BSOD at startup - XP

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Tiger Cat E1

Thread Starter
Joined
Aug 8, 2008
Messages
22
Had some problems with spyware, malware, etc. Have sorted all that out. All HJT logs and others @

http://forums.techguy.org/malware-removal-hijackthis-logs/738342-solved-help-many-problems-i.html

Have also been having problems at startup. Xp gets to the loading screen then a blue screen appears. Have had the problem a while but recently it can take up to 10 times until the computer gets into XP.

Safe mode starts 1st time though.

Pic of the blue screen:



Any help would be greatly appreciated.
 
Joined
Dec 9, 2000
Messages
45,855
I don't see a driver listed there, but maybe we can find one in a minidump analysis >>

I can run a debugging utility on the dump files if you do this:

1 > create a new folder on the desktop and call it "dumpcheck" or whatever you like
2 > navigate to c:\windows\minidump and copy the last few minidump files to that folder. *this assumes 'c' is your boot drive, if it is not, subsitute accordingly
3 > close the folder and right click on it and select Send to Compressed (zipped) Folder.
4 > use the "manage attachments" in the "advanced" reply window to upload that zip file here as an attachment.

This might point us to a non Windows driver causing the error, if one exists for it.

Since almost all bugchecks can be caused by faulty ram, I would recommend you perform memory tests.

Beginners Guides: Diagnosing Bad Memory


Memtest86 - A Stand-alone Memory Diagnostic


>>> Also, in the meantime, since you can start in Safe Mode, try doing some "clean boot" troubleshooting >>

CLEAN BOOT TROUBLESHOOTING technique

First, restart in Safe Mode if necessary -- (tap the f8 key promptly on startup and choose the Safe Mode option from the boot menu) or Normal mode

Then:

Run msconfig and select the "Services" tab. Check "Hide Microsoft Services" and then disable the rest. Also uncheck "load startup group" on the general page.

See one or both of these links for detailed information. The second is for Vista -- but it is actually the best written and applies equally.


http://support.microsoft.com/kb/929135 << written for Vista, but applies equally well to XP

Now restart and test the issue at hand

If no problems, run msconfig and recheck half the disabled items on the Services tab. Test again. If the problem recurs, UNcheck half the items you just checked to narrow down the culprit.

If the problem didn't occur, check the other half, so all the Services are enabled -- proceed to do this on the startup tab as well.

Get the idea? You want to isolate the problem to a specific startup if possible.

Note: if you already have items unchecked under msconfig > startups and are in &#8220;selective&#8221; startup mode &#8211; you should note what these are before beginning. They will need to be de-selected again.
 
Joined
Dec 9, 2000
Messages
45,855
BugCheck 10000050, {e1c3f9ed, 1, e1c37d57, 1}

Unable to load image scddUtil.DLL, Win32 error 2
*** WARNING: Unable to verify timestamp for scddUtil.DLL
*** ERROR: Module load completed but symbols could not be loaded for scddUtil.DLL

Could not read faulting driver name
Probably caused by : scddUtil.DLL ( scddUtil+33e55 )

We need to find out what this driver belongs to >> scddUtil.DLL

It appears to be the cause in all dumps except the very first -- and it is present there too, going back more than a month

There is virtually no "google" info on this, so it makes it very suspicious.

http://www.google.com/search?client=opera&rls=en&q=scddUtil.DLL&sourceid=opera&ie=utf-8&oe=utf-8

Do you know what you installed that might have included it?

Try doing a search of the Windows directory for it and if you find it, right click on it and select "Properties > Version" and see if there is any copyright info.

Continue with the clean boot troubleshooting method and see if it is associated with any non- Microsoft startup.

It appears to be present in IBMs Japanese database -- so apparently it's not malware.

A Webcam perhaps?

http://www.ibm.com/search/?en=utf&v=14&lang=en&cc=us&q=scddUtil.DLL&lv=w&x=13&y=7
 

Tiger Cat E1

Thread Starter
Joined
Aug 8, 2008
Messages
22
No clue what program:

Build Version: C289
File Version: 6.14.10.6553
Description: ATI Radeon WindowsNT Display Driver
Copyright (C) 1998-2004 ATI Technologies Inc.
Internal Name: ati2dvag.dll
Language: English (United States)
Original File Name: ati2dvag.dll
Product Name: ATI Radeon WindowsNT Display Driver
Product Version: 6.14.10.6553
 
Joined
Dec 9, 2000
Messages
45,855
Why are you posting that? That's your ATI display driver -- so far I don't see any reason why it should be involved.
 

Tiger Cat E1

Thread Starter
Joined
Aug 8, 2008
Messages
22
Try doing a search of the Windows directory for it and if you find it, right click on it and select "Properties > Version" and see if there is any copyright info.

That's the only thing that came up in my search, do you think maybe it needs to have the driver updated, would it do that from the Microsoft site?
 
Joined
Dec 9, 2000
Messages
45,855
That is what you came up with when you searched for this >> scddUtil.DLL ?

What directory was it in?

If it is then it must be a renamed ATI file.

Search for ati2dvag.dll

There should be an operative copy in the system32 directory.

Can you also run regedit and do a find for >>

scddUtil.DLL

(select "My Computer" in regedit, then Edit > Find); F3 continues a search.)

Where does it appear in the registry?
 

Tiger Cat E1

Thread Starter
Joined
Aug 8, 2008
Messages
22
Search for ati2dvag.Dll
C:\WINDOWS\System32
C:\WINDOWS\ServicePackFiles\i386
C:\WINDOWS\System32\dllcache

regedit search for scddUtil.DLL:

My Computer\HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

My Computer\HKEY_USERS\S-1-5-21-2446408702-1106063941-2773295772-1008\Software\Microsoft\Search Assistant\ACMru\5603

Name: 002 Type:REG_SZ
 
Joined
Dec 9, 2000
Messages
45,855
The actual ati2dvag.dll is where it should be.

But what directory did you find scddUtil.DLL in?

The registry search for scddUtil.DLL did not produce anything useful -- very strange since that is the file name faulting.

The entries you found in regedit only reflect previous search data.

Have you tried the "Clean Boot" analysis technique I indicated earlier?

Also, before doing that, post a HijackThis Scanlog; if you can take it in normal mode great -- but if not, do it in Safe Mode>>

Download and install HijackThis. Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
 

Tiger Cat E1

Thread Starter
Joined
Aug 8, 2008
Messages
22
Only other info for scddUtil.DLL =C:\WINDOWS\System32 - 227KB - Application Extension - Date Modified 08/06/2005 06:44 (Opens with Unknown Application)

Clean Boot:
Tried one by one - had a problem with:

Basics services (Manufacturer - Unknown)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:52:37, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\AOL\1195232279\ee\AOLSoftware.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Desktop Maestro\deskmech.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\common files\aol\1195232279\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\suitest.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1195232279\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DesktopMaestro] "C:\Program Files\Desktop Maestro\deskmech.exe" /H
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10175 bytes
 
Joined
Dec 9, 2000
Messages
45,855
Clean Boot:
Tried one by one - had a problem with:

Basics services (Manufacturer - Unknown)
Describe the "problem" please ...

That appears to relate to this >>

O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe.

Also verify you have BOTH these files in the system32 directory? >>

scddUtil.DLL

ati2dvag.Dll


Are they identical file sizes?

If so, can you rename scddutil.dll to scddutill.old ?
 

Tiger Cat E1

Thread Starter
Joined
Aug 8, 2008
Messages
22
Restarted computer with only basics services running had blue screen but have only installed this recently - so that can't be the main problem. Seagate is my external hardrive.

scddUtil.DLL 227KB

ati2dvag.Dll

C:\WINDOWS\System32 - 20KB - Application extension - unknown Application - modified 12/10/1997

C:\WINDOWS\ServicePackFiles\i386 - 197KB - Application extension - unknown Application - modified 14/04/2008

C:\WINDOWS\System32\dllcache - 227KB - Application extension - unknown Application - modified 08/06/2005 06:44

Have renamed to scddutill.old
 

Tiger Cat E1

Thread Starter
Joined
Aug 8, 2008
Messages
22
Changed Back

Still had the problem, did have a huge problem when change to .old, not being able to get into xp at all but changed it back to .dll through safe mode and starts again but still the blue screen now and again.
 
Joined
Dec 9, 2000
Messages
45,855
The only realy relevant (starting) versions would be in the system32 directory.

And you have a copy of BOTH those versions there, or only one?

Upload any "new" minidumps.

Also, try the regedit search again for scddUtil.DLL

Make sure the file tree in the left pane is completely collapsed and My Computer highlighted before you search; keep pressing F3 to continue the search after each "hit". You can ignore the ones that say "mru", such as this

My Computer\HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

-- these are just past searches.

When was the last time you updated your ATI display drivers?

If this is your data for the ATI driver in system32, it is not what we want, the file size is too small and the date way too old >>

C:\WINDOWS\System32 - 20KB - Application extension - unknown Application - modified 12/10/1997

This would be the current one, but it is in a "backup" directory >>

C:\WINDOWS\ServicePackFiles\i386 - 197KB - Application extension - unknown Application - modified 14/04/2008
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top