Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Stalls on Startup / Stops during Running


  • Please log in to reply
8 replies to this topic

#1 bamashooter

bamashooter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 11 May 2012 - 10:06 PM

System: Purchased December 2011

H/P Pavilion dv-7 Notebook PC
600 GB HDD
6.00 GB RAM (5.8 usable)
64 bit operating system
Windows 7 Home Premium SP1
Windows Explorer 9
Mozilla Firefox 12.0
Avast
Spybot
Malwarebytes
Hijack This






Symptoms:

1. At random times, Windows stalls at startup.

2. At random times, Windows stops running suddenly.

3. Starts and runs fine in both safe modes.

The first symptom was I was taking a break from the pc when I noticed the fan was running on high speed as though a lot of processing was taking place. No downloading or anything else was taking place. That's when the first (quit during running occurred). Following that, I had to do a hard kill, etc. Then the no start would occur. The desktop would launch and that's all it would do. I would have to do a hard kill to power down the pc. When the system won't start up, I get a small error window which states to the effect that Windows is not responding. Normally, when it stops during running, I get the Firefox not repsponding. Both of these require a hard kill. If I boot up in safe mode and reboot in normal, all is well.

Everything was great until approximately 2 weeks ago when I downloaded a 7gb document via uTorrent. This was my first experience with that and I made multiple mistakes. The problems began shortly after download completion.

Viewing my task manager Immediately after download, I noticed 1 of 2 iexplore.exe files was near 500mb. I thought perhaps this was a result of my system being stuck in cybermud during my download attempts. I was using Explorer at the time though Firefox is my daily browser. I killed the process (iexplore.exe) and all appeared well. The problems began again 2-3 days later. I've been using only Firefox since the first experience.

Additionally, for the past 3 days, my desktop will reappear after it's 3 minute timed out. I set the 3 minutes in the "turn off the display" selection in Power Options.

No problems today other than the display issue.

I have run multiple H/P diagnostics tools in the included software in my H/P notebook. No problems found.

Reckon that's about all I can think of right now.

Any help will be truly appreciated,
shooter

After reading this newly discovered forum, I downloaded both spybot and hijack this. I configured and ran both per this forum's tutorials (thank you).

Spybot found nothing.

I scanned and saved to logs both my scan and startup list from hijack this.

Edited by bamashooter, 11 May 2012 - 11:13 PM.

Kubuntu 14.04 / KDE 4.13.3 / GRUB Version: 0.97-29ubuntu66
HP15 --f033wm Laptop / CPU: Intel / GPU: Intel Corporation Atom Processor / RAM: 8GB / Hard Drive: 1 each / Seagate / Optical Drive: HP DVDRW GUB0N / Windows 10 / 64-bit


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 AM

Posted 15 May 2012 - 01:37 PM

Welcome.. hold that HJT log. Please run these first.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bamashooter

bamashooter
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 15 May 2012 - 02:36 PM

TDSSKiller found nothing / Zero (0) results.


MiniToolBox

MiniToolBox by Farbar Version: 18-01-2012
Ran by jake on 15-05-2012 at 13:52:59
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com

There are 15217 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6250 AGN = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Intel® Centrino® WiMAX 6250 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Rick-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
Physical Address. . . . . . . . . : 64-D4-DA-17-D5-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-23-15-88-19-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-23-15-88-19-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
Physical Address. . . . . . . . . : 00-23-15-88-19-9C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c2d:5cb3:3985:1dde%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, May 15, 2012 1:11:39 PM
Lease Expires . . . . . . . . . . : Wednesday, May 16, 2012 1:11:39 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 318776085
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-CA-43-56-60-EB-69-79-5E-86
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:8cd:1045:9dbc:9149(Preferred)
Link-local IPv6 Address . . . . . : fe80::8cd:1045:9dbc:9149%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{5F97673D-ACD0-4DEA-8290-80F141A27BAE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FFE55972-1FFF-41CA-8DB7-E30DAF314BE3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{65CF5266-B3FB-4E79-8819-558E58EAF3C2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.45.102
74.125.45.113
74.125.45.138
74.125.45.139
74.125.45.100
74.125.45.101


Pinging google.com [74.125.45.113] with 32 bytes of data:
Reply from 74.125.45.113: bytes=32 time=23ms TTL=51
Reply from 74.125.45.113: bytes=32 time=23ms TTL=51

Ping statistics for 74.125.45.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 23ms, Average = 23ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=74ms TTL=43
Reply from 98.139.183.24: bytes=32 time=183ms TTL=41

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 183ms, Average = 128ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...64 d4 da 17 d5 7e ......Intel® Centrino® WiMAX 6250
14...00 23 15 88 19 9d ......Microsoft Virtual WiFi Miniport Adapter #2
13...00 23 15 88 19 9d ......Microsoft Virtual WiFi Miniport Adapter
12...00 23 15 88 19 9c ......Intel® Centrino® Advanced-N 6250 AGN
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.69 281
192.168.1.69 255.255.255.255 On-link 192.168.1.69 281
192.168.1.255 255.255.255.255 On-link 192.168.1.69 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.69 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.69 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:5ef5:79fb:8cd:1045:9dbc:9149/128
On-link
12 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::8cd:1045:9dbc:9149/128
On-link
12 281 fe80::c2d:5cb3:3985:1dde/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

System error 5 has occurred.

Access is denied.


=========================== Installed Programs ============================

Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
ATI Catalyst Install Manager (Version: 3.0.790.0)
avast! Free Antivirus (Version: 7.0.1426.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Belarc Advisor 8.2 (Version: 8.2.7.7)
Bing Bar (Version: 6.0.2282.0)
Bing Bar Platform (Version: 6.0.2282.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.0.5350)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0909.1412.23625)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0909.1412.23625)
Catalyst Control Center InstallProxy (Version: 2010.0909.1412.23625)
Catalyst Control Center Localization All (Version: 2010.0909.1412.23625)
ccc-core-static (Version: 2010.0909.1412.23625)
ccc-utility64 (Version: 2010.0909.1412.23625)
CCC Help Chinese Standard (Version: 2010.0909.1411.23625)
CCC Help Chinese Traditional (Version: 2010.0909.1411.23625)
CCC Help Czech (Version: 2010.0909.1411.23625)
CCC Help Danish (Version: 2010.0909.1411.23625)
CCC Help Dutch (Version: 2010.0909.1411.23625)
CCC Help English (Version: 2010.0909.1411.23625)
CCC Help Finnish (Version: 2010.0909.1411.23625)
CCC Help French (Version: 2010.0909.1411.23625)
CCC Help German (Version: 2010.0909.1411.23625)
CCC Help Greek (Version: 2010.0909.1411.23625)
CCC Help Hungarian (Version: 2010.0909.1411.23625)
CCC Help Italian (Version: 2010.0909.1411.23625)
CCC Help Japanese (Version: 2010.0909.1411.23625)
CCC Help Korean (Version: 2010.0909.1411.23625)
CCC Help Norwegian (Version: 2010.0909.1411.23625)
CCC Help Polish (Version: 2010.0909.1411.23625)
CCC Help Portuguese (Version: 2010.0909.1411.23625)
CCC Help Russian (Version: 2010.0909.1411.23625)
CCC Help Spanish (Version: 2010.0909.1411.23625)
CCC Help Swedish (Version: 2010.0909.1411.23625)
CCC Help Thai (Version: 2010.0909.1411.23625)
CCC Help Turkish (Version: 2010.0909.1411.23625)
Chuzzle Deluxe (Version: 2.2.0.95)
Contents (Version: 1.6.0.294)
Corel PaintShop Photo Pro X3 (Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (Version: 1.6.1.252)
Corel VideoStudio Pro X3 (Version: 1.6.0.294)
CyberLink DVD Suite (Version: 7.0.3320)
D3DX10 (Version: 15.4.2368.0902)
DeviceIO (Version: 1.6.0.294)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.2.4412)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Fences Pro (Version: 1.0.1.312)
Fences Pro (Version: 1.0.1.312.19219)
Final Drive Nitro (Version: 2.2.0.95)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.0.10.1)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.3.1)
HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)
HP Game Console
HP Games (Version: 1.0.1.5)
HP MediaSmart DVD (Version: 4.2.4521)
HP MediaSmart Movies and TV (Version: 1.0.1.2)
HP MediaSmart Music (Version: 4.2.4604)
HP MediaSmart Photo (Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.2)
HP MediaSmart Video (Version: 4.2.4522)
HP MediaSmart Webcam (Version: 4.2.3303)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.4.0)
HP MovieStore (Version: 1.0.023)
HP MovieStore (Version: 2.0.2)
HP Photo Creations (Version: 1.0.0.4042)
HP Power Manager (Version: 1.1.2)
HP Quick Launch (Version: 2.2.7)
HP Setup (Version: 8.4.4400.3525)
HP Setup Manager (Version: 1.0.12844.3519)
HP SimplePass Identity Protection (Version: 5.20.205)
HP Software Framework (Version: 4.0.70.1)
HP Support Assistant (Version: 6.1.12.1)
HP Wireless Assistant (Version: 4.0.10.0)
Hulu Desktop (Version: 0.9.13)
ICA (Version: 1.6.0.294)
ICA (Version: 1.6.1.252)
IDT Audio (Version: 1.0.6292.0)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.03.0000)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
Intel® Turbo Boost Technology Driver (Version: 01.00.01.1002)
Intel® Wireless Display (Version: 1.2.21.0)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.0005)
IPM_PSP_Pro (Version: 1.00.0000)
IPM_VS_Pro (Version: 13.0)
ISCOM (Version: 1.6.0.294)
ISCOM (Version: 1.6.1.252)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.3220)
LightScribe System Software (Version: 1.18.18.1)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.2.4412)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
OpenOffice.org 3.3 (Version: 3.3.9567)
PDF-XChange Viewer (Version: 2.5.200.0)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.7717)
PictureMover (Version: 3.5.0.33)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4419)
PowerDirector (Version: 8.0.3320)
PSPPContent (Version: 1.00.0000)
PSPPRO_DCRAW (Version: 13.0.0)
PureHD (Version: 1.6.0.294)
PX Profile Update (Version: 1.00.1.)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Recovery Manager (Version: 5.5.3223)
RoxioNow Player (Version: 1.9.5.101)
Setup (Version: 1.6.0.294)
Setup (Version: 1.6.1.252)
Share (Version: 1.6.0.294)
Share64 (Version: 1.6.0.294)
Spybot - Search & Destroy (Version: 1.6.2)
Switch Sound File Converter
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (Version: 1.6.5.17120)
Synaptics Pointing Device Driver (Version: 15.3.27.1)
Times Reader (Version: 2.055)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Validity Sensors DDK (Version: 4.1.139.0)
VIO (Version: 1.6.0.294)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VSClassic (Version: 1.6.0.294)
VSPro (Version: 1.6.0.294)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 5941.86 MB
Available physical RAM: 4202.38 MB
Total Pagefile: 11881.91 MB
Available Pagefile: 9864.34 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.1 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:566.41 GB) (Free:507.61 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:29.46 GB) (Free:4.33 GB) NTFS

========================= Users: ========================================

User accounts for \\RICK-HP

Administrator Guest jake
Rick


**** End of log ****



Malwarebytes Results

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rick :: RICK-HP [administrator]

5/15/2012 2:21:50 PM
mbam-log-2012-05-15 (14-21-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218330
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Kubuntu 14.04 / KDE 4.13.3 / GRUB Version: 0.97-29ubuntu66
HP15 --f033wm Laptop / CPU: Intel / GPU: Intel Corporation Atom Processor / RAM: 8GB / Hard Drive: 1 each / Seagate / Optical Drive: HP DVDRW GUB0N / Windows 10 / 64-bit


#4 bamashooter

bamashooter
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 15 May 2012 - 02:50 PM

What the heck is 127.0.0.1 100sexlinks.com? I can promise you that I have never been there. What about all those 127.x "hits" Looks like my computer has been compromised, however, I'm the only user of it here in my household.

Kubuntu 14.04 / KDE 4.13.3 / GRUB Version: 0.97-29ubuntu66
HP15 --f033wm Laptop / CPU: Intel / GPU: Intel Corporation Atom Processor / RAM: 8GB / Hard Drive: 1 each / Seagate / Optical Drive: HP DVDRW GUB0N / Windows 10 / 64-bit


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 AM

Posted 15 May 2012 - 03:44 PM

Hello, those are part of SpyBots hosts immunisation.. They are safe.. They are protecting you from those sites.
More info http://forums.spybot.info/showthread.php?t=20443

This is not looking like malware.. we will do one more quick scan..
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 bamashooter

bamashooter
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 15 May 2012 - 06:04 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-15 17:41:52
-----------------------------
17:41:52.554 OS Version: Windows x64 6.1.7601 Service Pack 1
17:41:52.554 Number of processors: 4 586 0x2505
17:41:52.556 ComputerName: RICK-HP UserName: Rick
17:41:55.252 Initialize success
17:41:55.625 AVAST engine defs: 12051500
17:42:19.805 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:42:19.807 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
17:42:19.824 Disk 0 MBR read successfully
17:42:19.827 Disk 0 MBR scan
17:42:19.842 Disk 0 unknown MBR code
17:42:19.865 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:42:19.881 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 580004 MB offset 409600
17:42:19.914 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30172 MB offset 1188257792
17:42:19.930 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 101 MB offset 1250050048
17:42:20.034 Disk 0 scanning C:\Windows\system32\drivers
17:42:32.014 Service scanning
17:42:52.870 Modules scanning
17:42:52.878 Disk 0 trace - called modules:
17:42:52.901 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
17:42:52.907 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b7f060]
17:42:52.911 3 CLASSPNP.SYS[fffff88001bba43f] -> nt!IofCallDriver -> [0xfffffa8006a0a990]
17:42:52.916 5 hpdskflt.sys[fffff88001b61189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800689e050]
17:42:53.987 AVAST engine scan C:\Windows
17:42:56.349 AVAST engine scan C:\Windows\system32
17:44:59.788 AVAST engine scan C:\Windows\system32\drivers
17:45:10.303 AVAST engine scan C:\Users\Rick
17:46:17.694 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
17:46:17.702 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-15 17:56:42
-----------------------------
17:56:42.184 OS Version: Windows x64 6.1.7601 Service Pack 1
17:56:42.184 Number of processors: 4 586 0x2505
17:56:42.185 ComputerName: RICK-HP UserName: Rick
17:56:43.431 Initialize success
17:56:43.588 AVAST engine defs: 12051500
17:56:57.388 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:56:57.390 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
17:56:57.422 Disk 0 MBR read successfully
17:56:57.424 Disk 0 MBR scan
17:56:57.426 Disk 0 unknown MBR code
17:56:57.441 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:56:57.456 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 580004 MB offset 409600
17:56:57.489 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30172 MB offset 1188257792
17:56:57.516 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 101 MB offset 1250050048
17:56:57.543 Disk 0 scanning C:\Windows\system32\drivers
17:57:08.157 Service scanning
17:57:26.718 Modules scanning
17:57:26.726 Disk 0 trace - called modules:
17:57:27.093 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
17:57:27.098 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b7f060]
17:57:27.102 3 CLASSPNP.SYS[fffff88001bba43f] -> nt!IofCallDriver -> [0xfffffa8006a0a990]
17:57:27.113 5 hpdskflt.sys[fffff88001b61189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800689e050]
17:57:28.211 AVAST engine scan C:\Windows
17:57:31.717 AVAST engine scan C:\Windows\system32
17:59:18.738 AVAST engine scan C:\Windows\system32\drivers
17:59:29.276 AVAST engine scan C:\Users\Rick
18:01:04.289 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
18:01:04.299 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"

Kubuntu 14.04 / KDE 4.13.3 / GRUB Version: 0.97-29ubuntu66
HP15 --f033wm Laptop / CPU: Intel / GPU: Intel Corporation Atom Processor / RAM: 8GB / Hard Drive: 1 each / Seagate / Optical Drive: HP DVDRW GUB0N / Windows 10 / 64-bit


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 AM

Posted 16 May 2012 - 10:07 AM

Hi,alls clean hereso it must be a soft/hardware issue. Start a topic in Win 7 to find the conflict.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 bamashooter

bamashooter
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 20 May 2012 - 05:20 PM

Sorry for the delayed response boopme. Can't express enough how much I appreciate your help. I posted over to the Windows 7 section.

Thanks again,
shooter

Kubuntu 14.04 / KDE 4.13.3 / GRUB Version: 0.97-29ubuntu66
HP15 --f033wm Laptop / CPU: Intel / GPU: Intel Corporation Atom Processor / RAM: 8GB / Hard Drive: 1 each / Seagate / Optical Drive: HP DVDRW GUB0N / Windows 10 / 64-bit


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 AM

Posted 20 May 2012 - 08:54 PM

You're welcome.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users