Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Stop Unexpectedly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 16th, 2008, 2:47 pm

While running Kaspersky Scan, computer stopping a few times after disconnecting Internet & disabling Antivirus. Error message as follows:

"Windows cannot find "http://microsoft.com/resredir.aspx?sid=10&Bucket=0xD1_NDIS!ndisMSyncQueryInformationComplete%2b32&State=1&ID=c06787c3-b9f2-4dd9-65a-b635difffcf63&LCID=1033&OS=5.1.2600.2.00010100.3.0'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

OK???

I had no choice. To maintain Scan till the end, I had to keep Internet connection ON but disabling only anti virus.

Here's log of the scan:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 16, 2008 16:38:58
Records in database: 960110
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 51457
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 00:59:16


File name / Threat name / Threats count
E:\My Documents\Downloads\Programs\BearShareV6.exe Infected: not-a-virus:AdWare.Win32.Mostofate.j 1
E:\My Documents\Downloads\Programs\SmileyCentralFWBInitialSetup1.0.0.15-3.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aw 1

The selected area was scanned.

Next?
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am
Advertisement
Register to Remove

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 16th, 2008, 2:49 pm

Hey I discovered that whenever I disconnected the Internet, the problems begin. But when I leave the Internet connection on, this wont happen.... WHY?
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Scotty » July 16th, 2008, 3:18 pm

Hi

it's possibly it was a matter of timing or perhaps the revamped Kaspersky scannner now needs the connection left. Ill need to look into that.

Remember to disconnect from the Internet before carrying out the next instruction, and to save the following script before you do.You must
also manually disable your anti-virus and anti-spyware programs. See the link below for instructions on doing this.

http://www.bleepingcomputer.com/forums/topic114351.html

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text with your mouse and pressing Ctrl+C

Code: Select all
File::
E:\My Documents\Downloads\Programs\BearShareV6.exe
E:\My Documents\Downloads\Programs\SmileyCentralFWBInitialSetup1.0.0.15-3.exe
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job

Folder::
C:\Program Files\XoftSpySE
 
 


Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Image


Refering to the picture above, drag CFScript into ComboFix.exe


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.

In your next reply post:
ComboFix.txt
MBAM log
New HijackThis log taken after the above scan has run
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 17th, 2008, 2:28 am

1. ComboFix.txt

ComboFix 08-07-14.2 - Lim Mervin 2008-07-17 12:51:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.530 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job
E:\My Documents\Downloads\Programs\BearShareV6.exe
E:\My Documents\Downloads\Programs\SmileyCentralFWBInitialSetup1.0.0.15-3.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\XoftSpySE
C:\Program Files\XoftSpySE\0_days.htm
C:\Program Files\XoftSpySE\1_days.htm
C:\Program Files\XoftSpySE\15_days.htm
C:\Program Files\XoftSpySE\2_days.htm
C:\Program Files\XoftSpySE\30_days.htm
C:\Program Files\XoftSpySE\5_days.htm
C:\Program Files\XoftSpySE\autoupdate.dll
C:\Program Files\XoftSpySE\database.db
C:\Program Files\XoftSpySE\expired.htm
C:\Program Files\XoftSpySE\Images\10x10.gif
C:\Program Files\XoftSpySE\Images\10x10tile.gif
C:\Program Files\XoftSpySE\Images\back.bmp
C:\Program Files\XoftSpySE\Images\bottompanel.gif
C:\Program Files\XoftSpySE\Images\BottomRemine.bmp
C:\Program Files\XoftSpySE\Images\Button_BACK_D.bmp
C:\Program Files\XoftSpySE\Images\Button_BACK_N.bmp
C:\Program Files\XoftSpySE\Images\Button_BACK_O.bmp
C:\Program Files\XoftSpySE\Images\Button_Small_D.bmp
C:\Program Files\XoftSpySE\Images\Button_Small_N.bmp
C:\Program Files\XoftSpySE\Images\Button_Small_O.bmp
C:\Program Files\XoftSpySE\Images\buttonfill.jpg
C:\Program Files\XoftSpySE\Images\buttonfill_mo.jpg
C:\Program Files\XoftSpySE\Images\buttonfilldown.jpg
C:\Program Files\XoftSpySE\Images\contentwrapper.gif
C:\Program Files\XoftSpySE\Images\flash.bmp
C:\Program Files\XoftSpySE\Images\footerbar.gif
C:\Program Files\XoftSpySE\Images\info_bubble.jpg
C:\Program Files\XoftSpySE\Images\main_bt_focus.bmp
C:\Program Files\XoftSpySE\Images\main_bt_normal.bmp
C:\Program Files\XoftSpySE\Images\main_bt_normal1.bmp
C:\Program Files\XoftSpySE\Images\main_bt_selected.bmp
C:\Program Files\XoftSpySE\Images\poweredby.bmp
C:\Program Files\XoftSpySE\Images\startpageback.bmp
C:\Program Files\XoftSpySE\Images\subtitlebar.gif
C:\Program Files\XoftSpySE\Images\tile_titlebar.jpg
C:\Program Files\XoftSpySE\Images\toppanel.gif
C:\Program Files\XoftSpySE\Images\width.bmp
C:\Program Files\XoftSpySE\LogSettings.xml
C:\Program Files\XoftSpySE\main.css
C:\Program Files\XoftSpySE\resources.dll
C:\Program Files\XoftSpySE\settings.xml
C:\Program Files\XoftSpySE\trial.htm
C:\Program Files\XoftSpySE\uninstall.exe
C:\Program Files\XoftSpySE\welcome.htm
C:\Program Files\XoftSpySE\xAutoUpdate.dll
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\Program Files\XoftSpySE\Xoftspy.ico
C:\Program Files\XoftSpySE\zlibwapi.dll
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job
E:\My Documents\Downloads\Programs\BearShareV6.exe
E:\My Documents\Downloads\Programs\SmileyCentralFWBInitialSetup1.0.0.15-3.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-16 13:21 . 2008-07-16 13:21 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-07-16 00:29 . 2008-07-16 00:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-15 18:32 . 2007-05-21 10:45 417,792 --a------ C:\WINDOWS\system32\ServoApp.exe
2008-07-15 18:32 . 2007-05-15 11:37 229,376 --a------ C:\WINDOWS\system32\Install98MFPPS.dll
2008-07-15 18:32 . 2006-09-22 11:35 151,552 --a------ C:\WINDOWS\system32\ddschk.dll
2008-07-15 18:32 . 2006-09-12 15:07 548 --a------ C:\WINDOWS\system32\cliktext.ini
2008-07-14 01:06 . 2008-07-16 00:12 <DIR> d-------- C:\Program Files\MFP Server Utilities
2008-07-12 01:22 . 2008-07-12 01:22 <DIR> d-------- C:\Lxk1100
2008-07-11 23:22 . 2000-07-15 00:00 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2008-07-11 23:22 . 2000-07-15 00:00 798,773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
2008-07-11 23:22 . 2000-07-15 00:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-07-11 20:02 . 2008-07-11 20:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-10 13:51 . 2008-07-10 13:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-10 10:41 . 2008-07-10 10:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Elluminate
2008-07-03 20:35 . 2008-07-03 20:35 <DIR> d-------- C:\Program Files\PPTminimizer
2008-07-03 20:35 . 2008-07-03 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PPTminimizer
2008-07-03 13:04 . 2008-07-03 13:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-03 13:01 . 2008-07-03 13:01 <DIR> d-------- C:\Program Files\Skype
2008-07-03 13:01 . 2008-07-03 13:01 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-03 13:01 . 2008-07-03 13:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-03 12:59 . 2008-07-03 12:59 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-30 14:40 . 2008-06-30 14:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 09:14 . 2008-07-03 12:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-27 09:07 . 2004-05-19 06:44 40,960 --a------ C:\WINDOWS\system32\exitwx.exe
2008-06-23 09:52 . 2008-06-23 09:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 01:46 . 2008-06-21 01:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-21 01:46 . 2008-06-21 01:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 19:51 . 2008-06-20 19:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 19:40 . 2008-06-20 19:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 19:08 . 2008-06-20 19:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 02:41 . 2008-06-20 02:41 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-20 02:01 . 2008-07-03 13:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-06-20 02:01 . 2008-06-20 02:01 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-20 01:59 . 2008-07-03 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-20 01:34 . 2008-07-10 10:46 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-19 23:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-19 23:49 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-19 23:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-19 19:50 . 2008-06-19 19:59 <DIR> d-------- C:\Program Files\Windows Live
2008-06-19 19:50 . 2008-06-19 19:57 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-19 19:50 . 2008-06-19 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 04:31 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-15 05:29 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-07-14 18:00 --------- d-----w C:\Program Files\Java
2008-07-14 01:50 --------- d-----w C:\Program Files\mtd2002
2008-07-13 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 04:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-03 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-22 18:16 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 17:42 --------- d-----w C:\Program Files\Sun
2008-06-15 17:34 --------- d-----w C:\Program Files\Common Files\Java
2008-06-14 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-14 17:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-06-14 17:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-06-14 16:41 --------- d-----w C:\Program Files\Yahoo!
2008-06-14 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 22:44 --------- d-----w C:\Program Files\Unlocker
2008-06-11 20:10 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Desktopicon
2008-06-11 16:21 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-11 16:20 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\IDM
2008-06-11 16:20 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Downloads
2008-06-11 16:20 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\DMCache
2008-06-11 15:05 --------- d-----w C:\Program Files\Symantec
2008-06-11 06:23 --------- d-----w C:\Program Files\DIFX
2008-06-11 05:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-11 05:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-11 03:46 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Ulead VideoStudio
2008-06-11 03:46 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Ulead Systems
2008-06-11 03:37 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\CyberLink
2008-06-11 03:33 --------- d-----w C:\Program Files\CyberLink
2008-06-11 03:25 --------- d-----w C:\Program Files\Common Files\Real
2008-06-11 03:14 --------- d-----w C:\Program Files\Windows Media Components
2008-06-11 03:02 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-06-11 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-11 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-11 03:01 --------- d-----w C:\Program Files\Ulead Systems
2008-06-11 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-11 02:17 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Symantec
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-15_14.48.05.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-15 05:36:20 41,238 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-16 16:32:59 41,238 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-15 05:36:20 315,076 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-16 16:32:59 315,076 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"mtd2002Svr"="C:\Program Files\mtd2002\mtdserver.exe" [2002-10-05 13:05 544768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-14 03:02 7573504]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-10 21:34 798810]
"CPUTray"="C:\WINDOWS\system32\CPUTray.exe" [2005-05-14 06:46 212992]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 12:15 15872]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43 57344]
"nwiz"="nwiz.exe" [2006-06-14 03:02 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 22:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-09-10 21:34 2879488 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 08:12 110592 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-05-29 03:12:48 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-04-26 23:30 895672 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 10:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 08:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra------ 2006-09-10 21:34 557056 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\mtd2002\\mtdserver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-26 23:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-06-01 00:51]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-13 15:27]
S2 ALIWEHCD;MFP Server Enhanced Controller;C:\WINDOWS\system32\Drivers\mfpec.sys []
S3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVcd.sys [2005-02-26 09:34]
S3 WUSBVBus;MFP Server Detector;C:\WINDOWS\system32\DRIVERS\mfpvbus.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{789df6d6-0d0e-11dc-a94b-806d6172696f}]
\Shell\AutoRun\command - D:\AUTORUN.exe /AUTORUN

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 12:53:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-17 12:54:10
ComboFix-quarantined-files.txt 2008-07-17 04:54:05

Pre-Run: 39,707,598,848 bytes free
Post-Run: 39,724,326,912 bytes free

260 --- E O F --- 2008-07-09 02:56:03

2. MBAM log

Malwarebytes' Anti-Malware 1.20
Database version: 960
Windows 5.1.2600 Service Pack 3

2:15:20 PM 7/17/2008
mbam-log-7-17-2008 (14-15-20).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 89719
Time elapsed: 15 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\E\My Documents\Downloads\Programs\SmileyCentralFWBInitialSetup1.0.0.15-3.exe.vir (Adware.Funweb) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{D7CCC6B9-5BBF-4648-83F4-9DEB5AF5C8FA}\RP73\A0040976.exe (Adware.Funweb) -> Quarantined and deleted successfully.

3. New HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:02 PM, on 7/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en-us.start2.mozilla.com/firefox ... S:official
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.twinhead.com/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPUTray] C:\WINDOWS\system32\CPUTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.twinhead.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8245 bytes

Next?
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 17th, 2008, 5:39 am

Hi

sorry had to inform after last scan job, tried opening files from external HDD "G" and windows stop & re-started again... same problem. So I ran MBAM scan & found 1 file in HDD "C" still infected together with HDD "G". Thought maybe good to scan with Kaspersky. Scan log for your reference...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 17, 2008 07:12:02
Records in database: 962303
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 104974
Threat name: 8
Infected objects: 22
Suspicious objects: 0
Duration of the scan: 01:41:31


File name / Threat name / Threats count
C:\QooBox\Quarantine\E\My Documents\Downloads\Programs\BearShareV6.exe.vir Infected: not-a-virus:AdWare.Win32.Mostofate.j 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07C00000\47F6FC48.VBN Infected: Worm.Win32.AutoRun.c 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08AC0000\4FFEE64C.VBN Infected: Worm.Win32.VB.gh 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400000\4946C47B.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400001\4946C487.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400002\4946C492.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400003\4946C49D.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400004\4946C4A9.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400005\4946C4B5.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400006\4946C4C0.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400007\4946C4CC.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400008\4946C4D7.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400009\4946C4E2.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0940000A\4946C4ED.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0940000B.VBN Infected: Trojan-Downloader.Win32.Small.ivo 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B300000.VBN Infected: Trojan.Win32.Monder.gen 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B300000.VBN Infected: Trojan.Win32.Obfuscated.abi 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B300001.VBN Infected: Trojan.Win32.Monder.gen 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B300001.VBN Infected: Trojan.Win32.Obfuscated.abi 1
G:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C5C0000\4EFEC6F5.VBN Infected: Worm.Win32.AutoRun.c 1
G:\Documents and Settings\MrMervin\Local Settings\Temp\sai1A.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.bj 1
G:\Documents and Settings\MrMervin\Local Settings\Temp\sai1A.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.bm 1

The selected area was scanned.

Have not done anything beside Kaspersky scan. So waiting your help please
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Scotty » July 17th, 2008, 6:58 am

Hi

Has the external HDD been connected throughout the fixing? The file on C is in Quarantine.

On G you need to open the Symantec System Centre and look for the Quarantine, then empty everything within it. (Norton seem unwilling to say how exactly you get there).

You also need to navigate here:
G:\Documents and Settings\MrMervin\Local Settings\Temp

and remove everything in that folder.

Congratulations, you appear to be malware free.

Time for some housekeeping

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Image

The Kaspersky Scanner can be removed through Add/Remove programs.

Malwarebytes Anti-Malware is a good program to keep. If you wish to keep it, use it to do a quick scan once a week and keep it updated.
Remember, only the paid for version offers real-time protection

Here is another couple of free programs I recommend.

Winpatrol
Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.

Spyware Blaster
SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

You can download SpywareBlaster from Javacool.

If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.


Hosts File
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here is a good Hosts file:

MVPS Hosts File

A tutorial about Hosts File can be found at Malware Removal.


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.


Here is some great information from experts in this field that will help you stay clean and safe online.
http://forum.malwareremoval.com/viewtopic.php?t=14

Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 18th, 2008, 2:29 am

Thanks, I will take a look at those progs recommended. But just today, I had the same problem again more than 3 times. Windows suddenly turns blue with a very blurry error message which disappeared very fast into re-start.

Is it a hardware or some drivers' problem? I tried to do check disk options to fix file system errors & scan for and attempt recovery of bad sectors. But still same.

Where can I go if you cannot help me?
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Scotty » July 18th, 2008, 8:38 am

Hi

Im not a technical whizz. Try this forum here
http://www.techsupportforum.com/
They have technical gurus there.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 19th, 2008, 11:46 am

OK THANKS

So I guess this will end the issue of my prob.

You are of great help to remove some of my malwares.... SURE :salute:
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Gary R » July 19th, 2008, 1:49 pm

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware