Please Help: BSOD on Boot!?

Hey Everyone,
I am on my computer's safe mode (w/networking) because whenever I boot up my computer, after I login, i get a BSOD: 0x0000008E (I got 0x00000050 once) and does some memory dump thing. I think it is a really bad virus, because my computer has other symptoms: I cannot run any antivirus software or update any antivirus. I cant run windows update. Please help me! I ran Hijack this, and checked and fixed everything, but that didnt help and I still get some things on hijack this, here is my log:

Edit by bjgarrick: Inline log attached!

Ive spent hours trying to fix my computer, but I have no idea what to do now.

Any help would be much appreciated!

Thanks a bunch!

Chris

 

Welcome to MajorGeeks.com, please follow as many of the steps in the thread below as you can:

http://www.majorgeeks.com/images/grenade.gif READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

http://www.majorgeeks.com/images/grenade.gif When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

 

Thanks for the help, I tried to run the antivirus software, but I couldnt because of the virus on my computer.

Thanks

 

Try to run as many steps in the READ ME as possible, if your in Safe Mode w/ Networking, try to run the online scans listed in step 6 and attach those logs.

 

I just scanned with bitdefender and it got alot of viruses, however, I dont know if any of them are causing my problems, I attached the report.

 

Please see the below threads...

• Running WinPfind by OldTimer
• Using GetRunKey
• Using ShowNew

Once you have followed each thread you should attach these three logs to your next post.

• WinPFind.txt
• runkey.txt
• newfiles.txt

Also attach a fresh HJT log.

 

Thanks for all the help!

Attached are all the logs.

 

I had to put the WinPFind in another post...

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial.

Please look in Add/Remove Programs for the following and uninstall them if found:

Viewpoint

Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Viewpoint ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

Once you have rebooted finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Once you have completed this entire fix, reboot into normal mode if possible and attach a fresh HJT log.

 

Thanx for all the help!

I did everything, however, I still get the errors =/. I attached a fresh hijack this log.

Thanx

 

Let's relocate and rename your HijackThis.exe to a safer location. Create a folder in Program Files, name is HJT. Copy the file HijackThis.exe into this folder and rename it to "analyze.exe".

You should now have a folder "C:\Program Files\HJT" with the file "analyze.exe". Now run a scan from here and attach the new log to your next post.

Also, can you tell me exactly what the BSOD error says?

 

Hey,
Thanx for all the help! However, I think I have made a bigger problem, I thought that winlogon.exe was a virus, so I deleted it and know I get an error when I try to boot into safe mode, is there anyway I could fix this?

Thanks!

 

Not good, do you have a WinXP disc?

 

Yes, I have XP Pro

 

Be sure your BIOS is set to boot from your CD drive, boot from your CD and press the first "R" to enter the recovery console. Once in the console, press 1 to choose your Windows install. Enter your administrator password if you have one, if you do not have one then press enter.

Now, enter this as below...
(If your CD drive is different change the letter)

cd D:\
Press Enter

cd D:\i386
Press Enter

copy winlogon.exe c:\windows\system32
Press Enter

Let me know if you get the message, one file copied and can login to windows.

 

Hey, thanx for all the help!

I tried to use the recovery console, however, I dont know the admin password. I didnt even know I had an admin account, I have one account, but it doesnt have a password. Is there a deafult password or a backup password?

Thanks

 

Yeah, I did tried just pressing enter, but it didnt work.

Thanks for all the help everyone!

 

What did it do when you just pressed enter?

 

It gave me the wrong password thing.

Thanks!

 

The only thing I can suggest if post this over in the Software Forum. They may be able to come up with a solution that doesnt require a reinstall. If they can get up back up we can finish the cleaning.