[Slime]

Hi guys,
I have a home built system that I put together a year ago.
Ever since then I have been getting totally random re-boots.
There is no pattern to this at all, nothing for a week or two then
it re-boots twice in ten minutes!!
I've mem-tested my Ram & temp checked my graphics card, no problems.
I have just downloaded WinDbg, version 6.11.1.404 but haven't a clue
how to use it!!
Have recently installed & run a programme called 'WhoCrashed' & it gave me the following report :

"On Thu 11/02/2010 14:15:33 your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000000A (0x0, 0x1C, 0x1, 0x80502CCC)
Error: Unknown
Dump file: I:\WINDOWS\Minidump\Mini021110-01.dmp
file path: I:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time".

Any clues out there.
I must also add that my PC re-boots completely, rather than just shutting down.
Also, the only time I get a BSOD is when it re-boots when I'm not using it i.e. overnight!
I NEVER get a BSOD during the day, how wierd is that?
Sorry to burden you guys with my grief, I just don't know what to do,
yours in anticipation,

Slime.

P.S. Sorry if this is in the wrong forum.

[Advertisements]

Welcome To Geeks To Go!

Happens to me too on my old desktop PC - very rarely mind you. When it does happen, I've been surfing the web each time. It has never happened whilst doing any other task as I can remember. As I type this, I remember it's been a month now since it last rebooted on it's own.

I just put it down to the age of the PC (getting on for 10 years now - a dinosaur in PC terms!) so I don't let it bother me because it occurs so infrequently to worry about. Life's too short.

[phillipcorcoran]

Welcome To Geeks To Go!

Happens to me too on my old desktop PC - very rarely mind you. When it does happen, I've been surfing the web each time. It has never happened whilst doing any other task as I can remember. As I type this, I remember it's been a month now since it last rebooted on it's own.

I just put it down to the age of the PC (getting on for 10 years now - a dinosaur in PC terms!) so I don't let it bother me because it occurs so infrequently to worry about. Life's too short.

[rshaffer61]

Hi guys. See if this will give you a little more info.

• Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
• Double-click VEW.exe
• Under 'Select log to query', select (as appropriate):
  
  • Application
  • System
• Under 'Select type to list', select (as appropriate):
  
  • Error
  • Information
  • Warning

Then use the 'Date of events' or 'Number of events' as follows:

Either:

• Click the radio button for 'Number of events'
  Type 3 in the 1 to 20 box (or any number from 1 to 20)
  Then click the Run button.
  Notepad will open with the output log.
  
  
• Click the radio button for 'Date of events'
  In the From: boxes type today's date (presuming the crash happened today) 13 07 2009
  In the To: boxes type today's date (presuming the crash happened today) 13 07 2009
  Then click the Run button.
  Notepad will open with the output log.

Please post the Output log in your next reply

[Slime]

Thanks for your help rshaffer61,
did as requested & went for the 'Number of Events' option.
I entered 20, foolishly, and so the log is rather long.
Apologies for that. Here it is :

Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/02/2010 17:37:09

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/02/2010 21:55:07
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket 1718487201.

Log: 'Application' Date/Time: 19/02/2010 21:55:04
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application firefox.exe, version 1.9.1.3685, faulting module xul.dll, version 1.9.1.3685, fault address 0x00081b8d.

Log: 'Application' Date/Time: 19/02/2010 02:29:05
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 80080005, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Log: 'Application' Date/Time: 13/02/2010 12:00:14
Type: error Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 13/02/2010 11:31:14
Type: error Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 13/02/2010 11:00:14
Type: error Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 13/02/2010 10:31:14
Type: error Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 13/02/2010 10:00:14
Type: error Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 13/02/2010 09:31:14
Type: error Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 13/02/2010 09:00:14
Type: error Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 20/01/2010 15:59:42
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1623347082.

Log: 'Application' Date/Time: 20/01/2010 15:59:38
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 20/01/2010 15:51:30
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1623347082.

Log: 'Application' Date/Time: 20/01/2010 15:51:26
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 20/01/2010 15:50:29
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1623347082.

Log: 'Application' Date/Time: 20/01/2010 15:50:26
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 20/01/2010 15:43:28
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 13/01/2010 19:53:07
Type: error Category: 0
Event: 1013 Source: MsiInstaller
Product: Adobe Reader 9.3 -- A process is running that cannot be shut down by Setup. Please either close all applications and run Setup again, or restart your computer and run Setup again.

Log: 'Application' Date/Time: 10/01/2010 13:29:49
Type: error Category: 0
Event: 1 Source: Picasa3
Picasa has crashed. A crash dump has been generated: I:\DOCUME~1\SIMONH~1\LOCALS~1\Temp\Picasa_100110-131546.dmp


Log: 'Application' Date/Time: 10/01/2010 13:15:26
Type: error Category: 0
Event: 1 Source: Picasa3
Picasa has crashed. A crash dump has been generated: I:\DOCUME~1\SIMONH~1\LOCALS~1\Temp\Picasa_100110-131315.dmp


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/02/2010 15:33:35
Type: information Category: 0
Event: 1000 Source: LoadPerf
Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service.

Log: 'Application' Date/Time: 22/02/2010 15:33:35
Type: information Category: 0
Event: 1001 Source: LoadPerf
Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.

Log: 'Application' Date/Time: 22/02/2010 15:30:34
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2010 15:30:08
Type: information Category: 0
Event: 0 Source: gupdate1c9ac0b8a333800
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2010 15:29:34
Type: information Category: 0
Event: 1 Source: avg8emc
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2010 15:29:33
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 22/02/2010 15:29:33
Type: information Category: 0
Event: 1 Source: sprtsvc_o2
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2010 15:29:32
Type: information Category: 0
Event: 0 Source: gupdate1c9ac0b8a333800
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2010 15:29:32
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2010 15:29:31
Type: information Category: 0
Event: 105 Source: ATI Smart
The service was started.

Log: 'Application' Date/Time: 22/02/2010 11:23:00
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2010 11:22:00
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2010 00:11:12
Type: information Category: 0
Event: 11707 Source: MsiInstaller
Product: Debugging Tools for Windows (x86) -- Installation completed successfully.

Log: 'Application' Date/Time: 22/02/2010 00:07:31
Type: information Category: 0
Event: 7 Source: crypt32
Successful auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>

Log: 'Application' Date/Time: 21/02/2010 22:04:10
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 21/02/2010 22:03:00
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 21/02/2010 14:37:00
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 21/02/2010 14:36:00
Type: information Category: 0
Event: 0 Source: gusvc
The event description cannot be found.

Log: 'Application' Date/Time: 21/02/2010 13:32:16
Type: information Category: 0
Event: 1000 Source: LoadPerf
Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service.

Log: 'Application' Date/Time: 21/02/2010 13:32:16
Type: information Category: 0
Event: 1001 Source: LoadPerf
Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/02/2010 14:28:58
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete' failed during request for component '{A6C8A50F-4808-43A4-A147-ACAA2598DE52}'

Log: 'Application' Date/Time: 04/02/2010 14:28:58
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete', component '{B2B6EDF3-22B8-47B3-8358-4D1976F0949D}' failed. The resource 'I:\Program Files\SUPERAntiSpyware\Quarantine\' does not exist.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/02/2010 23:27:57
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 23:27:48
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 23:22:42
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 23:22:33
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 23:08:45
Type: error Category: 0
Event: 10010 Source: DCOM
The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 19/02/2010 23:08:15
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 22:49:52
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 22:48:21
Type: error Category: 0
Event: 10010 Source: DCOM
The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 19/02/2010 22:47:51
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 22:45:07
Type: error Category: 0
Event: 10010 Source: DCOM
The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 19/02/2010 22:44:37
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 22:44:35
Type: error Category: 0
Event: 10010 Source: DCOM
The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 19/02/2010 22:44:05
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 22:44:03
Type: error Category: 0
Event: 10010 Source: DCOM
The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 19/02/2010 22:43:33
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 22:42:24
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 22:41:47
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 22:35:01
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 19/02/2010 22:34:55
Type: error Category: 0
Event: 10010 Source: DCOM
The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 19/02/2010 22:34:25
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Automatic Updates service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/02/2010 15:30:34
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Google Software Updater service entered the stopped state.

Log: 'System' Date/Time: 22/02/2010 15:30:10
Type: information Category: 0
Event: 16384 Source: BITS
The administrator NT AUTHORITY\SYSTEM canceled job "I:\WINDOWS\TEMP\GUR7.exe" on behalf of SIMON\Simon Hill. The job ID was {7ABBADB7-D1A9-4C86-9588-E3217219E356}.

Log: 'System' Date/Time: 22/02/2010 15:30:08
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdate1c9ac0b8a333800) service entered the stopped state.

Log: 'System' Date/Time: 22/02/2010 15:30:03
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The SASENUM service was successfully sent a start control.

Log: 'System' Date/Time: 22/02/2010 15:29:52
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 22/02/2010 15:29:48
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Remote Access Connection Manager service entered the running state.

Log: 'System' Date/Time: 22/02/2010 15:29:46
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Remote Access Connection Manager service was successfully sent a start control.

Log: 'System' Date/Time: 22/02/2010 15:29:46
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Telephony service entered the running state.

Log: 'System' Date/Time: 22/02/2010 15:29:46
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The SSDP Discovery Service service entered the running state.

Log: 'System' Date/Time: 22/02/2010 15:29:46
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The SSDP Discovery Service service was successfully sent a start control.

Log: 'System' Date/Time: 22/02/2010 15:29:46
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 22/02/2010 15:29:46
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 22/02/2010 15:29:37
Type: information Category: 0
Event: 4201 Source: Tcpip
The system detected that network adapter TG123g...Adapter - Packet Scheduler Miniport was connected to the network, and has initiated normal operation over the network adapter.

Log: 'System' Date/Time: 22/02/2010 15:29:36
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Computer Browser service entered the stopped state.

Log: 'System' Date/Time: 22/02/2010 15:29:35
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Application Layer Gateway Service service entered the running state.

Log: 'System' Date/Time: 22/02/2010 15:29:35
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Application Layer Gateway Service service was successfully sent a start control.

Log: 'System' Date/Time: 22/02/2010 15:29:34
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Background Intelligent Transfer Service service entered the running state.

Log: 'System' Date/Time: 22/02/2010 15:29:34
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Network Location Awareness (NLA) service entered the running state.

Log: 'System' Date/Time: 22/02/2010 15:29:34
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Network Location Awareness (NLA) service was successfully sent a start control.

Log: 'System' Date/Time: 22/02/2010 15:29:34
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Background Intelligent Transfer Service service was successfully sent a start control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/02/2010 12:35:25
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 22/02/2010 12:01:53
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 19/02/2010 23:28:06
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {B63F35ED-40EC-49BF-884C-5C8C982169DD} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: service:wuauserv;file:I:\WINDOWS\system32\wuauserv.dll Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 23:26:14
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {27F55E62-20D5-4D2B-B57E-CEA1E71F6AC5} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: ieabout:HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\DesktopItemNavigationFailure Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 23:22:49
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {BA78734F-55E6-4AE9-B71F-C2DC9C3DA9A9} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: service:wuauserv;file:I:\WINDOWS\system32\wuauserv.dll Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 21:57:16
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {89A78158-A975-440C-A70D-E8B3B93FF31D} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: service:JavaQuickStarterService;file:I:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 21:17:48
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {8285EE46-209B-46B9-8B25-0C9216881AB0} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 21:17:48
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {C667992B-19DB-4858-B7F9-D02D4B161E78} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 21:17:48
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {04E6A845-8F65-4303-8217-D0DAAD5B7A16} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 21:17:48
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {F4E176B1-2A9D-4D02-9053-440DCFBDA58E} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 19:14:26
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {F194B8B5-CB5C-48E1-8CE3-A0F92CA16AB6} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\O2;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\O2;file:I:\Program Files\O2\bin\sprtcmd.exe Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 19:05:32
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {43B59214-0DF4-49E0-8EAF-314E5378735E} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: file:I:\Program Files\Spamihilator\spamihilator.exe;file:I:\Documents and Settings\Simon Hill\Start Menu\Programs\StartUp\Spamihilator.lnk;startup:I:\Documents and Settings\Simon Hill\Start Menu\Programs\StartUp\Spamihilator.lnk Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 19:01:08
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {15A7FCE6-FDE8-44EB-B538-1541F8E446E7} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: driver:SASDIFSV;file:I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 18:40:24
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {37324908-2B5B-44B7-BA76-732007124C18} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: bho:HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 18:37:52
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {0ED2DCA3-5DC8-4187-AD5E-5A7FA700A91E} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: regkey:HKCU@S-1-5-21-1645522239-1644491937-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer;runkey:HKCU@S-1-5-21-1645522239-1644491937-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer;file:I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 18:37:50
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {D5443960-2728-4F01-A7D9-A4B909BE3479} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC;file:I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 18:37:49
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {94FAF12E-4787-47BE-97D4-B8E6257EF0C7} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Six Engine;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Six Engine;file:I:\Program Files\ASUS\Six Engine\SixEngine.exe Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 18:37:48
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {CC1D42AB-C3D8-4A19-BC7C-C5F4D4080B29} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: file:I:\Program Files\Microsoft Office\Office\OSA9.EXE;file:I:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Microsoft Office.lnk;startup:I:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Microsoft Office.lnk Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 18:37:48
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {CB6E1AB9-F423-45BA-BB8D-EC7245F96851} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\O2;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\O2;file:I:\Program Files\O2\bin\sprtcmd.exe Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 19/02/2010 18:37:48
Type: warning Category: 0
Event: 3004 Source: WinDefend
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft....k/?linkid=74409 Scan ID: {2E49EEBB-8C9B-4A9A-8174-2490E60F1A79} User: SIMON\Simon Hill Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ulead AutoDetector v2;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ulead AutoDetector v2;file:I:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe Alert Type: Unclassified software Detection Type:



Sorry this is a bit huge,
would you like me to run VEW again?

Regards,
Slime.

[rshaffer61]

Nope two things i noticed.
Firefox had a crash but only once on the 19th. Second your windefend is working a lot at what may be a infection. Before I say for sure you need to be checked out lets try some things.
Go to
Start and then to Run
Type in Chkdsk /r Note the space between k and /
Click Enter ...It will probably ask if you want to do this on the next reboot...click Y
If the window doesn't shutdown on its own then reboot the system manually. On reboot the system will start the chkdsk operation
This one will take longer then chkdsk /f

Note... there are 5 stages...
It may appear to hang at a certain percent for a hour or more or even back up and go over the same area...this is normal...
DO NOT SHUT YOUR COMPUTER DOWN WHILE CHKDSK IS RUNNING OR YOU CAN HAVE SEVERE PROBLEMS
This can take several hours to complete.
When completed it will boot the system back into windows.

Let me know if this fixes the problem








]

[rshaffer61]

After the above is finished and if there are errors found and repaired rerun the steps till there are no errors. If no errors corrected then do the next steps.

If you have more than one RAM module installed, try starting computer with one RAM stick at a time.

NOTE Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A

B. If you have only one RAM stick installed...
...run memtest...

1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86+-2.11.iso.zip file.
3. Inside, you'll find memtest86+-2.11.iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:



8. Locate memtest86+-2.11.iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:



10. Once the CD is created, boot from it, and memtest will automatically start to run. You may have to change the boot sequence in your BIOS to make it work right.

To change Boot Sequence in your BIOS
Reboot the system and at the first post screen (where it is counting up memory) start tapping the DEL button
This will enter you into the Bios\Cmos area.
Find the Advanced area and click Enter
Look for Boot Sequence or Boot Options and highlight that click Enter
Now highlight the first drive and follow the directions on the bottom of the screen on how to modify it and change it to CDrom.
Change the second drive to the C or Main Drive
Once that is done then click F10 to Save and Exit
You will prompted to enter Y to verify Save and Exit. Click Y and the system will now reboot with the new settings.


The running program will look something like this depending on the size and number of ram modules installed:




It's recommended to run 5-6 passes. Each pass contains very same 8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.



The following image is the test results area:



The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.

[Slime]

Hi,
am just about to re-boot as suggested, but, after I've re-booted & it's doing it's stuff, which you say may take several hours, what if iy re-boots itsself?
You say "DO NOT SHUT YOUR COMPUTER DOWN WHILE CHKDSK IS RUNNING OR YOU CAN HAVE SEVERE PROBLEMS". I won't, but IT might, I'll just take that chance I guess.
In your next post you suggest using one RAM stick at a time.
I have alredy done that. I swapped sticks & used them in different RAM slots & saw no difference at all.
I've also used MemTest 86+, a few weeks ago, results as follows :












Sorry about all this but I guess any information may be useful,
regards,
Slime.

[rshaffer61]

OK since you have done the manual test then no need for that. Was issue going on when you ran memtest as you stated above?
Also hopefully not being in windows will stop the reboot issue. If so then we know we''re dealing with a OS problem.
If it does we may be dealing with a PSU problem or overheating issue.

Edited by rshaffer61, 23 February 2010 - 11:53 AM.

[Slime]

Okay,
CHKDSK has been done, I think.
Just got back to my PC to see that it had re-booted to my Desktop.
Is this correct? After CHKDSK, does the machine re-boot?
If not, I've had another random event.
How do I find out if the CHKDSK has thrown up any issues?
I ran MemTest because of this problem. It was happening before testing, during testing & is still happening now.
Awaiting further instructions,
ever grateful,

Slime.

[rshaffer61]

One thing that was suggested to me from a higher power was to try and disable Spybot tea timer and see if that helps. It apparently has been known to cause this issue.
Let me know and if not then proceed to the steps below.

Chkdsk normally will restart the system on its own.

Please follow the next steps in order:

Click Start, then Run (Search In Vista)
Type cmd, and click Ok
At the prompt in the command window that opens, type fsutil dirty query ?: and press Enter (Where ? is the letter of the drive to queried)

Does the result of this indicate the drive is "Dirty"?

Edited by rshaffer61, 22 February 2010 - 03:40 PM.

[Slime]

Chkdsk normally will restart the system on its own.

Does the result of this indicate the drive is "Dirty"?

Nope.
It says :
Volume - ?: is NOT Dirty

I presume that's a good thing

Awaiting further instructions,
Slime.

[rshaffer61]

I modified my response and I didn't get it in time for you to see but this is what I added.

One thing that was suggested to me from a higher power was to try and disable Spybot tea timer and see if that helps. It apparently has been known to cause this issue

.

Edited by rshaffer61, 22 February 2010 - 03:40 PM.

[Slime]

I modified my response and I didn't get it in time for you to see but this is what I added.

One thing that was suggested to me from a higher power was to try and disable Spybot tea timer and see if that helps. It apparently has been known to cause this issue

.

Shall I uninstall Spybot S&D and see what happens over a period of time?
Excuse my ignorance, asking is the best way to learn, what exactly is Spybot Tea Timer?

Many thanks,

Slime.

[rshaffer61]

Just disable it and let the system run as normal. Also please do the below so we can find out if the restarts are actually a system problem.

BSOD in safe mode:
Right click MY COMPUTER and then PROPERTIES
Click ADVANCED and then click the SETTINGS button In the Startup And RECOVERY section
Uncheck AUTOMATICALLY RESTART. Click APPLY and OK.
Now reboot. This will result in the BSOD error being halted so you can now copy and reply with the STOP ERROR and any parameters.

Edited by rshaffer61, 22 February 2010 - 05:20 PM.

[Slime]

Just disable it and let the system run as normal. Also please do the below so we can find out if the restarts are actually a system problem.

BSOD in safe mode:
Right click MY COMPUTER and then PROPERTIES
Click ADVANCED and then click the SETTINGS button In the Startup And RECOVERY section
Uncheck AUTOMATICALLY RESTART. Click APPLY and OK.
Now reboot. This will result in the BSOD error being halted so you can now copy and reply with the STOP ERROR and any parameters.

'Tea Timer' is already disabled in Spybot (SDHelper is enabled).
'Automatically Restart' is already unchecked.

This sounds bad to me ,
in anticipation,

Slime.