Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bluescreen with message about physical mem dump


  • Please log in to reply
12 replies to this topic

#1 cheryl g

cheryl g

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 06 October 2009 - 10:01 PM

Hello. Thanks for being available to help.

My computer has Windows XP. I think it is SP2. Some type of virus or malware installed or tried to install recently.

I shut it down and rebooted into safe mode with networking. Malwarebytes would not run. I tried to reinstall it from another computer with no success. At one point it went to a blue screen with the following message:

STOP:c000021a(fatal system error)
The session manager system process terminated unexpectedly with a status of 0xc000005 (0x7c80fd3d 0x002ef7f4).
The system has been shut down.

I turned the computer off.

Reboot into safemode with networking 2 days later (today). It went online ok. I updated windows with something it said it needed. Then MS website said something about an err in the update...that it had not installed all the updates necessary. I don't remember the details. I ran ccleaner and ATF cleaner and was doing some reading on this website. No problems for maybe 30 minutes or so. Still unable to install malwarebytes by downloading or transferring from another computer. Then, I rebooted into SM w networking again. It went to windows but then right afterwards went back to a bluescreen with the following:

A problem has been detected and windows has been shut down to prevent damage to your computer.

DRIVER_IRQL_NOT_LESS_OR_EQUAL

If this is the first time you have seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select advanced startup options, and then select safe mode.

Technical information:
STOP: 0x000000D1 ()xE1C250000, 0x00000002, 0x00000000, 0xF828F0A5)

Beginning dump of physical memory. Physical memory dump complete. Contact your system administrator or technical support group for further assistance.

Any help would be appreciated. I have not tried to turn it on since the last err message.

THANKS, Cheryl

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:40 PM

Posted 07 October 2009 - 09:57 AM

Crashes (BSOD) when running anti-malware scanners can be symptomatic of a variety of things to include problems encountered with certain types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, etc) that are being scanned. Crashes can also be symptomatic of hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and even malware.

Are you using a Logitech mouse? STOP 0x000000D1 IRQL_NOT_LESS_OR_EQUAL
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 07 October 2009 - 06:47 PM

yes, i have a logitech mouse.


I'm sure it's dusty so I'll try cleaning and see if that helps.

#4 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 05 November 2009 - 09:54 PM

I finally cleaned the inside of my computer. It will start in safe mode or normally now without the bluescreen stuff.

However, downloading Mbam, or installing it from a thumb drive (after renaming) will install the program, but it will not

run after installation. What's my next step?


Thanks!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:40 PM

Posted 06 November 2009 - 08:37 AM

Did you get any error messages when trying to run MBAM?

Try this.

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Immediately afterwards, trying running MBAM.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 07 November 2009 - 09:41 PM

No error messages when trying to run MBAM. Just nothing happens when you click on it.

Will let you know how Rkill works. Thanks.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:40 PM

Posted 08 November 2009 - 08:48 AM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 11 November 2009 - 08:47 PM

I tried link one. It behaved as you said it would but MB will still not run after it is installed. The exe file downloads. I click on it and it installs the program seemingly successfully. When i click on the desktop icon nothing happens.

I also tried link two just in case. Same thing.

Sometimes when I restart I get the BSOD. Other times it hangs before I get to the XP individual user desktop icons.
Sometimes it restarts fine. There does not seem to be any pattern.

Somewhere in this recent "attempt" I also stopped a process I have seen before that I believe is "bad". Did not write it down (sorry). I believe it was sport.cmd

thanks, cheryl

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:40 PM

Posted 12 November 2009 - 08:45 AM

-- Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. If MBAM will not run, try renaming it first.
  • Open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on the mbam.exe file and rename it to wuauclt.exe.
  • Double-click on wuauclt.exe to launch the program.
  • If that did not work, then try changing the file extension. <- click this link if you do not see the file extension
    If using Windows Vista, refer to these instructions.
  • Right-click on the wuauclt.exe file, and change the .exe extension to .scr, .com, .pif, or .bat.
  • Double-click on wuauclt.com (or whatever extension you renamed it) to launch the program.
You may need to try this in both normal and safe mode. Also let me know if you get any error messages.

If it still will not run do this:

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you cannot boot into safe mode, then perform your scans in normal mode.

Afterwards, try running MBAM again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 12 November 2009 - 10:15 PM

I renamed Mbam with no luck. I have a drive that i downloaded the files to and put it on the infected computer. When I open that drive on it the extensions are gone...no exe, on com, no nothing. I also tried readding the extensions with no success.

I can download superantispyware from cnet or etc. It installs but will not run. It says superantispyware has encountered a problem....do you want to report it?

I have tried both safe mode and regular starts.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:40 PM

Posted 13 November 2009 - 09:10 AM

Did you ensure "Hide extensions for known file types" was unchecked in Folder options?
http://www.mediacollege.com/microsoft/wind...ion-change.html
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 cheryl g

cheryl g
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 30 November 2009 - 08:18 PM

quietman,

thanks so much for your help. I did not get a chance to try your most recent suggestion as my computer would not let me..... I decided to take it to the shop. You guys really are a great service to people...Thanks again!

Cheryl

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:40 PM

Posted 30 November 2009 - 10:46 PM

You're welcome.

Tips to protect yourself against malware and reduce the potential for re-infection:

Keep Windows and Internet Explorer current with all critical updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. If you're not sure how to do this, see Microsoft Update helps keep your computer current.

Avoid gaming sites, porn sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, uTorrent). They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Porn sites can lead to the Trojan.Mebroot MBR rootkit and other dangerous malware. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs and infections install themselves, read:Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. To learn more about this risk, please read:Many security experts recommend you disable Autorun asap as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun
How to Maximize the Malware Protection of Your Removable Drives

Other related reading sources:• Finally, if you need to replace your anti-virus, firewall or need a reliable anti-malware scanner please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users