Referred by Malware Forums (computer crash...memory dump!)

Hello,
I was referred to you guys by Chaslang in the Malware forums. After several days of trying to debug my computer of what I thought was malware, and trying to get the logs to post correctly so that they could inspect them for any inconsistencies, they determined that there, in fact, was no malware infecting my computer. However, they did notice that it showed my computer crashed on the day that all of this happened, so that is why they referred me to you guys. Anyway, I am going to post my original thread from the malware forum which explains what happened on that day, and the final response I received from Chaslang. Please bear in mind that I am computerally challenged, and know just about enough to screw up my computer, and sometimes even fix it without knowing what I've done either way! Be kind, in other words, and assume that I know NOTHING! Thanks, and here's the posts from before:


Hello,
My computer was running with virtually no problems yesterday. I logged off like I usually do (switch user), and went to my friends house to help him move. When I returned, the computer was shut down, which is strange because I usually leave it in the switch user mode, and even if it is not powered on, as soon as I power it on it shows that people are logged on...just a quick way to get it up and running. Anyway, when I started it up, it seemed to run pretty slow, and Internet Explorer opens up like it's logging on, but it soon says Not Responding, and I can't get anything up on the webpages. It would seem to me that it is a virus, but I am running Avira Anti-virus, which I remember it updating yesterday, and I ran a complete scan today, and it didn't detect anything. I want to run the malware removal steps, but I can't get online to download any of the cleaners, programs, etc. Does anyone have any suggestions for me to run the steps? I am typing this from my laptop, but have no way of getting the files from this computer to my desktop. Please help!
I am running a self-built system (Aug. 07....no problems at all with system before this) with the following specs:

Athlon 64 X2 4400 cpu
Abit KN9 SLI AM2 motherboard
G Skill DDR2 memory 2GB
Windows Vista Ultimate Operating System

P.S. Since posting this message the day it happened, I was able to download Mozilla Firefox browser onto cd from another machine, and install it to work on this machine. It opens slowly, but does work and I am able to get online with it. I would rather revert back to Internet Explorer, and the rest of the computer is still running very slow! Please help! Thanks!



From Chaslang in Malware Forums:
Okay it's great to fnally have the log file; however after all this trouble I have good news and bad news. The good news is you show no signs of malware. The bad new is also that you show no signs of malware and had to hassle with all of this to get logs.

What I do see in your log is that you had a system crash of the day where you said your PC shut down. The files from it are in your Windows folder. Code:

"C:\Windows\"
memory.dmp Dec 26 2007 431655653 "MEMORY.DMP"
MINIDUMP Dec 26 2007 "Minidump"
You may want to consider posting in the Software Forum to see if they wish to debug the memory dump or if they have other ideas. Perhaps you should just try restoring to a restore point from before Dec 26th to see if that helps.

 

Hello again,
I tried to do the How to Debug Memory Dumps, but my computer seems to freeze when I get to the locate memory dumps. It said I needed to find a program to open it with, and I tried both Notepad and Word, but my computer froze on both tries. Is there any other way, or am I doing something wrong? Also, I tried to revert back to an earlier Restore Point, but it only showed back to Dec. 27th.....the crash happened on Dec. 26th. Thanks!

 

I finally got the Debug Memory to run, and it looks like the problem is something to do with "nvstor32.sys".

Of course, I have NO IDEA what to do from here....so ANY help would be greatly appreciated! Thanks!

 

The nvstor32.sys is a storage driver from nvidia.Now do this:right click mycomputer>properties>advanced>startup and recovery>and uncheck automaticaly restart.This is ,cos we want to see BSOD,wich can tell us what is the problem with the comp.Visit event viewer,and see in system for errors.
Advice:uninstall mobo driver (chipset),and install again.
Hope this will help you.

 

GoranP,
Whoa, whoa, whoa, whoa.....slow down there....remember I said I was "computerally challenged"! In very easy and slow terms, lets go over this again (remember, assume I know NOTHING!...which is pretty much true)...I don't want to screw anything up more than it is now! Ok, I've opened Event Viewer, but please specify where I am looking, and what I am looking at. Am I looking in Summary of Administrative Events under Errors?
Also, to uninstall the mobo driver and reinstall, would I use the mobo utilities cd for that, and can I do that without losing vital information on my hard drive, or is there another way I have to go about this? Thanks for being so understanding, and putting up with my novice questions!

 

Ok.Firstly do this:right click mycomputer>properties>advanced>startup and recovery>and uncheck automaticaly restart.This is ,cos we want to see BSOD,wich can tell us what is the problem with the comp.

Now Go to:control panel>administrative tools>event viewer>and check system and application,and see if there is any problem or error.

AS for uninstall and install the driver,you wont lose any data from your hard disk.And you need Mobo CD for this.

 

I am going to try the uninstall, reinstall awhile and see what happens!

 

Goran.P,
I tried to use the motherboard cd - Abit motherboard with cd listing:

NV940-1.02M
Users Manual
Drivers
Acrobat Reader
Abit Utility

At first, the disk wouldn't run....I had to go into computer, right click on my drive, and then click autorun...still had problems opening, tried again and it opened, but didn't show anything under drivers. I can right click on it once it's opened, and then I click on Drivers folder, and then I get a bunch of things open up, but I don't know what to go to from there...I'm afraid I'll open the wrong thing and screw it up worse than it is now! Any suggestions? Thanks again for your patience!

 

Ok. In driver folder tell me what you see.
Are you uninstall only chipset driver?
http://www.uabit.com/index.php?option=com_content&task=view&id=32&Itemid=48&page=4&model=315

 

I don't want to throw a wrench into the mix here, but that link above does not have any Vista drivers....

 

Thanks dlb,http://www.nvidia.com/object/nforce_winvista32_15.01.html
I wonder why there are not on ABIT site.:confused

 

By the way, let me clarify here.....I was so far unable to UNinstall any of the drivers. Am I going about that in the right way, by using the mobo cd? That's what I meant when I said I can't get it to work! In the drivers folder, here is what is listed:

2003SP1 folder
AMD folder
AMD Mobile Readme folder
Audio folder
Chipset folder (which is what I think I need, correct?)
SilSATA folder
USB folder
Drivers.ini

Please advise me as to what to do next....and thanks a bunch again!

 

Ok, I downloaded the updated drivers, and installed them, and it did nothing! The computer is STILL sluggish.....it takes like 5-6 minutes for it to boot up from the log in page, where it used to boot up in like 30 seconds. Also, Internet Explorer still doesn't work.....opens like it it opening my homepage, the bar goes about half way and then I get the message "Not Responding". I can use Mozilla Firefox as a browser....it takes about 2 minutes to open, but once open seems to work fine. A few times it may say "Not Responding", but quickly starts again. I don't understand it....it's like it has Malware, but nothing was found! I am just ready to cry at this point.....I'm ready to just wipe the drive clean and start over again! AARRRRRRRRRRRRRGHHHH!

 

Don't be so nervous.I do my best,cos I'm not there in your house to repair your comp.You are my eyes,so what ever you write,I get the solution.Just stay cool.Say, what do you have in task manager.How many programs is runing now.
Download HiJack This,and post the log.http://www.majorgeeks.com/download.php?det=3155

What do you have for anti-virus and firewall.Do you have CCleaner?If not:http://www.majorgeeks.com/CCleaner_Slim_No_Yahoo_Toolbar_English_d4191.html
Install>open>go to tools>startup,and post what you have.

Did you do this:right click mycomputer>properties>advanced>startup and recovery>and uncheck automaticaly restart?

 

I did this when you requested before.

 

65.TOO MUCH.Give me task manager,and HJT log(for my reason),and CCleaner startup log.

 

Ok, I've uploaded the HijackThis log, but I'm not quite sure where to find, or how to upload the CCleaner startup log, or what to do with Task Manager to show you the processes. Please advise....

Also, I do have to be away from my computer for a little while, so if I don't respond for an hour or so, you'll know why! Hope the Hijack log helps you out some....it's the one from the other day. Let me know if you need anything else....and THANKS A BUNCH AGAIN for your patience! You guys really are life savers....or computer savers, at least!

 

To create the screenshot,press the printscreen button(right of F12 button).then right click on desktop>new>rich text document,open the file,and ctrl-v to paste the screenshot.

go to program files>java>bin>and press-javacpl>update,and uncheck java update.
Go to services and disable NMIndexingService.
do you use tea timer in S&D?disable tea timer,and use BOClean from comodo.Use S&D like resident scaner.

post the screenshots.

 

Not sure if the CCleaner log posted correctly, or not.


Unchecked Java update, disabled NMIndexingService, and I remember that I disabled tea timer in the malware forum. Don't quite know what BOClean or comodo are, nor what "use S&D like resident scanner" means either!

 

For some reason I can't get it to post the log now!

 

You guys really want some info to troubleshoot with?

http://www.microsoft.com/downloads/...ac-720f-4441-9ef6-ea9f657b5c2f&DisplayLang=en

While I noticed that this user has a bunch of startup items, I am curious why everyone stopped looking at the debug issue, where the cause of the crash that started it all was nvstor.sys.

Why? This user hasnt loaded a bunch of new startup items, the slowdown happened after the crash.

Being that nvstor.sys is a hard disk controller driver, and if it were to misbehave...that could cause the symptoms described here.

 

Nvidia has maintained for quite some time that their performance IDE/SATA driver is optional, so the first thing I'd do is remove it.

I don't have it installed, but I can lead you to where it should be.

Go to control panel, Programs and Features.

Locate Nvidia Drivers. Right click and choose Uninstall/Change.

Then you should see the screen that I've attached. One of them will/should be the Nvidia IDE/SATA driver. Choose only remove the following, and check that driver. What do you see? Note, it doesnt show in my screenshot, because I opted to never install it.

Make sure you back up any important data before doing this, to be safe.

http://img301.imageshack.us/img301/8584/captureon0.jpg

 

Adrynalyne,
I don't know how you do it, man, but you are the sweetest! I followed what you posted below, rebooted, and the computer fired right up, Internet Explorer opened right up again, and everything seems to be back to normal....a finely tuned running machine! I'm going to let it get some rest overnight....more like let MYSELF get some rest after this LLLLOOONNNNNNGGGGG battle (spent most of my holiday week off messing with this darn computer!). HAPPY NEW YEARS, and thanks to all who contributed! I'll fire it up tomorrow and run some applications to make sure everything is right with the world. I'll let you know if something goes awry. A GREAT BIG HEARTFELT THANKS TO ALL OF YOU GUYS ONCE AGAIN!

 

Hello again,
Today I received a notice that "Updates are Available". Upon further investigation, I find that one of the 2 "Important" updates is for:

NVIDIA Corporation driver update for NVIDIA nForce 590/570/550 Serial ATA Controller
Download size: 71 KB

Is it safe to download this update? Isn't this what I just fixed in the previous post to make my computer come back to life? Please advise! Thanks!

P.S. The other "important" update is for 2007 Microsoft Office Suite Service Pack 1 (SP1)....I'm guessing that one is safe to install?

 

No, please skip that driver. If you right click, you can hide the update.

Office Sp1 should be safe. I've got it.

 

Skipped the Nvidia driver and downloaded the SP1 and everything seems fine. Thanks again to ALL you guys for your expertize, and your willingness to help out those of us who know enough to get our computers in trouble, but not rescue them! Many thanks to Adrynalyne, Goran.P, Dr.M, and even Chaslang over on the Malware board for directing me your way! You guys should be paid for this, but it's great that it's free! They should put a donation link up, as I know I've used MajorGeeks SEVERAL times in the past few years! Thanks again, have a successful and happy New Year, and I'll see you on the next mishap I create for myself! Take care!

 

Don't count yourself out--you did a lot of the leg work debugging the memory dump.

 

But I still think you have too much processes in task manager.65,o boy.

 

I actually just checked Task Manager again, and it is running 70 processes!!!!!!!!!!! The difference is, though, that now it is spot-on, and not missing a beat, as it was before this happened! It literally boots up in like 20 seconds now.....in fact, last night when it was finally cleared up, it rebooted, RAN CHKDSK UTILITY, booted up, and logged on with everything running FASTER than just logging on from the switch user mode before! It's amazing what changing one little thing can do to a computer! Thanks again......hmmm, I wonder if I'd be able to post that Task Manager log now? Better just leave well enough alone, I think!

 

The amount of processes does not mean a slow computer.

Nor does the amount of startup items. Its all relevant to the hardware and the software that is loading.

My laptop smokes.

Note my task manager.

 

Hey Guys,
I hate to post AGAIN, and I'm not even sure that this is the right place, but I thought since you guys were on top of it earlier in the week, perhaps it is something that pertains to my earlier problems. I came home from work today and noticed that my wife was on the laptop, and the computer was shut down once again. I asked her what happened and she said that it gave her a "Windows Hard Drive Failure Notice". It said that the hard drive was failing, and that the drive should be backed up before proceeding, so she just shut it down and left it for me. I turned the computer on and immediately the same warning popped up for me. I am running the computer as we "speak" and everything seems to be alright, but the warning is saying that I shouldn't use the computer until everything is backed up and the drive is repaired! Any ideas, or should I go to the Hardware forum? Thanks for posting!


Signed,
Getting tired of this!

 

OK, I ran the chkdsk......it ran for literally 3 seconds, and stated that there were no errors on disk. So, then it booted up and I immediately got the "Windows detected a hard disk problem" warning once again! Any other thoughts? It is a Seagate SATA II drive 320gb. Should I unplug the drive and plug it back in? I have to leave the house for a few hours, so I'll have to get back to you later. Thanks again for helping!

 

Back up your data immediatley and prepare to be putting in a new hard disk.

 

I can't believe this......this hard drive was just purchased on July 30th! At least it is still under warranty!

 

Ok, I downloaded the program and tried to run it, but it failed about 10% into it. So, I downloaded and burned the ISO version on CDRW, but when I try to open it to run the program, Nero keeps popping up and acting like it wants to burn something to disk. Is there something that I have to do different? Should I be trying to boot from cd instead?? I don't know what to do at this point....everything seems to be working fine, but I keep getting the message so something HAS to be wrong. ???

 

I am currently running CHKDSK again, and this time it is actually running because it is taking like 25 minutes, unlike the 3 seconds it took the last time! I checked the automatically fix box, so hopefully it will help with the drive. So far, it is in stage 5 of 5 and has produced these results:

CHKDSK is verifying files (stage 1 of 5)
142848 file records processed.
File verification completed.
447 large file records processed.
0 bad file record processed.
2 EA records processed.
60 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)
507680 index entries processed.
Index verification completed.
5 unindexed files files processed.
CHKDSK is verifying security descriptors (stage 3 of 5)
142848 security descriptors processed.
Security descriptor verification completed.
13584 data file processed.
CHKDSK is verifying Usn journal.
36705640 USN bytes processed.
USN Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)
142848 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)
30 percent complete.....

 

CHKDSK finished running, and in the flurry of the page, it stated that the drive was clean, that it had repaired some files, and then it rebooted. Windows started up, I was about to log on to post in this forum, and I got the Windows has detected a hard drive problem message again.......



I'M SO SICK OF COMPUTERS AFTER THIS HOLIDAY, I'M GOING TO THROW IT OUT THE WINDOW!!!!!!!!!:cry

 

Software probably isnt going to help you here. Your hardware is reporting the failure, and its not with the actual disk surface, in which chkdsk only addresses. Software on your computer (Im not aware if Windows is able to display it) is reporting the findings from S.M.A.R.T.



Run this as previously mentioned and see what you find.

http://www.majorgeeks.com/Seagate_SeaTools_for_Windows_and_DOS_d2858.html

 

I've tried that in an earlier post....it runs for about a minute (usually around 10%) and then says "scan failed"! I've tried "short drive self test", "long drive self test", and "long generic", all with the same result! I even burned it to cdrw, but it wouldn't even open up (again...posted earlier)...kept opening Nero and trying to burn another disk! I don't know.....I'm just disgusted at this point! After all I've been through since Christmas with this D@^^# computer, and now THIS! I'm fed up! I guess I'd better contact Seagate about a return authorization.

 

The scan failed portion basically means the drive is dying.

 

I have another Seagate 300gb SATA hard drive available.....before my old (as in SIX MONTHS OLD!) drive dies, is there some way that I can install the new drive and transfer all the files over to that so that I don't have to wait on Seagate to send me a new drive, or lose all my info in the process of the drive dying? I've tried to do a Complete PC Backup, and it told me that I needed 6-10 disks. Well, it got about half way through the first one, and failed (told me to discard disk, and start over.....after two hours of that, I'm not even going there again!). How do I set up a RAID drive, and would that even be able help to me? Remember that I am computerally challenged! Any suggestions?