Random BSOD and CD won't read data

Well, the reboot went OK,and there are no errors or warnings in any of the event viewer logs. However, the CD drive is still not recognizing data CD's or DVD's. However, it will successfully boot from a bootable CD. It also plays music CD's OK. And malwarebytes still BSOD's before completion when run in normal Windows. Right now, my money is on an incompatible driver somewhere. Do you agree, and if so do you have any suggestions on what to try next? Have we finally stomped out all of the malware on this machine?

Please uninstall Zone Alarm
If this is all it is I'll kick myself

Well, no need to kick yourself - that didn't work either But it really was an intriguing suggestion. I never would have thought of that. I uninstalled ZA, rebooted, and got the same old same old. The drive icon is there, it plays music CD's but is unresponsive to data and DVD's. So I reinstalled ZA. It's one program I really don't like to be without since I'm connected to broadband 24/7. At least it has not BSOD'ed on me at all today.

Oh well

Please check C:\Windows\Minidump folder, for any recent Minidumps to attach
I've no idea why this wasn't done ages ago

C:\Windows\Minidump is empty.

I believe at some point I turned that feature off because it was taking up so much time every time I had a crash, and I didn't know what to make of the reports anyway. Now I can't remember how to turn it back on.

Start->Run-> sysdm.cpl
Advanced Tab
Error Reporting button
Enable Error Reporting
Tick
Tick

Apply
ok
ok
You may need to restart
And wait for a BSOD one day (sometime) :wave:

Minidump[

Oh that's not hard at all I can make it BSOD anytime I want - just running malwarebytes does it every time. I just tried it and sure enough, less than a minute in I got:

PFN_LIST_CORRUPT
STOP: 0x0000004E (0x00000007,0x0002691D,0x00000001,0x00000000)

Much to my surprise, C:\Minidump was still empty. I thought it was because I hadn't rebooted after changing the settings. So reboot, run MB, and same thing! Turns out I also had "Write debugging information" turned off in System Properties -> Advanced -> Startup and Recovery. So I changed that to "Small memory dump (64 KB)" and ran MB for the third time. Sure enough, before too long I was rewarded with:

PFN_LIST_CORRUPT
STOP: 0x0000004E (0x00000007,0x000293CD,0x00000001,0x00000000)

Minidump file is attached (finally)

Can you make anything of this?

PS - while waiting for your reply, I decided to run a 3d Mark 2005 benchmark just to give the machine something to do. It ran fine until the 8th test, which I believe is video, then did:

MEMORY_MANAGEMENT
STOP: 0x0000001A (0x00041284,0x08E17001,0x000040CA,0xC05030000)

More weirdness: on reboot, I got a popup titled "Avira AnitVir Personal - Free Antivirus" that said "Unable to load plugin 'Update' Error: LoadLibrary() failed."

What do you make of this?

Read: All about Minidumps and attaching them

Hmmm, well it appears that I'd already done a lot of this stuff before I even got here. I read a lot in the post "Before you post your minidumps, please read this" about over-temp as a cause for BSOD's. But I can run this machine all day without getting one, or I can get one instantly by running malwarebytes. I even added an external muffin fan blowing across the case. The computer is now running cooler than it ever was before it started acting up. I ran Microsoft's windiag memory diagnostics twice, six passes each time and got zero errors. I already did extensive scans of the disk using both scandisk and the Hitachi/IBM low-level diagnostics and found nothing.

At this point I believe that if nothing else, Occam's Razor is telling me that this is a software problem, not hardware. Can you please be more specific - are you saying I'm on my own as far as interpreting the minidumps goes? DId I do something wrong with the way I posted the minidump in my last message? I'm willing to go through the learning curve involved if I have to. I'm just not quite sure what to make of all this. Thanks.

It would be far easier just to attach the Minidump, using the paperclip icon, on the toolbar of a new reply, it looks like this ->

Presently, you have not "attached" anything

Oops

Uh oh - did I forget to attach it? It's possible. I've been known to do strange things at 2 AM. My bad. Anyway, here is (I hope) what I thought I had attached last night. In the meantime, I am downloading the Windows Debugging Tools from Microsoft.

[...time passes...]

Follow-up: OK, I have installed the Debugging Tools and looked at the three minidumps I've gotten since yesterday. The first one was while I was running mbam and the debugger claims that the crash was "probably caused by mbamswissarmy.sys". This gives me some measure of confidence that it knows what it's talking about. However, crash no. 2, which happened while running 3D Mark and crash no. 3, which happened while installing the debugger, both had probable causes as "memory_corruption"

Clicking on the "analyze -v" option give me the further advice that this is "typically caused by drivers passing bad memory descriptor lists (ie. calling MmUnlockPages twice with the same list, etc)" So we're back to suspecting some criver, yes? But ***which one***?

Please uninstall Malwarebytes

Done :grinthumb

You may want to check for Viruses\]Malware too (which means download the newest version of Malwarebytes and look here: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions)


Edit:

I'd say update all your drivers

By the way how did removing Malwarebytes go? Did it resolve it?
Otherwise the 8-Step process would be wise

At your suggestion, I uninstalled Malwarebytes though I'm not sure how that would help, but you're the boss. I then tried the CD again - still doesn't work. Then I tried running PCMark05 again. This time it ran to completion. It did not BSOD. Then I re-downloaded Malwarebytes and installed it. In the middle of the install, I got a MEMORY_MANAGEMENT stop. Minidump is attached (hopefully). Note that this crash was before MB started doing a scan - it happened while it was installing its updates and before it brought up its main screen.

So to recap so far:

1. MB runs OK in Safe Mode.
2. MB crashes in normal mode.
3. PCMark crashes when MB is installed.
4. PCMark runs OK when MB is not installed.
5. The CD drive is still not working.
6. I already reinstalled both the audio and video drivers directly from the Alienware website. However, note that those are now 5 years old and Alienware never updated them. They predate SP3.

I am leaning towards a bad driver as the cause of the BSOD problem.
I have no clue as to the cause of the CD problem.

I'm not felling too well tonight. This will be my last post til tomorrow.

I'm leaning towards Malware infection

Might be best to run the above in Safe Mode with Networking

By the way if you have AVG or Norton or McAfee or some other high intense Antivirus. Remove it fully, I'll supply removal tools too, if you need them

Install Avira free Antivirus instead

Hmm, we've already been through this - twice. See posts no. 2, 3, and 16-20. The only anti-virus this machine ever had on it was AVG However, I do not discount the possibility of some remaining malware lurking somewhere.

Anyway, here's how today started:

The machine had been idling in normal mode overnight without BSOD'ing. I rebooted in Safe Mode to install Malwarebytes. Running the installer gave me a popup error "vbAccelerator SGrid II Control, Runtime error '0'" while it was installing its files. Clicking OK on that got me a new popup "Runtime error '440': Automation error. I clicked OK that that one and the installer finished.

Then I got an error "Update failed. Make sure you are connected to the Internet and your firewall is set to allow Malwarebytes' Anti-Malware to access the Internet". But I am already running Safe Mode with networking. To check this, I started up Firefox and it had no trouble accessing sites on the net.

So I uninstalled the apparently non-working copy of MB, downloaded it again and installed it again. And got the same message: "Update failed ..." But when I clicked OK to that, this time the main MB screen appeared. So I started doing a Full Scan. It ran to completion and found nothing. Log attached. ??

Well while I'm waiting to hear from you, just for laughs I ran another Avira scan in Safe Mode. And it turned up this!

"[DETECTION] Contains recognition of the W95/Blumblebee.1738 Windows virus"

(log attached) What do you think? False alarm or malware? Anyway, I moved it to quarantine.

Uninstall Malwarebytes
Run CCleaner (by the way this program just updated, so download and install over itself)

Download Malwarebytes again. But once downloaded rename it to MBAM, then set it up
Then update it, and run a full scan

OK, MB uninstalled. Downloaded & ran latest ccleaner. Removed 97.2 MB on the first pass, 8K on the second, and 0 on the 3rd through 6th passes. Downloaded latest Malwarebytes and renamed the file from mbam-setup.exe to mbam.exe Ran this file. Got the welcome screen with "check for updates" and "run". Left both checked. Got the same "Update failed error". Clicked OK, got the MB main screen. Exited MB. Went to the MB directory in Program Files and renamed mbam.exe there to mbam1.exe and ran that. DId a check for updates - same error. Started a full scan without having any updates. That's running now. OK, the scan finished - nothing was found.

Anomaly: Here's something curious I just noticed: in Safe mode, the CD icon in My Computer is called simply "CD Drive(D)". In normal mode, this is labeled "DVD/CD-RW drive (D)". What's up with that?

Special case where after installing MBAM and SAS they will not update or run
Read here: http://www.techspot.com/vb/topic116603.html

Failing that, try here: http://www.techspot.com/vb/post684649-3.html

Regarding CD drive label, not interested

Thanks for the links. Unfortunately, I think I caught whatever virus my PC has. I don't feel so good - I'm heading off to bed. I'm going to have to leave this til tomorrow. I leave you with one new piece of information:

I let the system run in normal mode, just idling (but with Avira loaded) for two hours while I watched TV downstairs. When I came back, I had a popup from Avira: "C:\System Volume Information\_restore\A013005.dll Contains recognition pattern of the W95/Blumblebee.1738 Windows virus" This is the thrid time I've gotten a warning about this (see post no. 35 above). In that post, I stated I had moved it to quarantine. Now it appears somewhere new. The suggestion from Avira this time is to "Deny Access" so that's what I selected.

Do you know anything about this "Blumblebee"? Avira didn't have it in its index and I couldn't find out much about it on the web. Some people say its a false alarm, others say it only affects Windows 95 machines (which doesn't seem right since XP can run 95 programs). Later...

Wait wait - now here's something really weird. I tried to open the folder C"\System Volume Information and got an access denied. This is even though I had Show Hidden Folders set and Allow access to protected files set. I finally resorted to using the cacls command in a DOS window to allow access. The DOS dir command shows no files there Doing a Properties on the folder icon shows it contains 10.3 G in 12,220 files and 337 folders. Double clicking the icon does nothing.

Clear & Reset System Restore's Cache

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK