View Single Post
  #56  
Old January 23rd, 2021, 04:08 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Quote:
012121-20529-01.dmp 1/21/2021 6:58:48 PM PAGE_FAULT_IN_NONPAGED_AREA 0x00000050
Quote:
Something happened with pc but not sure what.. left it on and unattended yesterday evening for approx 2 hrs and when came back screen was black and only thing working/ visible was the mouse pointer which could move around.. hit keyboard keys including ctrl-alt-del and nothin.. no response.. so had to hard reboot.



looks like it did blue screen.. timeframe fits
Farbar has listed this information as a file. But he didn't list it in the errors section.


Could this problem be related to sleep mode as well?

How to turn off sleep mode on PC?
To do this, follow these steps:

Click Start, type Power sleep in the Start Search box, and then click Change when the computer sleeps.
In the Put the computer to sleep box, select a new value, such as 15 minutes. ...
My suggestion for sleep and screen settings is Never

Now close the page. Observe the computer's operation after doing it.


================================================== =


Uninstall some programs:

NOTE: Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

SpywareBlaster
FileHippo.com
ArcSoft
CANON


and click on remove

================================================== ==

Run FRST fixlist
  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
-------------------------------------------------------

start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Print\Monitors\Canon BJ Language Monitor MX880 series: C:\Windows\system32\CNMLMAN.DLL [385024 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Windows x64\Print Processors\Canon MX880 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAN.DLL [30208 2012-03-14] (CANON INC.) [File not signed]
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.)
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [328192 2010-09-08] (CANON INC.) [File not signed]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed]
2012-01-10 12:10 - 2010-09-10 14:57 - 000023040 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
2012-12-09 19:07 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLMAN.DLL
2012-01-10 12:07 - 2010-09-08 11:27 - 000328192 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2012-01-09 22:13 - 2012-03-14 05:00 - 000117248 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\CNMCPAN.DL L
2012-01-09 22:13 - 2012-03-14 05:00 - 000780288 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\CNMDRAN.DL L
2012-01-09 22:13 - 2012-03-14 05:00 - 003769344 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\CNMUIAN.DL L
2012-01-09 22:14 - 2012-03-14 05:00 - 000030208 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\CNMPDAN.DLL
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2011-10-15] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2011-10-15] (Canon Inc. -> CANON INC.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
C:\Program Files (x86)\ArcSoft
C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL
C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL
C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Symantec Corporation -> Dell, Inc.)
Task: {49A214E5-828F-47E3-9685-505850C22A4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3545880 2013-04-23] (Piriform Ltd -> Piriform Ltd)
Task: {DA526EE1-9119-49D3-A2EB-D46AC198046E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed]
CHR Extension: (Extensions) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjcdccmhfohhffdhmleihkcge fgnghb [2020-05-13]
C:\Users\Hans\AppData\Roaming\vlc

Folder: C:\f466e4c8851c01e97ddacb544b

C:\Users\Hans\Downloads\Thumbs.db
C:\Program Files (x86)\FileHippo.com
C:\Program Files (x86)\ArcSoft
2014-11-12 17:42 - 2014-11-12 17:42 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL
2014-11-12 17:41 - 2014-11-12 17:41 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL
2012-12-13 07:48 - 2019-12-15 17:14 - 000164864 _____ () C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 17:39 - 2014-11-12 17:39 - 000000272 _____ () C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2011-10-15] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2011-10-15] (Canon Inc. -> CANON INC.)
FirewallRules: [TCP Query User{74CE6E9A-5FC0-48C5-B0CB-B5612DCE6764}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{4169D8AB-4712-4368-BADF-0A1B7F5C0E42}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{F0C35492-771F-4F1B-875C-91C813A74DA2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{27D7B9BA-05A5-4936-B8AE-684FBAD9A878}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::
---------------------------------
NOTICE: This script is written specifically for this computer!!!
  • Running this on another computer may cause damage to the Operating System.
  • Now, Please run FRST as administrator, and press theFix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt
>> Please post the Fixlog.txt in your reply.
==================================================

Regards.
Reply With Quote