Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › (W7Ult)Virus? BSOD and other issues...
New Posts  All Forums:Forum Nav:

(W7Ult)Virus? BSOD and other issues...

post #1 of 10
Thread Starter 
My laptop has been giving me some trouble lately. It's a Thinkpad T400, with Windows 7 ultimate on a Crucial M4 128gb SSD, and 8gb of ram.


It started as a few random BSOD's mostly while booting, while logging into windows. It would Blue-screen once, I reboot and it would load fine. I searched up the BSOD error code and snooped around the event viewer, but the info was pretty vague.

The last 2 days it has been behaving a little differently though...like earlier today, I was just browsing and noticed a little window pop up, it was the same size as a FF window when you shrink it as much as possible, only had a Close button (no minimize/maximize) and came back when I tried to close it. When I just closed down my Firefox, all of my icons on my desktop were gone with the exception of Computer and Recycle bin. I went to open My Computer, and it opened to a blank white screen with a 'loading' cursor, but never loaded. When I hit the start button, all of my programs on the quick-launch thing were gone, all that was there was a couple windows games...like spider solitaire and minesweeper...

IO ctrl+alt+deleted and noticed explorer closed/crashed/disappeared, and i got a popup pretty much saying i cant control alt delete. Then the computer just locked up and wouldn't let me shut down.

After a reboot, i went on youtube and watched some videos waiting for something else to happen. An hour later, my whole task bar disappeared. About 10 seconds later the sound cut on my youtube video (video continued to play back). The little window popped up about the same time the sound cut. I tried to ctrl+alt+del, and the computer instantly blue-screened. I'm convinced I have a virus. At least I hope it is a virus and not my SSD. I haven't had a virus since My-doom and Pate.b, in Windows XP and ME...

Probably unrelated, but I am using two mis-matched 4gb sticks of memory, which CPU-z reads as running dual-channel so I assume they are happy enough...but i dunno..
Edited by Mr_Me_II - 3/18/12 at 3:58pm
Dead Computer
(13 items)
 
  
CPUMotherboardGraphicsRAM
Melted Athlon 5000x2 BE Warped Asus M3A Waterlogged 8800GTS (G80) 4gb of Burnt Crucial Blstx 
Hard DriveOptical DriveOSMonitor
Poofed 2x250 Seagates, Raid0 Shattered Liteon SATA 20x DVDRW VISTA Cracked HP w2207 
KeyboardPowerCaseMouse
Generic, missing spacebar Popped Ultra 600Watt 'VS' Series Dented Ultra Microfly MX6 Microsoft 5-Button Optical 
Mouse Pad
Rubbery Foam pad thing 
  hide details  
Reply
Dead Computer
(13 items)
 
  
CPUMotherboardGraphicsRAM
Melted Athlon 5000x2 BE Warped Asus M3A Waterlogged 8800GTS (G80) 4gb of Burnt Crucial Blstx 
Hard DriveOptical DriveOSMonitor
Poofed 2x250 Seagates, Raid0 Shattered Liteon SATA 20x DVDRW VISTA Cracked HP w2207 
KeyboardPowerCaseMouse
Generic, missing spacebar Popped Ultra 600Watt 'VS' Series Dented Ultra Microfly MX6 Microsoft 5-Button Optical 
Mouse Pad
Rubbery Foam pad thing 
  hide details  
Reply
post #2 of 10
Time to start scanning. You'd be surprised what can get through even the best AV programs/firewalls. I'd start with a safe-mode boot and scanning with MBAM, but you're likely to have good success with any of the following (download their ISO and burn to CD to boot from:

F-Secure Boot CD
Kapersky Rescue CD
Avira Rescue CD
AVG Rescue CD
Microsoft Standalone System Scanner


And there are several more available if you look around.
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
post #3 of 10
Thread Starter 
Forgot to mention, I did recently install Avast and spybot s&d, it's been a long time since I had to go through this kinda thing, ive been getting lazier and lazier with my protections :|

I will definitely install mbam though and see what it says
Dead Computer
(13 items)
 
  
CPUMotherboardGraphicsRAM
Melted Athlon 5000x2 BE Warped Asus M3A Waterlogged 8800GTS (G80) 4gb of Burnt Crucial Blstx 
Hard DriveOptical DriveOSMonitor
Poofed 2x250 Seagates, Raid0 Shattered Liteon SATA 20x DVDRW VISTA Cracked HP w2207 
KeyboardPowerCaseMouse
Generic, missing spacebar Popped Ultra 600Watt 'VS' Series Dented Ultra Microfly MX6 Microsoft 5-Button Optical 
Mouse Pad
Rubbery Foam pad thing 
  hide details  
Reply
Dead Computer
(13 items)
 
  
CPUMotherboardGraphicsRAM
Melted Athlon 5000x2 BE Warped Asus M3A Waterlogged 8800GTS (G80) 4gb of Burnt Crucial Blstx 
Hard DriveOptical DriveOSMonitor
Poofed 2x250 Seagates, Raid0 Shattered Liteon SATA 20x DVDRW VISTA Cracked HP w2207 
KeyboardPowerCaseMouse
Generic, missing spacebar Popped Ultra 600Watt 'VS' Series Dented Ultra Microfly MX6 Microsoft 5-Button Optical 
Mouse Pad
Rubbery Foam pad thing 
  hide details  
Reply
post #4 of 10
Maybe it's the SSD. What BSOD code you get?
Hex
(11 items)
 
OLD C2D
(8 items)
 
 
CPUMotherboardGraphicsRAM
Xeon X5660 ASUS Sabertooth x58 Diamond 7970  Kingston 
Hard DriveOptical DriveCoolingOS
WD Black Blu-ray :) Win 7 64-bit 
PowerCaseAudio
HX750 (modular) Antec 300  Sound Blaster Titanium  
CPUMotherboardGraphicsRAM
E6400 Intel D975XBX2 EVGA 8800 GT 4 GB 
Hard DriveCoolingOSPower
Seagate Coolmaster N520 Win 7  550 W 
CPUMotherboardGraphicsRAM
Athlon x2 4200 Asus M2N32-SLI Deluxe 3870 2 x 2 Gb 
Hard DriveOSPower
320 Gb Windows Vista 64-bit 550 W Modular 
  hide details  
Reply
Hex
(11 items)
 
OLD C2D
(8 items)
 
 
CPUMotherboardGraphicsRAM
Xeon X5660 ASUS Sabertooth x58 Diamond 7970  Kingston 
Hard DriveOptical DriveCoolingOS
WD Black Blu-ray :) Win 7 64-bit 
PowerCaseAudio
HX750 (modular) Antec 300  Sound Blaster Titanium  
CPUMotherboardGraphicsRAM
E6400 Intel D975XBX2 EVGA 8800 GT 4 GB 
Hard DriveCoolingOSPower
Seagate Coolmaster N520 Win 7  550 W 
CPUMotherboardGraphicsRAM
Athlon x2 4200 Asus M2N32-SLI Deluxe 3870 2 x 2 Gb 
Hard DriveOSPower
320 Gb Windows Vista 64-bit 550 W Modular 
  hide details  
Reply
post #5 of 10
Thread Starter 
Event viewer is just listing it as Event 41, Kernal-Power

Which is pretty vague. I'll write down the hex numbers next time it happens

MBAM found nothing, avast still nothing, same with Spybot. It's been behaving so far today though...
Dead Computer
(13 items)
 
  
CPUMotherboardGraphicsRAM
Melted Athlon 5000x2 BE Warped Asus M3A Waterlogged 8800GTS (G80) 4gb of Burnt Crucial Blstx 
Hard DriveOptical DriveOSMonitor
Poofed 2x250 Seagates, Raid0 Shattered Liteon SATA 20x DVDRW VISTA Cracked HP w2207 
KeyboardPowerCaseMouse
Generic, missing spacebar Popped Ultra 600Watt 'VS' Series Dented Ultra Microfly MX6 Microsoft 5-Button Optical 
Mouse Pad
Rubbery Foam pad thing 
  hide details  
Reply
Dead Computer
(13 items)
 
  
CPUMotherboardGraphicsRAM
Melted Athlon 5000x2 BE Warped Asus M3A Waterlogged 8800GTS (G80) 4gb of Burnt Crucial Blstx 
Hard DriveOptical DriveOSMonitor
Poofed 2x250 Seagates, Raid0 Shattered Liteon SATA 20x DVDRW VISTA Cracked HP w2207 
KeyboardPowerCaseMouse
Generic, missing spacebar Popped Ultra 600Watt 'VS' Series Dented Ultra Microfly MX6 Microsoft 5-Button Optical 
Mouse Pad
Rubbery Foam pad thing 
  hide details  
Reply
post #6 of 10
Hello! smile.gif

Can you please navigate to C:/Windows/Minidump and zip / rar up your latest dump files? Once you've done that, please attach the zip / rar to your post by clicking the paperclip icon in the reply / post box. I'd like to take a look at the dumps to see what we have going on here.

Thanks.
post #7 of 10
Thread Starter 
Hello smile.gif

minidump_6files.zip 151k .zip file Here are the most recent ones, 6 files total
Dead Computer
(13 items)
 
  
CPUMotherboardGraphicsRAM
Melted Athlon 5000x2 BE Warped Asus M3A Waterlogged 8800GTS (G80) 4gb of Burnt Crucial Blstx 
Hard DriveOptical DriveOSMonitor
Poofed 2x250 Seagates, Raid0 Shattered Liteon SATA 20x DVDRW VISTA Cracked HP w2207 
KeyboardPowerCaseMouse
Generic, missing spacebar Popped Ultra 600Watt 'VS' Series Dented Ultra Microfly MX6 Microsoft 5-Button Optical 
Mouse Pad
Rubbery Foam pad thing 
  hide details  
Reply
Dead Computer
(13 items)
 
  
CPUMotherboardGraphicsRAM
Melted Athlon 5000x2 BE Warped Asus M3A Waterlogged 8800GTS (G80) 4gb of Burnt Crucial Blstx 
Hard DriveOptical DriveOSMonitor
Poofed 2x250 Seagates, Raid0 Shattered Liteon SATA 20x DVDRW VISTA Cracked HP w2207 
KeyboardPowerCaseMouse
Generic, missing spacebar Popped Ultra 600Watt 'VS' Series Dented Ultra Microfly MX6 Microsoft 5-Button Optical 
Mouse Pad
Rubbery Foam pad thing 
  hide details  
Reply
post #8 of 10
Bunch of dumps blaming wininit.exe - which is a core Windows file. I would first recommend running a malware scan on the system. I noticed in your drivers list you have avast! installed, so you can use that for a full scan, or a quick... up to you. Another good malware scanner in itself is Malwarebytes, it's free, so give that a try if you'd like.

Drivers that need to be updated:
Quote:
mdmxsdk.sys (Conexant Modem Diagnostic Interface x86 Driver) Mon Jun 19 17:27:26 2006. Update here.

lmimirr.sys (LogMeIn Remote Access Driver) Tue Apr 10 18:32:45 2007. Update here.

RaInfo.sys (LogMeIn/RemotelyAnywhere Kernel Information Provider) Fri Jan 04 13:57:14 2008. Visit link above.

LMIRfsDriver.sys (RemotelyAnywhere Mirror Miniport Driver or LogMeIn Mirror Miniport Driver) Mon Jul 14 12:26:56 2008. Visit link above.


Dump example for reference:
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Icarus\Downloads\031412-16161-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`01e4e000 PsLoadedModuleList = 0xfffff800`02092650
Debug session time: Wed Mar 14 22:35:29.560 2012 (UTC - 4:00)
System Uptime: 0 days 0:03:19.185
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, fffffa8008e38630, fffffa8008e38910, fffff800021cd5f0}

Probably caused by : wininit.exe

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa8008e38630, Terminating object
Arg3: fffffa8008e38910, Process image file name
Arg4: fffff800021cd5f0, Explanatory message (ascii)

Debugging Details:
------------------


PROCESS_OBJECT: fffffa8008e38630

IMAGE_NAME:  wininit.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: wininit

FAULTING_MODULE: 0000000000000000 

PROCESS_NAME:  wininit.exe

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

BUGCHECK_STR:  0xF4_C0000005

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  0

STACK_TEXT:  
fffff880`17d8b0e8 fffff800`022547b2 : 00000000`000000f4 00000000`00000003 fffffa80`08e38630 fffffa80`08e38910 : nt!KeBugCheckEx
fffff880`17d8b0f0 fffff800`02201c9b : ffffffff`ffffffff fffffa80`0914b060 fffffa80`08e38630 fffffa80`08e38630 : nt!PspCatchCriticalBreak+0x92
fffff880`17d8b130 fffff800`02181094 : ffffffff`ffffffff 00000000`00000001 fffffa80`08e38630 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x176d6
fffff880`17d8b180 fffff800`01ec9fd3 : fffffa80`08e38630 fffff800`c0000005 fffffa80`0914b060 00000000`022f0530 : nt!NtTerminateProcess+0xf4
fffff880`17d8b200 fffff800`01ec6570 : fffff800`01f15aff fffff880`17d8bb78 fffff880`17d8b8d0 fffff880`17d8bc20 : nt!KiSystemServiceCopyEnd+0x13
fffff880`17d8b398 fffff800`01f15aff : fffff880`17d8bb78 fffff880`17d8b8d0 fffff880`17d8bc20 00000000`022f1d70 : nt!KiServiceLinkage
fffff880`17d8b3a0 fffff800`01eca3c2 : fffff880`17d8bb78 00000000`0000aab7 fffff880`17d8bc20 00000000`022f1848 : nt! ?? ::FNODOBFM::`string'+0x48e24
fffff880`17d8ba40 fffff800`01ec8f3a : 00000000`00000001 00000000`022f0ae8 00000000`022fa501 00000000`0000aab7 : nt!KiExceptionDispatch+0xc2
fffff880`17d8bc20 00000000`77468e3d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a
00000000`022f0af0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77468e3d


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  X64_0xF4_C0000005_IMAGE_wininit.exe

BUCKET_ID:  X64_0xF4_C0000005_IMAGE_wininit.exe

Followup: MachineOwner
---------

post #9 of 10
Download Combofix to flash drive and run the installer in safe mode w/ networking. If combofix wont run, take the drive out and install it on another machine as an external drive and run combofix again, and let it do its thing.

After its run and cleaned the drive, boot to windows and run malwarebtes (makes sure its updated) and run a full scan. After I'd run MS security essentials full scan just in case... that should eliminate a virus/malware as a problem.
post #10 of 10
Quote:
Originally Posted by C!rkus View Post

Download Combofix to flash drive and run the installer in safe mode w/ networking. If combofix wont run, take the drive out and install it on another machine as an external drive and run combofix again, and let it do its thing.
After its run and cleaned the drive, boot to windows and run malwarebtes (makes sure its updated) and run a full scan. After I'd run MS security essentials full scan just in case... that should eliminate a virus/malware as a problem.

Great advice regarding malware smile.gif
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › (W7Ult)Virus? BSOD and other issues...