Inactive Applications crash randomly

Status
Not open for further replies.
Hi,

On this computer, applications crash randomly. (Occasionally, I also get bluescreens; The errors/drivers named in the BSOD vary each time.) This has been happening for about 3 weeks. Due to the nature of the crashes, I had assumed faulty RAM; I ran memtest86 for a day without error, and became suspicious of a virus.

Applications often run for hours before crashing, seemingly depending on type; games tend to crash often, while i've never seen a crash in (e.g.) explorer.exe.

Many security/virus detection programs crash immediately when run (Including "Malwarebytes Anti-Malware" and "DDS").

I ran GMER; Using it, I determined that "pci.sys" was infected with "Rootkit.Win32.TDSS", which I fixed using "TDSSKiller" from kaspersky.com
NB: I didn't see any of the symptoms normally associated with that particular virus.

I still get random crashes/BSODs.

Since Malwarebytes Anti-Malware and DDS (still) don't run, here's just the log from GMER (this is from _after_ the pci.sys virus was removed)

I've removed some irrelevant entries that pre-date the crashes. (related to sygate personal firewall)
====================================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-26 00:09:50
Windows 5.1.2600 Service Pack 2
Running: ezfudmbi.exe; Driver: z:\temp\pgtyqpow.sys


---- System - GMER 1.0.15 ----


---- Kernel code sections - GMER 1.0.15 ----

? 83246160.sys The system cannot find the file specified. !
? trnr.sys The system cannot find the file specified. !
? tsk4.tmp The system cannot find the file specified. !
.text C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9B63380, 0x346307, 0xE8000020]
? z:\temp\mbr.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----


---- Devices - GMER 1.0.15 ----

Device \Driver\PCI \Device\NTPNP_PCI0002 tsk4.tmp
Device \Driver\PCI \Device\NTPNP_PCI0003 tsk4.tmp
Device \Driver\PCI \Device\NTPNP_PCI0010 tsk4.tmp
Device \Driver\PCI \Device\NTPNP_PCI0004 tsk4.tmp
Device \Driver\PCI \Device\NTPNP_PCI0005 tsk4.tmp
Device \Driver\PCI \Device\NTPNP_PCI0006 tsk4.tmp
Device \Driver\PCI \Device\NTPNP_PCI0009 tsk4.tmp

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 1310724
Process hidden process (*** hidden *** ) 1638404
Process hidden process (*** hidden *** ) 7733252
Process hidden process (*** hidden *** ) 5439492
Process hidden process (*** hidden *** ) 9371652
Process hidden process (*** hidden *** ) 7536644
Process hidden process (*** hidden *** ) 7798788
Process hidden process (*** hidden *** ) 9437188
Process hidden process (*** hidden *** ) 9699332
Process hidden process (*** hidden *** ) 9764868

---- EOF - GMER 1.0.15 ----

Not terribly useful. Now what?

Thanks in advance,
Bob.
 
Welcome to TechSpot! I'll help check to see if malware is the problem.

Please note: When you run a scan and leave the log for me to review, you do not remove entries that you think are irrelevant. Therefore, I will delete this GMER log as it has been tampered with. And since the scan is dated 2011-07-26 - a date which isn't for 4 more days, your computer date setting is incorrect.:
Right click on the Clock in the Notification Area> Choose "Adjust date/time> Check both the date and time on the screen and change what is wrong> Make sure the boxes for 'adjust for daylight savings time' are checked> Click on the Time Zone tab and make sure you are in the correct zone> Click on the Internet Time tab> make sure there is a server set> then click on Check Now.

If you have any problem, let me know and I'll give you a different time server. This one setting could cause the crashes as many program/apps/updates are time and date sensitive.
==============================================
If you get through that okay, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
==================================================
Repeat GMER with a new download and scan.
If there is still a problem with Malwarebytes, do the following:
Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already. Once done, try running a scan again
================================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
It's very important that you remove any of the scan download on the system now, then download from my links. Since your original scans were run with an incorrect date and possibly time, it will affect any udate for the scans.
 
Renaming MalwareBytes and DDS helped, though Malwarebytes crashed the first 4 times i tried to run it.

======================================================================================

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7275

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2011/07/25 5:45:23
mbam-log-2011-07-25 (05-45-23).txt

Scan type: Quick scan
Objects scanned: 232038
Time elapsed: 10 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=======================================================================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-07-25 05:34:10
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340810A rev.3.99
Running: 38uthj94.exe; Driver: z:\temp\pgtyqpow.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 1310724
Process hidden process (*** hidden *** ) 1638404
Process hidden process (*** hidden *** ) 7733252
Process hidden process (*** hidden *** ) 5439492
Process hidden process (*** hidden *** ) 9371652
Process hidden process (*** hidden *** ) 7536644
Process hidden process (*** hidden *** ) 7798788
Process hidden process (*** hidden *** ) 9437188
Process hidden process (*** hidden *** ) 9699332
Process hidden process (*** hidden *** ) 9764868

---- EOF - GMER 1.0.15 ----


=======================================================================================
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24
Run by Bob at 5:28:05 on 2011-07-25
Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.1535.792 [GMT 12:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS.0\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
C:\Program Files\SPF\smc.exe
svchost.exe
C:\WINDOWS.0\Explorer.EXE
Z:\from-y\stuff\WinKeyKiller\WKeyKill.exe
svchost.exe
Z:\Program Files\Firefox\firefox.exe
C:\WINDOWS.0\system32\taskmgr.exe
C:\WINDOWS.0\system32\conime.exe
C:\WINDOWS.0\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mWinlogon: SfcDisable=-99 (0xffffff9d)
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\bob\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
mRun: [SmcService] c:\progra~1\spf\smc.exe -startgui
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\no-ipd~1.lnk - c:\program files\no-ip\DUC20.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\shortc~2.lnk - z:\pie\pcap.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\shortc~1.lnk - z:\from-y\stuff\winkeykiller\WKeyKill.exe
uPolicies-explorer: NoActiveDesktop = 01000000
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{24A8741D-DD56-4ECC-B705-B4D84A84EEB7} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;Z:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "Z:/Program Files/PostgreSQL/9.0/data" -w --> Z:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows.0\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NPF;NetGroup Packet Filter Driver;c:\windows.0\system32\drivers\npf.sys --> c:\windows.0\system32\drivers\npf.sys [?]
S3 AMPCORE;AMPCORE;z:\programming\amd\codeanalyst\bin\ampcore.sys [2010-6-18 44488]
S3 CAPROF;CAPROF;z:\programming\amd\codeanalyst\bin\caprof.sys [2010-6-18 49360]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows.0\system32\drivers\ftd2xx.sys --> c:\windows.0\system32\drivers\FTD2XX.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows.0\system32\drivers\vboxnetadp.sys --> c:\windows.0\system32\drivers\VBoxNetAdp.sys [?]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows.0\system32\drivers\vboxnetflt.sys --> c:\windows.0\system32\drivers\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows.0\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CALoadService;CALoadService;z:\programming\amd\codeanalyst\bin\CALoadService.exe [2010-6-18 69632]
S4 vsdatant;vsdatant; [x]
.
=============== Created Last 30 ================
.
2011-07-25 09:49:47 -------- d-----w- c:\documents and settings\bob\application data\Malwarebytes
2011-07-25 09:49:41 -------- d-----w- c:\documents and settings\all users.windows.0\application data\Malwarebytes
2011-07-24 16:31:28 41272 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2011-07-24 16:31:25 22712 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2011-07-07 06:22:49 -------- d-----w- c:\documents and settings\bob\local settings\application data\Oblivion
2011-07-04 02:44:11 404640 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-07-25 09:59:50 68224 ----a-w- c:\windows.0\system32\drivers\pci.sys
2011-07-13 08:25:47 6154 ----a-w- c:\windows.0\system32\PerfStringBackup.TMP
2011-06-20 10:00:59 25992 ----a-w- c:\windows.0\system32\pgdfgsvc.exe
.
============= FINISH: 5:28:34.25 ===============

=================================================================================================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2008/03/10 22:46:57
System Uptime: 2011/07/25 4:48:09 (1 hours ago)
.
Motherboard: | | K7VM4
Processor: AMD Athlon(tm) XP 2500+ | Socket-A | 1831/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 8 GiB total, 0.628 GiB free.
E: is FIXED (NTFS) - 29 GiB total, 5.765 GiB free.
Z: is FIXED (NTFS) - 233 GiB total, 5.174 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
7-Zip 9.20
Ace of Spades
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AI War
AnalogX HyperTrace
Anathema 1.3
Apple Software Update
Application Verifier
ATLAS Translation Standard V14.0 Trial Version
Audiosurf
Autodesk 3ds Max 8
Avencast?
AviSynth 2.5
Battle for Wesnoth 1.6.5
C-Media WDM Audio Driver
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Castle Vox 1.13
Chocolate Castle
CodeAnalyst Performance Analyzer
Command & Conquer The First Decade
Coq Version 8.3
Counter-Strike: Source
Creeper World
Debugging Tools for Windows
DesertCombat 0.7
Diablo II
Dig-N-Rig version 1.0
Din's Curse 1.001
DROD: Journey to Rooted Hold 2.0.12
Dune 2000
Every Day Genius Square Logic
ffdshow v1.1.3507 [2010-07-07]
GHC 6.12.3
GIMP 2.6.11
GOM Player
GOMTV Streamer
Google Chrome
Google Talk (remove only)
GraphicsGale FreeEdition version 1.93.16
GTK+ Runtime 2.14.7 rev a (remove only)
Gtk2Hs 0.10.0
Haali Media Splitter
Harvest Massive Encounter
HDM
Hero Editor V0.96
Heroes of Might and Magic V - Tribes of the East
Heroes of Might and Magic V Collector Edition
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Development Kit 6 Update 24
JISHOP 5.3
Malwarebytes' Anti-Malware version 1.51.1.1800
Matroska (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Compatibility Toolkit 5.0
Microsoft AppLocale
Microsoft Document Explorer 2008 (6001.18000.367)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Platform SDK (3790.1830)
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft VC Redist 2008 (6001.18000.367)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
Microsoft Windows Application Compatibility Database
Microsoft Windows Driver Development Kit Uninstall - 3790.1830
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 .NET Documentation (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Win32 Documentation (6001.18000.367)
Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367)
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
MinGW 5.1.6
mIRC
Mobipocket Reader 6.2
Mozilla Firefox (3.6.18)
Mozilla Firefox (3.6.3)
Mozilla Firefox 5.0 (x86 en-GB)
MSXML 6.0 Parser (KB933579)
Mumble and Murmur
Neverwinter Nights
NifSkope (remove only)
No-IP.com DUC (remove only)
NUnit 2.4.8
NVIDIA Cg Toolkit 3.0 July 2010
NVIDIA Drivers
Oblivion
Oblivion - Construction Set
Oblivion mod manager 1.1.12
OpenAL
Osmos v1.5.6
Pidgin
Planescape - Torment
Populous: The Beginning
Populous: Undiscovered Worlds - Patch
Poser 8 (8.0.0.10157)
Poser Pro 2010 Content
PostgreSQL 9.0
Python 2.5 numpy-1.1.0
Python 2.5 pygame-1.8.0
Python 2.6 SCons - a software construction tool
Python 2.6.4
Python 3.1.3
Reactive Extensions (Rx) for .NET Framework 3.5 SP1
Real Alternative 1.9.0 Lite
RGSS-RTP Standard
RPG Maker 2000 1.05
RPG Maker 2003 v1.08
RPG Maker VX
RPG Maker VX RTP
RPGXP
Security Update for Windows XP (KB958644)
SlimDX Redistributable (March 2009)
SlimDX SDK (June 2010)
SpeechRedist
Spybot - Search & Destroy
SQL Server System CLR Types
Standard ML of New Jersey
Starcraft
Steam
SumatraPDF
Sygate Personal Firewall
TaoFramework 2.1.0
Team Fortress 2
TES Construction Set
TmNationsForever
TortoiseGit 1.4.4.0 (32 bit)
Total Annihilation
Tweak UI
Unity Web Player
VLC media player 1.1.9
Warcraft III: All Products
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
WinPcap 4.1.2
WinRAR archiver
Wireshark 1.4.4
XCC Utilities 1.46
XML Paper Specification Shared Components Pack 1.0
XPS Essentials Pack
XPS Essentials Pack 1.0
μTorrent
.
==== Event Viewer Messages From Past Week ========
.
2011/07/25 23:23:52, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2011/07/25 22:54:21, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
2011/07/25 21:38:39, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
2011/07/25 21:38:39, error: Service Control Manager [7000] - The NetGroup Packet Filter Driver service failed to start due to the following error: The system cannot find the file specified.
2011/07/25 21:14:03, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2011/07/25 21:10:02, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2011/07/25 21:05:25, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2011/07/25 21:05:08, error: sptd [4] - Driver detected an internal error in its data structures for .
2011/07/25 20:59:35, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
2011/07/25 20:45:28, error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).
2011/07/25 20:45:23, error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2011/07/21 18:54:14, error: DCOM [10000] - Unable to start a DCOM Server: {1F69F884-285E-418E-9715-B9EEE402DD5F}. The error: "%5" Happened while starting this command: "C:\Program Files\Common Files\Microsoft Shared\Help 9\dexplore.exe" -Embedding
.
==== End Of File ===========================
 
How to remove a second installation of a Windows operating system from a partition> See
http://support.microsoft.com/kb/888023

============== Running Processes ===============
.
C:\WINDOWS.0\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
C:\Program Files\SPF\smc.exe
C:\WINDOWS.0\Explorer.EXE
Z:\from-y\stuff\WinKeyKiller\WKeyKill.exe>> WinKey Killer disables the Windows key and context menu key on newer 104-key Windows 95 keyboards. Optionally disable all system keys for security purposes.

Z:\Program Files\Firefox\firefox.exe
C:\WINDOWS.0\system32\taskmgr.exe
C:\WINDOWS.0\system32\conime.exe
C:\WINDOWS.0\system32\ctfmon.exe
.
=========================================
There are 3 fixed drive with almost no space left on any. There are no System, Restore Points.
=========================================
How much RAM do you have? I am hardpressed to know how you can have so muc installed on a Win XP system.
========================================
Please run the following:

Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
    in your next reply.
==============================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
Status
Not open for further replies.
Back