer is overheating, it usually begins to shutdown/restart on a more regular basis. Troubleshooting for these kinds of issues can be arduous and time consuming. There are no shortcuts.

Did the BSOD provide a Stop Error Messages or identify a driver (.sys file) as shown in this example?

If so, write down the full error code and the names of any files/drivers listed, then provide that information in so we can assist you with investigating the cause. Without that specific information, we would only be guessing rather than troubleshooting.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users