Multiple BSOD after virus

By brodie ยท 21 replies
Feb 13, 2009
  1. Hi,

    I was told to create a thread here after explaining my problems in the BSOD Help & Support forum. I'll just copy and paste what I said:

    The past few weeks my computer has been either randomly restarting itself, completing freezing in which case I am forced to shut it down or coming up with the blue screen of death.

    There have been four different BSOD messages pop up, sometimes with different codes though. More commonly I've been getting
    STOP: 0x0000000D1 (0xEE1E5D00, 0x00000002, 0x00000000, 0xEE1E5000)

    Then I received this one last week:
    STOP: 0x00000050 (0x840FE84D, 0x00000001, 0x804E8F42, 0x00000000)

    And just yesterday morning, when I first turned the computer on, after logging on this one came up:
    STOP: 0x0000000A, 0x000F7F38, 0x00000001, 0x00000000, 0x804E70DD)

    So I restarted it, clicked my login name, then when I came back another BSOD popped up:
    STOP: 0x00000019 (0x00000020, 0x81031108,0x81D31190, 0x0A110005)

    I ran memtest a week ago but it came up with no errors. This all started happening not long after I had a virus on my computer. Every time I clicked a link on google, it would redirect me to some other website completely unrelated. I managed to find out it was some virus a lot of people were having at the time and followed some of their advice. One of which told me to delete a file called 'wdmaud.sys" which it was apparently attacking. I did so, but then reinstalled a hotfix from microsoft with that in it later on when the problems started as I thought maybe I shouldn't have deleted it.

    I've also tried system restore, which didn't work. After a virus scan with AVG, I found that there were two trojan horses in the system restore files, I healed them but haven't tried rolling back the system again because I didn't know whether it would make it worse. I also found a "TrojanNewDot" in SuperAntiSpyware and also two Adware tracking cookies, which I quarantined and removed.

    With the attached hijackthis log... someone told me there were infection remains from looking at this, but I don't know what to do. Can anyone tell me which to select and then 'fix checked'? Could this possibly be what is causing my problems?

    Also, I tried running a SuperAntiSpyware and Malwarebytes scan today, but the computer kept restarting part way through so I couldn't finish it. I'm attaching the logs from a scan I did about a week ago... I don't know if that's a problem, but I'll keep trying to run a full scan and see if it manages to do so without restarting.

    I don't have the actual Windows XP disc, but I do have an NEC Windows recovery disc... would reinstalling Windows fix the problem? If anyone has any suggestions to help fix this, I would really appreciate it.

    Sorry for typing so much, I wasn't sure how much information to give. I don't know what computer specs you need.... I'm running Windows XP (Home edition), about 40 GB harddrive and 256MB RAM. If you need anything else, I am more than happy to provide what I can.

  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Re-installing (ie running your recovery disc and totally wiping the drive and all data) Would certainly eliminate your present software

    So if you want to do that, let us know now. ;)

    But presently you have AVG8 installed, and your Malwarebytes was not updated, before scanning :(

    I would suggest that you:

    Uninstall your AVG Antivirus
    Then run the removal tool
    Here is the 32Bit version (most users):
    Here is the 64Bit version:

    Run Startup Control Panel and remove any not required startups: (should be most!)

    Install the much better Avira free AntiVirus

    Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
    You need to run this multiple times, until all hidden Malwares are uncovered and removed
  3. brodie

    brodie TS Rookie Topic Starter Posts: 35

    Thanks for the response. No, I don't particularly 'want' to reinstall windows, but I am prepared to do so as a last result if nothing else works!

    I followed what you said... I updated Malwarebytes, then tried running a scan a few times but the computer kept restarting so I have not yet been able to run a full scan. I'm still working on that! I uninstalled/removed AVG and installed Avira, when I scanned with that for some reason the computer played nice. The first scan resulted in EXP/ASF.GetCodec.Gen being found, so I quarantined it. Then I ran the rootkit search, afterward it asked me if I wanted to scan a partition or something. I did and it came up with 33 warnings.

    I'll have to try Malwarebytes again tomorrow as I'm heading off to bed soon and don't like leaving the computer turned on overnight. I'll also see if that virus Avira found and quarantined might have had something to do with it, as the computer likes to have these problems more specifically just after I start up in the morning.

    Anyway, thanks so much for your help, I really appreciate it!
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    That's ok :)

    Also it was AVG that caused the restarts
    And the found Virus\Malwares from Avira, tells me you definitely need to run a full scan with this. Then do another Malwarebytes (updated first) full scan

    You're getting there :grinthumb But you just have to sleep for the moment :zzz:
  5. brodie

    brodie TS Rookie Topic Starter Posts: 35

    Okie dokie. So when I started up the computer again this morning, firstly after logging in it came up with a plain blue screen then said "Out of Range" and the dimensions of the monitor. I couldn't do anything, so had to manually restart. After that it froze at login, then restarted twice during bootup, froze completely after 30 minutes and I think the last one was the Driver_irql blue screen. Apparently my computer does not like waking up in the mornings!

    I ran a full scan with Avira last night, but it only took an hour or so... with AVG it usually took 6 long hours. I'll run another Avira scan in a minute. I just finished running a full Malware scan (I updated first) but it didn't find anything. I'm beginning to not like technology lol.

    Also, I liked in the Event Viewer from the Control Panel and there seems to be at least one or more Error's pop up daily... I'm not sure if they correspond with the times that the computer messes up though.
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Please also run CheckDisk, on your C drive
    (Just the CheckDisk part is required)
  7. brodie

    brodie TS Rookie Topic Starter Posts: 35

    I just ran it and it popped up saying "Disk check complete" but nothing about any errors found or anything. Sorry if this is turning into a bother!
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Did Avira find any Viruses?
    By the way, I'm assuming Malwarebytes was fully updated, full scan completed, and nothing found

    Also it may be time to provide a fresh HJT scan log as an attachment
  9. brodie

    brodie TS Rookie Topic Starter Posts: 35

    I had to start the Avira scan again because it froze. So far it's found one warning, but no detections as yet. Yes, I updated Malwarebytes before scanning and clicked the full system scan and nothing found. I'll attach the log for that along with the hijack this.
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Good job :grinthumb

    Please run a scan only with HJT, and tick the following entries (all listed here by me)
    Close any Internet Browsers (like Internet Explorer or Firefox) Then select FIX

    Also un-install Ad-aware, I feel it may be stopping changes made, seeming it starts with Windows as a service


    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
    ComboFix will also restart your computer (eventually) and then (eventually) create a log

    Save this log file to be attached to a new reply
    Restart back to Normal mode, and attach the Combofix log

    Also do another scan with HJT (scan and log file) and attach this to a new reply as well

    I'd say, you'd just about be clean by then ;)
  11. brodie

    brodie TS Rookie Topic Starter Posts: 35

    Okay, I've done everything you said to. The combofix and hijack this logs are attached. I selected all the entries you mentioned and clicked "fix checked" but looking at the new log, the "O23 - Service: DeepSight Extractor Service" is still there... so I don't know what that means.

    But so far so good, no shut downs, bsod or restarts. I'll see how it goes tomorrow morning as that is usually when my problems tend to start. I'll let you know what happens.

    Edit: I just tried running a SuperAniSpyware scan, which was going fine until the computer froze completely. I don't know whether it helps to know, but it froze while scanning "C:\DRIVERS\RTM.EXE". I'll run the Avira scan again as I never finished that due to restarting with combofix.
  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Yes all good :)

    Place another tick against these two as well: (browser can be left open)
    Clear system restore points

    • Clear your existing system restore points and establish a new clean restore point:
      • Go to Start > All Programs > Accessories > System Tools > System Restore
      • Select Create a restore point, and Ok it.
      • Next, go to Start > Run and type in cleanmgr
      • Select the More options tab
      • Choose the option to clean up system restore and OK it.
      This will remove all restore points except the new one you just created.


    Tell me how it seems to be running :)
  13. brodie

    brodie TS Rookie Topic Starter Posts: 35

    I fixed those two in hijack this and did as you said regarding the system restore. It restarted fine... so I did another hijack this scan and that O23 is back yet again.

    Is it supposed to be such a persistent little bug? Regardless, things are running fine so far... if anything goes wrong, I'll let you know :)
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Hmm, I now see what you mean
    Please click on Start->Run-> services.msc
    Maximize the Services Window that opens

    Locate DeepSight Extractor, and double click on it
    Change the Startup to Disabled (instead of Automatic)
    Apply->Ok and then exit Services Window

    Then fix the quoted entry in HJT scan again
    Then restart

    Is it finally gone?
  15. brodie

    brodie TS Rookie Topic Starter Posts: 35

    Ahh, you are a genius! :) After I disabled it, it was gone from HJT, so there wasn't anything for me to select. I restarted, ran the scan again and it's still gone. The only thing that has returned is the Proxy Override entry.

    Thank you very much all your helpful posts! So far so good with the computer, fingers crossed this has fixed it. If it screws up again, I'll let you know.
  16. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

  17. brodie

    brodie TS Rookie Topic Starter Posts: 35

    I just did that, ran HJT and the entry hasn't returned. And I've got to say, my computer seems to be running better after all of this... starting up usually took at least ten minutes before it was ready to use, now it's only a couple of minutes. Definitely a plus! I would never have known to do all of this on my own, so really, thanks so much again :)
  18. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Clear & Reset System Restore's Cache

    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

    Oh and thanks for all your good feedback :grinthumb

    I'm thinking, all fixed :)
  19. brodie

    brodie TS Rookie Topic Starter Posts: 35

    Done and dusted! Hopefully I never have to look at those scary blue screens again lol

    That's no problem. I've posted my problem on a few other forums weeks ago but nobody responded (which I can understand as they probably get snowed under with requests), but you've been more than helpful on here, which I'm grateful for. Anyway, I'm heading off to bed and I think my computer needs a rest after all the health checks today. So goodnight! (or morning, whatever time it is for you). I'm feeling confident things will be fine on start up tomorrow :)
  20. brodie

    brodie TS Rookie Topic Starter Posts: 35

    Sorry, I'm back again :( I haven't seen any BSOD's this morning, it hasn't restarted or shut down (huge relief) but the computer has frozen twice. Once it shut down firefox, then when I did alt+ctrl+del to see if it was running in the background, it froze. Then it froze again while I was updating Avira. I looked in the Event Viewer and there was an Error corresponding with the times it froze:

    Event ID: 7000. The helpsvc service failed to start due to the following error:
    The system cannot find the file specified.

    So I tried going to services.msc, clicked 'start' this service and it popped up saying this: Could not start helpsvc on Local Computer. Error 2: The system cannot find the file specified.

    Edit: I just came back to the computer after leaving it for a while and was greeted with a BSOD. There weren't any 'driver_irql" or "bad_pool_header" names like that, it just said to check to make sure you have adequate disk space. If a driver is identified in the stop message, disable, etc. Try changing video adapters. Disable BIOS memory options (caching, shadowing), etc.
    The stop code was: STOP: 0x0000008E (0xC0000005, 0x00000000, 0xF3174B3C, 0x00000000)

    I've attached a new HJT log. But seeing as I've done all that cleaning the system yesterday, it might not be a virus problem? So if you want me to create a thread in a different section, that's not a problem.
  21. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

  22. brodie

    brodie TS Rookie Topic Starter Posts: 35

    I haven't tested the drivers yet, but I'm running the memtest at the moment on the computer (I'm using my other computer to type this). I ran a memtest86 (not 86+) last week and it came up with no errors... but this one has found 1817600 errors....I was worried just one would come up! I take it this isn't a good sign? And I'm guessing my RAM probably needs replacing... I let it run for 10 passes as it was still climbing in number at 7. I have a couple of things to do, so I'll see if there are any drivers that need updating shortly.

    Edit: Call me dense, but I'm not sure what drivers I have from that list in the topic you linked... I have an NEC Powermate computer and I know there's some Realtek, SiS... and I have no idea what else.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...