Infected IRP Hook ->HIDCLASS.SYS +0x2710

irishluck

irishluck

Member
johnb35 said:
I would say wipe it and reinstall, without knowing whats going on with it. I mean if you can get into windows and run a program we can see what the new bluescreen is by doing the following.

Download BlueScreenView
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
Click to expand...

Oh I can get you that not a problem. Ive been using that this whole time to view the errors.

Here you go!

==================================================
Dump File : 101413-35256-01.dmp
Crash Time : 10/14/2013 12:45:04 PM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`059ea8f8
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4ade7c
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+4ade7c
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101413-35256-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
Dump File Time : 10/14/2013 12:45:21 PM
==================================================

==================================================
Dump File : 101013-33992-01.dmp
Crash Time : 10/10/2013 4:43:49 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x1000009f
Parameter 1 : 00000000`00000004
Parameter 2 : 00000000`00000258
Parameter 3 : fffffa80`03b7f660
Parameter 4 : fffff800`00b9c510
Caused By Driver : WudfPf.sys
Caused By Address : WudfPf.sys+6500
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+78a8a
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101013-33992-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 458,992
Dump File Time : 10/10/2013 4:45:37 PM
==================================================

==================================================
Dump File : 100313-96533-01.dmp
Crash Time : 10/3/2013 12:43:07 PM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`059ae038
Parameter 3 : 00000000`fe000000
Parameter 4 : 00000000`00800400
Caused By Driver : hal.dll
Caused By Address : hal.dll+12a3b
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\100313-96533-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 278,512
Dump File Time : 10/3/2013 12:50:12 PM
==================================================

==================================================
Dump File : 100213-47970-01.dmp
Crash Time : 10/2/2013 1:51:34 PM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`059dc038
Parameter 3 : 00000000`fe000000
Parameter 4 : 00000000`00800400
Caused By Driver : hal.dll
Caused By Address : hal.dll+12a3b
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\100213-47970-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 278,512
Dump File Time : 10/2/2013 2:00:21 PM
==================================================

==================================================
Dump File : 091013-93912-01.dmp
Crash Time : 9/10/2013 10:39:47 AM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`059da038
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4ade7c
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+4ade7c
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091013-93912-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
Dump File Time : 9/10/2013 10:40:10 AM
==================================================

==================================================
Dump File : 032113-35880-01.dmp
Crash Time : 3/21/2013 9:11:01 AM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0000109b
Parameter 3 : 00000000`04040007
Parameter 4 : fffffa80`0658d080
Caused By Driver : ndis.sys
Caused By Address : ndis.sys+8323
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\032113-35880-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 278,512
Dump File Time : 3/21/2013 9:12:25 AM
==================================================

==================================================
Dump File : 091212-67751-01.dmp
Crash Time : 9/12/2012 10:20:54 AM
Bug Check String :
Bug Check Code : 0x00000124
Parameter 1 : 00000000`00000000
Parameter 2 : fffffa80`059af038
Parameter 3 : 00000000`be000000
Parameter 4 : 00000000`00800400
Caused By Driver : hal.dll
Caused By Address : hal.dll+12a3b
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091212-67751-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 278,512
Dump File Time : 9/12/2012 10:23:34 AM
==================================================
 
johnb35

johnb35

Administrator
Staff member
Stop code 124 is a general hardware error. Please zip up the following files and attach them to your next post.

C:\Windows\Minidump\101413-35256-01.dmp
C:\Windows\Minidump\101013-33992-01.dmp
 
irishluck

irishluck

Member
johnb35 said:
Stop code 124 is a general hardware error. Please zip up the following files and attach them to your next post.

C:\Windows\Minidump\101413-35256-01.dmp
C:\Windows\Minidump\101013-33992-01.dmp
Click to expand...

the 33992 say the file cant be found for some reason but I have the 35256 zip
 

Attachments

  • 101413-35256-01.zip
    11.6 KB · Views: 5
johnb35

johnb35

Administrator
Staff member
Says intel hardware. But its a general error. Usually I would say this is due to overclocking but since this is a laptop, its ruled out.

May just be time for a wipe and reinstall.
 
irishluck

irishluck

Member
johnb35 said:
Says intel hardware. But its a general error. Usually I would say this is due to overclocking but since this is a laptop, its ruled out.

May just be time for a wipe and reinstall.
Click to expand...

Yea that's what I'm going to go ahead and do because Ive already replaced the hard drive and it has tested good. I did a couple of mem test and all pass.

We'll just wipe and see what happens and Ill report back with any issues.
 
irishluck

irishluck

Member
just finished the windows install.

Is there really a way to test the computer to see if it fixed the issue? Or is it basically just running those scans again to see if anything comes up.

Edit: Im adding a log file from aswMBR. I ran it just in case. so here it is, does everything look good?
 

Attachments

  • aswMBR1.txt
    2.3 KB · Views: 15
Last edited:
johnb35

johnb35

Administrator
Staff member
It says unknown mbr code but that could the be recovery partition. As long as virus scan and malware scans come up clean, you should be good. Once you perform a reinstall, it wipes everything.
 
irishluck

irishluck

Member
Well maybe I should of done a complete reinstall then?
I just used the recovery media for the computer. It said it formatted the whole driver partion and then reinstalled windows.
Usually I don't use recovery software. I usually just boot windows up with the boot cd, format it all and reinstall windows from there.
Is there a difference?
 
Last edited:
johnb35

johnb35

Administrator
Staff member
Yeah, the recovery media would have reformatted the drive and made sure the recovery partition was back in order. Either way, everything gets wiped and you start over.
 
irishluck

irishluck

Member
Well good.

So far so good.


I ran AVG, Malwarebytes and Kaspersky TDSSKiller and they all popped back with no threats.

Im wondering, when I first tested the original harddrive it tested with bad sectors. Maybe those sectors is what has caused all this, maybe those were some missing registry files and that's why I haven't been able to get this fully fixed. (Until now when I did the full wipe)
 
johnb35

johnb35

Administrator
Staff member
I'm not sure if the recovery cd would actually detect bad sectors and mark them unuseable like a regular formatting utility would.
 
irishluck

irishluck

Member
Well I meant when the original harddrive was in there, I did a memtest and harddrive test. And so I used western digital software to test it which detected the bad sectors. Im just wondering if there were some type of registry file on that part of the hard drive that got wiped out which has cause all of this



I do wanna thank you for the help on this and also providing all those scans. Those will be helpful tools in the future!
 
Last edited:
You must log in or register to reply here.
Top