Author Topic: Pc is unstable Please help  (Read 9758 times)

0 Members and 1 Guest are viewing this topic.

February 27, 2015, 07:43:44 PM

BigEd1071

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Pc is unstable Please help
« on: February 27, 2015, 07:43:44 PM »
New to this forum. Thank you in advance for your help.  My computer running vista home premium has become unstable and continues to become unresponsive when left at idle for more than 15 or more minutes. I ran the Roguekiller and this is my report. Please let me know if this clean or not. Thanks again!

RogueKiller V10.3.0.0 [Feb 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mr. Ed [Administrator]
Mode : Scan -- Date : 02/27/2015  13:13:38

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003

\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-

5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003

\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-

08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003

\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-

5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003

\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-

08002B30309D} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1   localhost

¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x880dfc10
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x880dfca8
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x87b79748
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x87d57520
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x880e0ec0
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x880dfa38
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x880e0cb8
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x8878a450
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x880e0f58
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x87b79848
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x87b795d8
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x880dfae0
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x880dfb78
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x87c75338
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x87b79520
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x880df9a0
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x87dfd608
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x87b797d0
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x880df870
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x880df4c8
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x880e0e18
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : Unknown @ 0x880e0c10
[SSDT:Addr(Hook.SSDT)] NtReadVirtualMemory[261] : Unknown @ 0x880e0b68
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x880dfd40
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x880dff08
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x880dff80
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x880e0fd0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x880df908
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x880dfdd8
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8819b0c0
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x880dfe70
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x87b79488
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x87b79680
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x880e0d60
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x889d49a8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x889c0228
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x889d3180
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x889d3fd0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x889c8e10
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x889d3da0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x889c8468
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x889d3e28
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x889d3248
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x889d4fb0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
--- User ---
[MBR] 7874a3666fcbd00374f23e6e96c32625
[BSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 293696 MB [Windows Vista/7/8 Bootstrap | Windows

Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 601489665 | Size: 11546 MB [Windows Vista/7/8 Bootstrap |

Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )


============================================
RKreport_DEL_02172015_224209.log - RKreport_DEL_02172015_224255.log - RKreport_DEL_02172015_224258.log -

RKreport_DEL_02172015_224302.log
RKreport_DEL_02172015_224315.log - RKreport_DEL_02172015_225426.log - RKreport_DEL_02172015_225435.log -

RKreport_DEL_02172015_225436.log
RKreport_DEL_02172015_225437.log - RKreport_DEL_02172015_225438.log - RKreport_DEL_02172015_225439.log -

RKreport_DEL_02172015_225440.log
RKreport_DEL_02172015_225441.log - RKreport_DEL_02172015_225442.log - RKreport_DEL_02172015_225450.log -

RKreport_DEL_02222015_002720.log
RKreport_DEL_02222015_002723.log - RKreport_DEL_02222015_002741.log - RKreport_DEL_02222015_002756.log -

RKreport_SCN_02172015_120211.log
RKreport_SCN_02172015_213052.log - RKreport_SCN_02172015_225253.log - RKreport_SCN_02222015_002313.log

Reply #1March 01, 2015, 10:56:34 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Pc is unstable Please help
« Reply #1 on: March 01, 2015, 10:56:34 PM »
Hi BigEd1071,

Welcome to Adlice.com Forum!
Do you use security software featuring anti-exploit technology ?

The SSDT hooks need to be investigated.
Please follow the following process as close as possible.
  • Please download TDSSKiller and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



  • Check Loaded Modules and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.



  • Click Start Scan and allow the scan process to run.
    If threats are detected select Skip for all of them unless I instruct you otherwise.
  • Click Continue



  • Click Reboot computer
Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\) in your next reply.

Regards.

Reply #2March 03, 2015, 06:24:46 AM

BigEd1071

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Pc is unstable Please help
« Reply #2 on: March 03, 2015, 06:24:46 AM »
Thank You.  No threats were found. Not sure about the security software featuring anti-exploit technology? Here is the contents of the Tdsskiller.

« Last Edit: March 03, 2015, 06:29:25 AM by BigEd1071 »

Reply #3March 03, 2015, 03:52:38 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Pc is unstable Please help
« Reply #3 on: March 03, 2015, 03:52:38 PM »
Hi BigEd1071,

The SSDT hooks are harmless. I seriously doubt that the problems you described are caused by malware.
To check, could you please download RogueKiller's latest version, run a new scan and post the report obtained in your next reply ?

Regards.

Reply #4March 04, 2015, 01:32:19 AM

BigEd1071

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Pc is unstable Please help
« Reply #4 on: March 04, 2015, 01:32:19 AM »
Thank You.  Here is the latest report.

RogueKiller V10.5.0.0 [Mar  2 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mr. Ed [Administrator]
Mode : Scan -- Date : 03/03/2015  19:28:47

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1119333972-2933176690-2880281189-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] HP Photo Creations Communicator.job -- C:\ProgramData\HP Photo Creations\Communicator.exe (--auto) -> Found
[Suspicious.Path] \\HP Photo Creations Communicator -- C:\ProgramData\HP Photo Creations\Communicator.exe (--auto) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1   localhost

¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x87df79f8
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x87df7a90
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x8848b288
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x87d2c428
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x87df7470
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x87df7820
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x87df7268
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x88528cd0
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x87df7508
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x8848b3c8
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x87df7f80
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x87df78c8
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x87df7960
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x87d2e6d0
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x87df7ec8
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x87df7788
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x8848b4b8
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x8848b330
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x87df7658
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x8848b470
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x87df73c8
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : Unknown @ 0x87df71c0
[SSDT:Addr(Hook.SSDT)] NtReadVirtualMemory[261] : Unknown @ 0x88267fc0
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x87df7b28
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x87df7cf0
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x87df7d88
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x87df75a0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x87df76f0
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x87df7bc0
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x85ce9ef8
[SSDT:Addr(Hook.SSDT)] unknown[335] : Unknown @ 0x87df7c58
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x87df7e30
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x8848b1c0
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x87df7310
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x886d51a8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x886c8bc0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x886b30c0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x87b3eed8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x886b31b8
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x886c8800
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x886c8910
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x886c8888
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x886d5a98
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x886b35e0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
--- User ---
[MBR] 7874a3666fcbd00374f23e6e96c32625
[BSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 293696 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 601489665 | Size: 11546 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )


============================================
RKreport_DEL_02172015_224209.log - RKreport_DEL_02172015_224255.log - RKreport_DEL_02172015_224258.log - RKreport_DEL_02172015_224302.log
RKreport_DEL_02172015_224315.log - RKreport_DEL_02172015_225426.log - RKreport_DEL_02172015_225435.log - RKreport_DEL_02172015_225436.log
RKreport_DEL_02172015_225437.log - RKreport_DEL_02172015_225438.log - RKreport_DEL_02172015_225439.log - RKreport_DEL_02172015_225440.log
RKreport_DEL_02172015_225441.log - RKreport_DEL_02172015_225442.log - RKreport_DEL_02172015_225450.log - RKreport_DEL_02222015_002720.log
RKreport_DEL_02222015_002723.log - RKreport_DEL_02222015_002741.log - RKreport_DEL_02222015_002756.log - RKreport_SCN_02172015_120211.log
RKreport_SCN_02172015_213052.log - RKreport_SCN_02172015_225253.log - RKreport_SCN_02222015_002313.log - RKreport_SCN_02272015_131338.log

Reply #5March 04, 2015, 09:49:14 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Pc is unstable Please help
« Reply #5 on: March 04, 2015, 09:49:14 PM »
Hi BigEd1071,

This last report is clean, no trace of malwares were found.
I think the issue is related to the OS itself, you should investigate in that direction in my opinion.

If you have anymore questions, feel free to ask.

Regards.

Reply #6March 05, 2015, 09:17:40 AM

BigEd1071

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Pc is unstable Please help
« Reply #6 on: March 05, 2015, 09:17:40 AM »
Thank You for reviewing these reports.  8) 8)

Reply #7March 05, 2015, 06:15:43 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Pc is unstable Please help
« Reply #7 on: March 05, 2015, 06:15:43 PM »
Hi BigEd1071,

You are very welcome.  :)

Regards.