I was hit by a virus a few days ago and I believe it has infected my drivers. I'm getting constant BSODs (Windows 7 x64) and I thought I had the virus all removed so I started a thread in another subforum, here https://www.techspot.com/vb/topic160778.html
It seems like it's not eliminated though so I was told to post here.
At this point I have cleaned up the virus with multiple programs and then did a full restore of my Windows partition (from a backup from a few months ago). The problem still persists though. The only way I can do anything now is from BartPE, a "live"/bootable version of XP.
Last night I ran GMER and it gave some hits:
type: .text
name: ntkrnlmp.exe!KelinitializeInterrupt + B67
value: 8040623C 1 Byte [06]
type: Device
name: \Driver\ACPI_HAL\Device\.00000003
value: halaacpi.dll
then it listed about 100+ jpegs that i'm pretty sure are false positives. (i can check but they're all 24x24 and if there were anything injected into them the filesize difference would be apparent.)
i'm not sure what to do about these two hits. i don't even know if this driver for instance is even on my harddrive or if it's a false positive found on the BartPE cd or running in memory. it doesn't list a location and BartPE would have it's own drivers just running in memory (if I'm not mistaken). I assume gmer writes a log but that since i ran it from a CDR it was unable to.
In the other thread I also posted details on the BSODs and other things.
Any help is greatly appreciated.
It seems like it's not eliminated though so I was told to post here.
At this point I have cleaned up the virus with multiple programs and then did a full restore of my Windows partition (from a backup from a few months ago). The problem still persists though. The only way I can do anything now is from BartPE, a "live"/bootable version of XP.
Last night I ran GMER and it gave some hits:
type: .text
name: ntkrnlmp.exe!KelinitializeInterrupt + B67
value: 8040623C 1 Byte [06]
type: Device
name: \Driver\ACPI_HAL\Device\.00000003
value: halaacpi.dll
then it listed about 100+ jpegs that i'm pretty sure are false positives. (i can check but they're all 24x24 and if there were anything injected into them the filesize difference would be apparent.)
i'm not sure what to do about these two hits. i don't even know if this driver for instance is even on my harddrive or if it's a false positive found on the BartPE cd or running in memory. it doesn't list a location and BartPE would have it's own drivers just running in memory (if I'm not mistaken). I assume gmer writes a log but that since i ran it from a CDR it was unable to.
In the other thread I also posted details on the BSODs and other things.
Any help is greatly appreciated.