Malware and Virus RemovalProblems removing malware/viruses? Get help from our Malware removal experts.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
problems with pc, specifically, totally unexpected shut downs.
Hi, I'm Forsaken Knight, but everyone can call me F.K. for short.
Anyways, I have been having this problem for about two to three weeks at this point/day. The problem is this, my home pc unexpectidely crashes from time to time, (quite often really, since this started). I know this is a problem, cause I have left my pc on for days/months at a time, and no issues arisen from this. It does not matter how long i'm on, or what I'm doing, for my home pc to unexpectidely crash. It has even crashed at times when I am typing in my password in order to get into my home pc.
After a few of these events happening, I've decided to uncheck the option that allows your pc to automatically restart when you unexpectidely crash. I did this so I can see the blue screen of death, since it has info displayed on it when this event happens. At first, when this first started, no text was present on that blue screen, even though it was brief, I could tell this. After doing so, and reading the text that started to display, I wondered about it, cause none of it made sense.
One time, one suggestion on that blue screen was for me to disable my firewall, (which I didn't and never will). I have written down on paper what was displayed on that blue screen, but not everything. I've only written down the main things that don't show up on each occurance of this.
Sometimes, when I'm looking through my home pc for newly modified files, the crash happens. It also has happened when I play online games, (this is when it first occured). I only play one type of online game, and no, its not wow, I have niether the money, nor the time and patience needed for that game. I play mostly first person shooter games online. Now, when I attempt to play an online game, the game crashes after a short while. Sometimes, it just crashes the game, and others times, it crashes the whole pc like I've started earlier.
I have even had an internet window have an error, which it needed to shut down unexpectedly. I don't search the web to much, so I mostly go to sites which I have been to before. So I don't go to sites that are shady and could cause such problems. My home pc also has suddenly logged me off, even when I left my pc idle over night. I know this cause I was logged in when I left it, and when I checked it in the morning, it was back to the log in screen.
I have run adaware, and spybot S&D. Both searches have found the same cookies, but when I delete them, they appear soon after, like I didn't even touch them. In the spybot S&D search it has found several registry keys and registry files. I don't know how to check, and fix those registry type file, without harming my pc.
I have written down somethings that have been displayed on that blue screen as well. If anyone here wants me to post what I have comprised, please post asking just that.
Lastly, if any one can help me, thank you. This is just a major annoyance to my pc experience. There are only two people whom use this home pc, and neither me nor the other person, has done anthing major online to have caused this. So please, help me.
Didn't find the information you thought to find? Check out these Similar Threads
Please post the details of the blue screens - we need details of any STOP messages such as 0x00000005: INVALID_PROCESS_ATTACH_ATTEMPT plus any file that is referred to on the screen. Later we may want you to debug any memory dumps that were made - instructions on how to do this will be given
Is your antivirus software fully up to date and have you made a full system scan?
Hello everyone, as requested, this is a post of what was asked of me. In addition, I will post “.exe” files that I have viewed in the task manager, with which I personally think are concerning. If you all (or any of), you could look over them and tell me which ones to look out for. Alternatively, perhaps, possibly delete, that will be quite helpful. There are still some that appear, which disappear quickly. When I write those down quick enough, I will post them here. I will also post those registry files that show up when I run spybot S&D. Those files along with the cookies that spybot find, appear to be together. I say this because once I delete the cookies only, whether using ad-aware, or spybot, they reappear. I have not deleted the registry’s which show up in the spybot search, but if any look like I should, please tell me. Thank you, and now, here is what I have compiled.
Unique parts of the text that appears on the blue screen:
Note: I have not written every word down which was on the blue screens appearance, only the main difference between all of them. If you would like me to gather that information as well, please ask for that. I will take the necessary steps, (turning off auto restart and all, and getting a paper and pencil ready), to get that information. This is a list of the main things displayed on the blue screen’s text, which my pc identifies as the problem.
If other types of unique info appear, I will post it here.
List of “.exe” with which seem suspicious:
Note: These appear at the start of logging into my pc. If you wish for a list of “.exe” files that appear after logging on, and ones that stay on, (there are over fifty of them), please request it.
1. Fxssvc.exe
2. smss.exe
3. hpsysdrv.exe
4. LuCallBackProxy.exe
5. unit.exe – (note: this one has something in the front, but I was unfortunate to get it in time).
6. wmiprvse.exe
7. wuauclt.exe
8. rundll32.exe
9. reader_sl.exe
10. CFD.exe
11. hkcmd.exe
12. alg.exe
13. CCPROXY.EXE
14. NMIndexStoreSvr.exe
15. LowLight.exe
16. imapi.exe
17. TeaTimer.exe
18. YPager.exe
Note: I have seen that more that appear suspicious to me, but I have not written them down yet.
List of things that appear in the spybot search of my pc:
42 problems found (32:19)
10. Worldsecurityonline.FakeAlert: four entries (first two are registry values, and the other two are registry keys). Details:
1. (SBI$F01653D0) Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler\(8d8c2387-7180-4022-9be6-… (the rest cannot be seen)
2. (SBI$29DE6D9E) Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\carbinyl
3. (SBI$9177AA62 Class ID HKEY_CLASSES_ROOT\CLSID\(8d8c2387-7180-4022-9be6-43630a969558)
4. (SBI $5F3B3515)Uninstall settings HKEY_LOCAL)MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Syst em Alert Popup
There is also one called “WildTangent,” which appears in spybots’ search. That entry has 29 different types. If you would like me to post that as well, please request it specifically.
There, that is all that I have gathered thus far. I would like to also ask something of any of you. How do you check what is being run in the systems idle processes, (which you can find in the task manager)?
LowLight.exe appears to be associated with Logitech webcams. No immediate cause for concern. I didn't notice anything obviously bad about the other .exe files you listed either.
Quote:
There is also one called “WildTangent,” which appears in spybots’ search. That entry has 29 different types.
I have seen WildTangent files installed into my computer when I installed Logitech mouse software in the past. If I recall correctly, I removed all WildTangent stuff (via "Add/Remove Programs" in Windows XP's' Control Panel) without negatively affecting the performance of my Logitech software/mouse. I suggest removing the WildTangent stuff via Add/Remove Programs and then restarting the computer before proceeding with my suggestions below.
I would be inclined run Spybot Search & Destroy again and have Spybot fix the problems it finds EXCEPT the ones I quoted above and then restart the computer. If I'm not mistaken, some legitimate 3rd party anti-virus and firewall programs make those "...DisableNotify" and "AntiVirusOverride" registry key settings to keep Windows from alerting you that aspects of native Windows applications have been disabled by the 3rd party applications.
Quote:
How do you check what is being run in the systems idle processes, (which you can find in the task manager)?
I have used HijackThis to see what processes are currently running in my computer. HijackThis is also handy for finding evidence of many types of malware.
If you choose to download and run HijackThis...
Click here and scroll down to locate and download "HJTsetup.exe".
Save HJTsetup.exe to your desktop.
Double-click on the HJTsetup.exe icon on your desktop.
(By default it will install to C:\Program Files\Hijackthis)
Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
Put a check by Create a desktop icon and then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch HijackThis.
Click on the Do a system scan and save a log file button.
(It will scan and the log should open in Notepad.)
Click on "Edit" > "Select All" to higlight the entire Notepad contents.
Then click on "Edit" > "Copy".
Come back here to this thread and Paste the log in your next reply.
(Right-click in the message body field and select "Paste".)
CAUTION:DO NOT have HijackThis "fix" anything without carefully following expert guidance. Otherwise, you might render your computer unstable or even unbootable. Most of what HijackThis finds will be harmless or even required.
Last edited by mailman; 2nd December 2007 at 07:05.
Hi FK,
I don't want to distract from any software problems, but in case I stop following this thread, I would just add my thoughts about the possibility of it being a hardware problem.
Has the dust been cleaned out of the case fairly recently? A lot of dust can get trapped under the fan for the CPU.
If you can "make it happen" by running games (or programs that seem to be graphics intensive), check if the graphics chip/s may be overheating. A lot of graphics have fans on the add-in card that can stop running or loose their lubrication and slow down.
Check for dust and that all the fans are spinning freely. If it seems a lot less noisy than it did originally, that is not necessarily a good sign
Varying error messages might relate to RAM. There are memory diagnostics in my signature.
10. Worldsecurityonline.FakeAlert: four entries (first two are registry values, and the other two are registry keys). Details:
1. (SBI$F01653D0) Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler\(8d8c2387-7180-4022-9be6-… (the rest cannot be seen)
2. (SBI$29DE6D9E) Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\carbinyl
3. (SBI$9177AA62 Class ID HKEY_CLASSES_ROOT\CLSID\(8d8c2387-7180-4022-9be6-43630a969558)
4. (SBI $5F3B3515)Uninstall settings HKEY_LOCAL)MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Syst em Alert Popup
According to CastleCops (a reputable source), it appears you may have a Smitfraud malware infection which may require expert guidance for complete removal.
I suggest you post a fresh HijackThis log into a new Removing Spyware & Viruses forum thread and include a link to this thread http://www.windowsbbs.com/showthread.php?t=69307 so the malware analysts can easily retrieve background information about your issue.
Please include details about any actions you have already performed (such as having already used Spybot to fix the problems above if you have already done so).
Please keep in mind the malware analysts are very busy so it may take some time before they can respond to your issue.
Last edited by mailman; 2nd December 2007 at 22:14.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:51 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
There is indeed some evidence of a zlob (smitfraud) infection. Lets do some cleanup and see if it helps. Download SmitfraudFix by S!Ri, saving it to the desktop.
Restart the computer in Safe Mode by tapping the F8 key upon startup and selecting Safe Mode from the Advanced Startup Menu. Logon to your account.
Double-click SmitfraudFix.exe to start the tool and press 2, then hit Enter.
You will be prompted 'Do you want to clean the registry?' answer Y (yes) and hit Enter.
If prompted to replace the infected wininet.dll file (if found), answer Y (yes) and hit Enter to restore a clean file.
Just so everyone knows, my home pc has a new problem. I got a request from norton that is on my home pc to fix two things. One of them was to run a full system scan, and the other was to check for updates. I did not do the scan, but I did checked for updates. There was one update, and after downloading it, my pc froze. Then, every time I turn it on and log in, norton runs "LuCallBack.exe" in the background. Actually, several of them, about six. After a bit, the pc is so messed up, that it freezes and I have to shut it down. How do I disable norton, so I can fix this? In addition, one time, and this has been going on for two days now, a message appeared that stated that norton antivirus has a currupted or damaged file, how do I find this file? Of course, I will unplug and disable my modem while doing this fix, but I need to know how to turn it off in the first place.
I also got a message after the incident above happened, but not right after it happened, on the blue screen of death. It was as follows, "win32k.sys-address BF9S8CD5 BASE AT BF8000000, DATESTAMP 45F013F6".
Oh, and if anyone whom is keeping an eye on this thread is wondering, I'm typing this message from my school. They are loose there when it comes to this kind of stuff.
I'll check back tomarrow at sometime during the day to see if any of you members have responded.
Thanks for all your help up to this point, and I hope all of you will continue to help me in this matter.
Just so everyone knows, my home pc has a new problem. I got a request from norton that is on my home pc to fix two things. One of them was to run a full system scan, and the other was to check for updates. I did not do the scan, but I did checked for updates. There was one update, and after downloading it, my pc froze. Then, every time I turn it on and log in, norton runs "LuCallBack.exe" in the background. Actually, several of them, about six. After a bit, the pc is so messed up, that it freezes and I have to shut it down. How do I disable norton, so I can fix this? In addition, one time, and this has been going on for two days now, a message appeared that stated that norton antivirus has a currupted or damaged file, how do I find this file? Of course, I will unplug and disable my modem while doing this fix, but I need to know how to turn it off in the first place.
I also got a message after the incident above happened, but not right after it happened, on the blue screen of death. It was as follows, "win32k.sys-address BF9S8CD5 BASE AT BF8000000, DATESTAMP 45F013F6".
Oh, and if anyone whom is keeping an eye on this thread is wondering, I'm typing this message from my school. They are loose there when it comes to this kind of stuff.
I'll check back tomarrow at sometime during the day to see if any of you members have responded.
Thanks for all your help up to this point, and I hope all of you will continue to help me in this matter.
Hi Forsaken Knight,
This is Mike from the Norton Authorized Support team responding to your post. I'm sorry that you are experiencing a problem with the LiveUpdate feature of Norton and I want to help you resolve this issue.
Please respond back and let me know the Norton product and Version you are using.
While I am waiting for your response, it appears from your posting that your installation of Norton may have become corrupt.
Please follow the steps below to resolve this issue by completely uninstalling Norton and performing a re installation.
1. First, download and run the Norton Removal Tool, by clicking on the following link and following the instructions in the document carefully. NOTE: This tool will completely remove all Norton products from your system.
2. After you have removed Norton, please restart your system.
3. Make sure that your internet connection is working properly, and then reinstall Norton from the original media while connected to the Internet.
This is something new to these course of events with my home pc. The pc last week just stopped loading up on the intials start up. No action is shown other than the fact that you can hear the pc active. The drive's on the pc open and close when the buttons are pressed, and the light under my mouse turn on as well. The num pad, caps lock, and scroll lock lights flash once. Other than that, no response from the pc it self. All other components of my home pc appear to be working fine. If you have any idea on what I should do in order to fix this, so I can completely repair my pc, please post so. After I am able to log in again to my home pc, I will do as you all have said about the instructions I should follow towards fixing my pc for good. Oh, and to the last poster before me, I will post that info once I am able to log into my pc. That way, I can give you direct, correct, information regarding what you asked of me.
P.S.: If there is a step that I have not done so and not posted, could someone point that out.
In addition, if someone could summarize all of the steps thus far with this problem of mine, so others who will fall victom to it will know what to do when the problem arrizes, that would be helpful. Both, for me, and those that need to know what to do quickly in order not to get to the stage that I am at; and hopefully, know what to do if they are too into this problem before they get to this web site's page.
Thank you all again for your patience with my dilemma
Hey, its me again. I take it not to many people are keeping track of this thread. But either way, I hope someone will help me with my problematic pc. I'm at school now, so, I check back before I leace to see if anyone has responded yet to this thread. I hope some one does though, either way.
