BSOD during Full Scan

[meat7433]

Well, lets try again. Getting BSOD during full scam with Mbam. Also happens during Norton scan. Nothing appears wrong with the computer other than this. Ran ComboFix, Kaspersky DR. Web CureIt, various others. Ran sfc /scannow. None of these has helped. I have scoured the net looking for solutions and nothing seems to help. Everyone has great advice and soggestions but I need someone that has either resolved this issue before or is an IT Pro to help out, cause the wanna be's although there intentions are good just seem to be missing the mark. SO, anyone out there believe they have an answer/help? Would really appreciate it. Don't want to reinstall the Operating system as even though I have a backup I keep changing prog's and deleting /adding new ones so I would have to backup every other day, NOT practicle and I KNOW this is fixable cause 6 months ago I had a devastating Virus that everyone told me do a reinstall, well I'm stubborn and love to learn even if it pains me. Took me 4 weeks but I got `er done! How ya gonna learn if you take the easy way out? Seeing as to how this is an inconvienience not a catastrophe I'll bear with it till I solve it. So, How bout it? Please.

[screen317]

Hi and welcome to Malwarebytes.

Please post the contents of the blue screen so we may analyze it for you.

[meat7433]

For now untill I try a scan again for exact details I can tell you that it did not have the usual XXXX_XXXX_XXXXX_XXXXX_XXXXX comment at top of screen. All it had was the error code STOP: 0x000000f4. This is the same code it shows for both Mbam and Norton. I also tried turning off Norton and running the scan and viceversa w/Norton, same results same. Same results in safe mode. Added Mbam files to the Norton rules exclusion list and it too produced same code. I have run the sfc, dskchk, ComboFix, etc. Was planning on trying Root gmer scanner next. I believe system files are alright, ran XP Repair Pro and that didn't help either. Even ran the MS Cleanup Utility to clean out bad installs. Like I said this has me stumped!

[screen317]

Hi,

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

After you post that, do the following:

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.
  

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

[meat7433]

Tried to download the DDS, when the computer went to dload it I was informed that the file was an AutoCad script file! Now, wear else can I get the prog from? Haven't tried TSSDKiller yet.

[screen317]

Hi,

Ignore the warning from your antivirus and let DDS run please.

[meat7433]

Hi, can not run DDS, as I said I went to the site as directed and when I tried to download the DDS I was informed that IT IS AN AUTOCAD SCRIPT File. It was NOT my AV that said this, it occured while I tried to download the prog from that web site!

[meat7433]

dds.txtTDSSKiller.2.5.13.0_30.07.2011_05.00.45_log.txtdds.txtTDSSKiller.2.5.13.0_30.07.2011_05.00.45_log.txt

I have Found DDS file and have run Kaspersky. Here are the attached TXT files, hope they help. Kaspersky found one Locked file. I do NOT know what I should do with it or how too handle it.

[meat7433]

Current results, I have re-run Mbam and it crashed (BSOD). Had to turn on the save feature for dump files. I am attaching the mini-dump file. Installed Windbg tool and tried to open mini-dump, told me it couldn't load SYMEVENT.SYS. Then it said Probablt caused by : hardware_disk. So I can't find out cause of this dump. Yes I put proper path for symbol file retrieval in Windbg and temporarily turned of firewall so it could download sysmbol files. Even deleted symbol file directory and tried again with the same results. I am attaching the Mini-Dump file. OK, tried to upload the file but THIS SITE told me I can't upload this type of file! Now what???

[meat7433]

Hi Screen317, I was able to find out how to convert the mindump file to .txt so I am attaching it to this posting. Hope it help. I think for now that's about as far as I can go on my own, still learning how to read the dump file! Thanx.

debuglog.txt

[meat7433]

Hi Screen317, one last thing I have done a file search and found two instances of csrss.exe. One in WINDOWS\system32 were it belongs and CSRSS.EXE-12B63473.pf in the prefetch folder. I know I need the csrss.exe in System32 but DO I Need the one in Prefetch? I have been told that this could be a possible trojan since Windows only requires the one in system32.

[screen317]

Hi,

It is not a trojan; it's a backup.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[screen317]

Are you still with us?

[meat7433]

Sorry I have been un available for awhile. I ran into some more system trouble. Kept getting a message to press Control Alternate delete to restart windows, which it wouldn't do. So, after trying for a couple of day's I simply had no choice and ran a two month old backup. So my issues are gone now, but I did reinstall some of my stuff, not all. Trying to keep it light this time. Thank you and others for all the help. I really would have liked to find out what caused that problem. Very, very frustrating but I am fortunate enough to have a fairly recent backup on hand. So I am sure you will agree with me that everyone should have a full backup handy of there most favorite configuration so they can ALWAYS recover there system. Now that I have made some room, when I re set my Acronis Safe Zone I will add the XP Operating System this time. Reason being I used Acronis for the startup stuff and that did NOT help so I figure the extra 6GB my OS takes up is worth saving to partition. Once again thanks for everything, at least if anyone else has this issue you will have an Idea as to what has and has not worked. Thanxs very much.

[screen317]

Hi,

Glad you were able to resolve the issue. Hard to say the cause at this point. However, if it happens again soon, it's likely that your hard drive is failing and would need replacement.

Let me know if there's anything else I can do for you.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!