Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

For RKinner


  • Please log in to reply

#46
ramaflore

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Here you are the first ntbtlog with 3 reboots

KSods appeared during 1-2 sec before the Welcome screen at 22H56, 23H01 and 23h03

you will find tkdacxp.sys, this file is belong to nprotect mbr guard ;)

Attached Files


Edited by ramaflore, 24 August 2012 - 04:03 PM.

  • 0

Advertisements


#47
ramaflore

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
What 'System Idle Process' ? High CPU consumed ! More than 90%

Attached Thumbnails

  • System Idle Process.jpg

  • 0

#48
ramaflore

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Let me know when I can reinstall the previous programs that I uninstalled, thanks .
  • 0

#49
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

Should I uninstall HDD Regenerator also ? Shell.exe and CC32100MT.dll are files belong to HDD Regenerator


Yes.

What 'System Idle Process' ? High CPU consumed ! More than 90%


System Idle Process is supposed to be high. We want it as high as possible. It means the CPU is not busy doing other stuff.

you will find tkdacxp.sys, this file is belong to nprotect mbr guard


I thought we had uninstalled nprotect mbr guard. I hate programs that don't fully uninstall.

Copy the next line:

sc config TKDac start= disabled

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Now type:

sc  TKDac  stop

sc  TKDac  delete

Now reboot and see if it shows up in the ntbtlog


When you get this black screen what do you have to do to get it to go away?
  • 0

#50
ramaflore

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Hi Ron,

I've just uninstalled HDD Regenerator and nbr guard doesn't appear anymore.

Look at the attached files, ntbtlog txt file.

Pay attentiont to unload drivers :
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS (this one is not a problem, it's from HWinfo program)
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys

You said "
When you get this black screen what do you have to do to get it to go away? " Nothing

But black screen when closing an account is taking for now 3 sec. When switching accounts, it takes 3 seconds. When opening user or admin account, 1-2 sec. I noticed a light improve: less time black screen.

What about user32.dll and ntldll.com ? Do I need to replace it ?

Attached Files


Edited by ramaflore, 25 August 2012 - 10:48 AM.

  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin.

You should be able to find the drivers and uncheck them. Then reboot and see if anything changes.

Does this black screen go away on its own after a minute or two?

Ron
  • 0

#52
ramaflore

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Please check my drivers,thanks

All the drivers, sure ?

Attached Thumbnails

  • drivers.jpg

  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
First two are left over from Combofix. You can uncheck them..

The one in pink I'm not sure about. Submit it to Jotti or virustotal and see what they say.

The others are just obsolete or not used windows drivers. I have been told to leave them alone.

The drivers we were looking at may be called for in inf files if they are not in autoruns. I found one post where someone tracked them down to bad paths in an inf file. The Inf files are in c:\Windows\Inf. (The files with the PNF extensions are compiled versions of the inf files and can be ignored for now.)

There is another program we can try called Process Monitor. It has an option to record boot activity.

Download Process Monitor http://live.sysinter...com/Procmon.exe

Save it to your desktop. Run by right clicking and Run As Admin.

Under Options, Enable Boot Logging.

If I remember correctly when you reboot and then reopen Process Monitor it will present you with an option to save or do something with the boot record it has just made. If you look at the record it may show you what is taking so long. Perhaps with Errors or long delays between time stamps.

We are going back out on the boat again so will be off line for the next 4 hours or so.
  • 0

#54
ramaflore

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Too late, I disabled all drivers :

Results 1: no more Ksod before 'Welcome Screen' and when closing account, I have 'Please, wait..' and a black screen (for 1 sec) with a dash key on the left upper corner screen. I dont know if I need to consider as a black screen, let me know your opinion, please.

Then, I enable a few more drivers until I enabled all except those appeared on yellow in the previous screenshots My link and graphic cards:

Result 2: the same as before: no more Ksod before 'Welcome Screen' and when closing account, I have 'Please, wait..' and a black screen (for 1 sec) with a dash key on the left upper corner screen. I dont know if I need to consider as a black screen, let me know your opinion, please.

Culprits:

ialm Intel Graphics Kernel Mode Driver Intel Corporation c:\windows\system32\drivers\igdkmd32.sys
igfx Intel Graphics Kernel Mode Driver Intel Corporation c:\windows\system32\drivers\igdkmd32.sys


Questions:

1.Check the new update drivers on Autoruns and let me if I need to disable one or more drivers. (see attached file)

2.Which graphic version driver do I need ? Check the version on the second attached pic: this version is the last from Fujitsu Siemens site. Maybe I would need an older version...

3. What about the following drivers ? Do I need to install it ?

IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys
NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys
NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys

PS: I submitted flash.sys as you requested to Virustotal. Here you have the results My link This file is Safe.

I didn't understand what you said about in and inf files, maybe my bad english.

Thanks in advance !

Attached Thumbnails

  • DriversAutoruns.jpg
  • graphicdrivers.jpg

Edited by ramaflore, 25 August 2012 - 05:47 PM.

  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
We came back for a few minutes. Going back out right away. Sounds like you found the culprit. The latest driver for your PC should be

http://downloadcente...d=2301&lang=eng

There is also an Intel program to update your drivers:

http://www.intel.com.../support/detect
  • 0

Advertisements


#56
ramaflore

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I've just checked this version and I already installed on my laptop and this version couldn't fix my issue.

I think I need to turn towards older versions as I told you.

Could you please, give an answer to the questions from my previous message ?

See you on tomorrow, it's too late here.

Edited by ramaflore, 25 August 2012 - 05:45 PM.

  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Yours says it is: 7.14.10.1114 and is from 2006

The new one is: 7.14.10.1504 and is from 2008

So I would say that it did not install. Please try winvista_1583.exe again. http://downloadcente...d=2301&lang=eng Remember to right click and Run As Admin

1.Check the new update drivers on Autoruns and let me if I need to disable one or more drivers. (see attached file)


I don't think it matters. You can uncheck them if you want to.

2.Which graphic version driver do I need ? Check the version on the second attached pic: this version is the last from Fujitsu Siemens site. Maybe I would need an older version...


winvista_1583.exe from the link I gave you earlier: http://downloadcente...d=2301&lang=eng

3. What about the following drivers ? Do I need to install it ?

IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys
NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys
NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys


No, these are things no one uses any more. If you want to uncheck them in Autoruns I doubt that windows will notice.

PS: I submitted flash.sys as you requested to Virustotal. Here you have the results My link This file is Safe.


Safe yes. Necessary? I don't know.



I didn't understand what you said about in and inf files, maybe my bad english.


Since you seem to be on the right track now you do not need to understand inf files but I will tell you a little bit anyway.

If you look in C:\Windows\INF you will find a lot of files that have ".inf" as an extension. These files can be opened in notepad and are more or less in English. These are used by windows to install drivers among other things.

You may need to:

Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files and all extensions.
  • 0

#58
ramaflore

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Hi Ron,

About the latest graphic drivers (The new one is: 7.14.10.1504 and is from 2008), I've been installed for one year on my laptop,but this driver didn't fix my issue. I think you didn't understand what I told you before with my english.

If you do a google search with igdkmd32.sys, you will see a lot of users that I had Bsods, black screen with this driver. Something seems to be wrong.

About flash.sys, is this file belong to Flash player ? If not, I guess it belong to a video player.

Thanks for your details about inf files, I've just understood ;)
  • 0

#59
ramaflore

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
It was already like that, thanks anyway ;)


You may need to:

Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files and all extensions.


  • 0

#60
ramaflore

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I've just reinstalled the latest driver from Intel (v 7.14.10.1504) for you as I already knew the results.

The same occured here: KSODs + error message:

Signature du problème :
Nom d’événement de problème: BEX
Nom de l’application: igfxpers.exe
Version de l’application: 7.14.10.1504
Horodatage de l'application: 48596db2
Nom du module par défaut: igfxpers.exe
Version du module par défaut: 7.14.10.1504
Horodateur du module par défaut: 48596db2
Décalage de l’exception: 0001682e
Code de l’exception: c0000409
Données d’exception: 00000000
Version du système: 6.0.6002.2.2.0.256.6
Identificateur de paramètres régionaux: 1036
Information supplémentaire n° 1: d943
Information supplémentaire n° 2: fecc100d92b0c0569183ff43eaebe14f
Information supplémentaire n° 3: ea9c
Information supplémentaire n° 4: 05c6def901da078ee6d9e63d30070714

Edited by ramaflore, 26 August 2012 - 04:26 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP