Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix now PC wont boot


  • This topic is locked This topic is locked
14 replies to this topic

#1 kevintsai6977

kevintsai6977

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 10 November 2011 - 11:08 PM

So I ran malwarebytes and avira antivirus to remove my fake virus which installed something like Privacy Protection on my desktop and a fake virus scanner popped up wanting me to click it. I a scan and it detected some viruses and deleted it I thought my problem was solved yet 5 mins later I see the task ping.exe in taskmanager is at 100% and the Privacy Protection Virus scanner pops up again. I tried lauching task manager but the virus will just shut it down immediately. So I ran Combofix thinking it would fix the problem and now it won't boot only in safe mode. By the way I ran it in safemode with networking when I tried to remove the virus and when I ran Combofix. I am running on Windows XP SP3 I almost wanted to formatted my laptop again but I really would love to fix the problem without doing so. Thanks

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,985 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 PM

Posted 11 November 2011 - 05:31 AM

Hello, since your computer still boots in safe mode, I recommend you to follow this guide and start a topic HERE including the requested logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 kevintsai6977

kevintsai6977
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 12 November 2011 - 11:50 PM

Okay now the problem doesnt occur anymore now my only problem is getting the blue screen of death after the computer runs normally for 5 mins. I get the blue screen for a quick second then reboots it keeps doing it. I windwos XP some people say I should insert the XP CD and boot from it and press R to recovery mode. Any suggestions?

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,985 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 PM

Posted 13 November 2011 - 02:24 AM

Does this problem occur also in Safe Mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 kevintsai6977

kevintsai6977
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 14 November 2011 - 05:36 PM

its fine in safe mode

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,985 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 PM

Posted 15 November 2011 - 03:27 AM

Lets have a look at the BSOD error codes.

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 kevintsai6977

kevintsai6977
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 16 November 2011 - 02:47 PM

==================================================
Dump File : Mini111611-01.dmp
Crash Time : 11/16/2011 11:40:02 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804fa379
Parameter 3 : 0xa7e74a9c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+23379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+23379
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111611-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

==================================================
Dump File : Mini111211-02.dmp
Crash Time : 11/12/2011 8:32:29 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804fa379
Parameter 3 : 0xaa94aa9c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+23379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+23379
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111211-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

==================================================
Dump File : Mini111211-01.dmp
Crash Time : 11/12/2011 8:27:01 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804fa379
Parameter 3 : 0xaf948a9c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+23379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+23379
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini111211-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

==================================================
Dump File : Mini101911-01.dmp
Crash Time : 10/19/2011 5:26:34 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xe7a66270
Parameter 2 : 0x00000001
Parameter 3 : 0xba77319b
Parameter 4 : 0x00000001
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+2a19b
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : Ntfs.sys+2a19b
Stack Address 1 : Ntfs.sys+33f53
Stack Address 2 : Ntfs.sys+28b32
Stack Address 3 : Ntfs.sys+25f2d
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101911-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

==================================================
Dump File : Mini021411-01.dmp
Crash Time : 2/14/2011 8:46:45 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x00000cd4
Parameter 3 : 0x00000000
Parameter 4 : 0xe1183ce8
Caused By Driver : sptd.sys
Caused By Address : sptd.sys+19c00
File Description : SCSI Pass Through Direct Host
Product Name : SCSI Pass Through Direct
Company : Duplex Secure Ltd.
File Version : 1.62.0.0 built by: WinDDK
Processor : 32-bit
Crash Address : ntoskrnl.exe+606ba
Stack Address 1 : ntoskrnl.exe+7afc5
Stack Address 2 : ntoskrnl.exe+b9ff3
Stack Address 3 : ntoskrnl.exe+bc387
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini021411-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 102,400
==================================================

==================================================
Dump File : Mini120810-01.dmp
Crash Time : 12/8/2010 4:35:04 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x00000cd4
Parameter 3 : 0x00000000
Parameter 4 : 0x870f86a0
Caused By Driver : hal.dll
Caused By Address : hal.dll+2900
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+606ba
Stack Address 1 : ntoskrnl.exe+7afc5
Stack Address 2 : ntoskrnl.exe+7a3e3
Stack Address 3 : ntoskrnl.exe+17306
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini120810-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

==================================================
Dump File : Mini072810-01.dmp
Crash Time : 7/28/2010 11:57:39 AM
Bug Check String : INVALID_WORK_QUEUE_ITEM
Bug Check Code : 0x00000096
Parameter 1 : 0x8aabdd10
Parameter 2 : 0x8056a5c0
Parameter 3 : 0x8056a5c0
Parameter 4 : 0xb942ea9a
Caused By Driver : btkrnl.sys
Caused By Address : btkrnl.sys+2ea9a
File Description : Bluetooth Bus Enumerator
Product Name : Bluetooth Software 5.1.0.2700
Company : Broadcom Corporation.
File Version : 5.1.0.2700
Processor : 32-bit
Crash Address : ntoskrnl.exe+6069a
Stack Address 1 : ntoskrnl.exe+4ad30
Stack Address 2 : ntoskrnl.exe+b3ae
Stack Address 3 : ntoskrnl.exe+9f316
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072810-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 98,304
==================================================

==================================================
Dump File : Mini040710-01.dmp
Crash Time : 4/7/2010 12:10:23 PM
Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code : 0x000000ea
Parameter 1 : 0x8a7e1720
Parameter 2 : 0x8694db10
Parameter 3 : 0x87105560
Parameter 4 : 0x00000001
Caused By Driver : nv4_disp.dll
Caused By Address : nv4_disp.dll+9ac84
File Description : NVIDIA Compatible Windows 2000 Display driver, Version 156.10
Product Name : NVIDIA Compatible Windows 2000 Display driver, Version 156.10
Company : NVIDIA Corporation
File Version : 6.14.11.5610
Processor : 32-bit
Crash Address : nv4_disp.dll+f3518
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini040710-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 96,399
==================================================

==================================================
Dump File : Mini040210-01.dmp
Crash Time : 4/2/2010 10:46:09 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf82090b
Parameter 3 : 0xb3f79734
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+2090b
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+2090b
Stack Address 1 : win32k.sys+12ea38
Stack Address 2 : win32k.sys+75ff6
Stack Address 3 : win32k.sys+11f6c1
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini040210-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini033110-01.dmp
Crash Time : 3/31/2010 10:09:06 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x00000cd4
Parameter 3 : 0x02030001
Parameter 4 : 0x8a86b770
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+6069a
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+6069a
Stack Address 1 : ntoskrnl.exe+7afc5
Stack Address 2 : ntoskrnl.exe+7a3e3
Stack Address 3 : btkrnl.sys+2eabf
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini033110-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini033010-01.dmp
Crash Time : 3/30/2010 4:18:43 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xe0000001
Parameter 2 : 0xf77c7925
Parameter 3 : 0xac90e334
Parameter 4 : 0x00000000
Caused By Driver : watchdog.sys
Caused By Address : watchdog.sys+925
File Description : Watchdog Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : watchdog.sys+925
Stack Address 1 : nv4_disp.dll+22e541
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini033010-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,985 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 PM

Posted 16 November 2011 - 03:24 PM

I see only three BSOD's in this report the last week. I recommend to follow the steps in my initial post so a member of the malware response team can have a look, as the cause is most likely malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 kevintsai6977

kevintsai6977
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 19 November 2011 - 06:48 PM

I tried the DDS file log thing the command prompt program launches and completes 80% then freezes there. I know my PING.exe was using a ton of memory.

#10 kevintsai6977

kevintsai6977
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 19 November 2011 - 06:58 PM

now everytime I run it keeps crashing at like 20% way through the dds scan.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,985 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 PM

Posted 20 November 2011 - 03:17 AM

Please post the logs you were able to create and make a mention in your topic that you couldn't run DDS.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 kevintsai6977

kevintsai6977
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 20 November 2011 - 05:08 PM

what if there was no log created?

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:24 AM

Posted 21 November 2011 - 01:55 AM

Create the topic, describe what happens when you try to create the logs, describe your computer problems, and include a link to this topic.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#14 kevintsai6977

kevintsai6977
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 28 November 2011 - 02:45 PM

I did I do not know if I posted in the right section but heres the link

http://www.bleepingcomputer.com/forums/topic429499.html

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,985 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 PM

Posted 28 November 2011 - 03:12 PM

I moved it to the right forum for you. :)

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users