New UPS infection - help needed

View previous topic View next topic Go down

Re: New UPS infection - help needed

Post by Dr Jay on Wed Sep 19, 2012 4:38 pm

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by spencer.gross.16 on Sun Sep 23, 2012 5:28 pm

The predominant problem is stupendous [i]slowness.[i] I haven't responded in a couple days because I was running a scan (SuperAntiSpyware) and it took 48 hrs. Most of that time Task Manager showed System Idle at 99%. It could take 30 seconds per file.
Minimizing a window can take several minutes during which nothing else responds.
I do get occassional Blue Screens, but infrequently. I do have about 6 svchost.exe running, but all listed at 0%. No fake antivirus alerts.
Mostly just so slow, slow slow that I can hardly use the computer!

spencer.gross.16
Novice
Novice

Posts Posts : 23
Joined Joined : 2012-09-03
OS OS : Windows XP Tablet
Points Points : 15883
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by Dr Jay on Sun Sep 23, 2012 8:01 pm

Please do a memory test: [You must be registered and logged in to see this link.]

Then, let me know results. It takes one to two hours at the most, usually.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by spencer.gross.16 on Wed Sep 26, 2012 1:34 am

Well, it took a while to get MemTest to work: 4.0 wouldn't run on my computer, so I ended up using 3.5b...but, no Errors, no ECC Errors.
A friend suggested 1) 2G RAM actually run slower than 1G on this processor, and 2) maybe I have some incorrect BIOS setting. I wanted to see if you think either of those might explain the extreme slowness. He suggested I actually take out 1G RAM.

spencer.gross.16
Novice
Novice

Posts Posts : 23
Joined Joined : 2012-09-03
OS OS : Windows XP Tablet
Points Points : 15883
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by spencer.gross.16 on Wed Sep 26, 2012 1:45 am

Oh, I may have solved the extra OS ("30") mystery: Before I contacted GeekPolice.net, I had tried to delete SpyBot to eliminate things which might have been slowing the computer, but it persisted in my Startup, so I used msconfig and deleted the SpyBot line from boot.ini. There is another line in boot.ini: Timeout.old=30, which I just read might have been introduced by SpyBot to create a faster and easier boot to Safe Mode, but I haven't tried it yet to see if it, in fact, boots into Safe Mode.

spencer.gross.16
Novice
Novice

Posts Posts : 23
Joined Joined : 2012-09-03
OS OS : Windows XP Tablet
Points Points : 15883
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by Dr Jay on Wed Sep 26, 2012 4:59 pm

Well, it definitely is not connected with another operating system or partition for that matter.

2G RAM actually run slower than 1G on this processor
I find this untrue. RAM is different than CPU power. Processing is hardware that runs the programs and helps process information to memory. It only has an effect on how much data can be written to memory at one time.

The more memory you have (RAM), the more available space in memory there is that the processor can help write to.

If RAM were a problem, then the test would have found faults.

What were the MEMTEST results?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by spencer.gross.16 on Thu Sep 27, 2012 5:56 pm

Well, it took a while to get MemTest to work: 4.0 wouldn't run on my computer, so I ended up using 3.5b...but, no Errors, no ECC Errors.

spencer.gross.16
Novice
Novice

Posts Posts : 23
Joined Joined : 2012-09-03
OS OS : Windows XP Tablet
Points Points : 15883
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by Dr Jay on Fri Sep 28, 2012 6:35 pm

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:


  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by spencer.gross.16 on Mon Oct 01, 2012 5:46 am

1) The computer continues to be very slow; 2) I do seem to be having a fair number of system crashes (blue screen) every couple days, but I see no pattern.

spencer.gross.16
Novice
Novice

Posts Posts : 23
Joined Joined : 2012-09-03
OS OS : Windows XP Tablet
Points Points : 15883
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by Dr Jay on Mon Oct 01, 2012 8:58 am

Please follow this guide and post information back: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by spencer.gross.16 on Tue Oct 02, 2012 5:44 am

I ran the SF diagnostic tool, but I can't figure out how to upload either the folder (sf_01-10-2012) or the .zip file made from it. I can't use servimg because it does not upload .zip files. I've spent the past hour trying to figure this out without success..so, I'm declaring defeat!

spencer.gross.16
Novice
Novice

Posts Posts : 23
Joined Joined : 2012-09-03
OS OS : Windows XP Tablet
Points Points : 15883
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by Dr Jay on Tue Oct 02, 2012 8:49 am

Please upload it to [You must be registered and logged in to see this link.] and post download link here...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by spencer.gross.16 on Tue Oct 02, 2012 4:24 pm

[You must be registered and logged in to see this link.]

Thanks!

spencer.gross.16
Novice
Novice

Posts Posts : 23
Joined Joined : 2012-09-03
OS OS : Windows XP Tablet
Points Points : 15883
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by Dr Jay on Tue Oct 02, 2012 5:43 pm

Please download [You must be registered and logged in to see this link.]
Unzip the downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit > Select All.
Go File > Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by spencer.gross.16 on Tue Oct 02, 2012 7:44 pm

==================================================
Dump File : Mini093012-01.dmp
Crash Time : 9/30/2012 10:18:39 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x898bfda0
Parameter 3 : 0x898bff14
Parameter 4 : 0x805faffc
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c876
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+157149
Stack Address 2 : ntoskrnl.exe+123fba
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini093012-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini092812-01.dmp
Crash Time : 9/28/2012 6:21:16 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x89a91da0
Parameter 3 : 0x89a91f14
Parameter 4 : 0x805faffc
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c876
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+157149
Stack Address 2 : ntoskrnl.exe+123fba
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092812-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini090512-02.dmp
Crash Time : 9/5/2012 9:19:17 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000008
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x804ea79a
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+81dd
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+1379a
Stack Address 1 : atapi.sys+416c
Stack Address 2 : atapi.sys+6d4b
Stack Address 3 : aswMBR.sys+2c71
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090512-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini090512-01.dmp
Crash Time : 9/5/2012 8:53:27 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000008
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x804ea79a
Caused By Driver : atapi.sys
Caused By Address : atapi.sys+81dd
File Description : IDE/ATAPI Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+1379a
Stack Address 1 : atapi.sys+416c
Stack Address 2 : atapi.sys+6d4b
Stack Address 3 : aswMBR.sys+2c71
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090512-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

==================================================
Dump File : Mini090212-01.dmp
Crash Time : 9/2/2012 9:10:08 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x88f93020
Parameter 3 : 0x88f93194
Parameter 4 : 0x805faffc
Caused By Driver : WRkrn.sys
Caused By Address : WRkrn.sys+100a0
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+157149
Stack Address 2 : ntoskrnl.exe+123fba
Stack Address 3 : WRkrn.sys+100f2
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini090212-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini081212-01.dmp
Crash Time : 8/12/2012 1:41:44 PM
Bug Check String : KERNEL_STACK_INPAGE_ERROR
Bug Check Code : 0x00000077
Parameter 1 : 0xc000000e
Parameter 2 : 0xc000000e
Parameter 3 : 0x00000000
Parameter 4 : 0x015e4000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5c876
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6223 (xpsp_sp3_gdr.120504-1619)
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+49e3a
Stack Address 2 : ntoskrnl.exe+110de
Stack Address 3 : ntoskrnl.exe+fb51
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini081212-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini080512-01.dmp
Crash Time : 8/5/2012 8:17:52 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x897fb880
Parameter 3 : 0x897fb9f4
Parameter 4 : 0x805faffc
Caused By Driver : WRkrn.sys
Caused By Address : WRkrn.sys+ffe0
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+5c876
Stack Address 1 : ntoskrnl.exe+157149
Stack Address 2 : ntoskrnl.exe+123fba
Stack Address 3 : WRkrn.sys+10032
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080512-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================


spencer.gross.16
Novice
Novice

Posts Posts : 23
Joined Joined : 2012-09-03
OS OS : Windows XP Tablet
Points Points : 15883
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by Dr Jay on Wed Oct 03, 2012 5:25 pm

Do you ever use Hibernate?

If the computer is slowing down often, then bad RAM is usually the issue.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by spencer.gross.16 on Thu Oct 04, 2012 4:09 pm

I never deliberately use Hibernate, but if I leave the computer on for a while, it automatically goes into Hibernate.
I'll try removing one and then the other RAM chip and see if it makes a difference.

spencer.gross.16
Novice
Novice

Posts Posts : 23
Joined Joined : 2012-09-03
OS OS : Windows XP Tablet
Points Points : 15883
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by Dr Jay on Thu Oct 04, 2012 8:32 pm

Okay. Let me know.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by spencer.gross.16 on Fri Oct 05, 2012 3:58 am

Wow, you may be the Master! There are two 1G RAM chips in my system. When I took out one of them, after 20 minutes, the computer had still not finished booting. I replaced it with the other RAM chip, it booted very quickly and is now zipping along faster than I have seen it for a long time! So, I think the first chip has problems. I'm still afraid to trust that it will last!
Thank-you, Spencer Gross

spencer.gross.16
Novice
Novice

Posts Posts : 23
Joined Joined : 2012-09-03
OS OS : Windows XP Tablet
Points Points : 15883
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New UPS infection - help needed

Post by Dr Jay on Fri Oct 05, 2012 4:30 pm

You're welcome. Now, if you don't know what RAM replacement you need, you can go here to find out: [You must be registered and logged in to see this link.]

Otherwise, let's finish up so you can prevent malware in the future... (woo a long drag, a month so far in this topic):

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download [You must be registered and logged in to see this link.] and save it to your Desktop - [URL='http://www.majorgeeks.com/CCleaner_Slim_No_Toolbar_d4191.html']Alternate download link[/URL]

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from [You must be registered and logged in to see this link.] or [URL='http://screen317.changelog.fr/SecurityCheck.exe']Changelog.fr[/URL].

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum