Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various issues with computer


  • This topic is locked This topic is locked
6 replies to this topic

#1 Drunkardonfire

Drunkardonfire

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 07 November 2012 - 06:54 PM

Hello!

For the past 2 weeks I have been unable to game on my computer due to BSODs which happen anywhere between 1 minute and 1.5 hours of gaming. Sometimes, I can game fine up until I decide to test the waters and turn on Pandora. When I do, The sound loops (so rapidly it's practically a buzz), the computer freezes, and then the BSOD appears. The messages on the BSOD have varied. Sometimes it is "KERNEL_INPAGE_DATA_ERROR" other times, "KERNEL_DATA_ERROR", and sometimes those two don't show up but it is some other error. I should also mention that there are times when the computer doesn't even BSOD at all but instead isn't able to load certain textures in a game I am playing, eventually resulting in a game freeze. But when I Ctrl+alt+del, I receive an error message "Unable to display security and shutdown options." and my entire taskbar and sidebar are completely gone. I then try to double-click the Chrome browser and the message is something to the effect of "this file has moved, would you like to delete this shortcut?" (I'm a little shoddy on that message though so I don't know the exact wordage). This all seems to have begun a couple months ago when my computer would sometimes BSOD when shutting down or going into sleep mode due to idling. It didn't happen very often, and, to be honest, I procrastinated on fixing the issue. Now the problems have gotten much worse, but the weird thing is, the BSODs don't happen on shut down anymore, though I have had a couple shut-down freezes where the computer would be stuck on the "shutting down" screen with the little circle spinning eternally.

I have run a full scan of MalwareBytes twice, and 2 full scans with AVG and 1 full scan with Norton Antivirus (I uninstalled AVG and installed a partition of Norton 360 from my mother). Each scan found nothing, except for the first Malwarebytes one which only found 3 issues, nothing major though.

I installed HijackThis and recorded a log. My computer comes up with a "Physical Memory Dump FAILED" message each time so BSOD logs don't seem to work. (The last WhoCrashed log is from september, and that was a shutdown BSOD) I don't really know how to properly log BSOD's though so if you need that information I will work on learning how to do that. I cannot run chkdsk as when I reboot (after it schedules the scan) the scan is immediately cancelled without me pressing anything and without any form of countdown. When I try to run chkstfs, I get no confirmation messages for any functions, and /r, /p are not recognized. And yes, I run everything in admin.

Before I post the log I will run down the list of potentially eliminated possibilities:

Overheating: my computer runs at 28C.

Hardware issue: I ran HD Tune Pro, and did a full scan, there were no errors. I do not believe there is a videocard error as I can watch movies, netflix, and youtube all day with no problems.

sfc /scannow came up with 0 errors/issues.

This is my current comp spec:

Intel i5-2500k CPU @ 3.30 GHz

Nvidia GEforce GTX 570

Gigabyte Motherboard: Z68A-D3-B3

8GB RAM

DirectX 11

Windows 7 64bit

Seagrams 1TB HD



Anyway, here's the HijackThis log - Thank you so much in advance for taking the time to review this.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:35:34 PM, on 11/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3106777
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3930770261-3847960933-2923451084-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3930770261-3847960933-2923451084-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WNDA3100v2 Smart Wizard.lnk = ?
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS64.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

--
End of file - 11632 bytes


EDIT: I am now officially done installing/uninstalling/downloading anything (other than streaming videos/pandora) at this point. To update, I installed glary utilities and found 741 registry errors which I had fixed. Each time I run the utility, 3-6 registry errors pop up. I tried to look into C: Users/username/appdata, etc. but Appdata folder is missing. It seems a bunch of files are missing, but there is nothing popping up on the scans... But as I said, I will make no more changes from this point on.

Edited by Drunkardonfire, 07 November 2012 - 11:26 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:33 PM

Posted 10 November 2012 - 05:37 PM

Good evening. :)

Registry cleaners can often do more harm than good, so there is a risk that whatever they "fixed" may result in a need to reinstall the operating system. The only time that you can run one with confidence is just before a reformat and reinstall!

Click the "Windows" icon in the bottom left hand corner.
Select Control Panel.
Select System.
Select Advanced system settings on the left hand side.
Under Startup and Recovery click the Settings... button.
Under System failure ensure that Automatic restart is unchecked.

Under Write debugging information ensure that Kernal memory dump is selected.
The location of this dump file should be listed underneath - mine is %SystemRoot%\MEMORY.DMP.

Click OK and close any open windows that are left.

I want you to use the PC until it crashes again. The blue screen should remain and there should be some information at the bottom, under Technical information:.
Please copy that down before you reboot the PC and let me have it in your next reply.
Also, take a look for the dump file that should have been written to the location above - in my case this is C:\Windows\MEMORY.DMP Please attach the .dmp file if you can find it, which may need to be zipped up first if the board won't accept it unzipped.

So long, and thanks for all the fish.

 

 


#3 Drunkardonfire

Drunkardonfire
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 11 November 2012 - 11:56 AM

So I started up Pandora and Civilization 5 to induce the crash - this is what I got:

A PROCESS OR THREAD CRUCIAL TO SYSTEM OPERATION HAS UNEXPECTEDLY EXITED OR BEEN TERMINATED.

(if this is the first time blah blah)

***STOP: 0x000000F4,(0x0000000000000003, 0xFFFFFA8008CD7B30,0xFFFFF8008CD7E10, 0xFFFFF80002F8C460.

EDIT: For some reason my computer is preventing me from uploading the Memory Dump file. First it was norton, so I ZIPed it, now it's saying no file was selected...

Edited by Drunkardonfire, 11 November 2012 - 12:09 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:33 PM

Posted 11 November 2012 - 02:30 PM

Good evening. :)

That's because the file is too large - I should have known that, sorry.

Navigate to C:\Windows\Minidump <<< folder
Click on the first minidump file to select it.
Hold down the <Shift> key, and click on the last minidump file to select all of the files.
Release the <Shift> key.
Now, right-click on any one of the selected files > Send to ... > Compressed (zipped) Folder.
The zip file will be located in the same place (the Minidump folder).
Attach the zip file to your next reply.
When you click on Add Reply, you will see the facility to attach a file just below the box where you type your message.

Please zip up the minidumps and attach the resultant zip file to your next reply so I can have a closer look. There's a chance I might get some more useful info from them.

Edited by Noviciate, 11 November 2012 - 02:39 PM.

So long, and thanks for all the fish.

 

 


#5 Drunkardonfire

Drunkardonfire
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 12 November 2012 - 07:41 PM

Here you go, I attached the mini-dump. As an update, my computer had it's first random crash (that is, it crashed outside of me playing video games) and first boot-crash today (both separate occurrences). Attached File  111212-23899-01.zip   24.92KB   1 downloads

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:33 PM

Posted 13 November 2012 - 05:18 PM

Good evening. :)

AustrAlien has been kind enough to take a look at your problem and is of the opinion that this is a hardware issue rather than a malware one. In order that he can help you with your problem you will need to contact a Moderator via PM and ask them to unlock your original thread in the Windows 7 forum here as AustrAlien is unable to post in this part of the site.
I'll leave this one unlocked should it be necessary for you to return, but I suspect that you won't need my assistance on this one.

So long, and thanks for all the fish.

 

 


#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:33 PM

Posted 13 November 2012 - 07:29 PM

Hi,

As mentioned, AustrAlien has been kind enough to take over this topic here: http://www.bleepingcomputer.com/forums/topic474358.html/page__p__2889249#entry2889249

To avoid confusion, this topic is now closed.


bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users