Results 1 to 12 of 12
  1. #1
    2 Star Lounger
    Join Date
    Jan 2010
    Location
    Upstate NY, USA
    Posts
    192
    Thanks
    25
    Thanked 8 Times in 4 Posts

    PC failing? Need Assistance

    Win 7 64-bit HP; 6GB Ram; Asus P6T Deluxe MOBO, 2 hard drives, 2 optical drives, card reader/floppy combination. Use AVAST, SAS Pro and MBAM; My data is backed up and system is scanned regularly. I re-ran full scans with all my a/v and anti-malware when this started. I have a 1000W Thermaltake Toughpower modular power supply and a Coolermaster V8 CPU cooler.

    Last several days noticed anomalies during bootup several of which resulted in critical errors in EV; some services are disabled and on reboot they return. For instance printer service disabled and I have no printers; diagnostic policy service is disabled and on reboot is enabled; critical error telling me that Device F:\ that happens to be my floppy card reader is offline due to mode driver crash; audio service disables and re-enables on reboot. My system does not beep on bootup and I am ashamed to admit I can't remember if I had it at all.

    I ran an sfc /verifyonly and there were no issues. I thought of doing a clean install of Windows, but I don't think that's going to be the solution. I think I may be in the middle of one of my pieces of hardware going down, but am not sure what should be done next. Help would be appreciated.

    Diane

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Diane,

    You might want to try a Root Kit scanner { Sophos or Kaspersky } and/or Windows Defender Offline. I'd also check your event logs to see what they have to say.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  3. #3
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    If this might be a hardware failure, I would create a system Image ASAP just in case. Store the Image on a ext drive (ext HD preferred) This way if the failure is a hardware failure, your OS can be restored. If it is a virus, etc, the Image can be deleted. Either way you are protected.

    There are many excellent 3rd party Imaging apps that can accomplish this for you. Just be sure to create a Boot media CD with whatever Imaging app you choose.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  4. #4
    2 Star Lounger
    Join Date
    Jan 2010
    Location
    Upstate NY, USA
    Posts
    192
    Thanks
    25
    Thanked 8 Times in 4 Posts
    I have run Sophos RootKit and it found nothing. I am running the WDO now.

    I checked my EV logs which is where I found the errors. The Printer Spooler and Diagnostic policy errors were Service Control Mgr errors ID 7000. Then, on my last reboot i got this:

    \??\C:\Windows\system32\3E29.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    I don't have a clue what this might be. There is no solution for this gem at the M/Soft site. I've saved all my stuff via imaging to disk so I'm not worried about data loss. I'm just at a loss as to what to try next.

    D.

  5. #5
    2 Star Lounger
    Join Date
    Jan 2010
    Location
    Upstate NY, USA
    Posts
    192
    Thanks
    25
    Thanked 8 Times in 4 Posts
    The last error I got before starting WDO, was this:

    "InitializePrinterProvider Win32.dll. This can occur because of system instability or lack of system resources"...something definitely going on here. I'll post back with the results of the full scan I'm now running.

    Diane

  6. #6
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Diane,

    That's a temporary file. I'd delete it it shouldn't be in your system folder. I'd also use Sysinternals Autoruns to see if you can find the entry that is trying to load it.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  7. #7
    2 Star Lounger
    Join Date
    Jan 2010
    Location
    Upstate NY, USA
    Posts
    192
    Thanks
    25
    Thanked 8 Times in 4 Posts
    I ran the Windows Defender Offline and it found:

    "Exploit: Java/CVE-2010-0840.po" on my system. And, I thought I practiced safe surfing. I'm now a believer in Windows Defender Offline" for sure. None of the other anti-malware programs I have installed found it. I had the WDO remove it. When I rebooted my PC Windows told me Java wasn't working properly, so I used Revo to remove it and got the latest version of Java 7.

    I am a bit leery about my PC now as I am still getting Service Control Manager errors.....I just may wipe the whole thing out ans start over.

    Thanks for the help.

    D.

  8. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    It would be safer to uninstall Java completely if you have no reason to use it regularly.

  9. #9
    2 Star Lounger
    Join Date
    Jan 2010
    Location
    Upstate NY, USA
    Posts
    192
    Thanks
    25
    Thanked 8 Times in 4 Posts
    Unfortunately, I use RecipeFox in conjunction with my cooking database program and it requires Java. I might have picked up the infection that way. I will be looking for an alternative solution.

    D.

  10. #10
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I would uninstall Java temporarily until you solve your problem to see if this might be involved in the problem. Perhaps Java is corrupt or perhaps you do not have the latest version. Either way, a temp. uninstall will not be a big deal.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  11. #11
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    I would be cautious about the result from WDO. No other AV or AM software found anything, when you removed the "exploit" Java stopped working and the instability with the system still remains after the cleanup of the "exploit". I have seen several case where WDO has reported infections when no other scanner has: Personally, I would feel more comfortable if another tool could verify the infection.

    Although the sfc /verifyonly came back clean, it doesn't mean that your system is not corrupt. There may be a corruption in the registry for example. I doubt (but would be willing to be proved wrong!) that it is a hardware fault. Hardware issues more often would lead to BSOD's or other error messages rather than the system being unable to start services etc.

    You might like to try a nondestructive Windows re-installation.

    If your event viewer goes back far enough, try to find a switch-on event for the problem - does it coincide with anything specific?

  12. #12
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    Here's a recent breakdown of what that exploit can do http://journeyintoir.blogspot.co.uk/...s-exploit.html bear in mind that the effects are modified by whatever else is packaged up with it.

    I'd advise that you spend some time ensuring that the PC is clean at a good antimalware forum: majorgeeks, techsupportforum, geekstogo, ... better safe than sorry.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •