Blue Screen Of Death with ftdisk.sys error

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

VirtualNewbee

Thread Starter
Joined
Apr 12, 2010
Messages
5
Someone help!
My computer just crashed yesterday evening while I was visiting various internet sites like video streaming, and you tube. Then when I started surfing onto a manga site to read online manga, page froze, then my computer suddenly start sending me virus/trojan alerts, telling me my firewall is not on, etc and then a legit-looking Microsoft Security notice telling me to "register now" to fix problem. The little pop-up official-looking MS security firewall screen refuses to close, and I believed it was probably a spyware wanting me to buy their product. I ran system check and noticed some new programs seems started as of yesterday (4-10-10 around 16:40)
These program names are:
removalfile.bat and aax2jNyu4r5m2 in C:\ Docment&Settings\admin
Thumbs.db in C:\ programfiles\commonfiles
nmdfgds0.dll, logonui.exe.manifest, cdplayer.exe.manifest in C: windows\system32
pd0o1.exe in C:\ (THIS is a known problem startup file that I previously STOPPED process on, but seems to have restarted on its own?)
pagefile.sys and hiberfil.sys in C:\ (both said "file in use")
ave.exe (no info on this given)

I "killed" this processes and then restarted my computer. Then that's when problem started!
Now I'm in endless "boot-loop" hell, computer trying over and over to boot, telling me it encountered problems. I searched for info through internet (using another comp) and finally able to stop the loop and get blue screen up and it says:
--------------------------------------
A problem has been detected and windows has been shut down to prevent damage to your computer.
The problem seems to be caused by the following file: ftdisk.sys

PAGE_FAULT_IN_NONPAGED_AREA
.....
if problem continuing, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. Use Safe Mode to remove or disable components, restart by F8 and select Safe Mode.
Tech info:
STOP: 0x00000050 (0x9F5D10FC, 0x00000001, 0xF738D37B, 0x00000000)
ftdisk.sys address F738D37B base at F7371000
Datestamp 3b7d8419
--------------------------------------------------
Well, I tried to reboot in Safe Mode but it won't let me. Pressing F8 and I can only choose to stop loop and get to blue screen, or back to screen and go to Microsoft Windows Recovery Console (only choice I CAN select now), or press F1 go to Setup to change BIOS.

1) I tinkered a little with BIOS setup (don't really know what I'm doing tho) and for a split second, I saw a slight "shadow" of Windows startup screen coming up, but it disappeared again and back to bootloop.
2) I went to Recovery Console and ran Chkdsk and r\ something, as suggested on one internet site, it ran for some time, told me it fixed something. So I viewed the startup processes (which I memoed on a pad) and shut down.
3) Tried restarting comp, but same bootloop hell again!! (also, I made it show what's trying to boot and yes, I have shadowing and caching when it's booting) I don't know what else to do???

For your reference, I have extensive Adobe graphics software loaded on this comp (mostly my school assignments!), so don't want to lose my file or software now! But I noticed often there's glitch with Adobe software, and in the last day when this all happened, there was some kind of update message about Adobe Version Cue or Acrobat which I ran when I was watching vid FLV , also some FireFox and add-on updates I did as well (usually this computer is NOT hooked up to internet).

Then also, I was attempting to hook up my old scanner Umax Vista Scan which driver was too old so I downloaded XP version from net, tried to run, but had glitch(?) and won't work. I gave up and connected new HP printer/scanner after I downloaded driver for this from internet and it worked fine.

So, basically, yes I did a LOT of stuff lately that could have caused problem so I have no clue!!!

I hope someone whose more expert has clue with above info I gave to help me fix this!
 

VirtualNewbee

Thread Starter
Joined
Apr 12, 2010
Messages
5
Oh, BTW is there any way to access msconfig to stop processes that may be causing problems??
I CAN'T access Safe Mode with Command Prompt, is there way to Disable some programs from boot/startup screen (MS DOS?) in this boot-loop situation??
As I was researching about endless boot-loop somes sites talked about sptd.sys which gets inserted by Daemon Tools when running and a number of other problematic seeming processes the computer's trying to run in boot I found when I checked the list of start-ups. It seems if I can disable some of the problematic startups, maybe computer will be willing to run at least on Safe Mode??

Or, is there something I can change in BIOS setup that will help, I need help.....
 

VirtualNewbee

Thread Starter
Joined
Apr 12, 2010
Messages
5
This is a used computer I bought and I don't have XP disk, but I think it has D: drive with HP Recovery Console. I ran this, but it goes back to boot-loop and won't start Windows. I was thinking of asking some friends if they might have XP disk, tho.
I'll also try your links and see if something happens. I will keep you posted.
BTW, why do you think Windows "almost" started when I tinkered BIOS setting?? I was wondering key to resolve hidden somewhere here??
 
Joined
Mar 11, 2010
Messages
29
Someone help!
My computer just crashed yesterday evening while I was visiting various internet sites like video streaming, and you tube. Then when I started surfing onto a manga site to read online manga, page froze, then my computer suddenly start sending me virus/trojan alerts, telling me my firewall is not on, etc and then a legit-looking Microsoft Security notice telling me to "register now" to fix problem. The little pop-up official-looking MS security firewall screen refuses to close, and I believed it was probably a spyware wanting me to buy their product. I ran system check and noticed some new programs seems started as of yesterday (4-10-10 around 16:40)
These program names are:
removalfile.bat and aax2jNyu4r5m2 in C:\ Docment&Settings\admin
Thumbs.db in C:\ programfiles\commonfiles
nmdfgds0.dll, logonui.exe.manifest, cdplayer.exe.manifest in C: windows\system32
pd0o1.exe in C:\ (THIS is a known problem startup file that I previously STOPPED process on, but seems to have restarted on its own?)
pagefile.sys and hiberfil.sys in C:\ (both said "file in use")
ave.exe (no info on this given)

I "killed" this processes and then restarted my computer. Then that's when problem started!
Now I'm in endless "boot-loop" hell, computer trying over and over to boot, telling me it encountered problems. I searched for info through internet (using another comp) and finally able to stop the loop and get blue screen up and it says:
--------------------------------------
A problem has been detected and windows has been shut down to prevent damage to your computer.
The problem seems to be caused by the following file: ftdisk.sys

PAGE_FAULT_IN_NONPAGED_AREA
.....
if problem continuing, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. Use Safe Mode to remove or disable components, restart by F8 and select Safe Mode.
Tech info:
STOP: 0x00000050 (0x9F5D10FC, 0x00000001, 0xF738D37B, 0x00000000)
ftdisk.sys address F738D37B base at F7371000
Datestamp 3b7d8419
--------------------------------------------------
Well, I tried to reboot in Safe Mode but it won't let me. Pressing F8 and I can only choose to stop loop and get to blue screen, or back to screen and go to Microsoft Windows Recovery Console (only choice I CAN select now), or press F1 go to Setup to change BIOS.

1) I tinkered a little with BIOS setup (don't really know what I'm doing tho) and for a split second, I saw a slight "shadow" of Windows startup screen coming up, but it disappeared again and back to bootloop.
2) I went to Recovery Console and ran Chkdsk and r\ something, as suggested on one internet site, it ran for some time, told me it fixed something. So I viewed the startup processes (which I memoed on a pad) and shut down.
3) Tried restarting comp, but same bootloop hell again!! (also, I made it show what's trying to boot and yes, I have shadowing and caching when it's booting) I don't know what else to do???

For your reference, I have extensive Adobe graphics software loaded on this comp (mostly my school assignments!), so don't want to lose my file or software now! But I noticed often there's glitch with Adobe software, and in the last day when this all happened, there was some kind of update message about Adobe Version Cue or Acrobat which I ran when I was watching vid FLV , also some FireFox and add-on updates I did as well (usually this computer is NOT hooked up to internet).

Then also, I was attempting to hook up my old scanner Umax Vista Scan which driver was too old so I downloaded XP version from net, tried to run, but had glitch(?) and won't work. I gave up and connected new HP printer/scanner after I downloaded driver for this from internet and it worked fine.

So, basically, yes I did a LOT of stuff lately that could have caused problem so I have no clue!!!

I hope someone whose more expert has clue with above info I gave to help me fix this!
You appear to be infected. I'd grab HTJ and post a log in the Malware Removal & HJT forum. The popup was a Fake Antivirus and they are designed to look legit. It seems the page you surfed to was either poisioned or malicious to begin with. ALL of those files look VERY suspicious. Did a box pop-up when the fake av hit asking you to save or cancel (and I assume if it did it wouldn't let you cancel?)? If you did not see that, then it was backdoored on your pc probably by an exploit and you may have other malicious software now lurking as well. In either case you will probably need the gold shield experts in the HJT forums.
 

VirtualNewbee

Thread Starter
Joined
Apr 12, 2010
Messages
5
Yes, Talkhard223,
I had much suspected a fake antivirus notice hit me, and yes, it was refusing to let me "cancel".
I would like to activate HTJ to grab and post, unfortunately, I panicked and "killed" some suspicious files and then restarted computer (against my better judgement!).
Now, I can't get past boot-loop and BSOD. I'm hoping to see if I can get copy of XP recovery and see if I can restart to Windows OS screen. If not, what else can I do now??
I already did Recovery option from my harddrive D:, but there may be possibility this was hit by virus already too. (After "recovery" was run and it tells me it fixed setting, I'm still NOT able to get out of boot-loop)
I was already able to view what's running thru chkdsk r/ soon after I did Recovery option, but I don't know how I can print this to HJT without accessing Windows?? (I DID handwrite all the running processes down on a pad, though, in case someone can help me from DOS prompt)
 
Joined
Dec 9, 2000
Messages
45,855
It's probably a nasty rootkit then, and not a disk issue.

One of the things you can try from the recovery console is the listsvc command to see what startup services are running.

You can try to identify any suspicious or Non Microsoft services from that and disable them. But a really good rootkit will still be hidden.

http://support.microsoft.com/kb/314058

DISABLE (from Recovery Console)
disable servicename
Use this command to disable a Windows system service or driver. In the command syntax, servicename specifies the name of the service or driver that you want to disable.

Use the listsvc command to display all services or drivers that are eligible to be disabled. The disable command prints the old start type of the service before resetting the start type to SERVICE_DISABLED. Record the old start type if you must enable the service again.

The disable command displays the following start_type values:
SERVICE_DISABLED
SERVICE_BOOT_START
SERVICE_SYSTEM_START
SERVICE_AUTO_START
SERVICE_DEMAND_START


Keep trying to start in Safe Mode after disabling any suspicious services.
 

VirtualNewbee

Thread Starter
Joined
Apr 12, 2010
Messages
5
Thank you Rollin' Rog,
I will try this disable from Recovery Console. One thing you said, "The disable command prints the old start type of the service before resetting the start type to SERVICE_DISABLED." Do you mean after each startup service there will be listed all these options to take? And then, I type in "disable (servicename)" at the command syntax at the end? Do I have to do that after each suspicious service (1 command line per servicename) or can I do it all together....Or, for safety sake, would I be better off trying to turn off 1 suspect at a time and try booting to be on safe side??

I did a little research on boot-loop problem and someone talked about a process called "sptd.sys" and I do have that process running! In fact, my computer asks me if I'd like to skip loading "sptd.sys", then press ESC, I do this, but I go back to boot-loop... (it's part of Daemon tools I believe, but I've had Daemon installed from the time I got this computer and it was working fine...)

Anyway, I will try disabling this first, and try to see what happens. Thanks again, and I'll post again what happens.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top