Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Autoruns Crashes Every Time


  • Please log in to reply
36 replies to this topic

#1 renn

renn

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 08 February 2017 - 06:21 PM

Downloaded Autoruns from Microsoft a couple days ago but I am having a hard time learning it because it hangs after 3-5 minutes every time I run it (as administrator or not). Event viewer says Autoruns stopped interacting with Windows and was closed and directs me to the Action Center which has no issues. The only other weird thing happening is that Malwarebytes takes several minutes to open. What did I do? Win 7-32 bit, Chrome. Thanks.



BC AdBot (Login to Remove)

 


#2 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:05:41 PM

Posted 10 February 2017 - 12:16 PM

Do you have EMET installed? Please execute these instructions:

 

:step1: AppCrashView by NirSoft
 
• Download and save AppCrashView from here.
• Right-click on the downloaded ZIP file, click Extract all, taking note of where the files will be extracted, and then hit Extract.
• Open up the extracted folder, right-click on AppCrashView.exe and select Run as administrator. Please accept any User Account Control prompts.
• Highlight (click) on one of the recent Autoruns errors.
• On the bottom, there is a large window with a list of the loaded modules. Please copy ALL the information and paste it into your next reply.


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#3 renn

renn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 11 February 2017 - 10:02 AM

No, I hadn't heard of EMET. I assume it may have helped me?

Results of AppCrash:

 

   Version=1

EventType=PCA2

EventTime=131310709044715311

Consent=1

UploadTime=131310709044715311

ReportIdentifier=2578674f-ee58-11e6-81ee-00219b0dd73a

Response.BucketId=10

Response.BucketTable=5

Response.type=4

Sig[0].Name=Problem Signature 01

Sig[0].Value=Autoruns.exe

Sig[1].Name=Problem Signature 02

Sig[1].Value=13.62.0.0

Sig[2].Name=Problem Signature 03

Sig[2].Value=Autostart program viewer

Sig[3].Name=Problem Signature 04

Sig[3].Value=Sysinternals autoruns

Sig[4].Name=Problem Signature 05

Sig[4].Value=Sysinternals - www.sysinternals.com

Sig[5].Name=Problem Signature 06

Sig[5].Value=100

Sig[6].Name=Problem Signature 07

Sig[6].Value=1

DynamicSig[1].Name=OS Version

DynamicSig[1].Value=6.1.7601.2.1.0.768.3

DynamicSig[2].Name=Locale ID

DynamicSig[2].Value=1033

State[0].Key=Transport.DoneStage1

State[0].Value=1

State[1].Key=DataRequest

State[1].Value=Bucket=10/nBucketTable=5/nResponse=1/nEvent_Kinshu=2592000/nEvent_Throttle=2592000/n

FriendlyEventName=Scripted Diagnostics Native Host

ConsentKey=PCA2

AppName=Autostart program viewer

AppPath=C:\Users\K\Downloads\Autoruns.exe



#4 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:05:41 PM

Posted 11 February 2017 - 10:33 AM

No, I was just asking as EMET (Enhanced Mitigation Experience Toolkit) may have detected Autoruns as an exploit when it connects to the internet. I've seen that happen before, depending on the user's security settings,

 

We will need an application dump to analyze your problem. Please follow the instructions here to create a dump using ProcDump, incidentally another tool by Sysinternals. Follow option A and zip up the dump file before attaching it.

 

Thank you.


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#5 renn

renn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 11 February 2017 - 01:06 PM

I used the command procdump -e -w -ma autoruns.exe to get the results below so if it did not generate the results you need, please give me the proper command and I will try again. It seemed to be waiting for Autoruns to run so I ran it until Autoruns hung up. I did not run Autoruns as an administrator (forgot).

 

Thank you for your forbearance.

 

 

Attached Files



#6 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:05:41 PM

Posted 11 February 2017 - 02:40 PM

Unfortunately, that didn't work. Let Autoruns crash then run ProcDump again with the following command:

procdump -ma autoruns.exe

Of course you'll have to change directory to the one in which Autoruns.exe is stored. The dump will be saved in the same location from where you ran ProcDump. Zip up the dump and attach it in your next reply. (If necessary, use Google Drive.)


Edited by bwv848, 11 February 2017 - 02:42 PM.

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#7 renn

renn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 11 February 2017 - 07:48 PM

I want this to work this time so could you simplify that for me - change the directory to the one in which Autoruns.exe is stored. Autoruns.exe is stored in downloads. Is this where you want the Dumps file (which includes the ProcDump.exe) placed? Spell it out please.

 

Thanks.



#8 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:05:41 PM

Posted 11 February 2017 - 11:07 PM

Sorry, I'll try to break it down to the best of my abilities.

:step1: Delete all instances of ProcDump on your machine.
:step2: Download ProcDump from here. Save it to your desktop.
:step3: Open Start, and in the Search programs and files box, type cmd.
:step4: Right-click on cmd.exe, select Run as administrator, and accept any User Account Control prompts.
:step5: Run Autoruns and let it crash.
:step6: Enter the following commands in the Elevated Command Prompt you opened in Step 4:

cd %userprofile%\desktop
procdump -ma autoruns.exe

:step7: You should see a message similar to this:

[23:04:53] Dump 1 initiated: C:\ProcDumps\autoruns.exe_170211_230453.dmp
[23:04:53] Dump 1 writing: Estimated dump file size is 52 MB.
[23:04:53] Dump 1 complete: 52 MB written in 0.3 seconds
[23:04:54] Dump count reached.

:step8: Please zip up the dump file, which is on your Desktop and attach it in your next reply. If it's too large upload it to Google Drive, OneDrive, etc.

 


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#9 renn

renn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 12 February 2017 - 02:13 PM

I had to go back to the original instructions (after getting rid of all previous Dumps files) because cmd could not find the path given in your latest instructions. I  hope this is the Dump file you need.

 

The zip file is too big to upload. Now what?



#10 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:05:41 PM

Posted 12 February 2017 - 02:14 PM

If it's too large upload it to Google Drive, OneDrive, etc.

:thumbup2:


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#11 renn

renn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 12 February 2017 - 02:24 PM

no


Edited by renn, 12 February 2017 - 03:36 PM.


#12 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:05:41 PM

Posted 12 February 2017 - 02:43 PM

Do you have IDrive - Sync installed on your machine, produced by Pro-Softnet Corporation?


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#13 renn

renn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 12 February 2017 - 03:47 PM

https://drive.google.com/file/d/0B6AERUEyimnHRDAwbU5kV1RIQlE/view?usp=sharing

 

Will you try this again, please.



#14 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:05:41 PM

Posted 12 February 2017 - 04:09 PM

Well, the dump reports you do:

0:000> lmvm IDSyncIntIcon

start    end        module name

70d00000 70dc6000   IDSyncIntIcon   (export symbols)       IDSyncIntIcon.dll

    Loaded symbol image file: IDSyncIntIcon.dll

    Image path: C:\Program Files\IDriveWindows\IDSyncIntIcon.dll

    Image name: IDSyncIntIcon.dll

    Timestamp:        Thu Aug 13 03:29:59 2015 (55CC4777)

    CheckSum:         000CE5F4

    ImageSize:        000C6000

    File version:     1.0.0.6

    Product version:  1.0.0.6

    File flags:       0 (Mask 3F)

    File OS:          4 Unknown Win32

    File type:        2.0 Dll

    File date:        00000000.00000000

    Translations:     0409.04e4

    CompanyName:      Pro-Softnet Corporation, U.S.A

    ProductName:      IDrive - Sync

    InternalName:     IDSyncIntIcon.dll

    OriginalFilename: IDSyncIntIcon.dll

    ProductVersion:   1.0.0.6

    FileVersion:      1.0.0.6

    FileDescription:  IDrive - Sync Icon Module

    LegalCopyright:   Copyright 2013

    Comments:         IDrive - Sync  Visual Indication(Sept 3 2014)

Please uninstall it and see whether if it helps.

 


If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#15 renn

renn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 12 February 2017 - 10:13 PM

Uninstalled IDrive and Autoruns has been running for over an hour without hanging. There has been quite a lot of app hangs of late. What does all this mean?

 

Thank you for sticking with me and figuring it out.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users