Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows related errors


  • This topic is locked This topic is locked
8 replies to this topic

#1 Milway

Milway

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 30 March 2014 - 01:19 PM

Hi,

 

I have been redirected to this forum from the malware forum.

 

My system seems to be running lately with problems, one of your fellow at bleepingcomputer ask me to run some windows fix program and since then I have a lot of problems with the computer. 

 

Last night I was getting a lot of console windows host problems, which was fire up my CPU usage to 100%  and when this happened the screen brightness was set to 100% for a couple seconds (I could see that on the windows task manager) before the CPU and screen came back to normal.  

 

Yesterday another guy (oneof4) at the malware forum asked me to run these two programs "screen317" and "Farbar Recovery Scan Tool" to check my system for malware, but the system seems to be clean. On the logs came with some Windows related errors and as I mention above he asked me to post a new topic in this forum.

 

I am also running with another issue every time I do a clean installation the machine doesn't seem to take my dvd with the windows operating system on it (the dvd came with the computer), I have to try one and over again until it the operating system kicks in. Even though I manage to do a clean installation and install the windows operating system on the computer, it doesn't seem to fix the problems, with the computer or network.

 

So I am a bit lost here

 

I am going to post the three logs, taking from my other topic in the malware forum,   

 

Any help will be appreciate

 

Thanks

 

LOGS

 

Checkup

 

 Results of screen317's Security Check version 0.99.81  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Free Internet Window Washer  
 TuneUp Utilities    
 TuneUp Utilities Language Pack (es-ES) 
 Adobe Flash Player 12.0.0.77  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log``````````````````````

Edited by Milway, 30 March 2014 - 01:29 PM.


BC AdBot (Login to Remove)

 


#2 Milway

Milway
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 30 March 2014 - 01:25 PM

Mod Edit:  Deleted log data from MRL, not used in this forum - Hamluis.


Edited by hamluis, 30 March 2014 - 01:36 PM.
Deleted, not allowed - Hamluis.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:46 PM

Posted 30 March 2014 - 01:37 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:46 PM

Posted 30 March 2014 - 01:49 PM

Please download and install Speccy to provide us with information about your computer.  When  FileHippo opens, click on Download latest version in the upper right pane.
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.
 
 

Please download MiniToolBox  , save it to your desktop and run it.
 
 Checkmark the following checkboxes:
 
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
 Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.
 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 Milway

Milway
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 30 March 2014 - 02:10 PM

Hi Hamluis and dc3,

 

Thanks for taking the time to look after my issue.

 

Link and log, 

 

 

Speccy

 

http://speccy.piriform.com/results/UNUG3tg4Cc08bhyPvj4hxCN

 

___________________________________

 

 

MiniToolBox

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by redsky (administrator) on 30-03-2014 at 20:07:22
Running from "C:\Users\redsky\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/30/2014 04:50:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/30/2014 00:37:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/30/2014 11:27:08 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/30/2014 11:27:08 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/30/2014 11:27:08 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/30/2014 11:27:08 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/30/2014 11:27:07 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/30/2014 11:27:07 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/30/2014 11:27:07 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/30/2014 11:27:07 AM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (03/30/2014 04:52:48 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/30/2014 04:50:25 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!
 
Error: (03/30/2014 03:28:05 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/30/2014 03:27:05 PM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/30/2014 11:27:08 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/30/2014 11:27:08 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
 
Microsoft Office Sessions:
=========================
Error: (03/30/2014 04:50:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/30/2014 00:37:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/30/2014 11:27:08 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/30/2014 11:27:08 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/30/2014 11:27:08 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/30/2014 11:27:08 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (03/30/2014 11:27:07 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (03/30/2014 11:27:07 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/30/2014 11:27:07 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (03/30/2014 11:27:07 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-25 22:37:49.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-25 22:37:49.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-03-22 22:17:30.272
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-22 22:17:30.272
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-22 22:17:30.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-22 22:01:11.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-22 22:01:11.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-22 22:01:11.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
AccelerometerP11 (Version: 2.00.11.22)
Adblock Plus for IE (32-bit and 64-bit) (Version: 1.1)
Adblock Plus for IE (Version: 1.1)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Advanced SystemCare Ultimate 7 (Version: 7.0.1)
BatteryCare 0.9.12.1 (Version: 0.9.12.1)
CCleaner (Version: 4.06)
CyberLink PowerDVD 9.6 (Version: 9.6.1.3522)
Foxit Reader (Version: 5.4.4.1128)
Free Internet Window Washer
Google Chrome (Version: 33.0.1750.154)
Google Update Helper (Version: 1.3.22.5)
Intel PROSet Wireless
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2455)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.2.0.0284)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Intel® PROSet/Wireless WiFi Software (Version: 15.02.0000.1258)
IObit Uninstaller (Version: 3.0.4.1099)
JMicron Flash Media Controller Driver (Version: 1.0.64.1)
McAfee Internet Security (Version: 12.8.934)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office Click-to-Run 2010 (Version: 14.0.6122.5000)
Microsoft Office Home and Student 2010 - English (Version: 14.0.7113.5007)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
NVIDIA Control Panel 285.77 (Version: 285.77)
NVIDIA Graphics Driver 285.77 (Version: 285.77)
NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.48.261)
NVIDIA Optimus 1.5.21 (Version: 1.5.21)
NVIDIA Update Components (Version: 1.5.21)
Quickset64 (Version: 11.0.22)
Realtek Ethernet Controller Driver (Version: 7.48.823.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6263)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0)
Revo Uninstaller 1.95 (Version: 1.95)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.1 (Version: 6.1.130)
Speccy (Version: 1.25)
Spyder3Elite
Surfing Protection (Version: 1.0)
TuneUp Utilities (Version: 9.0.3000.71)
TuneUp Utilities Language Pack (es-ES) (Version: 9.0.3000.71)
WOT for Internet Explorer (Version: 13.9.2.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 35%
Total physical RAM: 8086.17 MB
Available physical RAM: 5207.36 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 12874.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.22 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:435.34 GB) NTFS
3 Drive f: (New Volume) (Fixed) (Total:465.76 GB) (Free:465.62 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\REDSKY-PC
 
Administrator            Guest                    redsky                   
UpdatusUser              
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****
 


#6 Milway

Milway
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 30 March 2014 - 05:24 PM

Hi Hamluis and dc3,

 

Could I ask you a question?

 

Would you know why the Conhost.exe file keeps kicking in always after dark, never in the morning, or afternoon, only after 22:00pm or 23:00pm. I know this might sound crazy, but I don't seem to have an explanation for this... why is this happening at a certain time of the day only? wierd



#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:46 PM

Posted 30 March 2014 - 06:32 PM

You had a topic in the MRL forum open until closed today...which you failed to follow up on.  Topics reflecting known/suspected malware take precedence over other topics initiated by a member...for obvious reasons.

 

Topic at http://www.bleepingcomputer.com/forums/t/528777/combofix-found-some-things-help/#entry3324900 .

 

I have reopened the above topic and suggest that you follow the directions provided by HelpBot explicitly...so that we can attempt to resolve your current issues.

 

Thanks :).

 

Louis



#8 Milway

Milway
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 30 March 2014 - 07:56 PM

Hi Hamluis,

 

Let me see if I can explain, because it is getting a bit messy... my apologies for the mess. 

 

I made a topic with the same issue on the 22nd of march, here is the link... 

 

http://www.bleepingcomputer.com/forums/t/528363/a-few-days-ago-i-had-some-strange-behavior-on-my-laptop/#entry3329258

 

Due that I didn't have a reply I run some of the tools myself following the guideline from this bleepingcomputer wedsite, and a made another topic where I posted the logs, this was done on the 26th of march, here is the link... http://www.bleepingcomputer.com/forums/t/528777/combofix-found-some-things-help/#entry3324900 but was too late when I realize that I have another topic made on the 22nd of march with the same issue. Since I couldn't delete the first topic made on the 22nd of march I let the topic there and was answered by a malware Response team "oneof4" on the 28th of march, (the topic that never got answered was the topic you have reopened made on the 26th of march).  

 

Oneof4, asked me to run some programs in order to know what was going on in the computer, but didn't see any evidence of malware, but did see some Windows related errors and he refers me to post a new topic on windows 7 forum to get help with this issue.

 

Anyway, I run again Combofix myself later this evening and found something which I don't know what it is so I have replied and posted the logs back to him to see if need to take any further action. Just waiting for his response as I am writing you this post.     

       

Sorry for the mess... :whistle: should I come back to this post (topic) once the issue found is resolved? :)

 

Thanks



#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:46 PM

Posted 30 March 2014 - 09:29 PM

In what topic...are these latest CF logs posted, please?

 

Nevermind...I see that the CF logs were posted to the topic at http://www.bleepingcomputer.com/forums/t/528363/a-few-days-ago-i-had-some-strange-behavior-on-my-laptop/#entry3329258 .

 

Please...pursue that topic to completion.  Once that topic is closed, you may then initiate a new topic here to deal with what are clearly seen as non-malware issues.

 

This topic is now closed to avoid further confusion.

 

Louis


Edited by hamluis, 31 March 2014 - 06:28 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users