Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo infection - among others


  • Please log in to reply
13 replies to this topic

#1 jellybean_po420

jellybean_po420

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:07:24 PM

Posted 08 December 2009 - 06:32 PM

I have tried everything I can think of, Malware bytes, Iolo Security, Advanced System Care, Fix-It Utilities Professional, Norton 2010 and Yahoo!'s free Anti-Spy in the toolbar (everything updated before each run), nothing is finding and completely removing whatever is on my computer causing ctfmon.exe to continue to open and iexplorer.exe even when nothing is open, I've also had problems with viewmgr.exe coming up while in internet explorer and freezing up my system. I can have nothing running, just in plain desktop view and before screen saver and/or power save mode come on, I hear commercial advertisements, but not visual. I've tried to go through myself and remove what I thought part of the problem was myself, and it only stopped for about 2-3 hours. It's starting to get extremely annoying and I would gladly take any advice given to help me out, thanx again, I appreciate it! :(

I've downloaded and run the tools for logs and they read as follows...



DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Owner at 17:49:25.06 on Tue 12/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.470 [GMT -5:00]

AV: Avanquest Fix-It *On-access scanning enabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner.HOME\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn23\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\17.1.0.19\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn23\YTSingleInstance.dll
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn23\yt.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [<NO NAME>]
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227127522756
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Home%20Sweet%20Home%20-%20Christmas%20Edition/Images/armhelper.ocx
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Notification Packages = scecli bihonede.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1.hom\applic~1\mozilla\firefox\profiles\8ce5jy11.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0yahoo&bm=yh_home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\verizon games on demand player\npExentCtl.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1101000.013\SymDS.sys [2009-11-18 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1101000.013\SymEFA.sys [2009-11-18 171056]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20091104.001\BHDrvx86.sys [2009-11-18 524848]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1101000.013\cchpx86.sys [2009-11-18 501888]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-11-21 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-8-5 93872]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-11-21 202928]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1101000.013\Ironx86.sys [2009-11-18 114736]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\17.1.0.19\ccSvcHst.exe [2009-11-18 126392]
R2 SBAMSvc;Fix-It;c:\program files\common files\antivirus\SBAMSvc.exe [2009-9-8 1012040]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-11-21 69936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-21 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20091111.001\IDSXpx86.sys [2009-11-18 329592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20091208.002\NAVENG.SYS [2009-12-8 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20091208.002\NAVEX15.SYS [2009-12-8 1323568]
S1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys --> c:\windows\system32\drivers\sp_rsdrv2.sys [?]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-11-30 312592]
S2 skbhhbdrekaadw;skbhhbdrekaadw;\??\c:\windows\system32\drivers\czllyemmorvjan.sys --> c:\windows\system32\drivers\czllyemmorvjan.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-19 24652]
S2 X4HSX32Ex;X4HSX32Ex;\??\c:\program files\verizon games on demand player\x4hsx32ex.sys --> c:\program files\verizon games on demand player\X4HSX32Ex.Sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-7-11 266240]
UnknownUnknown txbqpjonoogvrmu;txbqpjonoogvrmu; [x]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-12-05 19:53:30 0 d-----w- c:\program files\ESET
2009-12-02 14:23:59 0 d-----w- c:\program files\Conduit
2009-12-02 14:23:55 0 d-----w- c:\program files\IObitCom
2009-12-01 03:44:12 202072 ----a-r- c:\windows\cpnprt2.cid
2009-12-01 03:44:10 202072 ------w- c:\windows\system32\cpnprt2.cid
2009-12-01 02:21:26 0 d-----w- c:\docume~1\compaq~1.hom\applic~1\IObit
2009-11-30 22:25:22 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2009-11-30 22:25:17 0 d-----w- c:\program files\IObit
2009-11-30 22:15:08 0 d-----w- c:\program files\Trend Micro
2009-11-30 21:07:04 0 dc-h--w- c:\windows\ie8
2009-11-29 22:48:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-25 07:31:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 07:31:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 07:31:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 22:29:04 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2009-11-21 22:29:03 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2009-11-21 22:27:28 202928 ----a-w- c:\windows\system32\drivers\sbtis.sys
2009-11-21 22:24:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Avanquest
2009-11-21 22:23:02 0 d-sh--r- C:\_Backup.RC
2009-11-21 22:22:51 0 d--h--w- C:\_Backup
2009-11-21 22:14:41 0 d-----w- c:\docume~1\compaq~1.hom\applic~1\Avanquest
2009-11-21 22:13:32 0 d-----w- c:\program files\common files\AntiVirus
2009-11-21 22:12:32 0 d-----w- c:\program files\Avanquest
2009-11-18 20:51:24 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-18 20:51:24 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-18 20:51:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-18 20:51:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-18 20:51:24 0 d-----w- c:\program files\common files\Symantec Shared
2009-11-18 20:49:28 0 d-----w- c:\windows\system32\drivers\NAV
2009-11-14 20:49:36 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-14 20:49:19 0 d-----w- c:\docume~1\compaq~1.hom\applic~1\SUPERAntiSpyware.com
2009-11-14 20:47:18 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-12 21:05:48 0 d-----w- c:\docume~1\alluse~1\applic~1\SpinTop Games
2009-11-12 21:04:29 0 d-----w- c:\program files\PopCap Games
2009-11-12 20:26:23 504 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-11 19:54:26 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-11-10 04:21:03 68824 ----a-w- c:\windows\CouponPrinter.ocx

==================== Find3M ====================

2009-12-06 22:09:36 1356 ----a-w- c:\docume~1\compaq~1.hom\applic~1\wklnhst.dat
2009-11-21 01:17:12 68612 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-04 01:00:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-11-04 00:59:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-11-04 00:58:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-11-04 00:58:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-11-04 00:58:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2005-10-28 22:31:31 774144 -c--a-w- c:\program files\RngInterstitial.dll
2005-10-09 19:29:28 632570 -c--a-w- c:\program files\WCIS_PCDrv_US_1_01_02_0729.EXE
2005-02-27 03:25:42 0 -csha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 17:54:20.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 13 December 2009 - 02:41 PM

Please download Malwarebytes' Anti-Malware from here:

MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform FULL Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#3 jellybean_po420

jellybean_po420
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:07:24 PM

Posted 15 December 2009 - 01:14 AM

OK, I already had Malware Bytes but I went ahead and downloaded and installed it again anyway. I also did an update before the complete scan. This did not resolve my original issue. I also re-ran the other scans from HiJackThis to originally post topic as well and those logs are attached. The MalwareBytes results are as follows:


Malwarebytes' Anti-Malware 1.42
Database version: 3358
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/15/2009 12:24:22 AM
mbam-log-2009-12-15 (00-24-22).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 308325
Time elapsed: 11 hour(s), 53 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP377\A0174826.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

Attached Files



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 16 December 2009 - 04:11 PM

Download ComboFix from here

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

#5 jellybean_po420

jellybean_po420
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:07:24 PM

Posted 16 December 2009 - 05:33 PM

After I downloaded and saved to desktop, I double clicked it on the desktop and selected run to follow prompts and I get an alert message that says "Some Installation files are corrupt. Please download a fresh copy and retry the installation"

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 18 December 2009 - 05:05 PM

Please redownload it and try again.

#7 jellybean_po420

jellybean_po420
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:07:24 PM

Posted 19 December 2009 - 07:12 PM

I tried numerous times to re-download and I get the same alert. As of today I can't even get my computer to open to the normal start-up screen. I turn it on and get a message saying "Windows did not start successfully. A recent Hardware or software change may have caused this" then it gives me a list of options, safe mode, safe mode with networking, safe mode with comand prompts, last known good configuration or start windows normally. I have tried everyone of these commands and get the same response. Now what do I do? I have had this happen before and it went away after a few tries, I have today been at it all day. This is the reason I wanted a faster reply to what to do. I use my computer for school on a daily basis. It's always been shut down properly and nothing new has been added or removed from it, except for whatever virus got ahold of it. I SERIOUSLY NEED HELP HERE!! I have files stored on my hard drive and don't want them to be lost and/or locked from access on my computer for ever by doing a system restore like I had to do in the past. PLEASE HELP!!!


Ok, I did a little research and went to the recovery console and selected the one that said to disable system shut down on disc fail or whatever to get the "blue screen of death" and the technical reading at the bottom read out 0x0000007E (oxc0000005, 0x86F1F4c9, 0xF7905c50, 0xF790594c)

I don't know what this means and I am hoping this will help you more.

Thanx again

Edited by jellybean_po420, 19 December 2009 - 08:20 PM.


#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 21 December 2009 - 05:08 PM

I assume this blue screen started after you did the system restore?

Does it say anything else? See here:

http://support.microsoft.com/kb/330182

Does it give a filename like in the example at the Microsoft article above?

#9 jellybean_po420

jellybean_po420
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:07:24 PM

Posted 22 December 2009 - 01:12 AM

Actually it was before I did the system restore but I did get the "blue screen of Death" message and the code at the bottom read: 0x0000007E (0xc0000005, 0x86F1F4C9, 0xF7905C50, 0XF790594C)

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 22 December 2009 - 08:30 AM

You didn't tell me, is there a filename listed with the blue screen?

#11 jellybean_po420

jellybean_po420
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:07:24 PM

Posted 22 December 2009 - 02:48 PM

It didn't give me a file name, it just said windows was unable to load and a bunch of other instructions and the technical code at the bottom read out: 0x0000007E (0xc0000005, 0x86F1F4C9, 0xF7905C50, 0XF790594C)

#12 jellybean_po420

jellybean_po420
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NY
  • Local time:07:24 PM

Posted 22 December 2009 - 02:48 PM

It didn't give me a file name, it just said windows was unable to load and a bunch of other instructions and the technical code at the bottom read out: 0x0000007E (0xc0000005, 0x86F1F4C9, 0xF7905C50, 0XF790594C)

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 22 December 2009 - 04:28 PM

There is a good chance that you have a device driver that is corrupted or interfering with the proper bootup of your OS. As you cant get to a desktop in any way, there is not going to be any method for us to determine what exactly is causing that error. My advice is to boot up with the Windows XP CD and try a repair install and see if that fixes the problem. None of your data will be gone, but you may have to reinstall apps. You can also try reinstalling Windows to a different folder and access your data that way. With this method you will definitely need to reinstall your apps.

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,660 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:24 PM

Posted 22 December 2009 - 04:36 PM

As you cant get to a desktop in any way, there is not going to be any method for us to determine what exactly is causing that error.

A few things you can try. You can try and create a bootable antivirus cd and scan your computer with that. If it finds and removes an infection, it may allow you to boot up again.

http://www.askvg.com/download-free-bootabl...ure-and-others/

If that does not work, my advice is to boot up with the Windows XP CD and try a repair install and see if that fixes the problem. None of your data will be gone, but you may have to reinstall apps.

You can also try reinstalling Windows to a different folder and access your data that way. With this method you will definitely need to reinstall your apps. Once you have this setup, though, you can install any AV programs you want and see if it finds an infection on your computer. If it does, and the infection is removed, you may be able to boot up your original windows install




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users