Service Control Manager Error, Event ID 7000

Hello There.

I have recently taken my machine back to factory settings due to serious BSOD issues (hal.dll problems). I have been watching the event viewer while loading up files, programs and surfing the net. I have noticed very regulary that I am getting the error: "The regi service failed to start due to the following error: Cannot create a file when that file already exists."
Can someone help me isolate what is causing this error? I believe it is in part responsible for my latest BSOD after the factory reset:confused

I am currently running a Toshiba Qosmio I7 with w7 x64

 

If you have some recent minidump files in Windows\Minidump, copy them to your Desktop, zip then upload the resulting zip file. I'll try to debug them to gain further insight into the problem.

 

Hi Satrow

Thank you kindly for your help, I have checked the minidump file and it is empty. After the factory reset it has wiped the Minidump folder clean. I was using NirSoft BlueScreeenView previously as a diagnostic tool but without any minidump data it won't work. Is there any other program or cmd that I could use to send through relevant data that could offer you some insite?

 

Hmm, first check that your dumps are set correctly, follow the walkthrough over at Caliban's site. That way there's a good chance you'll get a dump to upload if you get BSOD'ed again.

So you had problems before this with Hal.dll problems - that could have been Hal-related files being damaged = vital for booting Windows; after a reload (was it from a built-in recovery method?), you're now getting what seems to be a pretty rare error being logged - there's a chance that a badly written piece of malware could be the root cause of this, I'll ask one of our malware experts to look at this thread, if they suspect anything, they'll give you specific instructions.

I have a dozen or so pages currently loaded that may give me a better insight into what this might be, I'll be back later with further questions or instructions. In the meantime, you could check for any other common events in the logs just before each of these errors, any kind of sequence.

If you get a dump, upload it, If I don't reply within 18 - 24 hours, bump the thread - it's my birthday and I might get somewhat distracted/dragged away, whatever

 

Happy Birthday Satrow

1) I have change the error log settings as per Caliban's site.
2) The reload was from built in recovery method ( Toshiba Recovery Wizard) I followed the instructions to "Recovery of factory Default Software"
3) I read your thread then started to look for sequences as you suggested. I have found almost religiously that when I restart the computer and check my event viewer I see the same 2 warnings and 1 error message appear (over 4 restarts this pattern was observed) the pattern consisted of:

a) "Warning" WLAN AutoConfig service has successfully stopped. Event ID 4001

b) "Warning" Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Event ID 11

c) "Error" The regi service failed to start due to the following error: Cannot create a file when that file already exists. Event ID 7000

a) b) and c) happen in that order so that the error is at the top straight after the restart

If it wasn't for the Event Viewer I would not have realised that there was an issue as every thing loads up fine and smoothly, but I can't help feeling that it is associated with my constant BSOD.. appreciate your help

 

Thanks

So the recovery was performed from the computer via a Recovery disc or inbuilt, from a hidden data partition?

a) can probably be safely ignored, it's either not in use/disabled or superceded by Tosh. software equivalent (or physically turned off).

b) is a heads up warning you to check the libraries, if you don't recognize them, there's a chance they could be malware

c) try finding out what Service this is actually referring to: open Device Manager > View > Show hidden devices, then expand the Non-plug and play Drivers section and carefully work through that list - it should be there somewhere. It's possible that this a bugged install of something that's trying to load twice.

Is there anything else, minor even, that you've noticed behaving differently recently?

 

Guess What?
with c) I took your advice and went into the Non-plug and play Drivers section as per instruction (brilliant) I found a file called regi that had a ! mark on it and when I clicked to look at the driver it said it didn't have one and in the properties the program that owned this file was unknown. I took a risk and unistalled the program and that error message doesn't come up now when I restart. I hope there will be no more issues by removing that program. :confused

I'm not sure if that was a cause of my frequent BSOD but here's hoping.

Now you asked if I have noticed anything a behaving a little differently, well my graphics card Nvidia GeForce GTS 360M periodically crashes (the screen goes black momentarily) then quickly recovers and all is good. I will now look to update that driver from the Nvidia site after this message.

The question I have for you though is, with b) of your last message what is the best way to check the libraries and what specifically would I be looking for?????

 

Excellent! Now tell us what the program was called in c) for future reference and also so we can check out if it might have been related to any of the other problems Also the wording of the error indicated that the driver/file was already in place - puzzling.

The nVidia thing reads like a pretty common problem that's been around for a long time, no known fix that suits all, as far as I'm aware. It can be almost impossible to figure out.

I'm unsure myself, I assumed it referred to the W7 libraries as seen from Explorer - I don't use them! Perhaps someone else will stop by and confirm or deny that?

 

The File itself was called "regi".....simple really.......:-D
thanx for your help you guys are razor sharp cheers

 

Ah, yes I just reread the post and I see there was no file name listed to help trace it.

I'd still like to see a BSOD dmp file when/if you get one, it'll give us a much better handle on things.

 

This will be logged depending on the values of AppInit_DLLs and LoadAppInit_DLLs for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
For detailed information view this MSDN page.

It's likely that the REG_DWORD value of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs is set to 1, so have a look at the REG_SZ value of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs. If there is no data listed for AppInit_DLLs, then just change LoadAppInit_DLLs from 1 to 0 and this will no longer be erroneously logged.

If there is data listed for AppInit_DLLs and you are unsure as to what the DLLs are used for, then post back with a listing of the DLLs.

 

As soon as I get the Next BSOD I will let you know..........appreciate your support.