Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista 64 Freezes


  • Please log in to reply
24 replies to this topic

#1 JulianL

JulianL

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 31 July 2009 - 05:12 PM

I've been fighting this problem for about a month now, and need some serios help. I'm assuming I have some malware, though none of the products that I've used find anything more than some tracking cookies.

I'm running Windows Vista Home Premium 64 on a Sony Vaio VGN-AW190J. I have the automatic Windows Update turned on, and apply them as they arrive. I have used AdAware, MBAM, Spybot S&D, and SAS most recently.

If I'm not running in Safe Mode, then I can expect a freeze anywhere from 1 minute to a few hours after booting. The only way out when it locks up is to power off. When the lockup occurs, I'll get a (Not Responding) in the window title, and any further clicking will 'gray out' the window, and then the desktop. The cursor moves, but nothing else wiggles. There are no updated drivers for my (Sony version of) NVidia GeForce 9600M GT.

If I boot the machine, and do not logon in short order, then it will freeze almost immediately. Whenever the screen saver came on, it would freeze when I tried to use the machine again. I disabled the screen saver entirely to solve that reason for freezing. I noticed that the freezing occurs sooner if I have the Ethernet cable plugged in (or the wireless turned on) when I boot. I can usually get a little time online if I stay disconnected until after the machine has booted. I have updated to the latest drivers for both the wired and wireless adapters.

I have been looking at your Startup List and Uninstall List, without anything jumping out at me, though I have turned off a number of items using AutoRuns.

When manually running Windows Live OneCare's AV checker yesterday, it froze up when scanning C:\Windows\SysWOW64\drivers\DMICall.sys. I turned that file off using AutoRuns, and renamed it to DMICall NOT.sys. The next run of OneCare's AV checker froze up on the file AFTER it scanned DMICall NOT.sys. I ran a chkdsk and defrag, and rebooted, and it just froze up again when scanning DMICall NOT.sys.

Where do we go from here?

BC AdBot (Login to Remove)

 


m

#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:18 PM

Posted 01 August 2009 - 09:20 PM

I would suggest re-enabling everything in Autoruns while trying to solve you problem

How to Find BSOD (Blue Screen) Error Messages

http://www.bleepingcomputer.com/forums/t/74712/how-to-find-bsod-error-messages/
--------------------------

How to receive help diagnosing Blue Screens and Windows crashes

http://www.bleepingcomputer.com/forums/t/176011/how-to-receive-help-diagnosing-blue-screens-and-windows-crashes/
------------------------------

How To Use the Event Viewer Applet

http://www.bleepingcomputer.com/forums/t/40108/how-to-use-event-viewer/
----------------------------
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 JulianL

JulianL
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 02 August 2009 - 01:17 PM

Hi Mark,

Thanks for your reply. I am using my trusty XP box to do my communicating, since I cannot rely on the Vista machine to run long enough to get anything accomplished. To reiterate my issue, my machine is not crashing, it simply freezes up and fails to respond to anything other than the mouse and the power button.

I just re-enabled everything with autoruns, and restored the name of my suspicious file back to DMICall.SYS.

Note - It just locked up again on me, though it was acting normally prior to clicking on the Start button to shut the machine down for a reboot. I had opened/closed autoruns, and opened/closed window explorer to rename the file. I had neither wired nor wireless connections running. I now have the typical behavior for when it freezes: first a continuous hard drive light for maybe 30 seconds, followed by a couple of HD accesses per second, so brief that I have to shade the light with my hand to even see the blink. Time to power it off again.

Would you prefer an ethernet connection when doing whatever we do next? And do you want the reboot to be in safe or normal mode? I'll do nothing until I hear from you.

Julian

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:18 PM

Posted 02 August 2009 - 07:43 PM

DMICall.SYS. is a legitimate XP Windows file File DMICall.sys is located in the folder C:\Windows\System32\drivers. Anywhere else would be suspicious
What is the make and model of your computer?

The next time it does it, restart the computer and go into the Event Viewer and see what is the last problem listed
Copy/paste it in your next reply

How To Use the Event Viewer Applet
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 JulianL

JulianL
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 02 August 2009 - 10:11 PM

I'm running Windows Vista Home Premium 64 on a Sony Vaio VGN-AW190J.

From what I've googled, that DMICall file CAN be a valid Sony file, used for 'special keys', but it sounds like it may also be malware in some instances. There seems to be some question as to whether it SHOULD be a 64-bit file, but that it IS a 32-bit file.

I looked in the Event Log to see what I could find from the last time it froze (during my last post). There was nothing to be found under the application logs, and in the system logs, I had two DMICall.SYS errors recorded for the current boot (as opposed to when it froze last time.)

One of errors says:
The following boot-start or system-start drivers(s) failed to load:
DMICall

The other error message says:
\SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

It looks like the last three times the computer froze, the final entry in the event log was:
Windows OneCare Live scan has started.
Scan ID: {1D667C0B-28E6-4097-A726-C0FD4A2A12D9}
Scan Type: AntiMalware
Scan Parameters: Quick Scan
User: NT AUTHORITY\SYSTEM

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:18 PM

Posted 03 August 2009 - 07:29 PM

If you still have DMICall NOT.sys. rename the file extension from .sys to .scr
Try downloading this Sony update for the chipset:
http://esupport.sony.com/US/perl/swu-downl...62&os_id=34
See what happens
We'll probably move this to AII and run some scans
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 JulianL

JulianL
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 03 August 2009 - 08:16 PM

I renamed the file to DMICall.scr, and ran the install for the original chipset. Rebooted.

DMICall is still in Autoruns, so I got the same error as earlier:
The following boot-start or system-start drivers(s) failed to load:
DMICall

Since I no longer have a DMICall.sys file (it's been renamed), I did NOT get this message now:
\SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

The Windows OneCare Live AntiMalware scanner started, and ran for a couple of minutes before I locked up trying to close the Perfomance Monitor. I had good valid-looking hard drive accesses, and then it went to a solid light.

Time for some scans?

#8 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:18 PM

Posted 03 August 2009 - 08:34 PM

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
--------------------------------

Then run ATF and SAS


ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

------------------------------------

SAS,may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
-----------------------------------

Finish up with Dr Web

Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 JulianL

JulianL
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 04 August 2009 - 11:44 AM

1. Ran MBAM - found no problems, log follows. (I have run this in the past.)

Malwarebytes' Anti-Malware 1.40
Database version: 2555
Windows 6.0.6002 Service Pack 2

8/3/2009 7:13:50 PM
mbam-log-2009-08-03 (19-13-50).txt

Scan type: Quick Scan
Objects scanned: 93367
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2. Ran ATF for both 'Main' and 'Firefox'. It cleaned some stuff in both cases.

3. Ran SAS - found no problems, log follows. (I have run this in the past.)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/03/2009 at 08:56 PM

Application Version : 4.27.1000

Core Rules Database Version : 4036
Trace Rules Database Version: 1976

Scan type : Complete Scan
Total Scan Time : 01:27:07

Memory items scanned : 155
Memory threats detected : 0
Registry items scanned : 7083
Registry threats detected : 0
File items scanned : 193792
File threats detected : 0

4. Ran Dr. Web CureIt, which did find some problems. Log follows.

couponprinter(2).exe\data012;C:\Documents and Settings\Julian\Desktop\couponprinter(2).exe;Adware.Coupons.34;;
couponprinter(2).exe\data013;C:\Documents and Settings\Julian\Desktop\couponprinter(2).exe;Adware.Coupons.34;;
couponprinter(2).exe\data015;C:\Documents and Settings\Julian\Desktop\couponprinter(2).exe;Adware.Coupons.34;;
couponprinter(2).exe\data016;C:\Documents and Settings\Julian\Desktop\couponprinter(2).exe;Adware.Coupons.34;;
couponprinter(2).exe;C:\Documents and Settings\Julian\Desktop;Container contains infected objects;Moved.;
couponprinter.exe\data012;C:\Documents and Settings\Julian\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data013;C:\Documents and Settings\Julian\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data015;C:\Documents and Settings\Julian\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data016;C:\Documents and Settings\Julian\Desktop\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe;C:\Documents and Settings\Julian\Desktop;Container contains infected objects;Moved.;
couponprinter(2).exe\data012;C:\Documents and Settings\Julian\DoctorWeb\Quarantine\couponprinter(2).exe;Adware.Coupons.34;;
couponprinter(2).exe\data013;C:\Documents and Settings\Julian\DoctorWeb\Quarantine\couponprinter(2).exe;Adware.Coupons.34;;
couponprinter(2).exe\data015;C:\Documents and Settings\Julian\DoctorWeb\Quarantine\couponprinter(2).exe;Adware.Coupons.34;;
couponprinter(2).exe\data016;C:\Documents and Settings\Julian\DoctorWeb\Quarantine\couponprinter(2).exe;Adware.Coupons.34;;
couponprinter(2).exe;C:\Documents and Settings\Julian\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
couponprinter.exe\data012;C:\Documents and Settings\Julian\DoctorWeb\Quarantine\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data013;C:\Documents and Settings\Julian\DoctorWeb\Quarantine\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data015;C:\Documents and Settings\Julian\DoctorWeb\Quarantine\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe\data016;C:\Documents and Settings\Julian\DoctorWeb\Quarantine\couponprinter.exe;Adware.Coupons.34;;
couponprinter.exe;C:\Documents and Settings\Julian\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
TBSETUP.EXE\data004;C:\Program Files (x86)\Online Services\AOL\COMPS\TBSETUP.EXE;Trojan.PWS.GoldSpy.origin;;
TBSETUP.EXE;C:\Program Files (x86)\Online Services\AOL\COMPS;Archive contains infected objects;Moved.;

I meant to ask a question regarding the DMICall file. You had me rename that file from SYS to SCR, and then run the "Sony update for the chipset." Should I have seen a new DMICall.SYS file installed?

I booted my machine this morning, and the OneCare dialog box says there are problems in the startup "that are affecting security or performance". It does not say what those problems are, it just wants me to click the Fix button.

I started the Windows Live OneCare anti-virus scanner to see if it would fail. It it sitting there now, locked up scanning the file DMICall.SCR. Time to power off.

Julian

P.S. I don't see anything on my user interface here that allows me to attach a file. What am I missing?

#10 JulianL

JulianL
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 04 August 2009 - 11:50 AM

I just noticed the number of files scanned by each of the apps that I ran. I was watch Dr. Web run, since it was the last one run before I could call it a night. The log doesn't indicate it, but it scanned about 550,000 files of roughly 590,000 total. The SAS log says "File items scanned : 193792", and the MBAM log says "Objects scanned: 93367". Did I run SAS/MBAM with incorrect settings, or do they just scan a small portion of the total number of files?

Julian

#11 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:18 PM

Posted 04 August 2009 - 07:58 PM

I meant to ask a question regarding the DMICall file. You had me rename that file from SYS to SCR, and then run the "Sony update for the chipset." Should I have seen a new DMICall.SYS file installed?

I wasn't quite sure, I didn't think it would reinstall

I booted my machine this morning, and the OneCare dialog box says there are problems in the startup "that are affecting security or performance". It does not say what those problems are, it just wants me to click the Fix button.

Go ahead and let it fix it

P.S. I don't see anything on my user interface here that allows me to attach a file. What am I missing?

I don't believe you can in this particular forum, it's all cut and paste

Did I run SAS/MBAM with incorrect settings, or do they just scan a small portion of the total number of files?

In short, that is just the way each tool is design

Seeing how we have determined that the files is not needed for 64 bit systems, I would rename it back to its original name and then delete it
I would make a backup with Erunt first
--------------------------------------


Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Do not use the NTREGOPT that comes with the installation package.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. If you are using Windows Vista, right click the icon and select "Run As Administrator." Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes only if you are using Windows XP. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you may, remove ERUNT using Add/Remove Programs.


Note: to restore your registry, go to the folder and start ERDNT.exe
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#12 JulianL

JulianL
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 04 August 2009 - 09:09 PM

I let Windows OneCare fix the "problems in the startup "that are affecting security or performance".".

I renamed the DMICall back to a .SYS extension, and moved it to a USB drive.

I installed Erunt, and ran it to create a backup.

I shut down the machine (normally, for a change.)

What's next?

#13 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:18 PM

Posted 05 August 2009 - 06:55 PM

Well, with the DMICall file removed from the computer, use it like you would normally. Run some scans and do whatever, and see if it will remain running without locking up
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#14 JulianL

JulianL
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 05 August 2009 - 07:19 PM

Yes, it locked up again, scanning file "\\?\c:\Windows\sysWOW64\drivers\gmreadme.txt

The files contained in that folder are:
mbamswissarmy.sys
104D_SONY_VGN-AW190J.mrk
Sony_VGN-AW190J.mrk
gm.dls
gmreadme.txt
folder en-US
pacer.sys.mui
qwavedrv.sys.mui
folder UMDF
folder en-US
no files in folder

#15 JulianL

JulianL
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 05 August 2009 - 09:12 PM

Is it possible we're just running into a problem with Windows Live OneCare's A/V checker?

I ask because I found this info on http://remove-malware.com/reviews (and there is no WAY it could be biased ;~}):
Microsoft OneCare Review
removal of detected malware very difficult,
does not scan in safemode which makes malware removal nearly impossible,
slow scanning,
freezes OS when trying to remove malware and often requires a reboot

Obviously, my system didn't behave like this before (locking up), but the problem always seems to occur now when OneCare's A/V scanner is running.

It just locked up doing the Quick Scan (from my last post), and did so on the Windows\sysWOW64\drivers folder, but...

I ran a custom scan, scanning only the files in c:\Windows\sysWOW64\drivers, and did not have a problem.
I ran a custom scan, and scanned the files in c:\Windows\sysWOW64, and did not have a problem.
I ran a custom scan, and scanned the files in c:\Windows, and did not have a problem.

===============================================================================

Here's the last few event logs where this happened (locked up when running the OneCareA/V scanner):

The 6008 Event Id (at the top of each group) means "The previous system shutdown at (time) on (date) was unexpected."
That shows up upon rebooting.
In each case, the OneCareMP 1000 Event ID (A/V scanner started) occurred shortly before I powered-off the machine.
I guess the other event(s) in that neighborhood, if any, could also be suspect.

===============================================================================
Error 8/5/2009 5:11:24 PM EventLog 6008 None
Error 8/5/2009 5:11:16 PM Application Popup 1060 None
Information 8/5/2009 5:11:16 PM Application Popup 26 None
Error 8/5/2009 5:11:16 PM Application Popup 1060 None
Information 8/5/2009 5:11:16 PM Application Popup 26 None
Information 8/5/2009 5:11:12 PM Kernel-Processor-Power 4 None
Information 8/5/2009 5:11:12 PM Kernel-Processor-Power 4 None
Information 8/5/2009 5:11:12 PM yukonx64 83 None
Information 8/5/2009 5:11:08 PM NETw5v64 7036 None
Information 8/5/2009 5:11:00 PM Tcpip 4201 None
Information 8/5/2009 5:11:00 PM Tcpip 4201 None
Information 8/5/2009 5:11:00 PM FilterManager 6 None
Information 8/5/2009 5:11:00 PM FilterManager 6 None
Information 8/5/2009 4:59:18 PM Service Control Manager Eventlog Provider 7036 None
Information 8/5/2009 4:59:15 PM TBS 537 None
Information 8/5/2009 4:59:15 PM PnP-X IP Bus Enumerator Service 1000 None
Information 8/5/2009 4:59:17 PM Service Control Manager Eventlog Provider 7036 None
Information 8/5/2009 4:59:16 PM Service Control Manager Eventlog Provider 7036 None
Information 8/5/2009 4:59:15 PM Service Control Manager Eventlog Provider 7036 None
Information 8/5/2009 4:59:15 PM Service Control Manager Eventlog Provider 7036 None
Information 8/5/2009 4:59:15 PM Service Control Manager Eventlog Provider 7036 None
Information 8/5/2009 4:59:14 PM Service Control Manager Eventlog Provider 7036 None
Information 8/5/2009 4:58:34 PM OneCareMP 1000 None

===============================================================================
Error 8/4/2009 6:58:55 PM EventLog 6008 None
Information 8/4/2009 6:58:54 PM FilterManager 6 None
Error 8/4/2009 6:58:45 PM Application Popup 1060 None
Information 8/4/2009 6:58:45 PM Application Popup 26 None
Error 8/4/2009 6:58:45 PM Application Popup 1060 None
Information 8/4/2009 6:58:45 PM Application Popup 26 None
Information 8/4/2009 6:58:42 PM Kernel-Processor-Power 4 None
Information 8/4/2009 6:58:42 PM Kernel-Processor-Power 4 None
Information 8/4/2009 6:58:42 PM yukonx64 83 None
Information 8/4/2009 6:58:38 PM NETw5v64 7036 None
Information 8/4/2009 6:58:30 PM Tcpip 4201 None
Information 8/4/2009 6:58:30 PM Tcpip 4201 None
Information 8/4/2009 6:58:30 PM FilterManager 6 None
Information 8/4/2009 6:58:30 PM FilterManager 6 None
Information 8/4/2009 12:13:47 PM Service Control Manager Eventlog Provider 7036 None
Information 8/4/2009 12:00:56 PM EventLog 6013 None
Information 8/4/2009 11:59:30 AM Service Control Manager Eventlog Provider 7036 None
Information 8/4/2009 11:34:00 AM Service Control Manager Eventlog Provider 7036 None
Information 8/4/2009 11:29:22 AM Service Control Manager Eventlog Provider 7036 None
Information 8/4/2009 11:20:20 AM OneCareMP 1000 None

===============================================================================
Error 8/4/2009 11:05:14 AM EventLog 6008 None
Error 8/4/2009 11:05:06 AM Application Popup 1060 None
Information 8/4/2009 11:05:06 AM Application Popup 26 None
Error 8/4/2009 11:05:06 AM Application Popup 1060 None
Information 8/4/2009 11:05:06 AM Application Popup 26 None
Information 8/4/2009 11:05:04 AM Kernel-Processor-Power 4 None
Information 8/4/2009 11:05:04 AM Kernel-Processor-Power 4 None
Information 8/4/2009 11:05:04 AM yukonx64 83 None
Information 8/4/2009 11:05:00 AM NETw5v64 7036 None
Information 8/4/2009 11:04:52 AM Tcpip 4201 None
Information 8/4/2009 11:04:52 AM Tcpip 4201 None
Information 8/4/2009 11:04:52 AM FilterManager 6 None
Information 8/4/2009 11:04:52 AM FilterManager 6 None
Information 8/4/2009 10:58:44 AM OneCareMP 1000 None

===============================================================================
Error 8/4/2009 10:47:37 AM EventLog 6008 None
Information 8/4/2009 10:47:27 AM BTHUSB 18 None
Error 8/4/2009 10:47:27 AM Application Popup 1060 None
Information 8/4/2009 10:47:27 AM Application Popup 26 None
Error 8/4/2009 10:47:27 AM Application Popup 1060 None
Information 8/4/2009 10:47:27 AM Application Popup 26 None
Information 8/4/2009 10:47:22 AM Kernel-Processor-Power 4 None
Information 8/4/2009 10:47:22 AM Kernel-Processor-Power 4 None
Information 8/4/2009 10:47:22 AM yukonx64 83 None
Information 8/4/2009 10:47:18 AM NETw5v64 7036 None
Information 8/4/2009 10:47:10 AM Tcpip 4201 None
Information 8/4/2009 10:47:10 AM Tcpip 4201 None
Information 8/4/2009 10:47:10 AM FilterManager 6 None
Information 8/4/2009 10:47:10 AM FilterManager 6 None
Information 8/4/2009 8:58:55 AM OneCareMP 1000 None

===============================================================================

I'll continue to do whatever you suggest, running scans or whatever, to resolve this issue .

However, I would like to disable the OneCare A/V scanner to see if that makes a difference.

I should have some A/V scanner running if I disable Microsoft's, so I could use a suggestion as to which A/V tool to run in its place.

Julian




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users