Solved Computer BSOD every time I run a security program

Thank you Pete.

Much credit goes to wbrumfiel too. Great co-operation and not panicking was key in successful resolution.

 

As a follow-up to this post, I'm going to attempt to explain what *I think* was happening.

The value was indeed a dword value. dword = hex(4)
The data that I said it appeared to contain wasn't really there at all, but whatever data was there, was causing a loop due to some sort of corruption.
The hive's data is assembled in memory when the system starts, and the binary data contains pointers that lead to the actual values stored in the keys. I suspect the data being returned for that value actually went to some obscure location and caused an enumeration loop through a large section of the registry when the key was accessed, filling the memory beyond it's capacity, and resulting in a BSOD. When attempting to dump the hive's data to text, the same thing would take place, and the data being dumped was the same as the data being returned to and overfilling memory, hence the 15+MB text file created before the system crashed. Had there been a way for the memory to remain stable, that text file would likely still be growing, endlessly looping through the same data over and over.

The cause? I don't know, but I do recommend running chkdsk /r and sfc /scannow in the event it's due to corruption in the file system or disk error.

 

Just an update (because noahdfear asked for it). I put the memory in that I figured was faulty and sure enough it BSOD every time. It gives a different error each time but it always errors. I'll get that sent back to where I bought it and hopefully we'll be good to go Also, big thanks to PeteC as well for helping me in the other thread.

 

Working on this. I ran sfc and it completed without error but didn't really give a log or anything. I tried to run the chkdsk /r but when the computer restarts and chkdsk starts it says cannot open volume for direct access. Also, if I try and restart right after the computer starts it comes up with a box wanting me to end the process Reg. Should this be happening? Should I start a new thread somewhere?

 

Open a command window and type the chkdsk /r command, do not force an unmount, then schedule it to run upon restart. Restart the computer and do an F8 startup, selecting safe mode. chkdsk should complete.

Let me know if you continue to get the reg error, and provide specific details of it. You can also copy the exact error message (which I'd like to see) by pressing Ctrl+C while the message box is the active window, then Ctrl+V to paste it into notepad.

 

The reg error is one of those program is not responding type of things where it loads the bar up and you can choose end now. If I let it get to the end of the bar it comes back with a message saying it could not be closed and gives me 2 options, End Now and cancel. It only happens if I restart the computer right after loading windows. If I let windows sit for a bit it will shut down normally.

 

I did what ou said and now it won't boot into safe mode. I restarted again and its running a chkdsk scan on the drive but I don't think its the chkdsk /r scan. Should I boot up into safe mode with command prompt and run chkdsk /r from there?

 

Let the chkdsk finish as is. Once it's done, restart normally to make sure chkdsk doesn't run again, then restart and verify you can still boot into safe mode.

The not responding error is at shutdown, correct? Makes sense too if only when trying to shutdown/restart right after loading Windows. Something is still in the loading process ..... a bit harder to stop a loading process than an idle one. It might be Kaspersky. Check to see if you have 'Scan at program start' enabled. If so, it means that startup objects are being scanned upon logon .... a process that could take up to a couple of minutes I suppose, depending on the environment.

 

System reboots normally without running chkdsk and reboots into safe mode if not trying to run chkdsk. I think you're right on the reg process. If I wait until Kaspersky loads into the system tray I don't get that window.

 

Good to hear.

FYI, check the event viewer - any actions taken by sfc will be reported there.

Everything appear to be working normally again/still?

 

the following things show errors or warnings in the event manager on the system side.
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
kl1
klbg
KLIF
SrvcEKIOMngr
SrvcEPECioctl
SrvcEPIOMngr
SrvcSSIOMngr
SrvcTPIOMngr

For more information, see Help and Support Center at

and this

DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments " " in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and finally this

\Device\ACPIEC: The embedded controller (EC) hardware returned data when none was requested. This may indicate that the BIOS is incorectly trying to access the EC without syncronizing with the OS. The data is being ignored.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

Note the time on the following error, then restart and see if you get a new one.


The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
kl1
klbg
KLIF
SrvcEKIOMngr
SrvcEPECioctl
SrvcEPIOMngr
SrvcSSIOMngr
SrvcTPIOMngr


Is the machine equipped with an AMD or Intel processor?

 

Its an intel celeron processor. The error happened last night at 9:57 but when restarted it did not happen again.

 

My mom needs the laptop back for a bit so since I think its OK for now I'm gonna bring it back to her. If it acts up again or there is something that you really want me to run I can get it back like next weekend and run it.
Thanks

 

I'd not be surprised if those errors were a result of booting into safe mode. Provided the laptop seemed to be working normally, I'd say it's good to go. Maybe check on it this weekend just to be sure. When you do, see if the following error has reoccured anymore.

\Device\ACPIEC: The embedded controller (EC) hardware returned data when none was requested