Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen after Virus Clear/System Restore


  • Please log in to reply
26 replies to this topic

#1 median

median

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 December 2013 - 07:02 PM

Lenovo Laptop
Windows 7 64 Bit - SP1 

Intel Core i5 

8 Gig Ram 

 

This machine produces the blue screen of death after each restart, approximately 3-5 minutes after running. I did a system restore after viruses were found - used Superantispyware, Malware Bytes, and Avast. Machine is only 3 months old. All viruses seemed to be gone but system restore did not stop blue screen. Can someone help? I would like to post a dump file but am using a different machine right now due to blue screen. 

 

Thank you

 

EDIT: Here is a link to the last minidump files. I have several of them though if needed. I've included here the last three. 

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff900c01ff0b0, the pool entry being checked.
Arg3: 0000000000000000, the read back flink freelist value (should be the same as 2).
Arg4: fffff900c01ff0b0, the read back blink freelist value (should be the same as 2).

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

BUGCHECK_STR: 0x19_3

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

PROCESS_NAME: firefox.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800031f3b73 to fffff800030c0bc0

STACK_TEXT:
fffff880`0aec0698 fffff800`031f3b73 : 00000000`00000019 00000000`00000003 fffff900`c01ff0b0 00000000`00000000 : nt!KeBugCheckEx
fffff880`0aec06a0 fffff960`000b9475 : 00000000`00000001 00000000`00000000 00000000`64667454 fffff880`00000000 : nt!ExDeferredFreePool+0x118b
fffff880`0aec0750 fffff960`00106ae7 : 00000000`00000001 00000000`734b2450 fffffa80`0bcc3f90 00000000`00000001 : win32k!EngFreeMem+0x21
fffff880`0aec0780 fffff960`002f6e1a : fffffa80`0bcc3f90 fffffa80`0bcc3f90 fffff880`0aec08a0 fffff880`0aec0a18 : win32k!PFEOBJ::vFreepfdg+0x97
fffff880`0aec07b0 fffff960`001194cf : fffff900`c00c0010 00000000`00000000 fffff900`c008a010 fffff960`0011ce54 : win32k!RFONTOBJ::vDeleteRFONT+0x2ea
fffff880`0aec0820 fffff960`00118f03 : fffff900`c1a7f2d0 fffff880`0aec08c0 fffff900`c1a7f2d0 00000000`00000000 : win32k!RFONTOBJ::bMakeInactiveHelper+0x427
fffff880`0aec08a0 fffff960`001681ad : fffff880`0aec0a20 fffff880`0aec0a20 00000000`00000000 00000000`00000001 : win32k!RFONTOBJ::vMakeInactive+0xa3
fffff880`0aec0940 fffff960`00168414 : fffff880`0aec0a20 fffff900`c210a370 00000000`00000000 fffff900`c1a6b650 : win32k!XDCOBJ::bCleanDC+0x36d
fffff880`0aec0a00 fffff960`001613d7 : fffff900`c210a370 fffff900`c0581e90 00000000`734b2450 00000000`0013e6c0 : win32k!GreCleanDC+0x34
fffff880`0aec0a40 fffff960`001612c7 : 00000000`3e010cde fffff880`0aec0b60 00000000`fffdb000 00000000`00000000 : win32k!ReleaseCacheDC+0xfb
fffff880`0aec0a80 fffff960`00175fba : 00000000`00000000 fffff880`00000041 00000000`00000000 00000000`00000000 : win32k!ReleaseDC+0xb
fffff880`0aec0ab0 fffff800`030bfe53 : fffffa80`06a12b50 fffff880`0aec0b60 00000000`000204e0 00000000`13eaee20 : win32k!NtUserCallOneParam+0x4e
fffff880`0aec0ae0 00000000`734ffdfa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0013dd58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x734ffdfa


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+118b
fffff800`031f3b73 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExDeferredFreePool+118b

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+118b

BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+118b

Followup: Pool_corruption

 

http://www.mediafire.com/download/bfp8mxhydhg46m1/121813-15756-01.dmp
http://www.mediafire.com/download/pc4w30dqx35uxpx/121813-15288-01.dmp
http://www.mediafire.com/download/xean2f6c7ih77r2/121813-15210-01.dmp


Edited by median, 18 December 2013 - 07:31 PM.

"There is no way to happiness. Happiness is the way." Buddha


BC AdBot (Login to Remove)

 


#2 median

median
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 December 2013 - 07:15 PM

Why isn't this post showing up under "My Content"? I also cannot attach the dump file. 


"There is no way to happiness. Happiness is the way." Buddha


#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:49 AM

Posted 18 December 2013 - 07:28 PM

We need to know more about your BSODs...

Download BlueScreenView (in Zip file)

No installation required.

Unzip downloaded file and double click on BlueScreenView.exe file to run the program and When scanning is done, go to Edit > Select All.

Then go to File > Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Compliments of Broni

#4 median

median
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 December 2013 - 07:38 PM

I will try but the problem is the laptop keeps crashing with blue screen. I am not on it right now. I'm using a different machine to post this b/c the machine doesn't run for long before crashing. Each time I try to use the internet with it, it crashes. 


"There is no way to happiness. Happiness is the way." Buddha


#5 median

median
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 December 2013 - 07:42 PM

==================================================
Dump File         : 121813-17316-01.dmp
Crash Time        : 12/18/2013 4:35:12 PM
Bug Check String  : BAD_POOL_HEADER
Bug Check Code    : 0x00000019
Parameter 1       : 00000000`00000020
Parameter 2       : fffff900`c23a2000
Parameter 3       : fffff900`c23a2840
Parameter 4       : 00000000`25840000
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+19475
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121813-17316-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 281,880
Dump File Time    : 12/18/2013 4:36:23 PM
==================================================

==================================================
Dump File         : 121813-15756-01.dmp
Crash Time        : 12/18/2013 4:20:47 PM
Bug Check String  : BAD_POOL_HEADER
Bug Check Code    : 0x00000019
Parameter 1       : 00000000`00000003
Parameter 2       : fffff900`c01ff0b0
Parameter 3       : 00000000`00000000
Parameter 4       : fffff900`c01ff0b0
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+19475
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121813-15756-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 281,880
Dump File Time    : 12/18/2013 4:21:35 PM
==================================================

==================================================
Dump File         : 121813-15288-01.dmp
Crash Time        : 12/18/2013 4:12:55 PM
Bug Check String  : BAD_POOL_HEADER
Bug Check Code    : 0x00000019
Parameter 1       : 00000000`00000003
Parameter 2       : fffff900`c1a790b0
Parameter 3       : 00000000`00000000
Parameter 4       : fffff900`c1a790b0
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+19475
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121813-15288-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 281,824
Dump File Time    : 12/18/2013 4:14:00 PM
==================================================

==================================================
Dump File         : 121813-15210-01.dmp
Crash Time        : 12/18/2013 4:08:02 PM
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff960`001281d3
Parameter 3       : fffff880`0a611d30
Parameter 4       : 00000000`00000000
Caused By Driver  : igdkmd64.sys
Caused By Address : igdkmd64.sys+4dfdc
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121813-15210-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 281,824
Dump File Time    : 12/18/2013 4:08:40 PM
==================================================

==================================================
Dump File         : 121813-14055-01.dmp
Crash Time        : 12/18/2013 3:56:54 PM
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff960`000794ac
Parameter 3       : fffff880`0293bcd0
Parameter 4       : 00000000`00000000
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+194ac
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121813-14055-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 281,824
Dump File Time    : 12/18/2013 3:57:31 PM
==================================================

==================================================
Dump File         : 121813-12667-01.dmp
Crash Time        : 12/18/2013 3:53:16 PM
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff960`000a94ac
Parameter 3       : fffff880`0a9d2cd0
Parameter 4       : 00000000`00000000
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+194ac
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121813-12667-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 281,824
Dump File Time    : 12/18/2013 3:53:48 PM
==================================================

==================================================
Dump File         : 121713-12448-01.dmp
Crash Time        : 12/17/2013 12:27:32 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff900`c1a8d000
Parameter 2       : 00000000`00000001
Parameter 3       : fffff960`000e2384
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121713-12448-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 281,896
Dump File Time    : 12/17/2013 12:28:46 PM
==================================================

==================================================
Dump File         : 121713-13462-01.dmp
Crash Time        : 12/17/2013 12:23:53 PM
Bug Check String  : BAD_POOL_HEADER
Bug Check Code    : 0x00000019
Parameter 1       : 00000000`00000020
Parameter 2       : fffff900`c216f000
Parameter 3       : fffff900`c216f840
Parameter 4       : 00000000`25840000
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+19475
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121713-13462-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 281,824
Dump File Time    : 12/17/2013 12:24:56 PM
==================================================

==================================================
Dump File         : 121713-15740-01.dmp
Crash Time        : 12/17/2013 12:10:23 PM
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff960`000c94ac
Parameter 3       : fffff880`09495cd0
Parameter 4       : 00000000`00000000
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+194ac
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121713-15740-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 281,824
Dump File Time    : 12/17/2013 12:11:34 PM
==================================================

==================================================
Dump File         : 101913-15553-01.dmp
Crash Time        : 10/19/2013 5:39:48 AM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x1000009f
Parameter 1       : 00000000`00000004
Parameter 2       : 00000000`00000258
Parameter 3       : fffffa80`066f9b50
Parameter 4       : fffff800`00b9c3d0
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+78a7a
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+78a7a
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\101913-15553-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 863,680
Dump File Time    : 10/19/2013 5:40:58 AM
==================================================

==================================================
Dump File         : 101413-18064-01.dmp
Crash Time        : 10/14/2013 1:17:05 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`07179a10
Parameter 3       : fffff800`04806748
Parameter 4       : fffffa80`09c0f540
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c00
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75c00
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\101413-18064-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 1,258,656
Dump File Time    : 10/14/2013 1:25:17 PM
==================================================


"There is no way to happiness. Happiness is the way." Buddha


#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:49 AM

Posted 18 December 2013 - 07:45 PM

Please perform the following, so that we can get the exact specs of your computer. This will better assist us in helping you more.

Publish a Snapshot using Speccy

The below is for those who cannot get online

Please take caution when attaching a text file to your post if you cannot copy/paste the link to your post, you will need to edit it to make sure that your Windows Key is not present.

#7 median

median
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 December 2013 - 07:51 PM

http://speccy.piriform.com/results/gxMLKzY1GJ8EPKajHtZLhIa

Is this it? 


Edited by median, 18 December 2013 - 07:55 PM.

"There is no way to happiness. Happiness is the way." Buddha


#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:49 AM

Posted 18 December 2013 - 07:55 PM

Do you recall what viruses were detected, because a system restore via restore points and cause a reinfection.

Can you scan with Mbam again?

#9 median

median
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 December 2013 - 07:56 PM

Sure, give me a few mins. 

 

EDIT: Should I do a full scan or just quick scan?


Edited by median, 18 December 2013 - 07:59 PM.

"There is no way to happiness. Happiness is the way." Buddha


#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:49 AM

Posted 18 December 2013 - 08:07 PM

full scan

#11 median

median
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 December 2013 - 08:55 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Kathy :: KATHY-THINK [administrator]

12/18/2013 4:58:48 PM
mbam-log-2013-12-18 (16-58-48).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 348933
Time elapsed: 29 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\ProgramData\Nitro\Pro\8.0\lang\sv\NPForms.dll (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DANRL4E\Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DANRL4E\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MNDHGJQ\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T2UF71PZ\Setup[1].exe (PUP.Optional.AirInstaller) -> Delete on reboot.
C:\Users\Kathy\AppData\Local\Temp\sp_downloader.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kathy\Downloads\adobe flash player ie setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.

(end)


"There is no way to happiness. Happiness is the way." Buddha


#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:49 AM

Posted 18 December 2013 - 08:58 PM

Please download TDSSKiller exe version to your desktop.
Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.

Click on Change Parameters and click Detect TDLFS File System.
    Click the Start Scan button.
    Do not use the computer during the scan
    If the scan completes with nothing found, click Close to exit.
    If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    A TDSSKiller text file would be saved in Local Disk C.
    Copy and paste the contents of that file in your next reply.


ADW Cleaner


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#13 median

median
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 December 2013 - 09:10 PM

# AdwCleaner v3.015 - Report created 18/12/2013 at 18:07:47
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Kathy - KATHY-THINK
# Running from : C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DANRL4E\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Kathy\AppData\Local\Temp\AirInstaller

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\WEDLMNGR

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v

[ File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\ytlxhnso.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1084 octets] - [18/12/2013 18:07:21]
AdwCleaner[S0].txt - [970 octets] - [18/12/2013 18:07:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1029 octets] ##########

 

 

 

-----------------------------

 

TDSSKiller had nothing. Scanning with the others now. 


Edited by median, 18 December 2013 - 09:13 PM.

"There is no way to happiness. Happiness is the way." Buddha


#14 median

median
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 December 2013 - 09:17 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Kathy on Wed 12/18/2013 at 18:12:13.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/18/2013 at 18:16:16.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"There is no way to happiness. Happiness is the way." Buddha


#15 median

median
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 18 December 2013 - 09:19 PM

Farbar Service Scanner Version: 05-12-2013
Ran by Kathy (administrator) on 18-12-2013 at 18:18:37
Running from "C:\Users\Kathy\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


"There is no way to happiness. Happiness is the way." Buddha





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users