Hardware installation and shut down error

[daz1874]

Every time I start up my computer, I get a Hardware Wizard message to help me
install the "Winkp Filter Miniport". . Can someone help me figure this out, please?

Also when logging off windows it is not closing down completely.

Thank you so much.

 

[Bobbye]

Please post this in the Windows OS forum. IT sounds like you have a flash drive on startup. Once you take it off of startup, the error message should stop. I also can't identify the "Winkp Filter Miniport".

The the shutdown problem describes something-an app- is hanging and preventing the shutdown. That is also usually caused by something on startup that does not need to be there.

The members on that forum can have you check the Event Viewer for corresponding errors and help you work through them.

 

[daz1874]

Thanks for the reply

 

[Bobbye]

You're welcome. I hope they will help you find the cause if what I suggested doesn't help.

 

[LookinAround]

Hi daz1874

A few things to start...

1. Please tell us the make/model of your computer. And version of Windows? and what Service Pack (SP) Level is installed?

2. fyi... I find that Miniport Filter drivers are usually associated with a network adapter. Do you have an Ethernet adapter? and/or a wifi adapter installed? (and does it really say Winkp?)

3. You typically see the Windows Hardware Wizard when
> Windows detects Plug and Play (PnP) hardware
> BUT Windows can't find a driver for it. So it prompts you with the H/w Wizard to help it find a driver

Do you have the latest network drivers installed? I think is worth a shot at uninstalling then reinstalling your Ethernet and wifi drivers. Then if problem persists, let's see what Windows says in a Problem Devices report

• Make sure all your devices are connected and powered on
• Click Start->Run, enter: msinfo32. Click the + sign next to Components to expand it
• Click Problem Devices. Anything appear?
• If yes, click on it, Ctrl-A to select all, Ctrl-C to copy it, Ctrl-V to paste into next post

 

[LookinAround]

Apologies for the double post BUT wanted to highlight this...

Hey! Lookee at what i just found.. As when i looked for network adapters, one can at least find search engine matches for atheros ar9285 winpk miniport

Any chance you're using atheros network adapters?

 

[Bobbye]

Good catch Lookin Around! I said I couldn't ID it but didn't even consider a spelling correction! I will beat myself up over this one!

 

[LookinAround]

Good catch Lookin Around! I said I couldn't ID it but didn't even consider a spelling correction! I will beat myself up over this one!

Thanks Bobbye

But i can only take credit for connecting "miniports" as being related to "network adapters"...

I forget the exact search terms i used in my search but when i included network adapter in my miniport search terms it was actually Google that caught the typo and suggested the alternate spelling (along with the atheros network adapter hits it supplied!)

p.s. i'm still amazed and impressed by the extensive info (and, even more so, the speed!) of search engines like Google

 

[daz1874]

Hi There

Sorry for the delay in getting back on this one. I have been away for a week on holiday.

I am running a Dell Dimension 3100 and Windows XP and service pack 3.

Not sure where i would find if i have atheros adapters to be honest. My problems started with some sort of infection which wiped out my audio devices. I have sorted this after restoring the system but this hardware message appears when i switch on the PC. Possibly due to this DVD RW?

PHILIPS DVD+-RW DVD8701 IDE\CDROMPHILIPS_DVD+-RW_DVD8701_________________5D24____\594D4D30373933353037353135394F4132304D58 39

 

[daz1874]

I found the problem was the driver listed in the device manager and deleted it. The Winpk filter was also highlighted within the network adapters with the yellow triangle so i went ahead and installed it.

When i ran gmer scan which failed to complete in safe mode, windows had a stop message which stated a problem was found in the following file uxt dapob.sys.

page fault in non paged area

What would this mean?

 

[Bobbye]

I can't identify uxt dapob.sys. as given. Please give me the entire error message, making sure the spelling is exact.

 

[LookinAround]

Hi daz

Two things
1) If you would run the Problem Device report per instructions back in Post #5 it will help give me a snapshot of problems with your Plug and Play drivers

2) That said, it's weird that you reported a problem with your DVD driver as all CD/DVD's use generic Windows drivers. Malware can also cause driver issues. And Bobbye's one of the best anti-Malware experts on TechSpot. :grinthumb

So i'm going to leave you in Bobbye's hands till we know this isn't maybe a malware issue and then we can look at this as a Windows OS issue

 

[daz1874]

I ran the start run misc msinfo32 and received the following message.

CAN'T COLLECT INFORMATION

There is not enough memory to run Windows management instrumentation.


Please try quitting applications or closing files to free memory

I only have Internet explorer open

Try typing this uxtdapob.sys into google and you will see it is appearing on other pc logs. The message also said PAGE-FAULT-IN NONPAGED-AREA

I got the message when he system crashed on me last night when i was running the GMER scan in safe mode. The message appeared on a blue screen amongst other information. This why i noted this bit as this is what caused the pc to crash

 

[Bobbye]

Okay I am still subscribed but not sure of which we're checking> system or malware? I don't have any logs but if you're trying to run GMER, it sound like you've gone back to checking for malware. You really need to get the system more stable.

Perhaps you could run the following to find Errors that correspond to the problems and LookinAround could help resolve them:

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

• 
  Select log to query, select
• Application
• System
  
  Under Select type to list, select:
• Critical (Vista only)
• Error
  
  Click the radio button for Number of events
• Type 20 in the 1 to 20 box
• Then click the Run button.
• Notepad will open with the output log.
  
  Load the log
• In Notepad, click Edit> Select all
• Then press Edit > Copy
• Press Ctrl+V on your keyboard to paste the log to your next reply.

(Courtesy rev-Olie)

 

[LookinAround]

Hi daz

Could you also please tell us
> which version of Windows you are running and what Service Pack (SP) level is installed?
> The make/model of your computer
> Do you have your Windows install CDs??

I am going to do a private consult with Bobbye and we'll get back to you...

 

[LookinAround]

I am running a Dell Dimension 3100 and Windows XP and service pack 3.

Ooops. Just remembered you already gave that information.

So only question: do you have your Dell XP install CDs??

 

[Bobbye]

daz, I don't know if you can do this since Windows is neither starting up or closing down correctly, but we don't have enough information about the process to handle any entries- so give this a try.

Please paste the log in your next reply:

Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
Re-enable your Antivirus software.

 

[daz1874]

Hi The Combo Fix did not generate a log at the end of the scan.

The PC was running ok the other day there and i had everything working again.

Didn't last though and i have now got this Security Tools Malware that is blocking everything I try to do. For example i tried to download spycatcher free trial and it blocked it. Control Panel as soon as i click on anything i get a message like rundll32.exe isd infected with worm.win.32.randex.a. This worm blah blah....
Task Manager is controlled by this thing as well


This changes randomly so i would appreciate some help here. Doing my head in as fixes mentioned elsewhere are not working

Tried to run TFC to start the 8 step process and this thing won't allow it to start. I'm totally stuck.

 

[Bobbye]

Combofix always generates a log at the end of a scan.

This changes randomly so i would appreciate some help here. Doing my head in as fixes mentioned elsewhere are not working

Sorry- nothing works, no logs. I have nothing to work with. Curious to know where "elsewhere" is though. Are you getting help in multiple forums?

You can try this online scan to see if anything is found:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

If this fails also, I can only recommend a reformat/reinstall.

 

[daz1874]

Here is my log. Worse than I expected!

I only looked at a few help sites on google to see if there was a quick fix on the security tool removal. Please be assured this is the only forum i have sought assistance on as I value your input and help. All I and a want is to be rid of this crap from my PC and i look forward to your advice


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=61600c38345a5340bb57a63fdf217a3d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-03 07:56:57
# local_time=2010-08-03 08:56:57 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777173 100 75 252320 10119462 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 895367 895367 0 0
# scanned=74381
# found=18
# cleaned=0
# scan_time=4477
C:\Documents and Settings\Yvonne Candlish\Application Data\Cuit\irko.exe a variant of Win32/Peerfrag.FU worm 00000000000000000000000000000000 I
C:\Documents and Settings\Yvonne Candlish\Application Data\Ippaug\igan.exe a variant of Win32/Kryptik.FHJ trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Yvonne Candlish\Application Data\Oqibbo\ynho.exe a variant of Win32/Kryptik.DFP trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Yvonne Candlish\Local Settings\Application Data\{F3C4D314-3B33-475C-BD2B-ABC7093DC34A}\chrome\content\overlay.xul probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Darren Candlish.DARREN.000\Local Settings\Application Data\{D0A0B732-8A20-46A0-B50C-D73D33057621}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Darren Candlish.DARREN.000\Start Menu\Programs\Startup\syscron.exe.vir Win32/TrojanDownloader.Carberp.H trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Lauren Candlish\Local Settings\Application Data\{E09F19B9-FA98-4C18-8B16-B832013CCAB7}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Melissa Candlish\Local Settings\Application Data\{8434D83D-8309-431B-AB41-2721C034CED1}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Yvonne Candlish\Application Data\Cuit\irko.exe.vir a variant of Win32/Peerfrag.FU worm 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Yvonne Candlish\Application Data\Ippaug\igan.exe.vir a variant of Win32/Kryptik.FHJ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Yvonne Candlish\Application Data\Oqibbo\ynho.exe.vir a variant of Win32/Kryptik.DFP trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Yvonne Candlish\Local Settings\Application Data\{578B8215-988D-4BAE-BF8F-600D2382CD9B}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\azopiriqur.dll.vir a variant of Win32/Cimag.CK trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ws2_32.dll.vir Win32/Patched.FC trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\user32.dll Win32/Patched.FC trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\ws2help.dll Win32/Patched.FC trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\ws2_32.dll Win32/Patched.FC trojan 00000000000000000000000000000000 I
${Memory} Win32/Patched.FC trojan 00000000000000000000000000000000 I

 

[Bobbye]

It's not good. You have patched trojans and trojans in memory. I strongly recommend that you do the reformat/reinstall.