Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Hardware Hardware
Search Search
Search for:
Tech Support Guy > > >

Bluescreen - Bugcode USB driver


(!)

papa_hemingway89's Avatar
papa_hemingway89 papa_hemingway89 is offline
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2011
09-May-2011, 08:55 PM #1
Bluescreen - Bugcode USB driver
Hi,

I've encountered the dreaded bluescreen three times this week.

- It always occurs whenever I attempt to shut down.
- I attempted system restore.
- I've done my research with this bluescreen/bugcode usb driver and one of the things I tried was to go into device manager and uninstall universal serial bus controllers. I did this and the windows update would automatically reinstall them?
- I uninstalled SP2 and all the Microsoft Visual C... I now have 3.5 SP1 and KB2467175/KB2467174.
- I've used Ccleaner and Hijackthis to delete/repair whatever registry bugs there were.

Last but not least, here are the specs from the last crash...

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.256.6
Locale ID: 2057
Additional information about the problem:
BCCode: 9f
BCP1: 00000003
BCP2: 8D4F8030
BCP3: 8D4F8030
BCP4: 8558CB80
OS Version: 6_0_6002
Service Pack: 2_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\Mini051011-01.dmp
C:\Users\Kent Event Team\AppData\Local\Temp\WER-61448-0.sysdata.xml
C:\Users\Kent Event Team\AppData\Local\Temp\WER694D.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?link...3&clcid=0x0409


Any help would be appreciated,

Cheers,


Stuart
workatron's Avatar
workatron workatron is offline
Junior Member with 1 posts.
 
Join Date: May 2011
Experience: Beginner
10-May-2011, 03:33 AM #2
i have exactly the same thing!

Shut my computer down last night and then a blue screen which the error said

files that help describe this problem
C:\DOCUME~1\KIRSTE~1\LOCALS~1\Temp\WER211e.dir00\Mini051011-01.dmp
C:\DOCUME~1\KIRSTE~1\LOCALS~1\Temp\WER211e.dir00\sysdata.xml

I am using a dell computer with XP
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
10-May-2011, 03:49 AM #3
Workatron, your problem may not be the same and may require a different process to diagnose the problem so please start your own thread to avoid confusion. When you do, please attach the minidump for analysis.


This BSOD has the bugcheck error code of 9F which indicates a driver fault. You say you have removed SP2 but the minidump details show that you still have SP2. Don't use Ccleaner again as this can remove registry entries that are needed.
As you have also removed other components in the system I would first run an repair install by Booting from the Vista disc and then selecting Upgrade Install. This will reinstall Vista but leave all your data and software intact. You need to set the CD drive to 1st in the boot order by going into your Bios at start up.
Once you have the system reinstalled, if the problem persists with the same error code then run Driver Verifier to pinpoint the faulty driver. You should also attach the minidumps to your next post for analysis.


Quote:
For windows XP - Click on Start and then Run. Type verifier into the box and hit the Enter key.
For Vista and Windows 7 - Click on Start and type verifier into the search box then click on verifier in the list that pops up.
Driver Verifier Manager will open.
Select the first choice "Create Standard Settings" and click on the "Next" button.
Now select "Automatically select all drivers installed on this computer" and click on the "Finish" button.
A box will appear asking you to restart the PC for the changes to take effect. Click on "OK" and reboot the PC.
To stop Auto reboot so you can read the error message do this for Windows XP:
Click the Start button, right-click My Computer, click Properties, click the Advanced tab, and then click Settings under Startup and Recovery.
Under System Failure, uncheck the "Automatically restart" check box.
And do this in Windows 7 and Vista:
Click Start, select 'Control Panel' select 'System' in the left pane select 'Advanced System Settings' in the box select the 'Advanced' tab then under 'Startup and Recovery' select 'Settings.' In the box under 'System Failure' uncheck 'Automatically Restart'.
If the PC reboots normally then there is no problem with any of the drivers. If you get a blue screen straight away it will name the faulty driver. If you are absolutely certain that the named driver is OK then make a note of it.
You will then have to go back into the Verifier and instead of selecting all drivers select "Select drivers from a list". Click on "Next" and the list of drivers will appear. Select them all apart from the one you know to be OK. Click on "Finish" and reboot.
Once you have identified the faulty driver or confirmed that there are none go back to the first page of the Driver Verifier Manager and select "Delete Existing Settings" and click on "Finish"

Last edited by Mark1956; 10-May-2011 at 03:59 AM..
papa_hemingway89's Avatar
papa_hemingway89 papa_hemingway89 is offline
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2011
10-May-2011, 08:35 AM #4
Hey I tried what you suggested, and have got a few bluescreens... They're different but pinpoint it has something to do with - shpf.sys

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.256.6
Locale ID: 2057
Additional information about the problem:
BCCode: d6
BCP1: 96355018
BCP2: 00000001
BCP3: 84760EB8
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\Mini051011-01.dmp
C:\Users\Kent Event Team\AppData\Local\Temp\WER-100979-0.sysdata.xml
C:\Users\Kent Event Team\AppData\Local\Temp\WER118.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?link...3&clcid=0x0409
SECOND BLUE SCREEN
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.256.6
Locale ID: 2057
Additional information about the problem:
BCCode: d6
BCP1: BBA87018
BCP2: 00000001
BCP3: 84757EB8
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\Mini051011-02.dmp
C:\Users\Kent Event Team\AppData\Local\Temp\WER-65957-0.sysdata.xml
C:\Users\Kent Event Team\AppData\Local\Temp\WERD892.tmp.version.txt
Read our privacy statement:
http://go.microsoft.com/fwlink/?link...3&clcid=0x0409
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
10-May-2011, 10:11 AM #5
These BSOD's are not being detected by the Driver Verifier as that would give a code of C4. Just to eliminate Malware download the free scanner from below, install it, let it update and then run a full system scan. Check the report at the end to make sure it has removed anything it found.

http://www.malwarebytes.org/mbam.php


This is the best information I can find about that driver.

http://esupport.sony.com/US/perl/swu...=2884&os_id=29

Follow the instructions to download and reinstall it.

Is your PC a Vaio? Please state the make and model.

Did you complete the Upgrade install??

Have a good look in the Device Manager and see if you have any yellow warnings. If so go to the PC's manufacturers site and download and install the missing drivers. Obviously if you have a drivers disk for the PC use that.

The USB controllers, Microsoft Visual C and SP2 are all required for correct system operation and are not related to your problem.

If the system does not improve after following the above suggestions and any missing drivers are replaced I would suggest a full reinstallation of the OS, including all the chip set and device drivers that your system requires.

The last thing you could try is to post your minidump files. By that I don't mean posting the debug log I need to have the .dmp file so I can run it through a debugger and then I may be able to see what is going wrong. Switch off the Driver Verifier as per the instructions. Shut down the PC and see if it has a BSOD, repeat until it has one and then reboot and post the minidumps, you will find the files in C:\Windows\Minidump. Please zip up the last five .dmp files into one folder and follow this guide to attach them to your next post. In your case the file will be found wherever you choose to save the zip file.

Quote:
Below the reply box click on Go Advanced. Then scroll down until you see a button Manage Attachments. Click on that and a popup-window opens.
Click on the Browse button, find the minidump files you wish to attach on your PC and doubleclick on it. Normally found in C:\Windows\minidump
Now click on the Upload button in the popup. When done, click on the Close this window button.
Enter your message-text, then click on Submit Message.

Last edited by Mark1956; 10-May-2011 at 10:17 AM..
papa_hemingway89's Avatar
papa_hemingway89 papa_hemingway89 is offline
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2011
10-May-2011, 12:09 PM #6
Hey,

I'm doing the malware scan as I type.

I attempted to install/reinstall.. but it comes up with "This update is not intended for use with this model."

It's a Sony, Vaio VGN-BX61MN

There are no yellow warnings and the mini-dump folder is empty? I'll keep you posted as I'm still waiting on the malware to finish.

Your help is very much appreciated,

Stuart
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
10-May-2011, 04:23 PM #7
As the mindump file is empty your system is not set to save memory dumps. Follow this guide to set it up correctly.

Quote:
Click on Start > Control Panel > System > Advanced System Settings (left pane) > Advanced tab > Settings button for Startup and Recovery. In the System Failure box make these settings.

Check > Write an event to the system log.
Check > Automatically restart.
Select > 'Small Memory Dump' in the Write debugging information box.
Small Dump Directory should read %SystemRoot%\Minidump.

Check at the bottom of the box that "Overwrite any existing file" is not checked. If it is you will have to go back to the "Write debugging indformation" box, change "Small memory dump" to "Complete memory dump" then you can uncheck the "Overwrite any existing file" box. Then go back and reset "complete memory dump" back to "Small memory dump". Heaven knows why microsoft designed it that way.

Hit OK, OK again and close the System box.
papa_hemingway89's Avatar
papa_hemingway89 papa_hemingway89 is offline
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2011
11-May-2011, 12:06 PM #8
Hey, I've done everything above, and have had half a dozen bluescreens.

One of which was Bad_pool_caller

Hope these minidumps will be any help?

Thanks,
Attached Files
File Type: zip Mini051111-01.zip (27.0 KB, 54 views)
File Type: zip Mini051111-02.zip (21.8 KB, 24 views)
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
11-May-2011, 04:56 PM #9
What was the result of the Malwarebytes scan.

You only sent in two minidumps, where is the one with the bad pool caller?

And please zip up another 5 or 6 files all into the same zip file not individually. Both the minidumps you sent have the same error as the two in your first post and point to the shpf.sys driver.

You haven't answered an earlier question of mine. Did you complete the Repair/Upgrade install, this needs to be done to replace all the files you removed.

Can you confirm the Vaio model number I can't find it on the Sony site. And where was the country of purchase.

There is a windows file in the minidumps shown with the date of March 3rd this year, can you recall installing anything at that time. Run a search on your hard drive for win32k.sys and tell me its location/s. Do not delete it.
papa_hemingway89's Avatar
papa_hemingway89 papa_hemingway89 is offline
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2011
12-May-2011, 07:11 AM #10
Hey, this is abit unrelated but 10 minutes ago I got a call from from 247 PC Care scam where they get remote access to your comp, and put a virus on your comp and make you pay for it...

He got me to check eventviewer and (as you know) I've had a few errors and warnings over the past few days, so I thought this person was calling to help?
I typed in the address of their website (like the guy said) but it came up with domain closed down, so he got me to type another address into tinyurl, it then took me to Amazon.com with the book "The F Word"... It was after this I smelled a rat and hung up.

That was all I did really.

My question is after clicking on the website does he now have remote access to my computer (bank accounts..etc), do I immediately have lots of viruses??

I'm going to do a Malwarebytes and some other anti-virus things just in case.. Do you think I'm safe?

Stuart
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
12-May-2011, 08:40 AM #11
I know nothing about the 247 PC care scam but it certainly sounds like you did the right thing and hung up. Make sure your firewall is enabled. You could also download Spybot, install, update and run it, it should find any new spyware that has got into the system. http://www.safer-networking.org/en/spybotsd/index.html

When you re-run Malwarebytes please copy and paste the report it produces at the end of the scan into your next post so I can see it.

Pleae also go back to my last post and answer the questions, then we can progress.
papa_hemingway89's Avatar
papa_hemingway89 papa_hemingway89 is offline
Junior Member with 6 posts.
THREAD STARTER
 
Join Date: May 2011
12-May-2011, 09:22 AM #12
Though I immediately did a malware scan, and deleted every bit of internet history, cookie..etc

I'm afraid they might have my IP address? I went on this website..
http://www.pccare247.com/

I read some stuff about how by visiting this site, they can see visitor info, address, and things like IP which identifies location/personal details. Do you think they can get hold of important details like bank by me just going on their site??

Here's a little about them: http://conbusters.co.uk/2011/04/08/247-pc-care-scam/
Do you think I'll be alright here?

I did do a full scan that took a couple of hours. But I closed it down before reading your last message, here's a quick scan..

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6547
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
12/05/2011 15:03:43
mbam-log-2011-05-12 (15-03-42).txt
Scan type: Quick scan
Objects scanned: 142734
Time elapsed: 7 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I'll do the spyware immediately..

ANYWAYS BACK TO THE FIRST PROBLEM.

I did the verifier stuff yesterday and would constantly get a bluescreen whenever I tried to start computer normally.. so I had to do a system restore a half dozen times. After doing the last system restore I didnt have anything in the minidump folder anymore?
I could only do the system restore in safe mode and wouldnt have access to internet so I couldn't read up on what to do next. I got bad_pool_caller only once.
I could redo all the verifier instructions and copy/paste onto a word document that I can do in safe mode perhaps?

I havent done a repair/upgrade install as it's a work computer, I've told my boss about it, and she wants to call in an IT technician. But I really do see that as the very last resort.
It's a work computer but I do own a Reinstallation DVD Windows Vista Home Premium 32BIT dvd? Would that work?

Sorry, I was probably giving you the wrong numbers... Its a Sony Personal Computer Model: PCG - 9Y2M

Hey I found the win32k.sys - it was created 3/3/2011. It is in the folder System32 (C:\Windows)
Mark1956's Avatar
Malware Removal Specialist with 14,109 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
12-May-2011, 01:58 PM #13
The malwarebytes log is clean but you should run a full scan as I instructed, it needs to check the entire hard drive. The win32K.sys file is in the correct place. Please also run Spybot.

I know little about security hacking on PC's but the first thing I would do is tell your bank or any other financial institution that you have any dealings with over the internet with your PC.

I would also apply to your internet service provider to change your IP address.

You can run a Repair Install with that disc you have but only if it matches the version of Vista that is on the PC and it includes the same or higher service pack.

Last edited by Mark1956; 12-May-2011 at 02:21 PM..
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
bluescreen

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2