# BCCode: 1000007e BCP1: C0000005 BCP2: F805DA5E BCP3: F8989794 BCP4: F8989490 OSVe



## ne0g (Aug 26, 2007)

today i was just browsing the internet and importing a cd on itunes when all of the sudden the cd skipped maybe 5 times at the same spot and my computer rebooted, unusual from normal boots, it told me it had to check disks with something called CHKDSK or something like that, i let it got through three verifications, and then it rebooted again, this time all the way
it told me windows had experienced a serious error, gave me this error code (i think, i found it on another forum where someone had the same experience as me)
BCCode : 1000000a BCP1 : 81ECF448 BCP2 : 00000002 BCP3 : 00000001 BCP4 : 804DBC9A OSVer : 5_1_2600 SP : 2_0 Product : 768_1
i clicked for details and it said something about
C:\TEMP\WERf41d.dir00\Mini061606-01.dmp
C:\TEMP\WERf41d.dir00\sysdata.xml
i didn't know what to do so i just kept on using my computer,
since then, applications have just been failing, and quitting unexpectedly, in the middle of typing this, firefox freaked out and wouldn't let me switch tabs, and when i typed in the address bar, (google i typed in), it came out backwards. yes, i had typed elgoog. this has never happened before.
also, i was playing a game and listening to music (after the initial crash,) and the music made the same skipping noise, but then it fixed itself and the computer didn't crash.
please help me
-dan


----------



## ne0g (Aug 26, 2007)

i forgot to mention my specs, 
OS: windows xp
cpu: amd athlon x2 3800+ (2.0ghz dual core)
ram: 2 gigs
hdd: 250 gigs, 32 percent full
gp: evga geforce 8500 (256 mb)
edit: one more thing
i went into sys prefs and told the comp to not reboot at next error, this way i can find out more about what's wrong
and my mobo is a geforce 6100sm-m


----------



## The Hound (May 27, 2007)

Welcome to TSG...If you have the error again (looks like you will) there's probably a file associated with it--abcdefgh.sys or something like it--which will point directly at the issue.

You can also check the C:\Windows\Minidump folder for recent dumps, zip the latest few and attach them here--we have some gurus around here who chew on them and spit out answers as well...


----------



## ne0g (Aug 26, 2007)

there was only one but here it is


----------



## The Hound (May 27, 2007)

Here's the log of the dump, but I don't know how to read it...


----------



## ne0g (Aug 26, 2007)

it just occurred to me, am i putting myself in any danger, loosening my security or giving away any personal information when i gave you this file?


----------



## The Hound (May 27, 2007)

Nope--not unless you're developing some secret device drivers which you're testing on your own system...Good question, though. You can open the file and look at it--it's interesting (in a techie codehound sort of way), but it appears to point up a generic error--I was hoping for the log to say that your firewall was the issue, or your video drivers, or something we could correct directly...


----------



## ne0g (Aug 26, 2007)

is this still fixable? and what's all this i hear about hijack? what is it?


----------



## ne0g (Aug 26, 2007)

oh great, i open spybot search and destroy, and it tells me that the app has changed, and since it doesn't change itself that i should check for malware
i'm currently running spybot and avg free (which says kernel32.dll has changed)


----------



## The Hound (May 27, 2007)

Most everything posted here is fixable...Hijackthis? Excellent for helping the experts find malware issues. You could try that...

Post a hijackthis log for the malware gurus:

Download hijackthis here:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.

Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click Edit > Select All> Edit > Copy to copy the entire contents of the log.
Paste the log in your next reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## ne0g (Aug 26, 2007)

as i began to search for malware i got bluescreened

A problem has been detected and windows has been sjut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If it apears again, follow these steps.
(after here, the message is not copied word for word)
Check to be sure you have disk space. If a driver is identified, disable it or check for udpates. Try changing video adapters.

Check for bios updates, disable bios memory options like caching or shadowing. If needed, use safemode to remove or disable components.

*** Stop: 0x0000008E (0xC0000005, 0x8054A10D, 0xB3B5D2AC, 0x00000000)
BEginning dump of physical memory.
Complete

then i rebooted and got a message saying a serious error had occurred
BCCode : 1000008e BCP1 : C0000005 BCP2 : 8054A10D BCP3 : B3B5D2AC
BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 768_1 


following included in error report
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER72ad.dir00\Mini082507-02.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER72ad.dir00\sysdata.xml

here's my most recent two minidumps


----------



## The Hound (May 27, 2007)

Do try to post the hijackthis log. If you can't do it from normal mode, try safe mode with networking (tap F8 at the first screen on reboot and select it from the menu).


----------



## ne0g (Aug 26, 2007)

this time a new one
the same intro but then the steps to follow were
Disable or uninstall any anti-virus, disk defragmentation or backup utilities. Check your hard drive configuration and check for any updated drivers. Run CHKDSK /F to check for a hard drive corruption and then restart your computer.

***STOP: 0x00000024(0x001902FE, 0xB5417F58, 0xB5417C54, 0x804E9AA9)

then it dumped my physical memory again an ran CHKDSK and verified my files indexes and security descriptors
when it verified my files it said Deleted corrupt attribute record (128, "") from file record segment 56411
and then rebooted, and said it had a serious error
BCCode : 24 BCP1 : 001902FE BCP2 : B5417F58 BCP3 : B5417C54 
BCP4 : 804E9AA9 OSVer : 5_1_2600 SP : 2_0 Product : 768_1 
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER6987.dir00\Mini082607-01.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER6987.dir00\sysdata.xml
here's all three minidumps


----------



## ne0g (Aug 26, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:01 AM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\VolumeTouch\VolumeTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PDUiP6210DMon] "C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SysMetrix] "C:\Program Files\SysMetrix\SysMetrix.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] "C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe" /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [VolumeTouch] "C:\Program Files\VolumeTouch\VolumeTouch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1181657364828
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7345 bytes


----------



## The Hound (May 27, 2007)

Here are the other three debug logs...Firefox, AdAware, and AVG are the faulting modules.

A malware expert should still look at your log, but I see that you're running AVG 7-no longer supported. You should be using 7.5 which you can download here...
Download 7.5, uninstall 7, install 7.5, update, and run a full system scan while you wait for the security analysts to check your log.


----------



## ne0g (Aug 26, 2007)

i do have 7.5, but when i try and run it it crashes. i'll try booting in safemode and then running it


----------



## ne0g (Aug 26, 2007)

blue screen in safe mode
avg said no threats
ad-aware didn't finish
BCCode : 24 BCP1 : 001902FE BCP2 : BA7F7FA4 BCP3 : BA7F7CA0 
BCP4 : 805505A1 OSVer : 5_1_2600 SP : 2_0 Product : 768_1 
here's newewst minidump


----------



## ne0g (Aug 26, 2007)

new developement, itunes doesn't work (it won't play anything)


----------



## The Hound (May 27, 2007)

Here's the debug log--the malware guys really need to look at your hijackthis log...You can click the red and white triangle in the top right corner of your post with the log and politely ask a moderator to move your thread to the malware forum...the backwards typing, the safemode crash,...something's afoul there.


----------



## ne0g (Aug 26, 2007)

Bump


----------



## ne0g (Aug 26, 2007)

bump
please. could someone look over the hijack log, i really need help


----------



## cybertech (Apr 16, 2002)

Go to add/remove programs and remove WhenUSave.

Please download *ATF Cleaner* by Atribune. 
*This program is for XP and Windows 2000 only*
 
Double-click *ATF-Cleaner.exe* to run the program. 
Under *Main* choose: *Select All* 
Click the *Empty Selected* button. 

Click *Exit* on the Main menu to close the program.

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply with a new hijackthis log.*

Click *Close* to exit the program.


----------



## ne0g (Aug 26, 2007)

thank you, i think i've had whenusave before, can i immunize somehow? (it's a major pain in the ***)
also, will this stop itunes from not working?
(by the way, i'm away from home at the moment, so i'll tell you when i actually get to try your instructions)


----------

