TechSpot

8 Steps malware removal, BSOD

By Bordin
Mar 23, 2011
  1. Hi.

    I have been having a recurrent BSOD when logging on windows since a few days ago. It started when I tried to run a software, which I downloaded from internet. I can only log on Safe Mode. My notebook is a Dell Studio 1458, running on Windows 7 Home Premium x64. It is running extremely slow, and when I checked properties with the right click on computer, my windows didn't show any registration.

    Here it is the logs of the steps:
    -------------------------------------------------------------------------
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database Version: 5363

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    23/03/2011 19:24:31
    mbam-log-2011-03-23 ​​(19-24-31). txt

    Scan type: Quick Scan
    Objects scanned: 171710
    Elapsed time: 1 minute (s), 5 second (s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values ​​Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Infected Files: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values ​​Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Infected Files:
    (No malicious items detected)
    ------------------------------------------------------
    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-03-23 19:43:57
    Windows 6.1.7600
    Running: 1gui2ne2.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4ce7d9e3
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4ce7d9e3 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
    -------------------------------------------------------------------------
    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64 MINIMAL
    Run by Fernando at 19:46:27,17 on 23/03/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.6005.5368 [GMT -3:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~2\McAfee\MSC\McOEMMGr.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\mcafee.com\agent\mcagent.exe
    C:\Users\Fernando\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    uRun: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    uRunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
    uRunOnce: [DellWelcome] C:\Program Files (x86)\Dell\Dell Welcome\welcome.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Fernando\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    mRun-x64: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
    mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2010-10-28 55280]
    R0 stdflt;Disk Filter Driver for Accelerometer;C:\WINDOWS\System32\drivers\stdflt.sys [2010-10-28 18792]
    R3 Acceler;Accelerometer Service;C:\WINDOWS\System32\drivers\Acceler.sys [2010-10-29 23912]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\WINDOWS\System32\drivers\HECIx64.sys [2010-10-29 56344]
    S1 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2010-10-28 307400]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\WINDOWS\System32\drivers\vwififlt.sys [2009-7-13 59904]
    S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/28 21:04:16];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-10-28 146928]
    S2 0215691288308136mcinstcleanup;McAfee Application Installer Cleanup (0215691288308136);C:\Users\ADMINI~1\AppData\Local\Temp\021569~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Users\ADMINI~1\AppData\Local\Temp\021569~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-29 92160]
    S2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2010-10-29 202752]
    S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    S2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-10-28 60928]
    S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe [2010-10-28 155456]
    S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-28 673088]
    S2 TurboB;Turbo Boost UI Monitor driver;C:\WINDOWS\System32\drivers\TurboB.sys [2009-11-2 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-28 2320920]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\WINDOWS\System32\drivers\btwl2cap.sys [2010-10-28 35104]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\System32\drivers\CtClsFlt.sys [2010-10-28 172704]
    S3 Impcd;Impcd;C:\WINDOWS\System32\drivers\Impcd.sys [2010-10-29 151040]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2010-10-29 320040]
    S3 McSysmon;McAfee SystemGuards;C:\Program Files (x86)\McAfee\VIRUSS~1\mcsysmon.exe [2010-10-28 606736]
    S3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2010-10-28 102600]
    S3 mfebopk;McAfee Inc. mfebopk;C:\WINDOWS\System32\drivers\mfebopk.sys [2010-10-28 41032]
    S3 mferkdk;McAfee Inc. mferkdk;C:\WINDOWS\System32\drivers\mferkdk.sys [2010-10-28 40904]
    S3 mfesmfk;McAfee Inc. mfesmfk;C:\WINDOWS\System32\drivers\mfesmfk.sys [2010-10-28 49480]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
    S3 NETw5s64;Driver do adaptador Intel(R) Wireless WiFi Link para Windows 7 64 bits;C:\WINDOWS\System32\drivers\NETw5s64.sys [2010-10-29 6952960]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2010-10-29 220672]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\WINDOWS\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S4 McProxy;McAfee Proxy Service;C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe [2010-10-28 359952]
    .
    =============== Created Last 30 ================
    .
    2011-03-23 22:23:07 -------- d-----w- C:\Users\Fernando\AppData\Roaming\Malwarebytes
    2011-03-23 22:21:56 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-23 22:21:56 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-23 22:21:53 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-23 22:21:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-20 22:36:52 -------- d-----w- C:\Users\Fernando\AppData\Local\SupportSoft
    2011-03-20 14:29:07 29696 ----a-r- C:\Windows\System32\drivers\ewdcsc.sys
    2011-03-20 14:29:07 112512 ----a-r- C:\Windows\System32\drivers\ewusbmdm.sys
    2011-03-20 14:28:53 -------- d-----w- C:\Program Files (x86)\Claro
    2011-03-20 04:07:15 -------- d-----w- C:\Users\Fernando\AppData\Roaming\Intel
    2011-03-20 03:55:29 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-03-20 03:55:26 -------- d-----w- C:\Users\Fernando\AppData\Local\VirtualStore
    2011-03-20 03:40:47 -------- d-sh--we C:\Program Files\Common Files\Sistema
    2011-03-20 03:40:47 -------- d-sh--we C:\Program Files\Arquivos Comuns
    2011-03-20 03:40:47 -------- d-sh--we C:\PROGRA~3\Modelos
    2011-03-20 03:40:47 -------- d-sh--we C:\PROGRA~3\Menu Iniciar
    2011-03-20 03:40:47 -------- d-sh--we C:\PROGRA~3\Favoritos
    2011-03-20 03:40:47 -------- d-sh--we C:\PROGRA~3\Documentos
    2011-03-20 03:40:47 -------- d-sh--we C:\PROGRA~3\Dados de aplicativos
    2011-03-20 02:35:18 -------- d-----w- C:\Emergency
    2011-03-20 02:21:23 -------- d-----w- C:\Windows\SMINST
    .
    ==================== Find3M ====================
    .
    2011-03-20 13:44:26 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
    2011-03-20 04:34:51 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
    2011-03-20 04:34:51 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
    .
    ============= FINISH: 19:46:52,38 ===============
    ---------------------------------------------------------------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 28/10/2010 21:25:33
    System Uptime: 23/03/2011 18:48:15 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0VF0FR
    Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz | CPU 1 | 2394/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 457 GiB total, 407,413 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Accelerometer
    Adobe Flash Player 10 Plugin
    Advanced Audio FX Engine
    Assistente de Conexão do Windows Live
    ATI Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center (Software de Suporte)
    Dell Webcam Central
    Ferramenta de Carregamento do Windows Live
    GoToAssist 8.0.0.514
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    Live! Cam Avatar Creator
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    Microsoft Choice Guard
    Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MSVCRT
    Pacote de Compatibilidade para o sistema Office 2007
    PowerDVD DX
    Realtek High Definition Audio Driver
    Roxio Burn
    Skins
    Skype Toolbars
    Skype™ 4.2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Galeria de Fotos
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Writer
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help you with possible malware first, but this may or may not be related to the BSOD. I am going to need more information, so please run the following:
    (You will have to download to a flash drive, then install it on the problem computer.)

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode.
    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    3. Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.pif
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    Rkill instructions
    *************************************
    Once you've gotten one of them to run, immediately run

    yourname.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    If you are able to copy the message given with the BSOD, that would be helpful.
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. Bordin

    Bordin TS Rookie Topic Starter

    Hello,

    Well, I cannot seem to run combo fix nor none of the Rkill. As I click on it, I get an BSOD, the same one that I always have. STOP: 0x0000000A IRQL_NOT_LESS_or_EQUAL. Should I try to run the exeHelper by Raktor?
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please go through Sections 4 through 7 HERE and see if you can troubleshoot this error:

    If you can resolve it, then go ahead and try the scans. If you cannot resolve the error, I'm going to have to go to the BSOD forum where you can run minidumps and look for the specific drivers causing the problem. I don't do minidumps.

    Let me know.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...