Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD after using SuperAntispyware and then rebooting


  • This topic is locked This topic is locked
61 replies to this topic

#1 orapaho

orapaho

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 23 March 2012 - 02:28 AM

I was just running SASW after MBAM on an old laptop. MBAM found nothing, I disabled the AVG shield and ran SASW, it found 22 critical threats. after removing them, it suggested I reboot and it did so and then I got the BSOD- STOP screen. I tried F8 numerous times and moved up to Last known good configuration to no avail, always leads to BSOD. It has windows XP and I am using another laptop to access internet and this site. I cannot find a boot disk. I have a Windows 2000 professional CD and mainboard utility cd.
- Is my laptop a goner?
Thank you in Advance


The BSOD says:

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check for ciruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical information:

***STOP: 0x0000007B (0xF8959528, 0xC0000034, 0x00000000, 0x00000000)

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:32 AM

Posted 23 March 2012 - 04:33 AM

Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 AM

Posted 26 March 2012 - 02:24 AM

Hello and sorry for the delay!

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 08 April 2012 - 09:03 PM

Ok here it is.
Took me a little while. Was not sure about the compression. I right clicked and selected compress to folder. BTW the xpud program, when I go to tool/ Open terminal, It will give me a black dialog box where I type in something that looks like blocks and not actual letters. Nevertheless, I do have a mbr.bin file.
Bad news. I have another laptop that was acting slow and I ran SAS on it too, and it to gave me a BSOD- kernel error. Is SAS causing problems?

Attached Files



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 AM

Posted 09 April 2012 - 04:04 PM

Please download ARCDC from Artellos.com.
  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.

Please boot your computer using this CD. Once Setup is loaded press R to access recovery console. You'll be prompted to choose a Windows installation, typically listed as 1. Windows. Type 1 and press enter.
Provide your windows password and press enter if prompted. If you have no password set, leave it blank and press enter.

You'll now see a c:\windows prompt. Type chkdsk /r and press enter.
Let the disk check run unhindered. When done please type exit and press enter to restart and let me know if you can boot normally now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 09 April 2012 - 05:01 PM

OK. I made the boot CD from my other laptop. put it into my "bad" laptop and it booted up to the Recovery console, I entered nothing at the password, and then 1. for windows. at the windows prompt I typed chkdsk /r and it gave me a blue screen with the following message:

Stop: C0000139 {entry point not found} the procedure entry point NtserializeBoot could not be located in the dynamic link library ntdll.dll

I will try it again

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 AM

Posted 10 April 2012 - 04:48 AM

What do you see once the recovery console is loaded: c:\ or c:\windows?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 10 April 2012 - 12:07 PM

c:\windows

the laptop i used to make the cd, is having a hard drive issue. Perhaps I will try making cd from my desktop

#9 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 10 April 2012 - 01:48 PM

I made a cd using cdcc from my desktop computer, thinking it would give me a better result. Gave me same stop screen, but pointing to a different file "LdrSetMUICacheType could not be located...."

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 AM

Posted 11 April 2012 - 01:29 PM

In the mean time I got back from vacation and had the occasion to get a closer look at the MBR, lets first see if fixing that improves things. :)

Right click the following download link and select "save link/target as": xPUD_MBRfix
Save the file to your USB drive.
  • Boot the ailing computer to xPUD
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Double click on xPUD_MBRfix to execute the script
  • When asked "what boot code do you want to write?" type m for XP boot code and press enter.
  • When asked "to which one do you want to write a new mbr?" type sda and press enter.
  • Type y and press enter to confirm your choices.
  • Press enter to close the window.
  • Upon finishing, its actions will produce a report (mlog.txt)
  • Post that report in your next reply

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 11 April 2012 - 02:06 PM

Wed Apr 11 11:56:54 UTC 2012

User has chosen Windows XP boot code
User has chosen drive sda
Backing up mbr to backup_sda.bin

Boot code structure before fix
/dev/sda has an x86 boot sector,
it is an unknown boot record

Boot code structure after repairing
/dev/sda has an x86 boot sector,
it is a Microsoft 2000/XP/2003 master boot record, like the one this
program creates with the switch -m on a hard disk device.

#12 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 11 April 2012 - 02:11 PM

Just to let you know, when I boot off the xPUD cd and I click on the xpud mbrfix icon, It goes to a black screen with blocks-in place of letters. without really seeing what the question is, I type in "M", then "sda", and finally "y". It worked, I think. But obviously, the screen is not supposed to appear this way. Just thought you would like to know.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 AM

Posted 12 April 2012 - 01:39 AM

This may be due to language settings. Does the computer boot normally now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 12 April 2012 - 10:37 AM

No, I am still getting the same BSOD.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:32 AM

Posted 12 April 2012 - 11:26 AM

When you open the terminal on xPUD, what do you see in the black text window that opens (what is shown at the prompt?)

Please type fdisk -ul > fdisk.txt and press enter. Does this create a file named fdisk.txt on your usb drive? If so, please post it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users