Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD all the time.


  • This topic is locked This topic is locked
6 replies to this topic

#1 404

404

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 06 October 2012 - 12:16 AM

FRESH install of Windows 7.
HP G-60 computer.

it is always showing a BSOD. open internet, crashes. play a game, BSOD shows..you get the idea.
Driving me crazy.

Here is combo fix report. i had the insight to run CC cleaner and seemed to wipe dump logs :( (i clicked EVERY option)
even worse, all icons on desktop now say ''illegal operation attempted on Registrey Key that has been marked for deletion

soo here is my combofix log.. help much appreciated!

ComboFix 12-10-04.02 - Virus Free! 10/05/2012 21:50:51.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2814.2238 [GMT -7:00]
Running from: c:\users\Virus Free!\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 04:54 . 2012-10-06 04:54 -------- d-----w- c:\users\Virus Free!\AppData\Local\temp
2012-10-06 04:54 . 2012-10-06 04:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 18:44 . 2012-10-04 18:44 -------- d-----w- c:\program files\CCleaner
2012-10-04 18:36 . 2012-10-04 18:36 -------- d-----w- c:\program files\NirSoft
2012-10-03 01:01 . 2012-10-03 01:02 -------- d-----w- c:\users\Virus Free!\AppData\Local\Microsoft Games
2012-09-13 06:53 . 2012-09-13 06:55 -------- d-----w- c:\users\Virus Free!\System.12
2012-09-13 06:49 . 2012-09-13 06:49 -------- d-----w- c:\users\Virus Free!\AppData\Local\Macromedia
2012-09-13 06:44 . 2012-09-13 06:44 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-13 06:44 . 2012-09-13 06:44 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-13 06:44 . 2012-09-13 06:44 -------- d-----w- c:\windows\system32\Macromed
2012-09-13 04:27 . 2012-09-13 04:27 -------- d-----w- c:\users\Virus Free!\AppData\Local\Mozilla
2012-09-13 04:27 . 2012-10-06 04:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-13 04:07 . 2012-09-13 04:07 -------- d-----w- c:\program files\Microsoft Silverlight
2012-09-12 07:34 . 2012-09-12 07:34 -------- d-----w- c:\windows\system32\nn-NO
2012-09-12 07:34 . 2008-04-27 18:07 909824 ----a-w- c:\windows\system32\drivers\athr.sys
2012-09-12 07:34 . 2008-04-22 12:13 376832 ----a-w- c:\windows\system32\S64CPA.exe
2012-09-12 07:34 . 2008-04-22 12:13 53248 ----a-w- c:\windows\system32\athihvui.dll
2012-09-12 07:34 . 2008-04-22 12:12 393216 ----a-w- c:\windows\system32\athihvs.dll
2012-09-12 07:33 . 2012-09-13 04:07 -------- d-sh--w- c:\windows\Installer
2012-09-12 07:33 . 2012-09-12 07:34 -------- d-----w- c:\program files\Atheros
2012-09-12 07:33 . 2012-09-12 07:33 -------- d-----w- c:\program files\Cisco
2012-09-12 07:33 . 2012-09-12 07:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-09-12 07:33 . 2012-09-12 07:33 -------- d-----w- c:\programdata\Atheros
2012-09-12 07:24 . 2012-09-12 07:24 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-09-12 07:24 . 2012-09-12 07:24 -------- d-----w- c:\program files\Broadcom
2012-09-12 07:24 . 2012-09-12 07:24 -------- d-----w- c:\users\Virus Free!\AppData\Roaming\InstallShield
2012-09-12 07:23 . 2012-09-12 07:33 -------- d-----w- C:\SWSETUP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-06 04:10 . 2012-09-13 04:27 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KXTCIUOB
*Deregistered* - kxtciuob
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 06:44]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Virus Free!\AppData\Roaming\Mozilla\Firefox\Profiles\d1gnw0my.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-05 21:54
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-10-05 21:55:46
ComboFix-quarantined-files.txt 2012-10-06 04:55
.
Pre-Run: 143,156,826,112 bytes free
Post-Run: 143,106,670,592 bytes free
.
- - End Of File - - A124BB3CC5AFE1772F0BD3747640A133


Edited by Orange Blossom, 06 October 2012 - 07:58 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:59 AM

Posted 06 October 2012 - 06:52 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 404

404
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 06 October 2012 - 09:41 PM

ok thank you!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:59 AM

Posted 07 October 2012 - 03:38 PM

all icons on desktop now say ''illegal operation attempted on Registrey Key that has been marked for deletion


This is why Combofix should not be run unaided. This above message can be removed by rebooting your machine.

After that please tell me why you believe that the crashing is connected to malware.
Posted Image
m0le is a proud member of UNITE

#5 404

404
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 07 October 2012 - 03:54 PM

first let me correct myself. this is Windows Vista Home Premium not windows 7.

i dont think its mall ware. its a fresh install. i think the drivers are misconfigured, or something needs a update. the computer crashes, and shows a blue screen of death all the time.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:59 AM

Posted 07 October 2012 - 04:04 PM

This problem is then in the wrong forum, 404.

Please post a topic in the Vista forum here and I will close this topic in five days.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:59 AM

Posted 12 October 2012 - 07:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users