Crash Dumps, Freezing, Hanging I ran a log file

Tumaini · 02 May 2012

I am very green but can follow clear, not too advanced instructions
. Running Windows 7 Pro +SP1 64x, on Toshiba Satellite A305 with Avast and Malwarebytes. Using Mozilla Firefox 11.0 and ixquick & Startpage Search Engines.
Experiencing: Crash Dump, Freezing after windows open. Excessive start up time and just a lot of waiting for the system to open and operate. I was unable to access the web unless in SafeMode with Internet access. I was getting the message: No Audio Services. Task Manager was freezing as well, Internet Explorer was attempting to open while running Mozilla. Did a restore last week to the point when I reinstalled Windows 7 2-28-2012. Ran a Memory Diagnostic and there is no evidence of Memory difficulty. I would like to debug but can't seem to access the correct file and don't want to completely ruin my computer, or cause more that is already manifesting. I downloaded an update for my BIOS from Toshiba but I will make this a last effort as it sounds like it has extremely high consequences if you mess up. Thank you for any help you can offer. Here is the log file from "Hijack This" run pre Restore Point. I ran this after researching this site. It was recommended to not take action unless experienced. I'm not:

Logfile of Trend Micro HijackThis v2.0.4
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Tutu\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tutu\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-7OD36.exe" /REG /REGSVRMODE
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tutu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

zigzag3143 · 02 May 2012

We do need the DMP file as it contains the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.

If you are overclocking STOP

You may be able to get the DMP files without crashing by booting into safe mode (F8) with networking.

To enable us to assist you with your computer's BSOD symptoms, upload the contents of your "\Windows\Minidump" folder.

The procedure:

* Copy the contents of \Windows\Minidump to another (temporary) location somewhere on your machine.
* Zip up the copy.
* Attach the ZIP archive to your post using the "paperclip" (file attachments) button.
*If the files are too large please upload them to a file sharing service like "Rapidshare" and put a link to them in your reply.

To ensure minidumps are enabled:

* Go to Start, in the Search Box type: sysdm.cpl, press Enter.
* Under the Advanced tab, click on the Startup and Recovery Settings... button.
* Ensure that Automatically restart is unchecked.
* Under the Write Debugging Information header select Small memory dump (256 kB) in the dropdown box (the 256kb varies).
* Ensure that the Small Dump Directory is listed as %systemroot%\Minidump.
* OK your way out.
* Reboot if changes have been made.

Tumaini · 03 May 2012

Thank you zigzag3143, I am grateful for your help.
1)When I last entered Safe mode with Networking I was severely restricted with what I could do. That is why I did the restore to enable me to do the Memory Diagnostic etc. Should I try to get to these files in regular mode first?2) I know of overclocking but don't know how to do it. I will do the copy of the file and report back on the success of that before go further. I had school work so I couldn't do anything before now.Again, Thank you very much!

Tumaini · 03 May 2012

Zigzag 3143, I completed the first 6 steps of your instructions. What is meant by ,"Reboot if changes have been made."? I unchecked Autorestart when I clicked on the Startup & Recovery Settings Button. Is this the type of change to which you are referring? Also, I do not see the contents of the \Windows\Minidump file I am to copy. Where is it stored? I am very very green and I ask your patience. Please excuse.

zigzag3143 · 03 May 2012

Tumaini said:

Zigzag 3143, I completed the first 6 steps of your instructions. What is meant by ,"Reboot if changes have been made."? I unchecked Autorestart when I clicked on the Startup & Recovery Settings Button. Is this the type of change to which you are referring? Also, I do not see the contents of the \Windows\Minidump file I am to copy. Where is it stored? I am very very green and I ask your patience. Please excuse.

Um, the DMP's are stored in C:\windows\minidump. If it is not there yu can search for *.DMP

No worries, we were all new to this at one point.

Tumaini · 03 May 2012

Zigzag 3143, I found the file in the C:\ folder and zipped it. I attached it to this note. Thank you.

zigzag3143 · 03 May 2012

Tumaini said:

Zigzag 3143, I found the file in the C:\ folder and zipped it. I attached it to this note. Thank you.

The most recent crash is corrupt and UN-useable The second most recent you have Avast and AVG running. Never a good idea. I would un-install both and use MSE at least to test.

I note you have AVG.
AVG can be a contributing cause of BSOD'S .
Please remove and replace with Microsoft Security Essentials AT LEAST TO TEST

Download tools and utilities | AVG Worldwide

Microsoft Security Essentials - Free Antivirus for Windows

http://files.avast.com/files/eng/aswclear5.exe

Tumaini · 05 May 2012

Hi Zigzag 3143, I have a new crash dump today. I have tried to attached the file and it says: invalid file.050512-46020-01.dmp:
Perhaps it is also corrupt. Thank you

zigzag3143 · 05 May 2012

Tumaini said:

Hi Zigzag 3143, I have a new crash dump today. I have tried to attached the file and it says: invalid file.050512-46020-01.dmp:
Perhaps it is also corrupt. Thank you

You need to "zip" it to upload it.

Tumaini · 05 May 2012

Zigzag 3143, Here is the zipped folder. Since it was not a large file I didn't know.Thank you.