PDA

View Full Version : PC Issues - blue screen



JMoore
18-02-2009, 05:42 PM
I have recently had a couple of issues with my PC that have finally rendered it useless. Firstly the keyboard became intermittent, requiring me to fiddle with the connection to motherboard every now and then. Yesterday I tried to read a CD which I have had no issues with previously and found that the CD/DVD writer has also decided to give up, it is still powered, opens and closes but is not reading i.e. D: shows up as empty. I wasn't sure if this could be due to a wireless antenna with magnetic base being placed on top of the case? In any case shouldn't be too expensive to replace.
Today, when booting the PC it snapped into a loop of restarts and eventually ended in a blue screen of death error "IRQL_NOT_LESS_OR_EQUAL" and "STOP: 0x0000000a". Any suggestions or ideas to fix any of this would be greatly appreciated.

Thanks in advance.

Speedy Gonzales
18-02-2009, 06:04 PM
Whats the specs of the system,?? Did you install anything as in programs, or hardware recently?

Have you done a scan for malware recently?

JMoore
18-02-2009, 06:12 PM
Thanks for the reply. Good question, its Intel about 2.4GHz, 1GB RAM with 128MB graphics and 40GB HDD, sorry I can't be more specific. System is now booting but stalling as desktop loads. Mouse and timer in centre but nothing seems to be happening...

Was setting up ADSL voip router last night but doesnt require any program installation as far as I know.
No recent scans for malware but up to date Antivir installed with resident guard.

Speedy Gonzales
18-02-2009, 06:15 PM
If its in windows now get malwarebytes below then update it then scan.

See if it picks anything up

JMoore
18-02-2009, 06:22 PM
Thanks for suggestion but it is freezing and not responding as the desktop loads.

Speedy Gonzales
18-02-2009, 06:26 PM
See if it can boot into safe mode / network option.

Hold F8 down (if the system gives an option to boot from whatever using F8, press F5 instead)

Then get malwarebytes and hijackthis below

Update it then scan. Then install / run hijackthis click on scan the system and save a log. Copy and paste the log in here

JMoore
18-02-2009, 07:04 PM
Was unable to boot into safe mode with networking, kept rebooting after log in screen. Managed to boot into safe mode so I will use USB drive to sort malwarebytes and hijackthis, copy log and paste in next post. Thanks again.

Speedy Gonzales
18-02-2009, 07:11 PM
Hmm once or if you manage to get both of those to work. After you reboot try selecting last known good config. See what that does

JMoore
18-02-2009, 07:34 PM
Yea no worries getting both programs to work in safe mode without networking however was obviously not able to update Malwarebytes. Did a quick scan anyway and came up clean. Log for HJT below.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:59 p.m., on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
E:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5345 bytes

wainuitech
18-02-2009, 07:42 PM
Had the EXACT same error / problem today on my laptop at a customers House ( what a bummer) try disconnecting the Internet connection/ Ethernet cable - see if it stops it ( mine did) -- I'll post back the solution as soon as I fix mine in case it is the same thing.

Speedy Gonzales
18-02-2009, 07:42 PM
Ok tick these entries, then tick fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

If you dont use the Language bar, you can tick these entries

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

I dont know what these Showdeskfix entries are. But they look suss

O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

Then reboot, then see what happens

JMoore
18-02-2009, 07:52 PM
OK thats interesting, you may be onto something as when the desktop is loading it always seems to freeze and/or reboot (cylce) when loading the wireless utility, and the fact that safe mode only works with networking disabled. I may remove the wireless PCI card and see what happens. Will also fix the issues mentioned, thanks Speedy.

Speedy Gonzales
18-02-2009, 07:58 PM
Safe mode usually works, because it doesnt load anything but what you need to boot into it. And sometimes, its a good way of diagnosing probs.

And sometimes its the only way to remove nasties in startup (that maybe screwing up a system)

By the looks of it, showdeskfix is silently unregistering shell32 (thats what the /s means), which is used for a few programs in windows.

And things probably crash / wont work, because shell32 isnt registered and its needed

JMoore
18-02-2009, 08:07 PM
Alright we've made some progress. Fixed the items you mentioned Speedy, but didn't seem to make a difference on startup. Then completely removed wireless PCI card and the system now boots into windows fine. Although now I have no internet... not sure if the card is stuffed or if there is some way to reinstall it and avoid the same issues. DVD Drive still not working however - could this have been caused by putting a large magnet (wireless aeriel) on top of the case above the DVD drive?
Any ideas appreciated.

Speedy Gonzales
18-02-2009, 08:14 PM
Nah dont think putting an aerial on a case would stuff the DVD. I've got the modem/router on top of mine. Its fine (I think)

The wireless card drivers maybe corrupted. Try downloading a newer version then reinstall the drivers

Does the DVD work at all??

Does it load cd's/dvds?

wainuitech
18-02-2009, 08:54 PM
Just got mine going again - :nerd: Mind you it is my job :lol:

As speedy suggested - it is a wireless network PCMCIA network card ( old laptop) ripped out the wireless drivers,rebooted- reinstalled from the CD that came with the original card - alls well.

Regarding the DVD Writer - right click My Computer/properties/ Hardware tab/ Device manager/ look to see if the DVD drive actually shows - if it does, expand out the DVD/CD list - right click the DVD drive - uninstall ( agree to any prompts) reboot - the PC should automatically pick up the DVD drive again - its possible the drivers for the DVD got screwed and thats not reading correctly as well.

JMoore
21-02-2009, 05:51 PM
OK, time to revive this thread. Removed card, uninstalled wireless drivers, replaced card and reinstalled driver from manufacturers website. All good. Uninstalled DVD driver, rebooted, recognised drive and can read media. So far so good.
When I try to connect to our wireless network, as soon as I enter the WEP password and hit connect, the system instantly reboots. I've tried it a couple of times. Doesn't do it with other networks and I have just noticed that my DVD drive isn't reading again - related to the reboot issue I assume.
Any clues?

Speedy Gonzales
21-02-2009, 06:03 PM
Does it crash / still come up with a BSOD??

Press the windows key + pause. Go to advanced / startup and recovery / settings

Untick automatically restart

Look in event viewer (start/run, type eventvwr).

Look under application / system, about the time it rebooted (it may have a bugcheck entry here, or an X ).

Double click on it. Highlight the text / press Ctrl-C then Ctrl-V in here. So we can see what it says

JMoore
21-02-2009, 06:24 PM
Yea still crashing or rebooting automatically. Changed setting so that it won't automatically restart but instead of going to BSOD as expected it seems to just freeze. Looked in event viewer and found the following events under System:

There is an initial TCPIP information bubble:

Source: TCPIP
The system detected that network adapter \DEVICE\TCPIP_{34C064EF-49FC-458B-B39B-11075FC7259F} was connected to the network, and has initiated normal operation over the networ adapter.

Followed by a Warning:

Source: DHCP
Your computer has automatically configured the IP address for the Network Card with network address 000F3D0381D7. The IP address being used is 169.254.145.236.

Then the following Errors:

Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

And:
Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

Just copied these onto a laptop with net as unable to access internet connection on PC. Sorry for any mistakes.

Speedy Gonzales
21-02-2009, 06:30 PM
Those errors wont crash it, theyre fine.

Sounds like the card maybe knackered.

I would replace (chuck it out and buy another) it.

Or if its new / under warranty, take it back and replace it with another

Since it looks like its crashing, when you use it

Since its still connected, press windows key + pause again then go to hardware / device manager. Anything showing a X or !?? Click on all the +'s

JMoore
21-02-2009, 06:37 PM
Ok thanks for info. Looks like the freezing and W32Time errors only occur when I try and connect to this specific network. That is when I connect to a neighbours network it will allow me to enter a (incorrect) password and attempt to acquire network address, whereas when connecting to our home network it will freeze as soon as I click connect after entering password.

Only device in device manager showing an X is an Intel(R) PRO/100 VE Network Connection under Network adapters. Hardware conflict?

Speedy Gonzales
21-02-2009, 06:53 PM
To fix the time (hopefully) double click on the time on the taskbar.

Go to internet time, change it to msltime1.irl.cri.nz then apply. You in NZ or somewhere else?

times.windows.com I think doesnt exist

Look in event viewer again, look for a save dump entry under system or application. Copy and paste it here

Ah that X maybe because the onboard NIC is disabled? If it is thats normal

Double click on it, does it say code 22?

JMoore
21-02-2009, 06:58 PM
Changed time settings, hopefully it will fix that problem.
Can't seem to find any save dump entries in the event viewer should it say save dump under source? Or what do I need to look for?
Yea you're right I realised shortly after I posted that the NIC was disabled (code 22).

Speedy Gonzales
21-02-2009, 07:05 PM
It'll look similar to this (http://www.eventid.net/display.asp?eventid=1000&eventno=1473&source=Save%20Dump&phase=1)

JMoore
21-02-2009, 07:15 PM
Like I mentioned before the system has just been freezing on connect recently rather than going to BSOD so that might have been the reason I wasn't getting a save dump. I just tried to connect now and got BSOD which I hadn't been getting before. Checked event viewer on reboot and found the following events:

Source: Save Dump
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000020, 0x86a75788, 0x86a75788, 0x0a000086). A dump was saved in: C:\WINDOWS\Minidump\Mini022109-01.dmp.

Source: System Error
Error code 00000019, parameter1 00000020, parameter2 86a75788, parameter3 86a75788, parameter4 0a000086.

The system error contains basically all the information given in BSOD.

Speedy Gonzales
21-02-2009, 07:27 PM
Is this a Netgear wireless network card, by any chance?

By the looks of it (http://www.tweaksforgeeks.com/BAD_POOL_HEADER.html) that BSOD (thats what 0x00000019 means), is common with Netgear wireless cards

Did you get the drivers from the makers site, and NOT from windowsupdate?

JMoore
21-02-2009, 07:35 PM
No it's a D-Link DWL-520+ PCI card and got the drivers directly from D-Links NZ support site. Any ideas why the issue would occur only on this specific network? Could it be to do with the WEP or whatetever?

Speedy Gonzales
21-02-2009, 07:48 PM
I would update it, as it looks like its out of date / discontinued.

And its only 11.b not g

Or even better, if this computer has USB 2 ports get a USB 2 wireless adapter

What is this trying to connect to at home?

JMoore
22-02-2009, 01:18 PM
Fair enough it probably wouldn't be too expensive although I was actually looking to buy a new PC and wanted to do some research on what to get before selling or whatever so having a net connection would be convenient. It still puzzles me that it only happens on this one network, which I set up last week - a wireless network with 64bit WEP on a Linksys VOIP router.