Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware


  • This topic is locked This topic is locked
14 replies to this topic

#1 fire_poi

fire_poi

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 14 July 2010 - 12:40 AM

Previous thread on issue:
http://www.bleepingcomputer.com/forums/t/331477/constant-blue-screen-of-death/

My computer (Dell Latitude D600 Windows XP Pro) keeps getting constant blue screens of death. It began just after I reinstalled windows (did so because of a number of error messages that would not allow windows to launch). When I try and scan for Malware i get the bsod. I was able to do some of the logs from the prep guide but received the bsod for the GMER log - but have included the others here.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 22:14:59.44 on Tue 07/13/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.589 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Emsisoft Anti-Malware *On-access scanning enabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Admin.ADMIN-01E2E9EAB\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://search/
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [a-squared] "c:\program files\emsisoft anti-malware\a2guard.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin~1.adm\applic~1\mozilla\firefox\profiles\djxlxff5.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\admin.admin-01e2e9eab\application data\mozilla\firefox\profiles\djxlxff5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2010-7-13 39576]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2010-7-13 11776]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-12 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-12 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-12 243024]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-7-13 1935120]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-12 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-12 308136]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-7-13 71008]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2010-7-12 92550]

=============== Created Last 30 ================

2010-07-14 05:07:42 0 ----a-w- c:\documents and settings\admin.admin-01e2e9eab\defogger_reenable
2010-07-14 03:58:15 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-07-14 03:46:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 03:46:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-14 03:46:24 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-07-14 01:52:15 0 d-sh--w- C:\found.000
2010-07-14 01:27:20 0 d-----w- c:\program files\DriverFinder
2010-07-13 22:04:16 0 d-----w- C:\e1e94e85925f6d091fd0
2010-07-13 02:41:21 0 d-----w- c:\program files\PowerISO
2010-07-13 02:37:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-13 02:37:31 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-13 02:37:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-13 02:33:07 0 d-----w- c:\program files\AVG
2010-07-13 02:32:35 0 d-----w- c:\docume~1\alluse~1.win\applic~1\avg9
2010-07-13 02:14:03 0 d-----w- c:\windows\system32\CatRoot_bak
2010-07-13 01:46:54 0 d-----w- c:\program files\Yahoo!
2010-07-13 01:27:32 0 d-----w- c:\docume~1\admin~1.adm\applic~1\uTorrent
2010-07-13 00:55:30 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-13 00:52:28 0 d-s---w- c:\documents and settings\admin.admin-01e2e9eab\UserData
2010-07-13 00:47:47 0 d-----w- c:\docume~1\alluse~1.win\applic~1\GARMIN
2010-07-13 00:47:46 0 d-----w- c:\docume~1\admin~1.adm\applic~1\GARMIN
2010-07-13 00:44:18 156160 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
2010-07-13 00:44:18 156160 ----a-w- c:\windows\system32\drivers\b57xp32.sys
2010-07-13 00:44:14 0 d-----w- c:\program files\Broadcom
2010-07-13 00:34:59 667648 ----a-w- c:\windows\system32\BCMLogon.dll
2010-07-13 00:34:58 2113 ----a-w- c:\windows\bcmE5.tmp
2010-07-13 00:34:22 40960 ----a-r- c:\windows\system32\ct32.dll
2010-07-13 00:34:22 34329 ------r- c:\windows\O2Remove.EXE
2010-07-13 00:34:16 92550 ----a-r- c:\windows\system32\drivers\ozscr.sys
2010-07-13 00:34:16 7866 ----a-r- c:\windows\system32\drivers\ozscr.cat
2010-07-13 00:34:16 2056 ----a-r- c:\windows\system32\drivers\ozscr.inf
2010-07-13 00:34:05 8185 ----a-r- c:\windows\system32\drivers\o2mwxp.cat
2010-07-13 00:34:05 3714 ----a-r- c:\windows\system32\drivers\o2mwxp.inf
2010-07-13 00:32:51 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-07-13 00:32:47 6020 ----a-r- c:\windows\system32\atifglpf.xml
2010-07-13 00:32:44 104376 ----a-r- c:\windows\system32\atiicdxx.dat
2010-07-13 00:32:42 929 ----a-r- c:\windows\system32\drivers\ativcaxx.vp
2010-07-13 00:32:42 58560 ----a-r- c:\windows\system32\drivers\ativckxx.vp
2010-07-13 00:32:42 25328 ----a-r- c:\windows\system32\drivers\ativvpxx.vp
2010-07-13 00:32:42 1114674 ----a-r- c:\windows\system32\drivers\ativcaxx.cpa
2010-07-13 00:29:57 54272 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
2010-07-13 00:12:13 178 --sh--w- c:\documents and settings\admin.admin-01e2e9eab\ntuser.ini
2010-07-13 00:10:19 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-07-13 00:07:59 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2010-07-13 00:06:58 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-07-13 00:05:57 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-07-13 00:03:54 2577 ----a-w- c:\windows\system32\CONFIG.NT
2010-07-13 00:03:54 0 ----a-w- c:\windows\control.ini
2010-07-13 00:03:45 23392 ----a-w- c:\windows\system32\nscompat.tlb
2010-07-13 00:03:45 16832 ----a-w- c:\windows\system32\amcompat.tlb
2010-07-13 00:03:44 316640 ----a-w- c:\windows\WMSysPr9.prx
2010-07-13 00:01:44 0 d-sh--w- c:\documents and settings\all users.windows\DRM
2010-07-13 00:01:29 488 ---ha-r- c:\windows\system32\WindowsLogon.manifest
2010-07-13 00:01:29 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-07-13 00:01:19 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-07-13 00:01:19 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-07-13 00:01:19 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-07-13 00:01:19 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-07-13 00:01:19 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-07-13 00:01:19 749 ---ha-r- c:\windows\system32\cdplayer.exe.manifest
2010-07-13 00:00:34 4399505 -c--a-w- c:\windows\system32\dllcache\nls302en.lex
2010-07-13 00:00:08 28160 -c--a-w- c:\windows\system32\dllcache\msoobe.exe
2010-07-13 00:00:07 11264 -c--a-w- c:\windows\system32\dllcache\atrace.dll
2010-07-13 00:00:07 11264 ----a-w- c:\windows\system32\atrace.dll
2010-07-13 00:00:06 99840 -c--a-w- c:\windows\system32\dllcache\helphost.exe
2010-07-13 00:00:06 6656 -c--a-w- c:\windows\system32\dllcache\hcappres.dll
2010-07-13 00:00:06 35328 -c--a-w- c:\windows\system32\dllcache\notiflag.exe
2010-07-13 00:00:06 21504 -c--a-w- c:\windows\system32\dllcache\brpinfo.dll
2010-07-13 00:00:04 48680 --sh--w- c:\windows\winnt256.bmp
2010-07-13 00:00:04 48680 --sh--w- c:\windows\winnt.bmp
2010-07-13 00:00:04 2 ----a-w- c:\windows\system32\desktop.ini
2010-07-13 00:00:04 2 ----a-w- c:\windows\desktop.ini
2010-07-12 23:58:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-12 23:57:23 37 ----a-w- c:\windows\vbaddin.ini
2010-07-12 23:57:23 36 ----a-w- c:\windows\vb.ini
2010-07-12 23:55:59 99750 ----a-w- c:\windows\system32\wbem\tscfgwmi.mof
2010-07-12 16:51:55 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-07-12 16:51:22 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-07-12 16:50:00 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2010-07-12 16:49:44 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-07-12 16:49:27 74240 ----a-w- c:\windows\system32\usbui.dll
2010-07-12 16:48:58 9344 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-07-12 16:48:55 14080 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-07-12 16:48:55 14080 ----a-w- c:\windows\system32\drivers\battc.sys
2010-07-12 16:45:12 0 d-----r- c:\documents and settings\all users.windows\Documents
2010-07-12 16:43:18 261 ----a-w- c:\windows\system32\$winnt$.inf
2010-07-12 16:20:11 0 d-----w- c:\windows\dell
2010-07-12 16:13:03 68224 ----a-w- C:\pci.sys
2010-07-12 16:12:35 0 d-----w- C:\tmp
2010-07-12 16:12:10 0 d-----w- c:\windows\tmp
2010-06-23 01:34:29 0 d-----w- c:\program files\iPod
2010-06-17 19:26:34 0 d-----w- c:\program files\Senstic

==================== Find3M ====================


============= FINISH: 22:17:53.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:19 AM

Posted 19 July 2010 - 07:13 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 fire_poi

fire_poi
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 20 July 2010 - 10:12 AM

I have subscribed to the topic and am ready for some help

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:19 AM

Posted 20 July 2010 - 06:46 PM

Let's see if we can get Gmer running in some way.

Please run Gmer again but check only the SECTIONS option first. smile.gif
Posted Image
m0le is a proud member of UNITE

#5 fire_poi

fire_poi
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 20 July 2010 - 08:11 PM

here is the sections log

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:19 AM

Posted 21 July 2010 - 02:57 PM

Let's check what BSODs you're getting.

Download/install BlueScreenView - http://www.nirsoft.net/utils/blue_screen_view.html.

Double-click BlueScreenView.exe file to run the program.

When scanning is done, Edit/Select All...then File/Save Selected Items. Save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
Posted Image
m0le is a proud member of UNITE

#7 fire_poi

fire_poi
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 21 July 2010 - 03:22 PM

was trying this before the issue was moved to this post - and it does not come up with anything for the scan (my understanding is the scan starts automatically). Wondering as well since at this point there is nothing on the computer that I need to keep (at least on that drive) if a format might not solve my problems easier.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:19 AM

Posted 21 July 2010 - 03:24 PM

A format will always be quicker and more secure so if there's nothing else to keep and yo are familiar with how to do reformats then go ahead.

If you would like me to investigate further then let me know. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#9 fire_poi

fire_poi
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 21 July 2010 - 04:02 PM

would you do the format through prompt or would you do it through the recovery cd since it gave me an option of that before?

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:19 AM

Posted 21 July 2010 - 05:00 PM

Use the recovery CD as the first option.
Posted Image
m0le is a proud member of UNITE

#11 fire_poi

fire_poi
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 22 July 2010 - 07:33 PM

formatted the c: dirve with the recovery disk, reinstalled windows, reinstalled the drivers, getting windows updates, installed firefox, installed SP2, installed IE8, and was in the process of installing AVG free when got a bsod very quickly - computer restarted and then gave the message "Primary hard disk drive 0 not found - no bootable devices. If I restart the computer it boots to windows - but will again get the bsod quickly and then the same thing. Ran the bluescreenview and it says that there have been no crashes

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:19 AM

Posted 22 July 2010 - 07:39 PM

I suggest you post this problem in the XP forum as there may be some serious problems with your system.

http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

They are more experienced than me with system issues and because the PC is now clean this falls outside of the malware removal forum.

I will hold this topic open for five days, after that please PM me if you need to.

Good luck getting this problem resolved. smile.gif
Posted Image
m0le is a proud member of UNITE

#13 fire_poi

fire_poi
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 22 July 2010 - 07:42 PM

thanks for the help

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:19 AM

Posted 22 July 2010 - 07:54 PM

thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:19 AM

Posted 27 July 2010 - 06:53 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users