Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista 64 Deteriorating rapidly.


  • This topic is locked This topic is locked
12 replies to this topic

#1 Arioch13

Arioch13

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 30 June 2009 - 11:23 PM

I am struggling to make my installation of Vista 64 bit stable. I recently obtained the 64 bit media from MS to replace my old 32 bit home premium discs. Installed and ran fine for a while after updating some drivers for the sound and video. However, I did notice an odd intermittent issue with the display from time to time at first boot the screen would lock up on one colour or a scrambled display of colours. This problem seems to be getting much worse with vista now locking up 2 or 3 times every time I start the machine. It then goes into vista eventually and if it starts to run and is left alone for a while will then run for hours with no problem.

I just installed the latest update drivers from Nvidia as they just recently updated again but no joy. I am totally stuck and this issue is really causing me a serious problem. have alot of things installed that would be very painful indeed to reinstall so I dont want to go back and reinstall the whole machine yet again except as a real last resort. Have seen my cursor wizzing round the screen on its own on a couple of occasions whichs makes me suspicious that I have some sort of malware issue. Hi jack this log as follows: Any assistance you can provide in closing in on this problem would be extremely gratefully recieved.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:11:45, on 01/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\NetWorx\networx.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files (x86)\NetWorx\networx.exe" /auto
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: O&O Gateway Agent Service (GatewayAgentService) - O&O Software GmbH - C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6247 bytes

Thankyou very much indeed if your reading this.

Simon

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 04 July 2009 - 08:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 Arioch13

Arioch13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  

Posted 05 July 2009 - 03:27 AM

Just very grateful for the response. Thankyou.

The system is currently operating normally and for the last couple of hours has been unusually stable. will run it to the end of today and see if the problem is resolved. If it is I have no idea why it is or what caused it as I dont think I have done anything to address the problem. Will confirm back in 48 hours.

Thankyou very much. Please bear with me.

#4 Arioch13

Arioch13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 05 July 2009 - 02:02 PM

Hi the stability lasted a few more minutes after I sent that last reply. haha but I am ever the optimist.

Tried to utilise both of the tools on the links you sent me here. Both of them give an error. Wont run with your operating system. i am using 64bit windows home premium. Tried deactivating anti virus to run but same error is triggered.

Do you have another possible tool or something I can post which helps identify the nature of the problem?

Thanks again for replying.

#5 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:46 AM

Posted 07 July 2009 - 04:39 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

First, make sure you backup all of your data, just in case.

I need you to go to the administration tools in Vista. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#6 Arioch13

Arioch13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 13 July 2009 - 06:57 PM

Hi there. !

Not been able to get online at home for any length of time as the machine was unusable.

I think I am now on the right track to resolving it but would welcome some help understanding why this is working and what else I can do to totally resolve the issue. Assuming its not just a fluke than anything I have done so far has made a difference.

After methodically going through my system piece by piece looking for errors. Basically I simply unplugged and reinstalled everything part by part. I eventually got to the various hard drives (I use 4x SATA drives. ) I found when I only had one installed the system worked fine. This gave me a starting point at least and wasnt something I had looked at. After plugging the othe drives back in. Sure enough it started doing the same thing. Crashing and scrambling the display. I have no idea why it manifests itself in a scrambled display but thats what I found.

I looked up the problem on various forums and found its an issue with the motherboard chipset, specfically the drive controllers. There is a chipset update on the EVGA website with update nvidia chipset drivers. I installed this about 5 hours ago and it seems to have been fine since then.

Since I did this the system has been vastly more reliable. It booted several times without a problem and was stable for hours. Then... It hit again and the display scrambled. On trying to reboot it simply stopped doing anything and the screen stayed black after I tried to enter my login password. I then rebooted once again and its working fine.

Tring to upload the files you asked for but full log was coming up too large. However I just sent 7days of the system logs. The pattern shown there is pretty much repeated almost identically for over a month. Same critical errors based upon the processor power management option. (I assume this refers to my turning off intel speed step in the BIOS so I can play with the overclocking) but the only other critical I see is this nvlddmkm.sys one. Looks like it still happening even after update those chipset drivers which I had hoped had fixed the problem.

Attached Files


Edited by Arioch13, 13 July 2009 - 07:32 PM.


#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:46 AM

Posted 13 July 2009 - 10:56 PM

I would say you have found the problem. Go back to the number of drives it is stable with, and check the drivers to see if they have reverted. You may just need to purchase a SATA controller expansion card, and move the control of the SATA from the motherboard to the expansion card.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#8 Arioch13

Arioch13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 14 July 2009 - 07:31 AM

Thankyou.

Will buy that expansion card and see if that works. Thanks.

#9 Arioch13

Arioch13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 14 July 2009 - 09:35 AM

Just got back after going an ordering the SATA2 Controller. Tried disconnecting all the extra SATA devices I which arent critical so I could at least do some work and play some games while I wait for the controller to arrive.

Too my horror the PC is still having the same issues even without the other devices. Still getting crashed display with garbled colours etc. Saw a new error message on one attempt. DRIVER_IRQL_NOT_LESS_OR EQUAL and again the message following that about nvlddmkm.sys

Hopefully the new SATA2 controller will still resolve the issue. I have just noticed what I think is a new message at the very start of the machine initialisation which didnt appear until recently to my knowledge.

Loading Jmicron PCIE RAID to SATAII Driver. It then say no drives detected. Any idea what this is. Its something that seems relatively new to the system and which I havent seen before. Could this be part of my problem? Certainly seems that the SATA control is confused and I wonder if this is something to do with it.

Thanks for any help or advice you can offer.

#10 Arioch13

Arioch13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 14 July 2009 - 04:22 PM

As an experiment I just installed Vista 32 bit on a different drive and ran that. Similar thing happened. Ran fine for quite some time. I then got a message about a windows message about a fault with: Intel Quickpath Architecture I/O Hub. Solution centre finds a solution and offers a new driver from intel. I downloaded this and started crashing again shortly after that. Could be co incidence but it was one of the last things I did before it started crashing again. Interesting thing is both 32 bit and 64 bit vista recognise an issue with the driver and suggest the same solution. Not sure if this is the only problem or not but certainly seems too strange to be co incidence. I dont see any critical errors in the event log except for unscheduled shutdown when I shutdown after the display crash and various vista updates failing for the same reason.

Any ideas? I have totally no idea what I can do from here.

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:46 AM

Posted 14 July 2009 - 04:35 PM

try going back to the previous version of the driver.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 Arioch13

Arioch13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 15 July 2009 - 11:13 AM

Tried going back to the old drivers.No joy. Removed my graphics card (Asus GTX280) and borrowed a friends old 8500 to test my machine. Hey presto no problems at all.

It seems my card is damaged. Reinstalling changing slot etc made no difference. Its only 4/6 months old so not ancient by any means.

I have no got a new ATI 4870 x2. Hopefully this will prove more reliable. The card was never overclocked or in a hot environment. In fact the room the machine sits in is air conditioned to a level uncomfortable for most people (but not me apparently hehe) The card supposedly has a 3 year warranty so I am going to make my claim there. Hopefully I will get it replaced or repaired so I can put it in a different machine.

Thanks for trying to help me out.

Nooow. I just got to try and work out how to install the new V8 cooler thing I bought at the same time. Could resist it, was just sitting there looking all appealing ... and while I had the credit card out.... Oh dear oh dear. Its moments like that which give the missus all the ammunition she needs for a shopping spree of her own lol. I am sure I will be sorry on multiple counts not just the fact my 380 graphics card turned out to be unreliable.

Best regards..

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:46 AM

Posted 16 July 2009 - 12:52 AM

Just tell her I told you to spend the money. I like getting blamed for things. Its a hobby. :thumbup2:

Do you have any other questions or concerns?

Sorry about recommending the SATA card, but you should be able to return it, as you don't even need to open it.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users