Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image--fix windows files?


  • Please log in to reply
15 replies to this topic

#1 markg2

markg2

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 15 February 2010 - 02:29 PM

The XP computer in question goes south every several days with a flurry of errors on the screen. At least one says something like Bad Image and then a file name and generally another says something about not enough system resources. Due to the low resources at the time of failure I cannot load Paint to paste a screen shot of the errors.

I do have a Trend Micro HijackThis logfile.

The computer is protected by Norton 360 and I have manually run the complete scan which is negative. The Lenovo machine ships with PC Doctor and a complete diagnostic is negative. I have additionally run Trends free download virus software and Spybot, both negative. Accordingly, I cannot believe that the problem has to do with a virus or malware.

I thought there was a way to run a diagnostic against all the Windows system files using an on-board Windows utility but cannot find it if it does exist. The computer shipped with an install image but no Windows CD.

Any suggestions?

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:47 PM

Posted 15 February 2010 - 02:58 PM

<<...with a flurry of errors on the screen.>>

Details?

FWIW: I recall "bad image" errors as typically being indicative of malware, but I can be wrong :thumbsup:.

You can download/install BlueScreenView - http://www.nirsoft.net/utils/blue_screen_view.html and get an idea of what the system sees as problematical.

No installation required, just double-click on BlueScreenView.exe file to run the program.

When scanning is done, Edit>Select All. Then File>Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Louis

#3 markg2

markg2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 15 February 2010 - 07:01 PM

In the lower of the two utility panels where specifics are listed there is a 3rd name highlighted that is not listed in the summaries below. That 3rd is: Filename hal.dll, Address in stack hal.dll+2450

Looks like I need to see what Lenovo's VD.... driver is doing and if I do not need it, deactivate it and if I do need it see if there isn't an update?


==================================================
Dump File : Mini062909-02.dmp
Crash Time : 6/29/2009 4:50:00 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x88bbd668
Parameter 3 : 0x88bbd680
Parameter 4 : 0x1a030001
Caused By Driver : VDProtect.sys
Caused By Address : VDProtect.sys+14d3
File Description : Sample File System Filter Driver
Product Name : Lenovo Commercial Code
Company : Lenovo
File Version : 1.00.1000.3
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\minidump\Mini062909-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini062909-01.dmp
Crash Time : 6/29/2009 1:58:41 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x887cf800
Parameter 3 : 0x887cf818
Parameter 4 : 0x1a030001
Caused By Driver : VDProtect.sys
Caused By Address : VDProtect.sys+14d3
File Description : Sample File System Filter Driver
Product Name : Lenovo Commercial Code
Company : Lenovo
File Version : 1.00.1000.3
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\minidump\Mini062909-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================



Mark

Edited by markg2, 15 February 2010 - 07:19 PM.


#4 markg2

markg2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 15 February 2010 - 07:32 PM

I used another util from the same group to find and determine the apparent problematic driver. Here's the information:

==================================================
Driver Name : VDProtect.sys
Address : 0xba3b8000
File Type : System Driver
Description : Sample File System Filter Driver
Version : 1.00.1000.3
Company : Lenovo
Product Name : Lenovo Commercial Code
Modified Date : 10/18/2007 1:59:20 PM
Created Date : 6/29/2008 8:10:48 AM
Filename : C:\WINDOWS\system32\drivers\VDProtect.sys
File Attributes : A
==================================================

I see where the hal.dll is a MS file so I doubt that it's problematic and most likely why it was not listed in the summary.

Mark

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:47 PM

Posted 15 February 2010 - 08:04 PM

That VDProtect.sys file is the problem...if it's valid. The file is probably damaged.

Louis

#6 markg2

markg2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 15 February 2010 - 08:52 PM

Thanks for the assist.

Mark

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:47 PM

Posted 16 February 2010 - 06:38 AM

Easily done, happy computing :thumbsup:.

Louis

#8 markg2

markg2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 16 February 2010 - 08:19 AM

One last question. Getting an answer to an underlying software problem from Lenovo is not always successful. In that regard their tech support is generally useless and one must rely on their forums whose reliability is 50/50.

The description of the driver in question appeared to indicate (from my point of view) that it was either one of little importance or one not even in current use.

A Google search for the driver only returned Chinese hits.

Is there a util that I can use within XP to suspend the driver and see what happens? Is there a way to determine ahead of time if such a move (even given the assumption that the driver is unimportant) will cause the computer to go unstable or unbootable?

Mark

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:47 PM

Posted 16 February 2010 - 09:02 AM

I'm not adept at projecting the future.

My approach is to remove the driver. If it's important, it may self-install from the drivers cache...if it's not important, XP may not be aware of its absence.

I suspect that the Lenovo/IBM forums would provide more data re it's value.

The only thing I can say for sure...Windows XP seems to think that it's making your current system sick.

Louis

#10 markg2

markg2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 26 February 2010 - 08:59 AM

After about 7 days the computer had a 'partial' problem. Partial in the sense the message was again a Bad Image but the computer did not run out of resources and was able to continue working.

I wrote down the two messages and they are as follows:

1. App or Dll C:\program files\lenovo\client security solutions tvtpwm_windows_hook.dll is not a valid windows image. check against install disk.

2. Message center Plus.net framework initialization error: message center plus.exe bad image

I ran the bluescreen util but what I saw appeared to be the results from the last dump. I couldn't find a run date to confirm. I did confirm that the only VDprotect driver file was the one that I'd renamed to .old.

Results:
Mini062909-02.dmp 6/29/2009 4:50:00 PM BAD_POOL_HEADER 0x00000019 0x00000020 0x88bbd668 0x88bbd680 0x1a030001 VDProtect.sys VDProtect.sys+14d3 32-bit C:\WINDOWS\minidump\Mini062909-02.dmp 2 15 2600
Mini062909-01.dmp 6/29/2009 1:58:41 PM BAD_POOL_HEADER 0x00000019 0x00000020 0x887cf800 0x887cf818 0x1a030001 VDProtect.sys VDProtect.sys+14d3 32-bit C:\WINDOWS\minidump\Mini062909-01.dmp 2 15 2600

Would it make sense to delete the existing dump locations for clarity? If so, how?

Any suggestions?

#11 markg2

markg2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 17 March 2010 - 08:57 AM

Hamluis (Louis)

I have scheduled a warranty call by Lenovo for this coming Monday. They plan on replacing the motherboard, memory and hard drive--essentially the entire computer but for the power supply and fan motor. Since the Bad Image errors that freeze the computer no longer display current information in the dump files (per my last post to you) and the computer is clean as a whistle insofar as viri and malware are concerned, I have to believe the problem is hardware related--even though the Lenovo Tool box (PC Doctor) also comes up clean.

On that point, one final question from my end...is it possible that a valid application is sucking up memory and causing this problem and somehow not being logged to the blue-screen dump file(s)?

Mark

#12 hamluis

hamluis

    Moderator


  • Moderator
  • 56,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:47 PM

Posted 17 March 2010 - 10:36 AM

<<...is it possible that a valid application is sucking up memory and causing this problem and somehow not being logged to the blue-screen dump file(s)?>>

If you are asking...whether something can cause a BSOD and not be properly reflected in the resulting .dmp file...I have to say that I've never considered such. My guess is...no, not if the reporting mechanisms in Windows are functioning properly...and I've never had a reason to believe that they don't.

As for deleting .dmp files...I see no point in that. They are historical records of known system problems, so I would keep them. Every .dmp file I've ever looked at has incident data on it.

Every error that occurs on a system...is not a BSOD, thus it doesn't necessarily result in a .dmp file. STOP errors are serious, as the name implies...these are errors that cause the system to stop functioning.

All other error messages (which are not STOP errors)...the user must look to Event Viewer for any clarification, history, detail. Application errors, etc. are normally found in Event Viewer.

How To Use Event Viewer - http://www.bleepingcomputer.com/forums/t/40108/how-to-use-event-viewer/

Louis

#13 markg2

markg2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 17 March 2010 - 11:46 AM

My plan after Monday's service call is thus:

1. Install only XP updates post imaging of factory OS, MS Office + updates, print driver(s) and Norton 360.

2. Let the computer run for 10 days. Since the computer has yet to make it past 7 days absent problems this test should confirm that my hardware (post service call) is solid.

3. I will then install 1 application/week on a need basis. If the problem was not hardware but software, this slow install should out the culprit.

Hopefully the problem will have been the hardware.

Thanks,

Mark

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:47 PM

Posted 17 March 2010 - 09:13 PM

Bad Image and then a file name error is usually a sign of some kind of infection.
I suggest, you travel to "Am I infected?" forum.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 markg2

markg2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 18 March 2010 - 07:37 AM

That's what I gather previously from the internet. However, I run Norton 360 and have run Trend (I think that's the name) in addition and the machine consistently comes back clean.

I'll still do as you suggest.

Mark




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users