BSOD Problem

neil67

Member
Hi, have been getting continual restarts after BSE's whilst downloading or streaming and it's infuriating!!

Have attached zip folder. Have tried to attach perfmon report but it keeps saying invalid file.

Have Windows Vista Home Premium 32 bit. OS and came pre-installed but has been re-installed in last 6 months.

PC is about 3 years old.

Thanks in advance for any help.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv9500 Notebook
    CPU
    AMD athlon (tm) 64 X2 TK 55 1.8Ghz
    Memory
    2.00GB
This is the cause of your BSOD
wdgcsflu.sys
Google comes up with nothing. Usually a sign of a name changing virus. I will get our security people to help out.
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
I had bad virus a few weeks ago which AVG could not cope with. I've used Malware Bytes Anti-Malware and Super Antispyware and hoped it was now clean but suspected that might not be the case.

I'll wait to hear from you. Thanks again!
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv9500 Notebook
    CPU
    AMD athlon (tm) 64 X2 TK 55 1.8Ghz
    Memory
    2.00GB
We have one of the best malware experts. She may not be online right now but you will be helped.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Hi neil67,
Please have this file C:\WINDOWS\System32\drivers\wdgcsflu.sys
scanned by VirusTotal - Free Online Virus, Malware and URL Scanner
You may need to show 'hidden files and folders' in order to click on it and upload it to be scanned.

From start, click Control Panel do the following:
1. Click on the Folder options, then View tab

2. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
3. Remove the checkmark from the checkbox labeled Hide extensions for known file types.
4. Remove the checkmark from the checkbox labeled Hide protected operating system files.
5. Press the Apply button and then the OK button and shutdown My Computer.
6. Now Windows Vista is configured to show all hidden files.

Save the log information by copying and pasting it into note pad or directly in your next reply.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Thank You
Jacee
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Hi, firstly thanks again for helping. I have tried to send VirusTotal the file but when I try to upload it to their page I get a message saying a device attached to the system is not functioning. The same happens if I try to send it as an email attachment.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv9500 Notebook
    CPU
    AMD athlon (tm) 64 X2 TK 55 1.8Ghz
    Memory
    2.00GB
Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run

***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Hi, here's the ComboFix.txt attached. I'm unable to save a HJT log. It does the scan but says my system has denied acess to the Hosts file? It gices remedie for this but they're beyond me!
 

Attachments

  • ComboFix May 4 2011.txt
    20 KB · Views: 61

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv9500 Notebook
    CPU
    AMD athlon (tm) 64 X2 TK 55 1.8Ghz
    Memory
    2.00GB
Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


After rebooting,
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u25 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586-p.exe to install the newest version.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Now, right click on HJT, to run as Administrator. Click 'Do a System Scan and Save logfile'.
The HJT log will open in notepad.
Copy and paste the HJT log from notepad in your next reply.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Hi, thanks for reply. Busy tonight and tomorrow, will follow your instructions over the weekend. After using ComboFix PC was behaving very strangely and would not let me open any programmes. I restarted it and used Uniblue Registry Booster to fix errors. It works now but there are some strange files/folders and 2 desktop.ini on desktop.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv9500 Notebook
    CPU
    AMD athlon (tm) 64 X2 TK 55 1.8Ghz
    Memory
    2.00GB
It's hard for me to help when you're using a registry repair ... malware will affect the registry, which I will be able to see, but I don't know what Uniblue Registry Booster is doing :confused:

Leave the folders on the desktop for now.
desktop.ini usually means that you have unhidden the computer's "Hidden Files and Folders".
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Ok, will follow your most recent instructions and post reply over weekend, thanks.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv9500 Notebook
    CPU
    AMD athlon (tm) 64 X2 TK 55 1.8Ghz
    Memory
    2.00GB
Hi Jacee, heres HJT log.
 

Attachments

  • hijackthis.log may 8 2011.txt
    8.7 KB · Views: 32

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv9500 Notebook
    CPU
    AMD athlon (tm) 64 X2 TK 55 1.8Ghz
    Memory
    2.00GB
Rescan with HJT, check these Items:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start AVG - Uninstallation survey
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)


Close all open windows except HJT, then click 'fix checked'. Exit out of HJT, go to
C:\Program Files\vShare folder <--- delete this folder.

Restart your computer.

It looks like AVG didn't totally uninstall ... Rescan with HJT and post a new log.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Hi, all done here's new HJT log.
 

Attachments

  • hijackthis.log 8 May 2011 no2.txt
    8.5 KB · Views: 37

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv9500 Notebook
    CPU
    AMD athlon (tm) 64 X2 TK 55 1.8Ghz
    Memory
    2.00GB
That looks like the same log! Did you run a fresh scan and save the new HJT log file after following my above instructions?
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Have repeated your instructions again. Here's HJT log.
 

Attachments

  • hijackthis.log 8 May 2011 no3.txt
    8.1 KB · Views: 43

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv9500 Notebook
    CPU
    AMD athlon (tm) 64 X2 TK 55 1.8Ghz
    Memory
    2.00GB
This is what you picked up http://www.threatexpert.com/report.aspx?md5=f465567f4cc080b5d312495404a39c63

Couple of questions ...

I see Symantec/Norton, but I don't see it as running. Is it out of date? You need an active firewall and an up to date Anti-virus program running!

Have you made any rescue disks yet? This is showing that you're still being reminded: ---> SMINST\launcher.exe




I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
    esetListThreats.png
  11. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the
    esetBack.png
    button.
  13. Push
    esetFinish.png
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Hi Jacee. Did have AVG running but thought that might be problem and uninstalled it. Here's ESET results.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv9500 Notebook
    CPU
    AMD athlon (tm) 64 X2 TK 55 1.8Ghz
    Memory
    2.00GB
Back
Top