Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't access my PC...total blue screen!


  • This topic is locked This topic is locked
14 replies to this topic

#1 Kauaiguy58

Kauaiguy58

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kauai, Hawaii
  • Local time:10:11 AM

Posted 12 July 2010 - 07:15 PM

I am on a networked PC right now, because every time I try to startup my other PC all I get is a blue screen with the following message: STOP: 0x0000007B (0xF79AE528, 0xC0000034, 0x00000000, 0x00000000)
That's it...it tells me to restart and run CHKDSK, but I can't get past this screen; when I restart using F8 key and try to get into safe mode or any other mode, it just sends me back to this blue screen.

Would appreciate some help figuring this one out please...

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 12 July 2010 - 09:44 PM

Hi, Kauaiguy58 smile.gif

welcome.gif

Lets give this a try throughout an External Environment, which simply means you will need to burn a boot CD with especial tools. You will also need a flash drive to move information from the troubled computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.
  • Download OTLPEStd.exe to your desktop. NOTE: This file is 93.1MB in size so it may take some time to download.
  • Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe.The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
  • Once the CD is burned, boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      UXTHEME.DLL
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:11 PM

Posted 12 July 2010 - 09:54 PM

I'm moving this topic to the log forum for you. The topic link will remain the same. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 Kauaiguy58

Kauaiguy58
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kauai, Hawaii
  • Local time:10:11 AM

Posted 12 July 2010 - 11:15 PM

Thanks guys, I have burned the CD and am now going to insert it into the bad PC once I set it to boot from disc...I will let you know how it goes...

#5 Kauaiguy58

Kauaiguy58
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kauai, Hawaii
  • Local time:10:11 AM

Posted 13 July 2010 - 12:13 AM

Well, that didn't get me anywhere...no matter how many ways I set the PC to boot from IDE CD drive, when I reboot it always takes me to the advanced options menu again...it still is stuck on that same message...What now???

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 13 July 2010 - 01:51 AM

In most occasions is due to a bad download or burn. It must at least boot to the CD, unless the CD_ROM is malfunctioning.

Run the following application in the computer where the OTLPEStd.exe was dowloaded. It can help us determine if it is due to a bad download.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    QUOTE
    :filefind
    OTLPEStd.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Kauaiguy58

Kauaiguy58
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kauai, Hawaii
  • Local time:10:11 AM

Posted 13 July 2010 - 02:33 AM

this is all that I got out ofSystemLook...? v1.0 by jpshortstuff (11.01.10)
Log created at 21:26 on 12/07/2010 by Grampa (Administrator - Elevation successful)

========== filefind ==========

Searching for "OTLPEStd.exe"
C:\Users\Grampa\Desktop\OTLPEStd.exe --a--- 97708316 bytes [03:11 13/07/2010] [03:11 13/07/2010] F4ACAB8DE63303135A74B407EB302396

-=End Of File=-

#8 Kauaiguy58

Kauaiguy58
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kauai, Hawaii
  • Local time:10:11 AM

Posted 13 July 2010 - 03:02 AM

here's the ImgBurn log if that helps W 17:18:30 Operating System has been changed!
I 17:18:31 ImgBurn Version 2.5.1.0 started!
I 17:18:31 Microsoft Windows Vista Home Premium Edition (6.0, Build 6002 : Service Pack 2)
I 17:18:31 Total Physical Memory: 1,046,280 KB - Available: 309,284 KB
I 17:18:31 Initialising SPTI...
I 17:18:31 Searching for SCSI / ATAPI devices...
I 17:18:31 -> Drive 1 - Info: TSSTcorp DVD+-RW TS-H653B D300 (E:) (Fibre)
I 17:18:31 Found 1 DVD±RW!
I 17:18:32 Operation Started!
I 17:18:32 Source File: C:\Users\Grampa\AppData\Local\Temp\7zS6C7F.tmp\OTLPE_New_Std.iso
I 17:18:32 Source File Sectors: 143,754 (MODE1/2048)
I 17:18:32 Source File Size: 294,408,192 bytes
I 17:18:32 Source File Volume Identifier: ReatogoPE
I 17:18:32 Source File Application Identifier: PEBUILDER/MKISOFS
I 17:18:32 Source File File System(s): ISO9660 (Bootable)
I 17:18:32 Destination Device: [2:1:0] TSSTcorp DVD+-RW TS-H653B D300 (E:) (Fibre)
I 17:18:32 Destination Media Type: CD-RW (Disc ID: 97m25s30f, Infodisc Technology Co.) (Speeds: 4x)
I 17:18:32 Destination Media Sectors: 359,847
I 17:18:32 Write Mode: CD
I 17:18:32 Write Type: SAO
I 17:18:32 Write Speed: MAX
I 17:18:32 Lock Volume: Yes
I 17:18:32 Test Mode: No
I 17:18:32 OPC: No
I 17:18:32 BURN-Proof: Enabled
I 17:18:32 Write Speed Successfully Set! - Effective: 706 KB/s (4x)
I 17:18:34 Filling Buffer... (20 MB)
I 17:18:34 Writing LeadIn...
I 17:19:26 Writing Session 1 of 1... (1 Track, LBA: 0 - 143753)
I 17:19:26 Writing Track 1 of 1... (MODE1/2048, LBA: 0 - 143753)
I 17:27:20 Synchronising Cache...
I 17:28:09 Exporting Graph Data...
I 17:28:09 Graph Data File: C:\Users\Grampa\AppData\Local\Temp\7zS6C7F.tmp\Graph Data Files\TSSTcorp_DVD+-RW_TS-H653B_D300_MONDAY-JULY-12-2010_5-18_PM_97m25s30f_MAX.ibg
I 17:28:09 Export Successfully Completed!
I 17:28:09 Operation Successfully Completed! - Duration: 00:09:36
I 17:28:09 Average Write Rate: 607 KB/s (4.0x) - Maximum Write Rate: 634 KB/s (4.2x)
...

#9 Kauaiguy58

Kauaiguy58
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kauai, Hawaii
  • Local time:10:11 AM

Posted 13 July 2010 - 03:03 AM

I don't know if it makes a difference, but the OS on the bad PC is Windows XP Home...

#10 Kauaiguy58

Kauaiguy58
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kauai, Hawaii
  • Local time:10:11 AM

Posted 13 July 2010 - 11:52 AM

UH OH...the PC I am using has a DVD/RW, but the infected PC has only a CD ROM...that's probably why it can't read it...

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 13 July 2010 - 12:41 PM

The download is good, and imgburn is recognizing the burn device as CD-RW (Disc ID: 97m25s30f, Infodisc Technology Co.) (Speeds: 4x). Can the good computer boot to the CD? No need to run OTLPE in that computer. Just need to know if it boots to it.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Kauaiguy58

Kauaiguy58
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kauai, Hawaii
  • Local time:10:11 AM

Posted 13 July 2010 - 02:34 PM

no luck with that...I tried to get it to boot in another networked PC with the same OS as this one after changing the settings, but it just started up in normal windows mode...tried several times and all I got was a black screen with a flashing cursor in the corner...

#13 Kauaiguy58

Kauaiguy58
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kauai, Hawaii
  • Local time:10:11 AM

Posted 13 July 2010 - 09:14 PM

Thanks, but I gave up and just had it sent to the shop....

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 13 July 2010 - 09:54 PM

That was definitely a bad burn.

Thanks for the feedback.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,165 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:11 PM

Posted 25 July 2010 - 11:51 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users