BSOD Windows XP
#196
Posted 26 November 2013 - 03:27 PM
#197
Posted 26 November 2013 - 03:55 PM
- Hit the start button then type Msconfig.
- Then under the start up tab disable/un-tick all items.Hit Apply
- Under the Services Tab put a tick next to the box that says Hide all microsoft services.
- Un-tick all that remain.Hit Apply and Ok your way out of there.
- Then reboot the machine,into normal mode and see how it responds from there.
- Let me know the outcome then I post with instructions that are most relevant to your situation.
- Note!! Your machine must not be left in this state this is for diagnostic purposes!!
Edited by rockmilk, 26 November 2013 - 03:55 PM.
#198
Posted 26 November 2013 - 03:57 PM
http://www.majorgeek...tool_(cat).html
Create a restore point on the machine.
http://support.microsoft.com/kb/948247
Now remove sp3.
http://support.microsoft.com/kb/950249
REboot the machine after.
Install fresh sp3 from the link below.
http://www.microsoft...ails.aspx?id=24
Then attempt to boot into normal mode.
Edit: Fixed Broken Link.
Edited by rockmilk, 26 November 2013 - 04:02 PM.
#199
Posted 26 November 2013 - 04:32 PM
#200
Posted 26 November 2013 - 10:22 PM
#201
Posted 26 November 2013 - 10:56 PM
After getting into windows safemode with networking. I was able to disable what Rockmilk told me to. My computers gets by post flashes to windows start then goes black screen and some HDD light for a bit then nothing. Beforehand it was going to chkdsk for me to bypass and hanging and being stuck. I'm going back to a earlier post to upload the BSOD like he asked. Also there is still the option of the recovery console as well fyi.It has been suggested that once everything is back into windows normally that maybe DriverMax may be part of the problem. At this point if we can get you back into Windows normally it may be worth trying to restore back before we started with DriverMax.
Edited by cmislin, 26 November 2013 - 11:01 PM.
#202
Posted 26 November 2013 - 11:06 PM
Could you upload all your minidump files.
http://h30434.www3.h...les/td-p/253475
Please download MINITOOLBOX and run it.
http://download.blee...MiniToolBox.exe
Checkmark following boxes:
Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)
Click Go and post the result.
Download Autoruns and Autorunsc
http://download.sysi...es/Autoruns.zip
Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.
When I zipped up the minidumps I also found my original ones zipped up added as well in case something gives a glimmer of help. The current ones are minidummpnew.zip and the old ones are mini102412-02.zip,
Here is MINITOOLBOX log
MiniToolBox by Farbar Version: 13-07-2013
Ran by cookie (administrator) on 26-11-2013 at 23:58:27
Running from "C:\Documents and Settings\cookie\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
TeamViewer VPN Adapter = TeamViewer VPN (Media disconnected)
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
# Interface IP Configuration for "TeamViewer VPN"
set address name="TeamViewer VPN" source=dhcp
set dns name="TeamViewer VPN" source=dhcp register=PRIMARY
set wins name="TeamViewer VPN" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : chris-8f370ab9f
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin-Mislin
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Belkin-Mislin
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 40-61-86-60-2F-E8
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
Lease Obtained. . . . . . . . . . : Tuesday, November 26, 2013 11:51:00 PM
Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM
Ethernet adapter TeamViewer VPN:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : TeamViewer VPN Adapter
Physical Address. . . . . . . . . : 00-FF-48-D6-C6-3D
Server: UnKnown
Address: 192.168.2.1
Name: google.com
Addresses: 74.125.225.130, 74.125.225.131, 74.125.225.132, 74.125.225.133
74.125.225.134, 74.125.225.135, 74.125.225.136, 74.125.225.137, 74.125.225.142
74.125.225.128, 74.125.225.129
Pinging google.com [74.125.225.132] with 32 bytes of data:
Reply from 74.125.225.132: bytes=32 time=29ms TTL=53
Reply from 74.125.225.132: bytes=32 time=46ms TTL=53
Ping statistics for 74.125.225.132:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 46ms, Average = 37ms
Server: UnKnown
Address: 192.168.2.1
Name: yahoo.com
Addresses: 206.190.36.45, 98.138.253.109, 98.139.183.24
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=73ms TTL=49
Reply from 98.139.183.24: bytes=32 time=75ms TTL=49
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 73ms, Maximum = 75ms, Average = 74ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...40 61 86 60 2f e8 ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
0x3 ...00 ff 48 d6 c6 3d ...... TeamViewer VPN Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.3 192.168.2.3 20
192.168.2.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.3 192.168.2.3 20
224.0.0.0 240.0.0.0 192.168.2.3 192.168.2.3 20
255.255.255.255 255.255.255.255 192.168.2.3 192.168.2.3 1
255.255.255.255 255.255.255.255 192.168.2.3 3 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (11/24/2013 00:11:19 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\COOKIE\MY DOCUMENTS\DOWNLOADS\FRST.EXE> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (11/05/2013 10:33:23 PM) (Source: Application Error) (User: )
Description: Fault bucket -1741641449.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (11/05/2013 10:33:20 PM) (Source: Application Error) (User: )
Description: Faulting application ventrilo.exe, version 3.0.8.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [ventrilo.exe!ws!]
Error: (11/02/2013 01:02:10 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\COOKIE\RECENT\SORT PICS.LNK> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (10/28/2013 08:32:54 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e16fa9d7-8f3f-4416-acca-e044239152a0.dmp
Error: (10/28/2013 08:32:54 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f8635cb0-bc13-4c38-8eb5-c380b0aff52d.dmp
Error: (10/26/2013 05:18:14 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller-2356.exe, version 1.0.3.159, faulting module uninstaller-2356.exe, version 1.0.3.159, fault address 0x0002dd8f.
Processing media-specific event for [uninstaller-2356.exe!ws!]
Error: (10/22/2013 10:55:49 PM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (10/11/2013 09:45:52 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\COOKIE\MY DOCUMENTS\DOWNLOADS\JRE-7U40-WINDOWS-I586.GZ> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (10/11/2013 01:28:00 PM) (Source: Application Error) (User: )
Description: Faulting application javara.exe, version 1.16.1.1763, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [javara.exe!ws!]
System errors:
=============
Error: (11/26/2013 11:52:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSDriver
AVGIDSShim
Avgldx86
Fips
intelppm
Error: (11/26/2013 11:51:29 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (11/26/2013 11:02:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (11/26/2013 10:58:25 PM) (Source: DCOM) (User: CHRIS-8F370AB9F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (11/26/2013 10:54:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (11/26/2013 10:54:37 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSDriver
AVGIDSShim
Avgldx86
Fips
intelppm
Error: (11/26/2013 10:54:37 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%31
Error: (11/25/2013 03:36:18 PM) (Source: System Error) (User: )
Description: Error code 00000050, parameter1 e3e4a01c, parameter2 00000000, parameter3 bf852ddb, parameter4 00000001.
Error: (11/25/2013 03:35:12 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 bf866016, parameter3 b69d2ae4, parameter4 00000000.
Error: (11/23/2013 11:45:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Microsoft Office Sessions:
=========================
Error: (11/24/2013 00:11:19 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\COOKIE\MY DOCUMENTS\DOWNLOADS\FRST.EXE
Error: (11/05/2013 10:33:23 PM) (Source: Application Error)(User: )
Description: -1741641449
Error: (11/05/2013 10:33:20 PM) (Source: Application Error)(User: )
Description: ventrilo.exe3.0.8.0ntdll.dll5.1.2600.6055000113c0
Error: (11/02/2013 01:02:10 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\COOKIE\RECENT\SORT PICS.LNK
Error: (10/28/2013 08:32:54 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e16fa9d7-8f3f-4416-acca-e044239152a0.dmp
Error: (10/28/2013 08:32:54 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f8635cb0-bc13-4c38-8eb5-c380b0aff52d.dmp
Error: (10/26/2013 05:18:14 AM) (Source: Application Error)(User: )
Description: uninstaller-2356.exe1.0.3.159uninstaller-2356.exe1.0.3.1590002dd8f
Error: (10/22/2013 10:55:49 PM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000
Error: (10/11/2013 09:45:52 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\COOKIE\MY DOCUMENTS\DOWNLOADS\JRE-7U40-WINDOWS-I586.GZ
Error: (10/11/2013 01:28:00 PM) (Source: Application Error)(User: )
Description: javara.exe1.16.1.1763ntdll.dll5.1.2600.60550000100b
=========================== Installed Programs ============================
µTorrent (Version: 3.3.0.29625)
µTorrent (Version: 3.3.2.30180)
7-Zip 9.20
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Ahead InCD
Ahead Nero Burning ROM
Ahead NeroVision Express
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
applicationupdater
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 13.0.3629)
AVG 2013 (Version: 2013.0.3426)
AVG SafeGuard toolbar (Version: 17.1.2.1)
Bonjour (Version: 3.0.0.10)
BurnInTest v7.1 Standard (Version: 7.1)
calibre (Version: 0.8.63)
CCleaner (Version: 4.07)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Data Lifeguard Diagnostic for Windows 1.24
Defraggler (Version: 2.16)
Diablo III
Dota 2
DriverMax 7 (Version: 7.22.0.143)
Dropbox (Version: 2.0.22)
DualCoreCenter
Duel of Champions
Dungeon Defenders
Google Chrome (Version: 31.0.1650.57)
Google Update Helper (Version: 1.3.21.165)
Guild Wars 2
Happy Cloud Client (Version: 1.374)
ImgBurn (Version: 2.5.8.0)
ImgBurn Packages
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
League of Legends (Version: 3.0.0)
Left 4 Dead 2
Live Update 5 (Version: 5.0.111)
Magicka
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Marvel Heroes
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft LifeChat (Version: 1.40.224.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
NirSoft BlueScreenView
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
Orb Runtime libraries (Version: 1.0.0)
Pando Media Booster (Version: 2.6.0.7)
PDF Settings (Version: 1.0)
Photo Viewer S2.5 (Version: 2.5)
Pidgin (Version: 2.10.7)
Poker Night at the Inventory
QuickTime (Version: 7.74.80.86)
RaidCall (Version: 7.2.6-1.0.8500.17)
Raptr
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.7037)
RIFT
RoxioNow Player (Version: 1.9.6.4)
SeaTools for Windows (Version: 1.2.0.6)
Skype™ 6.7 (Version: 6.7.102)
SOE Web Installer (Version: 1.0.3.171)
SpeedFan (remove only)
SpiderOak
Spiral Knights
Spotify (Version: 0.9.6.72.ge389c074)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 6.0.7.0)
Team Fortress 2
TeamSpeak 3 Client (Version: 3.0.13.1)
TeamViewer 8 (Version: 8.0.22298)
The Mighty Quest For Epic Loot version 1.220469 (Version: 1.220469)
Torchlight II
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.8)
VideoGenie (Version: 1.0.0.12)
VLC media player 2.1.1 (Version: 2.1.1)
WebFldrs XP (Version: 9.50.7523)
WhoCrashed 5.00
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
World of Warcraft (Version: 5.4.0.17371)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader App 3.00 (Version: 3.00)
========================= Devices: ================================
========================= Memory info: ===================================
Percentage of memory in use: 37%
Total physical RAM: 3327.17 MB
Available physical RAM: 2094.21 MB
Total Pagefile: 5215.75 MB
Available Pagefile: 3946.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.84 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:298.08 GB) (Free:56.57 GB) NTFS
2 Drive d: (Backup) (Fixed) (Total:298.08 GB) (Free:113.8 GB) NTFS
3 Drive e: (CHRISMISLIN) (Removable) (Total:27.85 GB) (Free:25.36 GB) FAT32
5 Drive h: (HP 4GIG) (Removable) (Total:3.77 GB) (Free:0.16 GB) FAT32
========================= Users: ========================================
User accounts for \\CHRIS-8F370AB9F
Administrator ASPNET cookie
Guest HelpAssistant SUPPORT_388945a0
**** End of log ****
Attached Files
#203
Posted 26 November 2013 - 11:07 PM
I'm going back to a earlier post to upload the BSOD like he asked.
Do you mean a restore point?
#204
Posted 26 November 2013 - 11:10 PM
I would like the autoruns log as well.
#205
Posted 26 November 2013 - 11:25 PM
I was basically catching up on the thread a few posts I didn't get to try what was there was what I referring to. I wasn't referring to a restore point.I'm going back to a earlier post to upload the BSOD like he asked.
Do you mean a restore point?
#206
Posted 26 November 2013 - 11:31 PM
******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: e3e4a01c, memory referenced. Arg2: 00000000, value 0 = read operation, 1 = write operation. Arg3: bf852ddb, If non-zero, the instruction address which referenced the bad memory address. Arg4: 00000001, (reserved) Debugging Details: ------------------ Could not read faulting driver name TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2 READ_ADDRESS: GetUlongFromAddress: unable to read from 80561f50 e3e4a01c FAULTING_IP: win32k!RFONTOBJ::vXlatGlyphArray+5a bf852ddb 8b470c mov eax,dword ptr [edi+0Ch] MM_INTERNAL_CODE: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x50 TRAP_FRAME: b23e2acc -- (.trap 0xffffffffb23e2acc) ErrCode = 00000000 eax=e4cc43e0 ebx=00000046 ecx=00000001 edx=00000000 esi=b23e2d18 edi=e3e4a010 eip=bf852ddb esp=b23e2b40 ebp=b23e2b60 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 win32k!RFONTOBJ::vXlatGlyphArray+0x5a: bf852ddb 8b470c mov eax,dword ptr [edi+0Ch] ds:0023:e3e4a01c=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 80520482 to 804f9fa3 STACK_TEXT: b23e2a4c 80520482 00000050 e3e4a01c 00000000 nt!KeBugCheckEx+0x1b b23e2ab4 8054475c 00000000 e3e4a01c 00000000 nt!MmAccessFault+0x9aa b23e2ab4 bf852ddb 00000000 e3e4a01c 00000000 nt!KiTrap0E+0xd0 b23e2b60 bf853351 e1ddd200 00000046 b23e2b88 win32k!RFONTOBJ::vXlatGlyphArray+0x5a b23e2cd8 bf853091 b23e2d1c 0000005f e1ddd200 win32k!RFONTOBJ::bGetWidthTable+0x67 b23e2d40 805417e8 4801211f 0000005f 02efbd60 win32k!NtGdiGetWidthTable+0x12a b23e2d40 7c90e514 4801211f 0000005f 02efbd60 nt!KiSystemServicePostCall WARNING: Frame IP not in any known module. Following frames may be wrong. 0012c000 00000000 00000000 00000000 00000000 0x7c90e514 STACK_COMMAND: kb FOLLOWUP_IP: win32k!RFONTOBJ::vXlatGlyphArray+5a bf852ddb 8b470c mov eax,dword ptr [edi+0Ch] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+5a FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 521ea476 FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a Followup: MachineOwner ---------
The last 5 are pretty much looking the same,and as I am seeing removing the service pack and re-installing may help since you do not have a disk and sfc /scannow is rarely effect on xp especially without a disk this is the closest thing to some sort of file repair you are going to get.
If my instructions fail then with the windows installer still enabled in safemode you could try and remove AVG and reboot into windows but I doubt that will help worth a shot though..
If the two above methods fail then If it were my machine I would attempt the earliest restore point that you have possible although that would make the malware removal you did null and void but I read the thread it was not really too much malware on the machine.
At this point attempt to remove sp3 and reboot into normal mode with sp2 if possible.
The older minidump files do point to the same type of issue so IMO this is an os that is in bad need of a repair I would wait to do the system restore as a last option I know the machine was booting but the .dmp files are basically the same here is one from
Last year..
******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: e42b401c, memory referenced. Arg2: 00000000, value 0 = read operation, 1 = write operation. Arg3: bf82ebd1, If non-zero, the instruction address which referenced the bad memory address. Arg4: 00000001, (reserved) Debugging Details: ------------------ Could not read faulting driver name TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2 READ_ADDRESS: GetUlongFromAddress: unable to read from 80561f50 e42b401c FAULTING_IP: win32k!RFONTOBJ::vXlatGlyphArray+5a bf82ebd1 8b470c mov eax,dword ptr [edi+0Ch] MM_INTERNAL_CODE: 1 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: chrome.exe LAST_CONTROL_TRANSFER: from bf83a81f to bf82ebd1 STACK_TEXT: b1717c08 bf83a81f b1717c30 00000001 b1717c24 win32k!RFONTOBJ::vXlatGlyphArray+0x5a b1717c28 bf955ef4 00000078 00000000 b1717d1c win32k!RFONTOBJ::hgXlat+0x19 b1717cc4 bf94cd05 e5626d08 00000078 00000000 win32k!GreGetGlyphOutlineInternal+0xa9 b1717d3c 805416cc fb011bfc 00000078 00000000 win32k!NtGdiGetGlyphOutline+0x85 b1717d3c 7c90e514 fb011bfc 00000078 00000000 nt!KiFastCallEntry+0xfc WARNING: Frame IP not in any known module. Following frames may be wrong. 0012943c 00000000 00000000 00000000 00000000 0x7c90e514 STACK_COMMAND: kb FOLLOWUP_IP: win32k!RFONTOBJ::vXlatGlyphArray+5a bf82ebd1 8b470c mov eax,dword ptr [edi+0Ch] SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+5a FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ff2f633 FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a Followup: MachineOwner ---------
#207
Posted 26 November 2013 - 11:34 PM
#208
Posted 26 November 2013 - 11:46 PM
I read over the thread and you did memtest with both modules installed I would not use memtest but run the machine with only one installed and see of there is any change,and swap one for the other upon completion of diagnostic time period.
If we are able to get the machine into normal mode without a system restore that would be nice if we have to use a system restore then we could work from there as well.
But we might need to enable verifier to flush out the culprit cause like I said all the dump files are pointing to the operating system or possible bad ram but more so the Os.
#209
Posted 27 November 2013 - 12:32 AM
#210
Posted 27 November 2013 - 12:40 AM
If not then perform a system restore to the earliest date possible then go back through the malware removal process.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users