Another BSOD event 1003 problem

[juskat]

Hi,
I've been impressed how you've helped others with the dreaded blue screen of death problem. I've had no real problems with my laptop since 2004 and I've used it a lot. However it has just started crashing a lot. I can always rely on getting a crash after a couple of minutes if I try to run a full virus check (AVG free) or allow the windows update that wants to happen to try to download. I've been all day trying to self-help but am now out of ideas. Here's what I've done.
- looked at event log and tried to get help on 1003, 3011 and 3012 errors
- run loctr /r to try to clean up performance monitoring
- run memtest, no probs
- pulled out the RAM and cleaned it
- run EVEREST, no probs (see part of report attached)
- set page size to 2 (zero not allowed), run defrag, reset page size to 1140Mb
- checked on the event causing the problem 000008e:IRQL_NOT_DISPATCH_LEVEL
A couple of minidumps are attached. I hope you can help.
Thanks in advance
Justin

 

[kimsland]

AVG faulted scanning file "update.exe"

Please search for this file (if it's part of Spyware Doctor, just un-install Spyware Doctor) but it may be a Trojan

Anyway remove (delete) update.exe should fix it (actually just find out where update.exe is residing first) By searching for it (include System and Hidden files too)

 

[juskat]

Thanks kimsland. I searched for update.exe and found no suspicious instances - lots of microsoft $hf_mig$\HP... and also in windows\software distribution. I have been killing the update.exe process when I see it running (I thought it's a genuine windows update wanting to happen) as I know it produces the bsod. I have disabled ms auto updates now and I haven't seen it again.

Unfortunately a new problem has emerged. the search took about 2 hours as the PC today has decided to run like a dog. Processes showing running are avgrsx, explorer and svchost. I even tried killing explorer but this didn't speed things up much. It seems like there's something running I can't see using up my cpu. Is this possible? The other possibility I have considered is overheating. But the fan seems to operate intermittently OK - everest reports a temp of between 36-39 deg. Does that sound normal?
Anyway I seem to have two problems now and any more help would be appreciated. Thanks.

 

[kimsland]

I'd put MSConfig back to Normal, and run Startup Control Panel instead
(MSConfig is good when you cannot download better alternatives (ie Offline) But you shouldn't leave it in Diagnostic Mode)

I'd also recommend uninstalling AVG (if you have the Free one) and trying an alternative, like Avira or Avast Free Antivirus.

lots of microsoft $hf_mig$\HP... and also in windows\software distribution

They are legitamit Windows files

everest reports a temp of between 36-39 deg. Does that sound normal?

Yes

I think it may be best to check out: New Preliminary Removal Instructions

 

[juskat]

Still not getting very far

Hi Kimsland. Thanks for your reply. I have got rid of AVG, installed avast. Tried a full scan but what with running at snail's pace and crashing to BSOD, not got very far. I've deleted about a gig of unwanted stuff, especially as it reckoned it found malaware in .pps files that haven't been touched for two years (doubtful?).

Full scan is running again now but ridiculously slowly - 2% of computer scanned in about an hour. Machine is disconnected from net: Luckily I'm able to communicate with you from another computer. I've run HijackThis but had to pause avast scan while doing - log attached. Also, taken a snap of task manager after restarting scan (MWSnap - fantastic tool!). I've got to get the machine running properly before I can progress. Does any of this help?
I'm running out of time now and thinking to cut losses and reinsatll windows or, even worse, take the machine to a shop!!!
Thanks for help so far, Justin

 

[kimsland]

Run CCleaner through it (it may speed things up too)

Also are all your computer's drivers up-to-date ?
Nothing stood out in HJT Log

 

[peterdiva]

Both crashes are caused by registry corruption. Try doing a system restore. Otherwise, reinstalling Windows will most likely solve the problem.

BugCheck 1000008E, {c0000005, 8056e2ea, ba06eb74, 0}
Probably caused by : ntoskrnl.exe ( nt!HvpGetCellMapped+5f ) <-- Hive corruption.

 

[juskat]

Hi kimsland
Have already run ccleaner, only really temporary internet files and stuff left. Deleted these anyway. I checked the drivers the other day when bsod first appeared and was offered a new bios driver for $30 as mine is the original one.
Other possible pointers.....
I notice in task manager that lsass.exe is busy doing i/o all the time - not using much cpu or ram though. I have checked it is the MS version5.1.2600.2180 13kB 4 Aug 04.

Also, the most recent thing I installed before the bsod's started was an msaccess application that included the dot net framework in the install; I'm going to remove this now, but it probably won't remove the .net stuff it brought with it.

Other reading on the net suggests very slow running indicates a hard drive about to go pop. I hope not as the PC is running too slow for me to back up properly. I've done a chkdsk - this ran quite quickly and only found a couple of indexing errors which I fixed.

No more ideas for the moment.....

 

[juskat]

Sorry PeterDiva, I've only just seen your reply, thanks. I will try a system restore next. I've never done one before but I'm ready to try anything. If I need to reinstall windows can I do it without wiping the hard drive as I'm not fully backed up (shame!)?

 

[kimsland]

Lsass.exe (Local Security Authority Subsystem Service)

Please complete all Windows Security updates http://windowsupdate.microsoft.com/

 

[juskat]

Hi Kimsland
I've given up on Microsoft updates after more than an hour of trying. Anyway I had the system set to take automatic windows updates up until the BSODs started and I switched them off. In fact, I think the original update.exe that AVG choked on was the genuine Microsoft one. I certainly haven't found any others on my system so far.
Trouble is that, after 3 days on this, I still don't know if I've got a virus, or hardware problem or somehow that a corrupt registry (which ccleaner can't find) is the cause. I haven't had a bsod all day today but the machine is too slow to use.

 

[Bobbye]

FYI:
Summary: LSASS is a Windows component shown in error messages, often due to a virus infection such as Sasser. Learn about LSASS, LSASS.EXE and how to stay safe:

http://ask-leo.com/what_are_lsass_l...know_if_im_infected_what_do_i_do_if_i_am.html