Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Gives Me Blue Screen of Death When I Try Safe Mode


  • This topic is locked This topic is locked
2 replies to this topic

#1 Chris Brennan

Chris Brennan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 01 January 2010 - 06:53 AM

Intro
I picked up a pretty nasty virus of some sort yesterday, and while I'm used to getting rid of spyware and malware, I've never encountered anything like this before, and I'm at a complete loss for what to do.

Computer Specs
I'm running Windows XP with SP3 on a 2.2 GHz Dell.

Synopsis of the Problem
Yesterday I was browsing through some websites when all of a sudden windows informed me that it was restarting itself. From that point forward as soon as I would boot up the computer and launch the internet connection and browser, the computer would start to freeze up. This is not the typical 'computer slowing down due to spyware' type deal though. Rather, the computer just freezes up and any programs that are running start becoming nonresponsive, although I can still move the mouse for some reason. Now, once it gets to this point where the programs have become nonresponsive but I can still move the mouse, if I click the screen a few times randomly then the computer totally locks up and the tower starts emitting a long beeping noise and the mouse stops moving, at which point I am forced to press the power button and turn it off.

I realized that I had some sort of virus or trojan, and I tried to do some scans with the typical programs (Malwarebytes, TrendMicro, Spybot), but they would always either A) freeze up before completing the scan, or :( complete the scan without finding anything.

I tried restarting in Safe Mode, but when I do this I get the blue screen of death almost immediately that says

"A problem has been detected and Windows has been shut down to prevent damage to your computer. If this is the first time you've seen this message..." "... Technical information *** STOP: 0x0000007E (0xc0000005, 0x8AA3348B, 0xBA4c2c44, 0xBA4C2940)"

At that point I just have to shut it down.

What is interesting is that I also get this blue screen sometimes now when I do things like run a full MalwareBytes scan, or once when I closed TrendMicro from the taskbar.



Steps I've Taken to Fix the Problem

*Ran MalwareBytes quick scan - found only one minor looking trojan file attached to Internet Explorer (which is odd since I don't use IE).
*Ran MalwareBytes full scan - Unable to complete the full scan, as I always get the blue screen of death before it finishes. The first time I did the full scan it seemed like it found one thing, but then stalled out 2 hours into the scan with error # 731. The second time I ran a full Malwarebytes scan I went to sleep, and when I woke up it was on the blue screen of death saying that it had to shut down the computer in order to avoid doing further damage to it.
*Spybot - Found nothing.
*Superantispyware - found two minor files, but nothing major when I did a full scan and a quick scan.
*Trend Micro PC-cillin Internet Security - found nothing on full scan.

One of the issues is that I have problems completing full scans, since the programs often freeze up after being on for more than 10 minutes.

*Combofix - I got desperate at one point and tried to run ComboFix on my own, as I had done earlier last year, but the program wont even launch. It opens the command prompt window like its about to launch, but then it closes a second later.



RootRepeal

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2010/01/01 04:09
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32

driversrootrepeal.sys
Address: 0xB4CC9000 Size: 49152 File

Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:
Status: MBR Rootkit Detected!

Path: C:hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address

0xb9e2d514

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address

0xb9e1c282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address

0xb9e1c474

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address

0xb9e2dd00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address

0xb9e2dfb8

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address

0xb9e2c3fa

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address

0xb9e2e422

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address

0xb9e2d7d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:Program

FilesSUPERAntiSpywareSASKUTIL.sys" at address

0xb61720b0

Stealth Objects
-------------------
Object: Hidden Code [Driver: ACPI,

IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a969e68 Size: 257

==EOF==





DDS txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by Chris at 2:16:18.07 on Fri 01/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1006 [GMT -7:00]

AV: Windows System Defender *On-access scanning enabled* (Updated) {B6AD5A50-6E52-4B0E-B83A-44FB83EB68F2}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Windows System Defender *enabled* {3396522A-08E9-4D76-BD89-08D0674B9B4A}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesMicrosoft Small BusinessBusiness Contact ManagerBcmSqlStartupSvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32dldocoms.exe
C:xamppmysqlbinmysqld.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:WINDOWSsystem32nvsvc32.exe
C:PROGRA~1TRENDM~1INTERN~1PcCtlCom.exe
C:WINDOWSsystem32IoctlSvc.exe
C:WINDOWSsystem32PSIService.exe
C:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:PROGRA~1TRENDM~1INTERN~1Tmntsrv.exe
C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
C:PROGRA~1TRENDM~1INTERN~1tmproxy.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ICO.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesTrend MicroInternet Security 14pccguide.exe
C:Program FilesCyberLinkPowerDVD DXPDVDDXSrv.exe
C:WINDOWSOEM03Mon.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesTrend MicroInternet Security 14TMAS_OETMAS_OEMon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesVerizon WirelessVZAccess ManagerVZAccess Manager.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:Documents and SettingsChrisDesktopRootRepeal.exe
C:WINDOWSsystem32notepad.exe
C:Documents and SettingsChrisDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080108
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.1.1309.3572swg.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:program filesgooglegoogle gearsinternet explorer0.5.33.0gears.dll
BHO: HttpWatch Basic: {f1f69322-008f-4895-b2bf-ad194219825a} - c:program fileshttpwatchhttpwatchsc.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
EB: HttpWatch Basic: {2b4c4770-27fd-4a09-b17d-33ca580965fb} - c:program fileshttpwatchhttpwatch.dll
uRun: [OE_OEM] "c:program filestrend microinternet security 14tmas_oeTMAS_OEMon.exe"
uRun: [DellSupportCenter] "c:program filesdell support centerbinsprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [PMX Daemon] ICO.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISUSPM Startup] c:progra~1common~1instal~1update~1ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
mRun: [pccguide.exe] "c:program filestrend microinternet security 14pccguide.exe"
mRun: [PDVDDXSrv] "c:program filescyberlinkpowerdvd dxPDVDDXSrv.exe"
mRun: [dscactivate] "c:program filesdell support centergs_agentcustomdsca.exe"
mRun: [OEM03Mon.exe] c:windowsOEM03Mon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [DellSupportCenter] "c:program filesdell support centerbinsprtcmd.exe" /P DellSupportCenter
dRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t
StartupFolder: c:docume~1chrisstartm~1programsstartupvzacce~1.lnk - c:program filesverizon wirelessvzaccess managerVZAccess Manager.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupadobeg~1.lnk - c:program filescommon filesadobecalibrationAdobe Gamma Loader.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupdigita~1.lnk - c:program filesdigital line detectDLG.exe
IE: &D&ownload &with BitComet - c:program filesbitcometBitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:program filesbitcometBitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:program filesbitcometBitComet.exe/AddAllLink.htm
IE: Append to existing PDF - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:program filesadobeacrobat 8.0acrobatAcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:program filesgooglegoogle gearsinternet explorer0.5.33.0gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
IE: {D103E85B-5D67-42c1-8C83-F01079DBAB26} - {2B4C4770-27FD-4A09-B17D-33CA580965FB} - c:program fileshttpwatchhttpwatch.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200109864695
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:program filesintuitquickbooks 2008HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:windowssystem32mscoree.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL
IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:docume~1chrisapplic~1mozillafirefoxprofiles6gqdxe8g.default
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:documents and settingschrisapplication datamozillafirefoxprofiles6gqdxe8g.defaultextensions{e3f6c2cc-d8db-498c-af6c-499fb211db97}platformwinnt_x86-msvccomponentspagespeed.dll
FF - component: c:program filesgooglegoogle gearsfirefoxlibff35gears.dll
FF - component: c:program fileshttpwatchfirefoxcomponentshttpwatchff.dll
FF - plugin: c:documents and settingschrisapplication datamozillafirefoxprofiles6gqdxe8g.defaultextensionsbattlefieldheroespatcher@ea.complatformwinnt_x86-msvcpluginsnpBFHUpdater.dll
FF - plugin: c:documents and settingschrisapplication datamozillafirefoxprofiles6gqdxe8g.defaultextensionsiaplayer@instantaction.compluginsnpiaplayer.dll
FF - plugin: c:documents and settingschrisapplication datamozillapluginsnpgoogletalk.dll
FF - plugin: c:documents and settingschrislocal settingsapplication datagoogleupdate1.2.183.7npGoogleOneClick8.dll
FF - plugin: c:program filesgooglegoogle updater2.4.1536.6592npCIDetect13.dll
FF - plugin: c:program filesgooglelivelynplively.dll
FF - plugin: c:program filesgoogleupdate1.2.183.13npGoogleOneClick8.dll
FF - plugin: c:program filesgoogleupdate1.2.183.7npGoogleOneClick8.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpdjvu.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpPandoWebInst.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpViewpoint.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: XULRunner: {9E86DB3A-C1BC-4E6D-8A51-084AD66345B8} - c:documents and settingschrislocal settingsapplication data{9E86DB3A-C1BC-4E6D-8A51-084AD66345B8}
FF - HiddenExtension: XULRunner: {3FE86326-F79A-46BA-B429-E13430422B1B} - c:documents and settingschrislocal settingsapplication data{3fe86326-f79a-46ba-b429-e13430422b1b}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [2009-6-7 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-6-7 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-6-7 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-6-7 108552]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-12-16 74480]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2009-6-7 297752]
R2 dldo_device;dldo_device;c:windowssystem32dldocoms.exe -service --> c:windowssystem32dldocoms.exe -service [?]
R2 Tmntsrv;Trend Micro Real-time Service;c:progra~1trendm~1intern~1Tmntsrv.exe [2007-11-8 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:progra~1trendm~1intern~1TmPfw.exe [2007-11-8 923216]
R2 tmpreflt;tmpreflt;c:windowssystem32driverstmpreflt.sys [2007-11-8 36368]
R2 tmproxy;Trend Micro Proxy Service;c:progra~1trendm~1intern~1tmproxy.exe [2007-11-8 566872]
R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:windowssystem32driversOEM03Afx.sys [2008-1-7 141376]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:windowssystem32driversOEM03Vfx.sys [2008-1-7 7424]
R3 OEM03Vid;Creative Camera OEM003 Driver;c:windowssystem32driversOEM03Vid.sys [2008-1-7 235808]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:windowssystem32driverslivecamv.sys [2008-1-7 31616]
R3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-12-16 7408]
R3 tmcfw;Trend Micro Common Firewall Service;c:windowssystem32driversTM_CFW.sys [2007-11-8 280392]
S2 Apache2.2;Apache2.2;c:xamppapachebinhttpd.exe [2009-12-19 24640]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:windowssystem32spooldriversw32x863dldoserv.exe [2007-10-5 99568]
S2 gupdate1c8c1bdbe299ebc;Google Update Service (gupdate1c8c1bdbe299ebc);c:program filesgoogleupdateGoogleUpdate.exe [2008-7-9 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2009-5-15 38224]
S3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32driversmotccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:windowssystem32driversmotccgpfl.sys [2008-8-21 8320]
S3 pmxmouse;PMXMOUSE;c:windowssystem32driverspmxmouse.sys [2008-6-7 18432]
S3 pmxusblf;PMXUSBLF;c:windowssystem32driverspmxusblf.sys [2008-6-7 14336]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesspyware doctorpctsAuxs.exe [2009-6-7 348752]
S3 sdCoreService;PC Tools Security Service;c:program filesspyware doctorpctsSvc.exe [2009-6-7 1095560]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2008-7-21 24652]

=============== Created Last 30 ================

2010-01-01 03:37:24 0 d-----w- c:docume~1alluse~1applic~1SUPERAntiSpyware.com
2010-01-01 03:37:13 0 d-----w- c:program filesSUPERAntiSpyware
2010-01-01 03:37:13 0 d-----w- c:docume~1chrisapplic~1SUPERAntiSpyware.com
2009-12-24 15:37:20 0 d-sh--w- c:documents and settingschrisIECompatCache
2009-12-19 20:26:53 0 d---a-w- C:xampp
2009-12-19 20:06:33 0 d-----w- c:program filesConTEXT
2009-12-19 04:40:50 0 d-----w- c:docume~1chrisapplic~1NoteTab Light
2009-12-19 04:40:39 0 d-----w- c:program filesNoteTab Light
2009-12-17 23:55:39 0 d-----w- c:program filesChami

==================== Find3M ====================

2009-12-03 23:14:06 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-12-03 23:13:56 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-11-14 06:28:03 561459 ----a-w- c:windowsfontsOptima.dfont
2009-10-28 14:40:47 173056 ------w- c:windowssystem32dllcacheie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:windowssystem32strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:windowssystem32dllcachestrmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:windowssystem32httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:windowssystem32dllcachehttpapi.dll
2009-10-20 16:20:16 265728 ------w- c:windowssystem32dllcachehttp.sys
2009-10-13 10:30:16 270336 ----a-w- c:windowssystem32oakley.dll
2009-10-13 10:30:16 270336 ------w- c:windowssystem32dllcacheoakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:windowssystem32rastls.dll
2009-10-12 13:38:19 149504 ------w- c:windowssystem32dllcacherastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:windowssystem32raschap.dll
2009-10-12 13:38:18 79872 ------w- c:windowssystem32dllcacheraschap.dll
2008-12-24 22:56:47 1131176 ----a-w- c:program filesWoW-installer-3.0.1.8874-x86-Win-enUS.exe
2008-01-08 01:54:57 76 --sh--r- c:windowsCT4CET.bin
2008-01-11 22:00:05 88 --sh--r- c:windowssystem326409F88ACE.sys
2008-01-11 22:02:32 2516 --sha-w- c:windowssystem32KGyGaAvL.sys
2008-12-11 17:44:37 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008121120081212index.dat

============= FINISH: 2:18:15.73 ===============






I'm pretty much freaking out here, so any help would be appreciated.


Best regards,
Chris.

I was just backing up files onto an external hard drive, and it had just finished transferring them when it suddenly went to the blue screen of death again!

"A problem has been detected and Windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your compiter. If this screen appears again, follow these steps:

Run a system diagnostic utility supplied by your hardware manufacturer. In particular, run a memory check, and check for faulty or mismatched memory. Try changing video adapters.

Diable or remove and newly installed hardware and drivers. Disable or remove any newly installed software. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select adcanced startup options, and then select safe mode.

Technical information:

*** STOP: 0x0000007F (0x00000008, 0xBA338D70, 0x00000000, 0x00000000)"


Is it possible that this is a hardware issue?

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 01 January 2010 - 03:19 PM.


BC AdBot (Login to Remove)

 


#2 Chris Brennan

Chris Brennan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 02 January 2010 - 04:52 PM

I was eventually able to find a workaround for my problem, and just in case anyone else ends up on this thread because they are trying to figure out how to fix a similar issue on their computer, this is what I did:

The breakthrough came when I saw a reference to a program on this forum called Flash Disinfect, by Subs, the same author of Combofix. For whatever reason this program was able to catch about 10 malware programs that were running on my computer and then remove them.

Prior to this point I was paralyzed because my computer would freeze up before I could complete any malware scans with other programs. I couldn't run a full scan of Malwarebytes, Spybot, Combofix, etc. I could hardly even run DDS and RootRepeal in order to generate the reports for this forum (it took me like 10 attempts). I couldn't even restart in safe mode.

However, once I ran the Flash Disinfect program for some reason my system started to stabilize, at least enough that I could then run Combofix. Combofix seems to have caught a rootkit, probably the one mentioned in the root repeal report above, as well as a number of other sketchy looking programs on my system. From that point forward it was just a matter of sweeping up the aftermath with full scans from Malwarebytes, SuperAntiSpyware, and Avira (all of which picked up different things).

At this point I'm still in the process of running additional scans and fully disinfecting that computer, so I'm still not even using it yet, but I'm pretty sure that the worst of it is over, and I breathed a huge sigh of relief in the realization that I wasn't going to have to wipe my hard drive after all.

While I didn't get any direct help from people on this forum, I did want to thank bleepingcomputer since I did in fact find the fix that eventually worked by reading through past threads here. I realize that you guys are incredibly busy, and I have no idea how you keep on top of all of the requests that you get, but thanks for all of the time and effort you put into it. Keep up the good work.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:07 PM

Posted 10 January 2010 - 11:17 AM

Thanks for letting us know, Chris.

I was about to take your topic - so that's about a 9 day wait at present so, yes, we are very busy - I will close it instead.

-----------------------------------------------------------------------------

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users