Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Shutting Down Instantly & Unexpectedly - Many Event Log Errors


  • This topic is locked This topic is locked
5 replies to this topic

#1 forums123

forums123

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 18 January 2010 - 08:14 PM

Running <1year old Gateway LX6810-01 Desktop - Vista Home Premium 64 - 8GB Ram

My first time using HJT and posting to a forum so please forgive if I make any mistakes or forget any important details.

I think this computer is a piece of crap, but maybe its just infected with some type of Trojan or malware that is causing sudden shutdowns and then other difficult behaviors. Gateway support is worthless, they want me to pay for warranty service $80 just to open a warranty ticket. mad.gif

Computer is crashing more frequently and is getting harder to reboot. There is not BSOD or any warnings, just black screen, all lights off, disk stops complete silence! Then On reboot, black screen and no logon screen for a long time while disk whirrs away constantly. What the hell is this thing doing? Also, the system restore to prior checkpoint failed. sad.gif

I also have alot of repeating errors in my event logs (some posted below)

Anyhow, here is my HJT Scan Log Report - Can anyone advise me if they see anything wrong?
---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:59 PM, on 1/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Palm\AlarmApp_PSI.exe
C:\Windows\CNYHKey.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Users\March2009\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\ChiFuncExt.exe
C:\Users\March2009\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\March2009\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpressServer.exe
C:\Users\March2009\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
C:\Users\March2009\AppData\Roaming\mjusbsp\magicJack.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=lx6810-01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=lx6810-01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=lx6810-01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=lx6810-01
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [cdloader] "C:\Users\March2009\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\March2009\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Alarm Manager.LNK = ?
O4 - Global Startup: SmartCopy.lnk = C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
O4 - Global Startup: SmartLauncher.lnk = C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...reqlab_test.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files (x86)\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SysWOW64\OpcEnum.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10903 bytes

=========
Some of the Event Log message found in Event Viewer Console


-------
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

-------------

The description for Event ID 256 from source FxControl Runtime cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Exception-Controller is not currently supported on this operating system. [1009:211]
[1000:238]


-------------
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

=--------------

Faulting application FxControl.exe, version 5.80.0.4541, time stamp 0x47f31e7f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x940, application start time 0x01ca937cc1e2ae50.

----------
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

my notes:
something to do with wmi and permissions and repository folder
also, repository folder has unknown account s-1-5-32-551 under groups or user names for Permissions settings



---------

The HP CUE DeviceDiscovery Service service hung on starting.

-----
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user March2009-PC\March2009 SID (S-1-5-21-3714278889-1450193354-2648561575-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

- System

- Provider

[ Name] Microsoft-Windows-DistributedCOM
[ Guid] {1B562E86-B7AA-4131-BADC-B6F3A001407E}
[ EventSourceName] DCOM

- EventID 10016

[ Qualifiers] 49152

Version 0

Level 2

Task 0

Opcode 0

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2010-01-11T08:15:06.000Z

EventRecordID 160024

Correlation

- Execution

[ ProcessID] 0
[ ThreadID] 0

Channel System

Computer March2009-PC

- Security

[ UserID] S-1-5-21-3714278889-1450193354-2648561575-1000


- EventData

param1 application-specific
param2 Local
param3 Activation
param4 {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
param5 March2009-PC
param6 March2009
param7 S-1-5-21-3714278889-1450193354-2648561575-1000
param8 LocalHost (Using LRPC)

*************** regedit **********************
Computer\HKCR\CLSID\{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}\

(Default) NvAppFilterSvr Class
AppID {066FCC09-2096-4EEF-AA2F-353DB80F1BF8}

\LocalServer32 Folder\
(Default) "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"


-------------
Hugh:
You might want to check this thread here:
http://www.microsoft.com/communities...g=e...p;cr=US&p=1
Read "Brian Muth" comments on 8/15 about the Component Services tool usage.

Hope that helps!
Carlos
---

http://www.velocityreviews.com/forums/t544...this-error.html

Hi Carlos
Well I finally got to the place where to give application-specific
permission. That's quite a process. I followed this guide,which was a help
link in the error message. Event log online help took me here
:http://www.microsoft.com/technet/sup...DCOM&LCID=4105
To assign permissions

1.. Using Regedit
, navigate to the following registry value
HKCR\Clsid\clsid value\localserver32
The clsid value is the information displayed in the message.
2.. In the right pane, double-click Default. The Edit String dialog box is
displayed. Leave this dialog box open.
3.. Click Start, and then click Control Panel.
4.. Double-click Administrative Tools, and then double-click Component
Services.
5.. In the Component Services snap-in, expand Computers, expand My
Computer, and double-click DCOM Config.
6.. In the right pane, locate the program by using its friendly name.
7.. Right-click the program name, and then select Properties.
8.. On the Security tab, in the Launch and Activation Permissions group
box, select Customize, and then click Edit.
Add the user to the permissions list, and give the user the appropriate
permissions.

Hope this fixes that error message & does not lead to something else screwed
up...LOL

I wonder If I have to re-boot for that to take effect........better reboot
to be on safe side.....

CUL Carlos & thks again. rebooting..................

-------

=============================
application events:

info:
Fault bucket 111712637, type 5
Event Name: ServiceHang
Response: None
Cab Id: 0

Problem signature:
P1: hpqddsvc
P2: hpqddsvc.dll
P3: 100.0.190.0
P4: 20
P5: 2
P6:
P7:
P8:
P9:
P10:

Attached files:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report10460e42\WERD48.tmp.version.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report10460e42\WERD49.tmp.mdmp

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report01fa222f

---------
Fault bucket 873482157, type 1
Event Name: APPCRASH
Response: None
Cab Id: 0

Problem signature:
P1: FxControl.exe
P2: 5.80.0.4541
P3: 47f31e7f
P4: StackHash_fd00
P5: 0.0.0.0
P6: 00000000
P7: c0000005
P8: 00000000
P9:
P10:

Attached files:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0b1caa71\WER958A.tmp.version.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0b1caa71\WER95AA.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0b1caa71\WER95F9.tmp.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0b1caa71\WERA9A9.tmp.mdmp

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report0db4cb78

-----------

ERROR:

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

-----
These policies are being excluded since they are only defined with override-only attribute.
Policy Names=(IIS-W3SVC-MaxConcurrentRequests) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w)
App Id=55c92734-d682-4d71-983e-d6ec3f16059f
Sku Id=bffdc375-bbd5-499d-8ef1-4f37b61c895f

---------

The program ehshell.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 206c Start Time: 01ca917591df9e68 Termination Time: 0

-------


===============
SECURITY AUDIT FAILURE:

Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2

---

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

---------
DCOM started the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}

-------
DCOM started the service ehSched with arguments "-Service" in order to run the server:
{4B635ECB-0887-4015-8CA6-D621362F98D1}
-------

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

Edited by Animal, 18 January 2010 - 08:34 PM.


BC AdBot (Login to Remove)

 


#2 forums123

forums123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 18 January 2010 - 10:51 PM

I downloaded and ran the UBCD (Ultimate Boot CD) CPU stress test and MPrimes test for about 100,000 iterations with no error. Then I ran the WMD(Windows Memory Diagnostic) test from the Utilities provided by the UBCD and it nearly passed, computer was running fairly stable, making me think maybe this is just a problem with my windows installation, then suddenly on test 6 of 6, computer shut down(powered off) completely without warning. wacko.gif I was unable to read any memory test results because it did not finish and is stored in the ram disk which is lost when the computer shuts off. crazy.gif

Do you think this is a bad memory card, motherboard or power supply?

I'm going to dust out the case (very dusty bunny) and run it with only 1 of the 4 cards and see if its stable, if not, swap out the memory card for another and repeat. I think this computer has 4 cards x 2GB each. (DDR2 800mhz FSB).

Also, what boot diagnostic tools are out there that can test the motherboard, memory and power supply and give me a log or report such that I can get the results even if the test causes a system shutdown mid-test?

Any advice is greatly welcomed please.

Thanks,
Dave

p.s. I'll never buy a Gateway computer ever again. Its not even a year old and its breaking down. It started giving me trouble at about 2 months, tv tuner not working, can't get driver updates from nvidia, xD picture card reader 15-in-1 slot broke after 6 months. Gateway support keeps telling me to do a complete system restore and wipe out my hard drive as their way of solving problems. After that doesn't work, they force you to pay for "Level 2" tech support about $100 to open a warranty ticket! Now at about 10 months of ownership, constant shutdown/crash problems! On top of all this if I do pay them for warranty, I have to pay for shipping and be without a computer for like 2 months! dry.gif

Edited by forums123, 18 January 2010 - 10:56 PM.


#3 forums123

forums123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 19 January 2010 - 10:36 AM

I found numerous comments on a review site regarding this computer and this problem is very common. People are saying that the cooling system is poorly designed and it helps to clean the dust out and add more cooling fans. Also, there is a BIOS update released July 2009 that increases the cpu fan speed to max. I am weary of doing a BIOS flash because somepeople have had their computer become completely unusable after attempting this. Instead I disabled Smart Fan in my BIOS settings and the fan now runs at FULL SPEED (very loud!) But so far the computer has been running stable. So perhaps the claim is true that the system is getting overheated. I heard that some computers suffer irreversible damage from this overheating problem.

Anyhow, I installed and ran Malware Bytes Anti-Malware and it found something called Hijack.DisplayProperties set to True.

I'm still hoping someone can look at my HJT log and my other comments to see if they can find the cause of all those event error messages in the windows event log.

Dave

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 22 January 2010 - 09:19 AM.


#4 forums123

forums123
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 24 January 2010 - 06:04 PM

computer running stable now. I have tried 2 things and both work.

1) Go into BIOS setup screen at bootup by pressing F2 and then Disable Automatic Fan control (fan will now blow at max speed and keeps CPU nice and cool - but this is very loud)

2) Download AMI BIOS update released on July 2009 by Gateway. Basically it increased the CPU fan speed to apprx 50% of maximum ( this was enough to keep the computer running without unexpected shutdowns ) but I still don't know what will happen when I put a serious load on the computer. So far I've only been gentle on it, light web surfing and email.

The Built in NVIDIA TV Tuner Still with Windows Media Center doesn't work with COMCAST, unable to receive any stations at all.
The 15-in-1 media card reader is still broken ( no warranty from Gateway )

I still advise others not to buy from Gateway or Acer or eMachines unless you get an extended warranty from the retailer so you can take it back for free.

Thanks,
Dave

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:35 PM

Posted 25 January 2010 - 09:02 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Do you still want your logs checked or do you considered the topic as solved?

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

Edited by myrti, 25 January 2010 - 09:04 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:35 PM

Posted 05 February 2010 - 03:58 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users