Jump to content

blue screen of death


burt
 Share

Recommended Posts

hello,

I'm trying to fix a dell laptop for a friend. she gets a blue screen of death when you power up. Here are the facts;

Windows XP SP2

Blue screen error code says 0x0000006F Session 3 initialiation failed

do not have any windows CD's available

do not have Internet available for the laptop

Run hardware diagnostics from the F12 initial startup

and they all come back clean

able to come up in Safe mode

Can't change screen resolution of 640 x 480

No recovery console is installed

Unable to run System restore, I get the following:

"System restore is not able to protect your computer"

I try to use msconfig and get an access denied error

Ran Malwarebytes anti-malware, found about 40-50

problems. cleaned up everything. problem is that

there remain 4 problems that the software says

it cleans up, but they come right back.

ran hijack this

Here are the logs from Malware & Hijack this:

===========================================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:12:18 PM, on 12/26/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\util\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070519

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://<a%20href=http://www.wallpapers.org/wallpapers/view.php?id=66292%20target='_blank'>Rock</a>

--

End of file - 4012 bytes

===========================================================

Malwarebytes' Anti-Malware 1.31

Database version: 1456

Windows 5.1.2600 Service Pack 2

12/26/2008 8:30:28 PM

mbam-log-2008-12-26 (20-30-28).txt

Scan type: Quick Scan

Objects scanned: 53754

Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.

===========================================================

thanks in advance for any help!

Link to post
Share on other sites

  • Root Admin

Please uninstall the Peer2Peer BitComet client. This is how many computers get infected by Malware.

If you want to re-install and run it after we're finished that's up to you but keep in mind it is quite likely why your computer is in the state it is now.

Start HJT and do a Scan Only and place a check mark on the following items.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60313

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60313

O20 - AppInit_DLLs: karna.dat

O24 - Desktop Component 1: (no name) - http://<a%20href=http://www.wallpapers.org/wallpapers/view.php?id=66292%20target='_blank'>Rock</a>

Then click on "Fix checked"

Then run this

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

If you can't get online still then let me know as the current infection might prevent access to certain Security sites but not all Interent access.

Then RESTART the computer and AFTER the restart run HJT and do a Scan and save log.

Post back all the logs.

Link to post
Share on other sites

  • Root Admin

Topic closed, user restored the PC to factory install.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand

how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
Pre- HJT Post Instructions

Also don't forget that we offer
FREE
assistance with General PC questions and repair here
PC Help

If you're pleased with the product
Malwarebytes
and the service provided you, please let your friends, family, and co-workers know.
http://www.malwarebytes.org

.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.