Random BSOD and CD won't read data

Status
Not open for further replies.

michele31415

Posts: 32   +0
OK, I'm absolutely desperate. I've been all over the web for two weeks now, including many posts on this site, Microsoft, and other boards. I've even looked at sites where people use words like "d00d" and "n00b". I seem to have two intertwined problems: getting random BSOD's *and* my CD/DVD drive no longer reads data or DVD's (although it still plays music fine). The drive does read a boot CD though, just fine.

Here's some starting details:

System: Alienware Area 51 m5700 laptop, 1G RAM, dual Intel Pentium-4 3.2 GHz., Hitachi Travelstar 60 Gb ATA-6 disk, Lite On Slimtype Combo SOSC-2483K internal CD-DVD/RW as secondary IDE master, Nvidia GeForce GO 5700 video.

Software: Genuine XP SP3, current to all Windows Updates. Machine is on a LAN with 5 other machines, all running XP SP3 and a SimpleTech NAS file server.

So far I have done this:

Test RAM with windiag.iso - no errors after 6 passes, extended diagnostics
Run full scandisk - claims to have repaired registry
Run Hitachi disk diagnostics - no errors found
Physically unplug/replug CD drive (three times)
Clean the lens on the dirve, vacuum and clean the tray area
Run sfc - nothing found
Run latest versions of AVG, Avira, Malwarebytes, Adaware, and Spybot S&D.- did find some Trojans, claims to have removed them
Run UnhackMe rootkit checker - nothing found
Uninstall/reinstall CD drive (via Device Manager)
Uninstall/reinstall secondary IDE driver (via Device Manager)
Uninstall/reinstall Nvidia drivers with download direct from Alienware web site
Uninstall/reinstall WDM audio drivers with download direct from Alienware web site
Uninstall Lexmark wireless printer
Check for DMA enabled on secondary IDE
Check for recording enabled on CD drive.
Removed upper and lower filter registry keys
Applied KB923716 IMAPI update
Checked cdrom.sys for file length and version compared to another working XP system
Monitored temperature with GPU-Z: GPU temp. is 50 deg. C, system temp. is 47 deg. I have an external muffin fan blowing across the case.

None of this has helped. To complicate matters, it will BSOD at seemingly random times, sometimes while I'm doing something, other times when it's just idling. Occasionally, the system will just shut down without any warning. As I type this (from another computer), I just got a BSOD while running another Avira pass:

IRQL_NOT_LESS_OT_EQUAL
STOP: 0x0000000A (0x00000004,0x00000002,0x00000000,0x804E7EED)

But note that I've been getting one or two BSOD's per day, seemingly at random, including the 8E and more. The event log is full of strange errors too, like (recent sample):

The system detected that network adapter \DEVICE\TCPIP_{4D1AC3F2-39E0-4C92-BFB0-787461B6558C} was connected to the network, and has initiated normal operation over the network adapter.

The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).

The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.

So bottom line is that I really have no clue as to what could possibly be wrong or even where to start, given the plethora of confusing symptoms this machine is displaying. Might be H/W, but that checks out OK. I'm stuck. Any help would be *most* appreciated. Thanks!
 
Wow, thanks for the super fast reply. One thing I missed mentioning - I had already uninstalled AVG a hile back because I thought it might be the problem (I'd seen some references to AVG 7.5 causing BSOD's). I then installed Avira. So actually, AVG has been off the machine for several weeks now.

Anyway, I downloaded and ran the AVG removal tool. It briefly flashed up a cmd window from which I was able to read just "...not found" among a lot of lines before it vanished without any further feedback.

Then I ran the dougknox.com exe file. It seemed to complete normally and wanted me to reboot. So I rebooted and tried a data CD - no luck. The drive icon in My Computer reads "DVD/CD-RW Drive (D: )". If I put a data disc in, it does spend a few seconds seeking and flashing the CD activity light but then that just stops. Opening D: just gives me an empty window. Same thing with a commercial DVD movie.

But - on rebooting I noticed two new strange things: My VSLR program (Slingbox stream player) suddenly popped up on its own, unsolicited. Then I got a warning that ZoneAlarm was not running. So I went to restart it manually. The little "Z" icon appeared in the system tray and then immediately I got a pop-up balloon "Your computer might be at risk. Zonealarm Firewall is turned off". Mousing over the Z made it go away, showing it was indeed not running. Two more tries and the same result. So I rebooted again. This time ZA went into execution and stayed around. But the CD drive is still unresponsive.

You mentioned installing Avira, but I already have that. Should I uninstall/reinstall it or is that part OK?

Anyway, I'm still stuck.
 
Avira is advised to keep, I even use it ;)

The 8-Step process (linked above) is your next step :)
Highly likely Virus\Malware infection

Actually I'll tell you what. Do this and report back with this one log:


Download Combofix
Lots of info on its use h e r e
Direct download h e r e

Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log

Save this log file to be attached to a new reply
 
OK, well I did try an Avira scan. It reported 93,300 warnings, but nothing else ("no virus or unwanted program found"). I had let it run unattended. When I came back, I found that result on the screen, 100% finished, but the machine was hung (mouse unresponsive). I rebooted and checked the Avira log file. It's huge so I won't post the whole thing but all of the warnings are variations on this:

Moderator Edit
Pasted log removed


It just goes on and on, refering to access violations in different random files.

Should I still go ahead with the combo fix or does this give you any clues?
 
Doh!

I forgot to say attach any log, don't paste them in

In a new reply, you'll see this symbol on the toolbar -->
attach.gif

Use that button to attach any log to any new reply you make
By the way, Notepad TXT or Logs (ie LOG) are accepted

EDIT

Actually I did say "attach"
 
Yes, well sorry about that. I was using Netscape which apparently does not render the line that contains the paper clip in the reply editor. Now I'm using Firefox. You did indeed say attach, but now I see that there's a 200K limit on uploading text files. The log file that Avira generated is 95 *meg*. It's nothing but thosands of lines of ACCESS_VIOLATION's. If there's some other way I can send this, please let me know.

In the meantime, I downloaded combofix and started it up. It's late so I'm going to bed. I'll report back on what I find tomorrow morning. Thanks again for your time and help in tracking down this mystery.

OK, that didn't take as long as I thought. Combofix ran to completion in just a few minutes. I turned off Zonealarm and Avira before running it. Here (attached) is the log file it generated. Now I'm going to bed.
 
OK, good. I didn't post the other logs because I don't have them yet. I called it quits for the night at 2 AM last night after running combofix. I'm continuing on through the rest of the 8 steps in the guide today and will post the results when I get them. I'm encouraged that we seem to be making progress!

OK, here's what we got:

Step 1: Ran Avira yesterday, generated 93,000 warnings but found no viruses.

Step 2: (today) Booted the machine, ran ccleaner, it deleted 83.6 megs worth of files on pass 1. Second run removed 90 bytes. Third run removed nothing. 4th run removed 90 bytes. 5th run removed nothing.

Step 3: Turned off Avira, exited WinPatrol, went to turn off AdAware but found it was already not running. Possibly related note - on bootup this morning, the desktop icons did not appear because something called Bugsolver.exe was running. At the same time, Adaware generated about 6 Zonealarm requests to hit the net (which I granted). After waiting a minute or so for something to happen, I killed Bugsolver. This dropped the CPU load to 0 and the desktop icons immediately displayed. Apparently, explorer.exe is not starting up properly. In the Task Manager, I note also that something called avgnt.exe is running, although I uninstalled AVG a week ago. I left it there. I also note that another machine I have that is running AVG 7.5 does not have a process by that name loaded.

Step 4: Downloaded latest updates to malwarebytes and ran a full scan. 7 min. and 33 seconds into this, after scanning 40,388 objects with 0 infected objects found, it hit a file called c:\Program Files\Ahead\NeroVision\Pictures\pattern_w4_3.jpg and the system froze. (Mouse unresponsive, ctl-alt-del does nothing). So I have no log file for you. (That jpg is probably not relevant - when I navigate to that directory and view the contents as "Thumbnails", it displays an image similar to the others in that directory. If I scan just that file with malwarebytes, it completes successfully and reports no infections).

At this point I am stopping the 8 steps and posting this for your advice on how to proceed. I rebooted (had to turn off the system by holding down the power key) and got something new - a screen that said "Please select the operating system to boot". It gives me two choices: XP or System Recovery Console. The reboot (into XP) went normally (no BugSolver) and Adaware went into execution.

Should I retry malwarebytes or do something else first?

Sigh - just for the heck of it I rebooted and tried malwarebytes again. 30 seconds in I got a BSOD:

PFN_LIST_CORRUPT
STOP: 0x0000004E (0x00000007,0x000218FD,0x00000001,0x00000000)

Update: on the next reboot, just letting the system idle, we are now up 3 hrs. 30 min. with no errors.

Further update: Ran malwarebytes again, got the same BSOD (PFN list) about 1 minute in (MB had finished scanning the registry and started on C:.)

Ran it again, sat through 15 minutes of watching it go through 60,000+ files. Walked off, came back later to find:

MEMORY_MANAGEMENT
STOP: 0x0000001A (0X00041284,0X01E21001,0X00005CAA,0XC0503000)

Next run - got through 55,000 files and then:
MEMORY_MANAGEMENT
STOP 0x0000001A (0x00041284,0x02b22001,0x0000b27a,0xc0503000)

At this point I decided to give up on getting malwarebytes to finish so I moved on to

Step 5: Superantispyware - I started a full scan with this. It found no threats in memory or the registry. Then less than a minute into the file items, I got

STOP: 0x0000008E (0xC000001D,0xF47E8A91,0xF0989CD4,0x00000000)
vsdatant.sys - Address F47E8A91 base at F47B1000, DateStamp 491cb331

At this point, I simply give up. Anyone have any suggestions? Anyone want to buy a haunted Alienware?

OK, I un-give up. I decided to run a full scandisk. This found:

(Stage 1 OK)...
CHKDSK is verifying indexes (stage 2 of 5)...
Deleting index entry Spybot - Search & Destroy in index $I30 of file 12952.
Deleting index SXNCHR~1.HTM in index $I30 of file 60126.
Deleting index SXNCHR~2.HTM in index $I30 of file 60126.
Index verification completed.
CHKDSK is recovering lost files.
Recovering orphaned file Spybot - Search & Destroy i (48428) into directory file 12952.
Stage 3 completed.
Stage 4 completed.
Stage 5 completed.

Now running malwarebytes again... no good, got yet another PFN list BSOD.
 
Well done :grinthumb
That scan really took out some heavy Malwares. :)

Now I can't go any further with this thread, as I need the 3 logs from the guide

I am waiting for you

Try it in Safe mode with Networking (accessed by pressing F8 before Windows starts)
 
OK, after the scandisk repaired some files, I tried malwarebytes again and got another BSOD. Then I saw your message so I rebooted. This caused another scandisk to run. Then I did an F8 into Safe Mode. But this gave me

STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000026c (0x00000000 0x00000000).
The system has been shut down.

I'd love to provide you with the three logs but I don't seem to be getting anywhere. I've been trying - honest :)

Following your suggestion, I rebooted for the second time in safe mode. This time I was able to run both malwarebytes and Superantispyware successfully to completion. I then had to restart in normal mode to be able to download the latest version of Java (I had R6 Update 11). For some reason, it wouldn't download in safe mode (and I did have it started as "safe mode with networking enabled"). I successfully updated Java to R6 Update 12 in normal mode and ran HJT was run in normal mode. It finished without BSOD'ing. All three logs are attached. At least we're making some progress now...
 
Yes, well sorry about that. I was using Netscape
Hmm Netscape 7

It seems to have a number of different startups and configurations
How close are you to Netscape 7 ? I would suggest, if you're not too close, to uninstall it, and install Firefox as your alternate browser (if you need to have an alternate browser to Internet Explorer)

This may be the entire fault issue you're having
 
Netscape Confusion

I'm sorry - to clarify,because the Alienware is so unstable, I am using my desktop PC to read/write this thread. That was the Netscape I was talking about. It is 7.2. And on further investigation, the real problem was simply that the paperclip icon only appears if you click on the "advanced" button. Netscape does in fact display that correctly (once I figured that out).

The reason I'm using Netscape is because the Firefox on my desktop machine for some reason has started generating an error when I try to download files. I think that when we finish dealing with the Alienware, we may need to go through the desktop machine too (if you would be willing to help me with that too - I really do appreciate all the help you've given me so far).

I also have Netscape 7.2 installed on the Alienware, but I have not used it for months now. I've been using Firefox there (3.0.6). I also have IE 7.0.5730.13 installed there, but I almost never use it. I also tried Chrome for a while but ended up uninstalling it.

Do you recommend removing Netscape from the Alienware? One final note - since finishing the HJT run last night, it has been up for 10 1/2 hours in normal mode with no BSOD. However, the CD drive is still unresponsive.
 
I used Netscape years ago, I don't see many users with it much

Well uninstall WinPatrol; SUPERAntiSpyware; SpybotS&D; Ad-Aware; TuneUp Drive Defrag
Seeming all have a startup, and are likely slowing or effecting your computer

Download Combofix
Lots of info on its use h e r e
Direct download h e r e

Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
ComboFix will also restart your computer (eventually) and then (eventually) create a log

Save this log file to be attached to a new reply


Mind you it generally looks clean
 
OK, I left Netscape alone, uninstalled all of the other programs you mentioned,, and rebooted in normal mode. I downloaded the latest Combofix and ran it. It completed successfully, log file attached.

Strange anomaly noted: during the boot, as the desktop was setting up, I heard the little "bubble popping" sound (Windows XP Ding.wav) that usually accompanies a pop-up, but nothing popped up.

Process named avgnt.exe is still running. Is that of concern?
 
Yes, I thought it was strange too. I actually uninstalled AVG several weeks ago. I ran the AVG removal tool two days ago. I ran it again just now (log attached). In there you will see the results of both removals. The problem may be that this tool seems to be looking for AVG 8, whereas I was running AVG 7.5.

Anomaly: after running the AVG removal tool, it wanted me to reboot. I did so and Windows hung at the point it displays "Closing network connections..." on the blue "goodbye" screen. I had to shut down by holding down the power button.

The subsequent reboot proceeded normally. Task manager shows that avgnt.exe is back again. I did a file search on drive C: for "avgnt.exe" and found it in the directory C:\Program Files\Avira\Antivir Personal Edition Classic, 266,497 bytes. So it looks like this is part of Avira rather than AVG, yes?

While I'm at it, I decided to check the contents of the Windows directory using the dir command from a DOS window. Right at the beginning, it found two files, called 0.log, 0 bytes, and 002605_.tmp, 19,569 bytes. Neither of these appear in the regular Windows browser, even with "show hidden files" checked. Significant?
 
Is this tool supposed to provide any feedback? I ran it and the only way I knew it even went into execution is because I saw it briefly flash by in the Task Manager. Anyway, I ran it, rebooted ... and avgnt.exe is still there. But as I mentioned, isn't that an Avira file?
 
Well, the reboot went OK,and there are no errors or warnings in any of the event viewer logs. However, the CD drive is still not recognizing data CD's or DVD's. However, it will successfully boot from a bootable CD. It also plays music CD's OK. And malwarebytes still BSOD's before completion when run in normal Windows. Right now, my money is on an incompatible driver somewhere. Do you agree, and if so do you have any suggestions on what to try next? Have we finally stomped out all of the malware on this machine?
 
Well, no need to kick yourself - that didn't work either :) But it really was an intriguing suggestion. I never would have thought of that. I uninstalled ZA, rebooted, and got the same old same old. The drive icon is there, it plays music CD's but is unresponsive to data and DVD's. So I reinstalled ZA. It's one program I really don't like to be without since I'm connected to broadband 24/7. At least it has not BSOD'ed on me at all today.
 
Oh well

Please check C:\Windows\Minidump folder, for any recent Minidumps to attach
I've no idea why this wasn't done ages ago :confused:
 
C:\Windows\Minidump is empty.

I believe at some point I turned that feature off because it was taking up so much time every time I had a crash, and I didn't know what to make of the reports anyway. Now I can't remember how to turn it back on.
 
Status
Not open for further replies.
Back