Having some issues...

http://forums.majorgeeks.com/showthread.php?t=255730

TimW helped me in the Malware forum already, and suggested I seek further help here.

I keep getting a pop-up that says:
Host Process for Windows Services stopped working and was closed
A problem caused the application to stop working correctly. Windows will notify you if a solution is available.

After that, there is usually some aesthetic changes that occur (such as odd looking task bar, temporary black screen, etc...) and my computer does seem to be running much slower and is having difficulty loading different things...

Any help would be greatly appreciated!

 

Was the infected C:\Windows\System32\drivers\dfsc.sys file ever replaced with a clean copy?

 

Thank you for responding _nullptr

No...how do I go about doing that??

Also, I have since re-downloaded an antivirus program and scanned my computer. The trojan wasn't detected, and I haven't had any of the same issues since that scan. However, my computer is running at a far slower rate than usual...the program I downloaded was ComodoAntivirus, if that makes a difference/matters.

 

Can you do me a huge favor and download HiJackThis!
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
and attach the log on here? I'll see what I can do after I get a good look at it.

-X

 

Just an update...

My computer is actually getting much worse. The last time I tried to use it I got a blue error screen and my battery died after about 5 min of not being plugged in. At this point, I haven't used my computer for about 5 days...

If I do need to attach any logs that I haven't already, please let me know! Thanks

 

Just an update...

My computer is actually getting much worse. The last time I tried to use it I got a blue error screen and my battery died after about 5 min of not being plugged in. At this point, I haven't used my computer for about 5 days...

If I do need to attach any logs that I haven't already, please let me know! Thanks

 

Greetings, esctate...

If you would, please navigate to your C: > Windows > Minidumps folder, copy the most recent Minidump files to your Desktop, and zip and upload them as an attachment.

If it is not possible to start your machine, you may be able to boot to a live Linux distro and copy the files while running from a live environment.

 

Thank you for the response Caliban!

I hope this is what you needed...

 

I've just started looking at your file - be advised: I am not as proficient at this as some of my fellow MGs, so please bear with me...

1. Please check your Device Manager. Do you see a Conexant SoftK56 Modem listed? If so, and if you are not using this device, try uninstalling it (and any associated software), see if your symptoms change...

2. I'm seeing pointers for the Comodo Firewall - you might try disabling the Comodo Firewall and enabling the Windows firewall temporarily for troubleshooting purposes, see if your symptoms change...

 

I did not find Conexant SoftK56 Modem. I am in the process of switching Firewalls, like you suggested. I am trying to uninstall Comodo and then install AVG.

Do I need to replace C:\Windows\System32\drivers\dfsc.sys with a clean copy?? If so, how do I do that?

 

As Caliban suggests, it looks like Comodo is involved in the BSOD, please remove it completely for testing; you may need to check with the Comodo forum for a removal tool to ensure it's all gone. Please install MSE and activate the built-in Windows firewall during this troubleshooting period.

Can you use the AVG Remover to ensure that all traces of AVG are gone.

Please upload the next minidump as soon as it happens, one recent dump is not enough to get a handle on what's happening.

If you run MSInfo32, save it to the Desktop, zip the *.nfo and attach the resulting zip so we can check out your system more fully.

 

I was unable to turn Windows Firewall on. I kept getting an error message saying that an "unidentified source" was preventing access to it...can I continue with out Windows Firewall, or do you have an alternative.

I will check for a Comodo removal tool and will download the AVG removal tool tomorrow.

On a side note, after running AVG's initial scan, the Trojan horse Crypt.ANVH, that had infected the system file and is what is probably causing my issues, was not detected. No threats were actually detected...

 

Any 3rd party alternative has a greater likelihood of adding to the complexity of the stuation - AVG, Comodo or any other previously installed security software could be the reason the Windows firewall won't start - we need to get Windows working correctly before moving on.

If you have a good NAT/firewall on your router, it should be ok to continue troubleshooting the problem without a firewall - but use a different machine for casual surfing/downloading.

 

Hey 'esctate'!

Sorry! I had errands to handle, (just got back from a 900 mile trip two days ago and finally wound down a few hours ago) Going over what the other boys said only confirms what I was thinking. I want to be sure on some things and I finally got the time to look it all over. I'm going to go though your minidump now, and your HiJackThis logs. Expect another reply from me in about 30 - 60 minutes.

-X

 

I will stand by what the previous posters said in regards to getting rid of all anti-virus/malware/etc protection and reverting back to just the windows firewall. *or NO firewalls at all, just go into safe mode, download the later mentioned, then go offline when performing your fixes. Use a USB to install a known decent firewall, or turn on your windows firewall after the fix is completed*


cmdguard.sys cmdguard.sys+fc54abc0 0x8c80d000 0x8c888000 0x0007b000 0x4f5d0e11 3/11/2012 2:41:53 PM
ntkrnlpa.exe ntkrnlpa.exe+23add1 0x8220d000 0x825c7000 0x003ba000 0x4ea6b87e 10/25/2011 7:24:14 AM

These are your two primary causes for your BSOD; cmdguard.sys is a process that helps in executing certain applications which for the most part, are system related. ntkrnlpa.exe is related to your computers hardware hibernation and wake up states (commonly) and among other things. We'll aim at the hibernation portion of it first.

1) Go to Control Panel -> Power Options and Select High Performance.
a) Then select "Change plan settings"
b) Change everything to set it up as to never shut up for any reason. (This is a temporary fix, and you'll have to go back to change it again. After this is done, and setting should be fine)

2) For cmdguard.sys, I'd actually recommend a program. Manual repair is a tedious and long process to go through and while I CAN walk you through it, I'd rather use a program that would do the majority of the click click work for me. Now, I have a hard time recommending program, especially registry repair or clean up programs. Any registry CLEAN UP programs have a really difficult time getting installed on my computer. I don't believe in CLEANING UP the registry, however a registry REPAIR program is a little different in my book. Just a little. I have ONE that I use, and I can vouch for it. (Just downloaded the exe myself and ran it; seemed legit enough to me. This is AFTER running the google search for any scam related sources)

Program name is Auslogics Registry Cleaner, the link is "http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=55&f=00&su=p284.13.342.ip_p504.6.342.ip_&tt=3&bt=1&bts=1&zu=http%3A//www.auslogics.com/en/software/registry-cleaner/download" to download it from CNet.

Run the program in safe mode, fix all your problems, then restart your computer.

3) After this is done; I'd highly recommend making sure your BIOS and Chipset drivers are updated. The website you would want to go to update YOUR chipset and BIOS is;

"http://ftp.hp.com/pub/softpaq/sp48001-48500/sp48079.exe"
*SIDENOTE: Make SURE antivirus is DISABLED and you run the .exe in SAFEMODE*

4) One more time into safe mode and do this:
Start - type this in Search Box -> command find at top and RIGHT CLICK - RUN AS ADMIN (OR 'windows key' + R to bring up the Run dialogue window, then type in 'cmd' and press Enter)
Enter this at the prompt - "sfc /scannow"

After THAT is finished, press 'windows key' + R again, type in MSCONFIG, go to the Services tab. Check the "Hide all Microsoft services" in the bottom left, then click on the Disable All button. Go to the Startup tab, Click Disable all there too. Now go back to the Services tab, we are going to check mark a couple services you may want to keep; (IF LISTED: Sometimes they won't show up here, which in this case will be fine, if they DO show up; Check mark them)

Services:
XAudioService
(lol going through it all, most of the stuff you got is "IF" you want it material, nothing really needed. Except Microsoft stuff of course.)

Startup:
(I can't see what the Startup Item is, but I can see the Command column, so I'll be citing that as your reference)
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\Dwm.exe
^-- Above may be located under Services and hidden under the "Hide all Microsoft Services" check box. Don't be alarmed if you can not find those programs.

Finally, press Apply, then OK, then Restart (or Exit with Restart). When that is all completed, reset your Power Settings, and if you come across another Blue Screen of DOOOOOOM post up the Minidump again.

-X

 

OH! Another note: After doing everything I stated in my post, your computer should be running bare minimums for programs and services. (That is if your Antivirus software has been removed already. If it hasn't I will provide you with a step by step process to removing any of them you have installed)

I will STRONLY suggest you reinstall a Antivirus program and if you like, an Anti-Malware program after running through my steps. Considering that my steps have solved your problem.

-X

 

???

As far as I know, cmdguard.sys is the COMODO Internet Security Sandbox Driver and ntkrnlpa.exe is the kernel image (with Physical Address Extension support) for the family of Microsoft Windows NT operating systems.

We are already addressing the Comodo possibility, and the ntkrnl reference really has no bearing on the cause of the BSOD - the crashes are most likely the result of a rogue 3rd-party driver that is hiding under the memory address range of NT at BSOD time.

It would be my recommendation to refrain from introducing any other potential sources of problems (such as registry cleaners), at least until we can verify that the initial troubleshooting steps are successful or not...

 

I'm very sorry for not posting back sooner!

However, I am going to just get a new computer now. My current one was getting pretty old, and it was getting more and more impossible to do anything on it, including the instructions given. Thank you all for taking the time to respond to me in the first place! I really appreciate it! I will definitely be back if I have any problems with my next computer!

Thanks again!

 

Thanks for the feedback, esctate - sometimes biting the bullet and grabbing a new system is the best way to move forward. Besides: with a new machine up and running, you'll have a stable platform from which you can work on the old 'puter...

Good luck - let us know how it goes...:major