1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Blue Screen Of Death with ftdisk.sys error

Discussion in 'Windows XP' started by VirtualNewbee, Apr 12, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. VirtualNewbee

    VirtualNewbee Thread Starter

    Joined:
    Apr 12, 2010
    Messages:
    5
    Someone help!
    My computer just crashed yesterday evening while I was visiting various internet sites like video streaming, and you tube. Then when I started surfing onto a manga site to read online manga, page froze, then my computer suddenly start sending me virus/trojan alerts, telling me my firewall is not on, etc and then a legit-looking Microsoft Security notice telling me to "register now" to fix problem. The little pop-up official-looking MS security firewall screen refuses to close, and I believed it was probably a spyware wanting me to buy their product. I ran system check and noticed some new programs seems started as of yesterday (4-10-10 around 16:40)
    These program names are:
    removalfile.bat and aax2jNyu4r5m2 in C:\ Docment&Settings\admin
    Thumbs.db in C:\ programfiles\commonfiles
    nmdfgds0.dll, logonui.exe.manifest, cdplayer.exe.manifest in C: windows\system32
    pd0o1.exe in C:\ (THIS is a known problem startup file that I previously STOPPED process on, but seems to have restarted on its own?)
    pagefile.sys and hiberfil.sys in C:\ (both said "file in use")
    ave.exe (no info on this given)

    I "killed" this processes and then restarted my computer. Then that's when problem started!
    Now I'm in endless "boot-loop" hell, computer trying over and over to boot, telling me it encountered problems. I searched for info through internet (using another comp) and finally able to stop the loop and get blue screen up and it says:
    --------------------------------------
    A problem has been detected and windows has been shut down to prevent damage to your computer.
    The problem seems to be caused by the following file: ftdisk.sys

    PAGE_FAULT_IN_NONPAGED_AREA
    .....
    if problem continuing, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. Use Safe Mode to remove or disable components, restart by F8 and select Safe Mode.
    Tech info:
    STOP: 0x00000050 (0x9F5D10FC, 0x00000001, 0xF738D37B, 0x00000000)
    ftdisk.sys address F738D37B base at F7371000
    Datestamp 3b7d8419
    --------------------------------------------------
    Well, I tried to reboot in Safe Mode but it won't let me. Pressing F8 and I can only choose to stop loop and get to blue screen, or back to screen and go to Microsoft Windows Recovery Console (only choice I CAN select now), or press F1 go to Setup to change BIOS.

    1) I tinkered a little with BIOS setup (don't really know what I'm doing tho) and for a split second, I saw a slight "shadow" of Windows startup screen coming up, but it disappeared again and back to bootloop.
    2) I went to Recovery Console and ran Chkdsk and r\ something, as suggested on one internet site, it ran for some time, told me it fixed something. So I viewed the startup processes (which I memoed on a pad) and shut down.
    3) Tried restarting comp, but same bootloop hell again!! (also, I made it show what's trying to boot and yes, I have shadowing and caching when it's booting) I don't know what else to do???

    For your reference, I have extensive Adobe graphics software loaded on this comp (mostly my school assignments!), so don't want to lose my file or software now! But I noticed often there's glitch with Adobe software, and in the last day when this all happened, there was some kind of update message about Adobe Version Cue or Acrobat which I ran when I was watching vid FLV , also some FireFox and add-on updates I did as well (usually this computer is NOT hooked up to internet).

    Then also, I was attempting to hook up my old scanner Umax Vista Scan which driver was too old so I downloaded XP version from net, tried to run, but had glitch(?) and won't work. I gave up and connected new HP printer/scanner after I downloaded driver for this from internet and it worked fine.

    So, basically, yes I did a LOT of stuff lately that could have caused problem so I have no clue!!!

    I hope someone whose more expert has clue with above info I gave to help me fix this!
     
  2. VirtualNewbee

    VirtualNewbee Thread Starter

    Joined:
    Apr 12, 2010
    Messages:
    5
    Oh, BTW is there any way to access msconfig to stop processes that may be causing problems??
    I CAN'T access Safe Mode with Command Prompt, is there way to Disable some programs from boot/startup screen (MS DOS?) in this boot-loop situation??
    As I was researching about endless boot-loop somes sites talked about sptd.sys which gets inserted by Daemon Tools when running and a number of other problematic seeming processes the computer's trying to run in boot I found when I checked the list of start-ups. It seems if I can disable some of the problematic startups, maybe computer will be willing to run at least on Safe Mode??

    Or, is there something I can change in BIOS setup that will help, I need help.....
     
  3. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  4. VirtualNewbee

    VirtualNewbee Thread Starter

    Joined:
    Apr 12, 2010
    Messages:
    5
    This is a used computer I bought and I don't have XP disk, but I think it has D: drive with HP Recovery Console. I ran this, but it goes back to boot-loop and won't start Windows. I was thinking of asking some friends if they might have XP disk, tho.
    I'll also try your links and see if something happens. I will keep you posted.
    BTW, why do you think Windows "almost" started when I tinkered BIOS setting?? I was wondering key to resolve hidden somewhere here??
     
  5. Talkhard223

    Talkhard223

    Joined:
    Mar 11, 2010
    Messages:
    29
    You appear to be infected. I'd grab HTJ and post a log in the Malware Removal & HJT forum. The popup was a Fake Antivirus and they are designed to look legit. It seems the page you surfed to was either poisioned or malicious to begin with. ALL of those files look VERY suspicious. Did a box pop-up when the fake av hit asking you to save or cancel (and I assume if it did it wouldn't let you cancel?)? If you did not see that, then it was backdoored on your pc probably by an exploit and you may have other malicious software now lurking as well. In either case you will probably need the gold shield experts in the HJT forums.
     
  6. VirtualNewbee

    VirtualNewbee Thread Starter

    Joined:
    Apr 12, 2010
    Messages:
    5
    Yes, Talkhard223,
    I had much suspected a fake antivirus notice hit me, and yes, it was refusing to let me "cancel".
    I would like to activate HTJ to grab and post, unfortunately, I panicked and "killed" some suspicious files and then restarted computer (against my better judgement!).
    Now, I can't get past boot-loop and BSOD. I'm hoping to see if I can get copy of XP recovery and see if I can restart to Windows OS screen. If not, what else can I do now??
    I already did Recovery option from my harddrive D:, but there may be possibility this was hit by virus already too. (After "recovery" was run and it tells me it fixed setting, I'm still NOT able to get out of boot-loop)
    I was already able to view what's running thru chkdsk r/ soon after I did Recovery option, but I don't know how I can print this to HJT without accessing Windows?? (I DID handwrite all the running processes down on a pad, though, in case someone can help me from DOS prompt)
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    It's probably a nasty rootkit then, and not a disk issue.

    One of the things you can try from the recovery console is the listsvc command to see what startup services are running.

    You can try to identify any suspicious or Non Microsoft services from that and disable them. But a really good rootkit will still be hidden.

    http://support.microsoft.com/kb/314058

    DISABLE (from Recovery Console)
    disable servicename
    Use this command to disable a Windows system service or driver. In the command syntax, servicename specifies the name of the service or driver that you want to disable.

    Use the listsvc command to display all services or drivers that are eligible to be disabled. The disable command prints the old start type of the service before resetting the start type to SERVICE_DISABLED. Record the old start type if you must enable the service again.

    The disable command displays the following start_type values:
    SERVICE_DISABLED
    SERVICE_BOOT_START
    SERVICE_SYSTEM_START
    SERVICE_AUTO_START
    SERVICE_DEMAND_START


    Keep trying to start in Safe Mode after disabling any suspicious services.
     
  8. VirtualNewbee

    VirtualNewbee Thread Starter

    Joined:
    Apr 12, 2010
    Messages:
    5
    Thank you Rollin' Rog,
    I will try this disable from Recovery Console. One thing you said, "The disable command prints the old start type of the service before resetting the start type to SERVICE_DISABLED." Do you mean after each startup service there will be listed all these options to take? And then, I type in "disable (servicename)" at the command syntax at the end? Do I have to do that after each suspicious service (1 command line per servicename) or can I do it all together....Or, for safety sake, would I be better off trying to turn off 1 suspect at a time and try booting to be on safe side??

    I did a little research on boot-loop problem and someone talked about a process called "sptd.sys" and I do have that process running! In fact, my computer asks me if I'd like to skip loading "sptd.sys", then press ESC, I do this, but I go back to boot-loop... (it's part of Daemon tools I believe, but I've had Daemon installed from the time I got this computer and it was working fine...)

    Anyway, I will try disabling this first, and try to see what happens. Thanks again, and I'll post again what happens.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Blue Screen Death
  1. BruhXP
    Replies:
    7
    Views:
    661
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916321

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice