BSOD cannot boot in regular or safe mode

[barkeep68]

The BSOD states:
A problem has been detected and windows has been shut down to prevent damage to your computer.
Tech Info:
STOP: 0x0000007B (0xF789E524, 0xC0000034, 0x00000000, 0x00000000)

I had a number of infections that spybot and malwaybytes found and fixed, McAfee didn't find anything. I kept looking around for some of my same issues that still persisted, all files hidden, administrator tools empty, cannot run a system restore. I came across your forum that referenced one of my issues and I downloaded combofix, ran it and while it was running the BSOD came up. I tried to reboot in safe mode but still receive BSOD.

At this moment I am runnig ckdsk /r from the recovery console.

I orginally posted in malware forum but I think I need to resolve the boot issue before I can address any malware issues, is that correct?

Any help would be greatly appreciated.

OS:XP

[sach2]

If the chkdsk doesn't help which it might.

7B is often associated with SATA drivers. If you can find your SATA configuration in BIOS, it might be worth a try to set it to ATA or IDE emulation.

If you give the model of computer or motherboard we might be able to figure out where the setting would be in BIOS. Usually it is under Drives or something like that.

I'm not sure that the setting switch on a running OS will help but it couldn't hurt to give it a quick try.

[barkeep68]

Would you recommend running ckddsk /f prior to changing BIOS? I was at a screen where I ran a diagnostic on the memory and there was an opiton for BSOD. In both instaces the test for SATA confidence test was skipped, however, at the conclusion of each test the report was no problems. I don't know if this is important.

I believe I know where to find the SATA settings, it was on the screen prior to getting to the above mentioned tests.

[satrow]

0x7B is a common post-partial malware cleanup problem, for instance: the entry point for the malware is still there, say shell='infected system file', that file has been deleted during a cleanup but it's called at boot = BSOD.

Some generic drivers that may be affected that are vital to Windows are disk, classpnp, ftdisk, partmgr, and FAT or NTFS; there will be others specific to your hardware, esp. SATA and newer tech. Running SFC or a Windows Repair might help, as might multiple uses of 'Last Known Good' to reload old Registry hives prior to infection.

If you can access the drive from anther computer or boot disk, you may be able to find the logs from the malware programs which are likely to point out the infected file(s) that need to be reinstated from backups.

[barkeep68]

satrow, I have attempted a couple of times "Last Known Good" and I kept receiving the BSOD. The only malware progrma logs that would have been generated priort to the BSOD would be malware bytes. I am working off of a laptop, my desk top is down, so I think I could access the but I don't know how to access the drive of the down computer.

Regarding running SFC or Windows repair, if those are programs, I don't know how to run them since I can't get the computer to boot up. The only thing I have access to is Windows Recovery Console

[barkeep68]

I ran LISTSVC in recovery console and this came up:
abp480n5-disabled
accoca-auto
ACDaemon-auto
ACPIEC-disabled
adpu160m-disabled
aec-manual
Afc-manual
AFD-system
agp440-disabled
agpCPQ-disabled
Aha154x-disabled
aic78u2-disabled
aic78xx-disabled
Alerter-manual
ALG-manual
ALG-manual
AliIde-disabled
alim1541-disabled
amdagp-disabled
amsint-disabled
AOL ACS-auto
AppMgmt-manual
asc-disabled
asc3350p-disabled
asc3550-disabled
aspnet_state-manual
AsyncMac-manual
atapi-boot
Atdisk-disabled
Atmarpc-manual
AudioSrv-auto
audstub-manual
bcgame-manual
Beep-system
BITS-auto
Browser-maual
bvrp_pci-manual
catchme-manual
cbidf-disabled
cbidf2k-disabled
CCDECODE-manual
cd20xrnt-disabled
Cdaudio-system
Cdfs-disabled
Cdrom-system
CertPropSvc-auto
cfwids-manual
Changer-system
CiSvc-manual
ClipSrv-manual
clr_optimization_v2.0.50727_32-manual
clr_optimization_v4.0.30319_32-auto
CmdIde-disabled
COMMONFX.DLL-auto
COMSysApp-manual
Cpqarray-disabled
CryptSvc-auto
dac2w2k-disabled
dac960nt-disabled
DcomLaunch-auto
Dhcp-auto
Disk-boot
DLABOIOM-auto
DLACDBHM-system
DLADResN-auto
DLAIFS_M-auto
DLAOPIOM-auto
DLAPoolM-auto
DLARTL_N-system
DLAUDFAM-auto
DLAUDF_M-auto
dmadmin-manual
dmboot-disabled
dmi-disabled
dmload-disabled
dmserver-manual
DMusic-manual
Dnscache-auto
Dot3svc-manual
dpti2o-disabled
drmkaud-manual
DRVMCDG-boot
DRVNDDM-auto
DSBrokerService-manual
DSproct-manual
dsunidrv-auto
E100B-manual
EapHost-manual
ERSvc-auto
Eventlog-auto
EventSystem-manual
Fastfat-disabled
FastUserSwitchingCompatibility-auto
Fax-manual
Fdc-manual
Fips-system
Flpydisk-manual
FltMgr-boot
FontCache3.0.0.0-manual
Fs_ec-system
Ftdisk-boot
Gpc-manual
gupdate-auto
gupdatem-manual
HDAudBus-manual
helpsvc-auto
HidServ-auto
HidUsb-manual
hkmsvc-manual
hpn-disabled
hpqcxs08-manual
hpqddsvc-auto
HPSLPSVC-manual
HPZid412-manual
HPZipr12-manual
HPZius12-manual
HSFHWBS2-manual
HSF_DP-manual
HTTP-manual
HTTPFilter-manual
i2omgmt-system
i2omp-disabled
i8042prt-system
IDriverT-manual
idsvc-manual
Imapi-system
ImapisService-manual
ini910u-disabled
IntelIde-disabled
intelppm-system
Ip6Fw-manual
IpFilterDriver-manual
IpInIp-manual
IpNat-manual
IPSec-system
IRENUM-manual
isapnp-boot
JavaQuickStaterService-auto
Kbdclass-system
kbdhid-system
kmixer-manual
KSecDD-boot
lanmanserver-auto
LanmanWorkstation-auto
lbrtfdc-system
LmHosts-auto
McAfee SiteAdvisor Service-auto
McAWFwk-manual
McMPFSvc-auto
mcmscsvc-auto
McNaiAnn-auto
McNASvc-auto
McODS-manual
McOobeSv-disabled
McProxy-auto
McShield-auto
MDC8021X-auto
MDM-auto
mdmxsdk-auto
Messenger-auto
mfeapfk-manual
mfeavfk-manual
mfeavfk01-manual
mfedbopk-manual
mfefire-auto
mfefirek-manual
mfehidk-boot
mfendisk-manual
mfendiskmp-manual
mferkdet-manual
mfetdi2k-system
mfevtp-auto
Microsoft Office Groove Audit Service-manual
mnmdd-system
mnmsrvc-manual
Modem-manual
MODEMCSA-manual
Mouclass-system
mouhid-manual
MountMgr-boot
mraid35x-disabled
MRxDAV-manual
MRxSmb-system
MSDTC-manual
Msfs-system
MSHUBSBVideo-manual
MSIServer-manual
MSKSSRV-manual
MSPCLOCK-manual
MSPQM-maual
mssmbioa-manual
MSTEE-manual
Mup-boot
NABTSFEC-manual
napagent-manual
NDIS-boot
NdisIP-manual
NdisTapi-Manual
Ndisuio-manual
NdisWan-manual
NDProxy-manual
Net Driver HPZ12-auto
NetBIOS-system
NetBT-system
NetDDE-manual
NetDDEdsdm-manual
Netlogon-manual
Netman-manual
NetSvc-manual
NetTcpPortSharing-disabeld
Nla-manual
NPF-manual
Npfs-system
Ntfs-disabled
NtLmSsp-manual
NtmsSvc-manual
NuidFltr-manual
Null-system
nv-manual
nvsvc-auto
NwlnkFlt-manual
NwlnkFwd-manual
odserv-manual
ose-manual
PalmUSBD-manual
Parport-manual
PartMgr-Boot
ParVdm-disabled
PCI-boot
PCIDump-system
PCIIde-boot
Pcmcia-disabled
PDCOMP-manual
PDFRAME-manual
PDRELI-manual
PDRFRAME-manual
perc2-disabled
perc2hib-disabled
PlugPlay-auto
Pml Driver HPZ12-auto
PnkBstrA-auto
PnkBstrB-auto
PnkBstrK-Manual
PolicyAgent-auto
PptpMiniport-manual
ProtectedStorage-auto
ProtexisLicensing-auto
PSched-manual
Ptilink-manual
PxHelp20-boot
ql1080-disable
Ql10wnt-disabled
ql12160-disabled
ql1240-disabeld
ql1280-disabled
RasAcd-system
RasAuto-manual
Ras12tp-manual
RasMan-manual
RasPppoe-manual
Raspti-manual
Rdbss-system
RDPCDD-system
rdpdr-manual
RDPWD-manual
RDsessMgr-manual
redbook-system
RemoteAccess-disabled
RimUsb-manual
RimVserPort-manual
ROOTMODEM-manual
RpcLocator-manual
RpcSs-auto
RSVP-manual
SamSs-auto
SCardSvr-auto
Schedule-auto
SCR3XX2K-manual
Secdrv-manual
seclogon-auto
SENS-auto
serenum-manual
Serial-system
Sfloppy-manual
SharedAdccess-auto
ShellHWDetection-auto
Simbad-disabled
sisagp-disabled
SLIP-manual
SONYPVU1-manual
Sparrow-disabled
splitter-manual
Spooler-auto
sr-boot
srservice-auto
Srv-manual
SSDPSRV-manual
SSFMONM-auto
STHDA-manual
StillCam-manual
stisvc-auto
streamip-manual
swenum-manual
swmidi-manual
SwPrv-manual
symc810-disabled
symc8xx-disabled
sym_hi-disabled
sym_u3-disabled
sysaudio-manual
SysmonLog-manual
TapiSrv-manual
Tcpip-system
TDPIPE-manual
TDTCP-manual
TermDD-system
TermService-auto
Themes-auto
TlntSvr-manual
TomTomHOMEService-auto
TosIde-disabled
TrkWks-auto
TVICHW32-manual
Udfs-disabled
ultra-disabled
Update-maual
upnphost-manual
UPS-manual
usbaudio-manual
usbccgp-manual
usbehci-manual
usbhub-manual
usbprint-manual
usbscan-manual
USBSTOR-manual
usbuhci-manual
usbvideo-manual
VgaSave-system
ViaIde-disabled
vkquwexg-boot
VolSnap-boot
VSS-manual
w32time-auto
Wanarp-manual
wanatw-manual
WDBtnMgrSvc.exe-auto
Wdf01000-manual
WDICA-manual
wdmaud-manual
WebClient-auto
winachsf-manual
winmgmt-auto
WinRM-manual
Winsock-manual
wlidsvc-disabled
WLSetupSvc-manual
WmdmPmSN-manual
Wmi-manual
WmiApSrv-manual
WMPNetworkSvc-manual
WpdUsb-manual
WPFFontCache_v0400-manual
WS2IFSL-systme
wscsvc-auto
WSTCODEC-manual
wuauserv-auto
WudfPf-boot
WudfRd-manual
WudfSvc-auto
WZCSVC-disabled
X4HSX32-auto
xmlprov-manual
YahooAuService-auto

These two look suspicious: vkquwexg-boot VolSnap-boot
Does any of this help identify the problem(s)?

[barkeep68]

satrow, can i run SFC or windows repair from the recovery console in XP? All i can access is the recovery console

[thisisu]

vkquwexg shouldn't be there, however, it may be a temporary driver used by ComboFix. Volsnap and the rest you listed are legit.

Since you say the PC BSOD'd while it was running ComboFix, let's try to disable this driver to see if it helps at all.

Try this command while in the recovery console and press ENTER afterwards:

• disable vkquwexg

Then type exit to attempt to reboot normally.

[barkeep68]

Response:
The resgistry entry for th vkquwexg service was found. The service currently has start_type SERVICE_BOOT_START.

The new start_type for the service has been set to SERVICE_DISABLED.

Attempted normal re-boot, result was BSOD. Attempted re-boot in safe mode, result was BSOD.

[thisisu]

Hrm :|

I would try these commands next:

• fixmbr (warning appears, press Y for yes)
• fixboot (are you sure? Y for yes)
• exit

[sach2]

If you have done chkdsk /r then no need to do chkdsk /f. The /f is included in the more extensive /r scan.

Changing the SATA setting won't change anything on the XP drive so if it doesn't help just change it back.

Edit: See if Satrow can help you more thoroughly. The SATA change was my only suggestion to see if it can jump start you into Windows for further troubleshooting. If it doesn't work then satrow may have better options.

[barkeep68]

sach2, I will attempt to change the SATA settings and see if that helps. Thanks for the assistance.