Help Please.....!!

Question:
I am getting the"blue Death Screen" frequently..never had a problem before but looks like i've got one now.As i am complete novice at the tech area...never , ever tinker with pc.However most recently these 2 errors appear on the screen"driver_irql_not_less_or_equal" & "page_fault_non_page_area".......i am in shear desperation hope someone can help me resolve this....thankyou!

Answers:
Hi,
Have you made any changes on the PC lately, hardware, software, any windows updates, updated drivers etc?
What Operating System are you using?
At what stage does it happen?
Is it only when you do certain things? Can you get into Windows at all?
Answers:
Ok here goes...O.S--XP-pro
After looking at "techi thread"....people were being advised to scan for viruses etc using spybot,avg...these blue screen always appear during the scan processes.i can get into windows.In addition i now have another error appearing when windows loads "mfc42u.dll not located"
Answers:
I'm guessing you can't get the affected computer to boot. The missing file is vital to your system's operation.
Download the missing .dll file here on to a safe computer ...
Then try to transfer the file to the affected computer via floppy or CD and load it up if you can.
The error message and BSOD could mean one or more of your drivers is malfunctioning or out of date.
Did you install a piece of hardware, for example just before these error messages started to appear? If so then you should try reinstalling it again.
Let us know how you get on.
PCH
Answers:
Yeah, I agree with PCHelpMan - sounds like you've installed a bad driver, or the driver has become corrupt. Usually a BSOD gives a module or DLL name which should give some sort of clue as to which one is faulty.
You could try a system restore to fix the issue, or as he said - replace the DLL either (1) in safe mode or (2) at windows recovery console.
Answers:
thanks everyone for the replys....sorry i could not get back ..trouble coming online! PC does boot up it definately infected so as soon as i do a scan ..."BSOD" with regards to dll file...how & where do i do this(installing) .. my restore pt DOES not work either..??
Answers:
Go to the link I put in my previous post, download the missing .dll on to the affected computer in the Windows/System folder.
See if that helps.
If not then I then i believe you have a corrupted installation of something.
The fact that this .dll is missing AND you have the "driver_irql_not_less_or_equal" & "page_fault_non_page_area" errors suggests to me that maybe have installed something but the installation procedure didn't work correctly.
Is there something you installed that could have triggered these errors?
Have you tried reinstalling whatever it was?
PCH
Answers:
Quote: The fact that this .dll is missing AND you have the "driver_irql_not_less_or_equal" & "page_fault_non_page_area" errors suggests to me that maybe have installed something but the installation procedure didn't work correctly.PCH Or perhaps UNINSTALLED something which has either removed a chained DLL, or incorrectly removed a reference to a DLL.
And for no good reason, here's Martin --->
Answers:
thankyou PCH...will do
Answers:
tried all above....getting no where fast..!!!! Please Helppppp,,,,,,,,
Answers:
I don't know if this will reveal anythign but, if you think the computer is actually infected with malware, you need to download HijackThis and install it on the suspect computer.
You can download a self-extracting copy of HijackThis from here ЕЕ.
If the suspect computer can't download the program directly then download HJT to a working computer and transfer it to the affected machine via floppy or CD.
Once on the computer ....
Double-click on the file hijackthis_sfx.exe file and it will self-extract into its own folder ЕЕ
C:\Program Files\HijackThis
Go to this folder and run the hijackthis.exe file.
From the menu click on "Do a system scan and save a logfile".
Copy and paste both the AVG AS scan report and the HJT logfile to this thread. More specific removal instructions will follow for any malware revealed.
PCH
Answers:
thanks PCH...
Answers:
Hello again....follow up report..."hijack" ...
Logfile of HijackThis v1.99.1
Scan saved at 10:35:22, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: _URLHandler - !!23A6F4C1-32EA-40AF-B42B-E0A99E2A74A6} - C:\PROGRA~1\ROMEOB~1\ROMEOS~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - !!3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Form Filler BHO - !!56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - Global Startup: Post-itо Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\Program Files\SmartWhois\swmsie.exe
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files\SmartWhois\swmsie.exe
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files\SmartWhois\swmsie.exe
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: !!18C690F8-769B-4F07-A687-0FC0D45FFCC8} (ManCertCtrl Class) -
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: !!5BDDFD2D-49C7-4FE3-94DD-5077CA9EC361} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
O18 - Protocol: livecall - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Hope this will make things clearer...
Answers:
Bump,.........bumb
Answers:
You can post your HJT log
Answers:
Is there No one who can help??? I am struggling big time here....any help will be welcome..
Answers:
Have a look at .
Lots of things to try in there.
Answers:
tried but no joy....thanks "Nikolai"
Answers:
Hi
The log is isn't hat bad BUT ...
1. You seem to have two firewalls on your computer. PCguard Firewall & Zone Alarm. They may not both be "active" but please note you must disable one of them. Having two firewalls operational simultaneously will cause problem.
2. You are running the computer in "selective" start up mode. This means some processes won't be running.
Please go to Start > Run and type "msconfig" (without the quotes) in the dialogue box.
Click on OK.
Click the Startup tab and enable all items at startup.
Reboot your computer.
***********************

Make sure you have exposed all Hidden Files & Folders.

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and close My Computer.

***********************
Please download and install
Load SUPERAntiSpyware and click the Check for Updates button.
Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
Open SUPERAntiSpyware and click the Scan your Computer button.
Check Perform Complete Scan and then click Next.
SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
Make sure that they all have a check next to them, and then click Next.
Click Finish and you will be taken back to the main interface.
It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
I'll need a log afterwards of what has been found.
To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
Please post the results of the SUPERAntiSpyware log in your next reply.

***********************
Open HJT ... click on 'Do a System Scan Only'... put tick/check marks next to these entries IF still present ...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window.
*******************
Rehide your Hidden Files & Folders by carrying out the reverse operation to that described earlier in this post.
Please post a fresh HJT log, the Superantispyware report and an update on how things are working now.
Please also check that your firewall and antivirus are fully up to date.
PCH
Answers:
thanks for the reply...PCH however cannot get passesd the 1st stage...in "run"typed misconfig..error pops up..."the application or DLL C;\WINDOWS\SYSTEM\MFC42u.DLL is not valid windows image.Please check this...."
Now what ??