Solve : Please Help! Need functioning ohciusb.sys driver? – InterviewSolution

InterviewSolution

1.	Solve : Please Help! Need functioning ohciusb.sys driver?
Answer» Greetings Everyone, Three days ago my computer froze and when I restarted the computer it started showing this blue screen message: * Stop: 0x0000001e (0xC0000005, 0xED6BF9FA, 0X00000000, 0X00000118) KMODE_EXCEPTION_NOT_HANDLED * Address ED6BF9FA base at ED6BF000, DateStamp 46d6e306 - ohciusb.sys Some more info: - Windows 2000 prof., P4 1.4 Ghz, 256MB RAM, HDD1 137GB HDD2 163GB, - The computer can run in safe mode - I have not added any hardware or software recently - When I start the computer it windows loads until it DISPLAYS the dialog box which states "Please wait Windows 2000 is...." and then the blue screen appears. Windows 2000 never fully loads. - I have a D-Link DUB-H4 USB 2.0 mini hub, but it did not come with any driver software. From my research I have found that Microsoft says I need to replace the ohciusb.sys driver because it is most likely faulty: http://support.microsoft.com/kb/275678 Below is some info on the driver: http://www.runscanner.net/getmd5.aspx?md5=88CB769EBCDAE664A242450AA1FB1ECA&process=ohciusb.sys In an attempt to localize the cause of the problem I removed the driver file from the c: drive and placed it on my secondary drive and restarted the computer. I noticed that when I did this the computer loaded windows to completion, it displayed my wallpaper and the icons on my desktop, however after 20 seconds the blue screen message appears. I think that if I can replace the ohciusb.sys driver the computer will function as it did before. My problem is that I dont know where to find the driver. I looked at my windows 2000 cd-rom and my other cd-roms with drivers programs on them but have not been able to find it. Can someone please direct me to where I can find a functioning copy of the ohciusb.sys driver? It would be GREATLY APPRECIATED. I am a student and I need to resolve this problem quickly because I need to have a functioning computer at my disposable to do my work. Again your help is GREATLY APPRECIATED. Krontype According to the link provided this is not a Windows driver...it is a third party USB driver so you need to review all USB devices you have had installed and track it down that way... BTW most google hits show it as possible malware...what protection programs do you have and when have you updated and ran them last ? ?Hi Patio, Thanks for the help. I have the AVG free antivirus and the AVG free Anti-Spy ware, Spybot Search and Destroy and Comodo Personal firewall. All of them are updated. I ran them all. My c: drive was clean except for some tracking cookies which I removed. On my secondary hard drive I found one virus worm.feebs which I promptly removed it , but I haven't used this secondary hard drive in over a year so I'm not sure if this would be the source of the problem. I looked up the worm.feebs in google. http://www.pctools.com/mrc/infections/id/Worm.Feebs/ It seems to be a virus involved with mass mailing and such. I have gone through all my driver cd-roms looking for the ohciusb.sys driver but have not found it. I am using the safe mode as I am typing this and I cannot enable my Comodo firewall, is that normal? krontypeYes the Comodo thing is normal...since only the minimum drivers/services are loaded in safemode most firewalls will not run in that mode. To eliminate the secondary drive as the issue ( which i don't believe it is ) simply unhook the IDE cable and see if the issue persists... Your protection scheme should be adequate and as you had no reported issues it may not be an INFECTION...if it is it's probably a low threat one. Another thing you can try : Do a search for the driver across the entire hard drive. Make a backup copy of it and put it in a new directory. Write down where it resides on your system...there may be more than one instance. Now delete all the entries and re-boot and see if the error message goes away. If it does i would keep things the way they are If it still errors out we may have to try a different approach...Hi Patio, I tried your suggestions but unfortunately when i delete the ohciusb.sys file from my computer it returns when I reboot. Windows loads up but after displaying my wallpaper and desktop icons the blue screen message also returns. There is only one instance of the file, in my C:winnt/system32/drivers folder. I deleted it from there and placed it in a folder on my secondary hard drive. krontypeTry the application Compatibility tool. Here Thanks Street1. I am not at home and won't get home untill after 10:30 pm this evening. But I will try it as soon as I get home. krontypeI encountered this exact same error using the same OS on a Dell Dimension 4100. It started last Friday afternoon (Sept 7th) and I have been unable to correct it after many attempts. I too can bring the system up in Safe Mode. I am very interested in knowing how to fix this one. My BSOD started just after I connected to ATT Yahoo Internet service for the first just after completing the install process for this new service. Thanks for your help!Hi Street1, i cannot install the program I keep getting the following message box: The Windows Installer could not be accessed. This can occur if you are running in Windows safe mode, or if the Windows installer is not properly installed. Unfortunately right now I am forced to run my computer in safe mode, it will not run otherwise. krontype Looks like you need to do a repair install.This is a good walk through for repair install. GoHere If it re-appears after deleting and re-booting i suspect it is in fact malicious... Update and run all your protection apps in safemode. Then post back with a list of what you ran and their findings...Greetings Everyone, The following suggestion was passed on to me: First in safe mode rename the ohciusb.sys file to ohciusb.OLD. Then log into the computer with a different profile (an admin profile - I had to create a new one), and then delete the user profile that originally produced the error. So far it seems it has worked for me, but I did not delete the old profile yet. I believe that it can still be restored. And I'm also trying to transfer some of the stuff (firefox settings, bookmarks, extensions,etc.) to my new user profile. Some observations: I found that after renaming the file I was able to start the computer with the old profile without getting the bluescreen message(but for some reason I could not get on the internet). I created the new user and rebooted. Then I went to C:\WINNT\system32\drivers to make a copy of the new user's ohciusb.sys file. Now here's the interesting part, as soon as I clicked on ohciusb.sys file AVG free Antivirus alerted me that it was infected with trojan horse Agent.HKI. I clicked heal and it said the restoration was successful. And it DETECTED another trojan horse called generic7.IGZ. I clicked heal and it said the restoration was successful. This is really a shock because on Sunday Sept 9, I had scanned my computer (in safemode) with AVG Antivirus, AVG free Anti spyware , Spybot search and destroy (all updated with the latest definitions) and everything came back fine. I am wondering how this happened, is it that perhaps in safemode not everything can be detected be anti-virus/spyware programs? Or maybe it is because these last 3 days I have been forced to connect to the internet for hours at a time without my firewall? Right now I am scanning my computer for more virus and it takes between 6 and 7 hours so I'll give you the results tomorrow. krontypeGreetings All, Here's the scanning results of last night under the new user profile. AVG Antivirus found that the ohciusb.old (in my C://WINNT\system32\drivers\) was infected with the trojan horse Agent.HKI and deleted it. And a few days ago I had made copies of the ohciusb.sys and the ohciusb.syt files and placed them on my secondary drive. Last night AVG Antivirus found them to be infected with trojan horse Agent.HKI and deleted them as well. I restarted the computer. The new user profile seems to be working with no problem. I am scanning the C://WINNT\system32\drivers\ folder to see if there are anymore viruses. Can't spend a lot of time with it today unforunately I have classes all day and won't be home until late. However I'll post my findings later. krontypeGreetings Everybody, My computer is now almost functioning completely normal. I didnot have to delete my old user profile. After the viruses were deleted I was able to log on with my original profile. The only thing that is different now is that I get a dialog box which states the following: The drive or network connection that the shortcut '.lnk' refers to is unavailable. I'll find what shortcut that is referring to and delete that. Thanks to patio and street1 for the help and suggestions. krontypeGood call patio.

Discussion

No Comment Found

Related InterviewSolutions