Author Topic: [Resolved K]dds  (Read 8618 times)

0 Members and 1 Guest are viewing this topic.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #45 on: April 08, 2012, 01:26:13 am »
Hiya Gary,

Nothing obvious in that log, lets have a go at this from outside of windows. You will need a USB flash drive (memorystick) to run this tool.

Download the Windows Defender Offline Tool and save to your Desktop.
You will have to select the correct version for your system, either 32 or 64 bit



Double click to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"



In the new window accept the agreement:



In the new window select your USB Flash Drive, then select "Next"



In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"



In the new window accept the formatting alert by selecting "Next"



Files will be Downloaded:



Files will be processed and created



Flash drive will be formatted and prepared



Files will be added to the Flash Drive and the tool will be created.



The procedure is finished and the Tool created, click on "Finish" to complete.



Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required,  Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.
When complete do a full scan, deal with what it finds.
When finished remove the memory stick, press the Esc key to boot into regular windows.

Navigate to the following file:

"C:\windows\windows defender offline\support\mssWrapper.log" Open with notepad and copy and paste it into a reply.

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #46 on: April 08, 2012, 05:45:34 pm »
I wanted to send these error messages for Windows shutdown.
Thank You,
Gary



Product
Windows

Problem
Video hardware error

Date
4/5/2012 2:49 PM

Status
Not Reported

Description
A problem with your video hardware caused Windows to stop working correctly.

Problem signature
Problem Event Name:   LiveKernelEvent
OS Version:   6.0.6002.2.2.0.768.3
Locale ID:   1033

Files that help describe the problem
WD-20120405-1448.dmp
sysdata.xml
Version.txt

Extra information about the problem
BCCode:   117
BCP1:   C1118008
BCP2:   8DEF3240
BCP3:   00000000
BCP4:   00000000


OS Version:   6_0_6002
Service Pack:   2_0
Product:   768_1
Problem signature
Problem Event Name:   BlueScreen
OS Version:   6.0.6002.2.2.0.768.3
Locale ID:   1033

Files that help describe the problem (some files may no longer be available)
Mini040612-01.dmp
sysdata.xml
Version.txt

 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Extra information about the problem
BCCode:   50
BCP1:   F492F000
BCP2:   00000001
BCP3:   8830B41B
BCP4:   00000000
OS Version:   6_0_6002
Service Pack:   2_0
Product:   768_1


Problem signature
Problem Event Name:   BlueScreen
OS Version:   6.0.6002.2.2.0.768.3
Locale ID:   1033

Files that help describe the problem (some files may no longer be available)
Mini040612-01.dmp
sysdata.xml
Version.txt

 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Extra information about the problem
BCCode:   50
BCP1:   F492F000
BCP2:   00000001
BCP3:   8830B41B
BCP4:   00000000

OS Version:   6_0_6002
Service Pack:   2_0
Product:   768_1
Problem signature
Problem Event Name:   BlueScreen
OS Version:   6.0.6002.2.2.0.768.3
Locale ID:   1033

Files that help describe the problem (some files may no longer be available)
Mini040812-01.dmp
sysdata.xml
Version.txt

 View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Extra information about the problem
BCCode:   a
BCP1:   00000000
BCP2:   00000002
BCP3:   00000001
BCP4:   83AC3073
OS Version:   6_0_6002
Service Pack:   2_0
Product:   768_1
Server information:   123ea004-bf1e-487c-a067-1a65d163c277

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #47 on: April 09, 2012, 01:18:10 am »
Run the following :-

Please download this program Blue Screen Viewer  and unzip "Bluescreen View.exe" to your desktop.
Next, Select Start > Right click on "Computer" and select "Properties" select "Advanced System Settings" then "Advanced" tab. From the "Start up and Recovery" section select "settings" make sure the default folder is "%SystemRoot%\Minidump".
Go back to your desktop and double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.



Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #48 on: April 09, 2012, 11:47:38 pm »
I had to search for the memory stick and found it late tomight. It is too late tonight to do anything. Will do it in the morning.
Thank You,
Gary

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #49 on: April 09, 2012, 11:55:15 pm »
That`s fine Gary, also don`t forget to run BlueScreenViewer....

Kevin

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #50 on: April 11, 2012, 01:46:04 pm »
I ran the Windows Defender Offline but the computer can't find the file that I am supposed to paste. When I used the Sandisk on this computer, I got an error message and it wouldn't come up. On my Dell laptop, I had no problem. I was able to run and fix items from quick scan and full scan. My bluetooth keyboard works but I can't get the mouse to work so I am using a plug in mouse. I ran the Bluescreen but I see two reports and can't seem to copy the whole report.
Thank You,
Gary

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #51 on: April 11, 2012, 01:52:19 pm »
Crash List


Created by using BlueScreenView
Dump File  Crash Time  Bug Check String  Bug Check Code  Parameter 1  Parameter 2  Parameter 3  Parameter 4  Caused By Driver  Caused By Address  File Description  Product Name  Company  File Version  Processor  Crash Address  Stack Address 1  Stack Address 2  Stack Address 3  Computer Name  Full Path  Processors Count  Major Version  Minor Version  Dump File Size 
Mini010108-01.dmp 1/1/2008 1:06:51 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000046 0x824b1a47 0x9e31debc 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+b1a47 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+b1a47 ntkrnlpa.exe+c08a0 iksysflt.sys+1ca9 iksysflt.sys+394f   C:\Windows\Minidump\Mini010108-01.dmp 2 15 6000 138,640 
Mini010408-01.dmp 1/4/2008 5:06:06 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000046 0x824b1a47 0xa7157680 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+b1a47 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+b1a47 ntkrnlpa.exe+c08a0 iksysflt.sys+1d3d iksysflt.sys+1e55   C:\Windows\Minidump\Mini010408-01.dmp 2 15 6000 138,640 
Mini013108-01.dmp 1/31/2008 4:06:13 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000046 0x828b1a47 0xa20481e0 0x00000000 hal.dll hal.dll+65a4 Hardware Abstraction Layer DLL Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18005 (lh_sp2rtm.090410-1830) 32-bit ntkrnlpa.exe+b1a47 ntkrnlpa.exe+c08a0 iksysflt.sys+1ca9 iksysflt.sys+394f   C:\Windows\Minidump\Mini013108-01.dmp 2 15 6000 138,640 
Mini020108-01.dmp 2/1/2008 6:42:13 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000046 0x828b1a47 0xa15d7604 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+b1a47 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+b1a47 ntkrnlpa.exe+c08a0 iksysflt.sys+1ca9 iksysflt.sys+394f   C:\Windows\Minidump\Mini020108-01.dmp 2 15 6000 138,640 
Mini020408-01.dmp 2/4/2008 11:50:54 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000046 0x828b1a47 0x99e7eebc 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+b1a47 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+b1a47 ntkrnlpa.exe+c08a0 iksysflt.sys+1ca9 iksysflt.sys+394f   C:\Windows\Minidump\Mini020408-01.dmp 2 15 6000 138,640 
Mini021708-01.dmp 2/17/2008 3:49:31 AM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000046 0x82cb1a47 0x9a5935fc 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+b1a47 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+b1a47 ntkrnlpa.exe+c08a0 iksysflt.sys+1d3d iksysflt.sys+1e55   C:\Windows\Minidump\Mini021708-01.dmp 2 15 6000 138,640 
Mini022812-01.dmp 2/28/2012 11:48:07 AM IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x00000000 0x00000002 0x00000001 0x83af3073 ntkrnlpa.exe ntkrnlpa.exe+4dfd9 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+4dfd9 ntkrnlpa.exe+a9073       C:\Windows\Minidump\Mini022812-01.dmp 2 15 6002 154,960 
Mini030312-01.dmp 3/3/2012 3:59:18 AM IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x00000000 0x00000002 0x00000001 0x83ab9073 ntkrnlpa.exe ntkrnlpa.exe+4dfd9 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+4dfd9 ntkrnlpa.exe+a9073       C:\Windows\Minidump\Mini030312-01.dmp 2 15 6002 154,688 
Mini030412-01.dmp 3/4/2012 9:10:57 PM SYSTEM_THREAD_EXCEPTION_NOT_HANDLED 0x1000007e 0xc0000005 0x00000000 0xce649c58 0xce649954 usbccgp.sys usbccgp.sys+5792 USB Common Class Generic Parent Driver Microsoft® Windows® Operating System Microsoft Corporation 6.0.6001.18000 (longhorn_rtm.080118-1840) 32-bit   ntkrnlpa.exe+20dcb9 ntkrnlpa.exe+a5e22 ntkrnlpa.exe+1d5fe2   C:\Windows\Minidump\Mini030412-01.dmp 2 15 6002 155,024 
Mini030512-01.dmp 3/5/2012 8:36:16 PM SYSTEM_THREAD_EXCEPTION_NOT_HANDLED 0x1000007e 0xc0000005 0x00000000 0x8a553c80 0x8a55397c             32-bit   ntkrnlpa.exe+1d5fe2       C:\Windows\Minidump\Mini030512-01.dmp 2 15 6002 154,856 
Mini031712-01.dmp 3/17/2012 11:08:58 AM IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x00000000 0x00000002 0x00000001 0x83ae7073 ntoskrnl.exe ntoskrnl.exe+4dfd9 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntoskrnl.exe+4dfd9 ntoskrnl.exe+a9073       C:\Windows\Minidump\Mini031712-01.dmp 2 15 6002 154,632 
Mini032012-01.dmp 3/20/2012 12:20:41 PM PAGE_FAULT_IN_NONPAGED_AREA 0x00000050 0xc510a000 0x00000001 0x8840441b 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+98379 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+98379 ntkrnlpa.exe+4ddd4       C:\Windows\Minidump\Mini032012-01.dmp 2 15 6002 154,592 
Mini032312-01.dmp 3/23/2012 6:05:01 PM PAGE_FAULT_IN_NONPAGED_AREA 0x00000050 0xe51f2000 0x00000001 0x882ea41b 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+98379 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+98379 ntkrnlpa.exe+4ddd4       C:\Windows\Minidump\Mini032312-01.dmp 2 15 6002 154,616 
Mini033012-01.dmp 3/30/2012 7:55:17 PM PAGE_FAULT_IN_NONPAGED_AREA 0x00000050 0xe9752000 0x00000001 0x880aa41b 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+98379 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+98379 ntkrnlpa.exe+4ddd4       C:\Windows\Minidump\Mini033012-01.dmp 2 15 6002 154,960 
Mini040612-01.dmp 4/6/2012 1:20:48 AM PAGE_FAULT_IN_NONPAGED_AREA 0x00000050 0xf492f000 0x00000001 0x8830b41b 0x00000000 hal.dll hal.dll+7668 Hardware Abstraction Layer DLL Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18005 (lh_sp2rtm.090410-1830) 32-bit ntkrnlpa.exe+98379 ntkrnlpa.exe+4ddd4       C:\Windows\Minidump\Mini040612-01.dmp 2 15 6002 154,984 
Mini040712-01.dmp 4/7/2012 2:19:11 AM IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x00000000 0x00000002 0x00000001 0x83ac5073 ntkrnlpa.exe ntkrnlpa.exe+4dfd9 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+4dfd9 ntkrnlpa.exe+a9073       C:\Windows\Minidump\Mini040712-01.dmp 2 15 6002 154,696 
Mini040812-01.dmp 4/8/2012 3:02:37 AM IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x00000000 0x00000002 0x00000001 0x83ac3073 ntkrnlpa.exe ntkrnlpa.exe+4dfd9 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+4dfd9 ntkrnlpa.exe+a9073       C:\Windows\Minidump\Mini040812-01.dmp 2 15 6002 154,792 
Mini041808-01.dmp 4/18/2008 5:25:58 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0x831579cf 0xa1c0db1c 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+1579cf NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+1579cf ntkrnlpa.exe+16bd27 ntkrnlpa.exe+144040 ntkrnlpa.exe+139b3c   C:\Windows\Minidump\Mini041808-01.dmp 2 15 6000 138,640 
Mini120607-01.dmp 12/6/2007 5:08:28 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000046 0x824b1a47 0x9ece1784 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+b1a47 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.0.6002.18533 (vistasp2_gdr.111025-0338) 32-bit ntkrnlpa.exe+b1a47 ntkrnlpa.exe+c08a0 iksysflt.sys+1ca9 iksysflt.sys+1cda   C:\Windows\Minidump\Mini120607-01.dmp 2 15 6000 138,640 
Mini120711-01.dmp 12/7/2011 1:32:20 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000005 0x9a494360 0xa6c20ae0 0x00000000 win32k.sys win32k.sys+94360 Multi-User Win32 Driver Microsoft® Windows® Operating System Microsoft Corporation 6.0.6000.16386 (vista_rtm.061101-2205) 32-bit win32k.sys+94360 win32k.sys+127a92 win32k.sys+e9d67 win32k.sys+e9ee8   C:\Windows\Minidump\Mini120711-01.dmp 2 15 6002 155,048 
Mini121607-01.dmp 12/16/2007 11:32:21 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000046 0x824b1a47 0xa0f0058c 0x00000000 mfehidk.sys mfehidk.sys+1b2d8         32-bit ntkrnlpa.exe+b1a47 ntkrnlpa.exe+c08a0 iksysflt.sys+1d3d iksysflt.sys+1e55   C:\Windows\Minidump\Mini121607-01.dmp 2 15 6000 138,640 
Mini122807-01.dmp 12/28/2007 8:11:39 PM KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x1000008e 0xc0000046 0x824b1a47 0x99336784 0x00000000 Ntfs.sys Ntfs.sys+185ac NT File System Driver Microsoft® Windows® Operating System Microsoft Corporation 6.0.6000.16386 (vista_rtm.061101-2205) 32-bit ntkrnlpa.exe+b1a47 ntkrnlpa.exe+c08a0 iksysflt.sys+1ca9 iksysflt.sys+1cda   C:\Windows\Minidump\Mini122807-01.dmp 2 15 6000 138,640 


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #52 on: April 11, 2012, 03:20:19 pm »
Hiya Gary, run the following:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature  and Detect TDLFS file system, then click OK



  • Select “Scan”
  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #53 on: April 13, 2012, 12:08:51 am »
I will run scan tomorrow. It has been hectic because my Irish-Gaelic language class has been reopened after it was closed so I had to scramble at the last minute to make it The computer seems to run a little better but 
The Bluetooth  module is not working with my mouse. The keyboard is fine. I have a hardwire mouse to use.
Thank You,
Gary

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #54 on: April 13, 2012, 01:47:05 am »
That`s OK Gary, have you tried re-installing the software for the mouse to see if that makes a difference?

Kevin

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #55 on: April 13, 2012, 12:18:31 pm »
I am going to run the tdss killer now. In order to see what Bluetooth I have, I ran Belarc. I think I can get the drivers from Dell. Where would the software be? Initially, the mouse works at the sign in screen but after it boots up, only the keyboard works. Right now I'm using a mouse connected to the computer.
Thank you,
Gary

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #56 on: April 13, 2012, 12:50:01 pm »
This is the TDSSKILLER report.
Thank you,
Gary

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #57 on: April 13, 2012, 01:48:41 pm »
That file is empty Gary, no log from TDSSKILLER?

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #58 on: April 14, 2012, 11:37:35 pm »
This is one of the files. I don't know what happened it when I zipped it.
Thank you,
 Gary

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #59 on: April 15, 2012, 02:17:07 am »
Hiya Gary,

The software for your Bluetooth system appears to be named Logitech was the BT pre-installed or did you get an installation CD?

Also there would seem to be an issue with your Video card, try re-seating the card, also if possible check for updated drivers.

Are those the only two otstanding issues?

Kevin
« Last Edit: April 15, 2012, 04:27:45 pm by kevinf80 »