Unknown program running
in [Windows XP]
|
From: PA Bear [MS MVP] on 5 Jul 2010 01:23 There is a very good chance that you are seeing the effects of a hijackware infection! NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows. A Repair Install will NOT help! Microsoft PCSafety provides home users (only) with no-charge support in dealing with malware infections such as viruses, spyware (including unwanted software), and adware. https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1 Also available via the Consumer Security Support home page: https://consumersecuritysupport.microsoft.com/ Otherwise... 1. See if you can download/run the MSRT manually: http://www.microsoft.com/security/malwareremove/default.mspx NB: Run the FULL scan, not the QUICK scan! You may need to download the MSRT on a non-infected machine, then transfer MRT.EXE to the infected machine and rename it to SCAN.EXE before running it. 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe Mode with Networking, if need be: http://onecare.live.com/site/en-us/center/howsafe.htm 2b. Vista or Win7=> Run this scan instead: http://onecare.live.com/site/en-us/center/whatsnew.htm 3. Now post the requested logs in an appropriate forum for assistance by an expert in such matters. DO NOT SKIP THIS STEP!! I can recommend the expert assistance offered in these forums: http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php, and http://aumha.net/viewforum.php?f=30 If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. Dennis wrote: > McAfee has never expired that I know about. Automatic updates > is set to download updates for me, but let me chose when to > install them. > I can go to Windows Update and do custom scans for updates. > All critical updates are installed. > All info on the questionable hard disk is saved to an external > hard drive. The software from the drive manufacture does not > find any problem with the drive. > > PA Bear [MS MVP] wrote: >> Has your McAfee subscription ever expired, if only for a day or so? >> >> Is Automatic Updates enabled? If not, can you enable it, reboot & find >> that it's still enabled? >> >> Can you reach http://windowsupdate.microsoft.com and run a CUSTOM scan >> for updates? If so, can you successfully install any critical security >> updates offered? >> >> The above notwithstanding... >> >>>>> The driver has detected that device \Device\Harddisk1\DR1 has >>>>> predicted that it will fail. Immediately back up your data and >>>>> replace your hard disk drive. A failure may be imminent. >> >> I strongly suggest that you take the above warning seriously! >> >> >> Dennis wrote: >>> Did the Mcafee clean and reinstall. Still getting the "Critical Stop >>> Tone" got this in Event Viewer: >>>> >>> PA Bear [MS MVP] wrote: >>>> First run this McAfee three-step fix: >>>> http://service.mcafee.com/FAQDocument.aspx?id=TS100507 >>>> >>>> Next, reset Windows Update per... >>>> >>>> How do I reset Windows Update components? [Ignore the APPLIES TO >>>> section if Win7; Access KB971058 via Internet Explorer (32-bit) only; >>>> Run the Fix It in DEFAULT and AGGRESSIVE modes] >>>> http://support.microsoft.com/kb/971058 >>>> >>>> Reboot & test. >>>> >>>> Dennis wrote: >>>>> Windows XP Sp3 McAfee AntiVirus Plus subscription good for 303 more >>>>> days. SuperAntiSpyware free version Malwarebytes free version >>>>> McAfee has a built in firewall. There was no pre-installed >>>>> software. This was homebuilt about 2002. McAfee has been on it for >>>>> years and updated. >>>>> >>>>> Event Records for System with "!Warning": >>>>> >>>>> Process **\MCSHIELD.EXE pid (328) contained unsigned or corrupted >>>>> code and was blocked from performing a privileged operation with a >>>>> McAfee driver. >>>>> -------------------------------------------------------------------------- >>>>> >>>>> >>>>> >>>>> The time service has not been able to synchronize the system time >>>>> for 49152 seconds because none of the time providers has been able >>>>> to provide a usable time stamp. The system clock is unsynchronized. >>>>> >>>>> >>>>> For more information, see Help and Support Center at >>>>> http://go.microsoft.com/fwlink/events.asp. >>>>> ---------------------------------------------------------------------------- >>>>> >>>>> >>>>> >>>>> The driver has detected that device \Device\Harddisk1\DR1 has >>>>> predicted that it will fail. Immediately back up your data and >>>>> replace your hard disk drive. A failure may be imminent. >>>>> >>>>> Event Record Aplication X error: Failed auto update retrieval of >>>>> third-party root list sequence number from: >>>>> <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> >>>>> >>>>> >>>>> >>>>> with error: This network connection does not exist. >>>>> -------------------------------------------------------------------------- >>>>> >>>>> >>>>> >>>>> The description for Event ID ( 20 ) in Source ( Google Update ) >>>>> cannot be found. The local computer may not have the necessary >>>>> registry information or message DLL files to display messages from >>>>> a remote computer. You may be able to use the /AUXSOURCE= flag to >>>>> retrieve this description; see Help and Support for details. The >>>>> following information is part of the event: Network Request Error. >>>>> Error: 0x80072efd. Http status code: 0. >>>>> Url=https://tools.google.com/service/update2 Trying config: >>>>> source=FireFox, direct connection. trying CUP:WinHTTP. Send request >>>>> returned 0x80072efd. Http status code 0. trying WinHTTP. >>>>> --------------------------------------------------------------------------- >>>>> >>>>> >>>>> >>>>> Reached crypt32 threshold of 50 events and will suspend logging for >>>>> 60 minutes >>>>> >>>>>> Are you running WinXP SP2 or SP3? >>>>>> >>>>>> What anti-virus application or security suite is installed and is >>>>>> your subscription current? What anti-spyware applications (other >>>>>> than Defender)? What third-party firewall (if any)? >>>>>> >>>>>> Has a(another) Norton or McAfee application ever been installed >>>>>> on the computer (e.g., a free-trial version that came >>>>>> preinstalled when you bought it)? >>>>>> >>>>>> What does Event Viewer have to say about all this?>>>> Dennis wrote: >>>>>>> I get the "critical Stop" sound periodically even when my >>>>>>> computer is not being used. Sometimes when I go to click my >>>>>>> user name after it has been idle it will say two programs >>>>>>> running even if only one is open. Hitting Alt-Ctrl-Del shows >>>>>>> either no applications running or only the one I have open >>>>>>> never two. How do I find out what program is causing the >>>>>>> "critical Stop" alarm?
From: Dennis on 5 Jul 2010 11:08 Downloaded MRT.exe and ran it. Nothing found. McAfee, SuperAntiSpyware, nor Malwarebytes finds anything. I downloaded this fix for the time stamp but it won't run. http://support.microsoft.com/kb/832936 It says that update\update.exe is not a valid Win32 application. PA Bear [MS MVP] wrote: > There is a very good chance that you are seeing the effects of a > hijackware infection! > > NB: If you had no anti-virus application installed or the subscription > had expired *when the machine first got infected* and/or your > subscription has since expired and/or the machine's not been kept > fully-patched at Windows Update, don't waste your time with any of the > below: Format & reinstall Windows. A Repair Install will NOT help! > > Microsoft PCSafety provides home users (only) with no-charge support in > dealing with malware infections such as viruses, spyware (including > unwanted software), and adware. > https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1 > > Also available via the Consumer Security Support home page: > https://consumersecuritysupport.microsoft.com/ > > Otherwise... > > 1. See if you can download/run the MSRT manually: > http://www.microsoft.com/security/malwareremove/default.mspx > > NB: Run the FULL scan, not the QUICK scan! You may need to download the > MSRT on a non-infected machine, then transfer MRT.EXE to the infected > machine and rename it to SCAN.EXE before running it. > > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan > (only!) in Safe Mode with Networking, if need be: > http://onecare.live.com/site/en-us/center/howsafe.htm > > 2b. Vista or Win7=> Run this scan instead: > http://onecare.live.com/site/en-us/center/whatsnew.htm > > 3. Now post the requested logs in an appropriate forum for assistance by > an expert in such matters. DO NOT SKIP THIS STEP!! > > I can recommend the expert assistance offered in these forums: > http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, > http://www.spywarewarrior.com/viewforum.php?f=5, > http://www.dslreports.com/forum/cleanup, > http://www.bluetack.co.uk/forums/index.php, and > http://aumha.net/viewforum.php?f=30 > > If these procedures look too complex - and there is no shame in > admitting this isn't your cup of tea - take the machine to a local, > reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) > computer repair shop. > > Dennis wrote: >> McAfee has never expired that I know about. Automatic updates >> is set to download updates for me, but let me chose when to >> install them. >> I can go to Windows Update and do custom scans for updates. >> All critical updates are installed. >> All info on the questionable hard disk is saved to an external >> hard drive. The software from the drive manufacture does not >> find any problem with the drive. >> >> PA Bear [MS MVP] wrote: >>> Has your McAfee subscription ever expired, if only for a day or so? >>> >>> Is Automatic Updates enabled? If not, can you enable it, reboot & find >>> that it's still enabled? >>> >>> Can you reach http://windowsupdate.microsoft.com and run a CUSTOM scan >>> for updates? If so, can you successfully install any critical security >>> updates offered? >>> >>> The above notwithstanding... >>> >>>>>> The driver has detected that device \Device\Harddisk1\DR1 has >>>>>> predicted that it will fail. Immediately back up your data and >>>>>> replace your hard disk drive. A failure may be imminent. >>> >>> I strongly suggest that you take the above warning seriously! >>> >>> >>> Dennis wrote: >>>> Did the Mcafee clean and reinstall. Still getting the "Critical Stop >>>> Tone" got this in Event Viewer: >>>>> >>>> PA Bear [MS MVP] wrote: >>>>> First run this McAfee three-step fix: >>>>> http://service.mcafee.com/FAQDocument.aspx?id=TS100507 >>>>> >>>>> Next, reset Windows Update per... >>>>> >>>>> How do I reset Windows Update components? [Ignore the APPLIES TO >>>>> section if Win7; Access KB971058 via Internet Explorer (32-bit) only; >>>>> Run the Fix It in DEFAULT and AGGRESSIVE modes] >>>>> http://support.microsoft.com/kb/971058 >>>>> >>>>> Reboot & test. >>>>> >>>>> Dennis wrote: >>>>>> Windows XP Sp3 McAfee AntiVirus Plus subscription good for 303 more >>>>>> days. SuperAntiSpyware free version Malwarebytes free version >>>>>> McAfee has a built in firewall. There was no pre-installed >>>>>> software. This was homebuilt about 2002. McAfee has been on it for >>>>>> years and updated. >>>>>> >>>>>> Event Records for System with "!Warning": >>>>>> >>>>>> Process **\MCSHIELD.EXE pid (328) contained unsigned or corrupted >>>>>> code and was blocked from performing a privileged operation with a >>>>>> McAfee driver. >>>>>> -------------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> The time service has not been able to synchronize the system time >>>>>> for 49152 seconds because none of the time providers has been able >>>>>> to provide a usable time stamp. The system clock is unsynchronized. >>>>>> >>>>>> >>>>>> For more information, see Help and Support Center at >>>>>> http://go.microsoft.com/fwlink/events.asp. >>>>>> ---------------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> The driver has detected that device \Device\Harddisk1\DR1 has >>>>>> predicted that it will fail. Immediately back up your data and >>>>>> replace your hard disk drive. A failure may be imminent. >>>>>> >>>>>> Event Record Aplication X error: Failed auto update retrieval of >>>>>> third-party root list sequence number from: >>>>>> <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> with error: This network connection does not exist. >>>>>> -------------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> The description for Event ID ( 20 ) in Source ( Google Update ) >>>>>> cannot be found. The local computer may not have the necessary >>>>>> registry information or message DLL files to display messages from >>>>>> a remote computer. You may be able to use the /AUXSOURCE= flag to >>>>>> retrieve this description; see Help and Support for details. The >>>>>> following information is part of the event: Network Request Error. >>>>>> Error: 0x80072efd. Http status code: 0. >>>>>> Url=https://tools.google.com/service/update2 Trying config: >>>>>> source=FireFox, direct connection. trying CUP:WinHTTP. Send request >>>>>> returned 0x80072efd. Http status code 0. trying WinHTTP. >>>>>> --------------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Reached crypt32 threshold of 50 events and will suspend logging for >>>>>> 60 minutes >>>>>> >>>>>>> Are you running WinXP SP2 or SP3? >>>>>>> >>>>>>> What anti-virus application or security suite is installed and is >>>>>>> your subscription current? What anti-spyware applications (other >>>>>>> than Defender)? What third-party firewall (if any)? >>>>>>> >>>>>>> Has a(another) Norton or McAfee application ever been installed >>>>>>> on the computer (e.g., a free-trial version that came >>>>>>> preinstalled when you bought it)? >>>>>>> >>>>>>> What does Event Viewer have to say about all this?>>>> Dennis wrote: >>>>>>>> I get the "critical Stop" sound periodically even when my >>>>>>>> computer is not being used. Sometimes when I go to click my >>>>>>>> user name after it has been idle it will say two programs >>>>>>>> running even if only one is open. Hitting Alt-Ctrl-Del shows >>>>>>>> either no applications running or only the one I have open >>>>>>>> never two. How do I find out what program is causing the >>>>>>>> "critical Stop" alarm? >
From: PA Bear [MS MVP] on 5 Jul 2010 11:54 Where to begin? > I downloaded this fix for the time stamp but it won't run. > http://support.microsoft.com/kb/832936 > It says that update\update.exe is not a valid Win32 application. The "not a valid Win32 application" error is yet another symptom of the hijackware infection. That being said, KB832936 (W32time.dll v5.1.2600.1322) wouldn't install anyway since you've got WinXP SP3 (W32time.dll v5.1.2600.5512) installed. > Downloaded MRT.exe and ran it. Nothing found. McAfee, SuperAntiSpyware, > nor Malwarebytes finds anything. Now move on to Steps #2a and #3 in my previous reply. Dennis wrote: > Downloaded MRT.exe and ran it. Nothing found. McAfee, SuperAntiSpyware, > nor Malwarebytes finds anything. > I downloaded this fix for the time stamp but it won't run. > http://support.microsoft.com/kb/832936 > It says that update\update.exe is not a valid Win32 application. > > > PA Bear [MS MVP] wrote: >> There is a very good chance that you are seeing the effects of a >> hijackware infection! >> >> NB: If you had no anti-virus application installed or the subscription >> had expired *when the machine first got infected* and/or your >> subscription has since expired and/or the machine's not been kept >> fully-patched at Windows Update, don't waste your time with any of the >> below: Format & reinstall Windows. A Repair Install will NOT help! >> >> Microsoft PCSafety provides home users (only) with no-charge support in >> dealing with malware infections such as viruses, spyware (including >> unwanted software), and adware. >> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1 >> >> Also available via the Consumer Security Support home page: >> https://consumersecuritysupport.microsoft.com/ >> >> Otherwise... >> >> 1. See if you can download/run the MSRT manually: >> http://www.microsoft.com/security/malwareremove/default.mspx >> >> NB: Run the FULL scan, not the QUICK scan! You may need to download the >> MSRT on a non-infected machine, then transfer MRT.EXE to the infected >> machine and rename it to SCAN.EXE before running it. >> >> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan >> (only!) in Safe Mode with Networking, if need be: >> http://onecare.live.com/site/en-us/center/howsafe.htm >> >> 2b. Vista or Win7=> Run this scan instead: >> http://onecare.live.com/site/en-us/center/whatsnew.htm >> >> 3. Now post the requested logs in an appropriate forum for assistance by >> an expert in such matters. DO NOT SKIP THIS STEP!! >> >> I can recommend the expert assistance offered in these forums: >> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, >> http://www.spywarewarrior.com/viewforum.php?f=5, >> http://www.dslreports.com/forum/cleanup, >> http://www.bluetack.co.uk/forums/index.php, and >> http://aumha.net/viewforum.php?f=30 >> >> If these procedures look too complex - and there is no shame in >> admitting this isn't your cup of tea - take the machine to a local, >> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) >> computer repair shop. >> >> Dennis wrote: >>> McAfee has never expired that I know about. Automatic updates >>> is set to download updates for me, but let me chose when to >>> install them. >>> I can go to Windows Update and do custom scans for updates. >>> All critical updates are installed. >>> All info on the questionable hard disk is saved to an external >>> hard drive. The software from the drive manufacture does not >>> find any problem with the drive. >>> >>> PA Bear [MS MVP] wrote: >>>> Has your McAfee subscription ever expired, if only for a day or so? >>>> >>>> Is Automatic Updates enabled? If not, can you enable it, reboot & find >>>> that it's still enabled? >>>> >>>> Can you reach http://windowsupdate.microsoft.com and run a CUSTOM scan >>>> for updates? If so, can you successfully install any critical security >>>> updates offered? >>>> >>>> The above notwithstanding... >>>> >>>>>>> The driver has detected that device \Device\Harddisk1\DR1 has >>>>>>> predicted that it will fail. Immediately back up your data and >>>>>>> replace your hard disk drive. A failure may be imminent. >>>> >>>> I strongly suggest that you take the above warning seriously! >>>> >>>> >>>> Dennis wrote: >>>>> Did the Mcafee clean and reinstall. Still getting the "Critical Stop >>>>> Tone" got this in Event Viewer: >>>>>> >>>>> PA Bear [MS MVP] wrote: >>>>>> First run this McAfee three-step fix: >>>>>> http://service.mcafee.com/FAQDocument.aspx?id=TS100507 >>>>>> >>>>>> Next, reset Windows Update per... >>>>>> >>>>>> How do I reset Windows Update components? [Ignore the APPLIES TO >>>>>> section if Win7; Access KB971058 via Internet Explorer (32-bit) only; >>>>>> Run the Fix It in DEFAULT and AGGRESSIVE modes] >>>>>> http://support.microsoft.com/kb/971058 >>>>>> >>>>>> Reboot & test. >>>>>> >>>>>> Dennis wrote: >>>>>>> Windows XP Sp3 McAfee AntiVirus Plus subscription good for 303 more >>>>>>> days. SuperAntiSpyware free version Malwarebytes free version >>>>>>> McAfee has a built in firewall. There was no pre-installed >>>>>>> software. This was homebuilt about 2002. McAfee has been on it for >>>>>>> years and updated. >>>>>>> >>>>>>> Event Records for System with "!Warning": >>>>>>> >>>>>>> Process **\MCSHIELD.EXE pid (328) contained unsigned or corrupted >>>>>>> code and was blocked from performing a privileged operation with a >>>>>>> McAfee driver. >>>>>>> -------------------------------------------------------------------------- >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> The time service has not been able to synchronize the system time >>>>>>> for 49152 seconds because none of the time providers has been able >>>>>>> to provide a usable time stamp. The system clock is unsynchronized. >>>>>>> >>>>>>> >>>>>>> For more information, see Help and Support Center at >>>>>>> http://go.microsoft.com/fwlink/events.asp. >>>>>>> ---------------------------------------------------------------------------- >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> The driver has detected that device \Device\Harddisk1\DR1 has >>>>>>> predicted that it will fail. Immediately back up your data and >>>>>>> replace your hard disk drive. A failure may be imminent. >>>>>>> >>>>>>> Event Record Aplication X error: Failed auto update retrieval of >>>>>>> third-party root list sequence number from: >>>>>>> <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> with error: This network connection does not exist. >>>>>>> -------------------------------------------------------------------------- >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> The description for Event ID ( 20 ) in Source ( Google Update ) >>>>>>> cannot be found. The local computer may not have the necessary >>>>>>> registry information or message DLL files to display messages from >>>>>>> a remote computer. You may be able to use the /AUXSOURCE= flag to >>>>>>> retrieve this description; see Help and Support for details. The >>>>>>> following information is part of the event: Network Request Error. >>>>>>> Error: 0x80072efd. Http status code: 0. >>>>>>> Url=https://tools.google.com/service/update2 Trying config: >>>>>>> source=FireFox, direct connection. trying CUP:WinHTTP. Send request >>>>>>> returned 0x80072efd. Http status code 0. trying WinHTTP. >>>>>>> --------------------------------------------------------------------------- >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Reached crypt32 threshold of 50 events and will suspend logging for >>>>>>> 60 minutes >>>>>>> >>>>>>>> Are you running WinXP SP2 or SP3? >>>>>>>> >>>>>>>> What anti-virus application or security suite is installed and is >>>>>>>> your subscription current? What anti-spyware applications (other >>>>>>>> than Defender)? What third-party firewall (if any)? >>>>>>>> >>>>>>>> Has a(another) Norton or McAfee application ever been installed >>>>>>>> on the computer (e.g., a free-trial version that came >>>>>>>> preinstalled when you bought it)? >>>>>>>> >>>>>>>> What does Event Viewer have to say about all this?>>>> Dennis >>>>>>>> wrote: >>>>>>>>> I get the "critical Stop" sound periodically even when my >>>>>>>>> computer is not being used. Sometimes when I go to click my >>>>>>>>> user name after it has been idle it will say two programs >>>>>>>>> running even if only one is open. Hitting Alt-Ctrl-Del shows >>>>>>>>> either no applications running or only the one I have open >>>>>>>>> never two. How do I find out what program is causing the >>>>>>>>> "critical Stop" alarm?
From: Dennis on 7 Jul 2010 17:03
Ok, I went to: http://onecare.live.com/site/en-us/center/howsafe.htm in Safe Mode with Networking and ran the scan. So far, I have not heard the "Critical Stop" tone since. I hope it stays that way... Thanks PA Bear [MS MVP] wrote: > Where to begin? > >> I downloaded this fix for the time stamp but it won't run. >> http://support.microsoft.com/kb/832936 >> It says that update\update.exe is not a valid Win32 application. > > The "not a valid Win32 application" error is yet another symptom of the > hijackware infection. That being said, KB832936 (W32time.dll > v5.1.2600.1322) wouldn't install anyway since you've got WinXP SP3 > (W32time.dll v5.1.2600.5512) installed. > >> Downloaded MRT.exe and ran it. Nothing found. McAfee, SuperAntiSpyware, >> nor Malwarebytes finds anything. > > Now move on to Steps #2a and #3 in my previous reply. > > Dennis wrote: >> Downloaded MRT.exe and ran it. Nothing found. McAfee, SuperAntiSpyware, >> nor Malwarebytes finds anything. >> I downloaded this fix for the time stamp but it won't run. >> http://support.microsoft.com/kb/832936 >> It says that update\update.exe is not a valid Win32 application. >> >> >> PA Bear [MS MVP] wrote: >>> There is a very good chance that you are seeing the effects of a >>> hijackware infection! >>> >>> NB: If you had no anti-virus application installed or the subscription >>> had expired *when the machine first got infected* and/or your >>> subscription has since expired and/or the machine's not been kept >>> fully-patched at Windows Update, don't waste your time with any of the >>> below: Format & reinstall Windows. A Repair Install will NOT help! >>> >>> Microsoft PCSafety provides home users (only) with no-charge support in >>> dealing with malware infections such as viruses, spyware (including >>> unwanted software), and adware. >>> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1 >>> >>> Also available via the Consumer Security Support home page: >>> https://consumersecuritysupport.microsoft.com/ >>> >>> Otherwise... >>> >>> 1. See if you can download/run the MSRT manually: >>> http://www.microsoft.com/security/malwareremove/default.mspx >>> >>> NB: Run the FULL scan, not the QUICK scan! You may need to download the >>> MSRT on a non-infected machine, then transfer MRT.EXE to the infected >>> machine and rename it to SCAN.EXE before running it. >>> >>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan >>> (only!) in Safe Mode with Networking, if need be: >>> http://onecare.live.com/site/en-us/center/howsafe.htm >>> >>> 2b. Vista or Win7=> Run this scan instead: >>> http://onecare.live.com/site/en-us/center/whatsnew.htm >>> >>> 3. Now post the requested logs in an appropriate forum for assistance by >>> an expert in such matters. DO NOT SKIP THIS STEP!! >>> >>> I can recommend the expert assistance offered in these forums: >>> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, >>> http://www.spywarewarrior.com/viewforum.php?f=5, >>> http://www.dslreports.com/forum/cleanup, >>> http://www.bluetack.co.uk/forums/index.php, and >>> http://aumha.net/viewforum.php?f=30 >>> >>> If these procedures look too complex - and there is no shame in >>> admitting this isn't your cup of tea - take the machine to a local, >>> reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) >>> computer repair shop. >>> >>> Dennis wrote: >>>> McAfee has never expired that I know about. Automatic updates >>>> is set to download updates for me, but let me chose when to >>>> install them. >>>> I can go to Windows Update and do custom scans for updates. >>>> All critical updates are installed. >>>> All info on the questionable hard disk is saved to an external >>>> hard drive. The software from the drive manufacture does not >>>> find any problem with the drive. >>>> >>>> PA Bear [MS MVP] wrote: >>>>> Has your McAfee subscription ever expired, if only for a day or so? >>>>> >>>>> Is Automatic Updates enabled? If not, can you enable it, reboot & >>>>> find >>>>> that it's still enabled? >>>>> >>>>> Can you reach http://windowsupdate.microsoft.com and run a CUSTOM scan >>>>> for updates? If so, can you successfully install any critical >>>>> security >>>>> updates offered? >>>>> >>>>> The above notwithstanding... >>>>> >>>>>>>> The driver has detected that device \Device\Harddisk1\DR1 has >>>>>>>> predicted that it will fail. Immediately back up your data and >>>>>>>> replace your hard disk drive. A failure may be imminent. >>>>> >>>>> I strongly suggest that you take the above warning seriously! >>>>> >>>>> >>>>> Dennis wrote: >>>>>> Did the Mcafee clean and reinstall. Still getting the "Critical Stop >>>>>> Tone" got this in Event Viewer: >>>>>>> >>>>>> PA Bear [MS MVP] wrote: >>>>>>> First run this McAfee three-step fix: >>>>>>> http://service.mcafee.com/FAQDocument.aspx?id=TS100507 >>>>>>> >>>>>>> Next, reset Windows Update per... >>>>>>> >>>>>>> How do I reset Windows Update components? [Ignore the APPLIES TO >>>>>>> section if Win7; Access KB971058 via Internet Explorer (32-bit) >>>>>>> only; >>>>>>> Run the Fix It in DEFAULT and AGGRESSIVE modes] >>>>>>> http://support.microsoft.com/kb/971058 >>>>>>> >>>>>>> Reboot & test. >>>>>>> >>>>>>> Dennis wrote: >>>>>>>> Windows XP Sp3 McAfee AntiVirus Plus subscription good for 303 more >>>>>>>> days. SuperAntiSpyware free version Malwarebytes free version >>>>>>>> McAfee has a built in firewall. There was no pre-installed >>>>>>>> software. This was homebuilt about 2002. McAfee has been on it for >>>>>>>> years and updated. >>>>>>>> >>>>>>>> Event Records for System with "!Warning": >>>>>>>> >>>>>>>> Process **\MCSHIELD.EXE pid (328) contained unsigned or corrupted >>>>>>>> code and was blocked from performing a privileged operation with a >>>>>>>> McAfee driver. >>>>>>>> -------------------------------------------------------------------------- >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> The time service has not been able to synchronize the system time >>>>>>>> for 49152 seconds because none of the time providers has been able >>>>>>>> to provide a usable time stamp. The system clock is unsynchronized. >>>>>>>> >>>>>>>> >>>>>>>> For more information, see Help and Support Center at >>>>>>>> http://go.microsoft.com/fwlink/events.asp. >>>>>>>> ---------------------------------------------------------------------------- >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> The driver has detected that device \Device\Harddisk1\DR1 has >>>>>>>> predicted that it will fail. Immediately back up your data and >>>>>>>> replace your hard disk drive. A failure may be imminent. >>>>>>>> >>>>>>>> Event Record Aplication X error: Failed auto update retrieval of >>>>>>>> third-party root list sequence number from: >>>>>>>> <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> with error: This network connection does not exist. >>>>>>>> -------------------------------------------------------------------------- >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> The description for Event ID ( 20 ) in Source ( Google Update ) >>>>>>>> cannot be found. The local computer may not have the necessary >>>>>>>> registry information or message DLL files to display messages from >>>>>>>> a remote computer. You may be able to use the /AUXSOURCE= flag to >>>>>>>> retrieve this description; see Help and Support for details. The >>>>>>>> following information is part of the event: Network Request Error. >>>>>>>> Error: 0x80072efd. Http status code: 0. >>>>>>>> Url=https://tools.google.com/service/update2 Trying config: >>>>>>>> source=FireFox, direct connection. trying CUP:WinHTTP. Send request >>>>>>>> returned 0x80072efd. Http status code 0. trying WinHTTP. >>>>>>>> --------------------------------------------------------------------------- >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Reached crypt32 threshold of 50 events and will suspend logging for >>>>>>>> 60 minutes >>>>>>>> >>>>>>>>> Are you running WinXP SP2 or SP3? >>>>>>>>> >>>>>>>>> What anti-virus application or security suite is installed and is >>>>>>>>> your subscription current? What anti-spyware applications (other >>>>>>>>> than Defender)? What third-party firewall (if any)? >>>>>>>>> >>>>>>>>> Has a(another) Norton or McAfee application ever been installed >>>>>>>>> on the computer (e.g., a free-trial version that came >>>>>>>>> preinstalled when you bought it)? >>>>>>>>> >>>>>>>>> What does Event Viewer have to say about all this?>>>> Dennis >>>>>>>>> wrote: >>>>>>>>>> I get the "critical Stop" sound periodically even when my >>>>>>>>>> computer is not being used. Sometimes when I go to click my >>>>>>>>>> user name after it has been idle it will say two programs >>>>>>>>>> running even if only one is open. Hitting Alt-Ctrl-Del shows >>>>>>>>>> either no applications running or only the one I have open >>>>>>>>>> never two. How do I find out what program is causing the >>>>>>>>>> "critical Stop" alarm? > |