Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shutdown took too long rebooted with BSOD


  • Please log in to reply
13 replies to this topic

#1 Graywolf64

Graywolf64

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 07 September 2013 - 06:34 PM

Last weekend I did a normal routine reboot just to refresh my system, I noticed it was taking for ever for the shutting down process, when it rebooted I got a BSOD and said shutdown process took too long and if it was the first time you receive this then just reboot, so I had somebody reboot it for me because I'm paralyzed so I couldn't push the button myself, after that it booted up normal, so I thought, I noticed my mouse light was blinking and my PC was beeping with the beat of the mouse light. Anyhow whatever did it took out my USB's, system sounds, system restore, start menu power button won't stay at the default I have it set at which is restart it keeps going back to shut down, and Lord only knows what else is screwed up. And it's got a new never seen before black screen stays up for about 2  seconds with some system information and then continues the startup process. Managed to get my USBs back, my system restore function back, my system sounds back, no more BSOD, but still that extra boot up screen and the start menu power button problem. I've scanned with about everything and never found anything malicious on my system.
Please help.
 

 



BC AdBot (Login to Remove)

 


#2 Wolverine 7

Wolverine 7

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:07:33 AM

Posted 07 September 2013 - 06:47 PM

Dont know if you have viral corruption or hardware failure there,you need someone more knowlegable than me.Odd to have so many functions disapear with no trace of virus.

Might help if you posted your system details and whats written on the extra screen at bootup you mentioned

and what you virus scanned with.

Good luck.


Edited by Wolverine 7, 07 September 2013 - 06:50 PM.


#3 Graywolf64

Graywolf64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 07 September 2013 - 07:07 PM

Sorry, it might help if you knew what kind of machine I had. I use MSE for my antivirus. That extra screen doesn't stay up long enough for me to read completely, it has stuff like my processor, bios, etc. type information in under that it is shows if there's a malfunction with something. Here's my system information.

OS Name Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description  Not Available
OS Manufacturer Microsoft Corporation
System Name HP
System Manufacturer Hewlett-Packard
System Model s5-1224
System Type x64-based PC
Processor Intel® Pentium® CPU G640 @ 2.80GHz, 2800 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date AMI 7.12, 06/07/2012
SMBIOS Version 2.7
Windows Directory C:\windows
System Directory C:\windows\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "6.1.7601.17514"
Installed Physical Memory (RAM) 6.00 GB
Total Physical Memory 5.89 GB
Available Physical Memory 3.70 GB
Total Virtual Memory 14.7 GB
Available Virtual Memory 12.5 GB
Page File Space 8.83 GB
Page File C:\pagefile.sys
 



#4 Graywolf64

Graywolf64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 11 September 2013 - 09:08 PM

Just checking in, haven't heard anything. Situation the same.
Thanks



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:33 AM

Posted 12 September 2013 - 10:35 AM

Anytime a user does a hard shutdown...file damage can occur.

 

There are two Windows tools which can overcome some file corruption issues re system files:

 

a.  The chkdsk /r command

 

b.  The sfc /scannow command

 

I suggest that you run each of those, in the order listed.

 

Louis



#6 Graywolf64

Graywolf64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 12 September 2013 - 11:15 AM

Thanks for your reply. I didn't do a hard shut down, I did a normal reboot from the start menu power button action, which I assume goes through all the normal shutdown sequences before rebooting. And I have tried both of your suggestions before I even posted on here the first time. Any other suggestions?
Thanks


 



#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:33 AM

Posted 12 September 2013 - 12:46 PM

Well...it could be any number of issues...and I don't have the means to troubleshoot a system I cannot do "hands-on" with.  Rather than make random bad guesses about what the problem might be...I suggest that you take it to someone who can test various components.

 

Louis



#8 Graywolf64

Graywolf64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 12 September 2013 - 12:53 PM

Well, I appreciate your help, I kind of figured it would turn out that way. I'll keep diagnosing different things and if I can't find anything I'll just live with the annoyances for now.
Thanks
 



#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:33 AM

Posted 12 September 2013 - 03:06 PM

Well...my previous comment was made on the assumption that you cannot boot into Windows.  If the system can boot...let's try the following.

 

Please download MiniToolBox  , save it to your desktop and run it.

 

Checkmark the following checkboxes:

  List last 10 Event Viewer log

  List Installed Programs

  List Users, Partitions and Memory size.

 

Click Go and paste the content into your next post.

 

Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.

 

Louis



#10 Graywolf64

Graywolf64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 12 September 2013 - 03:44 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by eric (administrator) on 12-09-2013 at 16:20:50
Running from "C:\Users\eric\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/12/2013 03:43:39 PM) (Source: ESENT) (User: )
Description: DllHost (1660) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\eric\AppData\Local\Microsoft\Windows\WebCache\V01002D4.log.

Error: (09/12/2013 03:29:59 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e795e1bb-e710-4de1-9aad-ef3fed77123e}

Error: (09/12/2013 03:28:25 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e795e1bb-e710-4de1-9aad-ef3fed77123e}

Error: (09/12/2013 03:01:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/12/2013 01:19:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {b4aef13e-4e96-4720-be3d-f83d9a874e96}

Error: (09/12/2013 01:09:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/12/2013 01:03:42 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {941053b4-b868-4860-a331-d1fa9d354ecb}

Error: (09/12/2013 00:59:37 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {3fe543ee-4b8f-4f23-ad79-70d719c5f0f6}

Error: (09/12/2013 00:49:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {371a070d-1412-48d8-a9e8-fdd22ddf9eb4}

Error: (09/12/2013 08:51:46 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {00f291ad-00ea-4485-85ae-10f43b0bff38}

System errors:
=============
Error: (09/12/2013 04:01:08 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/12/2013 04:00:53 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/12/2013 03:35:14 PM) (Source: Service Control Manager) (User: )
Description: The Sentinel64 service failed to start due to the following error:
%%20

Error: (09/12/2013 03:35:14 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

Error: (09/12/2013 03:31:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).

Error: (09/12/2013 03:29:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).

Error: (09/12/2013 01:20:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).

Error: (09/12/2013 01:05:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).

Error: (09/12/2013 01:00:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).

Error: (09/12/2013 00:50:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).

Microsoft Office Sessions:
=========================
Error: (09/12/2013 03:43:39 PM) (Source: ESENT)(User: )
Description: DllHost1660WebCacheLocal: C:\Users\eric\AppData\Local\Microsoft\Windows\WebCache\V01002D4.log-1811

Error: (09/12/2013 03:29:59 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e795e1bb-e710-4de1-9aad-ef3fed77123e}

Error: (09/12/2013 03:28:25 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e795e1bb-e710-4de1-9aad-ef3fed77123e}

Error: (09/12/2013 03:01:08 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestH:\APPLICATIONS\DRAGON NATURALLY SPEAKING 12.0 PREMIUM\NSPEAKING12P\dragon_support_packager.exe

Error: (09/12/2013 01:19:12 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {b4aef13e-4e96-4720-be3d-f83d9a874e96}

Error: (09/12/2013 01:09:40 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestH:\APPLICATIONS\DRAGON NATURALLY SPEAKING 12.0 PREMIUM\NSPEAKING12P\dragon_support_packager.exe

Error: (09/12/2013 01:03:42 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {941053b4-b868-4860-a331-d1fa9d354ecb}

Error: (09/12/2013 00:59:37 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {3fe543ee-4b8f-4f23-ad79-70d719c5f0f6}

Error: (09/12/2013 00:49:14 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {371a070d-1412-48d8-a9e8-fdd22ddf9eb4}

Error: (09/12/2013 08:51:46 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {00f291ad-00ea-4485-85ae-10f43b0bff38}

CodeIntegrity Errors:
===================================
  Date: 2013-09-10 18:57:10.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-10 18:57:10.917
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-08 13:49:21.513
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-08 13:49:21.473
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-16 11:25:14.923
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\EA50.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-16 11:25:14.883
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\EA50.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-16 11:25:14.743
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\EA50.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-16 11:25:14.713
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\EA50.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-16 11:25:14.653
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\EA50.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-16 11:25:14.613
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\EA50.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

µTorrent (Version: 1.8.5)
5700_Help (Version: 1.00.0000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ACDSee Free (Version: 1.1.21)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Boilsoft Video Joiner 6.56
Boilsoft Video Splitter 6.34
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 130.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
CCleaner (Version: 4.05)
Color Efex Pro 3.0 Complete (Version: 3.0)
Corel PaintShop Pro X5 (Version: 15.2.0.12)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DocProc (Version: 13.0.0.0)
Dragon NaturallySpeaking 10 (Version: 10.10.0)
Family Tree Maker 2011 (Version: 20.0.368)
Fax (Version: 130.0.418.000)
FormatFactory 3.0.1 (Version: 3.0.1)
GPBaseService2 (Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP OfficeJet J5700 (Version: 13.0)
HP Setup (Version: 9.0.15130.3904)
HP Solution Center 13.0 (Version: 13.0)
HP TouchSmart Background - Beats (Version: 1.0.1.0)
HP Update (Version: 5.005.000.002)
HP Vision Hardware Diagnostics (Version: 2.12.1.0)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
ICA (Version: 15.2.0.12)
IDT Audio (Version: 1.0.6374.0)
ImgBurn (Version: 2.5.7.0)
Intel® Management Engine Components (Version: 8.0.0.1351)
Intel® OpenCL CPU Runtime
Intel® Processor Graphics (Version: 9.17.10.2932)
Intel® Rapid Storage Technology (Version: 11.0.0.1032)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
Internet Explorer (Enable DEP)
IPM_PSP_COM (Version: 15.2.0.12)
J5700 (Version: 130.0.000.000)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 14.0.8117.416)
LabelPrint (Version: 2.5.4507)
License Support (Version: 1.1.0.0929)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaPlayerLite 0.4.2 (Version: 0.4.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MKVToolNix 5.8.0 (Version: 5.8.0)
Mozilla Thunderbird 17.0.8 (x86 en-US) (Version: 17.0.8)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
opensource (Version: 1.0.14960.3876)
Power2Go (Version: 6.1.5706)
ProductContext (Version: 130.0.000.000)
PSPPContent (Version: 15.2.0.12)
PSPPHelp (Version: 15.2.0.12)
PSPPro64 (Version: 15.2.0.12)
Recovery Manager (Version: 5.5.0.4424)
Scan (Version: 13.0.0.0)
SES Driver (Version: 1.0.0)
Setup (Version: 15.2.0.12)
Smart Defrag 2 (Version: 2.8)
SolutionCenter (Version: 130.0.373.000)
Speccy (Version: 1.21)
Status (Version: 130.0.469.000)
swMSM (Version: 12.0.0.1)
TeamViewer 8 (Version: 8.0.19617)
The Family Tree Maker
TI USB 3.0 Host Controller Driver (Version: 1.12.18.0)
TI USB3 Host Driver (Version: 1.12.18.0)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
TSHostedAppLauncher (Version: 5.1.15.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual C++ 64-bit Redistributables (Version: 1.1.0.0929)
Visual C++ Redistributables (Version: 1.1.0.0929)
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 10.00.800.228)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
vReveal 3
WD Discovery Software (Version: 1.80)
WebReg (Version: 130.0.132.017)
Windows Driver Frameworks Update Packages (Version: 8.0.0.0)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (Version: 03/06/2009 1.0.0008.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 6030.01 MB
Available physical RAM: 4234.34 MB
Total Pagefile: 15073.2 MB
Available Pagefile: 13275.57 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.37 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:914.58 GB) (Free:759.82 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:16.71 GB) (Free:2.09 GB) NTFS
3 Drive e: (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
6 Drive h: (My Book) (Fixed) (Total:2794.49 GB) (Free:883.65 GB) NTFS

========================= Users: ========================================

User accounts for \\HP

85C55F43BC5A41739639     Administrator            eric                    
Guest                   

**** End of log ****
 

 

http://speccy.piriform.com/results/FkMnUeP4mtqaZbVexfJZHJv

 

Thanks
Eric

 


Edited by Graywolf64, 12 September 2013 - 04:03 PM.


#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:33 AM

Posted 12 September 2013 - 05:30 PM

Does your Pavilion have any diagnostic programs?  If so, did you run a complete check of the system?

 

Your java is out of date.

 

Restart on Crash v1.1

 

I would remove this program, since I believe if's unnecessary and even acts counter to a user's best interests.  When the system or a program crashes...it does do to indicate that there is a problem that may require attention.  To override that warning mechanism...I don't consider that advisable for any user of a computer system.  My guess would be that overriding the normal functioning of Windows might result in damaged system files....just a guess.

 

You have attempted to run ComboFix...why?

 

Several strange errors re EA50.tmp...I don't believe I've ever seen a .tmp file reflected as an issue in Event Viewer before...I'd be concerned about the possibility of malware.

 

You seem to have a problem with System Restore (Shadow Copy).

 

Problem with NET Framework 4, updates failed to install.

 

My inclination...would be to suggest starting a topic in the Am I infected forum, just to clear that as a poteontial problem.  Other than what I have stated, I see no indication that your issues are Windows issues, aside from the possible corruption caused by Restart On Crash.  I would uninstall that temporarily to eliminate it as a suspect. 

 

Louis



#12 Graywolf64

Graywolf64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 12 September 2013 - 06:15 PM

I don't know if there's any pavilion diagnostic tools installed from the factory or not, I'll have to check.

I think everybody's java is out of date, they update more than Microsoft.

The restart on crash program is kind of a misleading name for the program, it is not a system restart on crash program, it's for problem software that might freeze sometimes, i.e. Internet Explorer, movie maker, Dragon, etc. so if I'm doing something with let's say moviemaker and it freezes since I'm paralyzed I can't use a keyboard or mouse to just simply close the program, it freezes my whole system because I can only use Dragon to operate my computer. So that program kills the program so I can get back to what I am working on, or if for some reason Dragon doesn't load at start up automatically like it should, that Program will start it for me, otherwise I'm stuck until somebody comes around who can use a keyboard or mouse and close the program. If you know of a better program that will do this I'm all ears. I have disabled before just to see, but that wasn't the problem

I ran combofix because I thought I might have had a backdoor or something on my machine, because I was getting emails from Comcast about something that was coming from my IP address, but found out that was not the problem, they never could figure it out.

I haven't read all the way through the logs yet, but I did notice one that was about Dragon being in a temp file, and it shouldn't be. Don't know if that's the one you're talking about or not.

Yeah I noticed my shadow copy wasn't running in services.

Yeah don't know what's going on with .net framework update, I've been trying to get it fixed today, no luck so far.

Thanks for your help.
Eric


Edited by Graywolf64, 12 September 2013 - 06:22 PM.


#13 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:33 AM

Posted 12 September 2013 - 08:00 PM

Easily done...sorry I could not be more helpful :).

 

Louis



#14 Graywolf64

Graywolf64
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 AM

Posted 12 September 2013 - 08:50 PM

Nothing to be sorry about. Just taking the time to do what y'all do is plenty. Can't fix everything everytime. Trust me if anybody knows about not being able to do certain things without hands-on capabilities, it's me, being paralyzed, that's my world.

Y'all just keep doing what y'all do. For those who can't.
Thanks again. 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users