Jump to content

Aftar a scan in safety mode, i can't reboot normally anymore.


Recommended Posts

Hey there

I had some time today so i decided to clean my pc again, like once in a while. It actually started that because a program wouldnt install in normal mode, so i re-booted in safety mode and then run that installation.

After that I made that decision to clean this stuff up. I used all kinds of Tune-Up Utilities features, did a avast scan and run a MarwareBytes scan. So the problem is kinda, i Dont know what the problem could be because I did ALOT.. :/

But like always, i got the log from malware, and checked it out. It has deleted the following files:

Registerdata bestanden ge

Link to post
Share on other sites

Hi,

I'm quite sure Malwarebytes' Anti-Malware didn't cause this, but just to be sure, I want to know the information that's displayed on the blue screen.

Disable automatic restart at the Advanced Options Menu.

  1. When your computer starts, start pressing F8 repeatedly.
  2. At the Advanced Menu Options screen, select Disable automatic restart on system failure, then press ENTER.
    BSEM_003.gif
  3. Next, select the Windows XP as the operating system to start, then press ENTER.
  4. When the blue screen appears, write down the STOP title and the technical information.
    bsod_c.jpg

Link to post
Share on other sites

I did not say it was MalwareBytes, i said that i think its the files that MBAM see's as dangerous, but are needed parts for re-booting. But here's the story.

The problem/situation changed. I didnt had enough patience so last night, i did that restore point thingy. I used all features from TuneUp Utilities ( cleaning, defragmentation, dead links, un-used pograms/files deleting and so on) I got rit of nearly 6gigabite of stuff and over a 300 files etc. I made some more restore points that night for if it went wrong. But nothing happend. Conclusion: It wasnt TuneUp, or anything what has to do with it.

Anywayz. That problem I HAD, isnt anymore. but I DIDNT dare to remove those files that i told about in a second scan last night. I really think those are the problems.

But i got more stuff comming up, Security tool.... :)

What i did was the following. Pc rebooting in safety mode. (I had to because as you'll may known, Security Tool doesnt let you start up ANY program with an .exe file) Scanning with MBAM. Got the Security file found, deleted, MBAM asked for a re-boot to compleet deletion, so i did and had to delete it from Quarantaine after rebooting. Thats also the moment he again found those 2 files 1 talk about. But I did not dare to delete or do anything with them.

Just because I talk the ears of your head, these are the problems i have:

* 2 files, found by MBAM, wich i don't know what to do with. Bad experiences when i delete those.. Are the really infected/virusses or not?

* MBAM cannot update. It gives a message with a number i have to give to MBAM support, but not i got that Security Tool virus, i cannot open MBAM in normal pc mode (when i'm in now) so i cannot try to get that message. I thought it was something with '-75'

* Security Tool virus. Letting me to do NOTHING accept msn messenger and SOME internetsites. It blocks everything, giving false info etc.

Here's the information you asked for:

SPCMDCON.sys Page_fault_in_Nonpage_area

& the second thing:

Stop: 0x00000050 (0xFD3094C2, 0x00000001, 0xFBFE7617, 0,00000000)

I'm sorry but I did not had enough time to get that second information rule. When that screen appears again, i wil immediately send the desired information ok?

Oh yea, i already tryed that 'disable automatic restart on system failure' earlyer but it seems not to listen?

Link to post
Share on other sites

Aaaaaaaaaaaaand there it comes! my friend, mistah Blue.

Last information that i couldnt provide in my former message:

SPCMMCOM.sys - Address FBFE7617 Base at FBFE5000 Date stamp 4D6DD67C

I hope you can help me out with this, especially Security Tool virus, cus I can't do a stuff. I cannot upload my new, track, cannot remix, cannot use any program to scan the pc for bad shizzle, i cant use any off all.

Link to post
Share on other sites

Hi,

Follow these first steps on another PC:

First, copy this scan.txt to a USB drive.

Please print these instruction out so that you know what you are doing.

OTLPEStd.exe

Size: 97,697,047b / 93.1Mb

MD5: E29EEBA00CCA665A2F04B8695469D986

  1. Download OTLPEStd.exe to your desktop.
  2. Ensure that you have a blank CD in the drive.
  3. Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD.
  4. Reboot the infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here.
  5. As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads. :)
  6. Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy.
  7. Double-click on the OTLPE icon.
  8. Select the Windows folder of the infected drive if it asks for a location.
  9. When asked "Do you wish to load the remote registry", select Yes.
  10. When asked "Do you wish to load remote user profile(s) for scanning", select Yes.
  11. Ensure the box "Automatically Load All Remaining Users" is checked and press OK.
  12. OTL should now start.
  13. Double-click on the Custom Scans/Fixes box and a message box will popup asking if you want to load a custom scan from a file.
    Select Scan.txt on your USB drive.
  14. Press Run Scan to start the scan.
  15. When finished, the file will be saved in drive C:\OTL.txt.
  16. Copy this file to your USB drive if you do not have internet connection on this system.
  17. Right click the file and select send to : select the USB drive.
  18. Confirm that it has copied to the USB drive by selecting it
  19. You can backup any files that you wish from this OS
  20. Please post the contents of the C:\OTL.txt file in your reply.

scan.txt

Link to post
Share on other sites

Thanks for helping but I will reply at least Sunday with the asked information. I have a busy job and as you may see, I mostly respond at night when i just got home. Its ok for me to do some actions that i can do here now but I aint gonna wake my brother or something middle in the night to use his pc.. :)

But i'll be back as soon as I can. B) Thanks.

Link to post
Share on other sites

As promised, the info. It (the instructions) looked tougher then they where. Even for someone like me, they where easy and clear to follow.

I'll try to send the file as a attachment, because its quite some text and it could be a bit confusion to post here I think.

OTL.Txt

Link to post
Share on other sites

Hi,

Please do not attach your logs as it is harder for me to read them that way. Post them instead:

OTL logfile created on: 8/29/2010 4:43:39 PM - Run

OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.09 Gb Total Space | 229.59 Gb Free Space | 77.02% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 3.72 Gb Total Space | 1.69 Gb Free Space | 45.47% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 90 Days

Output = Standard

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - File not found [On_Demand] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - File not found [Auto] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2010/08/26 04:31:38 | 000,019,968 | ---- | M] () [Auto] -- C:\WINDOWS\system32\winauxp.exe -- (winauxp.exe)

SRV - [2010/08/25 19:10:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/08/19 08:09:54 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2010/02/02 06:21:56 | 001,043,784 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2010/02/02 06:18:22 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2009/03/31 04:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2008/04/07 04:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2007/10/25 09:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (usbaapl)

DRV - File not found [Kernel | On_Demand] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys -- (Trufos)

DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\DRIVERS\serial.sys -- (Serial)

DRV - File not found [Kernel | On_Demand] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)

DRV - File not found [Kernel | On_Demand] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | Boot] -- -- (nvkas)

DRV - [2010/08/29 09:19:22 | 000,565,280 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\disczxn.sys -- (disczxn)

DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/02/17 05:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 05:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 05:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2009/10/14 01:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009/03/31 04:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009/03/20 05:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2009/03/20 05:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)

DRV - [2009/03/20 05:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)

DRV - [2008/09/17 04:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008/08/14 01:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)

DRV - [2008/04/17 10:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/04/13 18:10:14 | 000,015,744 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)

DRV - [2008/04/13 17:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2008/04/13 16:06:06 | 000,144,384 | ---- | M] (Windows

Link to post
Share on other sites

As there is a very strong indication that this Windows is a non-licensed one (e.g., pirated), we cannot participate further.

If you purchased this system along with Windows, you need to take measures with the seller. Or otherwise, report them.

If you downloaded this Windows, it is sure to be full of malware.

Protect yourself from piracy

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.