Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7, Blue screen after start up - REGISTRY_ERROR *** STOP: 0x00000051 (0x00000001, 0x8A01C008, 0x01147000, 0x00000374)


  • This topic is locked This topic is locked
5 replies to this topic

#1 Brunox13

Brunox13

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 25 May 2012 - 11:09 AM

After the start up programs load (or maybe even while some of them are still being started, not sure) after turning the system on (Windows 7), I suddenly get a blue screen that says the following:

A problem has been detected and windows has been shut down to prevent damage
to your computer

REGISTRY_ERROR

If this is the first time you've seen this Stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any Windows updates you may need.

If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use Safe Mode to remove of disable components, restart
your computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.

Technical information:

*** STOP: 0x00000051 (0x00000001, 0x8A01C008, 0x01147000, 0x00000374)


Collecting data for crash dump ...
Initializing disk for crash dump ...
Beginning dump of physical memory.
Dumping physical memory to disk: (counting up to 100)


Then I run my system in safe mode, which works fine. I am not aware of any new software/hardware since the last successful start of the system.
I also tried restarting the system to normal mode with startup programs turned off, but preventing ALL both SYSTEM and NORMAL startup programs from running did not solve the problem. Thanks a lot for your help!!!


.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Marek at 11:25:31 on 2012-05-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1556 [GMT -4:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\programs\micros~1\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\programs\micros~1\office14\URLREDIR.DLL
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Pidgin] "d:\programs\pidgin\pidgin.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - d:\programs\micros~1\office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - d:\programs\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - d:\programs\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - d:\programs\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\programs\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\programs\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\programs\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1EEE4748-E2B1-4B91-B050-935AF5809746} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1EEE4748-E2B1-4B91-B050-935AF5809746}\265727765627B696E67613 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{1EEE4748-E2B1-4B91-B050-935AF5809746}\34F6C657D62696160255E69667562737964797 : DhcpNameServer = 128.59.62.10 128.59.59.70
TCP: Interfaces\{1EEE4748-E2B1-4B91-B050-935AF5809746}\4516966496 : DhcpNameServer = 128.59.59.70 128.59.62.10
TCP: Interfaces\{1EEE4748-E2B1-4B91-B050-935AF5809746}\4556E656375656 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\programs\micros~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marek\appdata\roaming\mozilla\firefox\profiles\aj1bxpdj.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox/12d05818811be420|http://www.google.com/ig?hl=en&source=iglk
.
============= SERVICES / DRIVERS ===============
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-23 232512]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
S2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]
S2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-7-29 41336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-22 29472]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-24 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-24 52224]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 DsiWMIService;Dritek WMI Service;d:\programs\launch manager\dsiwmis.exe [2010-12-20 107016]
S4 ekrn;ESET Service;d:\programs\eset\eset smart security\ekrn.exe [2010-11-8 810144]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\programs\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S4 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-20 1343400]
.
=============== Created Last 30 ================
.
2012-05-25 15:16:36 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{54978067-f1c6-46fa-815b-ae600394346e}\offreg.dll
2012-05-25 15:15:26 -------- d-----w- c:\programdata\ErrorEND
2012-05-25 15:01:57 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-25 15:01:56 -------- d-----w- c:\users\marek\appdata\local\temp
2012-05-25 14:47:40 98816 ----a-w- c:\windows\sed.exe
2012-05-25 14:47:40 518144 ----a-w- c:\windows\SWREG.exe
2012-05-25 14:47:40 256000 ----a-w- c:\windows\PEV.exe
2012-05-25 14:47:40 208896 ----a-w- c:\windows\MBR.exe
2012-05-25 12:58:54 -------- d-----w- c:\windows\pss
2012-05-23 05:10:28 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{54978067-f1c6-46fa-815b-ae600394346e}\mpengine.dll
2012-05-21 00:28:58 -------- d-----w- c:\users\marek\appdata\roaming\MathWorks
2012-05-21 00:21:58 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2012-05-21 00:21:58 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2012-05-20 23:09:27 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-09 13:34:19 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 13:34:15 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-09 13:34:14 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-09 13:34:13 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-09 13:34:12 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-09 13:34:03 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 13:34:02 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 13:34:02 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 13:33:44 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 13:33:42 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
.
============= FINISH: 11:25:55.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 PM

Posted 31 May 2012 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

We Need to Diagnose Your BlueScreen (BSOD)

1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter

Safe Mode

2. Select "Disable Automatic Restart on System Failure", as shown here:

Posted Image

When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

Posted Image

A file name might be listed too. Please report this in your next post.

#3 Brunox13

Brunox13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 31 May 2012 - 10:08 AM

Hello Nasdaq,
thanks in advance for you assistance!!

The BSOD still says the same thing as it did before (I posted this in my original post, but I'm rewriting it again as follows):



A problem has been detected and windows has been shut down to prevent damage
to your computer

REGISTRY_ERROR

If this is the first time you've seen this Stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any Windows updates you may need.

If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use Safe Mode to remove of disable components, restart
your computer, press F8 to select Advanced Startup Options, and then
select Safe Mode.

Technical information:

*** STOP: 0x00000051 (0x00000001, 0x8A01C008, 0x01147000, 0x00000374)


Collecting data for crash dump ...
Initializing disk for crash dump ...
Beginning dump of physical memory.
Dumping physical memory to disk: 100
Physical memory dump complete.
Contact your system admin or technical support group for further assistance.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 PM

Posted 31 May 2012 - 12:31 PM

I wish we could have see a bad file that could be checked.

I'm not qualified to analyze the Memory.dmp file that was generated.

The Complete Memory Dump file is written to C:\Memory.dmp by default

I suggest you start a new topic in the Windows XP forum and possibly someone with more expertise in that field will be able to help you.

Windows XP forum link.
http://www.bleepingcomputer.com/forums/forum56.html

Good luck.

#5 Brunox13

Brunox13
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 31 May 2012 - 01:45 PM

Thanks anyway.

One last question - should I post into "Windows 7" section if my problem is on this system or is there any particular reason you asked me to post into "Windows XP" forum?

Thanks!

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 PM

Posted 01 June 2012 - 06:51 AM

Sorry my mistake, Windows 7
http://www.bleepingcomputer.com/forums/forum167.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users