Author Topic: Blue screen of death: aswSP.sys  (Read 6139 times)

Offline Elle8

  • Newbie
  • *
  • Posts: 17
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #15 on: May 29, 2011, 02:48:33 PM »
I've just done a HiJack this and uploaded it here too in case there's anything of interest.

Thanks:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:47:47, on 29/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5080820
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.moneysavingexpert.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5080820
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [GSISETUP] E:\setup.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://ssl01.berenberg.de/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: lxcf_device -   - C:\Windows\system32\lxcfcoms.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8649 bytes

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #16 on: May 29, 2011, 03:27:59 PM »
No problem,

That's why I mentioned it in the initial instructions on readme.txt contents, or they are unlikely to know who it is from or how to respond. I will highlight that in future so it is clearer.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Elle8

  • Newbie
  • *
  • Posts: 17
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #17 on: May 29, 2011, 04:22:40 PM »
Thanks David.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #18 on: May 29, 2011, 05:00:25 PM »
You're welcome.

I missed your HJT log last time round, but to be honest, it is a bit of a busted flush as it hasn't been updated in a very long time and malware has progressed into areas that it doesn't even look. A security application has to be up to date or it is worthless.

Didn't see anything obvious in it, but you appear to have remnants of AVG:
O20 - AppInit_DLLs: AVGRSSTX.DLL

This could be a contributory factor in a BSOD (conflict, etc.) so you could elect to fix this in HJT. Or run their removal tool.

- Ensure that all remnants of AVG are gone - AVG8.x (or higher) Remover, download tool from here, http://www.avg.com/download-tools there is a 32bit and 64 bit windows version, ensure you use the correct one.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Elle8

  • Newbie
  • *
  • Posts: 17
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #19 on: May 29, 2011, 05:18:29 PM »
Thanks David. I think it's removed now, as I did the removal tool thingie you suggested and then ran HiJack again and couldn't see it on the list.

I'd like to remove this one too, as it was from a former workplace:
 https://ssl01.berenberg.de/dana-cached/sc/JuniperSetupClient.cab

I know it's nothing to do with avast, but can you help me and tell me how to do it please?

Thank you.

Offline Elle8

  • Newbie
  • *
  • Posts: 17
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #20 on: May 29, 2011, 06:05:11 PM »
 :-[ Just blue screened again with the same driver message mentioned above, so even though I've removed the AVG and AntiVir, it's still blue screening.

How depressing. :'(

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64881
  • Gender: Male
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #21 on: May 29, 2011, 06:39:27 PM »
:-[ Just blue screened again with the same driver message mentioned above, so even though I've removed the AVG and AntiVir, it's still blue screening.

How depressing. :'(
Did you try to uninstall them with specialized tools?
AVG Remover can be downloaded here: http://www.avg.com/download-tools
After you use Add/Remove, you should use Avira Antivir RegistryCleaner as well as the appropiate "Uninstallation Package", both of which can be found at: http://www.avira.com/en/support/support_downloads.html
The best things in life are free.

Offline Elle8

  • Newbie
  • *
  • Posts: 17
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #22 on: May 29, 2011, 06:46:06 PM »
Yes Tech, I did, as DavidR had sent these links to me earlier. I'm just waiting to hear back re my FTP download. The last error message I got still mentioned the aswSP.sys driver.

Thanks for your help!

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64881
  • Gender: Male
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #23 on: May 29, 2011, 07:18:38 PM »
Sorry Elle8, the thread is so long ;D
If you upload the dump, hope pk or vlk can have a look on it.
The best things in life are free.

Offline Elle8

  • Newbie
  • *
  • Posts: 17
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #24 on: May 29, 2011, 07:26:06 PM »
No worries. It's my fault for posting bits and pieces. I hope they look at it soon too. I uploaded it earlier today.

Thanks for your help!

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #25 on: May 29, 2011, 07:26:23 PM »
Thanks David. I think it's removed now, as I did the removal tool thingie you suggested and then ran HiJack again and couldn't see it on the list.

I'd like to remove this one too, as it was from a former workplace:
 https://ssl01.berenberg.de/dana-cached/sc/JuniperSetupClient.cab

I know it's nothing to do with avast, but can you help me and tell me how to do it please?

I don't know if there wouldn't be other elements to this O16 item, which is an ActiveX Object:
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - hXXps://ssl01.berenberg.de/dana-cached/sc/JuniperSetupClient.cab

But you should be able to remove it using HJT, if it were ever needed again then it would have to be reloaded, see image.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Elle8

  • Newbie
  • *
  • Posts: 17
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #26 on: May 29, 2011, 07:44:23 PM »
It's being very stubborn and won't be removed ::).

Thank you David.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #27 on: May 29, 2011, 08:03:53 PM »
What is the actual error that it is giving ?

Do you have Internet Explorer open when trying to delete it ?
If so close it.

Google is your friend, all you have to do is decide on what to search for, http://www.google.co.uk/search?q=remove+activeX+object, this being the first hit, http://support.microsoft.com/kb/154850.

Whilst this mentions very old IE versions and is almost a year old, it does give some general information. This one is more recent, http://support.microsoft.com/kb/240797 March this year.

Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Tango62

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #28 on: May 30, 2011, 07:38:32 AM »
i was working online and up popped up the avast logo with you need to update. So clicked on it and after that it said to restart and power down. So I did. Now it just boots up to blue screen of death. ???

Offline Elle8

  • Newbie
  • *
  • Posts: 17
    • Personal Message (Offline)
Re: Blue screen of death: aswSP.sys
« Reply #29 on: May 30, 2011, 08:57:04 AM »
Thanks David. I tried to remove with IE closed, but it still gave me the error message stating:

Error details:
An unexpected error has occurred at procedure:
modBackup_MakeBackup (sItem=016 - DPF:
{F27237D7-93C8-44C2-AC6E-D6057B9A918F}
(JuniperSetupClientControl Class) -
https://ssl01.berenberg.de/dana-cached/sc/JuniperSetupClient.cab
Error #75 - Path/File access error

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now