Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP and Blue Screen


  • Please log in to reply
9 replies to this topic

#1 101AB

101AB

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 09 November 2012 - 06:15 AM

I have been having a slow running pc once again and decidedto run Malwarebytes Anti Malware on my “C” drive and Backup Drive.

It came up with 5 or 6 threats, only three were checked andso I clicked on remove threats and ran it once again. This time it came up with4 threats, I clicked on all 4 threats to remove them.

I then downloaded SuperAntiSpyware and ran it on bothdrives, it came up with a Detected List of 24 Tracking Cookies, no threats.

Should I delete all in the Malwarebytes Quarantine List?

Is there anything else recommended to run, scan, submit for screeningbefore assuming all is well?

It seems to me that I was just on Bleeping Computers forissues with this PUP thing not so long ago (I guess it was Sept 30, accordingto the Quarantine List, right)



And oh yeah, for the past 3-4 days at least once a day Ihave been getting a shutdown with the lovely blue screen and full screen doomsday message.

I am attaching a camera shot of that baby.



Thanks



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:01 PM

Posted 11 November 2012 - 11:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets make sure you are clean.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

I cannot see the screen shot of your BSOD that you said was attached to your first post.
Try again or post the exact error message as well as any filenames that may be listed on the BSOD screen.

#3 101AB

101AB
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 12 November 2012 - 09:15 AM

FYI, System Restore and Safe Mode have not been functional for a very long time, I have been keeping my fingers crossed that they are not needed, also Service Pack 3 will not install for some time now.
Here are the scans that you have requested, the screen shot file is to large and will not upload, I have typed the technical info at the bottom of the BSOD, if you need me to type the whole message let met know.
Thanks, I appreciate you efforts.

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Owner at 8:50:52 on 2012-11-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.796 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Documents and Settings\All Users\Application Data\OfficeGuardian\reminder\SacReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://start.drp.su/
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [SacReminder] c:\documents and settings\all users\application data\officeguardian\reminder\SacReminder.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\scream~1\history.lnk - c:\documents and settings\owner\local settings\application data\screamer radio\docs\history.txt
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\scream~1\license.lnk - c:\documents and settings\owner\local settings\application data\screamer radio\docs\license.txt
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\scream~1\scream~1.lnk - c:\documents and settings\owner\local settings\application data\screamer radio\screamer.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\scream~1\uninst~1.lnk - c:\documents and settings\owner\local settings\application data\screamer radio\uninst.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\scream~1\website.lnk - c:\documents and settings\owner\local settings\application data\screamer radio\docs\Screamer Radio.url
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341249700015
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344999149890
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FA2DB228-7C99-4B6B-A0C8-0EA49FB1D182} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\w5nbahxc.default-1344970996921\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\kaspersky lab\kaspersky password manager\npKPMAutofill.dll
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-10-09 12:53; {3e0e7d2a-070f-4a47-b019-91fe5385ba79}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\w5nbahxc.default-1344970996921\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - ExtSQL: 2012-10-18 07:02; amznUWL2@amazon.com; c:\documents and settings\owner\application data\mozilla\firefox\profiles\w5nbahxc.default-1344970996921\extensions\amznUWL2@amazon.com.xpi
FF - ExtSQL: 2012-11-02 17:07; KavAntiBanner@Kaspersky.ru; c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\KavAntiBanner@Kaspersky.ru
FF - ExtSQL: 2012-11-02 17:07; linkfilter@kaspersky.ru; c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\linkfilter@kaspersky.ru
FF - ExtSQL: 2012-11-02 17:07; virtualKeyboard@kaspersky.ru; c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\virtualKeyboard@kaspersky.ru
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-11-2 565552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 206448]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-7-4 12184]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-09 01:53:42 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-11-09 01:53:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-09 01:53:11 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-11-02 20:51:27 98168 ----a-w- c:\windows\system32\drivers\klick.dat
2012-11-02 20:51:27 116189 ----a-w- c:\windows\system32\drivers\klin.dat
2012-11-02 20:51:22 110992 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-11-02 20:51:18 147856 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-11-02 20:49:30 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-11-02 20:17:25 -------- d-----w- c:\program files\Kaspersky Lab
2012-10-27 01:15:56 -------- d-----w- c:\program files\System Explorer
2012-10-24 16:00:26 -------- d-----w- c:\documents and settings\owner\local settings\application data\Deployment
2012-10-23 00:05:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-23 00:05:20 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-16 04:16:20 -------- d-----w- c:\documents and settings\owner\application data\addpcs
.
==================== Find3M ====================
.
2012-10-23 00:04:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-23 00:04:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 19:04:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 19:04:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 13:48:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 8:51:30.90 ===============

# AdwCleaner v2.007 - Logfile created 11/12/2012 at 08:58:55
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-X89PXNMMN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Savings Sidekick

***** [Registry] *****

Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\bProtector
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lz2uuot8.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "appbario8 Customized Web Search");
Found : user_pref("browser.search.order.1", "appbario8 Customized Web Search");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227980&SearchSource=2&q=[...]

Profile name : default-1344970996921 [Profil par défaut]
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w5nbahxc.default-1344970996921\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2474 octets] - [12/11/2012 08:19:41]
AdwCleaner[R2].txt - [2404 octets] - [12/11/2012 08:58:55]

########## EOF - C:\AdwCleaner[R2].txt - [2464 octets] ##########

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI (2.0.0.3001)
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
Kaspersky Lab Kaspersky Password Manager stpass.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

BSOD Technical Information


*** STOP: 0x0000008E (0x0000005,0xBF905D01, 0xAD13E9E8, 0x00000000)

*** ain32k.sys - Address BF905D01 , base at BF800000, DateStamp 4ff2f633

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or tech support group for further assistance



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:01 PM

Posted 12 November 2012 - 11:34 AM

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

===

I need to find out more about this file ain32k.sys causing the BSod


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    ain32k.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#5 101AB

101AB
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 13 November 2012 - 08:12 AM

# AdwCleaner v2.007 - Logfile created 11/13/2012 at 07:45:30
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-X89PXNMMN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner(2).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lz2uuot8.default\extensions\staged
Folder Found : C:\Program Files\Savings Sidekick

***** [Registry] *****

Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\bProtector
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lz2uuot8.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "appbario8 Customized Web Search");
Found : user_pref("browser.search.order.1", "appbario8 Customized Web Search");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227980&SearchSource=2&q=[...]

Profile name : default-1344970996921 [Profil par défaut]
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w5nbahxc.default-1344970996921\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2474 octets] - [12/11/2012 08:19:41]
AdwCleaner[R2].txt - [2533 octets] - [12/11/2012 08:58:55]
AdwCleaner[R3].txt - [2589 octets] - [13/11/2012 07:45:30]

########## EOF - C:\AdwCleaner[R3].txt - [2649 octets] ##########


I am unable to run SystemLook.exe, when I download it from either link I get a blank box and when I click on Look their is a System-Look error box that appears that states "Script Required"
I made a screen shot but received this "Error This file was too big to upload" which seems to be the case whenever I attemppt to upload any screenshots.
Thanks

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:01 PM

Posted 13 November 2012 - 09:33 AM

GOOD NEWS!!

I have been working with NASDAQ a bleeping computer forum addict on a PUP and Blue Screen issue as well.

Among many things he asked me this morning to run AdwCleaner and to delete everthing that was found.

After running AdwCleaner I opened up the default Fire Fox profile and there was that old familiar box asking me if it could install KPM into FireFox, of course I checked allow and restarted FireFox and well wouldn't you know it, thare was that familiar green key in the upper right corner of the page , yesssssssssss!

This was an amazing problem that once again is solved by a BC forum Addict (unintentionally in this case but non the less - DONE!!


Are you saying here that the KPM was removed by AdwCleaner?

Is your problem solved?

#7 101AB

101AB
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 13 November 2012 - 12:56 PM

KPM IS NOW WORKING IN FIREFOX 16, it was another issue that I had in another BC Forum apart from the BLUE SCREEN problem that you were helping me with.
After running and deleteing what ever AdwCleaner found fixed that problem.
Also the computer is much faster now.
The only other major problem is that i cannot install SERVICE PACK 3
Thanks

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:01 PM

Posted 13 November 2012 - 01:39 PM

The only other major problem is that i cannot install SERVICE PACK 3


Have you tried recently?

What error message do you get if any?

#9 101AB

101AB
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 13 November 2012 - 07:13 PM

Actually I meant to say that I cannot install OFFICE SERVICE PACK 3

The Error Message I get each time it tries to install this update is:

The folowing updates were not installed,

Office 2003 Service pack 3 (SP3)

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:01 PM

Posted 14 November 2012 - 09:54 AM

Can these articles help?

How to obtain the latest service pack for Office 2003
http://support.microsoft.com/kb/870924

You cannot install an Office 2003 service pack
http://support.microsoft.com/kb/884298




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users