Multiple Blue Screens - Stop 0x00000050 and 0x0000008E

Make sure System Restore is off and try ComboFix.  If it is malware this will catch it.  It hasn't failed me yet on XP.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Well, I ran ComboFix (I was thinking that and was glad you suggested it).  However, after running ComboFix and re-enabling McAfee Security Center, I attempted a full scan and received the following:
STOP 0x0000008E    (0xc0000005, 0xBF801E93, 0xB839BC48, 0x00000000)
    win32k.sys    Address BF801E93 base at BF800000,  Datestamp 4a8564c7

I'm attaching the ComboFix log also:

Just as I was getting ready to send this, I received a message from McAfee about Artemis!Trojan.  Couldn't get the entire message as it cleared as fast as it appeared.
ComboFix.txt

May well be a rootkit that's still infecting the machine.  Please try the Sophos Anti-Rootkit Free rootkit detection and removal tool:
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

Also of interest>
"STOP: 0x0000008E (0xC0000005... BSOD / REBOOT":
http://icrontic.com/forum/showthread.php?t=50966

can you post the minidumps?
or check them with bluescreenview : http://www.nirsoft.net/utils/blue_screen_view.html

Also recommend running Trend Micro's free online virus scanner:            
http://housecall.trendmicro.com/uk/
Ideal for scanning online, using "Safe Mode with networking".      

Your ComboFix logfile is showing remaining infection(s).   Possibly it's the result of the Rustock rootkit.  Therefore if problem still unresolved, you can remove an apparantly infected folder by running this short script in a ComboFix second scan, as shown here>

1. Open Notepad.
2. Copy & paste all text between the lines below, into Notepad window:
=========================================================

Folder::
C:\7528ecf1dd1f9aacee0c7bd62008

==================================================
3. Now Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt just created into ComboFix.exe. This will re-start ComboFix, & hopefully the problem is removed.
5. Finally, please attach the newComboFix logfile.

Further detail, if required>
A guide and tutorial on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I think clean re-installation Winxp is better and yes take the backup of that disk by connecting to other PC as a slave .

If do not want to clean reinstall then you can repair winxp operating system or try with system restore option OR RUN command SFC / SCANNOW and insert the winxp CD so it will restore the ordinal system files.

More Info:-

http://community.mcafee.com/thread/16871
http://www.geekstogo.com/forum/Windows-XP-Blue-Screen-Death-STOP-Codes-t43519.html

Regards,
vijay

mat58 ....any update please?

I have had limited time to work on this, but I am still having problems.   These are the steps that I've done to date:
1 - Removed McAfee Internet Security
2 - Ran ComboFix with the changes you provided
3 - Ran the Sophs AntiRootkit (showed hidden desktop files but didn't recommend cleaning)
4 - Ran a Successful Malwarebytes Anti Malware scan (removed 3 rootkits)
5 - Installed AVG Free to be able to scan for viruses

Tried to run AVG virus scan. Received another Blue Screen.  This time with 0x000000D1   showing file bcmw15.sys

5 - Removed AVG
6 - Ran cCleaner
7 - Rebooted PC and reran ComboFix (see attached log)

Every time I think I have it fixed, and run a successful scan, I run it again and it blue screens

ComboFix0116.txt

The BSOD could be due to your Network Adapter driver(wireless).
bcmwl5.sys file information:
http://www.file.net/process/bcmwl5.sys.html

Analysing your Combo logfile ...

Your ComboFix log doesn't seem complete, the end-section appears to be missing.  Would you please post another one ...

When I try to rerun ComboFix, I get the following error just as it is Preparing the Log Report:

"sed.cfxxe - Entry Point Not Found"
The procedure entry point CloseHandleaR_GetExitCodeProcess could not be located in the dynamic link library KERNEL32.dll

This the latest log:
ComboFix-2-0116.txt

Thanks.  It seems complete but is going to take a while to analyse ... will get back to you ..

Incidently to remove those rootkits did you run Malwarebytes Anti Malware in Safe mode?
It wouldn't do any harm to run RootkitRevealer v1.71
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

The 'error' during the last run could conceivably be due to another rootkit.
Therefore if still unresolved, you could download a new ComboFix from here>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before running it please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running.
Also try renaming ComboFix.exe (to Combo-Fix.exe for example), before saving it to your desktop.  If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick (or equivalent).  Rename it and connect to the infected machine & try another scan.

Although it doesn't prove whether you still have a lurking rootkit, your ComboFix log does appear clean.

One slightly puzzling entry, but i believe harmless>
"3.tmp file information":
http://www.file.net/process/3.tmp.html

Still advisable to run RootkitRevealer, & even ComboFix again as described above.

Here is the RootKit Reveal Log.   Can you let me know what I should do next ?
RootkitReveal.txt

sorry about the delay, still studying the RR log which i'm not so familiar with ...

Located this article although it's a little brief>
"How to Detect Rootkits using RootkitRevealer":
http://staff.kfupm.edu.sa/COE/shafei/index_files/Page552.htm

Far as i'm aware the Rootkit Revealer's log seems clean.
As long as you've read about any special tests(if any) that you have to take before scanning, all should be well.   It would have been prudent to run a 2nd scan if you had located and removed a rootkit, otherwise it would seem ok.

Does the PC still have the same symptom?
If yes, i suggest you re-run ComboFix, but as per above.

can you post the minidump ?  as asked?

Right now I'm stuck - trying to uninstall AVG antivirus and keep getting error "Uninstall failed - 1 error found (Action failed for registry key KHLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\\Windows: creating registry key....)"

you can copy it if you boot from a live cd, like knoppix : ftp://ftp.kernel.org/pub/dist/knoppix/KNOPPIX_V6.0.1CD-2009-02-08-EN.iso      

Did you try removing AVG AV with the AVG Remover utility, or some other app ?
"AVG Remover":
http://www.avg.com/gb-en/download-tools

The error quoted here is similar to yours.  Here it was suggested using the remover tool again, then download & use the "reset_access_avg9_en.exe" tool.   Scroll to the detail at page bottom>
http://forums.avg.com/us-en/avg-free-forum?sec=thread&act=show&id=54159

OK.  Used the AVG utility to completely remove the software.   Tried again to run MalwareBytes AntiMalware (showed 3 infections).  Towards the end of the scan, it BSOD again.  By the time I got the PC it had already rebooted.   I believe this is the Dump file:
Mini011710-01.dmp

Here is the latest ComboFix Log
ComboFix0117.txt

WinDbg gave the following result, which often indicates a hardware fault>
FAILURE_BUCKET_ID:  IP_MISALIGNED

How many RAM modules have you? A reasonably quick check on possible RAM failures is to remove all RAM modules except one, then reboot the computer.
If it still freezes, remove the one RAM & insert one of the others(or other one), & reboot again.    
If inconclusive run Memtest.

Will study Combo logfile ...

A quick check & Combo log looks fairly clean.  Still investigating as i'm uncertain about these entries>

Files Created from 2009-12-17 to 2010-01-17
C:\$AVG

Reg Loading Points
S3 entries.

Any thoughts, or progress, on the RAM stick (module) suggestion please?

Ref: ComboFix log:
The S3 entries i believe, are harmless.

So .. the one remaining item seems to be related to the AVG family.
If you wish to go ahead & remove it, please run ComboFix for a 3rd(?) time, and use this small script>


1. Open Notepad.
2. Copy & paste all text between the lines below, into Notepad window:
=========================================================

Folder::
C:\$AVG

==================================================
3. Now Save the above as CFScript.txt on your desktop.
4. Then drag the CFScript.txt just created into ComboFix.exe. This will re-start ComboFix, & hopefully the problem is gone.
5. Finally, please attach the newComboFix logfile.

Here is the latest status and files:
 - Reran ComboFix with AVG folder removal
 - removed 512MB of additional memory to see if that was the problem
 - ran AntiMalwareBytes Malware removal
 - Installed AVAST anti-virus
Received another BSOD (dump file included).   This is a different error, but one that has been happening throughout this process.
I will be unavailable until Monday evening
ComboFix0117-2.txt
Mini011710-02.dmp

The minidump says it is caused by mbam -  so uninstall it .
it also mentions hardware - see the file
mini.TXT

Thanks ...
ComboFix logfile similar to it's previous logfile, looks clean.

Have read a suggestion that the excellent Malwarebytes can be difficult to remove, although you should find it straightforward:
http://www.ehow.com/how_4926345_completely-remove-malwarebytes.html

I'm in process of removing the following:
(1) Manwarebytes
(2) Ad-Aware

I ran CCleaner to clean the registry keys and any leftover files
Running AVAST! virus scan

I did have 2 blue screens during the cleaning process: 0x0000008E (there should be a dump file for this if necessary)  and 0x0000007E (this occurred during reboot).  

I will update once I complete the virus scan

It just crashed again (groan!)  Here's the latest dump:
I was in the middle of the Avast! virus scan (full scan)
Mini011810-01.dmp

At an earlier time you removed 512MB of additional memory.  It could still be a RAM issue.  Suggest you remove other RAM stick(s) *except* the 512 MB stick, then reboot.

Some worthwhile checks if/when you look inside the PC ..
Make sure that the CPU fan works properly.  
Is there much dust inside the computer case?
Consider reseating the remaining RAM stick to another slot.
Could check the temperature of the CPU (temp < 60C)?

did you ever uninstall mbam ?

or looked at the hardware, like i suggested ?

MBAM was de-installed as requested.  Error occurred after de-installation and reboot.
Need to verify memory.

ok - post results

Ran MEMTEST for about 1/2 hour - no errors
Latest Blue Screen dump is included:
All of Windows updates have been run;  Bios is from 6/28/2005 but when I go to the Gateway website, there are no BIOS upgrades that I can see (there are others, but all dated in 2005/2006)
I don't have the Windows OS disc to try a possible repair install....
Mini012410-01.dmp

looks like this one is the cause :   ashSimpl.exe
it as a file from Avast :  http://www.processlibrary.com/directory/files/ashsimpl/

if it is running, make a windows cd :http://www.howtohaven.com/system/createwindowssetupdisk.shtml

Another option would be to save the (Remove ashsimpl.exe) file download from this link, run a virus/Malware scan on the download, then run it to remove the ashsimpl file.

ashsimpl file information:
http://www.netcom3.com/processlibrary/ashsimpl

Just an observation, but for every anti-virus/anti-malware software I've loaded, every Blue Screen seems to point to a module within that software.  I've tried the following so far:

McAfee (original software on the PC)
Malwarebytes
Avast
AVG

Need to get hold of an XP CD first.  

From your observation statement i'm wondering if the Stinger can help;  it's a utility that cleans the system of viruses that block anti-virus software:
http://vil.nai.com/vil/stinger/

Ran Stinger.   There was another blue screen when I checked the PC this morning
Mini012910-01.dmp

Also receiving a message from AVAST:  The AAVM subsystem detected a RPC error -

Minidump analysis>
IMAGE_NAME:  Ntfs.sys
FAILURE_BUCKET_ID:  0x24_Ntfs!NtfsCommonRead+c68

Ntfs.sys is a Microsoft file:  information:
http://www.file.net/process/ntfs.sys.html

Suggest you disconnect from the internet tonight, uninstall your Anti-virus software, then see if you've got a BSOD in the morning.

May be of interest>
RPC Server Unavailable:
http://askbobrankin.com/rpc_server_unavailable.html

maybe time for a fresh install...

or to run sfc /scannow from the run box

or do a repair install -

When I try to run sfc /scannow, it keeps asking me for the XP SP3 CD (which I don't have).   I tried to create a bootable CD using the instructions previously suggested, and the CD is not recognized.  

Finally was working my way through sfc /scannow (taking the cancel option when it couldn't find a file and I couldn't get the CD to work), and received another blue screen.  Different codes this time.
Attached is the latest dump file.....
Mini013010-02.dmp

you should make an xp install cd with sp3 slipstreamed in it : http://www.howtohaven.com/system/slipstream-xp-service-pack-3.shtml
best do it on a WORKING pC!

OK now here's the problem.  I FINALLY got the CD created, and it works on my PC.  When I go to the machine in error, it doesn't recognize the CD AT ALL !     Just realized that the PC is running Windows XP Media Center Edition with Service Pack 3.   Any additional suggestions would be helpful.

tried this?
http://support.microsoft.com/kb/903251

No instances of drct16 or dwar32 in the registry.  

Attempted sfc /scannow again.  Received FATAL ERROR:  c0000021A; 0xc0000005.  Did not create any dump file.

sorry - be careful withMediacenter
info :  http://blogs.msdn.com/astebner/archive/2007/03/16/how-to-repair-media-center-files-and-registry-entries-on-windows-vista.aspx

Problem is still open - I have been pre-occupied with another project.  Will report back as soon as I can.

I have been able to successfully run Antimalwarebytes and Avast! virus scans.  There are no viruses found with either scan.  
However, I am still getting the BSOD.   Attached is the latest dump file.  

Mini021110-01.dmp

Minidump points to yet another module, the IDesktopInstanceManager.  Do you recognise it, please?
FAILURE_BUCKET_ID:  0x8E_win32k!GetDesktopView+10

More details on a 0x8E_ error>
0x0000008E: KERNEL_MODE_EXCEPTION_NOT_HANDLED:
http://www.aumha.org/a/stop.php

<quote> A kernel mode program generated an exception which the error handler didn’t catch. These are nearly always hardware compatibility issues (which sometimes means a driver issue or a need for a BIOS upgrade) <unquote>

The application CCleaner is mentioned in the minidump analysis, here>
PROCESS_NAME:  CCleaner.exe
Still investigating....

If you're running CCleaner.exe, try uninstalling it.   Maybe a link between your BSODs from AV products, & CCleaner.   If problems uninstalling, suggest you use Process Explorer v11.33:
http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

Trying to obtain the original XP Media Center discs to do a repair install.  Will update as soon as I can.

Did you try to uninstall MCafee yet?

Still working this problem.  Original disks are not available, so working on alternative

you can try making one : http://www.howtohaven.com/system/createwindowssetupdisk.shtml

I have the slipstreamed XP disks - they work on other PCs but not this one.   Anyway, I did find a very old XP CD to work from.  
Working based on corrupt NTOSKRNL.EXE file.   I was referred to this link:
http://www.computerhope.com/issues/ch000646.htm

First attempt to copy from the XP CD worked for a while, but I'm getting the BSOD again.

Could be a bad hard disk - I think my friend is going to take his PC back to the technician that originally worked with him.  Other than rebuild the hard disk, I don't think there is anything else that can be done.

post results!

I have done everything I could for this PC other than re-install Windows Media Center.  My friend has all of his CDs in North Dakota, and is taking the PC back home with him the end of this month.

All comments provided were excellent suggestions.  Other than a complete repair install using the original disks, not sure what else to do.  Thank you for all comments  

But My Answer is also same...Pls check

Regards,
vijay