pbogdanovic
Posts: 12 +0
Random crashes of various programs (Firefox, Outlook, Skype, FS2004...) usually connected to ntdll.dll or some other .dll file.
Logs included. Thanks!
Alex
Logs included. Thanks!
Alex
Strange infection incl. logs
- Thread starter pbogdanovic
- Start date
- Status
evilfantasy
Posts: 425 +0
You need to attach a HijackThis log from normal boot mode.
Also you had the AVG set to No action taken. You have to run it again but set it to quarantine, the recommended action should be set to quarantine.
http://i137.photobucket.com/albums/q228/TootEmCarMan/avg5.jpg
Also you had the AVG set to No action taken. You have to run it again but set it to quarantine, the recommended action should be set to quarantine.
http://i137.photobucket.com/albums/q228/TootEmCarMan/avg5.jpg
pbogdanovic
Posts: 12 +0
Here the Hijack log from normal mode. AVG scan will take more time, will post later.
Thanks for your help!
(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.
Hope this is okay now, attached AVG log
Thanks for your help!
(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.
Hope this is okay now, attached AVG log
evilfantasy
Posts: 425 +0
Please download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.
NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
If you use Firefox browser
* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main ATF Cleaner menu to close the program.
How are things now?
NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
If you use Firefox browser
* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main ATF Cleaner menu to close the program.
How are things now?
pbogdanovic
Posts: 12 +0
Did everything as instructed. However, problems continue. Got the bluescreen this time and the following after 2-3 hours of normal work (Outlook, Firefox, Skype...) and while scanning with Spyware Doctor:
The system has recovered from a serious error
Error signature: BCCode : 24 BCP1 : 001902FE BCP2 : BACE3AA8 BCP3 : BACE37A4
BCP4 : 8052C491 OSVer : 5_1_2600 SP : 2_0 Product : 256_1
The following files will be included in this error report:
C:\DOCUME~1\Aca.ACA\LOCALS~1\Temp\WER0914.dir00\Mini120507-01.dmp
C:\DOCUME~1\Aca.ACA\LOCALS~1\Temp\WER0914.dir00\sysdata.xml
Thanks for your help!
The system has recovered from a serious error
Error signature: BCCode : 24 BCP1 : 001902FE BCP2 : BACE3AA8 BCP3 : BACE37A4
BCP4 : 8052C491 OSVer : 5_1_2600 SP : 2_0 Product : 256_1
The following files will be included in this error report:
C:\DOCUME~1\Aca.ACA\LOCALS~1\Temp\WER0914.dir00\Mini120507-01.dmp
C:\DOCUME~1\Aca.ACA\LOCALS~1\Temp\WER0914.dir00\sysdata.xml
Thanks for your help!
evilfantasy
Posts: 425 +0
Delete the copy of combofix you have and run a new scan with the log attached to the next post.
Please download Combofix by sUBs from either here or here
Save Combofix.exe to your your Desktop.
1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
2. When finished, it will produce a log for you.
3. Attach that log in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall
Please download Combofix by sUBs from either here or here
Save Combofix.exe to your your Desktop.
1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
2. When finished, it will produce a log for you.
3. Attach that log in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall
pbogdanovic
Posts: 12 +0
Ran ComboFix. After reboot got error messages about two programs that could not be located and cannot run.
Attached pls find the logfile.
Thanks again for your help!
Attached pls find the logfile.
Thanks again for your help!
evilfantasy
Posts: 425 +0
Please download the trial version of SpySweeper
* Click the Free Trial link under "SpySweeper" to download the program.
* Run the installer. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits
* Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish
* Paste the contents of the session log you copied into Notepad and save it to your desktop.
* Attach the summary in your next reply along with a new HijackThis log.
Also post a new Hijack This log.
* Click the Free Trial link under "SpySweeper" to download the program.
* Run the installer. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits
* Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish
* Paste the contents of the session log you copied into Notepad and save it to your desktop.
* Attach the summary in your next reply along with a new HijackThis log.
Also post a new Hijack This log.
pbogdanovic
Posts: 12 +0
Current version of Spy Sweeper seems to differ somewhat from previous ones, but I still managed to scan as instructed.
Attached please find the log.
Thanks!
Attached please find the log.
Thanks!
evilfantasy
Posts: 425 +0
Sorry about the guide, it has been in use for a while, I will need to update it.
You can uninstall SpySweeper as we are done with it.
Use the a-squared online scanner
1. Select Scan your PC now!
2. Select Deep Scan
3. Click on scan
* The scanning engine will load any updates, this may take a few minutes so please be patient.
**IMPORTANT: Before doing anything else, first click on Save Report and save the report to the Desktop This will put a log on the desktop named a2scan_######
4. Place a check mark next to the items found and select to Quarantine selected objects
* To delete the items found hold down the Ctrl button on your keyboard and click each item to hilight it. Once all are selected click Delete
Add the a2scan_ as an attachment in the next post along with a new HijackThis log.
You can uninstall SpySweeper as we are done with it.
Use the a-squared online scanner
1. Select Scan your PC now!
2. Select Deep Scan
3. Click on scan
* The scanning engine will load any updates, this may take a few minutes so please be patient.
**IMPORTANT: Before doing anything else, first click on Save Report and save the report to the Desktop This will put a log on the desktop named a2scan_######
4. Place a check mark next to the items found and select to Quarantine selected objects
* To delete the items found hold down the Ctrl button on your keyboard and click each item to hilight it. Once all are selected click Delete
Add the a2scan_ as an attachment in the next post along with a new HijackThis log.
pbogdanovic
Posts: 12 +0
Unfortunately, I am unable to run a-squared online scanner. I tried it three times, but every time I receive a 0x000000024 stop error / bluescreen.
I will try again in Safe Mode, but fear the result will be the same. Before it reboots, SpySweeper does find some serious infections in the system.
I will try again in Safe Mode, but fear the result will be the same. Before it reboots, SpySweeper does find some serious infections in the system.
evilfantasy
Posts: 425 +0
Those are mainly cookies and temp. files.
Try to run the online scan.
Try to run the online scan.
pbogdanovic
Posts: 12 +0
It did find also Trojan-Dropper.Win32.Agent.cuj before it crashed also under Safe Mode.
However, the Stop Error was in ntfs.sys, so there really might be a HDD error. I'm running chkdsk now to make sure everything is okay.
I was unable to run a-squared online scanner to the end. Each time it was running it simply shutdown Internet Explorer before completing.
I tried restarting it several times and each time it was the same. I had to manually cancel the scan in order to be able to remove Trojan-Dropper.Win32.Agent.cuj. Continuing the scan afterwards, the same thing happened again - Internet Explorer simply shuts down close to the end of scanning.
Included is the new Hijack log.
(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
However, the Stop Error was in ntfs.sys, so there really might be a HDD error. I'm running chkdsk now to make sure everything is okay.
I was unable to run a-squared online scanner to the end. Each time it was running it simply shutdown Internet Explorer before completing.
I tried restarting it several times and each time it was the same. I had to manually cancel the scan in order to be able to remove Trojan-Dropper.Win32.Agent.cuj. Continuing the scan afterwards, the same thing happened again - Internet Explorer simply shuts down close to the end of scanning.
Included is the new Hijack log.
(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
pbogdanovic
Posts: 12 +0
Could anyone please help?
evilfantasy
Posts: 425 +0
Suggestions.
Spyware Doctor is heavy on resources, uninstall it and replace it with SUPERAntispyware Free Edition (SAS)
Zone Alarm is a resource hog as well PC Tools Free firewall is a good replacement.
Then do a scan with SAS.
Install it and double-click the icon on your desktop to run it.
* It will ask if you want to Update the program definitions, click Yes.
* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked:
* On the left check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK.
* Make sure everything in the white box has a check next to it, then click Next.
* It will quarantine what it found and if it asks if you want to reboot, click Yes.
* To retrieve the removal information please do the following:
* Click close and close again to exit the program.
* Please add the log as an attachment in the next post.
Spyware Doctor is heavy on resources, uninstall it and replace it with SUPERAntispyware Free Edition (SAS)
Zone Alarm is a resource hog as well PC Tools Free firewall is a good replacement.
Then do a scan with SAS.
Install it and double-click the icon on your desktop to run it.
* It will ask if you want to Update the program definitions, click Yes.
* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked:
- Close browsers before scanning
- Scan for tracking cookies
- Terminate memory threats before quarantining.
- Please leave the others unchecked.
- Click the Close button to leave the control center screen.
* On the left check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK.
* Make sure everything in the white box has a check next to it, then click Next.
* It will quarantine what it found and if it asks if you want to reboot, click Yes.
* To retrieve the removal information please do the following:
- After reboot, double-click the SUPERAntiSpyware icon on your desktop.
- Click Preferences. Click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- It will open in your default text editor (such as Notepad/Wordpad).
- Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
* Click close and close again to exit the program.
* Please add the log as an attachment in the next post.
pbogdanovic
Posts: 12 +0
It seems everything is clean now!
Thank you very very much for your kind help!
Thank you very very much for your kind help!
evilfantasy
Posts: 425 +0
Go to Start > Run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit Enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again
ComboFix /u
Make sure there's a space between Combofix and /
Then hit Enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again
pbogdanovic
Posts: 12 +0
Thanks again!
- Status
Similar threads
Latest posts
-
Japan aims to strengthen antitrust laws against Apple and Google- p51d007 replied
-
New Affordable AMD B650 Motherboard Roundup- Steve replied
-
The Best GPU for Every Price Point- themastergoose replied
