Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected BSOD and Slow computer


  • Please log in to reply
31 replies to this topic

#1 Tritzim

Tritzim

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 04 July 2012 - 05:38 PM

Dear Bleeping Helper,

I have a computer that was mismanaged for quite a while. I was trying to clean it by using virus cleaners, installed windows updates, updated other programs, cleaned temp files, cleaned the registry, etc.

My computer start working better/faster, but at some point I start noticing errors that was beyond my ability to resolve. It started when I got a blue screen error messages (I'm not sure if this is the BSOD or something similar) when I tried to print something, the second I pressed print, the screen went blank then I got the "Blue screen" saying that windows had to shut down to save my computer from damage. After reboot I was prompt to send the error report to Microsoft then I received the following solution from Microsoft http://wer.microsoft.com/responses/Response.aspx/685/en-US/5.1.2600.2.00010300.3.0?SGD=777042dd-676a-42d4-8f57-346ea8f4c496&Bucket=0xA_bckd%2b6492.
This was happening several times since then see the mini-dumps (with the dates) below.

C:\WINDOWS\Minidump\Mini051112-01.dmp
C:\WINDOWS\Minidump\Mini051412-01.dmp
C:\WINDOWS\Minidump\Mini051412-02.dmp
C:\WINDOWS\Minidump\Mini051512-01.dmp
C:\WINDOWS\Minidump\Mini051812-01.dmp
C:\WINDOWS\Minidump\Mini052512-01.dmp
C:\WINDOWS\Minidump\Mini060712-01.dmp
C:\WINDOWS\Minidump\Mini061212-01.dmp
C:\WINDOWS\Minidump\Mini061812-01.dmp

These crashed happened always (as I remember...) the second after I pressed print, it happened from several programs and to several printers, and even when I tried to print to PDF it happened once, this is why I don't think its a printer problem or a program problem, rather a system error.

After some of these crashed my CD/DVD tray opened up and didn't want to close, so I tried closing it from my computer but the CD Drive wasn't there, when I looked in the Device manger is was missing as well so I had to close it with Scotch Tape. at some point it came back to normal. But then after another crash it disappeared again. (today its back).

And in addition to the above my computer runs extremely slow very often. I can wait almost a minute to open excel or chrome, every several times a day all programs freeze for a few seconds.

I got help from dev00790 in THIS topic, he is very helpful, and advised me to ask for deeper help here.


Here is the log

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Smartek at 15:25:01 on 2012-07-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.227 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHELDCS.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Smartek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\qbw32.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\Intuit\QUICKB~1.0\QuickBooksMessaging.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Documents and Settings\Smartek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Smartek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Smartek\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browse For Change BHO: {912c156f-05cf-4b62-851a-96e167a677b0} - mscoree.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\smartek\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340054316828
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340054080390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FBB2098D-4E91-4A4A-8936-E7AAEF53A814} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks enterprise solutions 12.0\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\smartek\application data\mozilla\firefox\profiles\54lhjpqz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=363&systemid=406&sr=0&q=
FF - component: c:\documents and settings\smartek\application data\mozilla\firefox\profiles\54lhjpqz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\smartek\application data\mozilla\firefox\profiles\54lhjpqz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\smartek\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\smartek\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\smartek\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2012-2-13 87312]
R1 MpKsl80ea13cd;MpKsl80ea13cd;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06add23f-4a18-4324-877e-b2a3bde1f9f1}\MpKsl80ea13cd.sys [2012-7-4 29904]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2012-2-13 1604880]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-5-29 95200]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQL$UPSBAT;SQL Server (UPSBAT);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-4-11 175632]
R2 OPHE DCS Loader;OPHE DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHELDCS.EXE [2005-8-17 24576]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-12-6 1248256]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-4-10 135440]
R3 SmartSource;SmartSource;c:\windows\system32\drivers\SmartSource.sys [2012-6-13 191456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
.
=============== Created Last 30 ================
.
2012-07-04 17:22:40 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06add23f-4a18-4324-877e-b2a3bde1f9f1}\offreg.dll
2012-07-04 17:22:39 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06add23f-4a18-4324-877e-b2a3bde1f9f1}\MpKsl80ea13cd.sys
2012-07-04 17:12:03 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{06add23f-4a18-4324-877e-b2a3bde1f9f1}\mpengine.dll
2012-07-03 17:01:37 6762896 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-27 14:33:48 -------- d-----w- c:\documents and settings\smartek\local settings\application data\Sun
2012-06-27 14:30:04 -------- d-----w- c:\program files\Oracle
2012-06-25 22:19:23 -------- d-----w- c:\windows\system32\NtmsData
2012-06-25 18:00:52 2560 ------w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll
2012-06-19 21:22:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-19 21:22:21 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-18 21:19:00 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-14 22:07:52 -------- d-----w- c:\documents and settings\smartek\local settings\application data\Alogent
2012-06-13 18:07:02 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 15:18:58 96128 ----a-w- c:\windows\system32\dllcache\ati.dll
2012-06-13 15:17:58 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-06-13 14:48:47 -------- d-----w- c:\documents and settings\all users\application data\Nap
2012-06-13 14:43:06 692224 ----a-w- c:\windows\system32\SmartSource.dll
2012-06-13 14:42:09 143360 ----a-w- c:\windows\system32\wdapi920.dll
2012-06-13 14:41:16 191456 ----a-w- c:\windows\system32\drivers\SmartSource.sys
2012-06-13 14:38:59 448216 ----a-w- c:\windows\system32\Vsflex7u.ocx
2012-06-13 14:38:54 83144 ----a-w- c:\windows\system32\picclp32.ocx
2012-06-13 14:38:53 166600 ----a-w- c:\windows\system32\msmask32.ocx
2012-06-13 14:38:52 103744 ----a-w- c:\windows\system32\Mscomm32.ocx
2012-06-13 14:38:49 200496 ----a-w- c:\windows\system32\Dblist32.ocx
2012-06-13 14:38:48 525352 ----a-w- c:\windows\system32\Dbgrid32.ocx
2012-06-13 14:38:42 107760 ----a-w- c:\windows\system32\NumLED.ocx
2012-06-13 14:38:41 186592 ----a-w- c:\windows\system32\Slider.ocx
2012-06-13 14:37:50 -------- d-----w- C:\SmartSource
2012-06-13 14:35:14 -------- d-----w- c:\program files\TellerScan
2012-06-13 14:33:51 286779 ----a-w- c:\windows\system32\baroc.dll
2012-06-13 14:33:51 102400 ----a-w- c:\windows\system32\wd_utils.dll
2012-06-13 14:33:50 191400 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2012-06-13 14:33:50 167936 ----a-w- c:\windows\system32\AXBAR32.DLL
2012-06-13 14:33:50 1135104 ----a-w- c:\windows\system32\MVXApi.dll
2012-06-13 14:33:49 98374 ----a-w- c:\windows\system32\WdReg.exe
2012-06-13 14:33:48 10240 ----a-w- c:\windows\system32\MvxCoinst.dll
2012-06-13 14:33:48 -------- d-----w- c:\program files\Panini
2012-06-13 14:32:40 19584 ----a-w- c:\windows\system32\drivers\ustp2.sys
.
==================== Find3M ====================
.
2012-06-23 16:46:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 16:46:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 23:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 23:29:22 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-17 18:20:29 37027 ----a-w- c:\windows\atmoUn.exe
2012-04-12 02:55:08 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-04-12 02:55:08 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
.
============= FINISH: 15:27:23.02 ===============


Thanks for helping me!
Tritzim.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 PM

Posted 09 July 2012 - 05:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459364 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Tritzim

Tritzim
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 10 July 2012 - 04:43 PM

Thank you HelpBot for your reply.

Above I wrote a detailed Explanation of the Problem i'm having. It's true that I didn't have the BSOD quite a while.
But my computer is still working extremely slow.

Here are the logs;

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Smartek at 16:02:27 on 2012-07-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.309 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHELDCS.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Smartek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\qbw32.exe
C:\PROGRA~1\Intuit\QUICKB~1.0\QuickBooksMessaging.exe
C:\Program Files\Adobe\Reader 10.0\Reader\pdfprevhndlrshim.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browse For Change BHO: {912c156f-05cf-4b62-851a-96e167a677b0} - mscoree.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\smartek\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340054316828
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340054080390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FBB2098D-4E91-4A4A-8936-E7AAEF53A814} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks enterprise solutions 12.0\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\smartek\application data\mozilla\firefox\profiles\54lhjpqz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=363&systemid=406&sr=0&q=
FF - component: c:\documents and settings\smartek\application data\mozilla\firefox\profiles\54lhjpqz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\smartek\application data\mozilla\firefox\profiles\54lhjpqz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\smartek\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\smartek\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\smartek\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2012-2-13 87312]
R1 MpKsl67af5057;MpKsl67af5057;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e7746a3-2b2a-4135-9987-f31c65e05cf6}\MpKsl67af5057.sys [2012-7-10 29904]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2012-2-13 1604880]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-5-29 95200]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQL$UPSBAT;SQL Server (UPSBAT);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-4-11 175632]
R2 OPHE DCS Loader;OPHE DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHELDCS.EXE [2005-8-17 24576]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-12-6 1248256]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-4-10 135440]
R3 SmartSource;SmartSource;c:\windows\system32\drivers\SmartSource.sys [2012-6-13 191456]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
.
=============== Created Last 30 ================
.
2012-07-10 16:59:28 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e7746a3-2b2a-4135-9987-f31c65e05cf6}\offreg.dll
2012-07-10 16:59:28 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e7746a3-2b2a-4135-9987-f31c65e05cf6}\MpKsl67af5057.sys
2012-07-10 14:01:31 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e7746a3-2b2a-4135-9987-f31c65e05cf6}\mpengine.dll
2012-07-09 16:49:18 6762896 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-27 14:33:48 -------- d-----w- c:\documents and settings\smartek\local settings\application data\Sun
2012-06-27 14:30:04 -------- d-----w- c:\program files\Oracle
2012-06-25 22:19:23 -------- d-----w- c:\windows\system32\NtmsData
2012-06-25 18:00:52 2560 ------w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll
2012-06-19 21:22:21 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-19 21:22:21 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-18 21:19:00 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-14 22:07:52 -------- d-----w- c:\documents and settings\smartek\local settings\application data\Alogent
2012-06-13 18:07:02 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 15:18:58 96128 ----a-w- c:\windows\system32\dllcache\ati.dll
2012-06-13 15:17:58 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-06-13 14:48:47 -------- d-----w- c:\documents and settings\all users\application data\Nap
2012-06-13 14:43:06 692224 ----a-w- c:\windows\system32\SmartSource.dll
2012-06-13 14:42:09 143360 ----a-w- c:\windows\system32\wdapi920.dll
2012-06-13 14:41:16 191456 ----a-w- c:\windows\system32\drivers\SmartSource.sys
2012-06-13 14:38:59 448216 ----a-w- c:\windows\system32\Vsflex7u.ocx
2012-06-13 14:38:54 83144 ----a-w- c:\windows\system32\picclp32.ocx
2012-06-13 14:38:53 166600 ----a-w- c:\windows\system32\msmask32.ocx
2012-06-13 14:38:52 103744 ----a-w- c:\windows\system32\Mscomm32.ocx
2012-06-13 14:38:49 200496 ----a-w- c:\windows\system32\Dblist32.ocx
2012-06-13 14:38:48 525352 ----a-w- c:\windows\system32\Dbgrid32.ocx
2012-06-13 14:38:42 107760 ----a-w- c:\windows\system32\NumLED.ocx
2012-06-13 14:38:41 186592 ----a-w- c:\windows\system32\Slider.ocx
2012-06-13 14:37:50 -------- d-----w- C:\SmartSource
2012-06-13 14:35:14 -------- d-----w- c:\program files\TellerScan
2012-06-13 14:33:51 286779 ----a-w- c:\windows\system32\baroc.dll
2012-06-13 14:33:51 102400 ----a-w- c:\windows\system32\wd_utils.dll
2012-06-13 14:33:50 191400 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2012-06-13 14:33:50 167936 ----a-w- c:\windows\system32\AXBAR32.DLL
2012-06-13 14:33:50 1135104 ----a-w- c:\windows\system32\MVXApi.dll
2012-06-13 14:33:49 98374 ----a-w- c:\windows\system32\WdReg.exe
2012-06-13 14:33:48 10240 ----a-w- c:\windows\system32\MvxCoinst.dll
2012-06-13 14:33:48 -------- d-----w- c:\program files\Panini
2012-06-13 14:32:40 19584 ----a-w- c:\windows\system32\drivers\ustp2.sys
.
==================== Find3M ====================
.
2012-06-23 16:46:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 16:46:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 23:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 23:29:22 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-17 18:20:29 37027 ----a-w- c:\windows\atmoUn.exe
2012-04-12 02:55:08 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-04-12 02:55:08 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
.
============= FINISH: 16:10:04.31 ===============

And for your information, i don't have the original windows CD.

looking forward for your help!

Tritzim.

Attached Files


Edited by Tritzim, 10 July 2012 - 04:45 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 11 July 2012 - 09:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your host file may have been compromised. Reset it to it's original value.

How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

#5 Tritzim

Tritzim
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 11 July 2012 - 12:26 PM

Wow I am so amazed that you find a problem right away.
I checked for the hosts.old file that was generated by the Microsoft fix-it. it was 432 KB instead of the new one which was 3KB.
In the hosts.old I found entries from spy-bot search & destroy which I used a few months ago to clean my computer, it seems that this program did something wrong, actually I uninstalled it when I saw my computer running slower, this might be the problem.

I will run combo-fix soon, but first I wanna backup my Data. I'll use Cobain backup.
When I'll be done I'll post the Logs.

Thanks for your help!
Tritzim.

#6 Tritzim

Tritzim
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 12 July 2012 - 12:07 PM

Hello - And thank you for your help!

I was trying to backup my files with Cobain Backup, in middle of the backup I got the BSOD :( , I was lost.
I turned the computer on, microsoft told me to check out Here. then I started another backup, it sound like its going to take 10 hours so left it overnight. When I came back in the morning I saw my computer was restarted and Microsoft is asking to send them the error report I noticed that the backup didn't complete, it crashed in middle. I used BlueScreenView and I saw there was a BSOD about 8:30 PM a few hours after I left the computer. So I did a small backup only for the 'my documents' and 'desktop' folders.

Then I ran combo-fix very easily.

I attached the combofix.txt log (it was to big to be posted).
If you want it posted, I can add it in the next reply.


And Here is the Checkup.txt

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Security Scan Plus
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
JavaFX 2.1.1
Java™ 6 Update 33
Java™ 7 Update 5
Adobe Flash Player 11.3.300.262
Mozilla Firefox (for.)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

end of logs:

I hope you will get me some good advise to get rid of these BSOD, and make my computer work fast enough it shouldn't be annoying.

Thanks soooo much again!
Tritzim.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 12 July 2012 - 01:29 PM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Minidump Files
Click Go and copy/paste the log (Result.txt) into your next post.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#8 Tritzim

Tritzim
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 12 July 2012 - 02:25 PM

Here is the Mini tool box Log.

Results.txt

MiniToolBox by Farbar Version: 25-06-2012
Ran by Smartek (administrator) on 12-07-2012 at 15:24:49
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Gelb

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection

Physical Address. . . . . . . . . : 00-1A-A0-90-09-3C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.19

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Thursday, July 12, 2012 2:57:14 PM

Lease Expires . . . . . . . . . . : Thursday, July 12, 2012 3:57:14 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 173.194.43.2, 173.194.43.3, 173.194.43.4, 173.194.43.5
173.194.43.6, 173.194.43.7, 173.194.43.8, 173.194.43.9, 173.194.43.14
173.194.43.0, 173.194.43.1



Pinging google.com [74.125.226.226] with 32 bytes of data:



Reply from 74.125.226.226: bytes=32 time=18ms TTL=55

Reply from 74.125.226.226: bytes=32 time=15ms TTL=55



Ping statistics for 74.125.226.226:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 18ms, Average = 16ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=154ms TTL=49

Reply from 98.139.183.24: bytes=32 time=40ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 154ms, Average = 97ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a a0 90 09 3c ...... Intel® 82562V-2 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.19 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.19 192.168.0.19 30
192.168.0.19 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.0.255 255.255.255.255 192.168.0.19 192.168.0.19 30
224.0.0.0 240.0.0.0 192.168.0.19 192.168.0.19 30
255.255.255.255 255.255.255.255 192.168.0.19 192.168.0.19 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/12/2012 02:28:21 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 12.0":
ExcelHelper::SetCustomPropertyString - Cannot add variable to excel : QBSUBSTORAGE

Error: (07/12/2012 02:28:21 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 12.0":
ExcelHelper::WriteExcelVariable Com Error#: 800a03ec

Error: (07/12/2012 01:40:20 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 12.0":
Got unexpected error 5 in call to NetShareGetInfo for path \\Server1\shared data\Qbdata\New Folder\SMARTEK USA INC.QBW

Error: (07/12/2012 01:40:05 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 12.0":
Got unexpected error 5 in call to NetShareGetInfo for path \\Server1\shared data\Qbdata\New Folder\SMARTEK USA INC.QBW

Error: (07/12/2012 01:38:53 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 12.0":
Got unexpected error 5 in call to NetShareGetInfo for path \\Server1\shared data\Qbdata\New Folder\SMARTEK USA INC.QBW

Error: (07/12/2012 01:33:59 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/12/2012 01:33:59 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/12/2012 01:33:59 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/12/2012 00:01:04 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (07/12/2012 11:30:11 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Manufacturing and Wholesale 12.0":
ExcelHelper::SetCustomPropertyString - Cannot add variable to excel : QBSUBSTORAGE


System errors:
=============
Error: (07/12/2012 03:19:30 PM) (Source: Print) (User: GELB)
Description: The document Test Page owned by Smartek failed to print on printer Brother MFC-8660DN Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 125096. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\GELB. Win32 error code returned by the print processor: Test Page0. Test Page1

Error: (07/12/2012 11:56:27 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/12/2012 09:14:05 AM) (Source: System Error) (User: )
Description: Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3 00000000, parameter4 804fa292.

Error: (07/11/2012 03:40:31 PM) (Source: System Error) (User: )
Description: Error code 1000000a, parameter1 00000016, parameter2 0000001c, parameter3 00000000, parameter4 804fa292.

Error: (07/11/2012 01:20:51 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverMOISHEARONNetBT_Tcpip_{FBB2098D-4E91-4A4

Error: (07/11/2012 09:13:42 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (07/11/2012 09:13:42 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Error: (07/11/2012 09:13:42 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (07/11/2012 09:13:42 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Error: (07/11/2012 09:13:42 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (06/13/2012 01:25:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7239 seconds with 720 seconds of active time. This session ended with a crash.

Error: (06/06/2012 04:04:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24044 seconds with 6420 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe Acrobat 6.0 Standard (Version: 006.000.000)
Adobe AIR (Version: 3.0.0.4080)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
All Orders by NumberCruncher (Version: 6.1.0.38)
Blue Coat K9 Web Protection (Version: 4.3.188)
Brother MFL-Pro Suite (Version: 1.00.000)
Browse For Change
CCleaner (Version: 3.19)
Chinese Simplified Fonts Support For Adobe Reader X (Version: 10.0.0)
Cobian Backup 11 Gravity
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell Driver Reset Tool (Version: 1.02.0000)
Dropbox (Version: 1.4.7)
Free File Viewer 2011
Google Chrome (Version: 20.0.1132.57)
Google Talk (remove only)
Google Talk Plugin (Version: 3.1.4.8140)
Google Toolbar for Firefox (Version: 3.0.20070525)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.8.0 (Version: )
InterActual Player
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
join.me (Version: 1.3.1.431)
Madison Merchant Program (Version: 6.0.789.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
McAfee Security Scan Plus (Version: 3.0.207.4)
McAfee SiteAdvisor (Version: 3.4.195)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.1704)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (ACT7) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Express Edition (UPSBAT) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
MyVisionX (Version: 2.35.1.4 - WHQL)
Nitro Reader 2 (Version: 2.3.1.7)
OKI LPR Utility
PaperPort (Version: 9.02.0827)
PowerDVD (Version: 7.0)
Profit Stars RDC - Vision X ALT (Version: 1.00.0000)
QualxServ Service Agreement (Version: 1.11.0000)
QuickBooks (Version: 22.0.4009.2206)
QuickBooks Enterprise Solutions: Mfg and Whsle Edition 12.0 (Version: 22.0.4009.2206)
QuickBooks Pro Edition 2003
RealPlayer
Realtek High Definition Audio Driver
Sandboxie 3.68 (32-bit) (Version: 3.68)
Searchqu Toolbar (Version: 3.0.0.122375)
Segoe UI (Version: 14.0.4327.805)
SmartSource
SupportSoft Assisted Service (Version: 15)
swMSM (Version: 12.0.0.1)
TeamViewer 6 (Version: 6.0.10511)
TellerScan Driver v2.1 Certified (Version: 2.10.0000)
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Digital Check Corporation (TSUSB2) USB (01/08/2007 1.10.0000) (Version: 01/08/2007 1.10.0000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinDriver6 USB Driver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini051112-01.dmp
C:\WINDOWS\Minidump\Mini051412-01.dmp
C:\WINDOWS\Minidump\Mini051412-02.dmp
C:\WINDOWS\Minidump\Mini051512-01.dmp
C:\WINDOWS\Minidump\Mini051812-01.dmp
C:\WINDOWS\Minidump\Mini052512-01.dmp
C:\WINDOWS\Minidump\Mini060712-01.dmp
C:\WINDOWS\Minidump\Mini061212-01.dmp
C:\WINDOWS\Minidump\Mini061812-01.dmp
C:\WINDOWS\Minidump\Mini071112-01.dmp
C:\WINDOWS\Minidump\Mini071112-02.dmp

**** End of log ****

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 13 July 2012 - 01:04 PM

Error: (07/12/2012 09:14:05 AM) (Source: System Error) (User: )
Description: Error code 1000000a,


The error code 1000000a is normally associated with a bad driver or some hardware problem.

Let see if we can identify a bad driver.

Disable Automatic Restart on System Failure - Windows XP
http://pcsupport.about.com/od/tipstricks/ht/disautorestart.htm
Follow the instructions .

When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

Posted Image

A file name might be listed too. Please report this in your next post.

#10 Tritzim

Tritzim
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 13 July 2012 - 01:34 PM

I don't know when I'll get the error message (BSOD) again.
now is the first time that I wait it should happen...

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 13 July 2012 - 01:37 PM

What are the present issues with this computer?

#12 Tritzim

Tritzim
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 13 July 2012 - 02:29 PM

The main issue is the BSOD, but this happens sometimes twice a day, and sometimes once in 2 weeks.

Here you can see the list of the Dumps which represent the BSOD.

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini051112-01.dmp
C:\WINDOWS\Minidump\Mini051412-01.dmp
C:\WINDOWS\Minidump\Mini051412-02.dmp
C:\WINDOWS\Minidump\Mini051512-01.dmp
C:\WINDOWS\Minidump\Mini051812-01.dmp
C:\WINDOWS\Minidump\Mini052512-01.dmp
C:\WINDOWS\Minidump\Mini060712-01.dmp
C:\WINDOWS\Minidump\Mini061212-01.dmp
C:\WINDOWS\Minidump\Mini061812-01.dmp
C:\WINDOWS\Minidump\Mini071112-01.dmp
C:\WINDOWS\Minidump\Mini071112-02.dmp

**** End of log ****


And the other problem is that it works very slow. The computer starts quick, but any program or task that I want to run, it freeze at beginning and in middle.
They are probably related, because as far I remember the BSOD happens always when the computer is heavy in use.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 14 July 2012 - 08:04 AM

If the BSOD happen 2 a day then you should be able to find out which file is causing this.

Execute the instructions from my post No. 9

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:47 PM

Posted 14 July 2012 - 08:05 AM

If the BSOD happen 2 a day then you should be able to find out which file is causing this.

Execute the instructions from my post No. 9

#15 Tritzim

Tritzim
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 14 July 2012 - 10:36 PM

But it may not happen for another week or 2.

What's post no. 9 ? I don't see any no. for the posts.
Do you mean what you wrote on friday 2:04 PM?

So we will have to wait till next time the computer BSODs, right?
I'm wondering if you Can find in the minidump file the info that's showing in the error message.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users