View Full Version : Windows Has Found a Critical error, must restart looping

11-08-2010, 07:22 PM
I'm currently in safe mode but, every time I connect to the internet I get a window from windows saying that a critical error has been found and it just restarts, would really like to find a solution to this asap, so if anyone has any ideas it would be greatly appreciated. Thanks.

Speedy Gonzales
11-08-2010, 07:31 PM
Disable auto-restart. And if it restarts see if it crashes. If it shows a BSOD, tell us what it says

11-08-2010, 07:32 PM
Sorry, but how do i disable auto restart?

11-08-2010, 07:34 PM
Never mind that, I've got it. Will try again and let you know how it goes, thanks.

Speedy Gonzales
11-08-2010, 07:38 PM
Either press / hold F8 down and select it from the menu.Or boot into safe mode since it works. Then press the windows key (if its on the keyboard) + pause. Then click on advanced / startup and recovery / settings. Untick automatically restart then OK

11-08-2010, 07:55 PM
Everything's going fine so far, thanks.
Is there anything I can/should do to stop this kind of thing in the future?

Speedy Gonzales
11-08-2010, 07:57 PM
Well that may not fix it. If its crashing, that'll come up with the bluescreen and hopefully the file / driver thats making it crash. Unticking that option wont stop it from crashing (if its a BSOD)

11-08-2010, 09:21 PM
Check your System Hardware via control panel to see if any items are displayed as problematic - then update the drivers accordingly.

12-08-2010, 09:03 PM
Never mind that, I've got it. Will try again and let you know how it goes, thanks.

I'm having the same problem. I should mention that I'm pretty sure it has something to do with malware.

But at this point every time I boot up Windows 7 I get the critical error msg. Along with an error msg relating to kagqp.dll (no idea what this is, and it doesnt show up on google).

What's really frustrating is that I can't out of the automatic reboot loop. I've disabled automatic reboot in Advanced Settings, but this hasnt seemed to change behaviour at all. At this point it's very difficult to troubleshoot, because I can't have the system up long enough to look at anything. And I have no way of getting into safe mode (f8 does nothing).

Any help would be much appreciated!

12-08-2010, 11:32 PM
Everything was going well but this evening I've gotten the same BSOD 3 times in a row. Would really like some help on this issue, here's a link to the dump file http://www.mediafire.com/?2wwdhu33kpebyyw

Speedy Gonzales
12-08-2010, 11:51 PM
I see this file is in that dmp file. If you can get into safe mode see where it is, it looks suss. a87puo61.SYS

Also, if something like daemontools is installed uninstall it. Its known to crash windows. I see Anydvd is also installed, uninstall it if you can in safe mode

12-08-2010, 11:56 PM
I'm not in safe mode at the moment, the BSOD's come at random times so I can probably access that file normally. A search doesn't turn up any results, do you have any other suggestions?

Speedy Gonzales
12-08-2010, 11:59 PM
Whatever youre in, can you post a hijackthis log? If you cant get into normal windows, can you get into safe mode / networking?? What virus scanner is installed?? Is this win7 32 bit?

13-08-2010, 12:02 AM
Win 7 32 bit, no anti-virus atm used to have avast but uninstalled it.
HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:22 p.m., on 12/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Matthew\AppData\Local\Google\Chrome\Appli cation\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\bnfv.tmp\setup.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP\bnfv.tmp\setup.exe (User 'Default user')
O4 - Global Startup: 1stFile.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all links with IDM - C:\Downloads\IDM.5.19.3.Portable-SuPeRGeNiUs\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Downloads\IDM.5.19.3.Portable-SuPeRGeNiUs\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Downloads\IDM.5.19.3.Portable-SuPeRGeNiUs\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O15 - Trusted Zone: http://software.kuaiche.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Panda Security Generic Uninstaller (PSGenUn) - Unknown owner - C:\SMCLPAV\SMCLpav.exe (file missing)

Speedy Gonzales
13-08-2010, 12:13 AM
Disable system restore. You can tick these then tick fix checked

Close browsers

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

These looks sus

O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\bnfv.tmp\setup.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP\bnfv.tmp\setup.exe (User 'Default user')

O4 - Global Startup: 1stFile.exe

Did you add this??

O15 - Trusted Zone: http://software.kuaiche.com (http://software.kuaiche.com/)

If you didnt tick it

Then reboot, then see what happens. If ccleaner is installed, run it