Blue Screen of death
Page 1 of 2 • 1, 2 
Blue Screen of death
by tomzog on Wed 03 Mar 2010, 8:24 am
I have been working on my sisters computer and found at least 465 tojans, malware, fakealerts etc and now I am getting the bsod which read stop 0x0000007e, 0xc0000005, 0xb6a9e474, 0xf8a89420, 0xf8a8911c. I am at a lost on what to do next.
Thanks
Thanks
tomzog
Newbie Surfer
- Posts: 14
Joined: 2010-03-03
Operating System: windows xp 
Re: Blue Screen of death
by tomzog on Mon 08 Mar 2010, 7:52 pm
jsut to let everyone know my sisters computer is running smoothly. I took care of all the problems she had.
Thanks
Thanks
tomzog
Newbie Surfer- Posts: 14
Joined: 2010-03-03
Operating System: windows xp -
Re: Blue Screen of death
by DragonMaster Jay on Mon 08 Mar 2010, 8:50 pm
Do you want to check anyway? There could be some bad stuff on there still, that could cause some bad issues, like making the computer to not boot anymore.
DragonMaster Jay
Global Moderator/Malware Expert
[You must be registered and logged in to see this link.]
Note: replies from me are slow on weekends.
[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
DragonMaster Jay
Super Moderator | Tech Officer
- Posts: 8690
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit -
Re: Blue Screen of death
by tomzog on Fri 12 Mar 2010, 9:13 am
Let me know what else I can do. I don't need my sister giving it back to me.
Thanks
Thanks
tomzog
Newbie Surfer- Posts: 14
Joined: 2010-03-03
Operating System: windows xp -
Re: Blue Screen of death
by DragonMaster Jay on Fri 12 Mar 2010, 10:30 am
Hello! We need to do some diagnostics to get started.
1. Please download [You must be registered and logged in to see this link.] by noahdfear.
2. Download [You must be registered and logged in to see this link.] by ad13 and save it to your Desktop.
3. Please download [You must be registered and logged in to see this link.] by me, and save to your Desktop.
4. In your next reply, please post the following logs for my review:
Thanks!
1. Please download [You must be registered and logged in to see this link.] by noahdfear.
- Save it to your desktop.
- Double-click profiles.exe and post its log when you reply
2. Download [You must be registered and logged in to see this link.] by ad13 and save it to your Desktop.
- Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
- When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
- Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
3. Please download [You must be registered and logged in to see this link.] by me, and save to your Desktop.
- Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
- Double-click on Cheetah-Anti-Rogue.cmd to start.
- It will finish quickly and launch a log.
- Post the contents of it in your next reply.
4. In your next reply, please post the following logs for my review:
- Profiles log (1)
- Win32kDiag log (2)
- Cheetah log (3)
Thanks!
DragonMaster Jay
Global Moderator/Malware Expert
[You must be registered and logged in to see this link.]
Note: replies from me are slow on weekends.
[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
DragonMaster Jay
Super Moderator | Tech Officer- Posts: 8690
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit -
Re: Blue Screen of death
by tomzog on Fri 12 Mar 2010, 12:29 pm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-907219651-3613633487-2847416929-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Lex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-907219651-3613633487-2847416929-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
SystemRoot REG_SZ C:\WINDOWS
Running from: C:\Documents and Settings\Lex\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Lex\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
Cheetah-Anti-Rogue v1.3.27
by DragonMaster Jay
Microsoft Windows XP [Version 5.1.2600]
Date: 03/12/2010 - Time: 14:23:48 - Arch.: x86
-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware
SUPERAntiSpyware
-- Known infection --
Extra message: Detection only.
EOF
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-907219651-3613633487-2847416929-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Lex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-907219651-3613633487-2847416929-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
SystemRoot REG_SZ C:\WINDOWS
Running from: C:\Documents and Settings\Lex\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Lex\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
Cheetah-Anti-Rogue v1.3.27
by DragonMaster Jay
Microsoft Windows XP [Version 5.1.2600]
Date: 03/12/2010 - Time: 14:23:48 - Arch.: x86
-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware
SUPERAntiSpyware
-- Known infection --
Extra message: Detection only.
EOF
tomzog
Newbie Surfer- Posts: 14
Joined: 2010-03-03
Operating System: windows xp -
Re: Blue Screen of death
by DragonMaster Jay on Fri 12 Mar 2010, 1:25 pm
Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
DragonMaster Jay
Global Moderator/Malware Expert
[You must be registered and logged in to see this link.]
Note: replies from me are slow on weekends.
[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
DragonMaster Jay
Super Moderator | Tech Officer- Posts: 8690
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit -
Re: Blue Screen of death
by tomzog on Sun 14 Mar 2010, 12:00 pm
Malwarebytes' Anti-Malware 1.44
Database version: 3867
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/14/2010 2:58:50 PM
mbam-log-2010-03-14 (14-58-50).txt
Scan type: Quick Scan
Objects scanned: 132900
Time elapsed: 7 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Database version: 3867
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/14/2010 2:58:50 PM
mbam-log-2010-03-14 (14-58-50).txt
Scan type: Quick Scan
Objects scanned: 132900
Time elapsed: 7 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
tomzog
Newbie Surfer- Posts: 14
Joined: 2010-03-03
Operating System: windows xp -
Re: Blue Screen of death
by DragonMaster Jay on Sun 14 Mar 2010, 6:59 pm
Download WhoCrashed [You must be registered and logged in to see this link.]
This program checks for any drivers which may have been causing your computer to crash....
Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes
WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply
This program checks for any drivers which may have been causing your computer to crash....
Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes
WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply
DragonMaster Jay
Global Moderator/Malware Expert
[You must be registered and logged in to see this link.]
Note: replies from me are slow on weekends.
[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
DragonMaster Jay
Super Moderator | Tech Officer- Posts: 8690
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit -
Re: Blue Screen of death
by tomzog on Mon 15 Mar 2010, 12:50 pm
Analysis
--------------------------------------------------------------------------------
Crash dump directory: C:\WINDOWS\Minidump
Crash dumps are enabled on your computer.
No valid crash dumps have been found on your computer
--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------
Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.
--------------------------------------------------------------------------------
Crash dump directory: C:\WINDOWS\Minidump
Crash dumps are enabled on your computer.
No valid crash dumps have been found on your computer
--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------
Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.
tomzog
Newbie Surfer- Posts: 14
Joined: 2010-03-03
Operating System: windows xp -
Re: Blue Screen of death
by DragonMaster Jay on Mon 15 Mar 2010, 6:39 pm
Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
Please close all other applications running on your system.
Please double click GetSystemInfo.exe to open it.
Click the Settings button.
Set it to Maximum
IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.
Click Create Report to run it.
It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.
Please copy and paste the url of the GSI Parser report (not the log) in your next reply.
Please close all other applications running on your system. Please double click GetSystemInfo.exe to open it.
Click the Settings button.
Set it to Maximum
IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.Click Create Report to run it.
It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.
Please copy and paste the url of the GSI Parser report (not the log) in your next reply.
DragonMaster Jay
Global Moderator/Malware Expert
[You must be registered and logged in to see this link.]
Note: replies from me are slow on weekends.
[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
DragonMaster Jay
Super Moderator | Tech Officer- Posts: 8690
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit -
Re: Blue Screen of death
by tomzog on Tue 16 Mar 2010, 2:52 pm
I am kind of lost on this program. I know what the url is, but where would I find it on the program? Would it be the auto analysis?
tomzog
Newbie Surfer- Posts: 14
Joined: 2010-03-03
Operating System: windows xp -
Re: Blue Screen of death
by DragonMaster Jay on Tue 16 Mar 2010, 6:43 pm
Should be in the Address Bar.
DragonMaster Jay
Global Moderator/Malware Expert
[You must be registered and logged in to see this link.]
Note: replies from me are slow on weekends.
[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
DragonMaster Jay
Super Moderator | Tech Officer- Posts: 8690
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit -
tomzog
Newbie Surfer- Posts: 14
Joined: 2010-03-03
Operating System: windows xp -
Re: Blue Screen of death
by DragonMaster Jay on Wed 17 Mar 2010, 1:38 pm
Please go [You must be registered and logged in to see this link.]. Copy and paste the following file path in to the box.
C:\WINDOWS\system32\DelTMID.exe
Do the same for this file:
C:\WINDOWS\system32\Ptsaci40.dll
Then click submit.
Please post the results (web address to the page) to your next reply.
Note: it might ask you to see the past analysis. Instead, click on "Reanalise File Now."
C:\WINDOWS\system32\DelTMID.exe
Do the same for this file:
C:\WINDOWS\system32\Ptsaci40.dll
Then click submit.
Please post the results (web address to the page) to your next reply.
Note: it might ask you to see the past analysis. Instead, click on "Reanalise File Now."
DragonMaster Jay
Global Moderator/Malware Expert
[You must be registered and logged in to see this link.]
Note: replies from me are slow on weekends.
[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
DragonMaster Jay
Super Moderator | Tech Officer- Posts: 8690
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit -
Page 1 of 2 • 1, 2
Permissions of this forum:
You cannot reply to topics in this forum