Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen with Codes Help Please


  • Please log in to reply
12 replies to this topic

#1 Jakeman02

Jakeman02

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 12 November 2009 - 10:10 PM

Hello

This is my first post here and I would appreciate any help or advice very much. A friend brought his laptop to me today which seems to be infected with a virus. I upgraded memory in it from 512mb to 2gb about 3 weeks ago but I don't think this is the issue as I've since tried the previous memory as well and both have the same results.

It's a Gateway MX-6958 laptop with Windows XP Media Center Edition with SP3, Intel T2300 1.66ghz Pricessor and a 60g hard drive.

First notice he had of any issues was when running a complete AVG scan the system hung and went to blue screen about 3 minutes into the scan. The error on the blue screen is:
PAGE_FAULT_IN_NONPAGED_AREA STOP 0x00000050 (0x01FC0000, 0x00000000, 0x863FFC0, 0x00000000).
AVG seems to be the only program that causes the blue screen as I've ran Adaware and Superantispyware and both completed but didn't find anything. I have noticed that when going to certain sites such as superantispyware.com I get re-directed to other sites which give me the infamous pop-up saying my computer is infected and click OK to fix the issue. Of course I didn't click this and got out as soon as I could.

I did some research before I noticed the redirected website issue on the stop code above and some possibilities were a corrupted video driver or memory. Since I already excluded the memory I deleted the video driver and it still does it.

Then I tried to boot into Safe Mode to try and run a full AVG scan and the system will not even boot into safe mode at all. I get the blue screen every time I try with a different error message stating:
STOP 0x0000007E (0xC0000005), 0x80537009, 0xF7A39E0, 0xF7A390DC.

I've also tried going to Houscalls online virus scan but I keep getting re-directed to other sites.

I'm usually pretty good at this sort of thing but this one has me stumped and I really want to avoid a reformat and install at all cost so any help would be GREATLY appreciated.

Thanks, James

PS: I forgot to mention I've also tried Last Known good configuration and System Restore. The most distant restore point was only 10 days ago, neither helped.

Edited by Jakeman02, 12 November 2009 - 10:27 PM.


BC AdBot (Login to Remove)

 


#2 D_N_M

D_N_M

  • Members
  • 200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 13 November 2009 - 01:40 AM

Hello Jakeman02
Lets try and run a scan with Malwarebytes http://www.malwarebytes.org/mbam.php
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.

* Make sure you are connected to the Internet.
* Double-click on mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

* If an update is found, the program will automatically update itself.
* Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

* Make sure the "Perform Quick Scan" option is selected.
* Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Regards

D_N_M

Edited by D_N_M, 13 November 2009 - 01:49 AM.


#3 Jakeman02

Jakeman02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 13 November 2009 - 06:18 AM

Thank you. I've downloaded updated and currently have Milwarebytes scanning. Will post the results below when done. I have made some headway I THINK. When AVG wouldn't complete a scan I tried to uninstall and reinstall it. Upon reinstall I was given a message stating that an older version of Roxio was on the machine and needed to be updated for compatibility. I searched and nothing related to a complete install of Roxio is on the computer but it has been in the past because of several related files being left behind that I found.
 
I went ahead with the AVG install and tried another scan and got the same blue screen. So I uninstalled it and tried the trial version of Kapersky. Kapersky worked great, complete scan and found several files and seems to have solved the web page re-direction issue but I still have the blue screen issue when trying to go in safe mode.
 
I then researched how to completely uninstall Roxio and found that Perfect Uninstaller might work. Perfect Uninstaller did find several Roxio files and deleted them but still blue screen when trying to access safe mode. It also shows a registry entry for Sonic Encoders which isn't loaded on the computer and had some related information when I was researching Roxio. When trying to delete the entry Sonic Encoders every time it goes to blue screen crash and have to reboot and the file is still there. So I'm thinking this is a major portion of my remaining issue, it must be corrupt or something but I can't delete it. Every time an attempt is made to delete it I get instant blue screen and have to restart, I've even tried manually deleting it.

This is weird it's just 1 file that is doing this and I can't seem to get rid of it. Otherwise my re-directed web pages were corrected by the Kapersky scan, everything runs normally until I try to delete that entry or go into safe mode, both bring the blue screen which confuses me as I've never been able to access windows before and not safe mode, usually it's the other way around. Ok I'll stop rambling and will post MBAM results when done.
 
Thanks.

Here are my Milwarebytes results

Malwarebytes' Anti-Malware 1.41
Database version: 3159
Windows 5.1.2600 Service Pack 3

11/13/2009 5:16:57 AM
mbam-log-2009-11-13 (05-16-57).txt

Scan type: Quick Scan
Objects scanned: 120553
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 petewills

petewills

  • Members
  • 1,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:05:55 PM

Posted 13 November 2009 - 06:39 AM

Don't wish to interfere with the help being given,
but I've had problems with Roxio in the past and the following MAY be helpful:

Search the registry for Roxio.
(It also installed Sonic as part of the program).

Read the post in the following link:

http://forums.support.roxio.com/index.php?showtopic=37322

I've used this tool in the past to cleanup Roxio 7.5 and Roxio 9
without problems.

You still have to delete Roxio entries from the registry, if
you're comfortable with that.

Should be something like

MyComputer\HKEY_CURRENT_USER\Software\Roxio

I also had to remove Sonic in the same list, but I don't know if
Sonic is used for something else.

Remove any Folders for Roxio (and Sonic) in Program Files, (unless Sonic is being
used for any other programs).

There may be Roxio and Sonic shared folders under Program Files / Common files,
but by their very nature, it may NOT be advisable to remove them.

I do know that Roxio can conflict with other burners (e.g. Nero).

#5 Jakeman02

Jakeman02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 13 November 2009 - 07:27 AM

Thanks Pete, I tried the Roxizap program from the link although I think I pretty much had it clean from all Roxio entries and files. The system is running fine now except for not being able to access safe mode and although I haven't tried to re-install AVG and scan with it yet which was giving me a blue screen earlier.

I'm thinking my issue has to do with that sonicencoder registry entry as when I try to delete it I get the same results and I'm at a loss as to how to get rid of it. Any more help would be very welcomed.

#6 petewills

petewills

  • Members
  • 1,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:05:55 PM

Posted 13 November 2009 - 07:54 AM

Just checked my Registry, because I am running Roxio 7.5 and there is no reference
whatsoever to 'sonic encoder', nor in Add /Remove, for that matter.

Is there something in Add /Remove, or is it just the Registry.

As I said, I'm reluctant to get involved where someone is already helping, but
I think eventually it would be suggested that you try uninstalling leftovers with the
REVO freeware uninstall program

http://www.revouninstaller.com/

Good luck.

#7 Jakeman02

Jakeman02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 13 November 2009 - 10:48 AM

No, there is nothing in Add/Remove, I'll try Revo and see if that will get rid of it without going to the dreaded blue screen, I'll update in a few, Thanks.

-------------------------------------------------

Ok that registry reference seems to be gone now but I'm not sure how. I'm still getting the BSOD when trying to get in safe mode and about 3 minutes after starting an AFG scan. I did access even viewer per doing some reading and it's showing many errors although I don't know what they mean. Perhaps that will help someone point me in the right direction as I'm at a loss.

Thanks

Edited by Jakeman02, 13 November 2009 - 12:22 PM.


#8 petewills

petewills

  • Members
  • 1,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:05:55 PM

Posted 14 November 2009 - 01:27 PM

Bump.

You've slipped down the list. (due to edit, not post).

When you are prevented from installing / uninstalling anything,
or having the problems you mention, one suspicion must be that you are (still) infected.

[You hate this idea, but sometimes it is easier to do a complete reinstall,
rather than spending days / weeks, attempting to resolve issues.

Obviously, copy any required files off, first!

I have used Linux Live CDs, (Ubuntu 9.04 and Linux Mint 7 distributions),
to boot up, where there may be problems with the Windows file system].

Otherwise, I believe you will have to go through the process again,
by posting in the 'Security - Am I infected? What do I do?' forum,
unless a moderator will move it.

Pete.

#9 Jakeman02

Jakeman02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 15 November 2009 - 01:05 AM

I came to the same conclusion, it wasn't worth it. So I used Knoppix to get the personal files off and did a clean install with the Gateway Reinstall disc.

As I was building the system back up I installed AVG and guess what? Back where we started. When installing it I got a message saying that an older version of Roxio was on the drive and needed to be updated. I checked everything and the Gateway disc didn't install Roxio as a program but the bundled software on the gateway disc did install Napster which I deleted, seems as napster and roxio are/or were back then packaged together.

In the Program Files/Common Files folder there is a folder called Roxio Shared with various Roxio and Napster files inside. Roxio is not on the drive as a programs and I and sick of trying to delete all traces of Roxio just to get AVG to work.

Unless anyone has any suggestions on how to do that I'm just going to try another Anti Virus Program and be done with it. He would love to keep using AVG as he's use to it but it's just not worth it unless someone has any ideas. Otherwise, anyone have any suggestions for a good freeware besides AVG?

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 55,730 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:55 AM

Posted 15 November 2009 - 09:27 AM

There's no reason for anyone to fall in love with AVG AV, there are replacements that are at least as equally effective and which are free.

Gizmo's - Best Free Antivirus Software Gizmo's Tech Support Alert - http://www.techsupportalert.com/best-free-...us-software.htm

Antivirus, Antimalware, And Antispyware Resources - http://www.bleepingcomputer.com/forums/t/405/antivirus-antimalware-and-antispyware-resources/

Louis

#11 petewills

petewills

  • Members
  • 1,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:05:55 PM

Posted 15 November 2009 - 11:53 AM

That darn Roxio!

I have the full Roxio 7.5 Suite and can confirm that my Anti-virus
program, Avast Home Edition, has never given me any trouble, with
Roxio installed. It also has a rootkit program; not sure how efffective
it is, but so far, so good.

Interesting reading, Louis. (Perhaps you should publish your folder
of 1000 links!).

#12 hamluis

hamluis

    Moderator


  • Moderator
  • 55,730 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:55 AM

Posted 15 November 2009 - 12:14 PM

LOL...I suspect it's going to get larger, once I start routinely visiting my Win 7 install :thumbsup:.

As for publishing...there are tons of those websites which better serve the public.

Louis

#13 Jakeman02

Jakeman02
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 16 November 2009 - 07:22 PM

Thanks guys, I went with Avast and everything runs fine. Apprciate the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users