Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen of Death upon login


  • Please log in to reply
7 replies to this topic

#1 Funk Master T.Rag

Funk Master T.Rag

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 17 January 2012 - 05:28 PM

Salutations! I am using a Compaq Presario C500 with Windows Vista Home Basic 32bit updated with service pack 2.

The laptop starts up normally till the point that the desktop loads. The desktop will appear for a split second and the a blue screen full of text will appear for another split second. I am then prompted to enter safe mode. I can logon and function in safe mode with networking as well. Any tips to resolve this issue?

Thanks for your time!

EDIT: Also I've ran Malwarebytes and Advance System Care in safemode. Both found and resolved issues.

Here is a screen cap of the blue screen.

http://i.imgur.com/ImSKg.jpg

EDIT 2: Here is the FSS report

Farbar Service Scanner Version: 17-01-2012 00
Ran by Jared (administrator) on 17-01-2012 at 17:24:56
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
IE proxy is enabled.



Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-20 11:12] - [2011-04-21 07:58] - 0273408 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 16:51] - [2011-09-20 15:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2010-01-15 08:37] - [2009-04-11 00:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2010-01-15 08:38] - [2009-04-11 00:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll
[2010-01-15 08:38] - [2009-04-11 00:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

C:\Windows\system32\cryptsvc.dll
[2010-01-15 08:38] - [2009-04-11 00:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by Funk Master T.Rag, 17 January 2012 - 08:36 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:55 PM

Posted 17 January 2012 - 09:18 PM

Let's try this from safe mode.

Download/install BlueScreenView, http://www.nirsoft.net/utils/blue_screen_view.html .

Double-click BlueScreenView.exe file.

When autoscan is done (screen comes up), click Edit/Select All...then File/Save Selected Items.

Save the report as BSOD.txt.

Open BSOD.txt, copy all content and paste it into your next reply.

Louis

#3 Funk Master T.Rag

Funk Master T.Rag
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 18 January 2012 - 12:06 AM

Blue Screen View didn't detect any .dmp files. I followed the instructions here http://blog.nirsoft.net/2010/07/27/how-to-configure-windows-to-create-minidump-files-on-bsod/ thinking they might help.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:55 PM

Posted 18 January 2012 - 10:25 AM

Good work.

Of course, the messages will not be generated until the next BSOD occurs.

If your system was already properly configured to create dump files...then I cannot explain why BlueScreenView came up empty.

Are you running Ccleaner or similar software...which may delete such files (considering them nonessential, when, in fact...they are quite useful files)?

Louis

#5 Funk Master T.Rag

Funk Master T.Rag
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 18 January 2012 - 04:12 PM

I was running Advanced System Care 5. I uninstalled it and it still is not appearing when I run BlueScreenView. I also have malwarebytes, but I have not uninstalled it. I'm not sure what else could be causing it.

#6 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:02:55 PM

Posted 18 January 2012 - 04:23 PM

Please uninstall MalwareBytes and see if that makes any difference to your BSOD problem.

If no difference, please do the following ...

To check your system's "Recoveros" (Recovery) and Page File settings via Windows Management Instrumentation (WMI), download and then run the following:

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 Funk Master T.Rag

Funk Master T.Rag
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 18 January 2012 - 04:41 PM

Uninstall Malwarebytes did nothing.

Here is the WMI page


AutoReboot=TRUE
Caption=
DebugFilePath=%SystemRoot%\MEMORY.DMP
DebugInfoType=2
Description=
ExpandedDebugFilePath=C:\Windows\MEMORY.DMP
ExpandedMiniDumpDirectory=C:\Windows\Minidump
KernelDumpOnly=FALSE
MiniDumpDirectory=%SystemRoot%\Minidump
Name=Microsoft® Windows Vista™ Home Basic |C:\Windows|\Device\Harddisk0\Partition1
OverwriteExistingDebugFile=TRUE
SendAdminAlert=FALSE
SettingID=
WriteDebugInfo=TRUE
WriteToSystemLog=TRUE




AllocatedBaseSize=256
Caption=C:\Windows\system32\temppf.sys
CurrentUsage=0
Description=C:\Windows\system32\temppf.sys
InstallDate=20120108145053.376121-360
Name=C:\Windows\system32\temppf.sys
PeakUsage=0
Status=
TempPageFile=TRUE

#8 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:02:55 PM

Posted 18 January 2012 - 05:12 PM

AllocatedBaseSize=256
Caption=C:\Windows\system32\temppf.sys
CurrentUsage=0
Description=C:\Windows\system32\temppf.sys
InstallDate=20120108145053.376121-360
Name=C:\Windows\system32\temppf.sys
PeakUsage=0
Status=
TempPageFile=TRUE

Please alter the paging file settings, and this will then allow minidumps to be saved.

See: Vista - Virtual Memory Paging File - Change
http://www.vistax64.com/tutorials/132201-virtual-memory-paging-file-change.html

At step 11, set Custom size
Enter Initial size 2560 MB
Enter Maximum size 2560 MB

Have a few crashes and then ....
Please zip up the minidumps and attach the resultant zip file to your next reply so I can have a closer look. There's a chance I might get some more useful info from them.
  • Navigate to C:\Windows\Minidump <<< folder
  • Click on the first minidump file to select it.
  • Hold down the <Shift> key, and click on the last minidump file to select all of the files.
  • Release the <Shift> key.
  • Now, right-click on any one of the selected files > Send to ... > Compressed (zipped) Folder.
    The zip file will be located in the same place (the Minidump folder).
  • Attach the zip file to your next reply.
    When you click on Add Reply, you will see the facility to attach a file just below the box where you type your message.

Edited by AustrAlien, 18 January 2012 - 05:13 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users