Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screen + Blocked from Google


  • This topic is locked This topic is locked
2 replies to this topic

#1 silan

silan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 18 March 2013 - 04:53 PM

Hey I have recently had a problem with not being able to connect to google for a long time. I had malware bytes anti virus and many viruses were showing up so I did a quick format and reinstalled my windows 7 from scratch. The next day I started getting blue screens. I reformatted again this time without plugging in my external hdd which had alot of data backed up and i still got a blue screen that said BAD_POOL. The computer does start up fine, runs well but after a while i keep getting the blue screen. Also the google problem still happens even after a fresh install with no programs installed or even if i download absolutely nothing.

 

I am posting this from another computer

 

DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385
Run by Silan at 17:33:34 on 2013-03-18
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.2.1033.18.3326.2553 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{6B06B587-36B2-4A24-B638-79445247ACBD} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\silan\appdata\roaming\mozilla\firefox\profiles\y9rh56ct.default\
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-18 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-18 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-18 21104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2013-03-19 00:46:10    --------    d-----w-    c:\windows\Panther
2013-03-18 21:24:11    --------    d-----w-    c:\users\silan\appdata\roaming\Malwarebytes
2013-03-18 21:24:05    --------    d-----w-    c:\programdata\Malwarebytes
2013-03-18 21:24:04    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-18 21:24:04    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-03-18 21:23:55    --------    d-----w-    c:\users\silan\appdata\local\Programs
2013-03-18 21:21:29    --------    d-----w-    c:\users\silan\appdata\roaming\uTorrent
2013-03-18 21:17:11    --------    d-----w-    c:\windows\system32\wbem\Performance
2013-03-18 21:11:13    --------    d-sh--w-    C:\Recovery
.
==================== Find3M  ====================
.
.
============= FINISH: 17:33:57.76 ===============
 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:48 AM

Posted 19 March 2013 - 06:26 PM

Good evening. :)

This part of the site is for PC infections and given that you have formatted and reinstalled Windows it is unlikely (but not impossible) that this is the cause of your problems. I want you to do the following:

 

Click the "Windows" icon in the bottom left hand corner.
Select Control Panel.
Select System.
Select Advanced system settings on the left hand side.
If not already selected, click the Advanced Tab and under Startup and Recovery click the Settings... button.
Under System failure ensure that Automatic restart is unchecked.

Under Write debugging information ensure that Small memory dump (56KB) is selected.
The location of this dump file should be listed underneath - mine is %SystemRoot%\Minidump.

 

Uncheck the box next to Overwrite any existing file if it is checked.


Click OK to close any open windows that are left.

I want you to use the PC until it crashes again. The blue screen should remain and there should be some information at the bottom, under Technical information:.  Please copy that down before you reboot the PC
Also, take a look for the dump file that should have been written to the location above - in my case this is C:\Windows\Minidump.  Create a zipped(compressed) folder and copy and paste the .dmp file(s) that you find - please copy no more than ten, and they should be the most recent, if there should be any more than that.

 

Finally, start a new thread in this forum. Include a brief description of your problem, any information you gleaned from the blue screen, and attach the zipped folder containing the .dmp files, and somebody will be along to help as soon as they can. Will you also add a link to this post so that the person helping you will be able to review the DDS log you have posted.


So long, and thanks for all the fish.

 

 


#3 silan

silan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 19 March 2013 - 06:58 PM

I looked around the forums and noticed a topic very similar to mine. From what I was reading, it was a rootkit that was not being found by any anti spyware on my computer. It would install a proxy server which would block my access to google. To the best of my knowledge it was a virus/ rootkit which would use my internet connection to further corrupt my computer which resulted in the blue screens. I never once formatted my computer without an active internet connection so this time I unplugged the computer and tried it. After the fresh format  I downloaded TDSSkiller.exe and malwarebytes on another computer which I then transfered from a usb stick. I ran TDSSkiller.exe which finally found the rootkit which was installing the proxy server and  then ran malwarebytes which then removed two more rootkits and completely stopped the problem and let me know to googles servers.

 

Problem solved thank you for your support guys.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users