Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Hardware Hardware
Search Search
Search for:
Tech Support Guy > > >

blue screens, idk if its hardware


(!)

Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
04-Apr-2012, 08:28 AM #61
That one has a different code 7F. These are the listed possible causes and as you can see Memory is the most likely.

Memory corruption, Hardware (memory in particular), Overclocking failure, Installing a faulty or mismatched hardware (especially memory) or a failure after installing it, 3rd party firewall, Device drivers, SCSI/network/BIOS updates needed, Improperly seated cards, Incompatible storage devices, Overclocking, Virus scanner, Backup tool, Bad motherboard, Missing Service Pack
__________________
Please Copy & Paste scan results into your replies, DO NOT send them as attachments or in Code or Quote boxes unless asked to.
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
04-Apr-2012, 08:32 AM #62
This may be a good time to have a closer look at what is running on your system. Follow this and post both logs.

HJT Instructions
Please download the HJT installer from Here Click on the big Green Download button.
In XP a warning bar may appear at the top of the browser page, click on it and select "Download File". Select "Run" in any security warning pop ups.
For Vista and Windows 7 a bar will appear at the bottom of the screen, keep selecting "Run".
NOTE For Windows 7 and Vista you must turn off the User Account Control to allow HJT to run correctly.
For Vista, click on Start and type User Accounts in the search box and hit Enter, click on Turn User Account Control on or off, uncheck the box to turn off UAC. For Windows 7 click on Start and type UAC in the box and hit Enter, then move the slider all the way to the bottom and click on ok.
This action is not required for Windows XP.
When the TrendMicro HJT install box appears, click on "Install", accept the licence agreement and allow it to continue, click on "Finish" when it appears.
  • It will be installed by default here: C:\Program Files\Trend Micro\HijackThis.
  • A shortcut to the application will also be placed on your Desktop.
  • Click on the shortcut on your desktop to run the program.
  • The folder HJT is where you will find the logs that you save. You will find this on the drive that Windows is installed on, usually C:.
  • The first time you open HijackThis, check the Main Menu button at the bottom center. When the main menu appears check the box "Show this window when I start HijackThis".
  • Click on "Do a system scan and save logfile." When the log pops up in Notepad, copy and paste that file back here as a New Message in this forum.
The use of HJT is purely for observation please do not try to fix anything with it or you may damage your system. If I see any suspicious files I will advise you to open a new thread in the Malware forum so an expert can help clean up your PC.


Please also use HJT to post the uninstall list as follows:
  • Please click on the HJT shortcut on your desktop to run the program.
  • Go to the Main Menu and click on Open the Misc Tools section.
  • Then select Open Uninstall Manager in the left pane under System Tools.
  • Click on Save List to the right of the window.
  • Save the file, open it with Notepad and then copy & paste it into your next post.
ihatewindows2's Avatar
ihatewindows2 ihatewindows2 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Beginner
04-Apr-2012, 08:41 AM #63
well thats extremaly disappointing considering that i have already spent money replacing the ram.. looks like i may need to do it again.. great.

anything you can recommend?
thats 8GB preferably, because clearly i can't seem to pick the right ram

what are the chances that all 4 sticks are faulty yet according to memtest are perfectly healthy?

one thing i do not understand is that if the ram is faulty (or any peice of hardware), then shouldn't the restarts and blue screens be consistant rather than running perfectly for a few weeks, then having atleast 3 bsod/restarts a day in a row, then going back to being perfectly fine for a week or so, then going back to 3 errors a day etc etc
without any changes to the computer software or hardware wise.

this is all so confusing
ihatewindows2's Avatar
ihatewindows2 ihatewindows2 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Beginner
04-Apr-2012, 08:52 AM #64
i started the reply before you entered your last one

edit: and the uninstall list.
Attached Files
File Type: rar hijackthis.rar (2.1 KB, 15 views)
File Type: rar uninstall_list.rar (1.2 KB, 21 views)
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
04-Apr-2012, 10:07 AM #65
Quote:
this is all so confusing
I agree, but this does happen from time to time with PC's. Random faults are the most difficult to track down.

Although the most likely cause of the last BSOD is memory I would not go and buy any more RAM before isolating the cause. It is almost beyond the realms of possibility that all four sticks have failed. You have already replaced the sticks once without it curring the problems. Only after setting the RAM timings correctly was there any noticable improvement and as the BSOD's have started again we need to try and find what else may be causing the problem.

My instructions to post the logs ask you to copy and paste, I will now post the logs for easy reading and have a good look through them.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:50:00 PM, on 04/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3951123891-2274334514-690138619-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3951123891-2274334514-690138619-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7504 bytes


Torrent
Adobe AIR
Adobe AIR
Adobe Reader 9.4.0
Apple Application Support
Bridge Commander MW
Bridge Commander MW
D3DX10
DAEMON Tools Lite
Dead Space™ 2
DivX Setup
EVE Online (remove only)
EveHQ
EVEMon
Fallout New Vegas
FLV Player
Fraps
Free WMA to MP3 Converter 1.16
GPGNet
HiJackThis
Junk Mail filter update
K-Lite Codec Pack 8.1.0 (Full)
L&H TTS3000 British English
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.60.1.1000
Mass Effect 2
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox 7.0.1 (x86 en-GB)
MSVCRT
MSVCRT_amd64
NETGEAR WG111v2 wireless USB 2.0 adapter
NVIDIA PhysX
OCCT 4.1.1
Pando Media Booster
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roller Coaster Tycoon 3 Platinum - CarlesNeo !
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SensorsView Pro 4.1
Sins of a Solar Empire Trinity
SpeedFan (remove only)
Star Trek Armada II
Star Trek Online
Supreme Commander - Forged Alliance
TeamSpeak 3 Client
UltimateDefrag V1 FREE Public Domain Version
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
uTorrentControl2 Toolbar
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VIA Platform Device Manager
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
X3 Albio Prelude Bonus Pack 5.1.0.0
X3 Albion Prelude
X3 Terran Conflict v1.0.1
X-Universe Plugin Manager 1.40
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security

Last edited by Mark1956; 04-Apr-2012 at 10:15 AM..
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
04-Apr-2012, 10:09 AM #66
At the very first glance I see Zone Alarm, I have seen this cause problems in the past, as a process of illimination please uninstall it and switch on Windows Firewall.

Last edited by Mark1956; 04-Apr-2012 at 10:14 AM..
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
04-Apr-2012, 10:25 AM #67
Something else I have noticed. If you have the full ZoneAlarm package (which I think you do) that includes realtime Anti Virus protection. You previously had Nod32 running alongside it which could have been causing conflicts. You should never have more than one Anti Virus on the system.

You appear to have removed MSE (or did you ever install it to replace NOD32?)

For the sake of the diagnosis and to keep your system protected, follow what I suggested to remove ZoneAlarm and use this tool ZoneAlarm removal tool Then put MSE on the system instead of reinstalling NOD32, you can always go back to it later.

I also see you have uTorrent installed. Using file sharing P2P networks is the easiest way to get your PC infected and I would strongly recommend against its use.

I am going to ask for assistance to remove some bad entries from the HJT log, there are a few orphan entries and you need to get rid of the uTorrent toolbar as it is dubious. This is probably not related in any way to the BSOD's but best to remove anything that could be causing a problem on your system.

Last edited by Mark1956; 04-Apr-2012 at 10:34 AM..
flavallee's Avatar
flavallee   (Frank) flavallee is online now flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 59,413 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
04-Apr-2012, 11:13 AM #68
Download and install the free version of SUPERAntiSpyware 5.0.0.1146.

Make sure to update its definition files during the install process.

You've already got Malwarebytes Anti-Malware 1.60.1.1000 installed.

Start it and run its update feature so it can update its definition files.

After all of the above has been done, restart the computer.

Do the following in the order listed.

DON'T use the computer while each scan is in progress.

------------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - Perform quick scan - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that EVERYTHING is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

------------------------------------------------------------

Start SUPERAntiSpyware.

Select the "Quick Scan" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

------------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

------------------------------------------------------------
ihatewindows2's Avatar
ihatewindows2 ihatewindows2 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Beginner
04-Apr-2012, 11:18 AM #69
Quote:
Originally Posted by Mark1956 View Post
At the very first glance I see Zone Alarm, I have seen this cause problems in the past, as a process of illimination please uninstall it and switch on Windows Firewall.
alright, doing that now.

Quote:
Originally Posted by Mark1956 View Post
Something else I have noticed. If you have the full ZoneAlarm package (which I think you do) that includes realtime Anti Virus protection. You previously had Nod32 running alongside it which could have been causing conflicts. You should never have more than one Anti Virus on the system.
i didn't ahve the full version, so iw as using zone alarm has a firewall and nod for the anti-virus

Quote:
Originally Posted by Mark1956 View Post
You appear to have removed MSE (or did you ever install it to replace NOD32?)
didn't install it, i figured i wouldn't need it just to play a game and wait for something bad to happen, but im installing MSE now.

Quote:
Originally Posted by Mark1956 View Post
For the sake of the diagnosis and to keep your system protected, follow what I suggested to remove ZoneAlarm and use this tool ZoneAlarm removal tool Then put MSE on the system instead of reinstalling NOD32, you can always go back to it later.
done, thanks

Quote:
Originally Posted by Mark1956 View Post
I also see you have uTorrent installed. Using file sharing P2P networks is the easiest way to get your PC infected and I would strongly recommend against its use.
removed it..

Quote:
Originally Posted by Mark1956 View Post
I am going to ask for assistance to remove some bad entries from the HJT log, there are a few orphan entries and you need to get rid of the uTorrent toolbar as it is dubious. This is probably not related in any way to the BSOD's but best to remove anything that could be causing a problem on your system.
soon has i saw it on there i removed it, and a few other pointless things that i don't use.

thanks for going through all this trouble, i really appreiciate it
flavallee's Avatar
flavallee   (Frank) flavallee is online now flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 59,413 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
04-Apr-2012, 11:23 AM #70
Let's hold off doing any "housecleaning" in the HiJackThis log and doing some other things until after post #68 is completed.

I'm going to be off-line for a few hours, so I'll check back here later.

----------------------------------------------------------
ihatewindows2's Avatar
ihatewindows2 ihatewindows2 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Beginner
04-Apr-2012, 11:33 AM #71
Quote:
Originally Posted by flavallee View Post
Let's hold off doing any "housecleaning" in the HiJackThis log and doing some other things until after post #68 is completed.
sorry, i replied before your post.

done the scans.
----------------------------------------------------------------

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
aj :: AJ-PC [administrator]

04/04/2012 05:21:39 PM
mbam-log-2012-04-04 (17-21-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208046
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
----------------------------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/04/2012 at 05:29 PM

Application Version : 5.0.1146

Core Rules Database Version : 8415
Trace Rules Database Version: 6227

Scan type : Quick Scan
Total Scan Time : 00:08:15

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 525
Memory threats detected : 0
Registry items scanned : 57542
Registry threats detected : 0
File items scanned : 10925
File threats detected : 0
-----------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:32:41 PM, on 04/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll (file missing)
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-3951123891-2274334514-690138619-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3951123891-2274334514-690138619-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6772 bytes
--------------------------------------------------------------------------------------------------------------


alrighty, all done
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
04-Apr-2012, 12:58 PM #72
Thanks for jumping in Flavellee
flavallee's Avatar
flavallee   (Frank) flavallee is online now flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 59,413 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
04-Apr-2012, 03:46 PM #73
Start HiJackThis, then click "Do a system scan only".

After the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)


then click "Fix Checked - Yes".

Close HiJackThis.

------------------------------------------------

Click Start - Run, then type in SERVICES.MSC and then click OK.

Expand the services window so you can see the list clearly.

Double-click on these entries, one at a time, to open their properties window:

NVIDIA Display Driver Service

NVIDIA Update Service Daemon


If "startup type" is set on Automatic, change it to Manual, then click Apply - OK.

Close the services window.

------------------------------------------------

Click Start - Run, then type in MSCONFIG and then click OK - "Startup" tab.

Remove the checkmark in these startup entries:

PeerBlock

SUPERAntiSpyware


then click Apply - OK/Close - Restart.

------------------------------------------------

Click Start - Run, then type in

%temp%

and then click OK.

Once that temp folder appears and you can view its contents, select and delete EVERYTHING that's inside it.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

If a massive number of files are being deleted, the computer may appear to "hang". Be patient and wait for the deletion process to finish.

After it's done, restart the computer.

-----------------------------------------------
ihatewindows2's Avatar
ihatewindows2 ihatewindows2 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Beginner
05-Apr-2012, 02:19 AM #74
ok, followed the steps exactly, nice and clear, thank you

and im guessing that might have solved the problem?


well im going to go and find out, going to go and play a game and see if it decides to cause any trouble

thanks for helping me out on this, both of you
ihatewindows2's Avatar
ihatewindows2 ihatewindows2 is offline
Member with 59 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Beginner
05-Apr-2012, 02:46 AM #75
didn't work.

i got a blue screen whilst playing it didn't save to minidump but it was a "memory_management"
and at the blue screen it got stuck at 85 so i had to switch the computer of manually.

looks like it didn't work
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2