Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have gotten two Blue screens now


  • Please log in to reply
7 replies to this topic

#1 GKing

GKing

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:02:19 AM

Posted 09 June 2011 - 12:39 PM

I have gotten two BSofD which I have not recieved for a couple of years. This happens when I have two or more windows open. I have XP SP3. Frist BSoD info was nv4_disp.dll also keyboard error was in BIOs-POST. Ran Combofix right after first erro-1 hidden file. Second erro-I inadvertenly shut down the computer before writing down the info for that- but it seemed like the error specifics were different. I also have some exclaimation marks when viewing device hardware in hidden mode-non plug & Play drop down. Thanks for any help for this. B)

Edited by hamluis, 11 June 2011 - 10:35 AM.
Moved from Internal Hardware to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Allan

Allan

  • BC Advisor
  • 8,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:19 AM

Posted 09 June 2011 - 02:33 PM

Download BlueScreenView:
http://www.nirsoft.net/utils/blue_screen_view.html
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

#3 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:02:19 AM

Posted 10 June 2011 - 02:16 PM

This is second attemp at a reply to your request, hmmm.
Anyway, here's what you asked for & thanks again. B)

Attached Files



#4 Allan

Allan

  • BC Advisor
  • 8,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:19 AM

Posted 10 June 2011 - 04:42 PM

Please cut and paste the contents of that text file into your next post. Thanks.

#5 caperjac

caperjac

  • Members
  • 1,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NS. CAN
  • Local time:06:19 AM

Posted 10 June 2011 - 06:46 PM

allow me ,just to save you all some time!
attachment results
==================================================
Dump File : Mini060911-01.dmp
Crash Time : 6/9/2011 9:43:00 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xf74891c3
Parameter 3 : 0xb4b60950
Parameter 4 : 0x00000000
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+37c7
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : fltmgr.sys+11c3
Stack Address 1 : fltmgr.sys+37c7
Stack Address 2 : fltmgr.sys+3f2f
Stack Address 3 : fltmgr.sys+10754
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini060911-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 65,536
==================================================

Edited by caperjac, 10 June 2011 - 06:48 PM.

My answers are my opinion only,usually


#6 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:02:19 AM

Posted 10 June 2011 - 09:41 PM

:thumbup2: Looks like the one Caperjac...

#7 Allan

Allan

  • BC Advisor
  • 8,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:05:19 AM

Posted 11 June 2011 - 08:56 AM

Okay, here's the thing. You said you'd seen a bsod relating to your nvidia driver - I don't see that report. The one listed could be anything from a bad driver to bad ram to malware. The fact that you said you ran combofix (sorry, I just noticed that in your first post) is worrisome. You might indeed be infected. If I were you I'd post in the Am I Infected forum and let them take a look. We can troubleshoot further after that. I'm going to ask a mod to move this for you.

#8 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:02:19 AM

Posted 11 June 2011 - 11:26 AM

Ok Allan-but I know that the first BCOD was involving nv4_disp.dll issue-why the event was not logged-i don't know(adress:BD05921...& base @ BD012000-date stamp 4b4c08c5) I cleaned-up the inside of the tower removed dust ect., not as much as I thought comparing to a couple of other times- fan was never allowed to be choked-off & this cpu is a 2004, but I turn it off when not using it-don't run it every day.
I run combofix exactly per instruction-never had a issue before.
One bc advisor/tech helping me found a bad driver last year and had me dl OTL and input to paste-in to fix it.
That said, I did happen upon a site (blogg) that informs of problem similar to mine...like you said Allan it's possible I do have a new extremely stealh rootkit.
This one the blogg is indicating is called Rustock rootkit v1.2 and loads with kernal/driver data...food for thought, but you all may be on top of this when you give me instructions. Thanks for your help on this.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users