Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I might have a Rootkit


  • This topic is locked This topic is locked
78 replies to this topic

#16 docfxit

docfxit
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 23 May 2017 - 12:31 PM

I ran the fix.  I attempted to boot to Win7.  It booted to a BSOD Stop 0x0000007B

 

Attached File  Fixlog.txt   5.32KB   7 downloads

 

A couple of:

BCDEDIT /ADD {bootmgr} displayorder {default}

BCDEDIT /ADD {bootmgr} toolsdisplayorder {memdiag}

Didn't process correctly.

 

I think you may have wanted something like this:

bcdedit.exe /displayorder {default}

bcdedit.exe /toolsdisplayorder {memdiag}

 

Thank you very much for working on this for me,

 

Docfxit

 

PS:  I did not process those commands.  I leave the work to you.



BC AdBot (Login to Remove)

 


#17 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:43 PM

Posted 23 May 2017 - 02:50 PM

Lets try this fix.

  • Download the enclosed file. Save it in the same location FRST is saved
  • Run FRST as you did before and click on the Fix button
  • It should produce a log in the same location FRST is saved, Fixlog.txt.
  • Please post it in your next reply

Attempt to boot to Windows 7.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#18 docfxit

docfxit
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 23 May 2017 - 06:01 PM

Here is the latest:

 

Attached File  Fixlog.txt   9.21KB   9 downloads

 

When I boot up to the Win7 CD it is repairing both Win7 and XP.

I think it's causing problems when it repairs XP.

If you like I can hide the XP partition until after you get Win7 working.

 

Thanks a bunch,

 

Docfxit



#19 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:43 PM

Posted 23 May 2017 - 06:52 PM

Removing that disk will be a good idea. What's the error message when you boot to Windows 7?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#20 docfxit

docfxit
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 23 May 2017 - 10:29 PM

When I boot to Win7 this is what I get.

 

Attached File  0x7b (Custom).jpg   84.51KB   0 downloads

 

Thanks,

 

Docfxit



#21 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:43 PM

Posted 24 May 2017 - 01:31 PM

Attempt to boot in Safe Mode.

 

Start Windows 7 in Safe mode
  1. Immediately after the computer is powered on or restarted (usually after you hear your computer beep), tap the F8 key in 1 second intervals.
  2. After your computer displays hardware information and runs a memory test, the Advanced Boot Options menu will appear.
  3. Use the arrow keys to select Safe Mode  and press ENTER.

Let me know if Safe mode is possible.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#22 docfxit

docfxit
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 24 May 2017 - 11:32 PM

Let me know if Safe mode is possible.

 

Safemode is giving me the same 0x7b BSOD as normal mode.

 

Docfxit



#23 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:43 PM

Posted 25 May 2017 - 09:27 AM

Re-scan with FRST. This time around put a check mark under Drivers MD5 and post the new log.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#24 docfxit

docfxit
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 25 May 2017 - 11:25 AM

Re-scan with FRST. This time around put a check mark under Drivers MD5 and post the new log.

This is the log:

Attached File  FRST.txt   37.02KB   9 downloads

 

When I boot up to the recovery console this is the results:

    Problem signature:
  Problem Event Name:    StartupRepairOffline
  Problem Signature 01:    6.1.7600.16385
  Problem Signature 02:    6.1.7600.16385
  Problem Signature 03:    unknown
  Problem Signature 04:    21200562
  Problem Signature 05:    ExternalMedia
  Problem Signature 06:    7
  Problem Signature 07:    FailureDuringSetup
  OS Version:    6.1.7601.2.1.0.256.1
  Locale ID:    1033

 

I don't know if it would be interesting to you.  After I started getting the BSOD 0x7b one of the solutions was to create a security partition with nothing in it, Make it active and let Windows create new boot up files.

Before that I didn't have the security partition.

 

Thanks for working on this.

 

Docfxit



#25 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:43 PM

Posted 25 May 2017 - 12:21 PM

Re-scan with FRST. This time around put a check mark under Drivers MD5 and post the new log.

This is the log:
attachicon.gifFRST.txt
 
When I boot up to the recovery console this is the results:
    Problem signature:
  Problem Event Name:    StartupRepairOffline
  Problem Signature 01:    6.1.7600.16385
  Problem Signature 02:    6.1.7600.16385
  Problem Signature 03:    unknown
  Problem Signature 04:    21200562
  Problem Signature 05:    ExternalMedia
  Problem Signature 06:    7
  Problem Signature 07:    FailureDuringSetup
  OS Version:    6.1.7601.2.1.0.256.1
  Locale ID:    1033
 
I don't know if it would be interesting to you.  After I started getting the BSOD 0x7b one of the solutions was to create a security partition with nothing in it, Make it active and let Windows create new boot up files.
Before that I didn't have the security partition.
 
Thanks for working on this.
 
Docfxit

Where you hear that?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#26 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:43 PM

Posted 25 May 2017 - 12:29 PM

Please download Listparts to a flash drive.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flashdrive into the infected PC.

From an Off position in the computer, enter the System Recovery Options. (You must restart the computer)

To enter the System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Put check mark on List BCD.
  • Press Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#27 docfxit

docfxit
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 25 May 2017 - 02:30 PM

 

Where you hear that?

 

 

I can't find it at the moment.  If you like I can mark Win7 active and hide the security partition (to make it back to original)

There are definitely different files in the boot folder between the security partition and Win7.



#28 docfxit

docfxit
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 25 May 2017 - 02:32 PM

Here is the output from ListParts.exe

 

Attached File  Result.txt   5.76KB   13 downloads

 

Thank you,

 

Docfxit



#29 docfxit

docfxit
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 25 May 2017 - 02:36 PM

According to this link:

https://blogs.technet.microsoft.com/asksbs/2008/03/29/how-to-troubleshoot-the-stop-error-0x0000007b/

 

When the second parameter on the BSOD 0x7b is:

0xc0000034 This status code translates to STATUS_OBJECT_NAME_NOT_FOUND. This is the most common status code and is usually caused by a missing or corrupt driver.

 

Do you know how to:

1. Update the driver?

Or

2. Copy the driver files from a good booting Win7.  (I have one.)

 

The drive is an Intel SSDSC2CW240A3 SSD.

 

Thank you,

 

Docfxit


Edited by docfxit, 25 May 2017 - 03:21 PM.


#30 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:43 PM

Posted 25 May 2017 - 03:43 PM

Download the enclosed file:
 
Save it in the same location Listparts is saved (USB drive).

  • From an Off position (You must run this fix after turning the computer Off, that is very important,) run ListParts as you did before, except that.
  • This time around Press the Fix button and wait.
  • When it is done close the notification pop up. Click Scan, then copy and paste the log (Result.txt) it will produce on your next reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users