Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dreaded Blue Screen


  • Please log in to reply
10 replies to this topic

#1 prsings

prsings

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Colorado Springs
  • Local time:08:46 PM

Posted 28 February 2006 - 04:52 PM

Yesterday I was working on music in XP and my security (Freedom by Zero Knowledge supplied by Adelphia cable ) popped up with "virus report... I forgot to write down which one..it was a file in Google... could not be cleaned --Deleted.
I immediatly shut everything down and scanned with Freedom, both antivirus and spyware. No virus found, deleted some cookies that were data miners.

I then went to the "FIVE STEP" method outlined in Tech Support Forum's Hijack This section (see below). It contains a series of programs to run to prepare for the Hijack This log to be sent to them.

Before I downloaded , I ran & saved a Hijack log, and now have before & after reports if you need them.

I then went to safe mode as instructed and ran them, as directed, but Panda won't run in safe mode, and when I rebooted I got the 1st BLUE SCREEN I have the actual error codes if needed, 6 in all. I can start in safe mode, and have attempted to run system restore for three seperate dates... upon each restart I got another Blue screen. I have tried to run PC Inspector File recovery, it crashes. I think the problem began after I ran CWShredder.

If you need more info please e-mail me at xxxxxxxxxxxxxxxx

here is my system:


[ EVEREST Home Edition © 2003-2005 Lavalys, Inc. ]

Version EVEREST v2.20.405
Homepage http://www.lavalys.com/
Report Type Quick Report
Computer PRSINGS (Music Box)
Generator PR Merrill
Operating System Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail)
Date 2006-02-28
Time 13:50


--------[ Summary ]-----------------------------------------------------------------------------------------------------

Computer:
Operating System Microsoft Windows XP Home Edition
OS Service Pack Service Pack 2
DirectX 4.09.00.0904 (DirectX 9.0c)
Computer Name PRSINGS (Music Box)
User Name PR Merrill

Motherboard:
CPU Type Intel Pentium 4, 2400 MHz
Motherboard Name Dell Dimension 4600
Motherboard Chipset Intel Springdale i848P/i865
System Memory 1024 MB
BIOS Type Phoenix (10/08/03)
Communication Port Communications Port (COM1)
Communication Port ECP Printer Port (LPT1)

Display:
Video Adapter nVIDIA GeForce4 MX 440 with AGP8X
3D Accelerator nVIDIA GeForce4 MX 440 with AGP8X

Multimedia:
Audio Adapter Creative SB0350 Audigy 2 ZS Sound Card

Storage:
IDE Controller Intel® 82801EB Ultra ATA Storage Controllers
IDE Controller Intel® 82801EB Ultra ATA Storage Controllers
Floppy Drive Floppy disk drive
Disk Drive Maxtor 6E040L0 (40 GB, 7200 RPM, Ultra-ATA/133)
Disk Drive WDC WD1200SB-01KBA0 (111 GB, IDE)
Optical Drive _NEC DVD_RW ND-3540A (DVD+R9:8x, DVD-R9:4x, DVD+RW:16x/8x, DVD-RW:16x/6x, DVD-ROM:16x, CD:48x/32x/48x DVD+RW/DVD-RW)
Optical Drive SAMSUNG CD-R/RW SW-248F (48x/24x/48x CD-RW)
SMART Hard Disks Status OK

Partitions:
C: (NTFS) 39158 MB (12356 MB free)
D: (NTFS) 57506 MB (54381 MB free)
E: (NTFS) 56964 MB (48360 MB free)
Total Size 150.0 GB (112.4 GB free)

Input:
Keyboard Logitech PS/2 Keyboard
Mouse Logitech-compatible Mouse PS/2

Network:
Modem BCM V.92 56K Modem

Peripherals:
USB1 Controller Intel 82801EB ICH5 - USB Controller [A-2/A-3]
USB1 Controller Intel 82801EB ICH5 - USB Controller [A-2/A-3]
USB1 Controller Intel 82801EB ICH5 - USB Controller [A-2/A-3]
USB1 Controller Intel 82801EB ICH5 - USB Controller [A-2/A-3]
USB2 Controller Intel 82801EB ICH5 - Enhanced USB2 Controller [A-2/A-3]
USB Device Labtec Mic (WebCam Pro)
USB Device Labtec WebCam Pro #4
USB Device Labtec WebCam Pro


_________________________________________________________________________________________________________________________
------------------------------------------------------------------------------------------------------------------------




========================================
Tech Support Forum's Hijack This section:
----------------------------------------------------------------------------------------------------------------------------
Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running and run them in SAFE MODE if you can and if you can't then run them in normal mode.
*Note*
How to Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

* Ad-Aware® SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Add-on Cleaner To run this tool once Adaware is updated click on Add-ons in the left-hand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

* Spybot Search & Destroy
* CWShredder
Also make sure you are using the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

STEP 2
========================================
Run an Antivirus/Spyware scan

If you have a high speed connection Please go to at least two of these sites and run an online Virus Scan. This will help clear out a lot of the malware first so the Analyst's can then attack the main infections.
If you already have an Antivirus program make sure you have an updated database for it and run it as well. You need to do both as one scanner may pick up what the other missed.
Be sure to have the AutoFix box(es) checked if they are required.

**http://housecall.trendmicro.com/ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<This wouldn't run after Panda
http://www3.ca.com/virusinfo/virusscan.aspx
*http://www.pandasoftware.com/actives..._principal.htm <<<<<<<<<<<<Ran this, seemed OK but BluScrn on restart
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspxIt


Mod Edit: E-mail address was removed for your safety. Please, do not post your E-mail address in an open forum. This could lead to a lot more SPAM in your inbox, than you might want.

Edited by tg1911, 01 March 2006 - 01:32 AM.


BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:46 PM

Posted 28 February 2006 - 06:30 PM

I rebooted I got the 1st BLUE SCREEN I have the actual error codes if needed, 6 in all.

Blue screens are called "Stop Messages". To help you in diagnosing the cause(s) we need the error messages you had with the stop messages.

Edited by Albert Frankenstein, 28 February 2006 - 06:31 PM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 prsings

prsings
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Colorado Springs
  • Local time:08:46 PM

Posted 01 March 2006 - 12:03 AM

Thanks Albert. The first one was Stop:0x00000044 (0x87021298, 0x00000D62, 0x00000000, 0x00000000)
After installing Panda I got error message: in?????(<Can't read my own scribble) resident proxy needs to cmmunicate with the internet. I tried to say "allow" & then "block" but it was frozen.
I turned it off with the switch and upon reboot I got another Stop:0x00000044(0x85994BE0, 0x00000D6,0x00000000, 0x00000000)
Restart: Stop:0x00000044(0x85A8B8B0, 0x00000D62.0x00000000, 0x00000000)
Froze in Safe Mode after restart: Stop:0x00000044(0x85A7CBE0, 0x00000D62.0x00000000, 0x00000000)
I tried system restore and got: Stop:0x00000044(0x8598FIF8,0x00000D62,0x00000000, 0x00000000)
Tried system restore, from antother point and got: Stop:0x00000044(0x85A87A50, 0x00000D62.0x00000000, 0x00000000)
I then tried "PC Inspector" File recover and got "Acess Violation at address 000F430.
I have both Before and After reports from "Hijack This" if they will help. Thanks again.

#4 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:46 PM

Posted 01 March 2006 - 06:41 AM

Does this computer have Hyper Threading? (or sometimes called HT, or HT technology)?
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#5 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:46 PM

Posted 01 March 2006 - 09:24 AM

A couple of other ideas: Have you added any new hardware lately?

Try to boot to "last known good configuration" by hitting F8 upon bootup, and making the appropriate choice when prompted.

Let us know the results.

Do any of THESE links make sense to you?

FYI, I have also sent you a private message.

Edited by Albert Frankenstein, 01 March 2006 - 09:36 AM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#6 prsings

prsings
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Colorado Springs
  • Local time:08:46 PM

Posted 01 March 2006 - 02:38 PM

No, no new hardware. I had just downloaded a new guitar program, it is from a reputable company, and it is sitting there in a zip file. I don't know if I have HT, how can I tell? (I miss the DOS Days when I could access and change everything if I knew the proper syntex.)
I really think it was something "CWShredder" did, It happened really fast but I saw a couple of files it shredded that were in Windows\system.
What would I hurt if I ran the WindowsXP install disk? How do I proceed, put it in CD tray and then boot or go to safe mode, administrator and run from there?

#7 prsings

prsings
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Colorado Springs
  • Local time:08:46 PM

Posted 01 March 2006 - 02:50 PM

:thumbsup: I was searching MS Knowledge base and found this: "STOP 0x1E in Usbhub.sys with Surprise Removal of Plug and Play USB Hub" Although these numbers aren't the same, it occurred to me that my two front USB plugs stopped working a few days ago, The Thumb drive I am using to transfer info from my PC to my Girlfriend's (the one I am on now) is irritating because I have to pull it out and plug into the back. But the Stop error came several days, if not a week, after they stopped working

Edited by prsings, 01 March 2006 - 02:51 PM.


#8 prsings

prsings
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Colorado Springs
  • Local time:08:46 PM

Posted 01 March 2006 - 02:55 PM

:thumbsup: I tried to become a paying member, but the "radio buttons" are no where in site so I made a donation. Maybe this problem would be a good thing to fix I don't know where to post it, can someone send it on?

#9 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:46 PM

Posted 01 March 2006 - 04:26 PM

Hi prsings,

The HT Albert was speaking of is usually advertised on the Intel Inside sticker found on the front of most systems. It will have HT on that sticker. You can also press and hold the Windows key (found on the lower left side of the keyboard - between the cntr and alt keys) and press the Pause / Break key (found upper right). That will open a system properties window and should show your processor.


Question for you... Why did you run CWShredder?


It is possible malware, or an attemot to remove malware may have corrupted something.

good luck

rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#10 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:46 PM

Posted 01 March 2006 - 04:33 PM

I have recieved your HJT logs, examined them, and now I am going to recommend you have the experts in Bleeping Computer's HJT forum take a look. I see a couple of questionable entries.

It is possible that a reinstall of windows will be needed, but let's try to clean the computer first. I would stop trying to clean it on your own. BUT FIRST: you must install the HJT program differently than you already have. It should not be run from a temp location. You must create a folder, move the program to the folder, unzip it, run it from there. Preferably NOT on your desktop.

Here is more info:

First: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait for a response. It can sometimes take a few days.

Second: If, after finishing your work with the folks at the HJT forum you have issues with XP related to the removal of the infection, then come back in here and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#11 prsings

prsings
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Colorado Springs
  • Local time:08:46 PM

Posted 01 March 2006 - 10:11 PM

Rigel: No, I don't have HT, I ran CWShredder because Tech Support Forum's "5 step method" said to....
Albert: I don't know why HJT says it is in a temp folder, I made a new folder for it on my C: drive named Hijack, and downloaded and installed it there. I am in the process of taking the steps in the preperation guide, my computer is now letting me get online in safe mode :thumbsup: I will be posting as you suggested, Thanks again to all for the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users