Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Computer?


  • Please log in to reply
4 replies to this topic

#1 shannakins

shannakins

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 10 June 2011 - 02:53 PM

Hi there!

A few weeks ago I've noticed that my laptop has been running kind of slow. It takes about a minute for the Windows logon screen to load and equally as long to actually log in when it's usually pretty fast. :/ Sometimes I don't even get the chance to log in because my screen turns blue since it's dumping physical memory or something. Then when I log into my laptop I get the error message that 'Windows has just recovered from an unexpected error'. I wasn't able to get the exact details of the error, but I will if it happens again.

Also, system restore doesn't work for me. I've tried running it in normal and safe mode, but the same thing always happens: it runs, reboots, and then it says that it can't restore to that point. I've tried several restore points but they all don't work.

I've already run Avast!, Malwarebytes, and Superantispyware. Honestly, I'm not really sure what to do next and I'm scared that it'll become worse if I don't do anything else. Please help me out. Thank you so much in advanced!

I have the scan logs for Malwarebytes and Superantispyware below. As for Avast!, I didn't know how to get a scan log (I'm not good with computers D:), so if you could, please tell me how so I can show you what my computer found. It says it found 5 viruses.

www.malwarebytes.org

Database version: 6823

Windows 6.1.7600 (Safe Mode)
Internet Explorer 9.0.8112.16421

6/11/2011 12:22:57 AM
mbam-log-2011-06-11 (00-22-57).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 237004
Time elapsed: 35 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/11/2011 at 04:30 AM

Application Version : 4.53.1000

Core Rules Database Version : 6720
Trace Rules Database Version: 4532

Scan type : Complete Scan
Total Scan Time : 00:43:08

Memory items scanned : 459
Memory threats detected : 0
Registry items scanned : 8406
Registry threats detected : 0
File items scanned : 24803
File threats detected : 10

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64534B76-601D-4598-8429-4DF73C537AF3}\RP165\A0033568.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64534B76-601D-4598-8429-4DF73C537AF3}\RP165\A0033569.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64534B76-601D-4598-8429-4DF73C537AF3}\RP165\A0033570.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64534B76-601D-4598-8429-4DF73C537AF3}\RP165\A0033571.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64534B76-601D-4598-8429-4DF73C537AF3}\RP165\A0033572.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64534B76-601D-4598-8429-4DF73C537AF3}\RP165\A0033573.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64534B76-601D-4598-8429-4DF73C537AF3}\RP165\A0033574.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64534B76-601D-4598-8429-4DF73C537AF3}\RP165\A0033575.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64534B76-601D-4598-8429-4DF73C537AF3}\RP165\A0033576.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{64534B76-601D-4598-8429-4DF73C537AF3}\RP165\A0033577.EXE

BC AdBot (Login to Remove)

 


#2 shannakins

shannakins
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 12 June 2011 - 01:46 AM

I got another blue screen this morning. I copied down the info in case anyone needs it. :3

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: F667358F
BCP2: 00000000
BCP3: 8993B203
BCP4: 00000002
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\061211-22198-01.dmp
C:\Users\Shanna Mendoza\AppData\Local\Temp\WER-9218723-0.sysdata.xml

---------------------

Ugh, I left my computer turned on on my desk while I went to go eat and when I came back it restarted because of another blue screen. :/

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: FD927F61
BCP2: 00000000
BCP3: 8AB2B203
BCP4: 00000002
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\061211-22932-01.dmp
C:\Users\Shanna Mendoza\AppData\Local\Temp\WER-313702-0.sysdata.xml

Edited by shannakins, 12 June 2011 - 05:21 AM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:11 AM

Posted 12 June 2011 - 08:00 AM

These files are generally related to memory/minidumps usually created after a system crash. When a serious error occurs, by default the system dumps "Debugging" information to a memory dump file for later retrieval. The dump file is a binary file that a programmer can load into a debugger. Dr. Watson for Windows is a program error debugger that gathers information about your computer when an error (or user-mode fault) occurs with a program. Technical support groups can use the information in these files to diagnose a program error. The random crashes can be related to a number of hardware/driver issues. Changing the settings to stop memory dumps also stops Windows from writing debugging info into a dump file. Memory dumps, depending on which dump type is selected, can take up a lot of paging file RAM and again, depending on which dump type is being used, can speed up or slow the process of recording information.

Applications can produce user-mode minidump files, which contain a useful subset of the information contained in a crash dump file. Applications can create minidump files very quickly and efficiently. Because minidump files are small, they can be easily sent over the internet to technical support for the application.

A minidump file does not contain as much information as a full crash dump file, but it contains enough information to perform basic debugging operations.

About Minidump Files

For the Minidump involving sysdata.xml, please see Examining Errors (the information pertains to Windows XP but its useful for explaining the issue in newer operating systems).

Error Message: "The system has recovered from a serious error.
C:\Windows\Minidump020404-01.dmp
C:\Docume~1\Darle~1\Locals~1\Temp\Wer5E.tmp.diroo\sysdata.xml"

This error message reveals a problem with a memory dump (an inventory of the contents of computer memory; sometimes referred to as a minidump). It seems the OS created a memory dump file but forgot about it, so it's attempting to create the file again. The resulting conflict leads to a serious error and the sudden system meltdown.

The minidump error is sometimes associated with an outdated video driver...so one potential solution is to download a driver update for the video card...


Applications can produce user-mode minidump files, which contain a useful subset of the information contained in a crash dump file. Applications can create minidump files very quickly and efficiently. Because minidump files are small, they can be easily sent over the internet to technical support for the application.

A minidump file does not contain as much information as a full crash dump file, but it contains enough information to perform basic debugging operations.

About Minidump Files

Troubleshooting for these kinds of issues can be arduous and time consuming. There are no shortcuts.You can also try BlueScreenView which enables you to investigate the cause of a system crash by analyzing the content of the Minidump files that are created during each crash.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 shannakins

shannakins
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 12 June 2011 - 10:07 PM

Honestly, I'm extremely confused. I'm not quite sure what to do now. :/

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:11 AM

Posted 13 June 2011 - 06:11 AM

You are going to have to thoroughly read the links I provided above and begin the process of troubleshooting. As I already said, troubleshooting for these kinds of issues can be arduous and time consuming. There are no shortcuts. If you need additional assistance with this, you can start a new topic in the appropriate Windows Operating System Subforum.

This forum is for assistance with malware infection, and although some types of malware can cause crashed, I have not encountered any which involves sysdata.xml.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users