Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

missing or corrupt ntoskrnl.exe

Started by Denisejm , Jan 27 2015 10:07 AM

re-install windows xp pro x64

Please log in to reply

#31
RKinner

Posted 30 January 2015 - 01:24 PM

Malware Expert

Expert
24,625 posts

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute after you start it then as close to the freeze time as possible:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Also

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Double-click VEW.exe

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Check the MS catalog. https://catalog.upda.../site/home.aspx

I think they still have them there (search for XP) You need to use IE or it won't talk to you.

#32
Denisejm

Posted 30 January 2015 - 02:30 PM

Member

Topic Starter
Member
782 posts

This one was as close as possible to right before my pc froze:

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   99.22   0 K   24 K   0
procexp64.exe   0.78   17,788 K   29,468 K   4708   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Sysinternals
Interrupts   < 0.01   0 K   0 K   n/a   Hardware Interrupts and DPCs
WZQKPICK.EXE       2,080 K   4,764 K   1500   WinZip Executable   WinZip Computing, Inc.   (No signature was present in the subject) WinZip Computing, Inc.
wscntfy.exe       1,120 K   3,132 K   2192   Windows Security Center Notification App   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
wpabaln.exe       1,324 K   3,804 K   1156   Windows WPA Balloon Reminder   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
wmiprvse.exe       2,928 K   7,788 K   1288   WMI   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
winlogon.exe       10,120 K   6,772 K   356   Windows NT Logon Application   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
System       44 K   252 K   4
svchost.exe       21,888 K   31,440 K   736   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       1,544 K   3,940 K   616   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       2,112 K   5,108 K   684   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       6,268 K   6,812 K   784   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       3,124 K   6,952 K   832   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       1,128 K   3,208 K   1820   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
svchost.exe       2,816 K   4,768 K   2008   Generic Host Process for Win32 Services   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
SteelVineManager.exe       4,872 K   11,956 K   1520           (No signature was present in the subject)
SteelVine.exe       4,136 K   10,008 K   1720           (No signature was present in the subject)
spoolsv.exe       5,028 K   7,036 K   920   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
smss.exe       248 K   668 K   264   Windows NT Session Manager   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
services.exe       2,652 K   5,008 K   404   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
procexp.exe       4,796 K   7,300 K   6676   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
mscorsvw.exe       2,220 K   4,772 K   1772   .NET Runtime Optimization Service   Microsoft Corporation   (Verified) Microsoft Corporation
mscorsvw.exe       2,052 K   5,092 K   1792   .NET Runtime Optimization Service   Microsoft Corporation   (Verified) Microsoft Corporation
MOM.exe       41,524 K   6,104 K   1564   Catalyst Control Center: Monitoring program   Advanced Micro Devices Inc.   (No signature was present in the subject) Advanced Micro Devices Inc.
lsass.exe       5,144 K   1,704 K   416   LSA Shell   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
GSvr.exe       2,188 K   4,004 K   1856           (Verified) GIGABYTE UNITED INC.
firefox.exe       293,432 K   288,072 K   2628   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
explorer.exe       15,044 K   22,724 K   1348   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
csrss.exe       1,612 K   4,556 K   324   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher
CCC.exe       64,344 K   7,624 K   1660   Catalyst Control Centre: Host application   ATI Technologies Inc.   (No signature was present in the subject) ATI Technologies Inc.
ati2evxx.exe       2,876 K   5,148 K   596   ATI External Event Utility EXE Module   ATI Technologies Inc.   (Verified) Microsoft Windows Hardware Compatibility Publisher
ati2evxx.exe       3,548 K   6,236 K   1016   ATI External Event Utility EXE Module   ATI Technologies Inc.   (Verified) Microsoft Windows Hardware Compatibility Publisher
alg.exe       1,444 K   4,320 K   2068   Application Layer Gateway Service   Microsoft Corporation   (Verified) Microsoft Windows Component Publisher

I can't get a report immediately after, it doesn't capture the info but "Interrupts" goes up to about 23.

Edited by Denisejm, 30 January 2015 - 02:46 PM.

#33
RKinner

Posted 30 January 2015 - 02:39 PM

Malware Expert

Expert
24,625 posts

Nothing much in the process explorer log. No reason for it to act up unless the fact that it is not activated yet is causing it problems.

Still have hopes the event logs show something.

Are there any missing yellow marked drivers in the Device Manager?

Let's also look at speccy:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.

#34
Denisejm

Posted 30 January 2015 - 02:52 PM

Member

Topic Starter
Member
782 posts

Vino's Event Viewer v01c run on Windows 2003 in English
Report run at 30/01/2015 3:49:57 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#35
Denisejm

Posted 30 January 2015 - 02:52 PM

Member

Topic Starter
Member
782 posts

Vino's Event Viewer v01c run on Windows 2003 in English
Report run at 30/01/2015 3:51:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#36
Denisejm

Posted 30 January 2015 - 05:05 PM

Member

Topic Starter
Member
782 posts

I validated Windows but the pc still freezes.

Speccy .txt attached.

Attached Files

KINGKONG.txt 60.63KB 474 downloads

#37
RKinner

Posted 30 January 2015 - 05:15 PM

Malware Expert

Expert
24,625 posts

Have you tried a diagnostic boot? Go in to msconfig and check Diagnostic Startup then OK and reboot.

http://www.netsquirr...sconfig_xp.html

Does it still freeze then?

#38
Denisejm

Posted 30 January 2015 - 05:17 PM

Member

Topic Starter
Member
782 posts

As far as I know, the only problem I'm having is the audio. When I try to update the drivers, the message I receive is "Cannot install this hardware. The hardware was not installed because the wizard cannot find the necessary software." I probably got drivers with the speaker system but I haven't come across a disk yet.

Thanks very much for the link to the MS updates. :woot:

Edited by Denisejm, 30 January 2015 - 05:17 PM.

#39
RKinner

Posted 30 January 2015 - 05:44 PM

Malware Expert

Expert
24,625 posts

right click on the sub entry for Sound Video and Game Controller and select Properties then Details and then change the Properties to Hardware IDs and you should get something like:

PCI\VEN_10EC&DEV_8168&SUBSYS_2ABD103C&REV_06

Search for the equivalent of VEN_10EC and it should tell you who makes it. Search for VEN_10EC&DEV_8168 and you will find the driver. Or just tell me what it says and I will dig one up for you.

Did you try the diagnostic boot or has the freezing gone away?

#40
Denisejm

Posted 30 January 2015 - 08:39 PM

Member

Topic Starter
Member
782 posts

I got the sound driver and I have sound now, I'm very happy!

My pc still freezes. Before I turned my pc off last night, it wasn't freezing. I didn't install any programs or drivers after my last reboot so I can't figure out what's causing it. I went into Event Viewer to see if I'd get any info but I don't see anything. I'm attaching a screenshot, maybe you'll see something I don't.

I didn't do a diagnostic boot yet but I went into Services and msconfig and stopped some of the things that I don't need like Messenger, hotkeypoler, Help & Support, Auto Updates, and maybe a couple other things. There's nothing in my Startup folder. I've been at this all day and I'm really tired, there's nothing like a day with constant freezes, so I'm going to do the diagnostic boot tomorrow and I'll let you know how it went.

Attached Thumbnails

#41
RKinner

Posted 30 January 2015 - 08:58 PM

Malware Expert

Expert
24,625 posts

Make sure the clock is set correctly. Then make sure it syncs:

https://www.microsof...w.mspx?mfr=true

#42
Denisejm

Posted 31 January 2015 - 11:01 AM

Member

Topic Starter
Member
782 posts

I did a diagnostic boot, I synchronized my clock, and I tried Safe Mode and it still freezes.

I originally thought that DOS didn't ask me which version of Windows I want to use anymore but it does. I have only 1 instance of Windows in my pc.

In my c drive, I noticed this notepad entry:

Just before processing loop...
Type=60,Port=b2,BiosAddr=cfeeed90
Current=0.000000,Total=0.000000,MaxVid=1.325000,Rev=0x20

Into service control...
Stopping...
Exit main while loop!!

Could this be the problem?

Edited by Denisejm, 31 January 2015 - 11:08 AM.

#43
RKinner

Posted 31 January 2015 - 11:30 AM

Malware Expert

Expert
24,625 posts

Is this from c:\service.log?

I think that's gigabyte related judging from Google hits. Is constantly changing the time stamp on this log?

To get rid of the "what do you want to boot question" we need to edit the boot.ini file. Best you just right click on it and edit in notepad then copy and paste the text into a reply and let me look at it before you do anything.

http://support.microsoft.com/kb/289022

Try using process Explorer to see what is going on. If you have it set as before then when something hogs the CPU it should jump to the top of the list.

Another way to find what is going on is a program called Process Monitor. Unfortunately the logs are ridiculously big so you can't post them on the forum. But maybe you can see what is going on yourself:

download Process Monitor http://live.sysinter...com/Procmon.exe

Save it to your desktop then right click and Run As Admin.

Eventually it will run out of memory and crash unless you do File, then uncheck Capture Events.. Apparently something keeps trying to find something and Fails so try and find a pattern of Failures that repeat every 20 seconds or so.

#44
Denisejm

Posted 31 January 2015 - 12:54 PM

Member

Topic Starter
Member
782 posts

Yes, the file is c:\service.log. The "loop is what caught my eye. The Date Created was 1/30/15 at 11:17 PM and the Date Modified was 1/31/15 at 10:57 AM, but my pc started freezing yesterday morning.

When I went into msconfig but I couldn't get anything to open when I clicked on it. I searched for boot.ini with hidden and systems folders checked but the search found nothing. Do these screenshots mean anything to you?

Attached Thumbnails

Edited by Denisejm, 31 January 2015 - 01:04 PM.

#45
Denisejm

Posted 31 January 2015 - 01:01 PM

Member

Topic Starter
Member
782 posts

I found boot.ini :

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional x64 Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(4)partition(1)\WINDOWS="Windows XP Professional x64 Edition" /noexecute=optin /fastdetect