Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD on startup


  • Please log in to reply
12 replies to this topic

#1 elleshar

elleshar

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 February 2011 - 05:38 AM

Hi there,

I'm getting a cute blue screenie whenever I try to start up my lap-top with Vista on it. It has Vista Version 6.0 (Built 6000) Home Premium installed on it. Interestingly enough, there's more than one consistent error I get, sometime acpi.sys sometimes other stuff like wdf01000.sys etc.. I 'believe' it started doing this after ESET NOD antivirus program had been uninstalled, I cannot be 100% on that, however, since I'm not the original owner of the PC and the owner is away for now. Oh and also utorrent has recently been installed as well.

To be clear, I can start windows, but after 5 seconds of PC showing me the start bar, my desktop etc. it gives me the BSOD.

I can still run it in safe-mode, which is a good thing I suppose. Here's an example of the error I get;

.
.


.
PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, as your hardware or software manufacturer for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical information:

*** STOP: 0x00000050 (0xE5BD9882, 0x00000000, 0x804FBA84, 0x00000002)

*** wdf01000.sys - Address 804FBA84 base at 804A4000, DateStamp 47575ca8

Collecting data for crash dump ...
Initializing disk for crash dump ...
Beginning dump of physical memory.
Dumping physical memory to disk: 1000
Physical memory dump complete.
Contact your system admin or technical support group for further assistance.

Thank you for your help in advance.

Edited by hamluis, 02 February 2011 - 09:41 AM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Allan

Allan

  • BC Advisor
  • 8,552 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:11:27 AM

Posted 02 February 2011 - 07:59 AM

You say the referenced file is not consistent? Please do the following:


Download BlueScreenView:
http://www.nirsoft.net/utils/blue_screen_view.html
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

#3 elleshar

elleshar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 February 2011 - 08:18 AM

Well that one only shows 1 crash despite the fact that the laptop in question crashed at least 15 times but here's the log anyway:

Oh before that, just another update: The laptop just magically started up fine in normal mode but with blank white screen, no start bar no desktop background, and I was only able to fix that by shutting explorer.exe from task manager and re-running it. Then I restarted the lap-top and I had yet another BSOD..

==================================================
Dump File         : Mini020211-01.dmp
Crash Time        : 02.02.2011 12:57:59
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : 0xe52a5ff8
Parameter 2       : 0x00000000
Parameter 3       : 0x8045535c
Parameter 4       : 0x00000002
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+a9ff2
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6000.17021 (vista_gdr.100218-0019)
Processor         : 32-bit
Computer Name     : 
Full Path         : C:\Windows\Minidump\Mini020211-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6000
Dump File Size    : 133.928
==================================================


#4 Allan

Allan

  • BC Advisor
  • 8,552 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:11:27 AM

Posted 02 February 2011 - 08:43 AM

Before we go any further, you said this started after NOD was uninstalled. Do you currently have an anti virus utility installed and active?

#5 elleshar

elleshar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 February 2011 - 08:50 AM

Nope, I was going to install Avira as it's free and all. Never had the chance though.

#6 Allan

Allan

  • BC Advisor
  • 8,552 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:11:27 AM

Posted 02 February 2011 - 08:59 AM

Well, then before we go any further I urge you to go to the malware forum on this site and have them check out your system. When you go there, reference this thread.

#7 elleshar

elleshar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 February 2011 - 09:11 AM

Thank you for your replies. Just to be 100% clear, though, I'll be posting on 'Am I infected' forum, correct? And not 'Virus, Trojan, Spyware, and Malware Removal Logs'.

After I'm done there I'll be sure to leave a reply to this thread to let you know the status of the issue.

#8 Allan

Allan

  • BC Advisor
  • 8,552 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:11:27 AM

Posted 02 February 2011 - 09:12 AM

Yes.

#9 elleshar

elleshar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 February 2011 - 10:20 AM

Well, I was just about to make a new topic, saw the move just in-time, however.

Well my problem is stated above and it was suggested I post over here to get some more advice on the issue.

Thanks in advance.

#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:27 AM

Posted 02 February 2011 - 11:15 AM

Hello and :welcome: to BleepingComputer.

Let's see what we're dealing with here.

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
***************************************************

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

~Blade


In your next reply, please include the following:
Malwarebytes Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 elleshar

elleshar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 February 2011 - 03:59 PM

Hi there,

You seem to mention that MBAM needs to run in non-safe mode (hard to remove malware etc.), and no mention of being in safe-mode for RKill and such to run, either. As I mentioned before, I can't run the laptop in regular mode as it keeps BSOD'ing me. I can only run it via safe mode. Would it be okay to run the programs in safe mode instead?

P.S: Your manual update link (mbam-rules.exe) points to an invalid adress, seems to be removed. Found THIS link here on the forums which explains the situation. Seems I'll have to manually update it from a working PC. Will send the logs when done.

P.P.S: Right, so it seems that even in Safe mode I get the BSOD after a little while, so really not sure what to do. Any advice?

Thanks

Edited by elleshar, 02 February 2011 - 04:16 PM.


#12 elleshar

elleshar
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 February 2011 - 10:10 PM

Well I decided to re-install the OS wholly, and done so, which solved the problem obviously.

Thanks for all your help folks, please feel free to close or do whatever with the topic.

Regards,

#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:27 AM

Posted 02 February 2011 - 11:37 PM

Alright. Thanks for letting us know. :)

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users