Skip to main content

Blue Screen Crash When Updating Definition File

Comments

25 comments

  • Customer

    Hello

     

    It sounds like you may have some hardware problems. You mentioned that over the last year you had periodically freezes. Do you still have them even after a complete reinstall of windows? Also verify that you are using a legit copy of Windows when reinstalling and update/patch it.

     

    What operating system are you using and what version of Ad-Aware are you running?

     

    /Daniel

    0
  • Customer

    Freezes occurred after complete OS reinstall (Windows XP Pro) and all updates. Also, they happened before I reinstalled Adaware so as you suggest, I probably have a bigger problem that just Adaware...any comments/suggestions to this point are appreciated but I'm aware that it is not the main purpose of this forum.

     

    What's interesting is that after the OS reinstall and after reinstalling a fresh copy of Adaware, I still get the blue screen freeze when attempting to connect for def updates.

     

    This is a legit copy obtained through my school. Running latest Adaware version (SE Personal 1.06r1).

     

    Thanks for your help. Let me know what other info might be helpful.

    0
  • Customer

    Hi

     

    Can you try this please:

     

    Close Ad-Aware. Press start, select run and in the window that opens enter the text in bold:

     

    services.msc

    Click the OK button to open the Services window.

     

    In the services window that is displayed, scroll down to "DCOM Server Process Launcher". You may need to drag the column indicator next to the column headed "Name" to the right to see the full name. Double-click on "DCOM Server Process Launcher" to open the Properties window then click on the "Recovery" tab.

     

    Against the item "Select the computer's response if this service fails" there are three settings. In the drop down box change each one (First failure, Second failure and Subsequent failures) from "Restart the Computer" to "Restart the Service". Click OK to save the settings.

     

    Now scroll down to "Remote Procedure Call (RPC)". Double-click on "Remote Procedure Call (RPC)" then click on the "Recovery" tab and repeat the above to change the three "Select the computer's response if this service fails" settings to "Restart the Service". Click OK to save the settings.

     

    Close the services windows.

     

    Restart Ad-Aware abd try updating now.

     

    Post back how you get on.

     

    Thanks

    0
  • Customer

    I get the same problem when I tries to update Ad-Aware on my PC today. I get blue-screen when the Connect-button is clicked. I have not had any other blue-screen problems with my PC. I have Win XP Pro. I tried to reinstall Ad-Aware but it did not help.

    I am using Ad-Aware on another PC (with Win XP HomeEd) without any problems.

    0
  • Customer

    THAT WORKED! Thank you SO much!

     

    I would love to know how you knew to try this solution...if only for my own edification.

     

    Once again thank you so much.

    0
  • Customer

    THAT WORKED! Thank you SO much!

     

    I would love to know how you knew to try this solution...if only for my own edification.

     

    Once again thank you so much.


     

    Windows provides a method to monitor services and take action on specific events e.g. if service fails it can be restarted. A few rather than restart the service are set to restart the PC. Certain malware take advantage of this and target these services as a defense against tools that are designed to remove malware.

     

    It would be worth running a full scan with Ad-Aware and post the log along with a HijackThis log to see if any of this type of malware is present on your system.

    0
  • Customer

    Logfile of HijackThis v1.99.1

    Scan saved at 12:12:56 AM, on 12/17/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program Files\EzButton\CplBCL50.EXE

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\PROGRA~1\MICROS~3\wcescomm.exe

    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    C:\PROGRA~1\MICROS~3\rapimgr.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\Documents and Settings\Bowlin\Desktop\hijackthis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE

    O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"

    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164328869588

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164329162304

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    0
  • Customer

    Logfile of HijackThis v1.99.1

    Scan saved at 8:51:27 AM, on 12/18/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program Files\EzButton\CplBCL50.EXE

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\PROGRA~1\MICROS~3\wcescomm.exe

    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    C:\PROGRA~1\MICROS~3\rapimgr.exe

    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\HijackThis\myhjt.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;ltmplcache=2

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE

    O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"

    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164328869588

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164329162304

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    0
  • Customer

    Hi

     

    The HijackThis log looks OK. Can you try the following three things as well please.

     

    1) Rename the HijackThis program as some malware detect the name when it is running so renaming helps get round this. Install HijackThis to a folder rather than the desktop. See this post for help:

     

    http://www.lavasoftsupport.com/index.php?showtopic=216

     

    Then rename the HijackThis.exe file to say myhjt.exe and then click on this to run a scan. Please post the new logfile.

     

    2) Try the free beta trial of a tool from F-Secure called Blacklight

     

    F-Secure Blacklight:

    https://europe.f-secure.com/blacklight/try.shtml

     

    read the info and click the *I accept* button near the bottom of that page.

     

    download Blacklight Beta (graphical user interface version).

     

    Doubleclick on blbeta.exe to run it, click > scan then > next, next again then exit.

     

    There will be a new text file near blacklite. Post this please. The text file is named: fsbl.xxxxxxx.log (the xxxxxxx stand for numbers). Do not take any action based on the scan, please just post the file.

     

    3) Please download Rootkit Revealer

    http://www.microsoft.com/technet/sysintern...itRevealer.mspx

     

    (link is at the very bottom of the page)

     

    Unzip it to a folder. Open the rootkitrevealer folder and double-click rootkitrevealer.exe. Click the Scan button (bottom right). It may take a while to scan (don't do anything else while it's running - leave the PC idle during the scan).

     

    When it's done, go up to File > Save. Choose to save it to the folder you installed rootkitrevealer. Then open rootkitrevealer.txt you just saved and copy the entire contents and paste them here.

     

    Do not take any action on the output as the items may be perfectly normal.

     

    Many thanks

    0
  • Customer

    12/18/06 08:54:18 [info]: BlackLight Engine 1.0.47 initialized

    12/18/06 08:54:18 [info]: OS: 5.1 build 2600 (Service Pack 2)

    12/18/06 08:54:19 [Note]: 7019 4

    12/18/06 08:54:19 [Note]: 7005 0

    12/18/06 08:54:27 [Note]: 7006 0

    12/18/06 08:54:27 [Note]: 7011 1724

    12/18/06 08:54:27 [Note]: 7026 0

    12/18/06 08:54:28 [Note]: 7026 0

    12/18/06 08:54:32 [Note]: FSRAW library version 1.7.1020

    12/18/06 08:56:20 [Note]: 2000 1012

    12/18/06 08:58:03 [Note]: 7007 0

    0
  • Customer

    HKLM\SECURITY\Policy\Secrets\SAC* 11/23/2006 7:07 PM 0 bytes Key name contains embedded nulls (*)

    HKLM\SECURITY\Policy\Secrets\SAI* 11/23/2006 7:07 PM 0 bytes Key name contains embedded nulls (*)

    0
  • Customer

    NEW INFO: In response to your request from several posts ago, I just went to Adaware to do a full scan and post the log. Unfortunately, as soon as I clicked "update" I got the blue screen crash again. After holding down the power button, restarting, etc. I checked the settings you had me change in services.msc and they all still say "restart the service."

     

    Any comments or suggestions? Do you want me to manually update the Adaware defs and then run a scan/post the log? Thanks.

    0
  • Customer

    Hi

     

    The HijackThis log is OK and the rootkitrevealer is normal and the embedded nulls are as expected.

     

    I am not familiar with blacklight output so I will ask an expert to check that out. As Ad-Aware SE is still giving a BSOD can you try to rename the defs.ref file to defs.ref.backup. Then try running a web update again, it should notify no defs file found and download a new defintions file.

     

    Post back how this goes.

    0
  • Customer

    I tried renaming the def file but still got a crash when attempting to update. Appreciate the ongoing help.

    0
  • Customer

    The blue screen flashes up so quickly and then goes black that I can't read the code. It is literally up for less than 1 second. Once the screen goes black there is this LOUD beeping that will persist unless I hold the power button.

     

    Is there any way to slow down the crash so I can read the code? Screen capture?...although this would take some lucky timing and probably wouldn't save since I have to restart after the crash. Any other system logs that might contain the number?...the event log doesn't show anything abnormal after the restart from what I can tell. Thanks.

    0
  • Customer

    Hi

     

    When the blue screen appears in Windows there should be a stop code at the beginning as a hexadecimal number. The number will vary depending on the reason for the blue screen. e.g.

     

    Stop 0x0000001e

     

    Can you post back with the stop code you get when updating the defs file please.

     

    Thanks

    0
  • Customer

    I made the change but when I went to update, it didn't crash! Go figure. I am running a scan right now and will post the log when it is done.

     

    Restarted computer and was able to click update again without a crash.

     

    ADD. INFO: Between my last post and your most recent post I had on of the 'random' freezes that has been haunting my computer for at least a year (I mentioned this before as a possibly related side-note to the Adaware problem). Upon restarting from this freeze I got the Windows Error Reporting box. I sent the report and then had a browser window appear with info on updating my Intel 2200BG wireless driver (this is a laptop). There were warnings about obtaining drivers only from your laptop manufacturer (Chembook in my case) but I figured I'd give it a shot anyway. The update worked just fine and my hardware manager reflects the change in drivers.

     

    As I said, I installed this driver update before changing the settings suggested in your last post and before attempting to update the Adaware drivers. I'm not sure if there is a connection here but I thought I'd let you know either way.

     

    Thanks.

    0
  • Customer

    Hi

     

    Please try adjusting this option.

     

    Right mouse click on "My Computer" and select properties, then select the "Advanced" tab. Under the section headed "Startup and Recovery" click on the settings button. In the "Startup and Recovery" window then deselect the option "Automatically restart". Click OK at each Window to enable the setting.

     

    This should cause the system to halt with the blue screen displayed. You will need to power cycle to restart the PC again.

    0
  • Customer

    Sorry for the long post. I can delete some of this garbage if it isn't helpful.

     

    Ad-Aware SE Build 1.06r1

    Logfile Created on:Tuesday, December 19, 2006 5:15:30 PM

    Created with Ad-Aware SE Personal, free for private use.

    Using definitions file:SE1R140 18.12.2006

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    References detected during the scan:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    MRU List(TAC index:0):25 total references

    Tracking Cookie(TAC index:3):3 total references

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Ad-Aware SE Settings

    ===========================

    Set : Search for negligible risk entries

    Set : Search for low-risk threats

    Set : Safe mode (always request confirmation)

    Set : Scan active processes

    Set : Scan registry

    Set : Deep-scan registry

    Set : Scan my IE Favorites for banned URLs

    Set : Scan my Hosts file

     

    Extended Ad-Aware SE Settings

    ===========================

    Set : Unload recognized processes & modules during scan

    Set : Scan registry for all users instead of current user only

    Set : Always try to unload modules before deletion

    Set : During removal, unload Explorer and IE if necessary

    Set : Let Windows remove files in use at next reboot

    Set : Delete quarantined objects after restoring

    Set : Include basic Ad-Aware settings in log file

    Set : Include additional Ad-Aware settings in log file

    Set : Include reference summary in log file

    Set : Include alternate data stream details in log file

    Set : Play sound at scan completion if scan locates critical objects

     

     

    12-19-2006 5:15:30 PM - Scan started. (Full System Scan)

     

    MRU List Object Recognized!

    Location: : C:\Documents and Settings\Bowlin\Application Data\microsoft\office\recent

    Description : list of recently opened documents using microsoft office

     

     

    MRU List Object Recognized!

    Location: : C:\Documents and Settings\Bowlin\recent

    Description : list of recently opened documents

     

     

    MRU List Object Recognized!

    Location: : software\microsoft\direct3d\mostrecentapplication

    Description : most recent application to use microsoft direct3d

     

     

    MRU List Object Recognized!

    Location: : software\microsoft\direct3d\mostrecentapplication

    Description : most recent application to use microsoft direct X

     

     

    MRU List Object Recognized!

    Location: : software\microsoft\directdraw\mostrecentapplication

    Description : most recent application to use microsoft directdraw

     

     

    MRU List Object Recognized!

    Location: : S-1-5-21-73586283-706699826-854245398-1003\software\microsoft\directinput\mostrecentapplication

    Description : most recent application to use microsoft directinput

     

     

    MRU List Object Recognized!

    Location: : S-1-5-21-73586283-706699826-854245398-1003\software\microsoft\directinput\mostrecentapplication

    Description : most recent application to use microsoft directinput

     

     

    MRU List Object Recognized!

    Location: : S-1-5-21-73586283-706699826-854245398-1003\software\microsoft\internet explorer

    Description : last download directory used in microsoft internet explorer

     

     

    MRU List Object Recognized!

    Location: : .DEFAULT\software\microsoft\mediaplayer\preferences

    Description : last playlist loaded in microsoft windows media player

     

     

    MRU List Object Recognized!

    Location: : S-1-5-18\software\microsoft\mediaplayer\preferences

    Description : last playlist loaded in microsoft windows media player

     

     

    MRU List Object Recognized!

    Location: : S-1-5-19\software\microsoft\mediaplayer\preferences

    Description : last playlist loaded in microsoft windows media player

     

     

    MRU List Object Recognized!

    Location: : S-1-5-20\software\microsoft\mediaplayer\preferences

    Description : last playlist loaded in microsoft windows media player

     

     

    MRU List Object Recognized!

    Location: : S-1-5-21-73586283-706699826-854245398-1003\software\microsoft\microsoft management console\recent file list

    Description : list of recent snap-ins used in the microsoft management console

     

     

    MRU List Object Recognized!

    Location: : S-1-5-21-73586283-706699826-854245398-1003\software\microsoft\search assistant\acmru

    Description : list of recent search terms used with the search assistant

     

     

    MRU List Object Recognized!

    Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

    Description : list of recent programs opened

     

     

    MRU List Object Recognized!

    Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

    Description : list of recent programs opened

     

     

    MRU List Object Recognized!

    Location: : S-1-5-21-73586283-706699826-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

    Description : list of recent programs opened

     

     

    MRU List Object Recognized!

    Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

    Description : list of recently saved files, stored according to file extension

     

     

    MRU List Object Recognized!

    Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

    Description : list of recently saved files, stored according to file extension

     

     

    MRU List Object Recognized!

    Location: : S-1-5-21-73586283-706699826-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

    Description : list of recently saved files, stored according to file extension

     

     

    MRU List Object Recognized!

    Location: : S-1-5-21-73586283-706699826-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs

    Description : list of recent documents opened

     

     

    MRU List Object Recognized!

    Location: : S-1-5-21-73586283-706699826-854245398-1003\software\microsoft\windows\currentversion\explorer\runmru

    Description : mru list for items opened in start | run

     

     

    MRU List Object Recognized!

    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

    Description : windows media sdk

     

     

    MRU List Object Recognized!

    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

    Description : windows media sdk

     

     

    MRU List Object Recognized!

    Location: : S-1-5-21-73586283-706699826-854245398-1003\software\microsoft\windows media\wmsdk\general

    Description : windows media sdk

     

     

    Listing running processes

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    #:1 [smss.exe]

    FilePath : \SystemRoot\System32\

    ProcessID : 668

    ThreadCreationTime : 12-19-2006 11:10:59 PM

    BasePriority : Normal

     

     

    #:2 [csrss.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 732

    ThreadCreationTime : 12-19-2006 11:11:01 PM

    BasePriority : Normal

     

     

    #:3 [winlogon.exe]

    FilePath : \??\C:\WINDOWS\system32\

    ProcessID : 768

    ThreadCreationTime : 12-19-2006 11:11:05 PM

    BasePriority : High

     

     

    #:4 [services.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 812

    ThreadCreationTime : 12-19-2006 11:11:05 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Services and Controller app

    InternalName : services.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : services.exe

     

    #:5 [lsass.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 824

    ThreadCreationTime : 12-19-2006 11:11:05 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : LSA Shell (Export Version)

    InternalName : lsass.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : lsass.exe

     

    #:6 [ati2evxx.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 980

    ThreadCreationTime : 12-19-2006 11:11:06 PM

    BasePriority : Normal

     

     

    #:7 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 992

    ThreadCreationTime : 12-19-2006 11:11:06 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:8 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1072

    ThreadCreationTime : 12-19-2006 11:11:06 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:9 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1108

    ThreadCreationTime : 12-19-2006 11:11:07 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:10 [svchost.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1144

    ThreadCreationTime : 12-19-2006 11:11:07 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:11 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1304

    ThreadCreationTime : 12-19-2006 11:11:10 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:12 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1444

    ThreadCreationTime : 12-19-2006 11:11:13 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:13 [explorer.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 1524

    ThreadCreationTime : 12-19-2006 11:11:14 PM

    BasePriority : Normal

    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 6.00.2900.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Windows Explorer

    InternalName : explorer

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : EXPLORER.EXE

     

    #:14 [spoolsv.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1820

    ThreadCreationTime : 12-19-2006 11:11:14 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

    ProductVersion : 5.1.2600.2696

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Spooler SubSystem App

    InternalName : spoolsv.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : spoolsv.exe

     

    #:15 [guard.exe]

    FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\

    ProcessID : 264

    ThreadCreationTime : 12-19-2006 11:11:21 PM

    BasePriority : Normal

    FileVersion : 7, 5, 0, 47

    ProductVersion : 7, 5, 0, 47

    ProductName : AVG Anti-Spyware

    CompanyName : Anti-Malware Development a.s.

    FileDescription : AVG Anti-Spyware guard

    InternalName : AVG Anti-Spyware guard

    LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

    OriginalFilename : guard.exe

     

    #:16 [avgamsvr.exe]

    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\

    ProcessID : 272

    ThreadCreationTime : 12-19-2006 11:11:21 PM

    BasePriority : Normal

    FileVersion : 7.5.0.420

    ProductVersion : 7.5.0.420

    ProductName : AVG 7.5 Anti-Virus System

    CompanyName : GRISOFT, s.r.o.

    FileDescription : AVG Alert Manager

    InternalName : avgamsvr

    LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

    OriginalFilename : avgamsvr.EXE

     

    #:17 [avgupsvc.exe]

    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\

    ProcessID : 284

    ThreadCreationTime : 12-19-2006 11:11:22 PM

    BasePriority : Normal

    FileVersion : 7.5.0.420

    ProductVersion : 7.5.0.420

    ProductName : AVG 7.5 Anti-Virus System

    CompanyName : GRISOFT, s.r.o.

    FileDescription : AVG Update Service

    InternalName : avgupsvc

    LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

    OriginalFilename : avgupdsvc.EXE

     

    #:18 [avgemc.exe]

    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\

    ProcessID : 340

    ThreadCreationTime : 12-19-2006 11:11:22 PM

    BasePriority : Normal

    FileVersion : 7.5.0.432

    ProductVersion : 7.5.0.432

    ProductName : AVG Anti-Virus system

    CompanyName : GRISOFT, s.r.o.

    FileDescription : AVG E-Mail Scanner

    InternalName : avgemc

    LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

    OriginalFilename : avgemc.exe

     

    #:19 [svchost.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 516

    ThreadCreationTime : 12-19-2006 11:11:22 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Generic Host Process for Win32 Services

    InternalName : svchost.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : svchost.exe

     

    #:20 [alg.exe]

    FilePath : C:\WINDOWS\System32\

    ProcessID : 1200

    ThreadCreationTime : 12-19-2006 11:11:27 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Application Layer Gateway Service

    InternalName : ALG.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : ALG.exe

     

    #:21 [soundman.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 1464

    ThreadCreationTime : 12-19-2006 11:11:28 PM

    BasePriority : Normal

    FileVersion : 5.1.0.21

    ProductVersion : 5.1.0.21

    ProductName : Realtek Sound Manager

    CompanyName : Realtek Semiconductor Corp.

    FileDescription : Realtek Sound Manager

    InternalName : ALSMTray

    LegalCopyright : Copyright © 2001-2003 Realtek Semiconductor Corp.

    OriginalFilename : ALSMTray.exe

    Comments : Realtek AC97 Audio Sound Manager

     

    #:22 [agrsmmsg.exe]

    FilePath : C:\WINDOWS\

    ProcessID : 1488

    ThreadCreationTime : 12-19-2006 11:11:28 PM

    BasePriority : Normal

    FileVersion : 2.1.32 2.1.32 07/25/2003 11:22:37

    ProductVersion : 2.1.32 2.1.32 07/25/2003 11:22:37

    ProductName : Agere SoftModem Messaging Applet

    CompanyName : Agere Systems

    FileDescription : SoftModem Messaging Applet

    InternalName : smdmstat.exe

    LegalCopyright : Copyright © Agere Systems 1998-2000

    OriginalFilename : smdmstat.exe

     

    #:23 [cplbcl50.exe]

    FilePath : C:\Program Files\EzButton\

    ProcessID : 1504

    ThreadCreationTime : 12-19-2006 11:11:28 PM

    BasePriority : Normal

    FileVersion : 1.00

    ProductVersion : 1.00

    ProductName : Dritek System Inc. CPATR10 10.29.2001 ( VC60 )

    CompanyName : Dritek System Inc.

    FileDescription : Compal ATR10 Easy Button ( Multi-Language )

    InternalName : CPATR10

    LegalCopyright : Copyright © 2001 Dritek System Inc.

    OriginalFilename : CPATR10.exe

     

    #:24 [syntplpr.exe]

    FilePath : C:\Program Files\Synaptics\SynTP\

    ProcessID : 1624

    ThreadCreationTime : 12-19-2006 11:11:28 PM

    BasePriority : Normal

    FileVersion : 7.9.0 08Jan04

    ProductVersion : 7.9.0 08Jan04

    ProductName : Progressive Touch

    CompanyName : Synaptics, Inc.

    FileDescription : TouchPad Driver Helper Application

    InternalName : SynTPLpr

    LegalCopyright : Copyright © Synaptics, Inc. 1996-2004

    OriginalFilename : SynTPLpr.exe

     

    #:25 [syntpenh.exe]

    FilePath : C:\Program Files\Synaptics\SynTP\

    ProcessID : 1640

    ThreadCreationTime : 12-19-2006 11:11:28 PM

    BasePriority : Normal

    FileVersion : 7.9.0 08Jan04

    ProductVersion : 7.9.0 08Jan04

    ProductName : Progressive Touch

    CompanyName : Synaptics, Inc.

    FileDescription : Synaptics TouchPad Enhancements

    InternalName : Scrolleroo

    LegalCopyright : Copyright © Synaptics, Inc. 1996-2004

    OriginalFilename : SynTPEnh.exe

     

    #:26 [avgcc.exe]

    FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\

    ProcessID : 1652

    ThreadCreationTime : 12-19-2006 11:11:28 PM

    BasePriority : Normal

    FileVersion : 7.5.0.418

    ProductVersion : 7.5.0.418

    ProductName : AVG 7.5 Anti-Virus System

    CompanyName : GRISOFT, s.r.o.

    FileDescription : AVG Control Center

    InternalName : AvgCC

    LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

    OriginalFilename : AvgCC.EXE

     

    #:27 [avgas.exe]

    FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\

    ProcessID : 1664

    ThreadCreationTime : 12-19-2006 11:11:28 PM

    BasePriority : Normal

    FileVersion : 7, 5, 0, 50

    ProductVersion : 7, 5, 0, 50

    ProductName : AVG Anti-Spyware

    CompanyName : Anti-Malware Development a.s.

    FileDescription : AVG Anti-Spyware

    InternalName : AVG Anti-Spyware

    LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

    OriginalFilename : avgas.exe

     

    #:28 [atiptaxx.exe]

    FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\

    ProcessID : 1672

    ThreadCreationTime : 12-19-2006 11:11:28 PM

    BasePriority : Normal

    FileVersion : 6.14.10.5107

    ProductVersion : 6.14.10.5107

    ProductName : ATI Desktop Component

    CompanyName : ATI Technologies, Inc.

    FileDescription : ATI Desktop Control Panel

    InternalName : Atiptaxx.exe

    LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.

    OriginalFilename : Atiptaxx.exe

     

    #:29 [ctfmon.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 1680

    ThreadCreationTime : 12-19-2006 11:11:28 PM

    BasePriority : Normal

    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

    ProductVersion : 5.1.2600.2180

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : CTF Loader

    InternalName : CTFMON

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : CTFMON.EXE

     

    #:30 [wcescomm.exe]

    FilePath : C:\PROGRA~1\MICROS~3\

    ProcessID : 1692

    ThreadCreationTime : 12-19-2006 11:11:28 PM

    BasePriority : Normal

    FileVersion : 4.2.4876.0

    ProductVersion : 4.2.4876

    ProductName : Microsoft ActiveSync

    CompanyName : Microsoft Corporation

    FileDescription : ActiveSync Connection Manager

    InternalName : wcescomm

    LegalCopyright : Copyright © 1995-2006 Microsoft Corp. All rights reserved.

    LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

    OriginalFilename : WCESCOMM.EXE

     

    #:31 [anydvd.exe]

    FilePath : C:\Program Files\SlySoft\AnyDVD\

    ProcessID : 1700

    ThreadCreationTime : 12-19-2006 11:11:29 PM

    BasePriority : High

     

     

    #:32 [rapimgr.exe]

    FilePath : C:\PROGRA~1\MICROS~3\

    ProcessID : 1508

    ThreadCreationTime : 12-19-2006 11:11:30 PM

    BasePriority : Normal

    FileVersion : 4.2.4876.0

    ProductVersion : 4.2.4876

    ProductName : Microsoft ActiveSync

    CompanyName : Microsoft Corporation

    FileDescription : ActiveSync RAPI Manager

    InternalName : rapimgr

    LegalCopyright : Copyright © 1995-2006 Microsoft Corp. All rights reserved.

    LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

    OriginalFilename : rapimgr.exe

     

    #:33 [wuauclt.exe]

    FilePath : C:\WINDOWS\system32\

    ProcessID : 876

    ThreadCreationTime : 12-19-2006 11:12:10 PM

    BasePriority : Normal

    FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

    ProductVersion : 5.8.0.2469

    ProductName : Microsoft® Windows® Operating System

    CompanyName : Microsoft Corporation

    FileDescription : Automatic Updates

    InternalName : wuauclt.exe

    LegalCopyright : © Microsoft Corporation. All rights reserved.

    OriginalFilename : wuauclt.exe

     

    #:34 [ad-aware.exe]

    FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

    ProcessID : 2916

    ThreadCreationTime : 12-19-2006 11:14:39 PM

    BasePriority : Normal

    FileVersion : 6.2.0.236

    ProductVersion : SE 106

    ProductName : Lavasoft Ad-Aware SE

    CompanyName : Lavasoft Sweden

    FileDescription : Ad-Aware SE Core application

    InternalName : Ad-Aware.exe

    LegalCopyright : Copyright © Lavasoft AB Sweden

    OriginalFilename : Ad-Aware.exe

    Comments : All Rights Reserved

     

    Memory scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 25

     

     

    Started registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Registry Scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 25

     

     

    Started deep registry scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Deep registry scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 25

     

     

    Started Tracking Cookie scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

     

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : bowlin@live365[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:6

    Value : Cookie:bowlin@live365.com/

    Expires : 12-22-2011 9:51:50 AM

    LastSync : Hits:6

    UseCount : 0

    Hits : 6

     

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : bowlin@hitbox[2].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:14

    Value : Cookie:bowlin@hitbox.com/

    Expires : 12-19-2007 1:47:14 PM

    LastSync : Hits:14

    UseCount : 0

    Hits : 14

     

    Tracking Cookie Object Recognized!

    Type : IECache Entry

    Data : bowlin@ehg-nokiafin.hitbox[1].txt

    TAC Rating : 3

    Category : Data Miner

    Comment : Hits:7

    Value : Cookie:bowlin@ehg-nokiafin.hitbox.com/

    Expires : 12-19-2007 1:47:14 PM

    LastSync : Hits:7

    UseCount : 0

    Hits : 7

     

    Tracking cookie scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 3

    Objects found so far: 28

     

     

     

    Deep scanning and examining files (C:)

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Disk Scan Result for C:\

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 28

     

     

    Scanning Hosts file......

    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Hosts file scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    1 entries scanned.

    New critical objects:0

    Objects found so far: 28

     

     

     

     

    Performing conditional scans...

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

     

    Conditional scan result:

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    New critical objects: 0

    Objects found so far: 28

     

    5:24:08 PM Scan Complete

     

    Summary Of This Scan

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Total scanning time:00:08:38.175

    Objects scanned:118217

    Objects identified:3

    Objects ignored:0

    New critical objects:3

    0
  • Customer

    Hi

     

    Nothing of concern in the Ad-Aware log either. Tracking cookies are easy to remove and the MRU items are not a threat. MRUs are the lists of files, URLS etc opened recently in various applications. The recently used file lists are useful in applications but could be a potential privacy issue on a shared PC so Ad-Aware offers the option to delete them.

     

    The Blacklight log checked out OK as well.

     

    The intermitent blue screen and info you provided suggests a hardware issue rather than a malware infection; possibly the disk drive is starting to fail.

     

    If it happens again try posting the stop code. This will give some pointers as to where the issue is.

    0
  • Customer

    I will make sure to do that.

     

    Thanks again for all your help.

    0
  • Customer

    Well the program was working fine for a few weeks but I just now recovered from a physical memory dump/blue screen crash. Here's the info:

     

    DRIVER_IRQL_NOT_LESS_OR_EQUAL

     

    Technical Information:

    ***STOP: 0x000000D1 (0x82400000, 0x00000002, 0x00000000, 0xF8097A98)

    ***w22n51.sys - Address F8097A98 base at F8024000, DateStamp 3ff54d71

     

    Upon restart the Windows Error Reporting box appeared and after sending the error report, a Windows error reporting web page opened and prompted me to download the latest Intel 2200bg driver. I have received this message before (and installed the different driver) but that didn't fix the problem.

     

    Any thoughts? Thanks.

    0
  • Customer

    I'm having the same problem and also have the Intel 2200BG driver (mine is v.8). The manufacturer is Averatec and they have no driver available. I tried updating my driver to Intel v.9, but then can't connect to my home network at all so I had to rollback to v.8. Could there be any way to get Ad-Aware to work with v.8?

    0
  • Customer

    Hi

     

    Sorry for the late reply, I have only just seen you posted the stop code.

     

    In general STOP: 0x000000D1 is due to one of these reasons:


    • A bad device driver


    • Faulty RAM


    • A corrupted page file



    As the stop code references a specific driver (w22n51.sys ) this needs checking out. Check if the original manufacturer of your laptop has their own version of that driver. Visit their web site and look for the drivers for you model of laptop. It is possible they have thier own versions of the wireless LAN driver. A handy lookup table is available from Intel at http://www.intel.com/support/notebook/cent...b/cs-009881.htm

     

    Always use the original equipment manfacturers' version if one is available. If not then checkout the Intel web site at http://www.intel.com/support/wireless/wlan...200bg/index.htm and follow Intel's instructions on how to identify your adapter and driver.

    0
  • Customer

    Ad Astra, thanks so much for the reply.

     

    The w22n51.sys file is part of my WLAN drivers. I have the latest drivers installed per ChemUSAs web site (my laptop manufacturer) and have reinstalled those drivers several times. I have also tried the latest drivers from Intel's' site but run into connection difficulties and the inability to use ActiveSync with my PPC.

     

    I'll try emailing ChemUSA to see if they have any new drivers that haven't been uploaded to their site but I am not too optimistic.

     

    I'm also debating whether to try a new stick of RAM but that is a fairly expensive experiment especially in light of the fact that memtest86+ has shown no errors on several runs.

     

    I'll let you know what ChemUSA has to say. In the meantime, let me know if you have any other ideas...I really appreciate the help. Thanks.

    0

Please sign in to leave a comment.