Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

winsxs scan


  • Please log in to reply
6 replies to this topic

#1 Anhuw

Anhuw

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 20 October 2012 - 12:25 PM

Hello, all. To start things off, here's some computer specs just for the heck of it.

COMPUTER: Dell XPS M1530 just like here: http://www.cnet.com/laptops/dell-xps-m1530/4505-3121_7-32778979.html but my hard drive has 285 GBs, not 250
AGE: first got this in December 2008 I think
GRAPHICS: NVIDIA GeForce 8600M GT
OPERATING SYSTEM: Windows Vista Ultimate, 32-bit

My computer trouble all started when Avast was behaving strangely, several months ago (I don't remember how long ago, sorry). I had somehow uninstalled McAfee (don't remember how) and eventually there came a point where Avast could not fully scan my computer without totally crashing it. So I used a removal tool to uninstall it and used MSE instead, and for a while that worked well.
About 2 weeks ago, Skype started being strange. Or at least I was sure it was Skype. I could be doing just about anything and all of a sudden, Skype would lock up. It'd give me a spinny dial of "can't let you type in this window" and wouldn't snap out of it. Gradually it would lock up all my other programs the same way and finally, the whole thing would freeze. The only escape would be the power button. Skype has in fact done this twice before--both cases were times when it needed to update, but rather than ASK me to update, it would decide to crash Windows instead; updating solved the problem. There's no update for Skype now except a beta patch, and for the time being I've not only uninstalled it but have also cleaned out the registry of all its entries.
At this point, I fired up MSE and discovered that I had never run a full scan with it before, so I decided to do so now. As it wrapped its scan up, my computer locked up exactly the same way as before. So I rebooted again (CheckDsk attempted to run in almost ALL of these reboots by the way, but it never found any bad records) and attempted another full scan. This time however, I kept MSE's scan window in view the whole time. When my computer predictably froze up again, it froze with MSE's last attempted entry still on my screen:

3 hours, 15 minutes, 51 seconds in
155 thousand something files scanned
Crash on C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22560_none_bb22b62fb0fb5265\win32k.sys

Despite the freeze, I managed to save all that because I wrote it down by hand, though part of the view was obscured by another window. So I did some research and many pages said to remove ALL traces of antivirus software except for my active one. I was sure I'd removed Avast fully (haven't tried the cleanup tool again since I didn't think and still don't think I need it...) but McAfee? That's a blur to me. I downloaded the McAfee cleanup tool and ran it. I don't know for sure that it removed things, but it CLAIMED it did, so I just hoped for the best and ran yet another full scan with MSE. I have not yet removed the McAfee cleaning tool since using it.

By the way, possibly important note here: when I removed Skype, I deleted all of its registry entries MANUALLY, by using repeated Ctrl-F / "Find Next" in RegEdit. I did NOT use any registry cleaning tools such as CCleaner. I also did NOT employ the same registry seek-and-destroy treatment for McAfee and Avast (with OR without a registry cleaning tool; their entries may still be there for all I know), because a friend of mine said I shouldn't have to. But if he was mistaken, then let me know.

So, as the latest scan approached the 3 hour mark, I suddenly had to use the bathroom. Yup. I thought I'd be able to make it because I thought I had until 3:15:51 (the scan time was at 2:56:something) but just in case, I maximized MSE's window so that I'd see the fatal file if it froze again. I came back to my computer to see that the machine had rebooted, and I was about to pitch a fit when I saw a VERY welcome error report pop up. Apparently while I was away my computer had bluescreened and gotten a PROPER crash for the first time in this whole mess, and I now had some real data:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: 77
BCP1: 00000001
BCP2: 00000000
BCP3: 00000000
BCP4: 8D14BC70
OS Version: 6_0_6002
Service Pack: 2_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\Mini101812-01.dmp
C:\Users\ben\AppData\Local\Temp\WER-206155-0.sysdata.xml
C:\Users\ben\AppData\Local\Temp\WERAB9A.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

The link gave me nothing useful, and two of the files weren't even there. But the dump file was. To decipher its cartoony looking gibberish (lol Notepad) I downloaded and ran a debugging tool, which gave me these additional pieces of information:

Loading Dump File [C:\Windows\Minidump\Mini101812-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6002.18686.x86fre.vistasp2_gdr.120824-0336
Machine Name:
Kernel base = 0x82e4c000 PsLoadedModuleList = 0x82f63c70
Debug session time: Thu Oct 18 21:01:58.095 2012 (UTC - 4:00)
System Uptime: 0 days 3:44:10.354
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 77, {1, 0, 0, 8d14bc70}

Probably caused by : memory_corruption ( nt!MiInPageSingleKernelStack+284 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_STACK_INPAGE_ERROR (77)
The requested page of kernel data could not be read in. Caused by
bad block in paging file or disk controller error.
In the case when the first arguments is 0 or 1, the stack signature
in the kernel stack was not found. Again, bad hardware.
An I/O status of c000009c (STATUS_DEVICE_DATA_ERROR) or
C000016AL (STATUS_DISK_OPERATION_FAILED) normally indicates
the data could not be read from the disk due to a bad
block. Upon reboot autocheck will run and attempt to map out the bad
sector. If the status is C0000185 (STATUS_IO_DEVICE_ERROR) and the paging
file is on a SCSI disk device, then the cabling and termination should be
checked. See the knowledge base article on SCSI termination.
Arguments:
Arg1: 00000001, (page was retrieved from disk)
Arg2: 00000000, value found in stack where signature should be
Arg3: 00000000, 0
Arg4: 8d14bc70, address of signature on kernel stack

Debugging Details:
------------------


ERROR_CODE: (NTSTATUS) 0x1 - STATUS_WAIT_1

BUGCHECK_STR: 0x77_1

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 82ec2c38 to 82f19abf

STACK_TEXT:
8d193cb4 82ec2c38 00000077 00000001 00000000 nt!KeBugCheckEx+0x1e
8d193d38 82e804e8 85710d78 8d193d58 00000000 nt!MiInPageSingleKernelStack+0x284
8d193d6c 82e812dc 85710de8 00000000 8d193dc0 nt!KiInSwapKernelStacks+0x43
8d193d7c 83021fe6 00000000 b828902c 00000000 nt!KeSwapProcessOrStack+0x83
8d193dc0 82e8af0e 82e81259 00000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiInPageSingleKernelStack+284
82ec2c38 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MiInPageSingleKernelStack+284

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 5037809b

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0x77_1_nt!MiInPageSingleKernelStack+284

BUCKET_ID: 0x77_1_nt!MiInPageSingleKernelStack+284

Followup: MachineOwner
---------

Memory corruption, it said. I decided to run the Memory Diagnostics Tool, and doing so rebooted the computer. Sadly, it found nothing. When it finished, CheckDsk decided that it wanted another try too so I let it run next. It found nothing as well. It occurred to me that I might be infected with something, so I used this tool recommended on other forums to people with a similar problem to mine: http://support.kaspersky.com/viruses/solutions?qid=208280684 and unfortunately, that too yielded no findings.
That's where I stand as of right now. Mostly everything still seems functional, though I would like to be able to talk to my friends again on Skype--it's just that I can't fix that problem until I fix this winsxs issue, and until I do, I don't want to run any risk of Skype turning my machine into a burning mushroom cloud. Curiously, AIM and Steam appear to work fine.

Any advice would be useful and meanwhile I'll keep looking around for solutions to try out. I'd prefer messing with hardware (dissecting the laptop, etc.), BESIDES anything involving a CD, to be used as a last resort. Reformatting is also preferable as a second-last resort. I don't know very much about how exactly computers are put together.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,384 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:49 AM

Posted 20 October 2012 - 12:45 PM

FWIW: When chkdsk attempts to run on boot...best thing to do (after booting into Windows) is to run the chkdsk /r command.

The automatic chkdsk at boot...is less effective than the chkdsk /r command and may resolve whatever the problem might be.

Louis

#3 Anhuw

Anhuw
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 20 October 2012 - 05:35 PM

Incoming log:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
535552 file records processed. 2018 large file records processed. 0 bad file records processed. 2 EA records processed. 65 reparse records processed. Index entry opr0R4GN.tmp of index $I30 in file 0x147d1 points to unused file 0x1e6dd.
Deleting index entry opr0R4GN.tmp in index $I30 of file 83921.
Unable to locate the file name attribute of index entry opr0R4GO.tmp
of index $I30 with parent 0x147d1 in file 0x1f957.
Deleting index entry opr0R4GO.tmp in index $I30 of file 83921.
Index entry opr0R4GP.tmp of index $I30 in file 0x147d1 points to unused file 0x329c4.
Deleting index entry opr0R4GP.tmp in index $I30 of file 83921.
612480 index entries processed. 0 unindexed files processed. 535552 security descriptors processed. Cleaning up 11 unused index entries from index $SII of file 0x9.
Cleaning up 11 unused index entries from index $SDH of file 0x9.
Cleaning up 11 unused security descriptors.
38465 data files processed. CHKDSK is verifying Usn Journal...
The remaining of an USN page at offset 0x51d60ec98 in file 0x116be
should be filled with zeros.
The USN Journal entry at offset 0x51d60f000 and length 0xf9a994ca crosses
the page boundary.
Repairing Usn Journal file record segment.
36168472 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc00000b5 at offset 0x3260140000 for 0xa000 bytes.
Read failure with status 0xc00000b5 at offset 0x3260148000 for 0x1000 bytes.
Windows replaced bad clusters in file 17722
of name \Windows\System32\dmloader.dll.
Read failure with status 0xc00000b5 at offset 0xddb6bc000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0xddb6c2000 for 0x1000 bytes.
Windows replaced bad clusters in file 86292
of name \Windows\winsxs\X8C9DA~1.225\win32k.sys.
Read failure with status 0xc00000b5 at offset 0x2bc4702000 for 0xa000 bytes.
Read failure with status 0xc00000b5 at offset 0x2bc4707000 for 0x1000 bytes.
Windows replaced bad clusters in file 102231
of name \Users\ben\AppData\Local\VIRTUA~1\PROGRA~1\NEVERW~1\override\AE1B3A~1.MDL.
535536 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
9329986 free clusters processed. Free space verification is complete.
Adding 3 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

299365371 KB total disk space.
261168748 KB in 465313 files.
220108 KB in 38466 indexes.
16 KB in bad sectors.
656555 KB in use by the system.
65536 KB occupied by the log file.
37319944 KB available on disk.

4096 bytes in each allocation unit.
74841342 total allocation units on disk.
9329986 allocation units available on disk.

Internal Info:
00 2c 08 00 e9 af 07 00 78 ba 0d 00 00 00 00 00 .,......x.......
6e 17 00 00 41 00 00 00 00 00 00 00 00 00 00 00 n...A...........
42 00 00 00 a2 73 af 77 98 8c 31 00 98 84 31 00 B....s.w..1...1.

Windows has finished checking your disk.
Please wait while your computer restarts.


Yeah my hard drive is kinda full, but I can delete a lot of things if need be. Should I risk another MSE scan now of the Windows folder?

Edited by Anhuw, 20 October 2012 - 05:36 PM.


#4 master131

master131

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:12:49 AM

Posted 20 October 2012 - 09:54 PM

Are you still experiencing issues now? It seems that your hard drive or something is defective. Technet recommends you run chkdsk (which you have already done) and check for any MBR viruses. You can do this by using something like aswMBR which can be downloaded here.

KERNEL_STACK_INPAGE_ERROR:

This Stop message indicates that the requested page of kernel data from the paging file could not be read into memory. It might have been caused by a bad block (sector) in a paging file, a disk controller error, a defective motherboard, failing RAM, or because the stack signature in the kernel stack was not found. In extremely rare cases, it is caused when nonpaged pool resources run out.


Edited by master131, 20 October 2012 - 09:57 PM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,384 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:49 AM

Posted 21 October 2012 - 09:14 AM

Are you still experiencing issues now? It seems that your hard drive or something is defective. Technet recommends you run chkdsk (which you have already done) and check for any MBR viruses. You can do this by using something like aswMBR which can be downloaded here.

KERNEL_STACK_INPAGE_ERROR:

This Stop message indicates that the requested page of kernel data from the paging file could not be read into memory. It might have been caused by a bad block (sector) in a paging file, a disk controller error, a defective motherboard, failing RAM, or because the stack signature in the kernel stack was not found. In extremely rare cases, it is caused when nonpaged pool resources run out.


Aswmbr is a tool for neutralizing malware and members should not suggest such tools (other than routine AV/antispyware programs) to other members...when assessing situations within the Vista forum. Malware analysis is not performed within this forum...and suggesting malware tools for a situation that appears to be either an O/S or hardware problem...well, that does no justice to any member who doesn't know better.

If the OP has any solid indication that the system is infected...then that should be addressed in the Am I Infected Forum.

If such is the case, then the OP of this topic can state such and I will move the topic to AII.

Based on what has been stated thus far...it seems a file system or hardware problem, IMO.

Louis

#6 Anhuw

Anhuw
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 21 October 2012 - 11:20 AM

MSE successfully scanned winsxs with no crashes, Skype is now back on my computer and not destroying the world, and everything appears to be back in order. I suspect that a piece of Skype may have been touching the bad sector in question, causing it to get corrupted or something. That may have even been why it crashed a couple of times in the past when asking for updates. So yeah, that's over with now and I wish to express my thanks to hamluis for the suggestion of the ChkDsk /r. Back before I realized what the real problem was, I noticed that a LOT of people were complaining about problems with Skype 5.10 similar to my own. Hopefully this will help clear things up for people.

A friend of mine suggested getting a new hard drive though, and I'm starting to consider it.

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,384 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:49 AM

Posted 21 October 2012 - 02:22 PM

:thumbup2: , glad all seems well now.

You can run a diagnostic on your current hard drive to evaluate its condition...before you make a decision to purchase another hard drive.

The hard drive manufacturers provide utilities for this purpose at their respective websites. Currently, there are two major hard drive manufacturers with such...Western Digital and Seagate/Samsung.

You can easily determine what drive model and the manufacturer...by looking at the detail in Device Manager under Disk Drives and then using Google to look up the data reflected. Usually, it's pretty obvious who manufacturerd the drive.

http://www.seagate.com/support/downloads/seatools/ , I prefer the SeaTools for DOS utility over the SeaTools For Windows.

http://support.wdc.com/product/download.asp?groupid=602&sid=2&lang=en , Data Lifeguard Diagnostic for DOS.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users