[Rollin' Rog]

Chkdsk would normally run on reboot after generating that message.

I need to let Cookiegal do her best for you at this point without getting in the way.


The minidump is no more illuminating than the previous ones.

One question though: was or is SuperAntiSpyware installed just prior to this problem?

Did you uninstall it?

I see a loaded module for it, possibly in an address range that is near the problem.

[invain]

Yes I tried it when I was having problems with the actual virus/whetever it was. Now that you mention it I don't really remmeber the BSOD's before using SuperAntiSpyware.

[Rollin' Rog]

Hmmm, well it's not uncommon for uninstalled programs to leave system drivers loading -- although they really shouldn't.

This is what is showing up in the loaded module list:

8b574000 8b57b000 SASDIFSV SASDIFSV.SYS Tue Oct 03 16:02:46 2006 (4522EC16)

906e6000 90706000 SASKUTIL SASKUTIL.sys Thu Nov 29 14:05:31 2007 (474F37AB)

Both belong to SAS obviously.

I just don't know whether they are causing some problem. We would have to do some registry diving to find and remove them.


Run regedit and search the following key for those two drivers and let me know what you find:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

[invain]

Actually I hadn't uninstalled it, something was wrong and it wouldn't show up in the uninstall programs list. I installed it again, and was unabled to finally uninstall. It hasn't seemed to fix anything, however, there is a SUSKUTIL folder in the registry.

[Rollin' Rog]

If you have gotten another BSOD upload the minidump and let me see if the modules are still loading.

You can delete the SASKUTIL folder in the registry if the program has been "successfully" uninstalled.

By the way, is Internet Explorer always open when you get these BSODs ?

And has chkdsk /r been run successfully on the drive? Try doing it after a fresh boot and before you do anything else. Even so a reboot may be necessary.

[invain]

I've had many BSOD's since. It seems like half of everything I try to do causes one.

[mmichaels1970]

I've had a very similar problem that started up yesterday. I believe it's new malware "run wild". I think I fixed it though. My OS is Vista Business. Here were the problems:

1. Daughter visited some stupid website that she was directed to by a message board (she's grounded from the computer now).
2. Website downloaded malware to the computer.
3. Every time IE or Firefox is accessed, security alerts start popping up asking me to download and install malware removal software. They say that my computer can be remotely accessed. They even provide an IP address.
4. A little flashinig security "!" is displayed on my task bar.
5. I tried using other reliable anti-malware software. But every time a scan was initiated, I'd get the BSOD "A driver overrun a stack based buffer". I tried scanning using Kaspersky, Trend Micro Housecall, Panda, and others. Always resulting in the BSOD when the scan began. This occurs in Safe Mode as well. System Restore is ineffective.
6. I noticed two little processes I couldn't kill....scit.exe, and scm.exe. SmitFraud Fix said access was denied when it tried to clean them. They were in a folder called c:\PF\NetProject. Naturally, I couldn't delete them.
7. I ran through my registry (regedit) searching for "NetProject" and carefully deleted all keys referencing it.
8. I rebooted my computer to "Safe Mode Command Prompt".
9. I navigated to the NetProject folder and renamed the scit.exe and scm.exe to scit.bak and scm.bak.
10. Since a lot of malware can tell when its files are missing, I copied Notepad.exe from c:\windows twice into the netproject folder and called it "scit.exe" and "scm.exe". I was hoping to trick the malware (if it still existed) into thinking its programs were still there.
11. I rebooted into normal mode. All seems well. Browsing the internet seems normal. No fake security warnings, no BSOD, etc.
12. I deleted the two BAK files from the NetProject folder.
13. I'm now in the middle of running a Kaspersky scan on my hard drive. It DID NOT BSOD like it had in all past attempts. I'm awaiting results of the scan. But at least I, in fact, can scan now.

Can you dig it?

[mmichaels1970]

Quote:

Originally Posted by jonburmingham

hiya i am having the same trouble as invain. i have tried to find the %systemroot% file u mention but am not able to locate it. I am running vista, could u hlep please??

thanks

c:\windows\system32 is normally your systemroot

[Rollin' Rog]

They are mostly the same.

Has chkdsk /r been run on the drive yet? Has the ram been tested? run mdsched.exe

What USB devices are currently connected?

---------------------------------------------------------

BugCheck 1000007E, {c0000005, 8ecdba1d, 8fdb5bc0, 8fdb58bc}

Probably caused by : usbhub.sys ( usbhub!UsbhIdleIrp_ReleaseIrp+6d )

http://support.microsoft.com/?kbid=327863&sd=RMVP >> may not apply to Vista

http://support.microsoft.com/?kbid=930311&sd=RMVP >> only applies to laptops
-----------------------------------------------------------------------------

BugCheck F7, {200020, 5bbd, ffffa442, 0}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

OVERLAPPED_MODULE: Address regions for 'WUDFRd' and 'parport.sys' overlap

-----------------------------------------------------------------------------------------

mmichaels, was your BSOD an F7 error?

Let's try to keep this thread on target.

[invain]

Hey. I was finally able to run chkdsk, had it go on bootup before Vista loaded. I also did a memory test, everything was fine.

No USB devices are currently being used.

[mmichaels1970]

By BSOD was "A driver has overrun a stack-based buffer" which is the exact title of this thread. My BSOD occurred when anti-spyware software like "Adaware" were run, which was also mentioned in this thread. I've recently had trouble with viruses, which was also mentioned in the first post of this thread. Is it a stretch to think that the viruses aren't actually gone and they are still causing the BSOD?

[invain]

Thank you for the information mmichaels. I just did a quick registry search and found netproject/scit.exe. I'll try out the steps you did.

[mmichaels1970]

I noticed that your crashdump Mini032408-10 has these lines:

O4 - HKLM\..\RunOnce: [SpybotDeletingA9172] command /c del "C:\Program Files\NetProject\scit.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1323] cmd /c del "C:\Program Files\NetProject\scit.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4437] command /c del "C:\Program Files\NetProject\scm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9283] cmd /c del "C:\Program Files\NetProject\scm.exe"

It is precisely like mine. These are the buggers that got me as well.

[invain]

Yeah.

Strangly, I can't seem to find the folder "netproject" now.

[mmichaels1970]

Your antispy maybe successfully deleted the folder. Do the process scm.exe and/or scit.exe exist in your task manager?