The system has recovered from a serious error

Hi everyone,

I am hoping someone can help me. I have searched through previous threads but I have been unable to find a solution to my problem.

A few weeks ago my computer all of a sudden restarted itself. When it was back up and running I got a message saying "The system has recovered from a serious error...." I clicked on report error but I received another message saying it was unable to report the error.

Since then it has been doing it more and more often and I'm worried that I won't be able to do a thing with it soon. Further information I got, which means nothing to me but might help, included:

BCCode: 1000008e
BCP1: C000001D
BCP2: BF806037
BCP3: F6DBCC08
BCP4: 00000000
OSVer: S_1_2600
SP" 2_0
Product: 768_1

Can anyone help?

 

Thanks PeteC,

Just to make sure... I have changed the computer so it won't automatically restart, will I know how to restart it when this happens?

When you say run the dump data.. how do I do this, just cut and paste from my computer? Or will I understand when it happens?

Please bare with me, I am not an expert as you can probably tell. Lastly, when you say make sure I have a back up of my important files, I assume you just mean that I have saved these files to a disk or memory stick or something like that, or is there something I should be doing on the computer?

Thanks

 

In the grand scheme of things these are actually typically fairly straightforward to pindown.

ERROR_WRITE_FAULT winerror.h
# The system cannot write to the specified device.

That's the error code from the original post - who knows in what though without the rest. Post the debugger spew from that tool and we'll see.

 

Dump data added

Well I figured out how to do it, and to me, this looks really scary. Hopefully it is not too serious...? Is this what you need?


Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Fri Aug 8 13:13:55.546 2008 (GMT+10)
System Uptime: 0 days 0:53:53.113
WARNING: Process directory table base 18F3A000 doesn't match CR3 00039000
WARNING: Process directory table base 18F3A000 doesn't match CR3 00039000
Loading Kernel Symbols
.....................................................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80042000, 0, 0}

PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
Probably caused by : win32k.sys ( win32k!FindQMsg+93 )

Followup: MachineOwner
---------

kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdb00c). Type ".hh dbgerr001" for details

BUGCHECK_STR: 0x7f_8

TSS: 00000028 -- (.tss 0x28)
.tss 0x28
eax=bbfbc4d8 ebx=e1bc40d8 ecx=bbdd0601 edx=00000000 esi=e1a27ae8 edi=bbfbc4d8
eip=bf802799 esp=f10c0d12 ebp=f10d0c78 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k!FindQMsg+0x93:
bf802799 ?? ???
.trap
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: brctrcen.exe

LAST_CONTROL_TRANSFER: from bf80266a to bf802799

UNALIGNED_STACK_POINTER: f10c0d12

STACK_TEXT:
f10d0c78 bf80266a e1bc4008 e1bc40d8 00000000 win32k!FindQMsg+0x93
f10d0c9c bf801d90 e1bc4008 f10d0d18 00000000 win32k!xxxReadPostMessage+0x31
f10d0cec bf819fb8 f10d0d18 000025ff 00000000 win32k!xxxRealInternalGetMessage+0x30e
f10d0d4c 804de7ec 004d1b70 00000000 00000000 win32k!NtUserGetMessage+0x27
f10d0d4c 7c90eb94 004d1b70 00000000 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012f348 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: .tss 0x28 ; kb

FOLLOWUP_IP:
win32k!FindQMsg+93
bf802799 ?? ???

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!FindQMsg+93

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 47e0e106

FAILURE_BUCKET_ID: 0x7f_8_win32k!FindQMsg+93

BUCKET_ID: 0x7f_8_win32k!FindQMsg+93

Followup: MachineOwner
---------

eax=ffdff13c ebx=80042000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=804e06e1 esp=8054d664 ebp=00000000 iopl=0 nv up di ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000086
nt!KiTrap08+0x44:
804e06e1 ebee jmp nt!KiTrap08+0x34 (804e06d1)
ChildEBP RetAddr Args to Child
00000000 bf802799 00000000 00000000 00000000 nt!KiTrap08+0x44 (FPO: TSS 28:0)
f10d0c78 bf80266a e1bc4008 e1bc40d8 00000000 win32k!FindQMsg+0x93 (FPO: [Non-Fpo])
f10d0c9c bf801d90 e1bc4008 f10d0d18 00000000 win32k!xxxReadPostMessage+0x31 (FPO: [Non-Fpo])
f10d0cec bf819fb8 f10d0d18 000025ff 00000000 win32k!xxxRealInternalGetMessage+0x30e (FPO: [Non-Fpo])
f10d0d4c 804de7ec 004d1b70 00000000 00000000 win32k!NtUserGetMessage+0x27 (FPO: [Non-Fpo])
f10d0d4c 7c90eb94 004d1b70 00000000 00000000 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ f10d0d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012f348 00000000 00000000 00000000 00000000 0x7c90eb94
start end module name
804d7000 806eb500 nt ntoskrnl.exe Wed Feb 28 20:10:41 2007 (45E54711)
806ec000 8070c380 hal halaacpi.dll Wed Aug 04 15:59:05 2004 (41107B29)
bf000000 bf011580 dxg dxg.sys Wed Aug 04 16:00:51 2004 (41107B93)
bf012000 bf425a80 nv4_disp nv4_disp.dll Wed Aug 04 17:57:11 2004 (411096D7)
bf800000 bf9c2800 win32k win32k.sys Wed Mar 19 20:46:46 2008 (47E0E106)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Wed Aug 04 17:56:56 2004 (411096C8)
ef4b3000 ef4dd180 kmixer kmixer.sys Wed Jun 14 18:47:45 2006 (448FCD31)
f0f80000 f0fc0280 HTTP HTTP.sys Fri Mar 17 11:33:09 2006 (441A03C5)
f1129000 f113d520 NAVENG NAVENG.SYS Wed May 07 03:46:44 2008 (48209984)
f113e000 f120d6e0 NAVEX15 NAVEX15.SYS Wed May 07 03:45:51 2008 (4820994F)
f1236000 f127f000 SRTSP SRTSP.SYS Tue Sep 11 07:56:38 2007 (46E5BD96)
f131f000 f1370480 srv srv.sys Mon Aug 14 20:34:39 2006 (44E051BF)
f14d9000 f1504d80 mrxdav mrxdav.sys Tue Dec 18 20:51:33 2007 (47679825)
f1803000 f1817400 wdmaud wdmaud.sys Wed Jun 14 19:00:44 2006 (448FD03C)
f19f8000 f1a1b000 Fastfat Fastfat.SYS Wed Aug 04 16:14:15 2004 (41107EB7)
f1ae3000 f1b21000 SymIDSCo SymIDSCo.sys Fri Feb 08 11:26:34 2008 (47ABA1BA)
f1b21000 f1b42f00 SYMFW SYMFW.SYS Tue Jan 09 13:33:39 2007 (45A2FF03)
f1c13000 f1c21d80 sysaudio sysaudio.sys Wed Aug 04 16:15:54 2004 (41107F1A)
f1cbb000 f1cbe280 ndisuio ndisuio.sys Wed Aug 04 16:03:10 2004 (41107C1E)
f1da3000 f1dab180 SYMIDS SYMIDS.SYS Tue Jan 09 13:34:19 2007 (45A2FF2B)
f39ff000 f3a16480 dump_atapi dump_atapi.sys Wed Aug 04 15:59:41 2004 (41107B4D)
f3a17000 f3a35000 EraserUtilRebootDrv EraserUtilRebootDrv.sys Fri Jan 18 13:44:27 2008 (4790128B)
f3b1b000 f3b7b000 eeCtrl eeCtrl.sys Fri Jan 18 13:44:27 2008 (4790128B)
f3b7b000 f3be9a00 mrxsmb mrxsmb.sys Fri May 05 19:41:42 2006 (445B1DD6)
f3bea000 f3c14a00 rdbss rdbss.sys Fri May 05 19:47:55 2006 (445B1F4B)
f3cb5000 f3cd5f00 ipnat ipnat.sys Thu Sep 30 08:28:36 2004 (415B3714)
f3cd6000 f3d3f000 SPBBCDrv SPBBCDrv.sys Sat Apr 14 19:31:24 2007 (46209F6C)
f3d3f000 f3d60c80 afd afd.sys Fri Jun 20 20:44:37 2008 (485B8A15)
f3d61000 f3d88c00 netbt netbt.sys Wed Aug 04 16:14:36 2004 (41107ECC)
f3d89000 f3dae000 SYMEVENT SYMEVENT.SYS Tue Sep 25 10:39:57 2007 (46F858DD)
f3dae000 f3ddb100 SYMTDI SYMTDI.SYS Tue Jan 09 13:31:16 2007 (45A2FE74)
f3ddc000 f3e33f80 tcpip tcpip.sys Fri Jun 20 20:45:10 2008 (485B8A36)
f3e34000 f3e46400 ipsec ipsec.sys Wed Aug 04 16:14:27 2004 (41107EC3)
f73ae000 f7406e80 update update.sys Mon Apr 23 20:32:54 2007 (462C8B56)
f740b000 f740d900 Dxapi Dxapi.sys Sat Aug 18 06:53:19 2001 (3B7D843F)
f7f43000 f7f53e00 psched psched.sys Wed Aug 04 16:04:16 2004 (41107C60)
f7f54000 f7f6a680 ndiswan ndiswan.sys Wed Aug 04 16:14:30 2004 (41107EC6)
f80e4000 f80f7900 parport parport.sys Wed Aug 04 15:59:04 2004 (41107B28)
f80f8000 f81fc4e0 AGRSM AGRSM.sys Sat Mar 05 04:02:18 2005 (4228949A)
f81fd000 f821fe80 USBPORT USBPORT.SYS Wed Aug 04 16:08:34 2004 (41107D62)
f8220000 f8243980 portcls portcls.sys Wed Aug 04 16:15:47 2004 (41107F13)
f8244000 f82ee580 ALCXWDM ALCXWDM.SYS Tue Apr 01 20:51:28 2003 (3E896120)
f82ef000 f8311680 ks ks.sys Wed Aug 04 16:15:20 2004 (41107EF8)
f8312000 f8325780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 16:07:04 2004 (41107D08)
f8326000 f84f53c0 nv4_mini nv4_mini.sys Thu Apr 08 12:30:48 2004 (4074B958)
f84fe000 f8501f00 MODEMCSA MODEMCSA.sys Sat Aug 18 06:57:37 2001 (3B7D8541)
f851a000 f851dc80 mssmbios mssmbios.sys Wed Aug 04 16:07:47 2004 (41107D33)
f85ad000 f85c7580 Mup Mup.sys Wed Aug 04 16:15:20 2004 (41107EF8)
f85c8000 f85f4a80 NDIS NDIS.sys Wed Aug 04 16:14:27 2004 (41107EC3)
f85f5000 f8681400 Ntfs Ntfs.sys Fri Feb 09 22:10:31 2007 (45CC56A7)
f8682000 f8694f00 WudfPf WudfPf.sys Fri Sep 29 11:55:43 2006 (451C7D1F)
f8695000 f86ab780 KSecDD KSecDD.sys Wed Aug 04 15:59:45 2004 (41107B51)
f86ac000 f86bdf00 sr sr.sys Wed Aug 04 16:06:22 2004 (41107CDE)
f86be000 f86dd780 fltmgr fltmgr.sys Mon Aug 21 19:14:57 2006 (44E97991)
f86de000 f86f5480 atapi atapi.sys Wed Aug 04 15:59:41 2004 (41107B4D)
f86f6000 f8714880 ftdisk ftdisk.sys Sat Aug 18 06:52:41 2001 (3B7D8419)
f8715000 f8725a80 pci pci.sys Wed Aug 04 16:07:45 2004 (41107D31)
f8726000 f8753d80 ACPI ACPI.sys Wed Aug 04 16:07:35 2004 (41107D27)
f8775000 f877dc00 isapnp isapnp.sys Sat Aug 18 06:58:01 2001 (3B7D8559)
f8785000 f878f500 MountMgr MountMgr.sys Wed Aug 04 15:58:29 2004 (41107B05)
f8795000 f87a1c80 VolSnap VolSnap.sys Wed Aug 04 16:00:14 2004 (41107B6E)
f87a5000 f87ade00 disk disk.sys Wed Aug 04 15:59:53 2004 (41107B59)
f87b5000 f87c1200 CLASSPNP CLASSPNP.SYS Wed Aug 04 16:14:26 2004 (41107EC2)
f87e5000 f87ee480 NDProxy NDProxy.SYS Sat Aug 18 06:55:30 2001 (3B7D84C2)
f87f5000 f8803100 usbhub usbhub.sys Wed Aug 04 16:08:40 2004 (41107D68)
f8815000 f881d700 netbios netbios.sys Wed Aug 04 16:03:19 2004 (41107C27)
f8835000 f883e080 SRTSPX SRTSPX.SYS Tue Sep 11 07:58:41 2007 (46E5BE11)
f8845000 f884d700 wanarp wanarp.sys Wed Aug 04 16:04:57 2004 (41107C89)
f8855000 f8864580 2WirePCP 2WirePCP.sys Tue Sep 24 08:48:08 2002 (3D8F9A28)
f8885000 f888dd80 HIDCLASS HIDCLASS.SYS Wed Aug 04 16:08:18 2004 (41107D52)
f88b5000 f88bd880 Fips Fips.SYS Sat Aug 18 11:31:49 2001 (3B7DC585)
f8915000 f8924900 Cdfs Cdfs.SYS Wed Aug 04 16:14:09 2004 (41107EB1)
f8935000 f893dd00 intelppm intelppm.sys Wed Aug 04 15:59:19 2004 (41107B37)
f8945000 f894f380 imapi imapi.sys Wed Aug 04 16:00:12 2004 (41107B6C)
f8955000 f8961180 cdrom cdrom.sys Wed Aug 04 15:59:52 2004 (41107B58)
f8965000 f8973080 redbook redbook.sys Wed Aug 04 15:59:34 2004 (41107B46)
f8975000 f8983b80 drmk drmk.sys Wed Aug 04 16:07:54 2004 (41107D3A)
f8985000 f8994d80 serial serial.sys Wed Aug 04 16:15:51 2004 (41107F17)
f8995000 f89a1e00 i8042prt i8042prt.sys Wed Aug 04 16:14:36 2004 (41107ECC)
f89a5000 f89b1880 rasl2tp rasl2tp.sys Wed Aug 04 16:14:21 2004 (41107EBD)
f89b5000 f89bf200 raspppoe raspppoe.sys Wed Aug 04 16:05:06 2004 (41107C92)
f89c5000 f89d0d00 raspptp raspptp.sys Wed Aug 04 16:14:26 2004 (41107EC2)
f89d5000 f89dd900 msgpc msgpc.sys Wed Aug 04 16:04:11 2004 (41107C5B)
f89e5000 f89eef00 termdd termdd.sys Wed Aug 04 15:58:52 2004 (41107B1C)
f89f5000 f89fb200 PCIIDEX PCIIDEX.SYS Wed Aug 04 15:59:40 2004 (41107B4C)
f89fd000 f8a01900 PartMgr PartMgr.sys Sat Aug 18 11:32:23 2001 (3B7DC5A7)
f8a05000 f8a0c880 SISAGPX SISAGPX.sys Thu Oct 31 14:58:41 2002 (3DC0AA71)
f8a35000 f8a39500 watchdog watchdog.sys Wed Aug 04 16:07:32 2004 (41107D24)
f8a85000 f8a8a080 SYMREDRV SYMREDRV.SYS Tue Jan 09 13:34:37 2007 (45A2FF3D)
f8a8d000 f8a93e80 SYMNDIS SYMNDIS.SYS Tue Jan 09 13:32:03 2007 (45A2FEA3)
f8add000 f8ae1280 usbohci usbohci.sys Wed Aug 04 16:08:34 2004 (41107D62)
f8ae5000 f8aeb800 usbehci usbehci.sys Wed Aug 04 16:08:34 2004 (41107D62)
f8aed000 f8af4580 Modem Modem.SYS Wed Aug 04 16:08:04 2004 (41107D44)
f8af5000 f8afc000 fdc fdc.sys unavailable (FFFFFFFE)
f8afd000 f8b02500 point32 point32.sys Wed Nov 08 18:02:34 2006 (4551810A)
f8b05000 f8b0aa00 mouclass mouclass.sys Wed Aug 04 15:58:32 2004 (41107B08)
f8b0d000 f8b13000 kbdclass kbdclass.sys Wed Aug 04 15:58:32 2004 (41107B08)
f8b15000 f8b19880 TDI TDI.SYS Wed Aug 04 16:07:47 2004 (41107D33)
f8b1d000 f8b21580 ptilink ptilink.sys Sat Aug 18 06:49:53 2001 (3B7D8371)
f8b25000 f8b29080 raspti raspti.sys Sat Aug 18 06:55:32 2001 (3B7D84C4)
f8b2d000 f8b32000 flpydisk flpydisk.sys Wed Aug 04 15:59:24 2004 (41107B3C)
f8b3d000 f8b43180 HIDPARSE HIDPARSE.SYS Wed Aug 04 16:08:15 2004 (41107D4F)
f8b45000 f8b4a200 vga vga.sys Wed Aug 04 16:07:06 2004 (41107D0A)
f8b4d000 f8b51a80 Msfs Msfs.SYS Wed Aug 04 16:00:37 2004 (41107B85)
f8b55000 f8b5c880 Npfs Npfs.SYS Wed Aug 04 16:00:38 2004 (41107B86)
f8b65000 f8b6cb80 usbccgp usbccgp.sys Wed Aug 04 16:08:45 2004 (41107D6D)
f8b6d000 f8b73500 usbprint usbprint.sys Wed Aug 04 16:01:23 2004 (41107BB3)
f8b75000 f8b7b780 USBSTOR USBSTOR.SYS Wed Aug 04 16:08:44 2004 (41107D6C)
f8b85000 f8b88000 BOOTVID BOOTVID.dll Sat Aug 18 06:49:09 2001 (3B7D8345)
f8c0d000 f8c0f280 rasacd rasacd.sys Sat Aug 18 06:55:39 2001 (3B7D84CB)
f8c21000 f8c23580 hidusb hidusb.sys Sat Aug 18 07:02:16 2001 (3B7D8658)
f8c25000 f8c28b00 usbscan usbscan.sys Wed Aug 04 15:58:44 2004 (41107B14)
f8c29000 f8c2ca00 kbdhid kbdhid.sys Wed Aug 04 15:58:33 2004 (41107B09)
f8c2d000 f8c2ff80 mouhid mouhid.sys Sat Aug 18 06:47:57 2001 (3B7D82FD)
f8c5d000 f8c60c80 serenum serenum.sys Wed Aug 04 15:59:06 2004 (41107B2A)
f8c61000 f8c63980 gameenum gameenum.sys Wed Aug 04 16:08:20 2004 (41107D54)
f8c65000 f8c67580 ndistapi ndistapi.sys Sat Aug 18 06:55:29 2001 (3B7D84C1)
f8c75000 f8c76b80 kdcom kdcom.dll Sat Aug 18 06:49:10 2001 (3B7D8346)
f8c77000 f8c78100 WMILIB WMILIB.SYS Sat Aug 18 07:07:23 2001 (3B7D878B)
f8ca3000 f8ca4100 swenum swenum.sys Wed Aug 04 15:58:41 2004 (41107B11)
f8ca9000 f8caa280 USBD USBD.SYS Sat Aug 18 07:02:58 2001 (3B7D8682)
f8cab000 f8cad000 Fs_Rec Fs_Rec.SYS unavailable (FFFFFFFE)
f8cad000 f8cae080 Beep Beep.SYS Sat Aug 18 06:47:33 2001 (3B7D82E5)
f8caf000 f8cb0080 mnmdd mnmdd.SYS Sat Aug 18 06:57:28 2001 (3B7D8538)
f8cb1000 f8cb2080 RDPCDD RDPCDD.sys Sat Aug 18 06:46:56 2001 (3B7D82C0)
f8cb5000 f8cb6100 dump_WMILIB dump_WMILIB.SYS Sat Aug 18 07:07:23 2001 (3B7D878B)
f8cf1000 f8cf2780 SYMDNS SYMDNS.SYS Tue Jan 09 13:31:23 2007 (45A2FE7B)
f8d31000 f8d33000 ParVdm ParVdm.SYS unavailable (FFFFFFFE)
f8d35000 f8d36fa0 MASPINT MASPINT.SYS Wed Mar 29 19:11:19 2000 (38E1BAA7)
f8d3d000 f8d3dd00 pciide pciide.sys Sat Aug 18 06:51:49 2001 (3B7D83E5)
f8e26000 f8e26d00 dxgthk dxgthk.sys Sat Aug 18 06:53:12 2001 (3B7D8438)
f8e35000 f8e35b80 msmpu401 msmpu401.sys Sat Aug 18 06:59:59 2001 (3B7D85CF)
f8e36000 f8e36c00 audstub audstub.sys Sat Aug 18 06:59:40 2001 (3B7D85BC)
f8e4e000 f8e4f000 Null Null.SYS unavailable (FFFFFFFE)

Unloaded modules:
ef4b3000 ef4de000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f17b5000 f17e0000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8d84000 f8d85000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f19a0000 f19ad000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f19b0000 f19be000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f17e0000 f1803000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8d0d000 f8d0f000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8ddf000 f8de0000 winio.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8825000 f882e000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8c09000 f8c0d000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8b35000 f8b3a000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f8c05000 f8c08000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

Thanks Pete C,

Hopefully bdesmond will have another look or someone else that might know what I can do. Thanks anyway.

 

Hi Sillsy

It is possible it is your Brother multi function device.

So before we are off on a tangent lets eliminate that as an issue.

The steps below look complex but they are not when done 1 step at a time.
Do them in the order presented!

At the end you will be requested to boot to safe mode so you should try to print this. If it is the printer then it may blue Screen on you. Have you noticed this issue before or after you have printed?

1. ======================================
ERUNT (Backup the Registry) Registry can be restored with or without System Restore
Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup when offered on install, check all boxes.

ERUNT http://www.larshederer.homepage.t-online.de/erunt/
Yes! Even if you use system restore and other backups Registry and Images.
Run now!

2. =======================================
Quick Check for Bad/Prevalent Malware. Download but do not run until directed below!

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, run it delete all it finds decline to reboot on each item found, until the program finishes then reboot. This program has no log so make a note of all found and post back.

4. =======================================
Cleaners. Download all but do not run until directed below!

D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html

D/L and install CCleaner: Clean temps and registry. Run both (temp and registry) repeatedly until no more found.

http://www.ccleaner.com/download/builds get SLIM

5. =======================================
Once all the above are downloaded Shutdown the computer.
While off unplug all possible external devices especially the Brother Printer.
Do not plug theses back in until directed.

6. =======================================
Boot to Safe Mode
a. Run Xclean

b. Run ATF-Cleaner, Select all for all browsers except passwords! Run repeatedly until no more found.

c. Run CCleaner Run Clean twice until no more found, the Registry repeat until no more found.

Reboot to normal report results back then use for a while to see if you can make it blue screen.

This is enough for this post. I have 2nd post ready after you report back.

Mike

 

Can the OP zip and post the contents of c:\windows\minidumps? There is an attachments button.

 

I see. I'll ask the OP to send them to me offline then.

 

Hi Mike,

Its taken me a while but I've done what you have suggested. The only thing that came up on the Xclean was WinAntiVirus.

I have also changed my cmos battery.

You mentioned it could be my brother mfc, well this died on me a while ago (and well before I started having trouble) I have since uninstalled it anyway.

Would love more help. The computer is still randomly shutting down but not as often. It has done it tonight though.

Thanks

 

Oh! Is that all??? Just a little ole WinAntiVirus huh!

So thats it eh!

Geeze!

Get the below install and update

http://www.malwarebytes.org/mbam.php

Do Full scan and post the log.

If it found much then reboot to Safe Mode and run it again then paste this new log for this run when back to normal mode!​

Then go here read understand and post HJT log!

http://www.windowsbbs.com/malware-virus-removal/announcements.html

Try to get back this year!
Mike

 

Hi Mike,

Here is the log from the Malwarebytes...

alwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

9:38:10 AM 20/08/2008
mbam-log-08-20-2008 (09-38-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 115349
Time elapsed: 40 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Told me it didn't find anything.

I'll get back to you with the HJT log soon...

Thanks

Sue

 

Well that was much faster than I expected. Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:30 AM, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\program files\Telstra\Signup\tbpt.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.impressionablekids.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX9300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFP.EXE /FU "C:\DOCUME~1\Owner\LOCALS~1\Temp\E_S14.tmp" /EF "HKCU "
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36E68565-96FB-4DBE-AF27-3B5E107D75AD}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10397 bytes

 

Hi Sue

Great job! You do good work!

OK The HJT log looks clean combined with the clean MalwareBytes AntiMalware is does look as tho your computer is clean.

But you did say the issue is reduced and is not as bad, yes?

This indicates it may be a system type issue so do the below and lets hope it improves more or fixes it completely.

You did do the CCleaner and ATF-Cleaner?

1.Clean and update Java
Cleanup old Java and update to newest version this program will do it all for you.

Download JavaRa http://prm753.bchea.org/JavaRa.html

Unzip it, run it, cleanup old versions then use the update, chose Jucheck first and if you do not have Jucheck then chose Update using Sun. Then click Additional tasks and check "remove Useless JRE files.

2.Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles

Have XP CD available in case DAF needs a file.

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here do the below

Reset WMI/WBEM (Note do not confuse with the Reinstall WMI/Wbem)

Watch for any File not found or other errors and make note as this may lead to the fix!

After doing all the above run until you can give a report that it has or has not improved. If improved how much, a little, quite a bit etc>

All these cleanup an corrections are not wasted even if we have to go back to the dumps, we will have a cleaner environment to work with.

Mike

 

When I clicked on the hammerhead I found the reset WMI/WBEM, started that but it instantly gave me the message 'Access violation at address 77C0155D in module 'version.dll' Read of address 00000004'

On the first Dial-a-fix screen it says down the bottom it is registering wbem\cimwin32.dll but it has been doing it for over 1/2 hour, is this right? Or is it doing nothing?

Sue

 

Hi Sue

No not normal to do this. Means we we are hitting on the problem.

If this is the same computer that your husband has the USB isssue then all of this is tied togather.

Do this, abort the DAF and reboot.

Then run DAF again but go directly to the Hammerhead (page 2).

First put in Windows CD.

Next run
SFC purge

then

SFC scan (Could take 20 or more minutes)

When above finishes reboot.

Back to DAF Hammerhead
run

Repair permissions (Could take 10 or more minutes)

When complete close then restart DAF and do all on the first page again.

Mike

 

Hi Mike,

Thanks for your quick responses. I am about to head out to work and won't get to this until tonight. I'll let you know how I go.

Thanks

Sue