BSODs

[niemiro]

Hello!

Excellent work!

Sizes in megabytes:

0.00488 << Corrupt file
0.04492 < Good file

Big difference. Monumentally corrupt. I shall perform the fix.

Next, we shall deal with the malware problem. MBAM is a really, really excellent free tool for cleaning a computer of malware.

Malwarebytes' Anti-Malware a.k.a. MBAM - Download Free Version (freeware) - Homepage
Why? Malwarebytes' Anti-Malware is very good at removing the zlob trojan, virtumonde, and most other current infections. This single tool has replaced multiple tools that have been required in the past.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, confirm a check mark is placed next to the following:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform FULL scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. The rogue application should now be gone.

When completed, a log will open in Notepad. Please upload that log.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.

We can then assess your malware situation, and call in an expert as required.

I believe this to be the only good copy on your system:

[2011/02/18 01:43:17 | 000,047,104 | ---- | M] (Microsoft Corporation) MD5=3688F5BF18C25B0207AF3C259E29D75B -- C:\Users\Urosh\Desktop\iassdo.dll.mui

This is your friend's one. Where did your friend source it from on his/her computer?

I shall upload a good copy tomorrow, as my MD5 database currently doesn't feature that file.

I therefore need an extra night to source the file, to generate all of the tables and MD5s. I shall provide one tomorrow morning.

In the mean time, can you please run MBAM?

Thanks!

Richard

 

[Urosh92]

Actually I ran scan with MBAM to remove drop.trojan.2(or something like that:D)that was found again and again with my anti-vir(found 11 or 16 malewares don't remember),then I found that I have this BSODs problems so I came on this forum to find some help
Deleted MBAM today because I though maybe my system got some problem with MBAM so I get BSODs:D



He probably found it in same folder in what was my corrupted because I gave him folder location and asked him for his iassdo.dll.mui by the way I can't replace my corrupted one,says "You need permission to perform this action".

While I was scanning with MBAM my anti-virus found 1 trojan again
Here's new log from MBAM as well as the new founded trojan.


P.S. How to run .iso files without Daemon tools,alcohol 101% etc.?

P.S.2 sorry for bad english

 

[ilikefree]

Mplayer for windows will play .ISO files with just a double click.I think there is a lite version and full version. Lite is all you need

MPlayer - The Movie Player

 

[niemiro]

Hello!

Sorry about the wait. I am actually quite glad though. Your friend's one doesn't look quite right. File sizes (bytes) and MD5s:

You currently have: 000,005,115; MD5=2C8E4B5C21697CC270C2024064C4EB93
You need to have: 000,053,248; MD5=27A67CF537D11210B66ED8C379D773DD
Your friend has: 000,047,104; MD5=3688F5BF18C25B0207AF3C259E29D75B

This is not really a problem for your friend. It looks like he may have provided you with a wrong bit version file as well as one from a different locale, version, or update.

First, please copy C:\Windows\SysWOW64\en-US\iassdo.dll to a safe location as a backup.

NOTE: This fix was created specifically for this user. If you are not this user, DO NOT follow these instructions, but instead create a new thread and have one made specifically for you.

I have attached a zip file called Packs. Inside it contains a folder called Packs. Extract Packs directly onto your C:\ drive, so that you have an extracted structure of C:\Packs\Windows...

Right, this repair cannot easily be done from inside Windows. Please get your Windows Vista disk to hand, or make one as shown in OPTION ONE here: http://www.vistax64.com/tutorials/14...very-disc.html

When you are ready, boot into the CD > Repair your Computer > Command Prompt, and type: robocopy C:\Packs C:\ /E /IS

Boot back into Windows, and re-run SFC, and then re-upload your CBS.log, just as you did last time, if SFC still finds a corruption.

Thanks, and good luck!

Richard

P.S. There is a way we possibly can do it from within Windows, but this way is safer and easier. Do you have a blank CD or original DVD to hand? If you don't, I shall do it through Windows.

Ah. Only just realised that you were using Windows 7! I should have picked up that version number earlier. Let me get back to you in a few minutes.

 

[Urosh92]

Don't have windows 7 disc and at the moment don't even have blank cd I could use for burn but I can get any of those if really necessary

Write that way to do it within windows(Don't have to hurry I will come back in about 6-10h probably )

 

[Urosh92]

Waiting for instructions

 

[niemiro]

Hello!

Sorry for the delay. It takes me longer to source a Windows 7 file, as I am used to dealing with Windows Vista, and am really only set up for Vista. However, I have built my Windows 7 MD5s for this file now, and actually your friend's is compatible. We still needed to check though.

STEP ONE:
​

Please create a System Restore point, and any backups that you normally would. I don't think it will go wrong, but fingers crossed, this is a very complex and slightly dodgy process.

Please close all open programs. These will be force closed automatically, but BY FORCE! Word will not prompt you to save this time! It will just close! Please close everything except for this internet browser window now.

Please create a System Restore point now: System Restore Point - create

STEP TWO:

Right, onto the fixing!

Run OTL again

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  mkdir C:\BackedupFiles\ /c
  xcopy C:\Windows\SysWOW64\en-US\iassdo.dll.mui C:\BackedupFiles\ /v /i /h /k /x /y /c
  C:\Windows\WinSxS\x86_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e86c80b89a3f77b7\iassdo.dll.mui|C:\Users\Urosh\Desktop\iassdo.dll.mui /replace
  C:\Windows\SysWOW64\en-US\iassdo.dll.mui|C:\Users\Urosh\Desktop\iassdo.dll.mui  
  
  :Commands
  [CREATERESTOREPOINT]
  [EMPTYTEMP]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

STEP THREE:

• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

/md5start
iassdo.dll.mui
/md5stop

• Click the None button, followed by the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post them here.

STEP FOUR:

Right, please run steps 1, 2A, 3 (about 15 minutes), 4, 5, and then Step 1 from the top yellow box, but only follow this last one if Integrity Violations were found. Please upload the new sfcdetails.txt from your Desktop. System Files - SFC Command


Good luck!

Richard

 

[Urosh92]

OTL logfile created on: 2/20/2011 9:13:23 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Urosh\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 35.61 Gb Free Space | 7.65% Space Free | Partition Type: NTFS

Computer Name: UROSH-PC | User Name: Urosh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: IASSDO.DLL.MUI >
[2009/06/10 21:44:37 | 000,005,115 | ---- | M] () MD5=2C8E4B5C21697CC270C2024064C4EB93 -- C:\BackedupFiles\iassdo.dll.mui
[2009/06/10 21:44:37 | 000,005,115 | ---- | M] () MD5=2C8E4B5C21697CC270C2024064C4EB93 -- C:\Windows\SysWOW64\en-US\iassdo.dll.mui
[2009/06/10 21:44:37 | 000,005,115 | ---- | M] () MD5=2C8E4B5C21697CC270C2024064C4EB93 -- C:\Windows\winsxs\x86_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e86c80b89a3f77b7\iassdo.dll.mui
[2011/02/20 21:02:14 | 000,047,104 | ---- | M] (Microsoft Corporation) MD5=3688F5BF18C25B0207AF3C259E29D75B -- C:\Users\Urosh\Desktop\iassdo.dll.mui
[2009/07/14 03:30:24 | 000,047,104 | ---- | M] (Microsoft Corporation) MD5=67EB435469C55E82551257C4AAF38AB0 -- C:\Windows\SysNative\en-US\iassdo.dll.mui
[2009/07/14 03:30:24 | 000,047,104 | ---- | M] (Microsoft Corporation) MD5=67EB435469C55E82551257C4AAF38AB0 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7600.16385_en-us_448b1c3c529ce8ed\iassdo.dll.mui

< End of report >

 

[Urosh92]

No good?



BSODs still coming out,will run ram test tonight just to make sure it isn't because of ram

 

[niemiro]

Hello!

No good. These Windows Methods have a lower success rate than external methods. One last try, before I get you to use a memory stick.

http://www.vistax64.com/tutorials/67717-take-ownership-file.html

Use the above tutorial on C:\Windows\SysNative\en-US\iassdo.dll.mui and the folder C:\Windows\SysNative\en-US\

Use it to add your own User Name. We can revert this all later.

Then try to copy the good copy from your Desktop and overwrite the version in your SysNative folder.

Tell me if the size of the file changes.

Good luck!

Richard

 

[Urosh92]

You mean on C:\Windows\SysWOW64\en-US\iassdo.dll.mui
Don't have that "SysNative" folder

 

[niemiro]

You mean on C:\Windows\SysWOW64\en-US\iassdo.dll.mui
Don't have that "SysNative" folder

Sorry! My mistake! Yes, C:\Windows\SysWOW64\en-US\ and C:\Windows\SysWOW64\en-US\iassdo.dll.mui

 

[Urosh92]

Fixed it but there is new corrupted file:O Here is new sfcdetails


P.S. Will post again if I get any BSOD,didn't get now after restart,it's unusual

 

[niemiro]

Hello!

I am a bit suspicious. Can you please download Sea Tools for Windows from here: | Seagate

and run a SMART test if you can, and a short and long Self Test (DST) The long one will take a couple of hours.

Thanks!

Richard

 

[Urosh92]

Did smart and long,passed all.



EDIT:irql less or equal again..:/

 

[niemiro]

Hello!

Sorry for the delay. Another corruption? It could be the result of all of these incorrect shutdowns. Can you please run this again: http://www.vistax64.com/crashes-debugging/282419-blue-screen-death-bsod-posting-instructions.html

and we will analyse your new minidump, and also the rest of your report.

Thanks!

Richard