Troubleshoot OS Screen C: drive inconsistency and FF issue

[Zexx]

I should also probably add that this may have something to do with my university;

Due to the start of a new semester, the WiFi service is messed up- so I took steps to "restart" or "reinstall" the university WiFi. Namely, they had a file which I downloaded for Windows 7 specifically to make the setup automatic.

 

[Zexx]

Is it possible to place this back into the malware thread? I am unsure how to move it around (I originally did place it there, bu then it came here).


Also, isn't there a way to look at specs without downloading anything?

 

[Deleted Member 333v73x]

Okay, I'll do the Adw thing by tonight (midnight). I get the feeling that this is malware related- it's highly unlikely related to software.


The other thing is- IT GOT WORSE!

I was trying to wake it up for hibernation today, and then a black screen came up saying it couldn't wake up from hibernation and a reboot would be needed. So I hit enter.

Then another screen came and gave me a choice; either reboot, or retry... so I did retry. Thankfully then it came back up regularly.

@Zexx I now highly recommend you post this in Malware Removal Assistance like @exterminator20 advised, a member of staff or Malware Removal Expert will help you from here because the problem is getting worse and you think it is malware related, it is probably the best - if you are told your PC is malware free then come back to this thread

You will have to make a new thread in Malware Removal Assistance only staff can move it.

P.S: Do not follow any instructions from this thread apart from posting this in Malware Removal Assistance also do not follow any of the advice I have give you you from now...

Please tell me when you have posted a thread and if the issue gets resolved

You can check computer stats by right-clicking computer and then clicking properties.

Regards,
@Tornado
(Previously @Anti-Malware Reviewer, also known as AMR)

 

[Zexx]

Sorry for the super late reply-illness/work/university got in the way.

Can I just give two/three updates here and then move over?

First the Adw stuff (going through the Adw folder, there seems to be three reports from that day: C2, S3, and Quarantine. The one that popped up after restart was C2 I think):
________________________________________________________________________________________________________
# AdwCleaner v5.031 - Logfile created 30/01/2016 at 22:36:42
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : SMJ - SMJ-TOPSECRET
# Running from : C:\Users\SMJ\Downloads\adwcleaner_5.031.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.2.4

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\Users\SMJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\Users\SMJ\AppData\Roaming\Mozilla\Firefox\Profiles\00o75v1o.default\Extensions\Avg@toolbar.xpi
[-] File Deleted : C:\Users\SMJ\AppData\Roaming\Mozilla\Firefox\Profiles\00o75v1o.default\searchplugins\avg-secure-search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv
[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

[-] [C:\Users\SMJ\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bohapeiooecafommnlaiccilacgmkaoc

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3643 bytes] ##########
_____________________________________________________________________________________________________________END





In addition to this, when it was done and the restart was going on, the C: drive inconsistency thing came up again (a black screen, not blue) and ran through whatever. It seemed to have gotten through- it didn't freeze this time around. But when I was watching it a bunch've questions came up in my head in regards to the places this thing was referencing.

-What is file q?
-WHat's $SDH?
-What's index $SIT of file q?
-what does it mean when inserting an index entry with ID 5052 into index $SII of file 9?

That's all I managed to write down as it was going fast. WTH is this stuff? @_@
After that was done, it came back up and the above report was open.




HOWEVER, a day or two later I had another BSOD! -.-'

And then yesterday I had a weird BSOD where I could customize stuff? It had serial information and I could change date... there were some other tabs that I could open but I didn't go there.

I don't know if I should post the serial stuff here or whether it would help.

And finally, yea, I'll move this to the other thread soon.

 

[Zexx]

I just got another BSOD right now. Looking back on the previous posts, it was advised that I use the Command Prompt with a particular command. However, it states that I must be an "administrator running a console to do that". Means what?

 

[Deleted Member 333v73x]

I just got another BSOD right now. Looking back on the previous posts, it was advised that I use the Command Prompt with a particular command. However, it states that I must be an "administrator running a console to do that". Means what?

Right click the command prompt and click 'Run as Administrator'.

 

[Smith83]

A simpler but more indirect approach to this issue, instead of using BlueScreenView by yourself and posting the logs, would be to navigate to C:\Windows\Minidump and pack the most recent .dmp files you find in that directory in a .zip archive, and lastly upload that .zip file here as an attachment.

This way, other members here will be able to take a look at the minidumps and attempt to suggest an overall more accurate diagnosis as to what may have caused the BSODs.

Yes, upload your minidump files. That would be the best course of action, BSV is not very good....

 

[Zexx]

I just turned on the computer right now (9:10), and it said that Windows had recovered from an unexpected crash- but it was fine the last time I used it last night. So I'm guessing it did a ghost thing in the night again ;-;.




Okay, will do.

 

[Zexx]

Sorry, still around, just that exams/work/assignments have been getting in the way since

How do I upload minidumps again?

And since then there has only been a problem once: a bluescreen shutdown, and then a bludescreen options screen on startup.

 

[Smith83]

Minitoolbox Scan.



Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.


Autoruns Scan.


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
In other words make sure it is a .txt file instead of .arn

Post the log in your next reply.





Upload All MiniDumps.



Please upload your minidump files. How to compress and upload Minidump files