Author Topic: [Inactive]Can't Get Past Blue Screen.  (Read 5858 times)

0 Members and 1 Guest are viewing this topic.

Offline Ascertain20

  • Bronze Member
  • Posts: 29
[Inactive]Can't Get Past Blue Screen.
« on: August 26, 2011, 02:23:37 pm »
I asked this at CNET forums already and was instructed to find a site where I could post a Hijack This log. We have an an EMachines T2958 with Windows XP Home SP3. We recently installed a new Netgear USB wireless adapter and a new version of Bullguard. After that, it started running slow and started giving us blue screens that say "a device driver attempting to corrupt the system has been caught. The faulty driver on the kernel stack must be replaced with a working version." I can get into Safe Mode fine, but I get a blue screen after a few minutes in normal mode that runs slow. I thought it may have been either the D-Link wireless card we have or the Netgear USB adapter so we tried removing the D-Link card, and it didn't make any difference. I know someone here previously had an issue with this same blue screen here http://spywarehammer.com/simplemachinesforum/index.php?topic=7624.0. Is there a fix for this?

Here is the Hijack This log.

Logfile of HijackThis v1.99.1
Scan saved at 3:50:36 PM, on 8/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: WSWNA3100M - Unknown owner - C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe (file missing)
« Last Edit: August 26, 2011, 03:21:21 pm by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 24983
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #1 on: August 26, 2011, 03:23:43 pm »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

There may be a fix to your problem, but chances are it is much different that the log you looked at. Now onto trying to fix your computer.


Is that the entire hijackthis log?  Also can you please tell me what the stop code and program name are when you get the blue screen?  And please use the instructions below to attach a copy of your event viewer logs.

I need you to go to the administration tools in XP. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side and click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #2 on: August 27, 2011, 02:56:08 pm »
Used selective startup mode to not run all non-windows processes at startup.

Tried to do a repair install via the recovery console on the Windows XP disk we have.

Tried removing physical D-Link wireless card we had. Didn't work. Unsure if it causes conflict with Netgear USB adapter.

Thought it may have been a problem with old F-Secure software that caused the computer to crash previously so I tried to remove all entries of it in the registry.

Installed BSOD Viewer, Windows Debugger, SiSandra. Couldn't start service with SiSandra in safe mode.
Tried doing chkdsk numerous times.

Ran SuperAntiSpyware, Malwarebytes, Hijack This, LSPFix, and Trojan Remover.

Tried System Restore. No dice.

Tried renaming and deleting the F-Secure files I thought were harming the system.

Installed and uninstalled Bullguard.

Installed and removed the Netgear wireless usb adapter.

Tried checking the event viewer.

Tried checking the minidump files.

Downloaded TweakUI (haven't used because installation window was too big in Safe Mode), CCleaner (haven't used), Microsoft Online Crash Analysis (see TweakUI)

And below are the Application and System event logs.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 24983
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #3 on: August 29, 2011, 05:42:52 pm »
Please reboot to safe mode with networking and try running combofix using the instructions below.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #4 on: August 30, 2011, 03:42:14 pm »
Can you please tell me what the stop code and program name are when you get the blue screen? And please use the instructions below to attach a copy of your event viewer logs.

Stop code isn't attached to any particular program, although I will get a stop error when I try to connect to the internet now.

Bad _Pool_Caller 0x000000c2 (0x00000040, 0x00000000, 0x80000000, 0x00000000)
IRQL_Not_Less_Or_Equal 0x000000c4 (0x00000081, 0xffb8c460, 0x0000008a, 0x00000000)
Also 0x000000c4 (0x00000081, 0x82800b70, 0x0000008a, 0x00000000)

And here's the Combofix log.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 24983
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #5 on: August 30, 2011, 07:19:12 pm »
In the future please copy and paste your logs into a reply unless asked to have them attached. It helps us help you. (I know this may sound stupid especially as below I am asking for you to attach 2 logs).

The combofix log did show quite a bit removed, is your computer running any better?

To help get to the stop codes you mentioned above, I do need you to attach two logs using the procedure below.

I need you to go to the administration tools in XP. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side and click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #6 on: August 30, 2011, 10:24:35 pm »
Oh silly me. Will do next time.  :)1

Here's the attached logs.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 24983
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #7 on: August 31, 2011, 06:13:28 pm »
No worries.

Click Start. click run, type: cmd, and press Enter
Type: netsh winsock reset, and then press the ENTER key.
Type: Exit and press ENTER.
Restart the computer.

The XP Disc that you have, what SP is it?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #8 on: August 31, 2011, 07:32:18 pm »
It's SP1.

Did that and tried connecting to the internet in normal mode. Got the IRQL_NOT_LESS_OR_EQUAL stop error. Code 0x000000D1 (0x9fd6c357, 0x00000002, 0x00000000, 0x9fd6c357)

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 24983
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #9 on: September 01, 2011, 06:46:08 pm »
Did it save a dump file? Can you connect to the internet in safe mode with networking with no problem?

Do you have access to a clean computer with a broadband internet connection and a CD burner and a blank CD?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #10 on: September 01, 2011, 07:44:47 pm »
Did it save a dump file? Can you connect to the internet in safe mode with networking with no problem?

Do you have access to a clean computer with a broadband internet connection and a CD burner and a blank CD?

Yes I'm typing this from my laptop. It has a CD burner drive, and I have blank CDs available.

Even if I connect to the internet in safe mode, it'll still give me a stop error.

Yes it saved a dump file.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 24983
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #11 on: September 02, 2011, 07:22:34 pm »
Once you have created this disc (instructions below), stick it into the problem computer and click on start, then all programs then accessories and then command prompt. Once that is open type in sfc /scannow and follow any instructions that pop up. Let me know how that goes. Once it is done, reboot the computer normally and try connecting to the internet again. If it still crashes, zip up the dump file and attach it to your next response.

The instructions I have use Nero, but if you have another CD burning program let me know what it is and I will try to get the instructions.


Create Folders


First open windows explorer and create a new folder in the C drive. If you do it right at c:\ then it will make the other steps later, easier. Name it XPinstall. Now go into that folder and create a 3 new folders. They are in turn, XP, SP3, and bootsect. Next follow the steps below.

Show Hidden Files

   1. Double-click on the My Computer icon.
   2. Select the Tools menu and click Folder Options.
   3. After the new window appears select the View tab.
   4. Put a checkmark in the checkbox labeled Display the contents of system folders.
   5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
   6. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
   7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
   8. Press the Apply button and then the OK button and close My Computer.
   9. Now your computer is configured to show all hidden files.

Copy XP and XP SP3

Now you need to stick your Windows XP installation disk into the disk drives and copy everything into the XP folder created above.

Now you need to download the Windows XP SP3 installation file. http://www.microsoft.com/DownLoads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en%22 Save it to the SP3 folder created above. Unzip the SP3 file

Open that file with a Zip utility. I use PowerArchiver, but WinZip or any of the others should do as well. Extract all the files to the SP3 folder created above. Or you can copy the file downloaded to the SP3 folder and then open a command prompt and type in cd c:\xpinstall\sp3 and then hit enter and that location should be displayed. Now type in windowsxp-kb936929-sp3-x86-enu.exe -x:c:\xpinstall\sp3 and that will extract the files. Now either move the downloaded SP3 file or delete it.

Slipstream SP3 into the Installer Files

If you don't have a command prompt running, start one. Type into it, cd c:\XPinstall\sp3\i386\update and then type into into it update.exe /integrate:c:\XPinstall\xp

Make Installation Bootable

First download IsoBuster, http://www.isobuster.com/isobusterdownload.php

Install it and run it and select Free func. Only from the registration window. In the left-side tree view, select Bootable Disc. When you do so, the right side will change and display just a few files. One will be named Microsoft Corporation.img (or similar; it will be named something.img): This is the file you need to extract. To do so, right-click and choose Extract Microsoft Corporation.img . When ISOBuster prompts you, choose to download it to the C:\xpinstall\sp3 folder.

Burn to a CD

These instructions are for Nero Burning ROM Version 8. Other utilities should be similar.

   1. Start Nero Burning ROM.
   2. Burning ROM will start with a New Compilation window open.
   3. Select CD-ROM (Boot) from the left side.
   4. Then, in the source section, make sure Image file is selected and then click the Browse button.
   5. Navigate to C:\xpinstall\sp3 and then drop down the list box that's currently set to Boot-Image-Files (*IMA) and choose All Files (*.*). The select Microsoft Corporation.img and click OK.
   6. Then, in the Advanced section of the New Compilation window, make sure Enable expert settings (for advanced users only!) is selected and choose No Emulation as Kind of Emulation.
   7. Ensure that 07C0 is the value under Load segment of sectors (hex!).
   8. Change the Number of loaded sectors value from 1 to 4.
   9. Click the New button to close the New Compilation window.
  10. The normal Burning ROM UI will appear with a blank compilation on the left and a tree view of your PC's file system on the right.
  11. Using the File Browser tab on the right side, navigate to C:\xpinstall\xp . Then, drag the entire contents of this folder over to the left side of the window. This should take only a few seconds.
  12. Change the name of the CD on the left side to something like XPSP3Install .
  13. Remove your XP Setup CD and then click the Burn button in the Burning ROM toolbar. The Burn Compilation window will appear, as shown below. Check the option titled Finalize disc (No further writing possible!) and then click Burn. Burning ROM will prompt you to insert a blank disc. Any CD-R or CD-RW will do.


Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #12 on: September 04, 2011, 01:51:34 pm »
Okay I wrote the CD, and installed the recovery console.

I'm in normal mode now. Still slow, but I turned off the services that automatically connect to the internet (DHCP, Wireless Zero, DNS, and the Netgear adapter).

Currently running SuperAntiSpyware and Malicious Software Removal Tool to see if it can catch anything.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 24983
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #13 on: September 04, 2011, 06:19:13 pm »
Did you run sfc ?

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Ascertain20

  • Bronze Member
  • Posts: 29
Re: [In Progress] Can't Get Past Blue Screen.
« Reply #14 on: September 06, 2011, 01:31:44 pm »
Yes I did. Pretty sure it went through all the files.

Tried turning back on all the services that help connect to the internet. Tried connecting to the wi-fi and still got an IRQL_NOT_LESS_OR_EQUAL stop error.