System Restore + Blue screen = Virus?

Trgovec · Jan 20, 2009

Hello
I've got Win Vista Home Premium SP1. Up until recently, when i chose System Restore it came up with a calander-like window and then i was able to choose the day i wanted my sistem restored to. Then a few days ago I experienced a crash, and it took my pc a while to check my disk (the only one, since it's a laptop).
That's the checking:

Then i manged to enter Vista again, and i thought i'd just restore again, hoping nothing was wrong. And when i clicked System Restore it took absolutely AGES to open (the rest of the stuff worked/s well...) and when it eventually opened i got that:

And now, if i choose "Choose a different restore point", i get this:

Where has the calender gone? Where are my previous restore points??? What's wrong?
Then, yesterday i was checking bbc's webpage and i came across this article: Click
Do you think it's that virus? Please help.

Cheers!

smarteyeball · Jan 20, 2009

Those screens look normal. Did you have manually created restore points that are missing?

Trgovec · Jan 20, 2009

No. And also, why can't i see the calendar anymore?

Every now and then i get also such Blue screen:

The pic is taken from the internet and i'm not 100% sure that's what it says on my laptop because it appears for just a sec, and then the computer restarts.
Why is this Blues Screen happening??

MrNeeds · Jan 20, 2009

Trgovec said:
No. And also, why can't i see the calendar anymore?

Every now and then i get also such Blue screen:

The pic is taken from the internet and i'm not 100% sure that's what it says on my laptop because it appears for just a sec, and then the computer restarts.
Why is this Blues Screen happening??

can you take a picture of your own blue screen? it is essential to find the error code so we can find the problem and resolve this issue.

dk70 · Jan 20, 2009

I noticed you have Uniblue Driverscanner installed - "automatically updating drivers" Let us hope it does not make mistakes then -and that it works flawlessly with System Restore points. If not you could be seeing bsod. Would most likely be better if you let Windows Update take care of this, and hunt down the few 3rd party drivers it does not include and computer really need.

You really paid 30$ for such a service?

Trgovec · Jan 20, 2009

MrNeeds said:
Trgovec said:

No. And also, why can't i see the calendar anymore?

Every now and then i get also such Blue screen:

The pic is taken from the internet and i'm not 100% sure that's what it says on my laptop because it appears for just a sec, and then the computer restarts.
Why is this Blues Screen happening??

Click to expand...

can you take a picture of your own blue screen? it is essential to find the error code so we can find the problem and resolve this issue.

I know... but that's quite hard sice it appears for just a second and it seems it doesn't crash on a regular basis... Sometimes for example while i'm working ony my laptop and sometimes when it's just running without me using it. I've been getting those blue screen every now and then, but untill a few days ago (maybe you're right dk70) untill i tried to install a package from Uniblue all crashes hadn't caused any harm, excet from losing some of the settings i had previusly created or set...
I actually havent used that driverscanner thing properly yet - the only thing i installed was that sound driver HD sth...
Shall i uninstall the whole package then? On their homepage they're saying they're compatibile with Windows and they've got some awards from Microsoft so i thought it must be useful.

dk70 · Jan 20, 2009

Possible driver scanner is not the only or first problem.

Dont get used to crashes and system restore points. Could be virus/malware, bad driver/programs. Hard to guess.

May be Driver Scanner is compatible, have won gold medals, but the whole idea of managing drivers for Admin/you is just wrong. Seems like asking for trouble or suffering from extreme lazyness

If you cant catch bsod then look in Event Viewer. If problem is hardware based like bad memory it might not be in there - and stop code probably wrong anyway. May be you should make a Hijackthis log for now if not certain what is up and down. There is a better tool available btw, called RSIT but I dont know if this forum have rules for reporting. Some are rigid with this. It will automatically download Hijackthis if not installed, run hjt and then add some info like eventviewer, scheduler, files/folders created last 30 days. Google "random system information tool" including quotes. When done you have a new folder c:\rsit with 2 log files, upload.

Trgovec · Jan 20, 2009

Thank you so much for being so kind and writing all that for me. I'm not really good at computers so please don't get frustrated if i ask sth stupid

First of all, about the Event Viewer. I've opened, but what now? where should i look for the report about my BSOD?

I've uploaded the files.... Hope you'll find sth - i clearly dont

Thanks agian

Btw, i'm not sure if i stressed that out, but i've been getting BSOD ever since i got my laptop, but the serious change (with system restore and all that checking) has accured after i'd tired to install Frame Work 3.5 which was requested for that Uniblue package to work (to be more precise, Uniblue SpeedUpMyPC 2009 requested that). Hope that helps

MrNeeds · Jan 20, 2009

Trgovec said:
Thank you so much for being so kind and writing all that for me. I'm not really good at computers so please don't get frustrated if i ask sth stupid
First of all, about the Event Viewer. I've opened, but what now? where should i look for the report about my BSOD?

I've uploaded the files.... Hope you'll find sth - i clearly dont
Thanks agian

Btw, i'm not sure if i stressed that out, but i've been getting BSOD ever since i got my laptop, but the serious change (with system restore and all that checking) has accured after i'd tired to install Frame Work 3.5 which was requested for that Uniblue package to work (to be more precise, Uniblue SpeedUpMyPC 2009 requested that). Hope that helps

to get a longer view of your BSOD, simply right click computer>on the left, click on advanced system settings> advanced tab> startup and recovery settings and in there it should look like image attached, simply uncheck automatically restart, this will keep the BSOD up forever until you hold in the power button on your computer, and after it blue screens, take a pic and upload here and dont forget to change the automatically restart option again or it will never restart if it blue screens

Trgovec · Jan 20, 2009

Thank you loads for that one ! :D
can't wait to see my next Blue Screen :P

Btw, i see there is a tick at "Write an event to the system log" Where is that written?
Is that what dk70 requested? dk70, have you been able to work it out what's wrong with my computer?

I'd also like to ask again whether anyone has got a clue why i can't have a calendar in "system restore" anymore.

dk70 · Jan 20, 2009

Hmm, that was a mouthfull...

First of all you have like 3 3rd party firewalls installed. Huge mistake. Get rid of Comodo and Zonealarm. Settle for ESET Suite.

On top of that you have Counterspy stuff installed. Get rid of it.

And I think you are infected, 99.9% certain:
bonus_txt.exe as a running app, not sure but ????
C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe is another ???, not sure
C:\DZS.ASP32.Slovarji.24in1.Cracked-Bushy\Asp32.exe look here
Divxsm.exe look here might not be part of a worm, could be.

All those security installations can easily clash and give BSOD - some even on their own! Dont think there is need for panic regarding infections so uninstall those extras which in fact can be cause of all problems. Then take care of infections later.

And of course you have Emule! and utorrent - not saying anything about licensing all those programs you have... I certainly use utorrent myself, emule not so much.

Possible troublemakers
Folder Lockbox XP should work on Vista but hmm - might be worth checking out if nothing else helps.

So after you only have ESET as main security program I think I would install and run something like Malwarebytes Anti-Malware, download here It does not conflict with ESET. Ok to have many security programs installed but it depends on which and how they work together - or not. If unlucky you can get virus-like behavior because of conflicts.

Also, you really should only use 1 3rd party firewall but take it easy and wait until some more people have looked at logs. The more eyes the better. Im no expert but 100% certain security setup is a big mess. Clean that up first.

You might also want to let ESET do a full scan, everything on highest settings. Online Scanners are useful as well since you can use for example Kaspersky or Microsoft - might see things not visible to ESET, as of this date.

Overall impression is I have some understanding computer give up from time to time :cool:

Trgovec · Jan 20, 2009

Thank you very much for your help.
wow, i'm quite scared now... infected you say?
C:\DZS.ASP32.Slovarji.24in1.Cracked-Bushy\Asp32.exe is 100% ok, bec that's a dictionary.
But the thing that bothers me is this bonus_txt.exe you mentioned. Zone Alarm asked me if it shall let it connect to the Internet and i said no. How can i get rid of that?

I've installed CounterSpy only today, bec i was hoping to find some spyware on my computer. It's a whole different story with Comodo. After i got my laptop, i installed Comodo but then it crashed during its installation (i think it was a blue screen but not sure) and then i tried to uninstall it, but with no luck. So officially it's still there although everything including the registry has been deleted.

How do i get rid of this one: C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe ?

About ESET firewall. Zone Alarm does a good job asking me for every little thing if i allow it or not. Does ESET let everything to connect or what or it's just so smart that it can determine which programs are harmful and which are not?

Thank you very very much again for your help.

Edit:
I opened Task manager and found this bonus_txt.exe and went to the folder of it orgin and deleted it after i've shut it down in Task Manager. Is this enough?

dk70 · Jan 20, 2009

Comodo is listed as having running drivers so not dead yet. How to uninstall completely - wish I knew. Think I would use ServiWin Under View chose drivers, find Comodo, rightclick and change startup type to disabled. You can do the same in Vista system properties but easier with ServiWin. Sort by company or look for

cmdGuard;COMODO Firewall Pro Sandbox Driver (is running)
Inspect;Comodo Firewall Network Driver; (manual, on demand)
cmdHlp;COMODO Firewall Pro Helper Driver; (disabled, but kill it anyway=

Change view to Services and you see
cmdAgent;COMODO Firewall Pro Helper Service; which should be disabled already. If you go to control panel (classic view), administration, services you see it there as well.

Take it very easy in ServiWin, you dont want to make mistakes.

Counterspy does not seem to be installed without resident parts - which is why it should not be installed unless you are certain it can work with ESET. Most likely not. For a 2nd opinion use Malwarebytes and/or SuperAntiSpyware. SAS have some taskbar thingy but in settings you can make it completly transparent to ESET. And online scanner like OneCare from MS, or whatever is not installed already.

The new shortcut one could be part of some Dell stuff. - entry is quickset.ink still not certain. You have a running process called C:\Program Files\Dell\QuickSet\quickset.exe which is ok.

C:\DZS.ASP32.Slovarji.24in1.Cracked-Bushy\Asp32.exe is a dictionary, ok

C:\Users\Luka\AppData\Local\Temp\IXP000.TMP\bonus_txt.exe is strange since it is a running process but no startup. Could be part of something else.

I dont know ESET but quite sure you dont need more than the firewall it offers. Say goodbye to Zonealarm. Yes most firewalls know a lot about your programs, which is safe or not. And they learn along the way so not to annoy user.

Im not so worried about infections more the secuirty setup.

I edit as well:
The newshortcut one is easy to get rid of since you can see it in startup folder, or msconfig. Question is if you want to

Could be legit. Take it easy with that.

Another thing you might want to get an opinion about is Alcohol and Daemon installations. Do they work together without problems? I dont know.

Trgovec · Jan 20, 2009

ok, thank you.
What about the calendar?

Any thoughts why it's gone?

dk70 · Jan 20, 2009

Ohhh, you also have Uniblue Registrybooster and SpeedUpMyPC installed! Uninstall and stop looking for "easy" solutions. Such products are solutions in search of a problem, dont fall for that.

What is worse is "NOD32 v3.x FiX 1.1 by TemDono" Means there is no security freak in the world who will help you. That is like asking for help with "fixing" Vista here. Cracked ESET is hardly the way to go... Would not be why you prefer Zonealarm as firewall would it? Just stupid to crack AV if you ask me.

Anyway, what calendar? I dont see it either if you refer to System Restore. I know it there is a calendar when you chose system restore during boot. Think that is ok - and the very least of your problems.

Trgovec · Jan 20, 2009

Done, I got rid of Uniblue stuff completely.
But i'm just a bit sceptical about throwing ZoneAlarm off... Is eset's firewall really good enough?

Yeah, i used to have a proper caledar like the one you get if you click on the clock. And also i was able to restore to at least a month back. Something has changed now. Is it maybe frame work 3.5 that i installed?

dk70 · Jan 20, 2009

Dont know, may be after SP1 they changed. I rarely use System Restore, actually never have on this computer, but just checked and I dont see calendar. I can tick off "Show restore points older than 5 days" but all is in a plain list. As in your screenshot on page 1.

Well, you can keep Zonealarm if you are sure it does not interfer with ESET. You will have to look that up. Be sure any advise form ESET would be to uninstall Zonealarm ASAP, and CounterSpy/Comodo. May be make a new thread with that question. If some moderator see your setup dont be surprised to get booted, just saying. Most forums dont want any talk of what you install, like in not at all. How it is. Anyway, I would not have more than 1 firewall, actually 0 because I dont have need for outbound control, and since you use ESET for AV/Antispyware there is no choice.

Apparently ESET is not good enough since you dont want to pay for it. The level of quality differences between those 2 firewall is not something you want to be concerned about. Besides you cracked full ESET suite not just the AV program so I suggest you focus on that. If you must crack do it properly.

Trgovec · Jan 20, 2009

Do you suggest that ESET will be more efficient if i buy it?
I've uninstalled CounterSpy for now.

dk70 · Jan 20, 2009

Im a little rusty on using cracks but not what I meant. On the other hand i would not be surprised if a bad working crack give problems for ESET - or more precisely you. ESET could not care less. May be they have cracked back and disabled Firewall!

Most people dont even use such a firewall so if a or b is the best is not a relevant debate to have. Im pretty sure those "getting" ESET suite use the firewall that comes with it. Until you know more you should assume 2 firewalls is one too many. If you go to security center you will see Vista warns about potential problem, and Vistas is practically only inbound and should be the easiest to get along with. Zonealarm and ESET have zero interest in compatibility with each other.

Possible you can uninstall firewall as an option/module in ESET, or simply disable drivers/services manually - dont know. To disable in menus/GUI is probably not enough.

Trgovec · Jan 20, 2009

Ok then, thanks for your advice. In the long run, i'll format the whole thing and install a fresh Vista that i got with my laptop and also a legit version of ESET

I won't do that now because i'm quite busy at the moment and for now i'll post a blue screen image ifi come accros one again.

Really, thanks very much for everything.

System Restore + Blue screen = Virus?

New Member

My Computer

Eye know, eye know

My Computer

New Member

My Computer

PC Geek

My Computer

Member

My Computer

New Member

My Computer

Member

My Computer

New Member

My Computer

PC Geek

Attachments

My Computer

New Member

My Computer

Member

My Computer

New Member

My Computer

Member

My Computer

New Member

My Computer

Member

My Computer

New Member

My Computer

Member

My Computer

New Member

My Computer

Member

My Computer

New Member

My Computer