UKASH for 3rd time

[darrenj1471]

Believe same as before, is this related? Certainly never happened prior to latest UKASH but could it be related a failed repair?

 

[cottonball]

Can you get to Safe Mode and see if the Stop: 0x00000050 Blue screen happens then?

At this point, the ransomware may not be the case, there may be another cause for those BSODs.

 

[darrenj1471]

Safe mode seems ok ie does not exhibit the bsod problem. ..
Does show a message saying windows has recovered from an unexpected shutdown (thats an understatement)

 

[cottonball]

See if you can boot to Safe Mode with Networking, and try running Malwarebytes Anti-Malware as specified in Post #12.

If you can run it, please post its results.


Edit: Once done with the above, see if you can temporarily disable your Antivirus program (AVG 2013)
http://www.avg.com/ww-en/faq.num-4497

Then, boot to normal mode, and see if you get any BSODs.

 

[Arc]

Hi darrenj1471. Can you post following the Blue Screen of Death (BSOD) Posting Instructions? It will help us to know more about the BSOD.

 

[darrenj1471]

Safe Mode with Networking was working fine, and Im actually posting this message from the infected PC now, but as soon as I double clicked the downloaded MBAM program the BSOD appeared

 

[cottonball]

darrenj1471,

Please follow Arc's instructions. There is something more going on here...

 

[darrenj1471]

I dont know if Im supposed to be doing a complete memory dump or kernel? And should I be doing it from Safe Mode or safe mode with networking?

Sorry be dumb but Arc can you advise which mode I need to load the infected/problematic pc and which option Im doing ie 'no dump at bsod' or one of the plethora of others

 

[darrenj1471]

Ok I winged it, I started in safe mode and changed the dump option from Kernel to Smallfile (no idea why I chose that or what I was supposed to do). I then restarted the laptop in Safe Mode with Networking and have run the SF tool

Attached is the results and I hope you can use this to help, or advise me what I should do exactly ? Thanks

 

[Arc]

Hi darrenj1471.

Boot into Safe mode. Browse to C:\Windows\Font and delete any/all font you have installed lately just prior to the time this issue is started.

Then Browse to C:\Windows\System32\Fntcache.dat ..... delete the Fntcache.dat file.

Now restart the computer in normal mode. Observe how it is working. If it is BSODing again, post once again following the Blue Screen of Death (BSOD) Posting Instructions.
__________________________________________________________________________________

Child-SP          RetAddr           Call Site
fffff880`04b33bf8 fffff800`02301be0 nt!KeBugCheckEx
fffff880`04b33c00 fffff800`02281cae nt! ?? ::FNODOBFM::`string'+0x4518f
fffff880`04b33d60 fffff960`000c2384 nt!KiPageFault+0x16e
fffff880`04b33ef0 fffff960`000c22cb win32k!sfac_GetLongGlyphIDs+0x84
fffff880`04b33f40 fffff960`000c21fa win32k!sfac_GetWinNTGlyphIDs+0xbb
fffff880`04b33fb0 fffff960`000c20ca win32k!fs_WinNTGetGlyphIDs+0x6a
fffff880`04b34000 fffff960`000c1e28 win32k!cjComputeGLYPHSET_MSFT_UNICODE+0x252
fffff880`04b340c0 fffff960`000b917f win32k!bLoadGlyphSet+0xf8
fffff880`04b340f0 fffff960`000b931e win32k!bReloadGlyphSet+0x24b
fffff880`04b347b0 fffff960`000b9276 win32k!ttfdQueryFontTree+0x66
fffff880`04b34800 fffff960`00105fdb win32k!ttfdSemQueryFontTree+0x5a
fffff880`04b34840 fffff960`00105e87 win32k!PDEVOBJ::QueryFontTree+0x63
fffff880`04b348c0 fffff960`000c007a win32k!PFEOBJ::pfdg+0xa3
fffff880`04b34920 fffff960`0011a74c win32k!RFONTOBJ::bRealizeFont+0x46
fffff880`04b34a40 fffff960`000bc03c win32k!RFONTOBJ::bInit+0x548
fffff880`04b34b60 fffff960`000c6f2b win32k!GreGetTextMetricsW+0x4c
fffff880`04b34ba0 00000000`00000000 win32k!NtGdiGetTextMetricsW+0x1f

 

[darrenj1471]

The plot thickens. safe mode is totally fine....until I open the fonts folder in c: windows and then the pc bsods

 

[cottonball]

darrenj1471,

...safe mode is totally fine....until I open the fonts folder in c: windows and then the pc bsods

It is best for you to start a topic in the following forum, and have BSOD experts provide you some guidance:
BSOD Help and Support - Windows 7 Help Forums

 

[darrenj1471]

ok will do, although I guess I have more to do to get rid of ukash completely? ie after I hopefully sort out this bsod

 

[cottonball]

The BSOD may, or may not, be an issue of its own.

We'll see what the BSOD analysis shows.

 

[Arc]

The plot thickens. safe mode is totally fine....until I open the fonts folder in c: windows and then the pc bsods

It makes it clear that it is the font/s that is causing the BOSDs. Do you have the windows installer disc? If so, boot into it. Follow the method ... http://www.sevenforums.com/tutorials/93347-copy-paste-windows-recovery-console.html

Browse to the fonts folder, Delete the fonts. Also delete the font cache.

If you dont have the installer disc, you may use a linux live distro to do the same.

We need to know the situation after doing those.

 

[darrenj1471]

I am at work for a few more hours but when I get home I'll check, as Im fairly sure I had a disk which came with the laptop when I purchased it. Not sure where Ive put it

Whenever I see the words 'use the Windows disk you have' I panic ! Can you confirm if what we are about to do will wipe the files (ie pics/vids) on my laptop?

 

[Arc]

Certainly not. The procedure I mentioned will target only the files you are manually altering.

If its a panic, feel totally free to use a bootable live linex. Puppy Linux is small and good.

 

[cottonball]

Thanks for the help, Arc!!

 

[Arc]

Thanks for the help, Arc!!

I am extremely happy that you find me able to check a crash dump
It is an inspiration to me.

 

[darrenj1471]

despite choosing my language as english when windows Explorer opens everything is in chinese (or japanese) ...