Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated Blue Screen of Death


  • This topic is locked This topic is locked
31 replies to this topic

#1 Teach2reach

Teach2reach

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 23 January 2009 - 10:35 PM

I have been reading on here, and hoping I could get to the bottom of my issue myself, but I need someone more technically minded than me at this point.

For the past four days I have come home from work to the blue screen. It has done a physical dump each time, and seemed to be fine on reboot. When I send the error to Microsoft it is telling me that it is a driver issue.

Here is what I have done so far: Scanned with Malware and AVG free addition and removed all found objects; 9 were found on Malware. I can give you a copy of the logs at your request.

I downloaded the Dell Driver diagnostic tool and it is saying there is nothing wrong with my drivers. I am using Firefox and have Comcast for a server, but I also have a Linksys for another computer in the house.

My system information is as follows:
Microsoft Windows XP Home Edition
Version 2002
Service Pack 3
Dell Dimension DV051
Intel Pentium 504 MB RAM
I have 81.8 GB of free space remaining.

If you need anything else please let me know. I am hoping I do not need another computer.
Thanks in advance.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:49 AM

Posted 23 January 2009 - 10:42 PM

Would you post that Malwarebyte's log?

Do you have McAfee running? That might be part of the problem

Edited by DaChew, 23 January 2009 - 10:42 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 Teach2reach

Teach2reach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 23 January 2009 - 10:48 PM

Here is the Malware log.

Malwarebytes' Anti-Malware 1.30
Database version: 1371
Windows 5.1.2600 Service Pack 3

1/22/2009 7:16:53 PM
mbam-log-2009-01-22 (19-16-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 122912
Time elapsed: 35 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\JEFF\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Webtools\webtools.dll (Trojan.Agent) -> Quarantined and deleted successfully.

#4 Teach2reach

Teach2reach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 23 January 2009 - 10:52 PM

I forgot to add: no to the McAfee.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:49 AM

Posted 23 January 2009 - 11:06 PM

Malwarebytes' Anti-Malware 1.33
Database version: 1687
Windows 5.1.2600 Service Pack 3


Would you update MBAM, reboot, check updates again until you are fully updated

Run a new scan and post that log

What security programs do you have installed

Did you ever have McAfee or other AV suites installed, few get uninstalled properly

Even applying sp3 to an infected computer can cause issues like yours

It's almost never a simple problem
Chewy

No. Try not. Do... or do not. There is no try.

#6 Teach2reach

Teach2reach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 23 January 2009 - 11:15 PM

I am pretty sure we had Norton when we got the computer. I do not recall ever running McAfee.
I will update the Malware and repost the logs.
As far as current security, I am only using the AVG free edition, but that is current and all up to date.

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:49 AM

Posted 23 January 2009 - 11:29 PM

Well with those 2, you have completed the 3 most troublesome antivirus programs that cause the majority of our problems removing malware

http://service1.symantec.com/Support/tsgen...005033108162039

at least norton's makes a tool to remove remnants it leaves that interfer or conflict
Chewy

No. Try not. Do... or do not. There is no try.

#8 Teach2reach

Teach2reach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 23 January 2009 - 11:41 PM

I am not sure what you are saying. I guess I was under the misconception that the free edition of AVG was decent enough, and you are saying that is possibly what is causing the issue? I do not know what to do at this point if you are saying we cannot get the remnants off, does this mean I am basically up the creek here? Not sure how to proceed.

#9 Teach2reach

Teach2reach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 23 January 2009 - 11:44 PM

Wow, the scan is still in progress and it is finding a LOT more than it did yesterday. :thumbsup:

#10 Teach2reach

Teach2reach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 23 January 2009 - 11:57 PM

Here is the second log from Malware:

Malwarebytes' Anti-Malware 1.33
Database version: 1687
Windows 5.1.2600 Service Pack 3

1/23/2009 11:55:21 PM
mbam-log-2009-01-23 (23-55-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 127390
Time elapsed: 38 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\JEFF\Local Settings\Temp\winsinstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\JEFF\Local Settings\Temp\wnmcoeasrx.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP921\A0097343.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP927\A0098393.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP927\A0098394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP928\A0098415.dll (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP879\A0095323.cpl (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP879\A0095325.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP879\A0095327.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP879\A0095328.exe (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP880\A0095361.cpl (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP880\A0095363.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP880\A0095365.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP880\A0095366.exe (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0095387.cpl (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP881\A0095388.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:49 AM

Posted 24 January 2009 - 12:01 AM

http://www.malwarebytes.org/forums/index.php?showtopic=7368


Bookmark this guide on AVG, sometimes to fix a computer we have to clean up the mess an antivirus makes


AVG used to be a good program, the old version is not supported and the new free one has a lot of bugs

Never run more than one AV and make sure they are cleaned off your computer before switching



http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Here's another link to read regarding security programs interfering with cleaning a computer
Chewy

No. Try not. Do... or do not. There is no try.

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:49 AM

Posted 24 January 2009 - 12:04 AM

That's promising, all remnants, temp or old restore files

let's try another program

SAS and ATF cleaner

http://www.bleepingcomputer.com/forums/ind...t&p=1097562

follow Boopme's directions exactly
Chewy

No. Try not. Do... or do not. There is no try.

#13 Teach2reach

Teach2reach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 24 January 2009 - 12:05 AM

Chewy,
Thanks so much for your help. While you are figuring things out ( I hope you are, anyway,lol) I will read your links.

#14 Teach2reach

Teach2reach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 24 January 2009 - 12:06 AM

K. I will post back after I finish.

#15 Teach2reach

Teach2reach
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 24 January 2009 - 01:12 AM

Chewy,

I followed everything to the letter, and in the midst of running the Superantispyware in safe mode, I heard the computer restart in regular mode, and then right when I was checking, I got another BSOD.

I am getting freaked out because I have all of my school stuff on here.

Please advise!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users