|03 Jun 2012||#1|
HJT shows many "file missing" entries
Hi. Just got a new Windows 7-64 machine from Cyberpower, so there is no junk or shovelware installed.
In addition to the 240 GB SSD system drive, there are two 2 TB data drives configured as RAID 1.
Since I got the machine, it's been locking up, hanging, crashing, and video disappears. My log file has hundreds of Errors, faults and critical errors. Disappearing video and errors related to the video driver are causing their tech support to want to change graphics cards but with all this whackiness, I don't think that's the problem.
I tried running HijackThis to see if anything might be happening in there and I think some critical Windows files are missing, like lsass.exe and alg.exe. Here is a list.
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
Can anyone explain how all these files are missing? I didn't make any changes. Can this be the cause of my problems? Is there a way to make these files "unmissing"?
Thanks in advance
Adding the zip information requested for those posting with BSOD problems - see attached
Freshly installed OS from builder/seller
|My System Specs|
|04 Jun 2012||#2|
I have no clue at all about HJT - and suggest that you post over in the Security forums for advice about it.
Have you scanned for malware? If not, here's some free scans you can try: Free Online AntiMalware Resources
Only 1 memory dump (from 31 May) in the uploaded files - running it
You have issues with SBRE - it's either SunBelt software or AdAware antimalware stuff. Uninstall the program and then check perfmon /report (after a reboot) to ensure that the problem is gone
High Def Audio is disabled. Is this deliberate? If so, why?
We've seen a number of BSOD issues with SSD's. Here's the information that I've compiled so far:
There's not a whole bunch available to test SSD's. The "easiest" test is to remove the SSD, install a platter-based hard drive, install Windows and test for stability that way.
Here's some suggestions:
- Update the SSD's firmware to the latest available version (VERY IMPORTANT!!!)
- Update the motherboard controllers drivers to the latest available version from the controller manufacturer (NOT the mobo manufacturer unless you can't find any on the controller manufacturer's website)
- Slow the memory (RAM) down to the next slower speed (I've only seen one person who claimed that this worked for them).
- Use any manufacturer's utilities that you may have. If you don't have any, then try this free one (I haven't used it myself): Crystal Dew World
- Update chipset and storage controller drivers to the latest available from the manufacturer of the device (not the manufacturer of the motherboard). Be sure to update ALL controllers on the motherboard!
....NOTE: Recently (Nov 2011) we had BSOD issues with the Marvell 91xx controller and an SSD. You may have to switch controllers also.-
Replace the SSD with a platter based hard drive and see if that stops the BSOD's. If it does, then it's likely that there's a problem with the SSD OR an incompatibility with your system.
It's my opinion that SSD's aren't reliable enough (with current hardware) to be used on a system that needs to work reliably. Until I see reliability I will not recommend, nor will I use, SSD's for critical applications.
06 Dec 2011 - This post tends to confirm issues with certain SSD chipsets and certain controllers - [SOLVED] cant find the cause of BSOD F4 - Tech Support Forum
29 May 2012 - The frequency of BSOD's with SSD's seems to have been decreasing over the last several months. It may be approaching time to re-evaluate my stand on their suitability for use in production systems.
Here's the suggested troubleshooting steps for this error: STOP 0x116: VIDEO_TDR_ERROR troubleshooting
The rest of your system looks to be in good shape - nice work! IMO it's either the video stuff or the SSD. Firmware is a huge issues with the Corsair drives - as are mobo controller drivers. Heed the note on Marvell controllers as their drivers are showing in the memory dump (but this doesn't mean that they are involved).
The following info is just FYI, I've already addressed the issues that I saw in the above paragraphs
- Further info on BSOD error messages available at: http://www.carrona.org/bsodindx.html
- Info on how to troubleshoot BSOD's (DRAFT): http://www.carrona.org/userbsod.html
- How I do it: http://www.carrona.org/howidoit.html
3RD PARTY DRIVERS PRESENT IN THE DUMP FILES
mv91cons.sys Mon Sep 19 07:36:08 2011 (4E772928) pxscan.sys Thu Nov 25 11:05:14 2010 (4CEE893A) iaStorA.sys Wed Oct 12 16:29:51 2011 (4E95F8BF) asahci64.sys Wed Sep 21 05:42:57 2011 (4E79B1A1) mvs91xx.sys Mon Sep 19 07:31:51 2011 (4E772827) mvxxmm.sys Mon Sep 19 07:31:37 2011 (4E772819) amdxata.sys Fri Mar 19 12:18:18 2010 (4BA3A3CA) iaStorF.sys Wed Oct 12 16:28:40 2011 (4E95F878) pxrts.sys Thu Nov 25 11:05:16 2010 (4CEE893C) asmtxhci.sys Wed Nov 02 23:00:22 2011 (4EB203C6) HECIx64.sys Mon Aug 15 13:29:24 2011 (4E495774) e1c62x64.sys Wed Jul 20 12:37:53 2011 (4E270461) RTKVHD64.sys Tue Sep 27 08:24:27 2011 (4E81C07B) asmthub3.sys Wed Nov 02 23:00:32 2011 (4EB203D0) pxkbf.sys Thu Nov 25 11:05:12 2010 (4CEE8938) mbam.sys Tue Mar 20 12:04:48 2012 (4F68AAA0) nvlddmkm.sys Tue May 15 03:35:36 2012 (4FB20748)
BSOD BUGCHECK SUMMARY
Loading Dump File [C:\Users\FUBAR\_jcgriff2_\dbug\__Kernel__\053112-15350-01.dmp] Built by: 7601.17803.amd64fre.win7sp1_gdr.120330-1504 Debug session time: Thu May 31 21:03:43.665 2012 (UTC - 4:00) System Uptime: 0 days 3:36:10.509 *** WARNING: Unable to verify timestamp for nvlddmkm.sys *** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys *** WARNING: Unable to verify timestamp for win32k.sys *** ERROR: Module load completed but symbols could not be loaded for win32k.sys Probably caused by : nvlddmkm.sys ( nvlddmkm+19e4d4 ) DEFAULT_BUCKET_ID: GRAPHICS_DRIVER_TDR_FAULT BUGCHECK_STR: 0x116 PROCESS_NAME: System FAILURE_BUCKET_ID: X64_0x116_IMAGE_nvlddmkm.sys Bugcheck code 00000116 Arguments fffffa80`238b53a0 fffff880`123da4d4 ffffffff`c00000b5 00000000`0000000a BiosVersion = 0906 BiosReleaseDate = 12/22/2011 CPUID: "Intel(R) Core(TM) i7-3930K CPU @ 3.20GHz" MaxSpeed: 3200 CurrentSpeed: 3201 ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
|My System Specs|
|04 Jun 2012||#3|
USASMA, thanks for your response. I can provide a bit more information to your post.
1) As I said, it's a new machine. The first day I got it, I was doing some very basic things like looking in folders, etc. Then the screen went blank for a couple of seconds then came back. In the System Tray, there was an error message that said:
Display Driver Stopped Responding And Has Recovered. Display driver Nvidia Windows kernal mode driver xxx.xx stopped responding and has recovered. The xxx.xx is the graphics driver version.
I installed the latest drivers over the previous version and the problem continued, but the more recent driver version was now displayed in the error message. Then I did an uninstall/reinstall of the newest driver. No help. Then I tried a version that was about 8 months old which several people have said fixed this problem for them. No help.
This video problem has been happening a couple of times a day. Sometimes it recovers and continues working as mentioned above, but other times I'm guessing it has not recovered, video stays blank and a hard boot is necessary. This is not a true Blue/BlackSOD, as video is completely gone, with no message and no mouse pointer visible.
It can happen right after turning the PC on, while doing basic computing (email, web browsing), and quite often in the morning after being idle all night, the screen will be blank when I go to use it.
The symptom looks like it's sleeping, where you'd expect moving the mouse will wake it up, but nothing happens. The LED on my monitor will change from yellow to green for a second, then go back to yellow again and display "NO VIDEO". So, the monitor reacted to something. Power settings for the PC is set to NEVER TURN OFF. Video card power option is set to MAX PERFORMANCE.
2) Adaware - I gave it a try looking for malware, but it seems doubtful as it's a new machine. I installed Adaware and used it just once, and I believe it was on the day of my initial post. I uninstalled it after one use, so there might be some remnants of it in my logs. My problem has been happening long before Adaware was installed.
3) Hi Def Audio - Since I'm dealing with what could well be a video card/driver issue, and since I'm not using the Nvidia HD audio, and since other people claim this could be a problem, I disabled it.
4) I scanned the link you posted about my error. I can tell you all the fans are running, there is no dust build-up, and GPU-Z program doesn't show any obvious problem (i.e., proper temperature, voltage, etc.)
I ran SFC.exe a few times until all errors were corrected.
5) Thanks again for all the time and attention you gave me
|My System Specs|
|04 Jun 2012||#4|
You're going to have to remove the remnants of AdAware as they are interfering with the system.
Go to Device Manager, click on the View menu item and select "Show Hidden Devices"
Scroll down the list and locate the SBRE entry. Right click on it and select "Uninstall"
Since the error hasn't gone away with updating the drivers, and you've made the requisite checks inside the case - the next step is to try another video card.
|My System Specs|
|04 Jun 2012||#5|
Ah. I never knew how much I was missing when "Show Hidden Devices" was selected. Done and rebooted and is now clean.
I've already spoken to the builder about an RMA on the video card. I wanted to exhaust all the other solutions first. Some people with the same problem as me continued to have the same problems even after getting a new card. Anyway, that's the next logical step.
Thanks again for all your help.
|My System Specs|
|07 Jun 2012||#7|
New video card is on the way, although I *don't think* I've had any driver crashes since installing an old driver from last year. Certainly none in the past few days. I've made so many changes it's hard to keep track.
My only problem now is waking my machine up. I usually let it run all night and when I go to use it in the morning, it usually won't wake up. Sometimes it does, so that probably means it's not a setting since it should either always wake up, or never wake up based on whatever setting might be causing it.
I thought this problem was related to the video driver crashes. Maybe it is, but this is another common problem many people have. (I don't think I've had any of those obvious driver crashes, with log entry, when using this video driver.
I have sleep mode turned off, power saving turned off on all USB devices, and allowed the PC to be awakened by keyboard, mouse and LAN. Nothing in the logs indicate anything happened to cause it.
Anyway, that can be pursued in another post after the video card arrives.
|My System Specs|
|Similar help and support threads|
remove the "open" and "merge" entries from context menu?
safe to assume its impossible to remove the "open" and the "merge" entries from the context menu? I figure if i want to open or merge them i would simply double click. Clutter and redundency in this vein dont suit me :P
HDD shows in "Device Manager" but not in "DiskPart"or" Disk Management
Hi Guys, any ideas how to access my external hard drive device manager can see it but it does not appear in disc management. I use this HDD perfectly in my car HDD player. But when I try to connect it to my Laptop, it does not show up in disk management. Please check the attached screen...
|Hardware & Devices|
User account control shows "Publisher: Unknown" for File Operation
Hello. My computer recently (less than a day ago) started to display User Account Control prompts whenever I deleted or copied that weren't in the "Users" folder, such as the Program Files folder. I am using an Administrator account, and the User Account Control is set to notify when programs...
Can the "All Programs/Back" & "Search" entries be removed?
Using the Windows Classic theme, can the 'All Programs' & 'Search' (which is useless) be completely removed from the Start Menu? I'm talking about the entry All Programs bar and the Search entry, or can the useless MS Search be replaced with one of the many substitutes? I do not mean the Search...
WMP shows "unable to find a playable file".
Whenever I go to my music files and click a folder and hit play for mp3's it works fine but whenever I hit play for a folder with flac songs I get that error. However if I right click on a flac folder and select play with wmp it works fine. Any suggestions on how to fix this?
|Music, Pictures & Video|
Cant find "System Image" of 36 GB but its shows on "Manage Disc Space"
Dear Experts, I have created windows image on Drive F: but delete it after some time manually due to some space prob. But while backup shows about 40 GB only few GB space got free after deletion. When i try to again take the the backup using windows 7 backup & restore option, its still shows 35...
|Backup and Restore|
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
й Designer Media Ltd
All times are GMT -5. The time now is 03:09.