TechSpot

Recent BSOD Problem

By gameb0i83
May 12, 2009
  1. I've recently been receiving these random BSOD erros on Windows Vista 64 bit:

    Problem signature
    Problem Event Name: BlueScreen
    OS Version: 6.0.6001.2.1.0.768.3
    Locale ID: 1033

    Files that help describe the problem (some files may no longer be available)
    Mini051009-02.dmp
    sysdata.xml
    Version.txt

    View a temporary copy of these files
    Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

    Extra information about the problem
    BCCode: 1a
    BCP1: 0000000000041284
    BCP2: FFFFF88008737001
    BCP3: 0000000000009FA1
    BCP4: FFFFF78000001000
    OS Version: 6_0_6001
    Service Pack: 1_0
    Product: 768_1
    Server information: fb2523e8-6af4-4c55-9e37-3ff6431ba11f

    I cannot post the dump files because when I try, I get an error message stating that I do not have permission. I only have one account on my system so I don't know why that's popping up.

    Any help you can give me will be greatly appreaciated.

    Thanks in advance!
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. gameb0i83

    gameb0i83 TS Rookie Topic Starter

    This is really weird...I know how to post an attatchment but when I do, I get an error message saying I don't have permission. I've also tried to open them with notepad on my own and it still says I don't have permission. I have only one account on this computer and that's me the Administrator so I don't know it's giving me this message. Any ideas?

    Thanks in advance!
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Minidumps cannot be opened with Notepad
    You need to attach the DMP file (you do not even need to zip it up)
     
  5. gameb0i83

    gameb0i83 TS Rookie Topic Starter

    I understand completely what you're saying. I know how to attatch a file to a post. My problem is that when I try to attatch it (as in find the the Windows/minidump folder and double click the the file to attatch it to my post), I get the above mentioned error message. Again, I'm really confused as to why this would happen because I only have my Administator account on my computer.

    I was just trying out notepad to see if it would open with that, but it didn't work either.

    Any idea why this would happen on an Administrator's account?
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    It could be the default permissions are corrupt
    Or Virus Malware problem

    By the way what AntiVirus do you use?
    And what is your Windows version exactly? Windows XP ? (Pro? Home?) Service Pack ?

    Also, can you possibly copy the Minidump to your Desktop, and then Attach it from there?

    I'll wait I suppose :)

    Edit:

    Oh

     
  7. gameb0i83

    gameb0i83 TS Rookie Topic Starter

    I use Norton 360 for antivirus. I've ran it several times and it hasn't found anything other than tracking cookies and other minor spyware.

    I'm at work now, but I'll try copying my dump files on my desktop when I get home. I just find in weird that it won't let me get to the dump files, but I can get into everything else in all my system folders.

    Here are the five most recent minidumps:
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    So how attached are you to Norton 360 :D

    Basically Norton has always used lots of system resource (memory) and if there is the slightest of problems with your Ram or Hard Drive, the having Norton it will be exagerated.

    Here's what I'd suggest you do (and also what I'd do, in this case, as well)

    Uninstall your Norton AntiVirus
    Then run the Norton Removal tool

    Restart

    Download and Run CCleaner

    An alternative Antivirus that I recommend is Avira free Antivirus (also being in our 8-Step Malware removal guide) and is what I use as well.

    Update it by right clicking the tray icon, and then selecting "Start Update" (note: It will automatically update itself, but I just want to make sure)
    Run a full AntiVirus Scan, ideally post back the attached AntiVirus report log

    Further issues, please run Memtest on your Ram

    Done :grinthumb
     
  9. gameb0i83

    gameb0i83 TS Rookie Topic Starter

    To be honest, I was hoping Norton wasn't a contributer to the probem. I shelled out big bucks to have it updated for two years...

    On Norton's forum, someone menioned to uninstall my graphics driver as that was one of the last things I did before these BSODs started popping up. I did that and then reinstalled the video driver fron Gateway's (OEM) site for my specific computer. I haven't had a problem yet. I'm hoping I won't have anty other problems, but if I do then I'll have to resort you your method.

    Thanks for all your help!
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    It's not your graphics adapter
    But time will tell
     
  11. gameb0i83

    gameb0i83 TS Rookie Topic Starter

    ...you were right, the BSOD errors came back with a vengence. Now I'm getting them even a few seconds after Windows starts and once in a while shortly after accessing the Internet.

    I'm asking around at the Norton forums to see if anyone else is having problems. If anyone else has any ideas this could be besides my RAM dying on me let me know. I'm posting the most recent dump files for reference.

    Thanks for your help!
     
  12. Spyder_1386

    Spyder_1386 TS Rookie Posts: 498

    Every single one of your dumps indicates an issue with Norton to be honest. I have a feeling that the LiveUpdate function has been compromised somehow (either by a virus or malware or simply due to the program failing) ... you could try turning off LiveUpdate first to see if that works - this would then mean that you'd have to download the individual updates in .exe form and install them as such...

    My recommendation is in line with Kimsland however, in that an uninstallation of Norton would be your best option. You might want to attach a HiJackThis log as well so we can check whether your system is in fact infected (I'm quite certain it is) .... you can find the HiJackThis installation link on the 8-step guide that Kimsland pointed to previously.

    Spyder_1386 :)
     
  13. gameb0i83

    gameb0i83 TS Rookie Topic Starter

    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB003A
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB003A
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB003A
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Morpheus Music\Plugins\RazaWebHook.dll (file missing)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~2\IWINGA~1\IWINGA~1.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files (x86)\Norton 360\osCheck.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Windows\TEMP\E_S750F.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\QuickCam\eReg.exe
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files (x86)\Morpheus Music\Plugins\RazaWebHook.dll/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files (x86)\iWin Games\iWinGamesInstaller.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
     
  14. gameb0i83

    gameb0i83 TS Rookie Topic Starter

    I've been talking with people on the Norton forums and they've suggested reinstalling Vista. I've done that, but it hasn't seemed to help. For their refence I'm posting my updated HijackThis log file.
     
  15. gameb0i83

    gameb0i83 TS Rookie Topic Starter

    I want to thank everyone that attempted to diagnose and solve my problem. I tried kimsland's directions and they seemed to work for a day, but then the BSODs (or blue SOBs as I now call them) came back and they seemed even more frequent and a couple of times Windows wouldn't even boot up.

    I then tried memtest and as soon as the test started lots of red popped up immediately. In the end I brought the computer to the Geek Squad at Best Buy for diagnotics and repair/replacemtnent of the RAM. The good news is that it won't cost me a cent because it's still covered by manufacterer's warranty because it's less than a year old. The bad news is that I'll be computerless for the next few weeks (I'm at work now). Oh well...

    Thanks again!
     
  16. Spyder_1386

    Spyder_1386 TS Rookie Posts: 498

    Glad to hear that gameb0183! Thanks for the update.

    Spyder_1386 :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...