Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Puzzled looking for computer issue sloution


  • This topic is locked This topic is locked
25 replies to this topic

#1 THER@PIST

THER@PIST

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 13 October 2012 - 06:49 AM

i cant determine what is the issue with my computer but its just not right, recently ive been having a lot of crashes from NTFS 36 in the last 7 days apparently logs report, also HPTTEvent has been crashing alot in last few days,

and not to long ago when scanning with GMER for rootkits my computer blue screened also i accessed eventvwr to view recent errors(gmer was scanning still), NTFS had 7 in last hour but computer did not crash UNTIL i had viewed this so confused >.<

was able to complete a gmer scan finally (safe mode everything enabled only worked that way)

hope some one can help me i can already tell though i know the answer will be format HDD and re install windows >.< but that's okay.


thanks

Attached Files


Edited by THER@PIST, 14 October 2012 - 02:11 AM.


BC AdBot (Login to Remove)

 


#2 THER@PIST

THER@PIST
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 14 October 2012 - 02:16 AM

still crashing, computer sometimes im not sure whats cuaseing it, usually doesn't happen in 5min on start up but mabye 4-6h or less also locks up, then 1 beep, and then im completely locked out only thing i can do is turn it off

any advice or knowledge will be helpful because im basically at the ends of mine

Edited by THER@PIST, 14 October 2012 - 02:17 AM.


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:59 PM

Posted 14 October 2012 - 02:26 PM

we can check for malware, but the event log in the Attach.txt is not encouraging:

13/10/2012 9:59:12 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy3.


Your HDD may be failing, but let's check for infection first:


Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 THER@PIST

THER@PIST
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 14 October 2012 - 06:00 PM

done the above (usb option)

here is the log requested

Attached Files

  • Attached File  FRST.txt   48.52KB   3 downloads


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:59 PM

Posted 14 October 2012 - 06:33 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 THER@PIST

THER@PIST
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 15 October 2012 - 03:21 AM

here is combofix

Attached Files


Edited by THER@PIST, 15 October 2012 - 03:22 AM.


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:59 PM

Posted 15 October 2012 - 10:53 AM

it doesn't appear as if the log completed as the bottom appears to be cut off, was there an issue running it?

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 THER@PIST

THER@PIST
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 15 October 2012 - 05:55 PM

oh it didn't hmmm weird said it completed i can re run the combofix if u would like

TDSSKiller displayed 1 threat type: locked file
3 options skip delete quarantinei did skip if that was the correct move based off what u said in the steps?

Attached Files


Edited by THER@PIST, 15 October 2012 - 06:15 PM.


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:59 PM

Posted 15 October 2012 - 07:03 PM

that's fine for now, skip was the correct option

How is the computer running now? Are there any outstanding issues?

Please do the following:

Please open Malwarebytes Antimalware
  • Select the Update tab and update to the latest definitions
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT

Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 THER@PIST

THER@PIST
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 15 October 2012 - 07:41 PM

thought u woulda asked for full scan over quick with malwarebytes but alright

Unavaiable tomorrow thought i'd leave a note wont be available till 6h ago of last edited time

Attached Files


Edited by THER@PIST, 16 October 2012 - 07:59 AM.


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:59 PM

Posted 16 October 2012 - 09:14 AM

thought u woulda asked for full scan over quick with malwarebytes but alright

no need for a full scan, MBAM is designed by it's developer to find all it needs to with a quick scan. If you are interested, here is an interview with the developer, he is a very cool individual:
http://www.reddit.com/r/IAmA/comments/119cyf/iam_marcin_kleczynski_founder_and_ceo_of/

Q. Quick scan vs Full scan: When do you really need to do a full scan?
A. Never, seriously. We've designed the quick scan to detect everything. The full scan is there for people who won't believe us.



NEXT


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files\Yuna Software\Messenger Plus!\Settings\Settings.exe	
C:\Program1\EA GAMES\Command & Conquer Generals\Zero Hour\generals.exe	
C:\Users\Nath\AppData\Roaming\F92E961EE3C7D29EE48611231D22ADE3\enemies-names.txt	
C:\Users\Nath\AppData\Roaming\F92E961EE3C7D29EE48611231D22ADE3\local.ini	
C:\Users\Nath\Desktop\games\RA2v1006crk.zip	
C:\Users\Nath\Downloads\Advanced_SystemCare_Pro_5.0.0.150_Final_Incl_Serial_[ThumperDC]_secure.exe	

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 THER@PIST

THER@PIST
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 17 October 2012 - 02:16 AM

heres the log the computer has really been functioning up and down e.g. good and bad randomly, cant usually find a reason sometimes svchost.exe services PID 1252, consumes excessive memory sometimes up to 512mb what system Process needs 512mb of ram or more to run

also computer hasten been crashing so much no more blue screens so far
but im not confident the NTFs error is resolved if it can be anyways, the HDD is a good 3-4 years old should be still kicking good tho

only 37 ntfs errors last 7 days nothing in 24h or last hour last entry on date is 14/10/2012 12:36 AM The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy3.
1 day after the one you quoted but none since that date

Attached Files


Edited by THER@PIST, 17 October 2012 - 02:16 AM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:59 PM

Posted 17 October 2012 - 06:24 AM

Please run the following, then let me know if there is any change in the computer's behaviour


Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Posted Image

Once that is done then go to step 3 and allow it to run SFC

Posted Image

On the the Start Repairs tab => Click the Start

Posted Image

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 THER@PIST

THER@PIST
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 18 October 2012 - 05:39 PM

after doing the repair the computer still continues to lock up always ALWAYS when im browsing the web, yes HTTP event has been crashing still i use google chrome has never done this ever before the last 2 weeks it has been, thb i thought it might of been the ntfs stuff causing more errors down the line but was no ntfs crashes at all ...

all certifiable fail at exactly the same time when ever it crashes

An error occurred while using SSL configuration for socket address 192.168.1.67:50000. The error status code is contained within the returned data.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:59 PM

Posted 18 October 2012 - 06:07 PM

let's try removing the problem security certificate:

In I.E.

Open Internet Explorer.

Click on "Tools" then scroll down and click on "Internet Options."
Click on the Content Tab > click the "certificates" button, then click the arrow at the top of the tab window till you see "Untrusted Publishers." Then click on the certificate that is causing the error.
Next, click "Remove" to delete that certificate.
Click "Close" and then "OK" once you are done deleting problem security certificates.
Exit Internet Explorer to reset the browser.


then
Click "Tools" > then click "Internet Options."
Click the "Contents" tab and then click "Clear SSL State" button.
Click "OK" to close the window.


In FireFox

Click Tools > Options > Advanced > View Certificates > Select the certificate in question & hit Delete

then

Click Tools -> Clear Recent History > then select "Active Logins" and click "Clear Now"


Then clear your browser history and cookies and try browsing again

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users