Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD and slow running computer


  • Please log in to reply
7 replies to this topic

#1 Adamhad

Adamhad

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 30 December 2011 - 06:06 PM

Hello,

A week ago I had my first stop screen. The system automatically restarted but the start-up was rather slow. Today I got another stop screen. I ran antivirus scans with avast and malwarebytes but neither detected problems. I'm suspecting a virus because I cannot load Steam and the boot time.

Any help would be much appreciated

Adam

Edited by Budapest, 30 December 2011 - 06:31 PM.
Moved from Win7 ~Budapest


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:12 AM

Posted 30 December 2011 - 09:20 PM

Hi Adamhad,

Let's see if we can get a better look at the problem:

Please download BlueScreenView

No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all contents, and paste it into your next reply.

Now, please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Also, please Publish a Snapshot using Speccy, and post a link to it in this thread.
This is a convenient and accurate way of providing us with details of your computer specifications.
If you cannot get on-line to publish the information, and wish to attach it as a text file to your post, then please edit it to ensure that you do not include your Windows Key.

Let me know if you have trouble with the above steps!

bloopie

Edited by bloopie reborn, 30 December 2011 - 09:24 PM.


#3 Adamhad

Adamhad
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 30 December 2011 - 11:41 PM

Hello bloopie,

Thanks for responding. Here is the BlueScreenView scan result.


==================================================
Dump File : 123011-19406-01.dmp
Crash Time : 12/30/2011 7:42:19 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 00000000`00005001
Parameter 2 : fffff700`01080000
Parameter 3 : 00000000`00000bb2
Parameter 4 : 002c2a44`01cd4207
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\123011-19406-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

==================================================
Dump File : 123011-23899-01.dmp
Crash Time : 12/30/2011 2:47:34 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`02d4aa9b
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\123011-23899-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

==================================================
Dump File : 122011-17472-01.dmp
Crash Time : 12/20/2011 11:55:54 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000003
Parameter 2 : fffff8a0`0df61830
Parameter 3 : fffff8a0`0df61830
Parameter 4 : fffff8a0`0da41830
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\122011-17472-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

==================================================
Dump File : 100111-27612-01.dmp
Crash Time : 10/1/2011 10:17:12 AM
Bug Check String : HAL_INITIALIZATION_FAILED
Bug Check Code : 0x0000005c
Parameter 1 : 00000000`00002001
Parameter 2 : 00000000`00000004
Parameter 3 : 00000000`00000008
Parameter 4 : 00000000`00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+34f9a
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\100111-27612-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

==================================================
Dump File : 092511-34538-01.dmp
Crash Time : 9/25/2011 8:03:49 AM
Bug Check String : HAL_INITIALIZATION_FAILED
Bug Check Code : 0x0000005c
Parameter 1 : 00000000`00002001
Parameter 2 : 00000000`00000005
Parameter 3 : 00000000`00000008
Parameter 4 : 00000000`00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+34f9a
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092511-34538-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

==================================================
Dump File : 091711-34257-01.dmp
Crash Time : 9/17/2011 9:07:59 AM
Bug Check String : HAL_INITIALIZATION_FAILED
Bug Check Code : 0x0000005c
Parameter 1 : 00000000`00002001
Parameter 2 : 00000000`00000005
Parameter 3 : 00000000`00000008
Parameter 4 : 00000000`00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+34f9a
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\091711-34257-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 262,144
==================================================

Here is the gmer log


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-30 20:37:30
Windows 6.1.7601 Service Pack 1
Running: zbpuveg9.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d0df9ab10d4a
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x2D 0xCD 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\d0df9ab10d4a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0x2D 0xCD 0x83 ...

---- EOF - GMER 1.0.15 ----


Adam

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:12 AM

Posted 31 December 2011 - 11:27 AM

Hi again,

Those stop errors are almost exclusively hardware related. Have you made any hardware changes on your computer recently?

Please proceed with the Speccy Snapshot as mentioned in my last post. :)

I'd like you to rum Memtest. Follow the instructions on this page.

If your machine passes the memory test, then proceed with Check Disk:

Use the Windows Error Checking utility (Check Disk), with the options to scan the disk surface for errors, and attempt recovery of data and repair the disk.
  • Open "My Computer"
  • Right-click on the drive that you wish to check > Properties > Tools > and in the "Error checking" section, click on "Check now".
  • Place a tick in both boxes > Start.
  • If the disk you have chosen is the system disk:
  • A message will notify you that a restart is necessary: Click OK, and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
    This test will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
  • Go to Start > Run > and type eventvwr and press the <ENTER> key.
    The Event Viewer window will open.
  • In the left pane, click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Double-click on that entry to view the log.
  • Click on the Posted Image button to copy the log text to the clipboard.
  • Paste the log text into your next reply.

bloopie

#5 Adamhad

Adamhad
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 31 December 2011 - 01:25 PM

Here is the log from the scan disk. There were two at the corresponding time of the scan, but I'm not sure which one you require so I've included both

Log Name: Application
Source: Microsoft-Windows-Winlogon
Date: 12/31/2011 8:42:34 AM
Event ID: 6000
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: JennyWenny-PC
Description:
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
<EventID Qualifiers="32768">6000</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-12-31T16:42:34.000000000Z" />
<EventRecordID>4314</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>JennyWenny-PC</Computer>
<Security />
</System>
<EventData>
<Data>SessionEnv</Data>
<Binary>D9060000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-Winlogon
Date: 12/31/2011 8:42:34 AM
Event ID: 4101
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: JennyWenny-PC
Description:
Windows license validated.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Winlogon" />
<EventID Qualifiers="16384">4101</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-12-31T16:42:34.000000000Z" />
<EventRecordID>4313</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>JennyWenny-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x00000000</Data>
<Data>0x00000001</Data>
</EventData>
</Event>

This system is a couple of months old so it is still under warranty. I ran a diagnostic of the system which included a memory test. I got multiple errors referencing the memory and the system board.

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:12 AM

Posted 01 January 2012 - 01:50 PM

Hi again,

If the system is still under warranty and you've gotten multiple errors just a few months in use, I would suggest you contact the warranty honorer. Back up any important data just in case. :thumbup2:

If there is a bad RAM stick or even a motherboard or hard drive, you should be able to get that fixed free of charge.

If not, we're always here for guidance should you opt to work on it yourself. Just keep in mind that if you do decide to open the box yourself, that alone may void some warranties.

bloopie

#7 Adamhad

Adamhad
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 03 January 2012 - 03:14 PM

Hi,

I called the manufacturer and explained the problem. They said they would have a technician replace the parts this week.

Thanks for your help.

Adam

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:10:12 AM

Posted 03 January 2012 - 03:23 PM

No problem!

Let us know how it goes. :thumbup2:

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users