blue screens, idk if its hardware

Mark1956 · 04-Apr-2012, 09:28 AM **#61**

That one has a different code 7F. These are the listed possible causes and as you can see Memory is the most likely.

Memory corruption, Hardware (memory in particular), Overclocking failure, Installing a faulty or mismatched hardware (especially memory) or a failure after installing it, 3rd party firewall, Device drivers, SCSI/network/BIOS updates needed, Improperly seated cards, Incompatible storage devices, Overclocking, Virus scanner, Backup tool, Bad motherboard, Missing Service Pack

Mark1956 · 04-Apr-2012, 09:32 AM **#62**

This may be a good time to have a closer look at what is running on your system. Follow this and post both logs.

HJT Instructions
Please download the HJT installer from Here Click on the big Green Download button.
In XP a warning bar may appear at the top of the browser page, click on it and select "Download File". Select "Run" in any security warning pop ups.
For Vista and Windows 7 a bar will appear at the bottom of the screen, keep selecting "Run".
NOTE For Windows 7 and Vista you must turn off the User Account Control to allow HJT to run correctly.
For Vista, click on Start and type User Accounts in the search box and hit Enter, click on Turn User Account Control on or off, uncheck the box to turn off UAC. For Windows 7 click on Start and type UAC in the box and hit Enter, then move the slider all the way to the bottom and click on ok. This action is not required for Windows XP.
When the TrendMicro HJT install box appears, click on "Install", accept the licence agreement and allow it to continue, click on "Finish" when it appears.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis.
A shortcut to the application will also be placed on your Desktop.
Click on the shortcut on your desktop to run the program.
The folder HJT is where you will find the logs that you save. You will find this on the drive that Windows is installed on, usually C:.
The first time you open HijackThis, check the Main Menu button at the bottom center. When the main menu appears check the box "Show this window when I start HijackThis".
Click on "Do a system scan and save logfile." When the log pops up in Notepad, copy and paste that file back here as a New Message in this forum.

The use of HJT is purely for observation please do not try to fix anything with it or you may damage your system. If I see any suspicious files I will advise you to open a new thread in the Malware forum so an expert can help clean up your PC.

Please also use HJT to post the uninstall list as follows:

Please click on the HJT shortcut on your desktop to run the program.
Go to the Main Menu and click on Open the Misc Tools section.
Then select Open Uninstall Manager in the left pane under System Tools.
Click on Save List to the right of the window.
Save the file, open it with Notepad and then copy & paste it into your next post.

ihatewindows2 · 04-Apr-2012, 09:41 AM **#63**

well thats extremaly disappointing considering that i have already spent money replacing the ram.. looks like i may need to do it again.. great.

anything you can recommend?
thats 8GB preferably, because clearly i can't seem to pick the right ram

what are the chances that all 4 sticks are faulty yet according to memtest are perfectly healthy?

one thing i do not understand is that if the ram is faulty (or any peice of hardware), then shouldn't the restarts and blue screens be consistant rather than running perfectly for a few weeks, then having atleast 3 bsod/restarts a day in a row, then going back to being perfectly fine for a week or so, then going back to 3 errors a day etc etc
without any changes to the computer software or hardware wise.

this is all so confusing

ihatewindows2 · 04-Apr-2012, 09:52 AM **#64**

i started the reply before you entered your last one

edit: and the uninstall list.

Mark1956 · 11:15 AM

Quote:

this is all so confusing

I agree, but this does happen from time to time with PC's. Random faults are the most difficult to track down.

Although the most likely cause of the last BSOD is memory I would not go and buy any more RAM before isolating the cause. It is almost beyond the realms of possibility that all four sticks have failed. You have already replaced the sticks once without it curring the problems. Only after setting the RAM timings correctly was there any noticable improvement and as the BSOD's have started again we need to try and find what else may be causing the problem.

My instructions to post the logs ask you to copy and paste, I will now post the logs for easy reading and have a good look through them.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:50:00 PM, on 04/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3951123891-2274334514-690138619-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3951123891-2274334514-690138619-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7504 bytes

µTorrent
Adobe AIR
Adobe AIR
Adobe Reader 9.4.0
Apple Application Support
Bridge Commander MW
Bridge Commander MW
D3DX10
DAEMON Tools Lite
Dead Space™ 2
DivX Setup
EVE Online (remove only)
EveHQ
EVEMon
Fallout New Vegas
FLV Player
Fraps
Free WMA to MP3 Converter 1.16
GPGNet
HiJackThis
Junk Mail filter update
K-Lite Codec Pack 8.1.0 (Full)
L&H TTS3000 British English
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.60.1.1000
Mass Effect 2
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox 7.0.1 (x86 en-GB)
MSVCRT
MSVCRT_amd64
NETGEAR WG111v2 wireless USB 2.0 adapter
NVIDIA PhysX
OCCT 4.1.1
Pando Media Booster
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roller Coaster Tycoon 3 Platinum - CarlesNeo !
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SensorsView Pro 4.1
Sins of a Solar Empire Trinity
SpeedFan (remove only)
Star Trek Armada II
Star Trek Online
Supreme Commander - Forged Alliance
TeamSpeak 3 Client
UltimateDefrag V1 FREE Public Domain Version
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
uTorrentControl2 Toolbar
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VIA Platform Device Manager
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
X3 Albio Prelude Bonus Pack 5.1.0.0
X3 Albion Prelude
X3 Terran Conflict v1.0.1
X-Universe Plugin Manager 1.40
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security

Mark1956 · 11:14 AM

At the very first glance I see Zone Alarm, I have seen this cause problems in the past, as a process of illimination please uninstall it and switch on Windows Firewall.

Mark1956 · 11:34 AM

Something else I have noticed. If you have the full ZoneAlarm package (which I think you do) that includes realtime Anti Virus protection. You previously had Nod32 running alongside it which could have been causing conflicts. You should never have more than one Anti Virus on the system.

You appear to have removed MSE (or did you ever install it to replace NOD32?)

For the sake of the diagnosis and to keep your system protected, follow what I suggested to remove ZoneAlarm and use this tool ZoneAlarm removal tool Then put MSE on the system instead of reinstalling NOD32, you can always go back to it later.

I also see you have uTorrent installed. Using file sharing P2P networks is the easiest way to get your PC infected and I would strongly recommend against its use.

I am going to ask for assistance to remove some bad entries from the HJT log, there are a few orphan entries and you need to get rid of the uTorrent toolbar as it is dubious. This is probably not related in any way to the BSOD's but best to remove anything that could be causing a problem on your system.

flavallee · 04-Apr-2012, 12:13 PM **#68**

Download and install the free version of SUPERAntiSpyware 5.0.0.1146.

Make sure to update its definition files during the install process.

You've already got Malwarebytes Anti-Malware 1.60.1.1000 installed.

Start it and run its update feature so it can update its definition files.

After all of the above has been done, restart the computer.

Do the following in the order listed.

DON'T use the computer while each scan is in progress.

------------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - Perform quick scan - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that EVERYTHING is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

------------------------------------------------------------

Start SUPERAntiSpyware.

Select the "Quick Scan" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

------------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

------------------------------------------------------------

ihatewindows2 · 04-Apr-2012, 12:18 PM **#69**

Quote: