Hard Disk Check for Consistency and BSOD after Malware removal

[wallysurfr]

I was redirected here by JeffCE from HiJack this Malware forum. Below is a link to the thread I had there and below that are my two most recent post with the problem I am currently facing with hard disk check for consistency, BSOD and my windows defender, firewall, auto updates being shut down on me.

http://forums.malwarebytes.org/index.php?showtopic=117766&st=20

____________________________________________________________________

So I thought everything was cleared up BUT the other day, I went to shut down and log back in and got a disc crash (not enough memory?) black screen with white writing then the BSOD. STOP errors below:

0x0000007e (0xc0000005, 0x861e9418, 0x8cdb688c, 0x8cdb6588)

So, I thought I was cool since I did so well while following your directions and did some research. I learned that I will have to update Vista OS with SP1 and 2. I tried that but it seems the Malware has (as it's apparently known to do) disabled my windows update, defender, malware protection and pretty much everything else that should protect my comp.

So again, thinking I'm good and stuff, I tried to go into services to turn these things back on and they are not even listed as disabled in services, not even in the list of services that I could find and turn back on. That's where my rabbit trail ends.

When I try to update windows through windows update (also tried to download stand alone to no avail) I got this error: 0x8007000b

Not sure if this is something that you guys handle. Since technically the malware is gone, but the destruction that it has left behind isn't cleaned up and I have no clue which direction to go in.

_______________________________________________________________

While rebooting I still had the same issue. I got the black screen with white writing saying my disk had to be checked for consistency. This leads to the blue screen of death with with the 0x0000007e stop error with mention of BIOS memory settings.

There are a few ways that I get around it:

1. at black screen if gives a 10 second countdown. If I press a key and cancel the check 1 out of 3 times I get to windows.

2. If I let it check the disk=BSOD.

3. If after blue screen I do a hard power down and get back to "system restore" screen and select system restore I get blank screen with nothing for 15-20 minutes (haven't waited longer).

If I go to security center I still can't update or turn on firewall or change any settings. Get the error stating "service is not running" etc.

Any guidance on that is appreciated.

Thanks!

Travis

[wallysurfr]

Anyone have any insight into this? Is there a standard procedure I can follow to check on things and post the logs up?

[AdvancedSetup]

Please review the following Microsoft KB article

http://support.microsoft.com/kb/330182

Then run the following and attach back the logs by clicking the "More Reply Options" button.

Please ATTACH all logs - do not copy/paste them directly into your reply.

Please download MiniToolBox, save it to your desktop and run it.

http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Checkmark the following checkboxes:

Flush DNS

Report IE Proxy Settings

Reset IE Proxy Settings

Report FF Proxy Settings

Reset FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices

List Users, Partitions and Memory size.

List Minidump Files

Click Go and attach the Result.txt. on your next reply

A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

1. DDS.txt
   
2. Attach.txt
   

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[wallysurfr]

Ok, thanks for the response! Attached are the logs that were created after running those two tools.

Thanks again!

Result.txt

dds.txt

attach.txt

[Firefox]

Hello and welcome to Malwarebytes

You seem to be having more issues with this computer that could be due to an infection or previous infection and/or a software/hardware conflict. It would be better to have an expert help you with the clean up process. Pick one of the options below to get started.

==== Event Viewer Messages From Past Week ========

.

11/14/2012 9:02:35 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.

11/14/2012 9:02:35 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

11/14/2012 9:02:35 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

11/14/2012 9:02:35 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

11/14/2012 9:00:31 PM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 2 Address: 1393178557227491096

11/14/2012 5:16:46 PM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 2 Participation: 2 Request Type: 7 Memory/IO: 3 Address: 3460033955828321787

11/14/2012 5:16:41 PM, Error: volmgr [46] - Crash dump initialization failed!

11/12/2012 9:34:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp spubrx

11/12/2012 9:31:42 AM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 2 Participation: 2 Request Type: 7 Memory/IO: 3 Address: 3680791671370209024

11/12/2012 7:56:00 AM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 2 Participation: 3 Request Type: 15 Memory/IO: 2 Address: 3698735151664881464

11/12/2012 7:30:52 AM, Error: Ntfs [137] - The default transaction resource manager on volume SQ004409V05 encountered a non-retryable error and could not start. The data contains the error code.

11/12/2012 6:15:14 AM, Error: Service Control Manager [7024] - The Avira Real-Time Protection service terminated with service-specific error 307 (0x133).

11/12/2012 6:14:48 AM, Error: Service Control Manager [7023] - The SharedAccess service terminated with the following error: There are no more endpoints available from the endpoint mapper.

11/12/2012 6:14:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp avipbb avkmgr spubrx ssmdrv

11/12/2012 6:14:46 AM, Error: Service Control Manager [7022] - The Avira Real-Time Protection service hung on starting.

11/12/2012 6:14:46 AM, Error: Service Control Manager [7000] - The avipbb service failed to start due to the following error: A device attached to the system is not functioning.

11/12/2012 6:06:13 AM, Error: Service Control Manager [7022] - The SharedAccess service hung on starting.

11/12/2012 6:04:55 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

11/12/2012 6:04:55 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

11/12/2012 6:04:55 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

11/12/2012 6:04:55 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.

11/12/2012 6:04:55 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/12/2012 6:04:55 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.

11/12/2012 6:04:55 AM, Error: Service Control Manager [7000] - The avgntflt service failed to start due to the following error: A device attached to the system is not functioning.

11/12/2012 6:03:15 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SQ004409V05.

11/12/2012 6:03:12 AM, Error: Microsoft-Windows-Kernel-WHEA [2] - A fatal hardware error occurred.

11/12/2012 6:03:07 AM, Error: Ntfs [137] - The default transaction resource manager on volume C: encountered a non-retryable error and could not start. The data contains the error code.

11/12/2012 6:02:59 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0. Please contact your system vendor for technical assistance.

11/12/2012 6:02:59 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance.

11/12/2012 6:02:59 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.

.

==== End Of File ===========================

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

IMPORTANT: Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

• Option 1 —— Free Expert advice in the Malware Removal Forum
  
• Option 2 —— Paying customer -- Contact Support via email
  
• Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the

Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

• Please read and follow the directions >>Right HERE<<, skipping any steps you are unable to complete.
  
• After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification,
  so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

• If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  Or
  
• You may send a Private Message to a Moderator asking for assistance.
  

OPTION 2

Alternatively, as a paying customer, you can contact the help desk by filling out the form located >>Right HERE<<

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site >>Right HERE<<

Please be patient, someone will assist you as soon as possible.

PS: Please use the "Reply to this Topic" or "More Reply Options" buttons (instead of the “Quote” and “MultiQuote” buttons) when replying here & at the other forums. That will make your topic easier to follow.

[wallysurfr]

Thanks for the quick reply! I have already run through the malware removal and believe JeffCE indicated that all malware had been removed. After that process, I began seeing the issues described in my first post (Disc check for consistency, blue screen of death etc.). JeffCE sent me here to deal with the potential hardware/software problems that are going on now. Is there any advice you can give me to get it cleared up? Thank you!

[AdvancedSetup]

Please open a ticket on the Help Desk and I will assist you further with your computer.

Thanks