[papa_hemingway89]

Hi,

I've encountered the dreaded bluescreen three times this week.

- It always occurs whenever I attempt to shut down.
- I attempted system restore.
- I've done my research with this bluescreen/bugcode usb driver and one of the things I tried was to go into device manager and uninstall universal serial bus controllers. I did this and the windows update would automatically reinstall them?
- I uninstalled SP2 and all the Microsoft Visual C... I now have 3.5 SP1 and KB2467175/KB2467174.
- I've used Ccleaner and Hijackthis to delete/repair whatever registry bugs there were.

Last but not least, here are the specs from the last crash...

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.256.6
Locale ID: 2057
Additional information about the problem:
BCCode: 9f
BCP1: 00000003
BCP2: 8D4F8030
BCP3: 8D4F8030
BCP4: 8558CB80
OS Version: 6_0_6002
Service Pack: 2_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\Mini051011-01.dmp
C:\Users\Kent Event Team\AppData\Local\Temp\WER-61448-0.sysdata.xml
C:\Users\Kent Event Team\AppData\Local\Temp\WER694D.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?link...3&clcid=0x0409


Any help would be appreciated,

Cheers,


Stuart

[workatron]

i have exactly the same thing!

Shut my computer down last night and then a blue screen which the error said

files that help describe this problem
C:\DOCUME~1\KIRSTE~1\LOCALS~1\Temp\WER211e.dir00\Mini051011-01.dmp
C:\DOCUME~1\KIRSTE~1\LOCALS~1\Temp\WER211e.dir00\sysdata.xml

I am using a dell computer with XP

[Mark1956]

Workatron, your problem may not be the same and may require a different process to diagnose the problem so please start your own thread to avoid confusion. When you do, please attach the minidump for analysis.


This BSOD has the bugcheck error code of 9F which indicates a driver fault. You say you have removed SP2 but the minidump details show that you still have SP2. Don't use Ccleaner again as this can remove registry entries that are needed.
As you have also removed other components in the system I would first run an repair install by Booting from the Vista disc and then selecting Upgrade Install. This will reinstall Vista but leave all your data and software intact. You need to set the CD drive to 1st in the boot order by going into your Bios at start up.
Once you have the system reinstalled, if the problem persists with the same error code then run Driver Verifier to pinpoint the faulty driver. You should also attach the minidumps to your next post for analysis.

Quote:

For windows XP - Click on Start and then Run. Type verifier into the box and hit the Enter key.
For Vista and Windows 7 - Click on Start and type verifier into the search box then click on verifier in the list that pops up.
Driver Verifier Manager will open.
Select the first choice "Create Standard Settings" and click on the "Next" button.
Now select "Automatically select all drivers installed on this computer" and click on the "Finish" button.
A box will appear asking you to restart the PC for the changes to take effect. Click on "OK" and reboot the PC.
To stop Auto reboot so you can read the error message do this for Windows XP:
Click the Start button, right-click My Computer, click Properties, click the Advanced tab, and then click Settings under Startup and Recovery.
Under System Failure, uncheck the "Automatically restart" check box.
And do this in Windows 7 and Vista:
Click Start, select 'Control Panel' select 'System' in the left pane select 'Advanced System Settings' in the box select the 'Advanced' tab then under 'Startup and Recovery' select 'Settings.' In the box under 'System Failure' uncheck 'Automatically Restart'.
If the PC reboots normally then there is no problem with any of the drivers. If you get a blue screen straight away it will name the faulty driver. If you are absolutely certain that the named driver is OK then make a note of it.
You will then have to go back into the Verifier and instead of selecting all drivers select "Select drivers from a list". Click on "Next" and the list of drivers will appear. Select them all apart from the one you know to be OK. Click on "Finish" and reboot.
Once you have identified the faulty driver or confirmed that there are none go back to the first page of the Driver Verifier Manager and select "Delete Existing Settings" and click on "Finish"

[papa_hemingway89]

Hey I tried what you suggested, and have got a few bluescreens... They're different but pinpoint it has something to do with - shpf.sys

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.256.6
Locale ID: 2057
Additional information about the problem:
BCCode: d6
BCP1: 96355018
BCP2: 00000001
BCP3: 84760EB8
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\Mini051011-01.dmp
C:\Users\Kent Event Team\AppData\Local\Temp\WER-100979-0.sysdata.xml
C:\Users\Kent Event Team\AppData\Local\Temp\WER118.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?link...3&clcid=0x0409
SECOND BLUE SCREEN
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.256.6
Locale ID: 2057
Additional information about the problem:
BCCode: d6
BCP1: BBA87018
BCP2: 00000001
BCP3: 84757EB8
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\Mini051011-02.dmp
C:\Users\Kent Event Team\AppData\Local\Temp\WER-65957-0.sysdata.xml
C:\Users\Kent Event Team\AppData\Local\Temp\WERD892.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?link...3&clcid=0x0409

[Mark1956]

These BSOD's are not being detected by the Driver Verifier as that would give a code of C4. Just to eliminate Malware download the free scanner from below, install it, let it update and then run a full system scan. Check the report at the end to make sure it has removed anything it found.

http://www.malwarebytes.org/mbam.php


This is the best information I can find about that driver.

http://esupport.sony.com/US/perl/swu...=2884&os_id=29

Follow the instructions to download and reinstall it.

Is your PC a Vaio? Please state the make and model.

Did you complete the Upgrade install??

Have a good look in the Device Manager and see if you have any yellow warnings. If so go to the PC's manufacturers site and download and install the missing drivers. Obviously if you have a drivers disk for the PC use that.

The USB controllers, Microsoft Visual C and SP2 are all required for correct system operation and are not related to your problem.

If the system does not improve after following the above suggestions and any missing drivers are replaced I would suggest a full reinstallation of the OS, including all the chip set and device drivers that your system requires.

The last thing you could try is to post your minidump files. By that I don't mean posting the debug log I need to have the .dmp file so I can run it through a debugger and then I may be able to see what is going wrong. Switch off the Driver Verifier as per the instructions. Shut down the PC and see if it has a BSOD, repeat until it has one and then reboot and post the minidumps, you will find the files in C:\Windows\Minidump. Please zip up the last five .dmp files into one folder and follow this guide to attach them to your next post. In your case the file will be found wherever you choose to save the zip file.

Quote:

Below the reply box click on Go Advanced. Then scroll down until you see a button Manage Attachments. Click on that and a popup-window opens.
Click on the Browse button, find the minidump files you wish to attach on your PC and doubleclick on it. Normally found in C:\Windows\minidump
Now click on the Upload button in the popup. When done, click on the Close this window button.
Enter your message-text, then click on Submit Message.

[papa_hemingway89]

Hey,

I'm doing the malware scan as I type.

I attempted to install/reinstall.. but it comes up with "This update is not intended for use with this model."

It's a Sony, Vaio VGN-BX61MN

There are no yellow warnings and the mini-dump folder is empty? I'll keep you posted as I'm still waiting on the malware to finish.

Your help is very much appreciated,

Stuart

[Mark1956]

As the mindump file is empty your system is not set to save memory dumps. Follow this guide to set it up correctly.

Quote:

Click on Start > Control Panel > System > Advanced System Settings (left pane) > Advanced tab > Settings button for Startup and Recovery. In the System Failure box make these settings.

Check > Write an event to the system log.
Check > Automatically restart.
Select > 'Small Memory Dump' in the Write debugging information box.
Small Dump Directory should read %SystemRoot%\Minidump.

Check at the bottom of the box that "Overwrite any existing file" is not checked. If it is you will have to go back to the "Write debugging indformation" box, change "Small memory dump" to "Complete memory dump" then you can uncheck the "Overwrite any existing file" box. Then go back and reset "complete memory dump" back to "Small memory dump". Heaven knows why microsoft designed it that way.

Hit OK, OK again and close the System box.

[papa_hemingway89]

Hey, I've done everything above, and have had half a dozen bluescreens.

One of which was Bad_pool_caller

Hope these minidumps will be any help?

Thanks,

[Mark1956]

What was the result of the Malwarebytes scan.

You only sent in two minidumps, where is the one with the bad pool caller?

And please zip up another 5 or 6 files all into the same zip file not individually. Both the minidumps you sent have the same error as the two in your first post and point to the shpf.sys driver.

You haven't answered an earlier question of mine. Did you complete the Repair/Upgrade install, this needs to be done to replace all the files you removed.

Can you confirm the Vaio model number I can't find it on the Sony site. And where was the country of purchase.

There is a windows file in the minidumps shown with the date of March 3rd this year, can you recall installing anything at that time. Run a search on your hard drive for win32k.sys and tell me its location/s. Do not delete it.

[papa_hemingway89]

Hey, this is abit unrelated but 10 minutes ago I got a call from from 247 PC Care scam where they get remote access to your comp, and put a virus on your comp and make you pay for it...

He got me to check eventviewer and (as you know) I've had a few errors and warnings over the past few days, so I thought this person was calling to help?
I typed in the address of their website (like the guy said) but it came up with domain closed down, so he got me to type another address into tinyurl, it then took me to Amazon.com with the book "The F Word"... It was after this I smelled a rat and hung up.

That was all I did really.

My question is after clicking on the website does he now have remote access to my computer (bank accounts..etc), do I immediately have lots of viruses??

I'm going to do a Malwarebytes and some other anti-virus things just in case.. Do you think I'm safe?

Stuart

[Mark1956]

I know nothing about the 247 PC care scam but it certainly sounds like you did the right thing and hung up. Make sure your firewall is enabled. You could also download Spybot, install, update and run it, it should find any new spyware that has got into the system. http://www.safer-networking.org/en/spybotsd/index.html

When you re-run Malwarebytes please copy and paste the report it produces at the end of the scan into your next post so I can see it.

Pleae also go back to my last post and answer the questions, then we can progress.

[papa_hemingway89]

Though I immediately did a malware scan, and deleted every bit of internet history, cookie..etc

I'm afraid they might have my IP address? I went on this website..
http://www.pccare247.com/

I read some stuff about how by visiting this site, they can see visitor info, address, and things like IP which identifies location/personal details. Do you think they can get hold of important details like bank by me just going on their site??

Here's a little about them: http://conbusters.co.uk/2011/04/08/247-pc-care-scam/
Do you think I'll be alright here?

I did do a full scan that took a couple of hours. But I closed it down before reading your last message, here's a quick scan..

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6547
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
12/05/2011 15:03:43
mbam-log-2011-05-12 (15-03-42).txt
Scan type: Quick scan
Objects scanned: 142734
Time elapsed: 7 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I'll do the spyware immediately..

ANYWAYS BACK TO THE FIRST PROBLEM.

I did the verifier stuff yesterday and would constantly get a bluescreen whenever I tried to start computer normally.. so I had to do a system restore a half dozen times. After doing the last system restore I didnt have anything in the minidump folder anymore?
I could only do the system restore in safe mode and wouldnt have access to internet so I couldn't read up on what to do next. I got bad_pool_caller only once.
I could redo all the verifier instructions and copy/paste onto a word document that I can do in safe mode perhaps?

I havent done a repair/upgrade install as it's a work computer, I've told my boss about it, and she wants to call in an IT technician. But I really do see that as the very last resort.
It's a work computer but I do own a Reinstallation DVD Windows Vista Home Premium 32BIT dvd? Would that work?

Sorry, I was probably giving you the wrong numbers... Its a Sony Personal Computer Model: PCG - 9Y2M

Hey I found the win32k.sys - it was created 3/3/2011. It is in the folder System32 (C:\Windows)

[Mark1956]

The malwarebytes log is clean but you should run a full scan as I instructed, it needs to check the entire hard drive. The win32K.sys file is in the correct place. Please also run Spybot.

I know little about security hacking on PC's but the first thing I would do is tell your bank or any other financial institution that you have any dealings with over the internet with your PC.

I would also apply to your internet service provider to change your IP address.

You can run a Repair Install with that disc you have but only if it matches the version of Vista that is on the PC and it includes the same or higher service pack.