Blue screen help

So I was just on my desktop today and it blue screened. When it booted up it finished the windows loading part and proceeded to blue screen again. I tried booting in safe mode(s) but it still blue screens. I have also tried to do a system restore which would give me the error: Error(0x80070020). System repair failed to work, so now I'm stuck as to what to do. I'd really appreciate it if someone is able to help me.

Here is an image of the bluescreen if it helps.

http://img824.imageshack.us/img824/6230/photobrg.jpg

 

Bump, anyone please?

 

Hi mate , you might some hardware component is faulty , read this article

http://msdn.microsoft.com/en-us/library/ff559023(v=vs.85).aspx

are you doing any hardware change in your machine ? :cool

 

I am currently using Windows 7.

 

So far I tried using the Windows 7 cd to repair and it didn't do anything but say Windows is unable to repair manually or something to that. I also tried memtest which came back fine after 5 times.

I am really stuck right now and could really use help as to how to fix this please.

 

Can you provide the technical info that Startup Repair gives you when it says Cannot repair this computer automatically? See >> http://answers.microsoft.com/en-us/...computer/718e1c0c-a907-404e-b48e-700e4e65c248

If you are able to, zip up and attach the .dmp files in the C:\Windows\Minidump folder for analysis. These are the logs from the blue screens you get.

 

Startup repair cannot repair this computer automatically

Problem signature:
Problem Event name : StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: -1
Problem Signature 05: AutoFailover
Problem Signature 06: 18
Problem Signature 07: FailureDuringSetup
POS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

 

How about the minidump logs?

 

I have no idea how to get the minidump log. I'm not even able to boot my PC past the windows part.

I'm typing this from my laptop.

 

You will need a bootable CD.

Something like Hiren.

Use the Mini Windows XP function. From here you should be able to pull whatever you want off the hard drive onto a flash drive or another hard disk.

 

Ok thank you, I'll do that tomorrow, but is there a location for the mini dump file when using minixp, or a step by step on how to get to the file?

Thanks again for your continued help, I really appreciate it.

 

Whenever you boot up using Mini Windows XP. It will be much clearer. You'll have a My Computer icon on the desktop and everything. Just as if you were in your own Windows.

The .dmp files are located in this folder: C:\Windows\Minidump

 

I went to tech support at my university and they checked my hard drive, which is fine. The two possible problems are the RAM or the OS at this point.

 

It could be your hard drive controllers too. Do you ever get BSOD 0x7b or only 0x50?

 

I only get the x50 error.

 

Is it possible that you got infected before you started having these issues?

http://www.file.net/process/mrxsmb.sys.html
Read the second comment down by rajakhan .

The above is just a saved TDSSKiller log from a work PC that was also receiving 0X50.

 

Also there were no files in the minidump folder. Is there a method to scan for that virus?

 

I just tried using the TDSS kiler from Hiren's cd, but it didn't do anything. I'm not sure how to make it scan on my drive. It scanned for 2 seconds and came up with nothing.. I'm trying GMER right now.

 

Yeah I was not implying that I ran TDSSKiller from Hiren

GMER will work from Hiren, you may want to try that.

 

How long does this scan take, I has been going for at least 2 hours.

 

Sorry for posting so much, but I forgot to mention that my dad seemed to think that the issue is probably the OS out of all the others. Now if it is the OS, is there a way to repair the damage/corrupt file in that case?

Also if I have to resort to the last scenario which is clean install, could I make a image backup of my current drive, and put that on a new drive, or would that new one also be effected?

The GMER is still going by the way, so I will have to wait on that before making any further assumptions.

 

When a program stops working, Windows can check for a solution for you. Even if Windows didn't find a solution when the problem first occurred, Windows may have found a solution since. Therefore, you should try this method first.

To check whether Windows has found solutions, follow these steps:

*Click Start, and then click Control Panel. Or point to Settings, and then click Control Panel.
*In Control Panel, double-click Problem Reports and Solutions. Or click System and Maintenance, and then click Problem Reports and Solutions.
*In Problems Reports and Solutions, in the Tasks pane (on the upper left side of the window), click Check for new solutions. Windows will check for solutions to problems. This process may take a few minutes or more.
*If a message is displayed indicating No new solutions found, click Close. Or, if any links appear under Solutions to install or Information about other problems, click each of the links and follow the steps provided to solve those problems.

Visit : http://www.techyv.com/questions/bluescreen-xp-error-code-showing

 

I mentioned in my posts that I'm not able to get past the windows load screen nor can I load into safemode.

 

Yes it can take a while. Do you suspect that it may be infected?

When you say your current drive, you mean the computer that is BSODing?
Whatever state the hard drive you are ghosting as an image is in is exactly how it will be whenever you copy from image onto another hard drive.

Yes but first we have to find out what files/drivers are problematic. Can you run the below tool from a flash drive?

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (How to attach)

 

I'm honestly not sure if it is infected as the scan is still running, but here is an image of it currently. I will have to do the flashdrive part later since I don't have one with me at the current time.

http://img829.imageshack.us/img829/1567/photovuh.jpg

 

GMER so far looks normal.

L4D2 is a fun game :-D

 

Oh yah L4D2 :-D.

I will update you later on the scan if it goes through, I just got the usb flash drive.

 

Ok finished doing the scan. Here is the txt file.

 

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Code:

start
cmd: bootrec /FixMbr
Control: 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart, let the computer boot normally and tell me how it went.

 

Do I need to delete the frst files from the drive first?

 

No, you aren't deleting anything. Only adding.

 

Got it, also how do I run the FRST fix once in the system recovery options?

 

I posted the instructions. Here they are again:

 

Edit: never mind I think I figured it out.


this is odd I go into command prompt and type: j:\frst.exe
and it doesn't work..

There is no disk in the drive. Please insert a disk into drive\device\harddisk4\DR4

 

The drive letter may have changed.

Follow the steps you previously did to obtain the FSRT.txt log except this time you are going to be pressing the Fix button.

Edit: Ok

By the way, any idea what drive this is?

 

Ok I tried it, restarted, and it BSOD'd again. Here is the log.

 

No idea what drive x is to be honest. When I went into mini xp and check my computer it says,

total space Free space
(x: ) MiniXp Local Disk 240mb 237mb

so I guess that is what it is.

 

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
Type the following in the edit box after "Search:".
cdrom.sys;dfsc.sys;WimFsf.sys

Note: The file names should be separated by semicolon (;)

It then should look like:

Search: cdrom.sys;dfsc.sys;WimFsf.sys

Click Search button and post the log (Search.txt) it makes to your reply.

 

Scan finished, here is the search file.

 

It looks like you used the wrong syntax.

There is no semicolon ( ; ) after dfsc. It should be a period instead.

Note: It does look like your existing cdrom.sys file has an unknown / faked MD5. We may end up replacing this later but I'm mostly interested in wimfsf.sys.

 

Alright, here is the new search file.

 

Good job

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt (replace/overwrite the existing fixlist.txt)

Code:

start
HKLM\...\Winlogon: [Userinit]  [x]
HKLM\...\Winlogon: [Shell]
Replace: C:\Windows.old\Windows\System32\drivers\cdrom.sys C:\Windows\System32\drivers\cdrom.sys
Replace: C:\Windows.old\Windows\System32\drivers\dfsc.sys C:\Windows\System32\drivers\dfsc.sys
0 WimFsf;  [x]
CMD: copy /y c:\windows\minidump\*.dmp j:\
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Done, here is the file.

 

Please replace the content of fixlist.txt with the following syntax and run the Fix and post Fixlog.txt:

Code:

start
reg: reg query hklm
reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
end

Also type the following in the search box:
software*


Press Search and when finished post the Search.txt

 

Searching right now. Just to clarify, it should be searching for software*, with the asterisk?

 

Yes, with the asterisk.

 

How long does the search take for "Software*"? It has been going for quite a few hours already.

 

Ok scans finished. Here is the fix log and search log.