Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD regarding Drivers; Device Mgr Not Working


  • Please log in to reply
60 replies to this topic

#1 TrevorM

TrevorM

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 10 September 2012 - 10:45 AM

Goodmorning,

Couldn't find a driver specific forum, so this looked like the best place to post.

Problem:
Having problems with my machine frequently giving me BSOD. I have seen at least three similar screens (text included below) but have seen the same instances of some of these screens at least 5-10 times this week. It has happened when doing various tasks (when running a virus scan, when rebooting, and when the computer is simply on). Sometimes the computer has been on minutes, and sometimes it stays on for over an hour without doing it. My machine runs VERY slowly in the normal user account (startup of Windows alone take 3-5 minutes - applications often take the same amount of time to open), but works better when logged on as an administrator in safe mode with networking. This problem has left my computer running at 100% CPU Usage split up between legitimate processes (explorer.exe and services.exe running approximately 90% combined CPU usage). Additionally, Device Manager will not open to look at drivers. It says Navigation to the webpage was cancelled. When I refresh a popup error says MMC has detected an error in a snap-in. It is recommended that you shutdown and restart MMC. Same thing when I shut down and restart both the program and the computer.

Actions Already Taken:
Read through the "Read This Before You Post" post and followed the instructions. Ran disk cleanup, virus scan, and disk defragmenter (all in safe mode as admin) and came up clean. Ran MalwareBytes Anti-Malware (in safe mode) and three pieces of malware were found and removed (but problem not solved). I have the log saved if you would like to see it. I had recently installed EaseUS Todo Backup and didn't have problems for a few weeks, but since this was the last program I installed I removed it. Didn't solve the problem (but it did allow me to boot into safe mode where I hadn't been able to before). All my definitions for antivirus, MBAM, etc were also updated. Tried to run Windows Update, but it won't do it either. I will work that problem in a separate post after I get this fixed (don't want to try and work too many problems at once). I run routine maintenance often (disk cleanup, defrag, antivirus on automatic scans, mbam, defender) and have startup processes limited only to antivirus, activclient card reader, and winpatrol.

Other Pertinent Info:
I am running XP Tablet PC Edition, SP3. AntiVirus is Avast.

BSOD Text:
(1) A prblem has been detected and Windows has been shut down to prevent damage to your computer. A decive driver
attempting to corrupt the system has been caught. The faulty driver currently on the kernel stack must be replaced
with a working version.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again,
follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask yout hardware
or software manufacturer for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as
chachine or shadowing, If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to
select Advanced Startup Options, and then select Safe Mode.

Technical Information: *** STOP: 0x000000C4 (0x0000003C, 0x00000100, 0x00000000, 0x00000000)

----------

(2) A prblem has been detected and Windows has been shut down to prevent damage to your computer.

DRIVER_IQRL_NOT_LESS_OR_EQUAL

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again,
follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask yout hardware
or software manufacturer for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as
chachine or shadowing, If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to
select Advanced Startup Options, and then select Safe Mode.

Technical Information: *** STOP: 0x00000001 (0x88892FE8, 0x00000002, 0x00000000, 0xBA582C62)

*** iaStor.sys - Address BA582C62 base at BA56F000, Datestamp 434d5ede

----------

(3 - beginning of message was cutoff due to length) for any Windows updates you might need.

Run the driver verifier against any new (or suspect) drivers. Of that doesn't reveal the corrupting driver, try enabling
special pool. Both of these peatures are intended to catch the corruption at an earlier point where the offending driver
can be identified.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again,
follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask yout hardware
or software manufacturer for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as
chachine or shadowing, If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to
select Advanced Startup Options, and then select Safe Mode.

Technical Information: *** STOP: 0x000000C5 (0x0A0C9314, 0x00000002, 0x00000001, 0x80544705)

Beginning dump of physical memory. Physical memory dump complete. contact your system administrator or techincal
support group for further assistance.



Thanks for your help!

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:02 AM

Posted 10 September 2012 - 11:00 AM

Please download MiniToolBox , save it to your desktop and run it.

Checkmark the following checkboxes:
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and paste the content into your next post.

Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 .

Louis

#3 TrevorM

TrevorM
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 10 September 2012 - 12:18 PM

Can these be done from safe mode, or does it need to be in the normal user account?

#4 TrevorM

TrevorM
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 10 September 2012 - 02:47 PM

Couldn't get Speccy to run. I get an error that says: The application or DLL C:\WINDOWS\system32\\OPENGL32.dll is not a valid Windows image. Please check this against your installation diskette.

Here is the MiniToolBox Log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Trevor (administrator) on 10-09-2012 at 14:55:14
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/07/2012 02:15:26 PM) (Source: JavaQuickStarterService) (User: )
Description: Could not register service with the service manager: StartServiceCtrlDispatcher failed (error 1063)

Error: (09/05/2012 04:48:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2469

Error: (09/05/2012 04:48:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2469

Error: (09/05/2012 04:48:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2012 05:00:03 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007050a, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1592.0, P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/01/2012 05:00:02 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007050a, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1592.0, P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/30/2012 05:00:01 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007050a, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1592.0, P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/28/2012 05:00:01 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007050a, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1592.0, P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/27/2012 08:54:40 PM) (Source: Application Error) (User: )
Description: Faulting application avastui.exe, version 7.0.1456.418, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0004487f.
Processing media-specific event for [avastui.exe!ws!]

Error: (08/27/2012 08:54:26 PM) (Source: Application Error) (User: )
Description: Faulting application avastui.exe, version 7.0.1456.418, faulting module unknown, version 0.0.0.0, fault address 0x01657ce8.
Processing media-specific event for [avastui.exe!ws!]


System errors:
=============
Error: (09/10/2012 02:26:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
tdx

Error: (09/10/2012 02:26:28 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\System32\wscsvc.dll,-200 service failed to start due to the following error:
%%1053

Error: (09/10/2012 02:26:28 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the @%SystemRoot%\System32\wscsvc.dll,-200 service to connect.

Error: (09/10/2012 02:26:27 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%127

Error: (09/10/2012 02:26:27 PM) (Source: Service Control Manager) (User: )
Description: The Windows Time service failed to start due to the following error:
%%1079

Error: (09/10/2012 02:26:26 PM) (Source: Service Control Manager) (User: )
Description: The Remote Procedure Call (RPC) Net service failed to start due to the following error:
%%1053

Error: (09/10/2012 02:26:26 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Remote Procedure Call (RPC) Net service to connect.

Error: (09/10/2012 02:26:26 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service failed to start due to the following error:
%%1053

Error: (09/10/2012 02:26:26 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IPSEC Services service to connect.

Error: (09/10/2012 02:26:25 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the following nonexistent service: nsi


Microsoft Office Sessions:
=========================
Error: (10/24/2011 04:51:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/24/2011 04:50:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/24/2011 04:50:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/24/2011 04:50:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/24/2011 04:50:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/23/2011 07:00:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 754 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/03/2010 06:13:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 122 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

ActivClient CAC x86 (Version: 6.2)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Agilix GoBinder Lite (Version: 4.0.905)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Display Driver (Version: 8.261-060523a1-033722C-Gateway)
avast! Free Antivirus (Version: 7.0.1466.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.21)
Conexant AC-Link Audio
Data Fax SoftModem with SmartCP
EPSON Printer Software
EPSON Scan
Foxit Reader (Version: 5.3.1.606)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.99)
InCD EasyWrite Reader
Intel® PROSet/Wireless Software
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
Logitech QuickCam Software (Version: 8.47.0000)
Logitech® Camera Driver
Macromedia Shockwave Player (Version: 10.1.0.11)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Energy Blue Theme Pack (Version: 1.0.0)
Microsoft Experience Pack for Tablet PC (Version: 1.0.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Outlook Web Access S/MIME (2007) (Version: 8.2.176.0)
Microsoft Reader
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Snipping Tool 2.0 (Version: 2.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Nero BurnRights
Nero OEM
PL-2303 USB-to-Serial
PowerArchiver
QuickTime (Version: 7.71.80.42)
Skype™ 5.9 (Version: 5.9.123)
Speccy (Version: 1.17)
SUPERAntiSpyware (Version: 5.0.1118)
Synaptics Pointing Device Driver (Version: 7.12.3.0)
SyncBack
Texas Instruments PCIxx21/x515 drivers. (Version: 1.09.0000)
TIxx21 (Version: 1.09.0000)
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
User Profile Hive Cleanup Service (Version: 1.6.30)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Windows Defender (Version: 1.1.1592.0)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 20.5.2011.0)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 1022.3 MB
Available physical RAM: 559.6 MB
Total Pagefile: 2460.03 MB
Available Pagefile: 2007.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.3 MB

========================= Partitions: =====================================

1 Drive c: (HDD) (Fixed) (Total:37.26 GB) (Free:17.69 GB) NTFS

========================= Users: ========================================

User accounts for \\CADET

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 Trevor


**** End of log ****

#5 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:12:02 AM

Posted 12 September 2012 - 12:54 AM

Let's collect some more information: I'll have a look at it and help you try to resolve the problem.
  • The following can be done in Safe mode with networking.
:step1: Download the following 2 files and save both to the My Documents folder:

:step2: Go to the My Documents folder and run #1 (BSOD_XP_v1.3_jcgriff2_PROD_.exe). (That will also run #2.)

It will take a little time to complete: Please be patient and wait for it to finish.
A new folder named TSF_XP_Support will be created in My Documents.

:step3: Zip up the newly created TSF_XP_Support folder.
  • Right-click on the TSF_XP_Support folder > Send to ... > Compressed (zipped) Folder.
    The newly created zip file will be located in the My Documents folder.

:step4: Please upload the zip file to a file sharing website of your choice and and post a link to it in this thread so that we can access your uploaded zip file.

Note: The BC forums will allow a total attachment size of only 512 kb (and what you need to attach will exceed this limit).
See the suggestions in the following links for recommendations on file sharing websites:
  • http://lifehacker.com/388284/best-online-file-sharing-services
  • http://www.hongkiat.com/blog/15-great-free-online-file-sharing-alternatives/
  • http://www.smashingapps.com/2008/08/28/5-best-free-file-hosting-services-to-store-your-files.html

    I can recommend Posted Image: Also suitable is Posted Image
============================

Edited to add ...
You wrote: "Ran MalwareBytes Anti-Malware (in safe mode) and three pieces of malware were found and removed (but problem not solved). I have the log saved if you would like to see it."
Please post the recent MBAM logs.

Edited by AustrAlien, 12 September 2012 - 12:59 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#6 TrevorM

TrevorM
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 13 September 2012 - 04:15 PM

https://www.box.com/s/h5h1gmccmab0hmjhkaou is the link to the zip file.

While it was running, three error message popped up. They all said, "dxdiag.exe - Bad Image. The application or DLL C:\WINDOWS\system32\D3DIM.DLL is not a valid Windows image. Please check this against your installation diskette."

------------------

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.06.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: CADET [administrator]

09.06.2012 1:28:07 PM
mbam-log-2012-09-06 (13-28-07).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 250521
Time elapsed: 1 hour(s), 53 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 TrevorM

TrevorM
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 20 September 2012 - 06:36 AM

Are you still there?

#8 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:12:02 AM

Posted 20 September 2012 - 03:41 PM

Huh! Sometimes I wonder about that myself! I apologise for the lack of response. Thank you for the reminder: Please do not wait so long if it happens again, and send me a PM or nudge the topic if I don't reply to you for a couple of days.

There were no minidumps collected by the jcgriff2 application. I guess that they have been removed during your clean-up efforts (CCleaner will do that using default settings), so I ask that you don't "clean-up" again, and ensure that the minidumps are saved. There is likely to be a minidump saved after each BSOD event/crash.

Please zip up the minidumps and attach the resultant zip file to your next reply:
  • Navigate to C:\Windows\Minidump <<< folder
  • Click on the first minidump file to select it.
  • Hold down the <Shift> key, and click on the last minidump file to select all of the files.
  • Release the <Shift> key.
  • Now, right-click on any one of the selected files > Send to ... > Compressed (zipped) Folder.
    The zip file will be located in the same place (the Minidump folder).
  • Attach the zip file to your next reply.
    When you click on Add Reply, you will see the facility to attach a file just below the box where you type your message.

The Event logs previously collected by the jcgriff2 application are corrupt.

Please gather the info by the following means, and upload it for my review.

:exclame: Create a new folder on your Desktop, and name it EventLogs.

:step1: Event logs
  • Go to Start > Run and type eventvwr.msc and press <ENTER>
  • When the Event Viewer window has opened, on the left side, click on System.
  • On the top main menu bar, click Action > Save Log File As ...
  • Enter system as the "File Name" and choose the EventLogs folder on your Desktop as the "Location" to save it.
    (Leave the "Save as type:" as the default setting of "Event Log (*.evt)").
  • Click Save.
Do the same for the Application log:
  • On the left side, click on Application.
  • On the top main menu bar, click Action > Save Log File As ...
  • Enter application as the "File Name" and choose the EventLogs folder on your Desktop as the "Location" to save it.
    (Leave the "Save as type:" as the default setting of "Event Log (*.evt)").
  • Click Save.
Close the Event Viewer window.


:step2: At your Desktop, zip up the EventLogs folder
  • Right-click on the folder > Send to ... > Compressed (zipped) Folder.
.
and attach the zip file to your next post in this thread.
  • When you click on Add Reply, you will see the facility to attach a file just below the box where you type your message.
Note: The BC forums will allow a total attachment size of only 512 kb and what you need to attach may exceed this limit. In that case, please upload the zip file to a file sharing website of your choice and and post a link to it in this thread so that we can access your uploaded zip file.

Edited by AustrAlien, 20 September 2012 - 03:46 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#9 TrevorM

TrevorM
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 22 September 2012 - 09:52 AM

The minidump folder is empty, but I will be checking it after any BSOD and will post the resultant files.

Additionally, just as an update, when I started my computer today in safe mode with networking (it won't work in regular mode now) the laptop screen would show nothing, but the monitor it is hooked up to would show the right side of the screen (so I couldn't see the left where all my icons are). I tried messing with the monitor properties, but it was like it only recognized one screen (figure that's a safe mode-ism). But the laptop screen works, because when I first start the machine both screens show the gateway logo and startup information. It turns itself off when the OS tries to load. We don't need to work that right now, but just wanted to keep you posted with what I find.

Thanks for your help.

Attached Files



#10 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:12:02 AM

Posted 23 September 2012 - 06:31 AM

Thank you: Those Event Logs are good. :thumbup2:

Looking at the Application Event Log under Source > Winlogon, I notice that the chkdsk logs are showing:

4 KB in bad sectors

I think it would be wise to check the condition of the hard drive.
  • The following can be done using Windows in Safe Mode with networking.
How to obtain hard drive S.M.A.R.T data on a Windows system and then paste the report into a forum post
  • Download the GSmartControl installer application:
    • Go to the GSmartControl - Downloads page.
    • Scroll part way down the page to where the current version available for download will be displayed.
      Posted Image
    • Click on the link to download the installer file to your computer.
      (There may be a mirror link there also which will enable you download the file if the main download link does not work for some reason.)
  • Double-click the downloaded application to run it and install GSmartControl on the computer.
    Note: Vista/Win7 users, right-click > Run as Administrator
  • When installation is complete, run GSmartControl:
    • Start GSmartControl from the Start > Programs menu.
  • When the interface has loaded and scanning for hard drives is complete, click on the hard drive icon to select the device.
  • Go to Device on the top menu > View Details, and a new Device Information window will open.
  • Click on the Attributes tab to display the S.M.A.R.T data values.
  • Near the bottom of the window, click on View Output and a new Smartctl Output window will open.
  • Right-click anywhere inside that window > Select All.
  • Again right-click in that selected area > Copy.
  • Now paste that in a reply to your topic.
    Note: Please enclose the pasted report in CODE tags so that the spacing/formatting is preserved (to make it easier for all to read).
    • Firstly, click on the "Insert code snippet" button Posted Image
      You will then see the "start" and "end" code tags (highlighted in dark blue/selected in the image) in the text box.
    • Click between the two tags to insert the cursor between the tags and then press <Ctrl+V> to paste the report there.
================

Edited to add .... Can you get me some minidumps to examine?

Edited by AustrAlien, 23 September 2012 - 06:41 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#11 TrevorM

TrevorM
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 24 September 2012 - 12:51 PM

For some reason, my machine won't let me log on here, even in safe mode, so I have to do it from another computer. But when I transfer the file over the formatting gets messed up. I will try again after Thurs when I get my second computer back.

#12 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:12:02 AM

Posted 25 September 2012 - 01:29 AM

OK. :thumbup2:
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#13 TrevorM

TrevorM
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 30 September 2012 - 01:18 PM

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-xp-sp3] (sf-5.43-1)

Copyright (C) 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net



=== START OF INFORMATION SECTION ===

Model Family:     Hitachi Travelstar 5K100

Device Model:     HTS541040G9SA00

Serial Number:    MPBBL0X2J18U3M

Firmware Version: MB2OC61M

User Capacity:    40,007,761,920 bytes [40.0 GB]

Sector Size:      512 bytes logical/physical

Device is:        In smartctl database [for details use: -P show]

ATA Version is:   7

ATA Standard is:  ATA/ATAPI-7 T13 1532D revision 1

Local Time is:    Sun Sep 30 14:13:32 2012 EDT

SMART support is: Available - device has SMART capability.

SMART support is: Enabled



=== START OF READ SMART DATA SECTION ===

SMART overall-health self-assessment test result: PASSED



General SMART Values:

Offline data collection status:  (0x00)	Offline data collection activity

					was never started.

					Auto Offline Data Collection: Disabled.

Self-test execution status:      (   0)	The previous self-test routine completed

					without error or no self-test has ever 

					been run.

Total time to complete Offline 

data collection: 		(  645) seconds.

Offline data collection

capabilities: 			 (0x5b) SMART execute Offline immediate.

					Auto Offline data collection on/off support.

					Suspend Offline collection upon new

					command.

					Offline surface scan supported.

					Self-test supported.

					No Conveyance Self-test supported.

					Selective Self-test supported.

SMART capabilities:            (0x0003)	Saves SMART data before entering

					power-saving mode.

					Supports SMART auto save timer.

Error logging capability:        (0x01)	Error logging supported.

					General Purpose Logging supported.

Short self-test routine 

recommended polling time: 	 (   2) minutes.

Extended self-test routine

recommended polling time: 	 (  29) minutes.



SMART Attributes Data Structure revision number: 16

Vendor Specific SMART Attributes with Thresholds:

ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE

  1 Raw_Read_Error_Rate     0x000b   100   100   062    Pre-fail  Always       -       0

  2 Throughput_Performance  0x0005   100   100   040    Pre-fail  Offline      -       0

  3 Spin_Up_Time            0x0007   253   253   033    Pre-fail  Always       -       0

  4 Start_Stop_Count        0x0012   098   098   000    Old_age   Always       -       3424

  5 Reallocated_Sector_Ct   0x0033   100   100   005    Pre-fail  Always       -       0

  7 Seek_Error_Rate         0x000b   100   100   067    Pre-fail  Always       -       0

  8 Seek_Time_Performance   0x0005   100   100   040    Pre-fail  Offline      -       0

  9 Power_On_Hours          0x0012   041   041   000    Old_age   Always       -       26253

 10 Spin_Retry_Count        0x0013   100   100   060    Pre-fail  Always       -       0

 12 Power_Cycle_Count       0x0032   098   098   000    Old_age   Always       -       3344

191 G-Sense_Error_Rate      0x000a   100   100   000    Old_age   Always       -       0

192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       179

193 Load_Cycle_Count        0x0012   069   069   000    Old_age   Always       -       316901

194 Temperature_Celsius     0x0002   220   220   000    Old_age   Always       -       25 (Min/Max 7/70)

196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       9

197 Current_Pending_Sector  0x0022   100   100   000    Old_age   Always       -       1

198 Offline_Uncorrectable   0x0008   100   100   000    Old_age   Offline      -       0

199 UDMA_CRC_Error_Count    0x000a   200   253   000    Old_age   Always       -       0



SMART Error Log Version: 1

ATA Error Count: 5384 (device log contains only the most recent five errors)

	CR = Command Register [HEX]

	FR = Features Register [HEX]

	SC = Sector Count Register [HEX]

	SN = Sector Number Register [HEX]

	CL = Cylinder Low Register [HEX]

	CH = Cylinder High Register [HEX]

	DH = Device/Head Register [HEX]

	DC = Device Command Register [HEX]

	ER = Error register [HEX]

	ST = Status register [HEX]

Powered_Up_Time is measured from power on, and printed as

DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,

SS=sec, and sss=millisec. It "wraps" after 49.710 days.



Error 5384 occurred at disk power-on lifetime: 26253 hours (1093 days + 21 hours)

  When the command that caused the error occurred, the device was active or idle.



  After command completion occurred, registers were:

  ER ST SC SN CL CH DH

  -- -- -- -- -- -- --

  10 51 01 fe 52 a8 e0  Error: IDNF at LBA = 0x00a852fe = 11031294



  Commands leading to the command that caused the error were:

  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name

  -- -- -- -- -- -- -- --  ----------------  --------------------

  24 52 01 fe 52 a8 e0 00      00:00:09.100  READ SECTOR(S) EXT

  24 52 01 ff 52 a8 e0 00      00:00:09.100  READ SECTOR(S) EXT

  37 00 00 ff 52 a8 e0 00      00:00:09.100  SET MAX ADDRESS EXT

  27 10 00 00 00 00 e0 00      00:00:09.100  READ NATIVE MAX ADDRESS EXT

  f9 01 58 00 00 00 e0 00      00:00:09.100  SET MAX SET PASSWORD



Error 5383 occurred at disk power-on lifetime: 26253 hours (1093 days + 21 hours)

  When the command that caused the error occurred, the device was active or idle.



  After command completion occurred, registers were:

  ER ST SC SN CL CH DH

  -- -- -- -- -- -- --

  10 51 01 fe 52 a8 e0  Error: IDNF at LBA = 0x00a852fe = 11031294



  Commands leading to the command that caused the error were:

  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name

  -- -- -- -- -- -- -- --  ----------------  --------------------

  24 52 01 fe 52 a8 e0 00      00:00:09.100  READ SECTOR(S) EXT

  24 52 01 ff 52 a8 e0 00      00:00:09.100  READ SECTOR(S) EXT

  37 00 00 ff 52 a8 e0 00      00:00:09.100  SET MAX ADDRESS EXT

  27 10 00 00 00 00 e0 00      00:00:09.100  READ NATIVE MAX ADDRESS EXT

  f9 01 58 00 00 00 e0 00      00:00:09.100  SET MAX SET PASSWORD



Error 5382 occurred at disk power-on lifetime: 26252 hours (1093 days + 20 hours)

  When the command that caused the error occurred, the device was active or idle.



  After command completion occurred, registers were:

  ER ST SC SN CL CH DH

  -- -- -- -- -- -- --

  10 51 01 fe 52 a8 e0  Error: IDNF at LBA = 0x00a852fe = 11031294



  Commands leading to the command that caused the error were:

  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name

  -- -- -- -- -- -- -- --  ----------------  --------------------

  24 52 01 fe 52 a8 e0 00      00:00:09.100  READ SECTOR(S) EXT

  24 52 01 ff 52 a8 e0 00      00:00:09.000  READ SECTOR(S) EXT

  37 00 00 ff 52 a8 e0 00      00:00:09.000  SET MAX ADDRESS EXT

  27 10 00 00 00 00 e0 00      00:00:09.000  READ NATIVE MAX ADDRESS EXT

  f9 01 58 00 00 00 e0 00      00:00:09.000  SET MAX SET PASSWORD



Error 5381 occurred at disk power-on lifetime: 26252 hours (1093 days + 20 hours)

  When the command that caused the error occurred, the device was active or idle.



  After command completion occurred, registers were:

  ER ST SC SN CL CH DH

  -- -- -- -- -- -- --

  10 51 01 fe 52 a8 e0  Error: IDNF at LBA = 0x00a852fe = 11031294



  Commands leading to the command that caused the error were:

  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name

  -- -- -- -- -- -- -- --  ----------------  --------------------

  24 52 01 fe 52 a8 e0 00      00:00:09.300  READ SECTOR(S) EXT

  24 52 01 ff 52 a8 e0 00      00:00:09.000  READ SECTOR(S) EXT

  37 00 00 ff 52 a8 e0 00      00:00:09.000  SET MAX ADDRESS EXT

  27 10 00 00 00 00 e0 00      00:00:09.000  READ NATIVE MAX ADDRESS EXT

  f9 01 58 00 00 00 e0 00      00:00:08.900  SET MAX SET PASSWORD



Error 5380 occurred at disk power-on lifetime: 26252 hours (1093 days + 20 hours)

  When the command that caused the error occurred, the device was active or idle.



  After command completion occurred, registers were:

  ER ST SC SN CL CH DH

  -- -- -- -- -- -- --

  10 51 01 fe 52 a8 e0  Error: IDNF at LBA = 0x00a852fe = 11031294



  Commands leading to the command that caused the error were:

  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name

  -- -- -- -- -- -- -- --  ----------------  --------------------

  24 52 01 fe 52 a8 e0 00      00:00:09.000  READ SECTOR(S) EXT

  24 52 01 ff 52 a8 e0 00      00:00:09.000  READ SECTOR(S) EXT

  37 00 00 ff 52 a8 e0 00      00:00:09.000  SET MAX ADDRESS EXT

  27 10 00 00 00 00 e0 00      00:00:09.000  READ NATIVE MAX ADDRESS EXT

  f9 01 58 00 00 00 e0 00      00:00:09.000  SET MAX SET PASSWORD



SMART Self-test log structure revision number 1

No self-tests have been logged.  [To run self-tests, use: smartctl -t]





Warning! SMART Selective Self-Test Log Structure error: invalid SMART checksum.

SMART Selective self-test log data structure revision number 1

 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS

    1        0        0  Not_testing

    2        0        0  Not_testing

    3        0        0  Not_testing

    4        0        0  Not_testing

    5        0        0  Not_testing

Selective self-test flags (0x0):

  After scanning selected spans, do NOT read-scan remainder of disk.

If Selective self-test is pending on power-up, resume after 0 minute delay.


#14 TrevorM

TrevorM
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 30 September 2012 - 01:22 PM

Also, nothing still in the minidump folder - will post as soon as something goes into it. As an update, now every time I log on to safe mode with networking, my laptop screen won't display anything (the peripheral screen connected to the right displays the right side of the screen, but not the left where the icons and the start menu are). The laptop display works, as it shows on both screen when I boot up. I went into system display properties, but it shows only one screen instead of two. Comp won't even boot into normal OS now.

#15 TrevorM

TrevorM
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 04 October 2012 - 04:37 PM

Just wanted to check in with you since it's been a couple of days... :-)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users