Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot To Blue Screen


  • Please log in to reply
8 replies to this topic

#1 mikelivia

mikelivia

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 08 June 2006 - 04:48 PM

Previous Post-http://www.bleepingcomputer.com/forums/t/54890/booting-to-blue-screen/

Hi, While I play a Game called Guild Wars I will be playing it for about an hour maybe a little longer. Than during Loading screens the screen starts to flash just go all black but only for a second then it comes back. It will be fine for about 5 to 10 mins. Then it just boots to a blue Screen sometimes all blank and sometimes with an error Ati3duag.dll and says Dumping Physical Memory. It just sits at the blue screen i have to manually turn off the power and restart. After that it seems fine for about another hour or so. I have a brand new video card and reinstalled all the drivers. Followed the guide at the top of the page did everything it said.ALso about every 5 mins i get a pop up for microsoft saying The system has recovered from a serious error. Please tell microsoft about this problem send error report dont send. Im sure we all have seen it. THis is the error report

C:\DOCUME~1\Owner\LOCALS~1\Temp\WER824b.dir00\Mini060206-02.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER824b.dir00\sysdata.xml

Computer symptoms : A message appears on a blue screen with error code information (for example: e.g. 0x0000001E, KMODE_EXCEPTION_NOT_HANDLED)

Here is the Log
Logfile of HijackThis v1.99.1
Scan saved at 2:40:03 PM, on 6/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146011736921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146012304406
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BAA3B01-EE5F-45BA-A6FC-234CCE886213}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thanks for the help

BC AdBot (Login to Remove)

 


#2 mikelivia

mikelivia
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 10 June 2006 - 03:07 AM

sorry all to post again. Trying to be patient but i play competive in this game so the sooner the better. Also new prob sometime the game even becomes blurry and fuzzy like. Thanks for the help

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 13 June 2006 - 04:39 PM

To use RootKit Revealer please make sure you are logged in as an Administrator to the computer.
  • Please download and unzip Rootkit Revealer to your desktop.
  • Please leave the defaults set as they are to:
    • Hide NTFS Metadata Files: this option is on by default
    • Scan Registry: this option is on by default.
  • Launch rootkit revealer on the system and press the Scan button.
    RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
  • The log can be very large please edit out the items in the following folders in the log : C:\RECYCLER\NPROTECT and C:\System Volume Information, if in the log, before posting it.
  • Please post the balance of the log here in this thread using Add Reply (please double check that it has all been posted as it may be too long for one post)]
Then Download and Save blacklite to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
leave [X]scan through windows explorer checked,
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there... like "wbemtest.exe"
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste this log along with the rootkit revealer log.

#4 mikelivia

mikelivia
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 13 June 2006 - 08:13 PM

um Im not sure if i did someting wrong but using rootkit i couldent really find the log. Unless it just appears in the box and if so only one thing is showing but ill put it down anyways. C:\Windowssoftwaredistribution\logs\tmp\edb visble in windows API but not in MFt or Directory Index

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 14 June 2006 - 01:43 PM

NOthing bad here...you have an ATI video card? If so, have you tried updating the driver?

#6 mikelivia

mikelivia
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 15 June 2006 - 02:29 AM

yeah i have an ati video card. I recently had it replaced and i guessed the tech that installed it ( i wasnt here) just put in the old cd we had. 128 DDr ATI Radeon 9800. I know this can be a pain but could you give me a link to the update because i go to the site to update but am not sure which to pick. Thanks.

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 15 June 2006 - 08:08 AM

Sure.

Before you install anew driver you should use ATI's catalyst uninstaller found here:

http://support.ati.com/ics/support/DLRedir...=737&deptID=894

Then, you need to download and install the microsoft framework:

http://www.microsoft.com/downloads/info.as...5a/dotnetfx.exe


Finally download the driver (Catalyst Control Center Package) from here:

https://support.ati.com/ics/support/KBAnswe...?questionID=640

#8 mikelivia

mikelivia
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 15 June 2006 - 07:26 PM

k did that thanks. Seems like it is working well. If not ill just post in here but so far thanks for helping

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 15 June 2006 - 08:12 PM

Sounds good..good luck with it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users