TechSpot

I was told to come here to resume work..

By xdeadlockxfan
Jan 24, 2011
Post New Reply
  1. I had malware and removed 95% of it successfully with Bobbye's help. However, I had some Blue Screen issues, and other stuff happen along the way.

    First, after diagnosing the malware, I was assisted in removing the malware. After removing about 90% of it, I had a rogue antivirus program lodge itself in my computer's system. I was told by Bobbye to run ESET or Kaspersky for scans, but neither of them will not work for some reason on my computer (probably because of add ons and Java settings or something).

    So, Bobbye directed me here. Here are some details!

    Here's the blue screen error details:
    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.0.6000.2.0.0.768.3
    Locale ID: 1033
    Additional information about the problem:
    BCCode: 50
    BCP1: 87C00000
    BCP2: 00000000
    BCP3: A47A4EED
    BCP4: 00000000
    OS Version: 6_0_6000
    Service Pack: 0_0
    Product: 768_1

    Files that help describe the problem:
    C:\Windows\Minidump\Mini121110-01.dmp
    C:\Users\Albert\AppData\Local\Temp\WER-92453-0.sysdata.xml
    C:\Users\Albert\AppData\Local\Temp\WER4992.tmp.version.txt
    ----

    Originally, I had "bad image" popups from a malware infection. It happened everytime I opened a program or application.
    I did have a Java cache Trojan that was handled.
    I ran "scan now" (in command prompt) on my own.
    Bobbye told me to run Old Timer MoveIt! and ComboFix script and remove entries in HiJackThis.

    After that, I had that ugly antivirus program just install itself on my computer. Bobbye told me to come here and I don't know where else to go with this. Do you want me to solve the blue screen errors that I don't get anymore? Solve the "bad image" issues that I don't have anymore? Help secure my computer and keep the rogue programs out?

    If this is any help, the last instructions I was given were to run Kaspersky online scan.

    Any help is appreciated, thanks!
     
  2. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    Bobbye is one of the best.

    How to find and post your Minidump Files:

    My Computer > C Drive > Windows Folder > Minidump Folder > Minidump Files.

    It is these files that we need (not the folder). Attach to your next post the five most recent dumps. Notice the Manage Attachments button at the bottom when you go to post the next time. You can Zip up to five files per Zip; if you only have one or two you don’t need to zip them, just attach as is. Please do us a favor and don’t Zip each one individually.
     
  3. xdeadlockxfan

    xdeadlockxfan TS Rookie Topic Starter Posts: 35

    Okay, I can find the minidump files okay, but how do I know which ones to attach? I have 14 of them (each as separate files). You want me to attach them to a post?
     
  4. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    Next time you post attach them using the Manage Attachments button that you can scroll down and find. Zip five of the latest files together and not individually. They are dated.
     
  5. xdeadlockxfan

    xdeadlockxfan TS Rookie Topic Starter Posts: 35

    It's in a .rar extension, because I have WinRar. I hope that's okay. I found the five latest files.
     

    Attached Files:

  6. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    Two of the five minidump files specifically cited ugliqpow.sys I made sure I spelled it right. There is absolutely nothing on the net (which is a very rare occurance) even listing this except your thread with Bobbye.

    It isn't a Windows OS driver.

    What security software are you running at this time?
     
  7. xdeadlockxfan

    xdeadlockxfan TS Rookie Topic Starter Posts: 35

    I have Norton Internet Security. But it will expire soon and then I will load up AVAST into my system.

    What does that mean? The ugliqpow.sys minidump file? If it isn't a driver, then what is it? Something rogue?
     
  8. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    I don't have a clue. There absolutely nothing on the net concerning this driver.
     
  9. xdeadlockxfan

    xdeadlockxfan TS Rookie Topic Starter Posts: 35

    So what do you think I should do? Delete it? Where do we go from here?
     
  10. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    I went back and read you dumps again. I noted the 3 of them are from 12/11/10 and the other two from September and October of last years as well.

    Do you have any mote recent BSOD minidump files from January 2011? If you do attach the five latest files via ZIP.

    What security software are you running at this moment?
     
  11. xdeadlockxfan

    xdeadlockxfan TS Rookie Topic Starter Posts: 35

    I got only one from January 2011. It's from the 9th. The security I have is Norton Antivirus which will expire fairly soon.
    However, I do want to bring your attention back to that "rogue antivirus program." It came back and when I turned on my computer just under an hour ago it popped up. I went into safe mode and did a "scannow" with command prompt and it didn't solve the problem. I went back to safe mode and ran MalwareBytes' and it took care of it. I found four infected items: 2 of which were registry values. 3 of them had "Trojan" as part of the keyword. Bobbye had me fix my registry keys before, but somehow they are still infected. And whenever that antivirus program comes back to me, it opens Java. Is there a way I can disable Java? And I'll get rid of Norton as soon as I can and then input AVAST and see if it does better.
     

    Attached Files:

  12. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    First, when you uninstall Norton be aware that Norton is notorious for leaving driver remnants behind. Once you uninstall make sure you use their special Removal Tool found on their website for your version to make sure everything Norton is fully removed. Avast is really good. You'll love the interface.

    As for your minidump it cited the Windows OS driver NDProxy.sys which has to do with networking/internet. This isn't your issue but points to where some of where your problem lies since you are infected again.

    Bobbye was correct in having you repair your registry but I am wondering if a clean reformat is your only option here.

    Is your Norton a security suit or anti-virus only? What other security measures do you have in place?
     
  13. xdeadlockxfan

    xdeadlockxfan TS Rookie Topic Starter Posts: 35

    I have Norton Internet Security. It does the LIveUpdate feature and such. I disabled it since it was only slowing down my computer. And Norton just sucks too. I will uninstall it soon since I have a lot of school work to do. No rogue programs or software has infected my system since that time period. This is the only internet security I have.
     
  14. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    You'll like Avast.

    Your previous minidump file cited the Windows OS driver NDProxy.sys which is a Windows device driver interfacing mini-ports. How are you accessing the internet, wirelessly or ethernet?
     
  15. xdeadlockxfan

    xdeadlockxfan TS Rookie Topic Starter Posts: 35

    AVAST will be installed shortly. And I have internet by a wireless connection to a Linksys Router.
     
  16. xdeadlockxfan

    xdeadlockxfan TS Rookie Topic Starter Posts: 35

    Are you still helping me Route44?
     
  17. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    Absolutely! (As best as I can) I had been off for over a week due to issues with my browser. To keep it short I wasn't able to open webpages without freezing or extremely slow loads. And it was impossible for me to open minidump files.

    Is Avast working for you? You didn't mention any issues in your last post.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...