Blue Screen of death

I have been working on my sisters computer and found at least 465 tojans, malware, fakealerts etc and now I am getting the bsod which read stop 0x0000007e, 0xc0000005, 0xb6a9e474, 0xf8a89420, 0xf8a8911c. I am at a lost on what to do next.

Thanks

jsut to let everyone know my sisters computer is running smoothly. I took care of all the problems she had.

Thanks

Do you want to check anyway? There could be some bad stuff on there still, that could cause some bad issues, like making the computer to not boot anymore.

Let me know what else I can do. I don't need my sister giving it back to me.

Thanks

Hello! We need to do some diagnostics to get started.

1. Please download Profiles by noahdfear.

• Save it to your desktop.
• Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  
• When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

4. In your next reply, please post the following logs for my review:

• Profiles log (1)
  
• Win32kDiag log (2)
  
• Cheetah log (3)

Thanks!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-907219651-3613633487-2847416929-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Lex

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-907219651-3613633487-2847416929-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS

Running from: C:\Documents and Settings\Lex\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Lex\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Cheetah-Anti-Rogue v1.3.27
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 03/12/2010 - Time: 14:23:48 - Arch.: x86


-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware
SUPERAntiSpyware


-- Known infection --



Extra message: Detection only.


EOF

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.44
Database version: 3867
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/14/2010 2:58:50 PM
mbam-log-2010-03-14 (14-58-50).txt

Scan type: Quick Scan
Objects scanned: 132900
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply

Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


No valid crash dumps have been found on your computer


--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

I am kind of lost on this program. I know what the url is, but where would I find it on the program? Would it be the auto analysis?

Should be in the Address Bar.

I hope this is right

http://www.getsysteminfo.com/read.php?file=2b1c99721a765942a938db30be19550b&ms=0

Please go HERE. Copy and paste the following file path in to the box.

C:\WINDOWS\system32\DelTMID.exe

Do the same for this file:

C:\WINDOWS\system32\Ptsaci40.dll

Then click submit.

Please post the results (web address to the page) to your next reply.

Note: it might ask you to see the past analysis. Instead, click on "Reanalise File Now."

it won't let me do anything unless I browse for a file

Ok.

Using the browse file option, please find those files, and upload for analysis.

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

• Double-click mbr.exe to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Computer is clean. How is it running?

It is running great!!!

I will send a donation when I get a chance

Thanks

You're welcome. Would you like to know how to prevent malware?

See this page for more info about malware and prevention.

I am thinking about the academy. I do have alot of time on my hands since I am semi-retired and waiting for my disability to come through. I do work on family computers when it comes to any malware and sometimes any hardware, and I did learn quite alot from you. I do need to put a hard drive in my sisters comuter since she only has 15% free space left.

Thanks

I would encourage it. It is fun, but still a little hard.

There sure is quite alot involved in doing it, but I learned alot and I did have some fun it doing it. I will honestly consider doing it. It's better then wiping out hard drives