[cmislin]

Its currently impossible to get the dump files. Since what I last posted I haven't been able to get into windows. I was asking if I should try the recovery console since now when windows starts to boot its always there as a option or should I goto safemode with networking and then reupload the mini dumps? Also that last one probably won't be there I've had BSOD after chkdsk was finished that ran before windows was booted and it didn't log them. Please let me know how you'd like me to handle this.

[Advertisements]

Perform a clean boot and see if you are able to boot into windows.

• Hit the start button then type Msconfig.
• Then under the start up tab disable/un-tick all items.Hit Apply
• Under the Services Tab put a tick next to the box that says Hide all microsoft services.
• Un-tick all that remain.Hit Apply and Ok your way out of there.
• Then reboot the machine,into normal mode and see how it responds from there.
• Let me know the outcome then I post with instructions that are most relevant to your situation.
• Note!! Your machine must not be left in this state this is for diagnostic purposes!!

Edited by rockmilk, 26 November 2013 - 03:55 PM.

[rockmilk]

Perform a clean boot and see if you are able to boot into windows.

• Hit the start button then type Msconfig.
• Then under the start up tab disable/un-tick all items.Hit Apply
• Under the Services Tab put a tick next to the box that says Hide all microsoft services.
• Un-tick all that remain.Hit Apply and Ok your way out of there.
• Then reboot the machine,into normal mode and see how it responds from there.
• Let me know the outcome then I post with instructions that are most relevant to your situation.
• Note!! Your machine must not be left in this state this is for diagnostic purposes!!

Edited by rockmilk, 26 November 2013 - 03:55 PM.

[rockmilk]

If that fails then Enable the windows installer in safemode with the cat tool.

http://www.majorgeek...tool_(cat).html

Create a restore point on the machine.
http://support.microsoft.com/kb/948247

Now remove sp3.
http://support.microsoft.com/kb/950249

REboot the machine after.

Install fresh sp3 from the link below.
http://www.microsoft...ails.aspx?id=24


Then attempt to boot into normal mode.




Edit: Fixed Broken Link.

Edited by rockmilk, 26 November 2013 - 04:02 PM.

[cmislin]

Well currently I'm waiting till it it out of chkdsk aka hdd light no longer activity and is done. I will boot to safemode and star what rockmilk stated. I know it won't boot up tried a atlest 6 times last night and a few times after it was off a few hours. I will post back later when I have more to say.

[rshaffer61]

It has been suggested that once everything is back into windows normally that maybe DriverMax may be part of the problem. At this point if we can get you back into Windows normally it may be worth trying to restore back before we started with DriverMax.

[cmislin]

It has been suggested that once everything is back into windows normally that maybe DriverMax may be part of the problem. At this point if we can get you back into Windows normally it may be worth trying to restore back before we started with DriverMax.

After getting into windows safemode with networking. I was able to disable what Rockmilk told me to. My computers gets by post flashes to windows start then goes black screen and some HDD light for a bit then nothing. Beforehand it was going to chkdsk for me to bypass and hanging and being stuck. I'm going back to a earlier post to upload the BSOD like he asked. Also there is still the option of the recovery console as well fyi.

Edited by cmislin, 26 November 2013 - 11:01 PM.

[cmislin]

Could you upload all your minidump files.
http://h30434.www3.h...les/td-p/253475

Please download MINITOOLBOX and run it.
http://download.blee...MiniToolBox.exe

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.





Download Autoruns and Autorunsc
http://download.sysi...es/Autoruns.zip
Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

When I zipped up the minidumps I also found my original ones zipped up added as well in case something gives a glimmer of help. The current ones are minidummpnew.zip and the old ones are mini102412-02.zip,

Here is MINITOOLBOX log



MiniToolBox by Farbar Version: 13-07-2013
Ran by cookie (administrator) on 26-11-2013 at 23:58:27
Running from "C:\Documents and Settings\cookie\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
TeamViewer VPN Adapter = TeamViewer VPN (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "TeamViewer VPN"

set address name="TeamViewer VPN" source=dhcp
set dns name="TeamViewer VPN" source=dhcp register=PRIMARY
set wins name="TeamViewer VPN" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : chris-8f370ab9f

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin-Mislin



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Belkin-Mislin

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 40-61-86-60-2F-E8

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Tuesday, November 26, 2013 11:51:00 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM



Ethernet adapter TeamViewer VPN:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : TeamViewer VPN Adapter

Physical Address. . . . . . . . . : 00-FF-48-D6-C6-3D

Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.225.130, 74.125.225.131, 74.125.225.132, 74.125.225.133
74.125.225.134, 74.125.225.135, 74.125.225.136, 74.125.225.137, 74.125.225.142
74.125.225.128, 74.125.225.129



Pinging google.com [74.125.225.132] with 32 bytes of data:



Reply from 74.125.225.132: bytes=32 time=29ms TTL=53

Reply from 74.125.225.132: bytes=32 time=46ms TTL=53



Ping statistics for 74.125.225.132:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 46ms, Average = 37ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=73ms TTL=49

Reply from 98.139.183.24: bytes=32 time=75ms TTL=49



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 73ms, Maximum = 75ms, Average = 74ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...40 61 86 60 2f e8 ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
0x3 ...00 ff 48 d6 c6 3d ...... TeamViewer VPN Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.3 192.168.2.3 20
192.168.2.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.3 192.168.2.3 20
224.0.0.0 240.0.0.0 192.168.2.3 192.168.2.3 20
255.255.255.255 255.255.255.255 192.168.2.3 192.168.2.3 1
255.255.255.255 255.255.255.255 192.168.2.3 3 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/24/2013 00:11:19 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\COOKIE\MY DOCUMENTS\DOWNLOADS\FRST.EXE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (11/05/2013 10:33:23 PM) (Source: Application Error) (User: )
Description: Fault bucket -1741641449.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (11/05/2013 10:33:20 PM) (Source: Application Error) (User: )
Description: Faulting application ventrilo.exe, version 3.0.8.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [ventrilo.exe!ws!]

Error: (11/02/2013 01:02:10 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\COOKIE\RECENT\SORT PICS.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/28/2013 08:32:54 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e16fa9d7-8f3f-4416-acca-e044239152a0.dmp

Error: (10/28/2013 08:32:54 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f8635cb0-bc13-4c38-8eb5-c380b0aff52d.dmp

Error: (10/26/2013 05:18:14 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller-2356.exe, version 1.0.3.159, faulting module uninstaller-2356.exe, version 1.0.3.159, fault address 0x0002dd8f.
Processing media-specific event for [uninstaller-2356.exe!ws!]

Error: (10/22/2013 10:55:49 PM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/11/2013 09:45:52 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\COOKIE\MY DOCUMENTS\DOWNLOADS\JRE-7U40-WINDOWS-I586.GZ> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/11/2013 01:28:00 PM) (Source: Application Error) (User: )
Description: Faulting application javara.exe, version 1.16.1.1763, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [javara.exe!ws!]


System errors:
=============
Error: (11/26/2013 11:52:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSDriver
AVGIDSShim
Avgldx86
Fips
intelppm

Error: (11/26/2013 11:51:29 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/26/2013 11:02:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/26/2013 10:58:25 PM) (Source: DCOM) (User: CHRIS-8F370AB9F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/26/2013 10:54:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/26/2013 10:54:37 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSDriver
AVGIDSShim
Avgldx86
Fips
intelppm

Error: (11/26/2013 10:54:37 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%31

Error: (11/25/2013 03:36:18 PM) (Source: System Error) (User: )
Description: Error code 00000050, parameter1 e3e4a01c, parameter2 00000000, parameter3 bf852ddb, parameter4 00000001.

Error: (11/25/2013 03:35:12 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 bf866016, parameter3 b69d2ae4, parameter4 00000000.

Error: (11/23/2013 11:45:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (11/24/2013 00:11:19 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\COOKIE\MY DOCUMENTS\DOWNLOADS\FRST.EXE

Error: (11/05/2013 10:33:23 PM) (Source: Application Error)(User: )
Description: -1741641449

Error: (11/05/2013 10:33:20 PM) (Source: Application Error)(User: )
Description: ventrilo.exe3.0.8.0ntdll.dll5.1.2600.6055000113c0

Error: (11/02/2013 01:02:10 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\COOKIE\RECENT\SORT PICS.LNK

Error: (10/28/2013 08:32:54 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e16fa9d7-8f3f-4416-acca-e044239152a0.dmp

Error: (10/28/2013 08:32:54 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f8635cb0-bc13-4c38-8eb5-c380b0aff52d.dmp

Error: (10/26/2013 05:18:14 AM) (Source: Application Error)(User: )
Description: uninstaller-2356.exe1.0.3.159uninstaller-2356.exe1.0.3.1590002dd8f

Error: (10/22/2013 10:55:49 PM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (10/11/2013 09:45:52 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\COOKIE\MY DOCUMENTS\DOWNLOADS\JRE-7U40-WINDOWS-I586.GZ

Error: (10/11/2013 01:28:00 PM) (Source: Application Error)(User: )
Description: javara.exe1.16.1.1763ntdll.dll5.1.2600.60550000100b


=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29625)
µTorrent (Version: 3.3.2.30180)
7-Zip 9.20
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Ahead InCD
Ahead Nero Burning ROM
Ahead NeroVision Express
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
applicationupdater
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 13.0.3629)
AVG 2013 (Version: 2013.0.3426)
AVG SafeGuard toolbar (Version: 17.1.2.1)
Bonjour (Version: 3.0.0.10)
BurnInTest v7.1 Standard (Version: 7.1)
calibre (Version: 0.8.63)
CCleaner (Version: 4.07)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Data Lifeguard Diagnostic for Windows 1.24
Defraggler (Version: 2.16)
Diablo III
Dota 2
DriverMax 7 (Version: 7.22.0.143)
Dropbox (Version: 2.0.22)
DualCoreCenter
Duel of Champions
Dungeon Defenders
Google Chrome (Version: 31.0.1650.57)
Google Update Helper (Version: 1.3.21.165)
Guild Wars 2
Happy Cloud Client (Version: 1.374)
ImgBurn (Version: 2.5.8.0)
ImgBurn Packages
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
League of Legends (Version: 3.0.0)
Left 4 Dead 2
Live Update 5 (Version: 5.0.111)
Magicka
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Marvel Heroes
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft LifeChat (Version: 1.40.224.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
NirSoft BlueScreenView
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
Orb Runtime libraries (Version: 1.0.0)
Pando Media Booster (Version: 2.6.0.7)
PDF Settings (Version: 1.0)
Photo Viewer S2.5 (Version: 2.5)
Pidgin (Version: 2.10.7)
Poker Night at the Inventory
QuickTime (Version: 7.74.80.86)
RaidCall (Version: 7.2.6-1.0.8500.17)
Raptr
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.7037)
RIFT
RoxioNow Player (Version: 1.9.6.4)
SeaTools for Windows (Version: 1.2.0.6)
Skype™ 6.7 (Version: 6.7.102)
SOE Web Installer (Version: 1.0.3.171)
SpeedFan (remove only)
SpiderOak
Spiral Knights
Spotify (Version: 0.9.6.72.ge389c074)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 6.0.7.0)
Team Fortress 2
TeamSpeak 3 Client (Version: 3.0.13.1)
TeamViewer 8 (Version: 8.0.22298)
The Mighty Quest For Epic Loot version 1.220469 (Version: 1.220469)
Torchlight II
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.8)
VideoGenie (Version: 1.0.0.12)
VLC media player 2.1.1 (Version: 2.1.1)
WebFldrs XP (Version: 9.50.7523)
WhoCrashed 5.00
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
World of Warcraft (Version: 5.4.0.17371)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader App 3.00 (Version: 3.00)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3327.17 MB
Available physical RAM: 2094.21 MB
Total Pagefile: 5215.75 MB
Available Pagefile: 3946.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.08 GB) (Free:56.57 GB) NTFS
2 Drive d: (Backup) (Fixed) (Total:298.08 GB) (Free:113.8 GB) NTFS
3 Drive e: (CHRISMISLIN) (Removable) (Total:27.85 GB) (Free:25.36 GB) FAT32
5 Drive h: (HP 4GIG) (Removable) (Total:3.77 GB) (Free:0.16 GB) FAT32

========================= Users: ========================================

User accounts for \\CHRIS-8F370AB9F

Administrator ASPNET cookie
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****

Attached Files

•  Minidumpnew.zip   65.31KB   176 downloads
•  Mini102412-02.zip   510.9KB   170 downloads

[rockmilk]

I'm going back to a earlier post to upload the BSOD like he asked.

Do you mean a restore point?

[rockmilk]

Ok let take a min to analyze the .dmp files.

I would like the autoruns log as well.

[cmislin]

I'm going back to a earlier post to upload the BSOD like he asked.

Do you mean a restore point?

I was basically catching up on the thread a few posts I didn't get to try what was there was what I referring to. I wasn't referring to a restore point.

[rockmilk]

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e3e4a01c, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf852ddb, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 00000001, (reserved)

Debugging Details:
------------------


Could not read faulting driver name
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

READ_ADDRESS: GetUlongFromAddress: unable to read from 80561f50
 e3e4a01c 

FAULTING_IP: 
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf852ddb 8b470c          mov     eax,dword ptr [edi+0Ch]

MM_INTERNAL_CODE:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x50

TRAP_FRAME:  b23e2acc -- (.trap 0xffffffffb23e2acc)
ErrCode = 00000000
eax=e4cc43e0 ebx=00000046 ecx=00000001 edx=00000000 esi=b23e2d18 edi=e3e4a010
eip=bf852ddb esp=b23e2b40 ebp=b23e2b60 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
win32k!RFONTOBJ::vXlatGlyphArray+0x5a:
bf852ddb 8b470c          mov     eax,dword ptr [edi+0Ch] ds:0023:e3e4a01c=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 80520482 to 804f9fa3

STACK_TEXT:  
b23e2a4c 80520482 00000050 e3e4a01c 00000000 nt!KeBugCheckEx+0x1b
b23e2ab4 8054475c 00000000 e3e4a01c 00000000 nt!MmAccessFault+0x9aa
b23e2ab4 bf852ddb 00000000 e3e4a01c 00000000 nt!KiTrap0E+0xd0
b23e2b60 bf853351 e1ddd200 00000046 b23e2b88 win32k!RFONTOBJ::vXlatGlyphArray+0x5a
b23e2cd8 bf853091 b23e2d1c 0000005f e1ddd200 win32k!RFONTOBJ::bGetWidthTable+0x67
b23e2d40 805417e8 4801211f 0000005f 02efbd60 win32k!NtGdiGetWidthTable+0x12a
b23e2d40 7c90e514 4801211f 0000005f 02efbd60 nt!KiSystemServicePostCall
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012c000 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf852ddb 8b470c          mov     eax,dword ptr [edi+0Ch]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  win32k!RFONTOBJ::vXlatGlyphArray+5a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  521ea476

FAILURE_BUCKET_ID:  0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a

BUCKET_ID:  0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a

Followup: MachineOwner
---------

The last 5 are pretty much looking the same,and as I am seeing removing the service pack and re-installing may help since you do not have a disk and sfc /scannow is rarely effect on xp especially without a disk this is the closest thing to some sort of file repair you are going to get.

If my instructions fail then with the windows installer still enabled in safemode you could try and remove AVG and reboot into windows but I doubt that will help worth a shot though..

If the two above methods fail then If it were my machine I would attempt the earliest restore point that you have possible although that would make the malware removal you did null and void but I read the thread it was not really too much malware on the machine.


At this point attempt to remove sp3 and reboot into normal mode with sp2 if possible.

The older minidump files do point to the same type of issue so IMO this is an os that is in bad need of a repair I would wait to do the system restore as a last option I know the machine was booting but the .dmp files are basically the same here is one from
Last year..

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e42b401c, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf82ebd1, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 00000001, (reserved)

Debugging Details:
------------------


Could not read faulting driver name
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

READ_ADDRESS: GetUlongFromAddress: unable to read from 80561f50
 e42b401c 

FAULTING_IP: 
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf82ebd1 8b470c          mov     eax,dword ptr [edi+0Ch]

MM_INTERNAL_CODE:  1

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  chrome.exe

LAST_CONTROL_TRANSFER:  from bf83a81f to bf82ebd1

STACK_TEXT:  
b1717c08 bf83a81f b1717c30 00000001 b1717c24 win32k!RFONTOBJ::vXlatGlyphArray+0x5a
b1717c28 bf955ef4 00000078 00000000 b1717d1c win32k!RFONTOBJ::hgXlat+0x19
b1717cc4 bf94cd05 e5626d08 00000078 00000000 win32k!GreGetGlyphOutlineInternal+0xa9
b1717d3c 805416cc fb011bfc 00000078 00000000 win32k!NtGdiGetGlyphOutline+0x85
b1717d3c 7c90e514 fb011bfc 00000078 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012943c 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf82ebd1 8b470c          mov     eax,dword ptr [edi+0Ch]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  win32k!RFONTOBJ::vXlatGlyphArray+5a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ff2f633

FAILURE_BUCKET_ID:  0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a

BUCKET_ID:  0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a

Followup: MachineOwner
---------

[cmislin]

Well one thing I will say is the 1st incident of BSOD happened while I was using chrome as my main browser. Then after that 1st gigantic thread I just stopped using chrome as a solution and had maybe 1 BSOD till now when I was fed up I couldn't use the browser of choice. So I went back to chrome and instant problem back. Let me read over your recommendation and figure it out what to try.

[rockmilk]

Ok then I am not expert when it comes to BSOD..........These are basically telling me that the OS is at fault I do know that much,I could see how using the internet and chrome could cause this perhaps an internet driver.

I read over the thread and you did memtest with both modules installed I would not use memtest but run the machine with only one installed and see of there is any change,and swap one for the other upon completion of diagnostic time period.

If we are able to get the machine into normal mode without a system restore that would be nice if we have to use a system restore then we could work from there as well.

But we might need to enable verifier to flush out the culprit cause like I said all the dump files are pointing to the operating system or possible bad ram but more so the Os.

[cmislin]

Well two different points for ram. I had the same ram in for 1st and 2nd thread of BSOD. If I recall 1st thread we tried the sticks of ram one at a time in each slot and such. Then 2nd BSOD thread (this one) did the same thing if I recall. Then part way threw this thread my friend sent me perfectly good ram so even under ram that worked find in my friends computer and is compatible to mine same issue. So almost sure its not a ram issue. Plus one of you tech mentioned earlier doing a CPU temp and fan check diagnostic type thing burn-in test thingy I did a few of those 1st thread haven't one done one this time around. I clean my computer almost every week. There is also extra fans and they are all working and cleaned also. I checked that earlier again after computer was off so I could check to make sure connections and nothing was rubbing anywhere that could cause a issue for hard drives.

[rockmilk]

Ok then all is pointing to the os can you attempt the removal of SP3 and see if you can boot into windows after?

If not then perform a system restore to the earliest date possible then go back through the malware removal process.