My PC freezes, would it be infected? Or would it be a hard disc error.
I can only work in SAFE MODE, and have created the logs in Safe Mode.

Analysis log at the bottom and below some background information:

My daughter's laptop is extremely slow and freezes after startup, very occasionally you can open for example a WORD document. Often you click on the Start button and get "Windows Explorer has stopped working …".

Some history: I ran Kaspersky Antivirus software for about a year but the latest edition always hung at about 65%. Kaspersky support was unable to help and pointed to a Hard disc error.

I can remember we had problems downloading Vista SP2 and Microsoft had to give us some assistance.

2 months ago I installed AVG and it scanned the PC fine for a couple of weeks but then started hanging after 5 mins.

I ran AVG in Safe Mode and got the Blue Screen error.

When the PC is doing the Check disk after a crash it goes through the three stages and cannot find any errors.

I think it got worse two weeks ago after I downloaded numerous MS Patches on 14.10.2010.

I tried to roll back the Restore Point but get the error"System Restore did not complete successfully, your computer's system files and settings were not changed.".

I retreid the Roll back in Safe Mode but got the same error msg. I tried different Restore Dates, too.

Still, some Rollback must have taken place since so many MS updates are now available, they must be the ones from 14.10.2010. So the system is currently not fully patched with MS updates.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Please Download Rootkit Unhooker and Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest, then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in your next reply here.

Note: You may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Dear Ken,
Thank you very much for your reply.
Some info: Meanwhile I did
msconfig - STARTUP tab and DISABLE ALL
Services tab: HIDE ALL.

This allowed me at least to work occasionally in "normal" mode, since SAFE mode only sometimes has the internet connection.
I ran the scans now in normal mode, but I am not sure if the AVG Antiviurs software is now enabled, or disabled as you required.

Anyway, please see the scans:

Lets do this, you can do these in safemode or normal windows if you can.

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Did both scans, here is the result, apparently nothing has been found.

Thats good, logs are looking ok so far. What I would do is run this free online virus scanner and if it comes up clean I can link you to a good windows forum that can run you through some tests to check the health of your hard drive.

Hi Ken,
Hi Ken,

Please see the OTL Extra scan.
When trying to copy the OTL txt contents into this post the Safer Networking Site hung, even over night it did not recover. Other functions were still OK-ish. I ran the scans again but PASTING did not improve. I transferred it via USB stick to my Desktop which runs in Normal Mode but the same happened when pasting. I assume it's correct that this file is around 12 mb whereas the Extras file is very small.

I'll wait another hour or so for my Desktop to recover or past the log. Alternatively, would you be able to suggest something else to show the results, or would you be able to analyse the results of the previous ESET scan as well as this Extras file for now?

Hi Ken,

Working on my Desktop now I attached the OTL txt file as a zip for review.

I am running the scan again on the affected laptop which might result in a smaller file and if so I might post it later.

This is what I found

C:\Program Files\AskBarDis

* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.

I doubt its in Programs and Features but you can check
There is an uninstall called unis000.exe living in
C:\Program Files\AskBarDis
Fine the exe and run it, this removes the ask toolbar and all components. The service will no longer appear in your services list.

c:\program files\dna\btdna.exe
c:\program files\bittorrent

If your not infected now you will be soon if you keep using file sharing programs and sites like these, your downloading files from an unknown source, malware writers are in tune to this and use programs like this to infect your computer, you need to uninstall them via Programs and Features in the Control Panel.

Why dont you post here , you can link them to this thread if you wish so they can see what we have done and they can help you sort out some programs that may be conflicting and causing problems or check the health of your hard drive. Like Safer its free but you will need to register


Good Luck,

Ken :)

Thank you very much for your help, Ken, I logged my issue with the pitstop forum now.

2010-10-31, 17:05
Good, if they cant find the root of your problem and still think its malware related then post back and let me know and we can dig deeper if we need to

Followed your post over at the Pit and it looks like your hard drive failed which was what I seemed to feel . Hope Dell treated you right and you got it up and running again.

Ken :)

Ken :)

Thank, Ken, for following up. Indeed, Dell replaced the HD and I am now reinstalling.

Thanks for letting me know

2010-11-26, 15:08
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.