0

I've been having a bsod problem on my gateway laptop as of yet i have only been able to boot to safe mode

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-12 03:28:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD800BEVS-22RST0 rev.04.01G04
Running: jid6u70i.exe; Driver: C:\Users\owner\AppData\Local\Temp\kglcapow.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8374F1F8
Device \Driver\atapi \Device\Ide\IdePort0 8374F1F8
Device \Driver\atapi \Device\Ide\IdePort1 8374F1F8
Device \Driver\atapi \Device\Ide\IdePort2 8374F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 837501F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8374F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 837501F8
Device \FileSystem\Ntfs \Ntfs 837511F8
Device \FileSystem\fastfat \Fat 84BC9500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

this ones the first log from gmer and here is the second


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-12 04:02:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD800BEVS-22RST0 rev.04.01G04
Running: jid6u70i.exe; Driver: C:\Users\owner\AppData\Local\Temp\kglcapow.sys


---- System - GMER 1.0.15 ----

INT 0x62 ? 842D5BF8
INT 0x92 ? 842D5BF8
INT 0xA2 ? 8374BBF8
INT 0xA2 ? 8374BBF8
INT 0xA2 ? 842D5BF8
INT 0xA2 ? 8374BBF8
INT 0xB2 ? 8374BBF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 837511F8
Device \FileSystem\fastfat \FatCdrom 84BC9500
Device \Driver\netbt \Device\NetBT_Tcpip_{396B8BF4-85BF-4038-8351-95A91A702AFB} 8467B500
Device \Driver\volmgr \Device\VolMgrControl 8374D1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{CFD18630-145F-455E-B4A4-4E0EC5279925} 8467B500
Device \Driver\usbuhci \Device\USBPDO-0 842F11F8
Device \Driver\usbuhci \Device\USBPDO-1 842F11F8
Device \Driver\usbuhci \Device\USBPDO-2 842F11F8
Device \Driver\usbuhci \Device\USBPDO-3 842F11F8
Device \Driver\usbehci \Device\USBPDO-4 842F21F8
Device \Driver\volmgr \Device\HarddiskVolume1 8374D1F8
Device \Driver\cdrom \Device\CdRom0 8432C1F8
Device \Driver\USBSTOR \Device\00000059 84BEE500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8374F1F8
Device \Driver\atapi \Device\Ide\IdePort0 8374F1F8
Device \Driver\atapi \Device\Ide\IdePort1 8374F1F8
Device \Driver\atapi \Device\Ide\IdePort2 8374F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 837501F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8374F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 837501F8
Device \Driver\volmgr \Device\HarddiskVolume4 8374D1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8467B500
Device \Driver\Smb \Device\NetbiosSmb 846781F8
Device \Driver\USBSTOR \Device\0000005a 84BEE500
Device \Driver\iScsiPrt \Device\RaidPort0 843341F8
Device \Driver\usbuhci \Device\USBFDO-0 842F11F8
Device \Driver\usbuhci \Device\USBFDO-1 842F11F8
Device \Driver\usbuhci \Device\USBFDO-2 842F11F8
Device \Driver\usbuhci \Device\USBFDO-3 842F11F8
Device \Driver\usbehci \Device\USBFDO-4 842F21F8
Device \FileSystem\fastfat \Fat 84BC9500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 84B631F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions /NOEXECUTE=OPTIN
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 600
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 1101
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 302651378
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 31
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID cefa2466-6288-40e2-ba78-7263d96
Reg HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation@ActiveTimeBias 240
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1415
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE8 0x74 0x2B 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 209.18.47.61 209.18.47.62
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{396B8BF4-85BF-4038-8351-95A91A702AFB}@DhcpServer 192.168.0.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{396B8BF4-85BF-4038-8351-95A91A702AFB}@Lease 3600
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{396B8BF4-85BF-4038-8351-95A91A702AFB}@LeaseObtainedTime 1288225340
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{396B8BF4-85BF-4038-8351-95A91A702AFB}@T1 1288227140
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{396B8BF4-85BF-4038-8351-95A91A702AFB}@T2 1288228490
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{396B8BF4-85BF-4038-8351-95A91A702AFB}@LeaseTerminatesTime 1288228940
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{396B8BF4-85BF-4038-8351-95A91A702AFB}@DhcpIPAddress 192.168.0.10
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{396B8BF4-85BF-4038-8351-95A91A702AFB}@DhcpNameServer 209.18.47.61 209.18.47.62
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{396B8BF4-85BF-4038-8351-95A91A702AFB}@DhcpDefaultGateway 192.168.0.1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 5136
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 5137
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 4942
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 4943
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 4942 4948 4960 4970 4980 5000 5044 5054 5092 5098 5114 5122
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE8 0x74 0x2B 0x7B ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedUserData\UsedDrives@MRUList a
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability@LastRestoreId {1193FA6E-F22C-4E0C-95D1-7D8642BF687E}?????????????????????????
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce@*Restore C:\Windows\system32\rstrui.exe /RUNONCE
Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@ASSignatureVersion 1.93.468.0
Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@SignatureLocation C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C79209A8-50A3-4CAB-9C18-685BAAA35159}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 5342
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 5343
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2595551434-1778567661-801308685-1000@State 0

---- EOF - GMER 1.0.15 ----

here is the dds log

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by owner at 4:02:53.04 on Wed 01/12/2011
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.399 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Users\owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.facebook.com/index.php?eu=JnnfCG-JqCdKT8klQQ0nnQ
uSearch Bar =
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 85.255.116.125 85.255.112.97
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 335872]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-22 21504]

=============== Created Last 30 ================

2011-01-12 06:29:29 155648 ----a-w- c:\windows\system32\igfxres.dll
2011-01-12 04:19:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 04:19:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-12 04:19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-12 03:19:25 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e5bf8bc6-e4cd-44e4-93c5-fd68118f26fc}\mpengine.dll
2011-01-11 23:27:36 -------- d-sh--w- C:\found.000
2011-01-11 21:18:19 -------- d---a-w- C:\.Trash-999
2011-01-11 17:05:05 54016 ----a-w- c:\windows\system32\drivers\jqlly.sys
2011-01-11 15:13:15 -------- d-sh--w- C:\found.001
2011-01-11 12:28:10 -------- d-----w- c:\progra~2\RegCure

==================== Find3M ====================

2011-01-12 00:38:01 3548216 --sha-r- c:\windows\system32\ntoskrnl.exe
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 4:03:12.47 ===============


this is the error code im getting 0x0000008E (0xc0000005,0x81c42cc7,0xa408991c,0x00000000)

3
Contributors
4
Replies
5
Views
6 Years
Discussion Span
Last Post by Rik_
0

I used to get the same with XP all the time and tracked it down to my video card drivers and mismatched RAM.

I googled a bit and found people had the same and mentioned it to be more hardware related.

Was there any new drivers installed recently? Or any upgrades?

0

I have already seen an HJT log from the original posters computer in another thread and it's badly infected!

0

ultimately i decided to wipe the hd and install windows xp. i'm tired of dealing with vista and it's sorry excuse for an operating system i thought it was supposed to be better than xp

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.