Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Display Driver failing, blue-screen cache dump, and more.


  • Please log in to reply
10 replies to this topic

#1 Reesie87

Reesie87

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 01 September 2013 - 07:20 PM

My operating system is Windows 7, and my computer is a Dell. My main internet browser is Firefox.

 

I have been directed to this forum from here:
http://www.bleepingcomputer.com/forums/t/504053/display-driver-failing-and-the-blue-screen-of-death/page-2#entry3142066

 

If you'd like to skim in there to see what kinds of problems i've been having, have at it! I'll summarize for you, though.

 

Basically, my computer is 'on the fritz'

 

At random, the screen suddenly goes black and seems to freeze up. When it comes back, it says that my display driver had stopped working, but had recovered. It doesn't ALWAYS recover, though...sometimes, it goes black, and then blue-screens on me (cache dump). It forces my laptop to restart, where the black start-up windows is suddenly littered with red dots. When it starts up with the red-and-black instead of solid black, it WILL NOT restart normally. It'll continue cycling through the start-up and bluescreen until I just give up and get on through Safemode with Networking. Sometimes, this lasts for days on end. Other days, it boots up completely normally.

 

I've worked with a moderator on here already in the Infected forum, and they don't think malware is the problem. I quote: "Mention we feel it may be clean here. Link to this topic. Let's see what they find."

 

OH! Also, Internet Explorer pops up at complete random, redirecting me to various websites. ALL of the redirects start with the following URL: http://cpvfeed.mediatraffic.com/redir.php?

If it's helpful, I have a notepad document of all of the URLS it's tried to redirect me to. The weird thing is that the websites i'm currently accessing when I.E pops up are mixed in the URL somehow. In example, when I was on the other forum in here trying to make sure my laptop wasn't infected, Internet Explorer popped up with the following URL:

 

http://cpvfeed.mediatraffic.com/redir.php?ac=1351&sac=&dat=657636cb4a0194a9b68c7e2bf1d906c3&cpv=0.02000&url_pop=http%253A%252F%252Fcheerydates.com%252Fm%252Fclick.php%253Fc%253D461%2526key%253D4m2i0n2p2h7o4z3t9z3y3a83%2526c1%253D&ctl=Jq2XSHGhOk1iAQ%3D%3D&def=&hwd=&md=0&mp=20&mod=keywords&kw=&fci=&ffc=&rqu1=www.bleepingcomputer.com%2F&rqu2=forums%2Ft%2F504053%2Fdisplay-driver-failing-and-the-blue-screen-of-death%2Fpage-2

 

See the Bleepcomputer url at the end of it? Yup. Sooo..not sure what my laptop is doing there.

 

So there are three things we gotta look into, so I know HOW to fix my computer.

1) Display Driver Failing

2) Blue-screen of death

3) Internet Explorer popping up without being personally accessed

 

Any help is greatly, greatly appreciated.


Edited by Reesie87, 01 September 2013 - 07:21 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,406 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:28 AM

Posted 02 September 2013 - 08:36 AM

Please download MiniToolBox  , save it to your desktop and run it.

 

Checkmark the following checkboxes:

  List last 10 Event Viewer log

  List Installed Programs

  List Users, Partitions and Memory size.

 

Click Go and paste the content into your next post.

 

Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.

 

Louis



#3 Reesie87

Reesie87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 04 September 2013 - 04:50 PM

MINITOOLBOX RESULTS:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Reese (administrator) on 04-09-2013 at 17:43:18
Running from "C:\Users\Reese\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/04/2013 05:30:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2013 01:14:03 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (09/04/2013 11:45:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2013 10:18:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2013 04:02:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2013 03:07:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2013 09:29:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2013 02:00:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2013 04:59:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2013 09:43:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/04/2013 05:30:55 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (09/04/2013 11:44:37 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/04/2013 11:44:36 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/04/2013 11:44:27 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/04/2013 11:44:18 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/04/2013 11:44:13 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 21

Error: (09/04/2013 11:44:02 AM) (Source: BugCheck) (User: )
Description: 0x00000116 (0xfffffa8007865010, 0xfffff880040078b8, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP090413-23587-01

Error: (09/04/2013 11:43:57 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSDriver
Avgldx64
discache
spldr
Wanarpv6

Error: (09/04/2013 11:43:55 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%31

Error: (09/04/2013 11:43:25 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


Microsoft Office Sessions:
=========================
Error: (09/04/2013 05:30:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2013 01:14:03 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (09/04/2013 11:45:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2013 10:18:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2013 04:02:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2013 03:07:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2013 09:29:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2013 02:00:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2013 04:59:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2013 09:43:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-08-09 15:16:07.674
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-09 15:16:07.627
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-09 15:16:07.596
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-09 15:16:07.565
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-08 16:11:12.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-08 16:11:12.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Accelerometer (Version: 1.06.08.17)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
Cisco NAC Agent  (Version: 4.9.3.5)
Dell Touchpad (Version: 14.0.2.0)
ESET Online Scanner v3
Google Chrome (Version: 29.0.1547.62)
Google Update Helper (Version: 1.3.21.153)
GorillaPrice
IDT Audio (Version: 1.0.6267.0)
Intel PROSet Wireless
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
RealUpgrade 1.1 (Version: 1.1.0)
RICOH Media Driver ver.2.07.01.04 (Version: 2.07.01.04)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3956.52 MB
Available physical RAM: 2137.27 MB
Total Pagefile: 7911.23 MB
Available Pagefile: 5811.03 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.39 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:363.15 GB) NTFS

========================= Users: ========================================

User accounts for \\REESE-PC

Administrator            Guest                    Reese                    


**** End of log ****

 

 

 



#4 Reesie87

Reesie87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 04 September 2013 - 04:52 PM

I couldnt find the button with the green arrow that says 'add reply' so I went to 'reply options' and click on THAT 'add reply' button, but it just posted the post. I wasn't able to add in the details of  the Speccy snapshot =P So, sorry it wasn't in the same post? Your details need to be updated if the button has changed.

 

I believe this is what you're looking for:

 

http://speccy.piriform.com/results/RBw8PUtcaEqMF60CRqPPgcI



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,406 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:28 AM

Posted 04 September 2013 - 05:05 PM

You did fine, thanks :).

 

It will take me a few minutes to look things over, so be patient, please.

 

Following is reflected among active processes:  http://www.bleepingcomputer.com/startups/GorillaPrice.exe-27682.html .

 

You also have a related process, watgorp.exe on your system.

 

I suggest downloading/installing/updating/running SUPERAntiSpyware Free first...then update and run Malwarebytes.  If any malware items are found/removed, I think we move this back to Am I Infected.

 

CPU temperature max is 90 Celsius, current reading at 72 Celsius.  Should not be a problem yet.

 

While we're checking things...might as well run SeaTools for Windows on your hard drive, long/extended diagnostic.

 

SeaTools For Windows Download - http://www.seagate.com/support/downloads/item/seatools-win-master/

 

If you encounter error messages while attempting any of these things...please write them down and post same for all to see.

 

Louis


Edited by hamluis, 04 September 2013 - 06:02 PM.


#6 Reesie87

Reesie87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 11 September 2013 - 09:58 AM

Downloaded SuperAntiSpyware. I only did a Quick Scan and it found over 500 items of Adware.Tracking Cookie (586 to be exact). All were in File Items. Nothing in memory or registry. I had 'em removed. As they aren't neccessarily 'harmful' (though certainly unwanted!), i'm gonna assume I don't need to move back to Am I Infected just yet?

 

Did as instructed and updated Malwarebytes. It's stops responding every few minutes, so it's taking an extremely long time. As soon as it completes, i'll post here to let you know if anything pops up.

 

Anything new to report from my previous step that you were looking into? :)



#7 Reesie87

Reesie87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 13 September 2013 - 10:18 AM

I finished my complete Malwarebytes scan. No malicious malware was detected.



#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,406 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:28 AM

Posted 13 September 2013 - 08:49 PM

Well...if I found a rather large number of malware items on my system via SUPERAntiSpyware...I think I'd post a topic in the Am I Infected forum :).

 

Especially since you were given a clean bill of health about 3 weeks ago in AII.  It seems that something is clearly wrong with your system protection procedures, IMO.

 

Louis



#9 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 14 September 2013 - 04:08 AM

Louis, you're misreading what he said. Superantispyware only found cookies, nothing harmful. It could be he just hadn't run SAS for a while.



#10 Reesie87

Reesie87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 15 September 2013 - 08:33 PM

She*.

 

But yeah, they were only tracking cookies. I don't think tracking cookies can cause my display driver to fail on me. Is there a way to ask one of the moderators in that forum without being sent back there completely? I don't want them to just push me right back at you xDD



#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,406 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:28 AM

Posted 16 September 2013 - 07:48 AM

Sorry...but this forum does not deal with actual/potential malware issues and is open to the public for general comment...which may or may not evidence knowledge of malware.

 

If you suspect that you are infoected...the simple thing to do is just begin a new topic in the Am I Infected forum, relating your most recent expreiences with SAS and other system defense programs.

 

The personnel in that forum will take a look at your system, from that perspective.

 

You can include a link to this topic, if you think that will be of any use in the new topic.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users