Malware issues...may be causing BSOD?

[G1_Queen]

It wasn't until Norton detected Trojan.Vundo and W32.SillyFDC virus that I started to get the Blue Screen of Death (BSOD)!!! So I'm not sure if I have two separate issues going on...Malware and Hardware issues.

I ran the Read Me Run Me First and had all kinds of garbage on my computer: Worms, Trojans, Adware, Rogues, Cracks, Keygens...you name it my desktop has/had it!!!!

I'm still getting the BSOD after running Read Me Run Me, and I have attached the logs (I hope)...I can't use desktop so I had to transfer the files onto USB. Not sure if the all the viruses and trogans and stuff are clean...I suspect they are not.

I can only work in safe mode, and for about 1 hour 30 mins max. Also, I couldn't so a full scan using SuperAnti Spyware in safe mode, got the BSOD 1 hour and 35 minutes into the full scan. Therefore, I was only able to perform a quick scan.


I seriously need help, I don't know what else to do beside throw the computer away! I thank you for your time and assistance in advance

[chaslang]

Welcome to Major Geeks!

Quote:

Originally Posted by G1_Queen

It wasn't until Norton detected Trojan.Vundo and W32.SillyFDC

I don't see Norton or any other protection installed. Did you uninstall them. There are left overs from them that we will clean up below.

Quote:

Originally Posted by G1_Queen

So I'm not sure if I have two separate issues going on...Malware and Hardware issues.

Could be hardware issues especially if you consistently are shutting down after about an hour and a half. How old is this PC?

Quote:

Originally Posted by G1_Queen

I can't use desktop

What do you mean by this? Do you mean it cannot connect to the internet at all?

Quote:

Originally Posted by G1_Queen

I can only work in safe mode,

Why? What happens when you boot in normal mode?

Your log from ComboFix shows it did not run properly since it is too incomplete to be of any use. What happened when you ran ComboFix?



Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Power2GoExpress] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

Quote:

Files to delete:
C:\saida.txt
C:\WINDOWS\Afagoxoy.dat
C:\WINDOWS\Bturarohijep.bin
C:\WINDOWS\Bturarohijep.binBturarohijep.bin

Folders to delete:
C:\Program Files\Internet Explorer\1033
C:\71edb83b6975406f7778
C:\7d5a426d953c49c625e3517eee51
C:\Program Files\Radialpoint
C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\BitDefender
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
C:\Documents and Settings\All Users\Application Data\Norton
C:\Documents and Settings\All Users\Application Data\NortonInstaller
C:\Documents and Settings\All Users\Application Data\Symantec

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

[G1_Queen]

Thanks for your time and assistance.

Yes, I uninstalled Norton because after my first scan I kept getting and error message, and couldn't update it...

I can only work in safe mode and only for 1 1/2 hours max. When I log on in normal mode, by the time everything loads up, the system freezes and I get the BSOD with the message: MACHINE_CHECK_EXCEPTION, and I began to get this message only after Vundo was detected on my system. If I am lucky I can access the internet for about 5 minutes in normal mode, before getting the BSOD...

I'm almost positive I have hardware issues as well. But my main concern is making sure all the malware is off my system, and making sure the malware is not the cause of the BSOD.

I followed your instructions, and I have attached the 2 files requested.

[G1_Queen]

P.S.

I have restarted my computer in normal mode at 10:49:30am e.s.t.

At 11:08:41am e.s.t. my system became non responsive. I did nothing but let the system load in normal mode and sit at the destop screen.

As of 11:22:20am e.s.t my system is still nonresponsive and the desktop is still viewable, and I have not been hit with the Blue Screen of Death...yet

[G1_Queen]

Update:

40 minutes has passed since my system has become non-responsive, no blue screen of death as of yet...manually shutting down system...waiting for any further instructions...

[chaslang]

You did not answer my question about running ComboFix. I need an answer.

Also your new logs show that you did not fix anything I asked you to fix with HijackThis. Did you run it? Did you remember to click Fix checked?

Quote:

Originally Posted by G1_Queen

When I log on in normal mode, by the time everything loads up, the system freezes and I get the BSOD with the message: MACHINE_CHECK_EXCEPTION, and I began to get this message only after Vundo was detected on my system.

Most likely software, driver or hardware issues. You should capture an Even Viewer log and exact word for word error messages and error numbers and post them in the Software Forum. There is nothing in your logs that would indicate any malware issues.

[G1_Queen]

Yes, I did run ComboFix. It froze after completing stage 33, in safe mode with networking...Reran again and the Microsoft Windows Recovery Console was installed successfully, and it completed successfully.

Also, I did run HijackThis as instructed, I did remember to click Fix checked. I don't understand why the logs are showing that I didn't. I even wrote down everything I did so I wouldn't miss anything and checked off all steps that I compeleted as I went along.

[chaslang]

Quote:

Originally Posted by G1_Queen

Yes, I did run ComboFix. It froze after completing stage 33, in safe mode with networking...Reran again and the Microsoft Windows Recovery Console was installed successfully, and it completed successfully.

Attach the log.

Quote:

Originally Posted by G1_Queen

Also, I did run HijackThis as instructed, I did remember to click Fix checked. I don't understand why the logs are showing that I didn't. I even wrote down everything I did so I wouldn't miss anything and checked off all steps that I compeleted as I went along.

I took a closer look at your log and some of the time stamps of what was run when are out of sync. The HJT log may be from before you fixed the items. Run C:\MGtools\GetLogs.bat again and wait for it to finish. Then attach the new MGlogs.zip file.

Have you posted your Even Viewer log in the Software Forum as I suggested?