[Rollin' Rog]

Although Internet Explorer shouldn't be involved in any way in the issue run Safe Mode, before going for the clean install you might want to try resetting it. This will remove all add-ons -- including those for Flash, I believe.

http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx

You can also try running the command:

sfc /scannow

which will run a check of system files.

Finally, with Vista, unlike previous operating systems it is possible to create a parallel installation on the same drive and not wipe all prior personal data and files clean.
http://blogs.zdnet.com/Bott/?p=193

[invain]

Yeah, I already know about the new Vista install feature. I had to do it once before when I had a corrupt update. That's why I wish I 'd already done it instead of spending so much time trying to fix this. I could have probably been back to normal by now. I'm on a lab computer right now, I'll look for the logs and stuff later today.

[invain]

I got the BSOD when trying to reset internet explorer.

It's actually a little funny, how rediculous this is.

[Rollin' Rog]

Did you ever find the chkdsk log?

How about running sfc /scannow ?

[blaaaa]

Hey invain,
I just got rid of the same problem caused by Virus Heat 4.3. Are you with XP? or Vista?
If it's XP, and have a Virus Heat (fake Anti-Spyware), you may want to tackle in the same method. (Oh... oops. I just recognized that it was posted at 'Vista' section.)
In any case, the best is to have another computer to do all the downloads & posts, while your troubled computer being run only as 'Safe Mode' (do _not_ select 'with networking'!) It'd become more dangerous to be connected online.

[invain]

I was able to run a scan.

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 2008-03-25 11:44:53 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nub-Pwnor
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
224192 file records processed.

83 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

631300 index entries processed.

5 unindexed files processed.

224192 security descriptors processed.

Cleaning up 1075 unused index entries from index $SII of file 0x9.
Cleaning up 1075 unused index entries from index $SDH of file 0x9.
Cleaning up 1075 unused security descriptors.
11050 data files processed.

CHKDSK is verifying Usn Journal...
34624808 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
224176 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
38037690 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

195358719 KB total disk space.
42838024 KB in 77467 files.
39200 KB in 11051 indexes.
0 KB in bad sectors.
330731 KB in use by the system.
65536 KB occupied by the log file.
152150764 KB available on disk.

4096 bytes in each allocation unit.
48839679 total allocation units on disk.
38037691 allocation units available on disk.

Internal Info:
c0 6b 03 00 d2 59 01 00 0c 5d 02 00 00 00 00 00 .k...Y...]......
47 03 00 00 2c 00 00 00 d4 06 00 00 00 00 00 00 G...,...........
20 bd fc 07 00 00 00 00 20 94 05 19 00 00 00 00 ....... .......
00 81 a5 15 00 00 00 00 00 70 c1 25 03 00 00 00 .........p.%....
e0 b0 f7 42 07 00 00 00 a0 3a 62 a9 0a 00 00 00 ...B.....:b.....
64 7a da 00 00 00 00 00 c0 1f 9a 00 d0 6e 27 00 dz...........n'.
38 8f 30 00 10 00 00 00 34 1d 9a 00 10 70 27 00 8.0.....4....p'.

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-03-26T03:44:53.000Z" />
<EventRecordID>2356</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Nub-Pwnor</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
224192 file records processed.

83 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

631300 index entries processed.

5 unindexed files processed.

224192 security descriptors processed.

Cleaning up 1075 unused index entries from index $SII of file 0x9.
Cleaning up 1075 unused index entries from index $SDH of file 0x9.
Cleaning up 1075 unused security descriptors.
11050 data files processed.

CHKDSK is verifying Usn Journal...
34624808 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
224176 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
38037690 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

195358719 KB total disk space.
42838024 KB in 77467 files.
39200 KB in 11051 indexes.
0 KB in bad sectors.
330731 KB in use by the system.
65536 KB occupied by the log file.
152150764 KB available on disk.

4096 bytes in each allocation unit.
48839679 total allocation units on disk.
38037691 allocation units available on disk.

Internal Info:
c0 6b 03 00 d2 59 01 00 0c 5d 02 00 00 00 00 00 .k...Y...]......
47 03 00 00 2c 00 00 00 d4 06 00 00 00 00 00 00 G...,...........
20 bd fc 07 00 00 00 00 20 94 05 19 00 00 00 00 ....... .......
00 81 a5 15 00 00 00 00 00 70 c1 25 03 00 00 00 .........p.%....
e0 b0 f7 42 07 00 00 00 a0 3a 62 a9 0a 00 00 00 ...B.....:b.....
64 7a da 00 00 00 00 00 c0 1f 9a 00 d0 6e 27 00 dz...........n'.
38 8f 30 00 10 00 00 00 34 1d 9a 00 10 70 27 00 8.0.....4....p'.

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

[invain]

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 2008-03-17 08:41:52 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Nub-Pwnor
Description:


Checking file system on \\?\Volume{05dfa4a8-efe1-11dc-86b9-0016d4e3fbc9}
The type of the file system is FAT32.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Volume Serial Number is 8C4A-2D77
Windows has checked the file system and found no problems.

524919296 bytes total disk space.
512 bytes in 1 hidden files.
524918272 bytes available on disk.

512 bytes in each allocation unit.
1025233 total allocation units on disk.
1025231 allocation units available on disk.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-03-17T12:41:52.000Z" />
<EventRecordID>944</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Nub-Pwnor</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on \\?\Volume{05dfa4a8-efe1-11dc-86b9-0016d4e3fbc9}
The type of the file system is FAT32.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Volume Serial Number is 8C4A-2D77
Windows has checked the file system and found no problems.

524919296 bytes total disk space.
512 bytes in 1 hidden files.
524918272 bytes available on disk.

512 bytes in each allocation unit.
1025233 total allocation units on disk.
1025231 allocation units available on disk.
</Data>
</EventData>
</Event>

[invain]

I checked out blaaaa's thread and decided to download the program he used, malwarebyte's anti-malware. A quick scan found a few items, some of which no other program I'd used yet had caught. It appears to have cleaned the infected stuff successfully. I'm going to try running a full scan in safe mode followed by other programs I have installed. Here's the log:

Malwarebytes' Anti-Malware 1.09
Database version: 551

Scan type: Quick Scan
Objects scanned: 33053
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{df47dd37-ac11-4a93-8e16-2b2364af0897} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdidrv32.sys (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Helper\1206393758.dll (Adware.BHO) -> Quarantined and deleted successfully.

[invain]

I can't believe it, but it seems as if malwarebyte's Anti-Malware seemed to do the trick. I rebooted into safe mode and for the first time was able to fully run combofix and smitfraudfix fully without a bsod. I ran a full scan with spybot and nothing was detected. I was finally able to successfully install AVG after rebooting back into normal mode and I'm doing a scan now. If nothing else is found and I'm able to run all programs normally I'll mark this as solved.

[invain]

Everything seems to be back to normal.

Thanks a million blaaaa.

For future reference, and incase anybody missed it, the only program that seems to have fixed the BSOD errors was Malwarebytes' Anti-Malware 1.09

[blaaaa]

invain,
Glad that it helped you as well!
Btw. I got another expert's suggestion that I should run Kaspersky online scanner (which only works on Internet Exploror.) Since I'm with XP, I could first eliminate junks (cache etc.) with AFT Cleaner to save time.... but won't work for Vista. So, Kaspersky may take a bit more time to scan for you. (Even for mine, it's been scanning almost 1.5 hrs by now for 120 gig space.)
It may be worth though... since the Kaspersky Online Scanner already found 12 viruses & 151 infected objects which were never detected by other softwares.
Kaspersky Online Scanner won't kill them, but it'd give the experts here a good idea. (and you'll have a much cleaner computer!)
Btw. do not run any other program while you're scanning. It'd significantly slow the scan.

[Cookiegal]

This is the driver I was having you remove in the other thread that was protecting it:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdidrv32.sys

[invain]

Thanks for all the help Cookiegal.

[Cookiegal]

You're welcome.

Please return to the other thread and post the ComboFix log from the scan you ran.

[Rollin' Rog]

Lol, nice to see an happy end to this one