We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
PC not saving changes & BSOD
Naf
Posts: 3,183 Forumite
in Techie Stuff
I'm looking at a friends laptop (Win 7 HP) as it BSODs periodically. The stated error is "An attempt was made to execute to non-executable memory". I've done a thorough Memtest (well more than 7 full cycles) and the RAM looks clean; also checked internal connections and doesn't look like anything could be loose.
Anyway; all that isn't really my problem. What's thoroughly perplexing me is that anything which I do (install/uninstall/rename/add file/delete file) is undone again after reboot - just as it it was never done to begin with. I've been trying to run Mbam, and it throws up 147 infected files then goes to BSOD before the scan finishes; ran it in safe mode instead, and at 148 infected files the scan just suddenly disappeared. Couldn't start the program again; the setup file I had copied to the desktop had vanished as had the original on my memory stick (but just the mbam installer; the rest of the installers etc. were still there) and when I tried reinstalling mbam, it couldn't write to the directory, as if that had vanished too.
Its really perplexing me and I'm wondering if anyone has come across this before?
Anyway; all that isn't really my problem. What's thoroughly perplexing me is that anything which I do (install/uninstall/rename/add file/delete file) is undone again after reboot - just as it it was never done to begin with. I've been trying to run Mbam, and it throws up 147 infected files then goes to BSOD before the scan finishes; ran it in safe mode instead, and at 148 infected files the scan just suddenly disappeared. Couldn't start the program again; the setup file I had copied to the desktop had vanished as had the original on my memory stick (but just the mbam installer; the rest of the installers etc. were still there) and when I tried reinstalling mbam, it couldn't write to the directory, as if that had vanished too.
Its really perplexing me and I'm wondering if anyone has come across this before?
Never argue with stupid people, they will drag you down to their level and then beat you with experience.
- Mark Twain
Arguing with idiots is like playing chess with a pigeon: no matter how good you are at chess, its just going to knock over the pieces and strut around like its victorious.
0
Comments
-
Will mbam run using chameleon (normal mode - not safe mode)?
http://helpdesk.malwarebytes.org/entries/20872371-Use-Chameleon-to-run-Malwarebytes-Anti-Malware-on-infected-systems
Post me a DDS log (normal mode) - should take 2-3 minutes.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- Click Start
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16869
Run by john and nikki at 19:31:19 on 2013-06-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2013.1061 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: AVG update module *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ca4025c68f96926d\STacSV.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\The TechGuys\Launch\Launch.exe
C:\Program Files\OEM\DSG OSD 1.01\SunflowerOSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\18.7.1.3\ips\ipsbho.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files\dealply\DealPlyIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Reminder] c:\program files\ttg\reminder\Reminder.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Recovery Backup Wizard] c:\program files\ttg\reminder\Reminder.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SpeetItUpFree] "c:\program files\speeditup free\speeditupfree.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch.lnk - c:\windows\installer\{4a65dad2-e914-4923-9c2a-81b968a68ce2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{1c91f8f0-36cc-4c58-bdb3-66f0eeef92a1}\_693B294D31BEF0AFC52D71.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1A7A4CDA-F3C7-4FC3-8F4A-5DC38EC101E2} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1A7A4CDA-F3C7-4FC3-8F4A-5DC38EC101E2}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
TCP: Interfaces\{1A7A4CDA-F3C7-4FC3-8F4A-5DC38EC101E2}\6796277696E6D65646961693530363630333 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1A7A4CDA-F3C7-4FC3-8F4A-5DC38EC101E2}\A6F686E616E646E696B6B696132333 : DHCPNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-5 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-5 744568]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-7 37664]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.6.0.29\definitions\ipsdefs\20121204.001\IDSvix86.sys [2012-12-5 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-5 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1207010.003\symnets.sys [2012-4-5 299640]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-4-25 4936752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-6-1 13336]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [2011-4-9 28762]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-5 130008]
R2 SoilIO;SoilIO;c:\windows\system32\drivers\SoilIO.sys [2009-12-4 16248]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-12 1015984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-6-1 127600]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\drivers\JME.sys [2010-6-1 98928]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-6-1 1006624]
R3 soilkbc;soilkbc;c:\windows\system32\drivers\Soilkbc.sys [2009-12-4 10744]
R3 SoilMC;SoilMC;c:\windows\system32\drivers\SoilMC.sys [2009-12-4 10616]
S2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2013-2-19 1418184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-11 1343400]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-05-12 09:58:49 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-29 01:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 19:34:39.96 ===============Never argue with stupid people, they will drag you down to their level and then beat you with experience.- Mark TwainArguing with idiots is like playing chess with a pigeon: no matter how good you are at chess, its just going to knock over the pieces and strut around like its victorious.0 -
I didn't get an 'Attach' file.
Now trying the Chameleon; but each time it fails (BSODs) I have to reinstall mbam :-SNever argue with stupid people, they will drag you down to their level and then beat you with experience.- Mark TwainArguing with idiots is like playing chess with a pigeon: no matter how good you are at chess, its just going to knock over the pieces and strut around like its victorious.0 -
Remove Norton fully if the main AV is now AVG.
https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us0 -
Remove Norton fully if the main AV is now AVG.
https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us
I Can't remove either. The removal tools claim to have completed; then on reboot nothing has changed.Never argue with stupid people, they will drag you down to their level and then beat you with experience.- Mark TwainArguing with idiots is like playing chess with a pigeon: no matter how good you are at chess, its just going to knock over the pieces and strut around like its victorious.0 -
Which do you want to get rid of?0
-
Which do you want to get rid of?
Both. Neither are up to date; I use Avast generally.Never argue with stupid people, they will drag you down to their level and then beat you with experience.- Mark TwainArguing with idiots is like playing chess with a pigeon: no matter how good you are at chess, its just going to knock over the pieces and strut around like its victorious.0 -
We'll do Norton first.
Download OTM by Old Timer from the link below and save it to your Desktop.
LINK
The script below will stop explorer & your desktop will temporarily disappear (it will return on reboot), & your recycle bin will be emptied.- Double click OTM.exe to run it.
- Highlight & copy all the following code inside the codebox below. Do not include the word Code:
:Commands [CreateRestorePoint] :reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] :services SymDS SymEFA BHDrvx86 IDSVix86 SymIRON SymNetS NAV EraserUtilRebootDrv :Files C:\Program Files\Norton AntiVirus c:\programdata\norton c:\windows\system32\drivers\nav c:\program files\common files\symantec shared :Commands [CreateRestorePoint] [EMPTYTEMP] - Return to OTM, right click in the Paste instructions for Items to be Moved window (under the yellow bar) and choose Paste.
- Push the large MoveIt! button.
- Click OK to the prompt
- OTM may ask to reboot the machine. Please Allow it to do so if asked.
- The report should appear in Notepad after the reboot. Copy/paste the contents of that report back here in your next reply.
0 -
Currently working through the chameleons.
Like I said; I have to reinstall mbam from scratch each time, so only onto number 4Never argue with stupid people, they will drag you down to their level and then beat you with experience.- Mark TwainArguing with idiots is like playing chess with a pigeon: no matter how good you are at chess, its just going to knock over the pieces and strut around like its victorious.0 -
Ignore mbam for now. There's dealpy and mywebsearch in there but that can wait.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards