TechSpot

CPC2004, you are a god. Please read my minidumps :)

By Hales
Jun 12, 2007
  1. I've been getting BSOD's everytime I start up WindowsXP right before it gets to my desktop. I've researched all of the STOP errors, but haven't found anything. I can't view the minidumps myself because I'm stuck in safe mode and cannot install any software that would help me view them. If you would be so kind as to help me, I would GREATLY appreciate it. This is driving me crazy. Thanks again.

    *EDIT* I can also upload anymore minidumps that you might need. I've got quite a few from the past day.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your minidumps crash with an unknown image and don`t contain any useful info.

    I suggest you go and read this thread HERE and see if it helps you to identify the culprit.

    It might be a good idea to disconnect any unnecessary hardware and see if your system becomes stable. If it does, then start adding one bit of hardware at a time until your system crashes. This will be the culprit.

    Regards Howard :wave: :wave:
     
  3. Hales

    Hales TS Rookie Topic Starter

    An unknown image? Can you explain?

    I did remove one stick of ram and boot it up to see if that was the problem, and then did the same with the other stick, but still the same problem. I also did the chkdsk /f /r thing, but that did not fix anything. I also tried a couple of other things, such as "Last Known Good Config", but that did not work either. Also, I can't run the memtest86 software, because I do not have a floppy drive. I will get around to doing that with the other hardware, but figured I'd ask here first. Sorry.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    unknown image means the minidump has no info on what caused the crash. Hence it`s unknown. ;)

    This could be software or hardware related, but I can`t possibly tell you which it is. It really is a case of trying to eliminate as much as possible. That`s why I suggested removing any unnecessary hardware.

    When did the problem first start? Had you installed any new hardware/software prior to the problem occurring? Have you tried a system restore to before the problem occurred?

    I`m sorry I can`t be more helpful.

    Regards Howard :)
     
  5. Hales

    Hales TS Rookie Topic Starter

    The problem started yesterday morning when I booted up the computer. I haven't recently installed any new hardware, but there was a virus that tried/did make it's way onto my computer. It was something called "retadpu11.exe" I researched that, but came up with nothing. I did not try system restore as it's turned off because of a previous virus problem.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Since you mentioned a virus, go and read this thread HERE and post a HJT log. I know you can only post it from safe mode, but it might let us see if you have any nasties onboard.

    While in safe mode, you should also try and manually delete this file(if there).

    C:\WINDOWS\retadpu11.exe

    Regards Howard :)
     
  7. Hales

    Hales TS Rookie Topic Starter

    I did delete it with HighJackThis! and it seems to be gone, but here is a log.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean. However, you`re running an outdated version of HijackThis. Did you visit the link I gave you?

    Post a renamed, uptodate log from normal mode, if you can..

    Regards Howard :)
     
  9. Hales

    Hales TS Rookie Topic Starter

    Yes, I visited the link. I always use that to scan my logs. I cannot get back into normal mode. Safe mode is the only thing that works.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You need to try and physically delete the C:\WINDOWS\retadpu11.exe file as simply fixing it with HJT won`t delete the actual file.

    Please post a fresh updated HJT log.

    Regards Howard :)
     
  11. Hales

    Hales TS Rookie Topic Starter

    I searched for it, but it was not there. So I'm pretty sure it was deleted. Here is a new log.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You`re still running an outdated version of HijackThis and you haven`t renamed it. Go HERE and follow the instructions, then post a fresh HJT log.

    Regards Howard :)
     
  13. Hales

    Hales TS Rookie Topic Starter

    That link is different from the previous one. Now I know what you're talking about. Here is a new log.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    My bad, you`re quite right. I`m sorry, but I don`t know what happened with the link.

    Your HJT log still doesn`t show anything bad, but obviously something`s seriously amiss.

    Go HERE and follow as many of the instructions as you can.

    Post AVG Antispyware and Combofix logs, if you can. Also, let me know the results of the AVG Antirootkit scan if you can run it.

    Regards Howard :)
     
  15. Hales

    Hales TS Rookie Topic Starter

    Here are the logs for the Combofix. I'm about to run the AVG Antirootkit and will post the results when it is done.

    The AVG Antirootkit will not work because I have to boot up into normal mode before I can use it in safe mode, and I can't get passed the welcome screen.
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Combofix has removed several infections, but there are more.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop. The Avenger script is attached to the bottom of this post.

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

    Also, attach Combofix and AVG Antispyware logs is you can.

    Regards Howard :)

    Edit: No worries about the AVG Antirootkit mate.

    This thread is for the use of Hales only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. Hales

    Hales TS Rookie Topic Starter

    Here are the Avenger and HJT logs.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean. However, unless you can post a HJT from normal; mode, it isn`t going to tell us much. I take it you still can`t boot into normal mode?

    If that`s the case, it might be wise to backup your important data and reformat. That would definitely get rid of any malware that was lurking on your system and would in all probability solve your problems.

    Regards Howard :)
     
  19. Hales

    Hales TS Rookie Topic Starter

    Hahaha, I know I will probably have to reformat, but I'd like to keep that as last resort. Also, I should be getting new hardware this weekend, so I'll just reformat then. Thanks for the help!

    *EDIT* Here's a new ComboFix log, just in case.
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Nothing out of the ordinary there mate.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...