Lo Tov - BSOD | Vista HP

shiftlessatol · Apr 25, 2011

Had a virus on this machine - extraction went well - but since the extraction, the machine will not stay powered on long, and is impossible to shutdown without a bsod. throwing the same two exceptions, Internal Power Failure on shutdown - and IRQ not less or equal (mostly when i try to run ComboFix)

INTERNAL_POWER_ERROR
xa0
ntkrnlpa.exe+62f7

========================

DRIVER_IRQ_NOT_LESS_OR_EQUAL
xd1
ntkrnlpa.exe+103c08
storport.sys+131f

i've attached a zip of the dmps - also here are the MGtools reports. i've run several cleaners, and it's prepped and primed for you guys. also i attempted a "repair" install via upgrade option... 208GB of free space and i don't have 8816MB available out of 208GB? so it won't let me do a repair install either, i've done system restore up to the furthest date i can get, and i've uninstalled the nVidia drivers for the ata device and install the microsoft - no different, i think the nVidia drivers are now installed. any help would be great!

thanks,

-dave-

[I 7-zipped the files]

shiftlessatol · Apr 25, 2011

the IRQ dmp file

shiftlessatol · Apr 25, 2011

also

i can't access anything to do with windows update, either the program or via web. and the driver verifier won't run either "No devices match the name specified ((null))"

don't know about you, but i'm beginning to lean toward an operating system corruption - eh?

shiftlessatol · Apr 25, 2011

Holy craaaap!

so it runs in safemode with no problem except for how it's useless (won't shutdown without bsod, but doesn't throw any other exceptions either) - and then today i restarted it in normal boot and ran Combofix, and it ran, unpdated itself and then BSOD , i'm going to try the update version again

ya, no - it won't do it after CF updated itself its just bsod while loading the app

shiftlessatol · Apr 25, 2011

HiJackThis!

attached is the HJT log

Kestrel13! · Apr 26, 2011

If you ran MGTools then can you please attach the requested C:\MGlogs.zip

shiftlessatol · Apr 27, 2011

sorry, i grabbed the wrong thing

shiftlessatol · Apr 27, 2011

this is crazy

:confused

ok,

i ghosted the os partition to a file, reloaded the machine from factory - then ghosted the os partition to another drive, ran startup repair - no problems.

it shutsdown, runs updates, runs combofix, no problem

so i'm going to guess the problem was with how the installation used the recovery partition for booting?

not sure, what i do know is when the recovery partition is absent, the machine runs great. i'm going to attempt a windows 7 upgrade and see if it acknowledges the free space on the drive. my bet is it will since it was using the recovery partition previously for whatever it thought it needed

i'll keep you posted

Kestrel13! · Apr 27, 2011

ShopAtHome.com Toolbar <--- Uninstall this.

Go to this MGTools and download the new version of MGtools.exe. Overwrite your previous MGtools.exe file with this one.

What are the contents of these directories? Let me know!

C:\Users\Reid\AppData\Roaming\Alal

C:\Users\Reid\AppData\Roaming\Hoyg

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

Right-click OTM.exe And select " Run as administrator " to run it.

Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.
Code:
:reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{95C4943E-D76D-4F08-9115-9740FAAE824D}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95C4943E-D76D-4F08-9115-9740FAAE824D}]

:files
C:\Users\Reid\AppData\Local\4o8dd5y80jo00c4a2tdod0i741466er6s8n6h8pv7n
C:\Users\Reid\AppData\Local\Lcojuvedi.dat
C:\Users\Reid\AppData\Local\Wmetuwaxohesewe.bin
C:\Users\Reid\AppData\Local\{32A06048-E467-46CE-84DC-B3106FAF89CC}
C:\Users\Reid\AppData\Roaming\Microsoft\Windows\Templates\4o8dd5y80jo00c4a2tdod0i741466er6s8n6h8pv7n
C:\ProgramData\4o8dd5y80jo00c4a2tdod0i741466er6s8n6h8pv7n
C:\Program Files\Bonjour(56)
C:\Program Files\iPod(85)
C:\Program Files\iTunes(86)
C:\2470i18lkr

:Commands
[emptytemp]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.

OTM may ask to reboot the machine. Please do so if asked.

Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

I want you to run Combofix as per the instructions in the READ & RUN ME FIRST. Malware Removal Guide

Now run the NEW C:\MGTools.exe and attach the new C:\MGlogs.zip.

Let me know how things are running for you.

Log in or Sign up

Lo Tov - BSOD | Vista HP

shiftlessatol Private E-2

Attached Files:

Payload.zip

shiftlessatol Private E-2

Attached Files:

Mini042511-02.zip

shiftlessatol Private E-2

shiftlessatol Private E-2

shiftlessatol Private E-2

Attached Files:

hijackthis.log

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

shiftlessatol Private E-2

Attached Files:

MGlogs.zip

shiftlessatol Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member