Page 1 of 4 1234 LastLast
Results 1 to 10 of 35

Thread: HJT - BSOD

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Member NZHawk's Avatar
    Join Date
    Dec 2004
    Location
    Kuaotunu
    Posts
    1,589

    Default HJT - BSOD

    Have a Windows XP media centre
    blue screens on normal boot
    can boot into safe mode
    have ran a test on both hard drive & ram: passed
    updated drives still BSOD
    ran: TDSSKiller: clean
    ran: rustbfix: clean

    Could someone look through this hjt log possibly an infection

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:44:04 a.m., on 7/06/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Compaq_Administrator\Desktop\2 Cleaning Tools\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
    O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
    O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 7958 bytes

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: HJT - BSOD

    Whats the stop error? Get bluescreenview, see what it says

    http://www.nirsoft.net/utils/blue_screen_view.html

    Update this to SP3

    Tick these then tick fix checked. Close browsers. Or delete the entries in ccleaner (under startup)

    Uninstall all versions of java its out of date, then install the latest version only

    I would get rid of Nortons

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART

    O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent

    O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss

  3. #3
    Member NZHawk's Avatar
    Join Date
    Dec 2004
    Location
    Kuaotunu
    Posts
    1,589

    Default Re: HJT - BSOD

    I can't install SP3 until I can get a clean boot

    Here are some of the BSOD - could some assist with understanding what they say:
    ==================================================
    Dump File : Mini060711-02.dmp
    Crash Time : 7/06/2011 11:36:27 a.m.
    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000008e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x805b768b
    Parameter 3 : 0xf76abb60
    Parameter 4 : 0x00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+e068b
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Processor : 32-bit
    Crash Address : ntoskrnl.exe+e068b
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini060711-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 90,112
    ==================================================

    ==================================================
    Dump File : Mini060711-01.dmp
    Crash Time : 7/06/2011 11:06:31 a.m.
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x100000d1
    Parameter 1 : 0x7c83e761
    Parameter 2 : 0x00000002
    Parameter 3 : 0x00000008
    Parameter 4 : 0x7c83e761
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 :
    Stack Address 2 :
    Stack Address 3 :
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini060711-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 90,112
    ==================================================

    ==================================================
    Dump File : Mini060311-18.dmp
    Crash Time : 3/06/2011 3:35:42 p.m.
    Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000008e
    Parameter 1 : 0xc000001d
    Parameter 2 : 0x805b039e
    Parameter 3 : 0xb74f77e8
    Parameter 4 : 0x00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+d939e
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Processor : 32-bit
    Crash Address : ntoskrnl.exe+d939e
    Stack Address 1 : ntoskrnl.exe+d970a
    Stack Address 2 : ntoskrnl.exe+16ff1
    Stack Address 3 : ntoskrnl.exe+93298
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini060311-18.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 90,112
    ==================================================

    ==================================================
    Dump File : Mini060311-17.dmp
    Crash Time : 3/06/2011 2:02:08 p.m.
    Bug Check String : PFN_LIST_CORRUPT
    Bug Check Code : 0x0000004e
    Parameter 1 : 0x00000099
    Parameter 2 : 0x0000b6fc
    Parameter 3 : 0x00000003
    Parameter 4 : 0x00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+21925
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Processor : 32-bit
    Crash Address : ntoskrnl.exe+21925
    Stack Address 1 : ntoskrnl.exe+3c4f0
    Stack Address 2 : ntoskrnl.exe+47039
    Stack Address 3 : ntoskrnl.exe+474ae
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini060311-17.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 90,112
    ==================================================

  4. #4
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: HJT - BSOD

    PFN_LIST_CORRUPT is related to memory probs. Test it with memtest

  5. #5
    Member NZHawk's Avatar
    Join Date
    Dec 2004
    Location
    Kuaotunu
    Posts
    1,589

    Default Re: HJT - BSOD

    thank you for your reply - but I have run memtest and it passed with one pass - it's actually installing service pack 3 so I will run memtest again and let it run 3 passes.

  6. #6
    Member NZHawk's Avatar
    Join Date
    Dec 2004
    Location
    Kuaotunu
    Posts
    1,589

    Default Re: HJT - BSOD

    it's cycled through memtest 3 times - no errors
    any further suggestions?

  7. #7
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: HJT - BSOD

    It needs more than 3 passes. Let it run for a few hours / overnight

  8. #8
    Member NZHawk's Avatar
    Join Date
    Dec 2004
    Location
    Kuaotunu
    Posts
    1,589

    Default Re: HJT - BSOD

    ok - report back tomorrow

  9. #9
    Member NZHawk's Avatar
    Join Date
    Dec 2004
    Location
    Kuaotunu
    Posts
    1,589

    Default Re: HJT - BSOD

    memtest ran successfully (72 passes) overnight - no errors

  10. #10
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: HJT - BSOD

    Has it crashed since you installed SP3?

Similar Threads

  1. BSOD
    By NZHawk in forum PressF1
    Replies: 10
    Last Post: 23-09-2010, 09:56 PM
  2. BSOD help!
    By Blam in forum PressF1
    Replies: 6
    Last Post: 18-06-2008, 10:28 PM
  3. BSoD I've never seen before, some help please
    By Agent_24 in forum PressF1
    Replies: 2
    Last Post: 09-03-2008, 01:37 PM
  4. yet another BSOD
    By gum digger in forum PressF1
    Replies: 7
    Last Post: 10-06-2006, 02:55 PM
  5. Replies: 0
    Last Post: 14-10-2004, 04:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •