HJT Log - (BSOD Virus)

[Justin_mathew]

Hello, I've been looking through the threads to see if any of these descriptions of malware fit mine. I have AVG anti-virus and a couple days ago it detected a trojan, I tryed to scan and remove everything but it didnt seem to take it all off. Later my sound went away and AVG detected another virus in my sound files, then I starts to get the Blue screen Of death (BSOD) pyshical memorey dump.

I tryed even to start in "safe mode" but it wont work.

I tryed trend micro housecall , wont scan b/c it corrupts the files

Everytime I download something and try to install of zip I get a corrupt file error. Even products I had before I get corrupt errors from.

My I.E. gives me error reports and shuts down every so often.

Please help, I've attached my HJT Log

Thnx Alot!

 

[BlameCanada]

The spyware thread is HERE if you want to do the whole antispyware routines,

and post the three logs.

You could do the following, first -

1.Uninstall/delete Norton,see HERE,Aol,Trend anti-spyware and anything with the

word View at the front (Viewpoint,Viewpoint.exe).

2..Download Zone Alarm or Comodo firewall.

3.Go into msconfig start up and uncheck everything except AVG and firewall..

 

[Justin_mathew]

HJT log & Combofix log

Alright, I did all of the steps I could in that thread you gave me, as I said before some of the files that I downloaded didn't work and told me It wasnt a proper win32 application or it was corrupt.

I scanned AVG Anti Spyware, nothing came up.

Here are the HJT log and Combofix log.

Let me know what you think of them thnx!

and Im still getting Blue screen of death.
the exact code is...

STOP: 0x000000C2 ( 0x00000007, 0x00000C04, 0x30000000, 0x000008 )

 

[howard_hopkinso]

Hello and welcome to Techspot.

First, run msconfig and on the general tab enable Normal Start up. Click apply/ok and reboot your system. This is so we can see exactly what`s running on your system.

Then, go HERE and follow the instructions exactly. Post the 3 requested logfiles and we`ll take it from there.

Regards Howard :wave: :wave:

This thread is for the use of Justin_mathew only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Justin_mathew]

Ok, I'll try that, but in the thread that Blame Canada gave me it told me to disable every thing execpt firewall and anti spyware. and then scan everything.

I actually just looked at the threat you gave me and it was the same one that Blame canada gave me, I went through most of the steps. Some I couldnt do because the virus wouldnt let me download specfic files. I posted my HJT and COmbo log, I guess the third one is from Anti Spyware but nothing showed up and I didnt see anylog to download on the program.

 

[Justin_mathew]

Please Help

Can anyone give me some advice?! my computer is totally messed up, I cant even start it up all the way without the blue error comming up, and almost every program i have is corrupt!!!! Can anyone lend some help

 

[howard_hopkinso]

Please post fresh HJT and Combofix logs after enabling all items in msconfig.

Also, post 5 or 6 of your latest minidumps. You should find them in the C:\windows\minidump folder.

Regards Howard

 

[Justin_mathew]

Thats the thing, i cant even start up my computer all the way without the blue error screen coming up

 

[howard_hopkinso]

Are you saying you can`t boot at all in any mode?

Regards Howard

 

[Justin_mathew]

I can boot up in safe mode, i ran the combo and highjack, but now i cant upload it to you guys cause safe mode doesnt offer internet access,

 

[howard_hopkinso]

Can you boot into safe mode with networking?

Check in the C:\windows\minidump folder and attach 5 or 6 of your latest minidumps if you can.

Regards Howard

 

[Justin_mathew]

New Logs and Dumps

K heres all the updated logs, it let me know long enough to post it all

 

[howard_hopkinso]

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

Regards Howard

This thread is for the use of Justin_mathew only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Justin_mathew]

Well it looks like the virus got to my windows files, cause Now when I start up it doesnt even get to the windows loading screen, It tells me this
"Windows could not start because the following file is missing or corrupt: <Windows root>\system32\hal.dll.
Please re-install a copy of the above file."

God this sucks

 

[hynesy]

Hi Justin,
I have found a link that may be of assistance to you, http://support.microsoft.com/kb/314477 this link discribes what you discribe and offers a couple solutions.
cheers
Hynesy

 

[Justin_mathew]

yea....

well my computer is fuxed right now >.<

 

[howard_hopkinso]

I`m sorry to hear you`re having so many problems.

Try doing a Windows Repair as per the instructions in This thread HERE.

If that doesn`t help, it might be time to consider a reformat and reinstall.

Regards Howard

 

[Justin_mathew]

reformatting

Well, I guess thats my last option. I had a Dell boot disc for Window ME, and tryed to reformat my drive and install the windows me, but after i reformatted it and it took me to the setup.exe of windows ME and it said that it was the wrong version and couldnt install.

I can get into command mode from the boot up disc, is there any command to try and clear EVERYTHING including the virus.

I burned windows vista onto a dvd-rw but it wont boot up on start up. or detects that it's vista, but I know it works cause I can run it and seems to work fine when i put it in another computer.

And when I start with my XP disc (Its an older version of my current windows) and when It boots from the CD it says there are corrupt files on the disc and couldnt start.

If theres a program I can download and burn to run like a boot program to reformatt and help install a new O.S.

 

[howard_hopkinso]

Unless you can get hold of a working Windows cd, you`re going to struggle.

The hard drive can be easily formatted using your hard drive manufacturers diagnostic tool. If you can`t find it, checkout this thread HERE.

I also suggest you run Memtest86+ to test your ram. See this thread HERE.

Regards Howard

 

[hynesy]

Also, when you buy an OEM copy of Vista it is only good for 1 use, the disk becomes useless after that. Burning a backup copy can be difficult because you need to use a DVD decryptor to crack the protection microsoft has put on the OEM software. Then when you burn it, depending on the settings you use you may or may not be able to boot it from DVD. Burning software such as Nero has the ability to add a boot image etc so you can boot it.
P.S. Only use this method of burning the DVD IF you already own a copy of the OEM edition of Vista, piracy is wrong.
cheers
Hynesy

 

[Justin_mathew]

K, I figured burning a backup wouldnt work for DVD. Well.. I'll see what I can do.

 

[Justin_mathew]

Alright well, I reformatted my drive, then re-installed windows.. but I'm still getting the corrupt files and random programs shutting down from errors..

Then I ran a MemTest i found, and for the first 3% I got up to 130+ errors, now do you think thats from the virus that I had, or my memory is just shot and I need to buy new RAM to fix the problem?

Okie dokie, heres the logs you asked for. I ran these in safe mode.

 

[howard_hopkinso]

It seems to me you`ve found the culprit. I.E faulty ram.

Replace the ram and see if that solves your problem.

Is your HJT log from before or after you reformatted?

Regards Howard

 

[Justin_mathew]

So...

Yea that log was after I reformatted the computer, and reinstalled HJT and avenger. And Im not really sure what u mean by culprit ram. I dont know what my brother was thinking but when he installed the ram, he but 4x256 ram to equal 1g. So If i but new ram everything should be fine? Cause I was thinking of getting knew Ram anyway


and thnx so much for all the information to help my computer

 

[howard_hopkinso]

You should test each stick of ram individually in order to find out which stick or sticks of ram are faulty.

Regards Howard