Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista question, Getting bsod error 0x000000A


  • Please log in to reply
13 replies to this topic

#1 sparky192084

sparky192084

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 29 June 2012 - 02:30 PM

hi, hoping some one may be able to help, I'm not very tech savy.

being getting bsod error after startup. 0x0000000A, to the bug check code “IRQL_NOT_LESS_OR_EQUAL”

when log on to my main Vista account i get that bsod error & crash. I think it may be down to a virus, had warnings a few days before on windows defender. but thought I removed it. strange thing is I have the guest account on, when I go on to that I dont get the error. but thought I would try installing on the guest account CCleaner, when i try to install that then I get the BSOD aswell.

I have alredy tried windows startup repair, running memory diagnostics & restoring to an earlier point of time & hasnt worked

Edited by hamluis, 29 June 2012 - 03:37 PM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:21 PM

Posted 29 June 2012 - 03:02 PM

BSOD's can be related to an infection (Rootkits).

We need to analyse the BSOD;

Download BlueScreenView (in Zip file)

  • No installation required.
  • Unzip downloaded file and double click on BlueScreenView.exe file to run the program and When scanning is done, go to Edit > Select All.
  • Then go to File > Save Selected Items, and save the report as BSOD.txt.
  • Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


#3 sparky192084

sparky192084
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 29 June 2012 - 03:58 PM

thanks for the reply, this is what I got from bluescreenviewer scan

==================================================
Dump File : Mini062912-20.dmp
Crash Time : 6/29/2012 9:51:55 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8207b84c
Caused By Driver : hal.dll
Caused By Address : hal.dll+3023
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : ntkrnlpa.exe+2b84c
Stack Address 2 : ntkrnlpa.exe+1a5f8
Stack Address 3 : raspptp.sys+cc84
Computer Name :
Full Path : C:\Windows\Minidump\Mini062912-20.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 139,576
==================================================

==================================================
Dump File : Mini062912-19.dmp
Crash Time : 6/29/2012 9:19:39 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8204784c
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4df99
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : ntkrnlpa.exe+2b84c
Stack Address 2 : ntkrnlpa.exe+1a5f8
Stack Address 3 : raspptp.sys+cc84
Computer Name :
Full Path : C:\Windows\Minidump\Mini062912-19.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 139,576
==================================================

==================================================
Dump File : Mini062912-18.dmp
Crash Time : 6/29/2012 8:58:06 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8207984c
Caused By Driver : ndis.sys
Caused By Address : ndis.sys+5ef4d
File Description : NDIS 6.0 wrapper driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : ntkrnlpa.exe+2b84c
Stack Address 2 : ntkrnlpa.exe+1a5f8
Stack Address 3 : raspptp.sys+cc84
Computer Name :
Full Path : C:\Windows\Minidump\Mini062912-18.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 139,576
==================================================

==================================================
Dump File : Mini062912-17.dmp
Crash Time : 6/29/2012 8:52:24 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8207184c
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4df99
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : ntkrnlpa.exe+2b84c
Stack Address 2 : ntkrnlpa.exe+1a5f8
Stack Address 3 : raspptp.sys+cc84
Computer Name :
Full Path : C:\Windows\Minidump\Mini062912-17.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 139,576
==================================================

==================================================
Dump File : Mini062912-16.dmp
Crash Time : 6/29/2012 7:15:41 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8202d84c
Caused By Driver : hal.dll
Caused By Address : hal.dll+4023
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : ntkrnlpa.exe+2b84c
Stack Address 2 : ntkrnlpa.exe+1a5f8
Stack Address 3 : raspptp.sys+cc84
Computer Name :
Full Path : C:\Windows\Minidump\Mini062912-16.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 139,576
==================================================

==================================================
Dump File : Mini062912-15.dmp
Crash Time : 6/29/2012 7:03:36 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8204284c
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4df99
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : ntkrnlpa.exe+2b84c
Stack Address 2 : ntkrnlpa.exe+1a5f8
Stack Address 3 : raspptp.sys+cc84
Computer Name :
Full Path : C:\Windows\Minidump\Mini062912-15.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 139,576
==================================================

==================================================
Dump File : Mini062912-14.dmp
Crash Time : 6/29/2012 6:57:48 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8204084c
Caused By Driver : hal.dll
Caused By Address : hal.dll+1023
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4df99
Stack Address 1 : ntkrnlpa.exe+2b84c
Stack Address 2 : ntkrnlpa.exe+1a5f8
Stack Address 3 : raspptp.sys+cc84
Computer Name :
Full Path : C:\Windows\Minidump\Mini062912-14.dmp
Processors Count : 4
Major Version : 15
Minor Version : 6002
Dump File Size : 139,576
==================================================

Edited by sparky192084, 29 June 2012 - 04:02 PM.


#4 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:21 PM

Posted 30 June 2012 - 02:54 AM

This STOP error can occur during startup or at any other time. The 8 digit hexadecimal number 0x0000000A translates to the bug check code “IRQL_NOT_LESS_OR_EQUAL” which may be caused by the following:

  • A kernel-level application or device driver running in kernel mode tried to read or write to a memory location that had restricted permissions. The code IRQL_NOT_LESS_OR_EQUAL indicates that the interrupt request level (IRQL) was higher than the number that was expected. A process running in kernel mode cannot access a process that has an IRQL which is greater than its own.
  • Components of the hardware may have failed such as the memory chip, the processor or motherboard. It may also indicate problems in video or disk adapters or device driver incompatibility issues.
  • Computer Hardware may not be Vista compatible. This STOP error usually results from the faulty installation of System Services, BIOS firmware or device drivers. It can also be caused by incompatible virus scanners or backup tools.
  • Sometimes viruses or the anti-virus software that is running on the computer may cause problems.
  • Third party software applications such as device drivers may also have software bugs which access unprotected or restricted memory. Sometimes the name of the application or driver that caused this problem will be displayed on the screen immediately after the STOP error information.
  • You are trying to install Vista on a computer with more than 3GB of RAM
  • You are trying to install Vista on a computer which is running a Storport miniport driver
  • You are trying to install Vista on a computer that has a controller that utilizes 32-bit DMA (direct memory access).
Possibele solution:

  • First clear all external device drives of CDs, DVDs, Floppy disks, etc. Verify that your hardware is compatible with the operating system.
  • Remove all external peripherals such as printers, faxes, cameras, network adapters, sound cards, and serial cards, other USB devices, etc.
  • Try to restart the computer. If you cannot restart it using the mouse or keyboard options, shut down the computer by pressing down the manual Power button for a few seconds. When the computer has completely shut down, press the button again to restart the computer.
  • As the computer restarts, press and hold the F8 key before the Windows Logo appears.
  • Use the arrow keys to select “Repair the computer” in the “Advanced Boot Options” menu.
  • Choose a keyboard layout and login using username and password.
  • Choose Startup Repair from the menu for “System Recovery Options”.
  • The Startup Repair process will try to repair the computer.
  • Add each device or peripheral ONE at a time and restart the system after every addition.
  • Verify that all the software updates are installed for the current Operating system as well as on all device drivers and external third party software on the system.
  • If the computer recovers and is running, then check the “Problem Reports and Solutions” page or VISTA. Click on Start->Control Panel->System and Maintenance->Problem Reports and Solutions. This facility searches online for device driver updates and solutions to problems caused by external hardware or software.
  • If Windows Vista was installed on an older computer, determine from the computer manufacturer’s website whether the BIOS setup for the old computer is compatible with Vista OS. Install updates if required.
  • If the error appears during restart (and the restart is successful in spite of the error) , set the Windows Memory Diagnostic to get more details about the problems during restart:
  • a. Click on Start->All Programs->Accessories. Right-click on Command-Prompt and choose “Run as administrator”
  • b. Enter mdshed.exe at the command prompt. Schedule the tool to run at the next restart.
  • You can also monitor and diagnose the Vista system using the Reliability and Performance Monitors to check for CPU faults and real-time monitoring of the system with the Windows performance Diagnostic Console. You will need administrator privileges to run this monitor.
  • Repeatedly putting a laptop with Vista operating system on a sleep cycle mode can also cause this problem.
  • Computer runs QuickTime 7 on Vista which is trying to open a movie file with .mov extension.

================================== MBAM Scanner ==================================

Run a scan with MBAM:

Download the free version of Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.


Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

================================== Eset Scanner ==================================

Run Eset online scanner;

Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go to the Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic


================================== File checker ==================================

Run File checker:
1. Go to Start and then search for cmd. Then run it as Admin, like in the screenshot:
Posted Image
2. Then press enter. A black DOS box will open.
3. In the black DOS box type: sfc /scannow

Edited by ElFasso, 30 June 2012 - 03:00 AM.


#5 sparky192084

sparky192084
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 30 June 2012 - 05:42 AM

Mbam scanner resuslts. I couldnt update to latest version, can't connect to the internet on guest account at the minute.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
mark :: MARK-PC [administrator]

Protection: Enabled

6/30/2012 11:16:51 AM
mbam-log-2012-06-30 (11-23-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199571
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\mark\AppData\Roaming\7 9\rundll32.exe (Trojan.Agent) -> No action taken.

(end)

Edited by sparky192084, 30 June 2012 - 05:44 AM.


#6 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:21 PM

Posted 30 June 2012 - 05:58 AM

To update the Database of MBAM, download MBAM rules on a 'working computer with internet': http://data-cdn.mbamupdates.com/tools/mbam-rules.exe
Now run it on to the 'bad' computer. This will update MBAM database.

Please remove the found infection with MBAM:
C:\Users\mark\AppData\Roaming\7 9\rundll32.exe (Trojan.Agent) -> No action taken.

Edited by ElFasso, 30 June 2012 - 06:00 AM.


#7 sparky192084

sparky192084
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 30 June 2012 - 06:17 AM

also ran sfc system scan says "windows resource protection found corrupt files but was unable to fix some of them."

Edited by sparky192084, 30 June 2012 - 06:17 AM.


#8 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:21 PM

Posted 30 June 2012 - 06:20 AM

Provide log of File checker:
1. Go to Start and then search for cmd. Then run it as Admin, like in the screenshot:
Posted Image
2. Then press enter. A black DOS box will open.
3. Enter the command:
findstr /C:"[SR] Cannot repair member file" %windir%\logs\cbs\cbs.log >sfcdetails.txt
start sfcdetails.txt

Edited by ElFasso, 30 June 2012 - 06:22 AM.


#9 sparky192084

sparky192084
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 30 June 2012 - 06:30 AM

ran mbam scanner again this time found 53 objects

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
mark :: MARK-PC [administrator]

Protection: Enabled

6/30/2012 12:22:32 PM
mbam-log-2012-06-30 (12-27-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213012
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Detected: 1
C:\Users\mark\priwsmp.exe (Backdoor.ngrBot) -> 3264 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wzfdcirpojd (Backdoor.ngrBot) -> Data: C:\Users\mark\priwsmp.exe -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\mark\AppData\Local\{2343d72b-fd4b-be33-724b-e8a58a7b3a13}\n. -> No action taken.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.ngrBot) -> Bad: (C:\Users\mark\priwsmp.exe) Good: () -> No action taken.

Folders Detected: 1
C:\Users\mark\AppData\Roaming\7 9 (Trojan.Agent) -> No action taken.

Files Detected: 47
C:\Users\mark\priwsmp.exe (Backdoor.ngrBot) -> No action taken.
C:\Users\mark\AppData\Roaming\FF7681.exe (Trojan.Downloader) -> No action taken.
C:\Users\mark\AppData\Roaming\xmains2.exe (Backdoor.ngrBot) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\svchost2.exe (PUP.BitMiner) -> No action taken.
C:\Users\mark\AppData\Roaming\Xir\idiwacc.exe (Trojan.XBuild) -> No action taken.
C:\Users\mark\AppData\Local\Temp\~!#2528.tmp (Backdoor.IRCBot) -> No action taken.
C:\Users\mark\AppData\Local\Temp\~!#2690.tmp (Rootkit.0Access) -> No action taken.
C:\Users\mark\AppData\Local\Temp\~!#2AB6.tmp (Trojan.LameShield) -> No action taken.
C:\Users\mark\AppData\Local\Temp\~!#2C8B.tmp (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Local\Temp\~!#2D76.tmp (Spyware.Zbot.DG) -> No action taken.
C:\Users\mark\AppData\Local\Temp\~!#3054.tmp (Trojan.Agent.APGen) -> No action taken.
C:\Users\mark\AppData\Local\Temp\~!#93B2.tmp (Rootkit.TDSS) -> No action taken.
C:\Users\mark\AppData\Local\Temp\~!#9D64.tmp (Trojan.Medfos) -> No action taken.
C:\Users\mark\AppData\Local\Temp\~!#A081.tmp (Backdoor.Agent.H) -> No action taken.
C:\Users\mark\AppData\Local\Temp\IXP000.TMP\q8r128F.exe (Trojan.Downloader) -> No action taken.
C:\Users\mark\AppData\Local\Temp\IXP001.TMP\q8r128F.exe (Trojan.Downloader) -> No action taken.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\bt.lnk (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\numpy.linalg.lapack_lite.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\bat.bat (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\boost_python-vc90-mt-1_39.dll (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\bz2.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\j.exe (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\l3.lnk (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\library.zip (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\msvcp90.dll (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\numpy.core.multiarray.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\numpy.core.scalarmath.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\numpy.core.umath.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\numpy.core._dotblas.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\numpy.core._sort.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\numpy.fft.fftpack_lite.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\numpy.lib._compiled_base.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\numpy.random.mtrand.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\phatk.cl (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\pyopencl._cl.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\python26.dll (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\select.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\settings.txt (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\svchost.exe (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\svchost2.exe (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\unicodedata.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\w9xpopen.exe (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\_ctypes.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\_hashlib.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\_socket.pyd (Trojan.Agent) -> No action taken.
C:\Users\mark\AppData\Roaming\7 9\_ssl.pyd (Trojan.Agent) -> No action taken.

(end)

#10 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:21 PM

Posted 30 June 2012 - 06:34 AM

Your computer is heavily infected with a rootkit and backdoors and other trojans. I'll report this topic to the 'Malware response team', to better assist/help you. They will help you with this infection. :wink:

#11 sparky192084

sparky192084
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 30 June 2012 - 06:41 AM

thanks Elfasso you have been very helpful. B)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:21 PM

Posted 30 June 2012 - 07:57 AM

Lets see if we could solve this before reporting to MRT

Boot the PC into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Download

System look

Launch it and copy the script and paste it in the search BOX

:filefind
services.exe
:folderfind
{2343d72b-fd4b-be33-724b-e8a58a7b3a13}

Click on LOOK,post the generated log

Edited by boopme, 30 June 2012 - 08:29 AM.


#13 sparky192084

sparky192084
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 01 July 2012 - 03:15 PM

the mbscan malwarebytes scan software, seems to have fixed he issue. but i will follow the other steps and get back to you. thanks

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:21 PM

Posted 01 July 2012 - 03:29 PM

:thumbup2:




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users