Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

smb 1.XXX driver win 7 fails


  • Please log in to reply

#1
Paul432220

Paul432220

    Member

  • Member
  • PipPip
  • 78 posts

One of my friends asked me to look into some issues he has with his PC. His primary symptom was that he could not attach any file into an email any more as this generated a Windows

BSOD....he experienced this both in his Thunderbird email as in Gmail...

I start looking into this and i saw literally tons of events in the windows event logs, always the same message:

"smb 1.XXX driver win 7 fails to start "  (i translate this as the PC runs Win 7 32 bit Prof in Dutch language).

 

I also saw that at every boot, there is a pop up window saying " Execution of a windows host script failed". It is not clear to me if this is linked to the BSOD...i  tried various actions for this based

upon what i could find on the web but this message remains. If it is not linked to the BSOD, then it is clearly less important.

 

What have i done so far:

  • Installed all Win7 updates up to now
  • Did a Win 7 clean start but without any change to the blue screen
  • Started Win 7 in safe mode with networking (to get to Gmail to try it) but still a BSOD.
  • Ran a sfc /scannow command  but that did not  gave any errors
  • Ran the command "sc config srv start= demand" to try to repair the driver but no change in the behavior.
  • i have ran a Farbar scan and will attach the 2 files below.

Other than this, the PC runs fine but obviously not being able to attach a file is a hurdle and there is something clearly wrong.

Any other ideas what i could try out ?

thanks

Paul.

 

Attached Files


  • 0

Advertisements


#2
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Hi,

 

I am surprised this is now in the HW, components and peripherals....other than this problem, the computer runs fine.

i believe this is rather a WIN7 problem as the SMB 1. XXX driver is part of the base OS....

Best regards,


  • 0

#3
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 22,298 posts

Hello Paul432220,

 

The following in no way intended as any malware removal guidance but instead from a tech approach, couple of things that may explain your troubles, a security setting/conflict and being low on free storage space on the C: drive where Windows lives.

 
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

 

 

Create a new system restore point, uninstall CryptoPrevent, restart and test;
 
No uninstaller apparently so use the manual method: Control Panel > Programs > Uninstall a Program.
 
If the paid for version, please make a note of the licence key first for use in the event that you may wish to reinstall the software in the future.
 

Drive c: (Acer) (Fixed) (Total:133.95 GB) (Free:25.94 GB) NTFS

 

 

 

See canned info below;

 

For Windows to be able to run efficiently and to be able to update you need to have between 20 and 25% of the partition or drive available as free storage space at all times, if you don`t you risk Windows becoming corrupt or not being able to update which puts you at risk of malware attack.

 


  • 0

#4
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Hi Phill,

 

tx for your reply. I uninstalled CrytoPrevent as instructed and rebooted the system. Then i cleaned some stuff on the C partition and moved some data to the D partition.

After that i retried to attach a file to an email (Gmail), but my system still gives me a Windows blue screen. After rebooting, i checked the Win event log and the message on the SMB driver is

still there unfortunately....

Cheers, Paul.


  • 0

#5
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 22,298 posts

Hello Paul,

 

Odd that you only get the problem when trying to add attachments and tbh I`m not sure that the two issues are related, I could be wrong but problems with SMBus drivers normally cause BSOD as soon as the computer tries to boot.

 

Have you tried updating the chipset, SMBus and Network device drivers. 

 

Couple of things for you to do for us if you will;

 

Post any crash dmps and an AutoRuns log please;

 

1. Copy any dmp files from C:\Windows\Minidump onto the desktop.
2. Select all of them, right-click on one, and click on Send To> New Compressed (zipped) Folder.
3. Upload the zip folder using the Attach button, bottom left of the dialogue input box 
 

 

Post an Autoruns log for us, see here  

 

1: Extract the Autoruns Zip file contents to a folder.

2: Double-click the "Autoruns.exe".

3: Click on the "Hide Signed Microsoft and Windows Entries” option.

4: Go to File then to Export As or Save in some versions.

5: Save AutoRuns.txt file to known location like your Desktop > when you click on File > Save you will then get the option to Save as type, click the drop down tab, change it to Text and then click the Save button.

6: Attach to your next reply.

 

Tutorial here


  • 0

#6
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Hi Phill,

 

This has taken a bit more time as i expected. Last Friday, i did put the requested files onto a usb key (as the PC with the problem is not hooked onto the web), however, when importing it on my laptop, my AVG antivirus immediately moved the files into quarantine.... it appeared that they were infected with the JENXCUS virus.  Since then i have ran:

  • Dr.Web® Antivirus LiveCD.
  • AVG
  • Malwarebytes: this one found about 375 files and registry keys that were infected.

Strangly enough, the PC is protected with NAV but that did indicated anything and in fact, i cannot even start it anymore so i assume it has been deactivated by this virus...

 

Anyway, the PC looks clean now and i can also import the files without any problem on my laptop on which i have AVG, MS Defender and Malware Premium so things look ok now.

I just retried to attach a file to an email but this still makes Win 7 dump so this issue is still present...

 

Regards, Paul.

 


  • 0

#7
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Hi Phill,

 

Any other ideas i could try out to get out of this BSOD problem...?

tx,

 

Paul


  • 0

#8
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 22,298 posts

Apologies Paul, missed your reply as it had been sent to the spam folder for some reason  :unsure:

 

Strangly enough, the PC is protected with NAV but that did indicated anything and in fact, i cannot even start it anymore so i assume it has been deactivated by this virus...

 

 

Anyway, the PC looks clean now and i can also import the files without any problem on my laptop on which i have AVG, MS Defender and Malware Premium so things look ok now.

 

 

I also noticed traces of McAfee btw.

 

Having more than one AV installed on your computer is bad, it will slow down the computer, cause conflicts and internet connection problems and leave you with no AV protection at all if they cancel each other out as they fight for resources.

 

If any AV product that you have is a paid for version you should always make sure that you have a copy of the product key kept somewhere safe just in case you ever wish to reinstall it, regarding MBAM Premium if the paid for and not the free 14 day trial version, you need to uninstall AVG, Norton and McAfee asap and have MBAM Premium protect the computer, if MBAM is the trial version but still within the 14 day trial period you can still do this while we troubleshoot but another full AV program must be installed once the issue is resolved/the trial period has expired.

 

How to uninstall AVG here

 

Malwarebytes Cleanup Utility here

 

McAfee product removal tool  (MCPR) here

 

Norton uninstall info here

 

Do the above, restart the computer, test then post back with an update for us.


  • 0

#9
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Hi Phill,

I uninstalled Mcafee (this is probably a preload part that was on the PC when it was bought as it never really ran on the system). I also uninstalled AVG. The PC ran with NAV but it didn't start up any more (most probably because of the virus). So i used Norton's removal tool that also reinstalls NAV when the uninstall was finished. I scanned the whole drive and it did not found any issues.

 

Malwarebytes is on trial (6 days left) and helped me last week to isolate the infected files. I also rescanned the PC with Malwarebytes and it did not find anything either.

Retried attaching a file to an email and Win 7 again crashed, i attach a new dump here below.

 

I am puzzled why this i still the case and message in the Win event log is still the one which used to open this post.

Best regards,

 

Paul

 

 


  • 0

#10
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 22,298 posts

Hello Paul,

 

You cannot have two AVs on a computer and for the reasons explained in my reply #8, it does not matter whether or not Norton is running or not.

 

No dmp attached I`m afraid.

 

Download then run Speccy (free) and post the resultant url for us, details here, this will provide us with information about your computer hardware + any software that you have installed that may explain the present issue/s. 

 

To publish a Speccy profile to the Web:

  1. In Speccy, click File, and then click Publish Snapshot.
  2. In the Publish Snapshot dialog box, click Yes to enable Speccy to proceed.
  3. Speccy publishes the profile and displays a second Publish Snapshot. You can open the URL in your default browser, copy it to the clipboard, or close the dialog box.

  • 0

Advertisements


#11
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Dump file attached now, will report back on your today's comment a bit later today.

Attached Files


  • 0

#12
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Hi Phil, 

 

As requested, speccy URL  below . I also uninstalled Malwarebytes since it was only a trial version and the trial ends in 5 days.

As part of the previous post, i made Norton AV run again so like you said, there is now only 1 AV running.

 

http://speccy.pirifo...jplDGDuEeqM7bJE

 

Best regards, Paul.


  • 0

#13
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

In closing down the different windows on the PC, i had another Windows Blue screen, i attach the dump here as well,

Regards, PaulAttached File  091018-38423-01.zip   27.49KB   5 downloads


  • 0

#14
Paul432220

Paul432220

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Hi Phill,

Have you been able to find the dumps and the link to the speccy profile ?

Regards, Paul


  • 0

#15
phillpower2

phillpower2

    Mechanised Mod

  • Moderator
  • 22,298 posts

Dump file attached now, will report back on your today's comment a bit later today.

 

The Windows crash was caused by the ksecdd.sys driver which is related to the Microsoft kernel security support provider interface ** after cross referencing with Speccy I noticed that Windows was installed on 21/11/2016 and had not been updated from 22/11/2016 up until 25/08/2018, there are numerous updates missing (many of them security related) which puts the computer at risk of malware infection and Windows becoming corrupt.

 

** Such a problem is normally corrected by way of a Windows update.

 

Can you ask your friend if the Windows 7 software on this computer is legitimate.

 

Will look at the other crash dmp and update this reply by way of an edit.

 

 

Edit to add:  Speccy was involved in the last crash and the conflict was with IMAGE_NAME:  SYMEVENT.SYS which is related to Norton AV.

 

I also uninstalled Malwarebytes since it was only a trial version and the trial ends in 5 days.

 

 

Malwarebytes is still shown to be installed on the computer in the latest crash dmp.

 

We need to wait on your next update for now but please be aware that we will be unable to assist further until we see a fully up to date Windows OS and if needs be check the legitimacy of the product key that is in use on the computer.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP