1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

bsod Help!!!!!!

Discussion in 'Windows XP' started by wildaboutu, Jan 1, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. wildaboutu

    wildaboutu Thread Starter

    Joined:
    Jun 25, 2005
    Messages:
    54
    I am sure you will need a HJT log but can't remember how to get one. This computer has been starting up fine but if i walk away I comp back to :
    1962 no operating system found. Press f1 to repeat boot sequence and when I do that I get a weird graph and more errors.
    I don;t know where to start. If you advise how to get a log maybe that's where I should begin.
     
  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,120
    Please do this:

    * Click here to download HJTsetup.exe
    · Save HJTsetup.exe to your desktop.
    · Doubleclick on the HJTsetup.exe icon on your desktop.
    · By default it will install to C:\Program Files\Hijack This.
    · Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    · Put a check by Create a desktop icon then click Next again.
    · Continue to follow the rest of the prompts from there.
    · At the final dialogue box click Finish and it will launch Hijack This.
    · Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    · Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    · Come back here to this thread and Paste the log in your next reply.
    · DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. wildaboutu

    wildaboutu Thread Starter

    Joined:
    Jun 25, 2005
    Messages:
    54
    Logfile of HijackThis v1.99.1
    Scan saved at 6:43:53 PM, on 1/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Bluelight\exec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Bluelight\exec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mybluelight.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mybluelight.com/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mybluelight.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.mybluelight.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mybluelight.com/s/sp?r=a...8c428cb38d5f260853678922e03&joindate=20040807
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\BLSearch\SearchEnh1.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - C:\PROGRA~1\BLUELI~1\Toolbar.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\blspc.exe" -w
    O4 - HKCU\..\Run: [BlueLight_uoltray] C:\Program Files\Bluelight\exec.exe regrun
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA36177-8368-41B4-973C-B534BE438AA3}: NameServer = 64.136.28.120 64.136.20.120
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3EA36177-8368-41B4-973C-B534BE438AA3}: NameServer = 64.136.28.120 64.136.20.120
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3EA36177-8368-41B4-973C-B534BE438AA3}: NameServer = 64.136.28.120 64.136.20.120

    Here you go. awaiting your reply. bsod 3 times while trying to do this. Hope you will be able to help me
     
  4. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,120
    well, you are definitely infected. I am not a security guru, so I won't be telling you what to and what not to delete. Hopefully one will be around soon. What is on the BSoD, exactly? there will some hex (0X00000CF, 0X000000FE), stuff like that, and maybe something marked xxxx.sys, if you could jot those down and post them, it would be great. Also, the bsod should have a reason for it, such as irq_not_less_than or something similar. If you could post that as well, it would be helpful.

    In the meantime, would recommend running a scan from http://housecall.trendmicro.com/ or http://www.pandasoftware.com/activescan/. Then wait for a security expert to parse your log.
     
  5. awalker0878

    awalker0878 Removed by request

    Joined:
    Dec 16, 2005
    Messages:
    407
    1962 no operating system found. Press f1 to continue

    sound like a flaky hardware (harddrive?) to me
     
  6. wildaboutu

    wildaboutu Thread Starter

    Joined:
    Jun 25, 2005
    Messages:
    54
    bsod: kernel_data_inpage_error
    New blue screen showed up that reads: a processor thread crucial to system operation has unexpectedly exited or been terminated. Do I just wait to hear from a "security guru"
     
  7. awalker0878

    awalker0878 Removed by request

    Joined:
    Dec 16, 2005
    Messages:
    407
    http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prmd_stp_fvlq.asp
    Stop 0x0000007A or KERNEL_DATA_INPAGE_ERROR

    The Stop 0x7A message indicates that a page of kernel data was not found in the paging (virtual memory) file and could not be read into memory. This might be due to incompatible disk or controller drivers, firmware, or hardware.
    Interpreting the Message

    This Stop message has four parameters:

    1. Lock type value (0x00000001, 0x00000002, 0x00000003, or page table entry (PTE) address).
    2. I/O status code.
    3. If the lock type is 0x00000001, this parameter represents the current process. If the lock type is 0x00000003, this parameter represents the virtual address.
    4. The virtual address that could not be read into memory.

    Frequently, the cause of this error can be determined from the second parameter, the I/O status code. Some common status codes are:

    * 0xC000009A, or STATUS_INSUFFICIENT_RESOURCES, indicates a lack of nonpaged pool resources.
    * 0xC000009C, or STATUS_DEVICE_DATA_ERROR, indicates bad blocks (sectors) on the hard disk.
    * 0xC000009D, or STATUS_DEVICE_NOT_CONNECTED, indicates defective or loose data or power cables, a problem with SCSI termination, or improper controller or disk configuration.
    * 0xC000016A, or STATUS_DISK_OPERATION_FAILED, indicates bad blocks (sectors) on the hard disk.
    * 0xC0000185, or STATUS_IO_DEVICE_ERROR, indicates improper termination, defective storage controller hardware, or defective disk cabling, or two devices attempting to use the same resources.

    For information about other possible status codes that might be returned, see the file Ntstatus.h of the Windows XP Professional Driver Development Kit (DDK). For more information about the DDK, see the Driver Development Kits link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
    Resolving the Problem

    The following suggestions are specific to Stop 0x7A errors. For additional troubleshooting suggestions that apply to all Stop errors, see "Stop Message Checklist" later in this appendix.

    * Stop 0x7A can be caused by bad sectors in the virtual memory paging file, disk controller error, virus infection, or memory hardware problems. In extremely rare cases, depleted nonpaged pool resources can cause this error. If the first and third parameters are zero, the stack signature in the kernel stack is missing, an error typically caused by defective hardware. If the I/O status is 0xC0000185 and the paging file is on a SCSI disk, check for cabling and termination issues. An I/O status code of 0xC000009C or 0xC000016A indicates that the requested data could not be found. You can try to correct this by restarting the computer. If a problem with disk integrity exists, Autochk, a program that attempts to mark bad disk sectors as defective so that they are not used in the future, starts automatically. If Autochk fails to run, you can manually perform the integrity check yourself by following the instructions to run Chkdsk provided in "Stop 0x00000024 or NTFS_FILE_SYSTEM" earlier in this appendix. For more information about Autochk and Chkdsk, see "Troubleshooting Disks and File Systems" in this book.
    * Another cause of Stop 0x7A messages is defective, malfunctioning, or failed memory hardware, such as memory modules, Level 2 (L2) SRAM cache, or video adapter RAM. If you added new hardware recently, remove and replace it to determine if it is causing or contributing to the problem. Run diagnostics software supplied by the system manufacturer to determine if the component has failed.
    * Check the hardware manufacturer's Web site for updates to disk adapter firmware or drivers that improve compatibility. Verify that your disks and controller support the same set of advanced features, such as higher transfer rates. If necessary, select a slower transfer rate if an update is not yet available. Consult your hardware or device documentation for more information.

    Important
    o You can install disk controller drivers not present on the Windows XP Professional operating system CD by responding to the following prompt shortly after starting Setup:
    o Press F6 if you need to install a third party SCSI or RAID driver.
    o Press F6, and when prompted, provide the appropriate storage controller driver (ATA or SCSI) supplied by the manufacturer.
    * The problem might also be due to cracks, scratched traces, or defective components on the motherboard. If all else fails, take the system motherboard to a repair facility for diagnostic testing.
    * Problems that cause Stop 0x7A messages can also cause Stop 0x77 messages. For more information about Stop 0x77 messages, see "Stop 0x00000077 or KERNEL_STACK_INPAGE_ERROR" earlier in this appendix.

    For more information about Stop 0x7A messages, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources. Search using keywords winnt, 0x0000007A, and 0x7A.
     
  8. awalker0878

    awalker0878 Removed by request

    Joined:
    Dec 16, 2005
    Messages:
    407
    To me it look like you either have a defective IDE controller, or hardrive. Backup all important files you can to a CD or DVD. I am saying this because you had the F1 message also before.

    Than I suggest if your computer is under warranty phone your OEM and describe your problem to them.
     
  9. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,120
    yah, I'd start backing stuff up rapidly....something is about to give, and it sounds like the hd. we'll see if a security expert meanders by, but I don't think that even removing all the infection will matter. Although it could if you have a boot sector virus. did you try those online scanners?
     
  10. wildaboutu

    wildaboutu Thread Starter

    Joined:
    Jun 25, 2005
    Messages:
    54
    Which scanners are u referring to. I will try anything as funds are low and taking in for dx test will have to wait. I will retire for the night but will check in tomorrow to see if any new posts have been added.
     
  11. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    76,120
    read post number 4.
     
  12. awalker0878

    awalker0878 Removed by request

    Joined:
    Dec 16, 2005
    Messages:
    407
    you could if you want and do not have a "non-standard mbr" (muli-boot system) insert WINXP disk boot to setup press r to go in to recovery console type "fixmbr" that will create a new mbr. That should wipe out any mbr virus although I have not heard of mbr virus infecting 2000/XP with their new hardware security features. Also I suggest you backup first your important files before trying to fix the mbr code, as it could make it so you can not boot your computer. I suggest downloading AVG Free update Virus Defs and doing a complete scan also.
    http://free.grisoft.com/softw/70free/setup/avg71free_371a669.exe
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430154

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice