Encountered an BSOD

[noelian13]

Heres my info
OS: windows 7 ultimate Build 7600
an OEM
age of system 11 months
age of OS installation around 3 months since i reinstalled of virus problem

things doing before i encountered it
Running Band Master online(online game)
running google chrome on facebook
thats all i'm doing during that time

i was not active to see the BSOD error code but when i turned back on my pc windows 7 popped a message telling me it just recovered from a _____ state (blank because i dont know what state it recovered from sorry)

i hope all the supplied information helped to analyze whats going on

and if there are recommendations that are needed to keep me away from those BSOD's kindly tell me
thank you !

 

[yowanvista]

Seems to be Malware related
XDva377.sys may be a rogue software (TR/Crypt.XPACK.gen)

Run a scan of Malwarebytes in safe mode with networking

BugCheck 1000008E, {c0000005, 9cfc678f, 972c7a14, 0}

Probably caused by : XDva377.sys ( XDva377+678f )

 

[noelian13]

malwarebytes scam complete no malicious software detected

 

[Jonathan_King]

Try going to C:\Windows\System32, and deleting XDva377.sys. Hopefully that will do the trick for you.

When that's done, post in the Security section of this forum, and ask them to confirm your computer is clean.

System Security - Windows 7 Forums

start    end        module name
9cfc0000 9cfd1400   XDva377  T (no symbols)           
    Loaded symbol image file: XDva377.sys
    Image path: \??\C:\Windows\system32\XDva377.sys
    Image name: XDva377.sys
    Timestamp:        Thu Nov 18 21:50:35 2010 (4CE5E5FB)
    CheckSum:         00013A32
    ImageSize:        00011400
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

 

[noelian13]

Try going to C:\Windows\System32, and deleting XDva377.sys. Hopefully that will do the trick for you.

When that's done, post in the Security section of this forum, and ask them to confirm your computer is clean.

System Security - Windows 7 Forums

start    end        module name
9cfc0000 9cfd1400   XDva377  T (no symbols)           
    Loaded symbol image file: XDva377.sys
    Image path: \??\C:\Windows\system32\XDva377.sys
    Image name: XDva377.sys
    Timestamp:        Thu Nov 18 21:50:35 2010 (4CE5E5FB)
    CheckSum:         00013A32
    ImageSize:        00011400
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

okay
btw i searched the whole system32 folder the windows folder the file doesn't exist anymore

 

[Jonathan_King]

Perhaps it is hidden from Windows. Try deleting it from the command prompt. Open one (cmd in the start menu), and enter del c:\windows\system32\XDva377.sys.

 

[noelian13]

command prompt says could not find c:\windows\system32\XDva377.sys
i also tried C:\Windows\System32\XDva377.sys
does it mean its already deleted or something?

 

[Jonathan_King]

Unless Malwarebytes deleted it, it still might be there. Alternatively, it could be a temporary driver installed by another process, that deletes itself to cover its tracks.

Let me summon the malware folks...hang tight!

 

[noelian13]

there was no detected threat by MBAM
heres the log of my scan during that time you posted to scan

Malwarebytes' Anti-Malware 1.50
Malwarebytes

Database version: 5347

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/18/2010 2:58:27 PM
mbam-log-2010-12-18 (14-58-27).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 175924
Time elapsed: 1 hour(s), 16 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Jonathan_King]

I have contacted a malware removal expert; she should stop in before too long, though the time zone difference may mean there will be some delay.

Please be patient, we'll get you running ASAP.

 

[noelian13]

okay thanks

 

[noelian13]

and i just got this one from windows 7 action center
my pc was detected with possible malware
saying your computer experienced a problem caused by XDVAnnn.sys its diff from the other but same beginning XDV
and top of that it gets through malwarebytes and MSE
also in command prompt it says cant find file
i tried searching it manually nothing appears

 

[Jacee]

Hi noelian13,
I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[noelian13]

Hi noelian13,
I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

here is the scan result

 

[noelian13]

im just wondering if this were false positives detected by some programs though because i runned a new scan in malwarebytes nothing to be found i searched XDVAnnn.sys it says that its a file by X-Trap an anti cheating program bundled on lots of MMORPG games Band Master online uses this tool too also the other one with numbers it refers to the current version of your X-Trap

 

[Jonathan_King]

XDva377.sys is blamed as the cause of your BSOD, and it is exhibiting suspicious behaviors; why would a legitimate file be hiding?

Please follow Jacee's directions; she is the malware removal expert I contacted.

 

[noelian13]

i dont know but when i scanned with eset thats the only thing found it was not related to XDVannn.sys though or the other one XDva377.sys
i posted the esetscan export for her to check

 

[Jacee]

Upload E:\nero_10.Lite.rar to VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines!, have it scanned, save the report and post it back here.

 

[noelian13]

Upload E:\nero_10.Lite.rar to VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines!, have it scanned, save the report and post it back here.

im so sorry it was deleted already by eset online scanner and was also not quarantined it was deleted after scan

 

[Jacee]

Is your computer running any better, or still BSODding?