Comp won't shut down! Restarts with Blue Screen!

I

indijones

Member
Since last night, whenever I'm trying to shut down the blue screen appears with the message that it's dumping physical memory and starts counting and then restarts the computer! After that I get a message box showing the following:

QUOTE:

Windows has recovered from an unexpected shutdown

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: f4
BCP1: 0000000000000003
BCP2: FFFFFA800C62BC10
BCP3: FFFFFA800C62BE48
BCP4: FFFFF800022FAAF0
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\Mini050310-09.dmp
C:\Users\Nighat\AppData\Local\Temp\WER-182973-0.sysdata.xml
C:\Users\Nighat\AppData\Local\Temp\WER2606.tmp.version.txt

UNQUOTE

I even tried to do a System Restore but when the comp shuts down to set up the restore point, blue screen shows up and repeats the whole process. Did a scan with Malware Bytes but still the same. I'm dead scared about the blue screen. Please HELP!!!

My System is 64 bit with 8GB RAM, Intel Core 2 Quad 2.33 GHz Processor with 350 GB hard drive.
 

My Computer

System One

My Computer

System One

  • Manufacturer/Model
    Home Grown Desktop
    CPU
    Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
    Motherboard
    ASUS P5B-E
    Memory
    3006 MB
    Graphics Card(s)
    NVIDIA GeForce 8400 GS 512MB
    Sound Card
    Motherboard - SoundMax
    Monitor(s) Displays
    ViewSonic VX2235wm / Dell 17" Generic PnP Anolog
    Screen Resolution
    1680 x 1050 x 4294967296 colors / 1024 x 768
    Hard Drives
    3 x ST3250620AS 250GB SATA IDE
    1 x WDC WD1200JD-00GBB0 120 GB SATA IDE
    PSU
    Enerrmax 535W All-in-one SLI 20/24+6+
    Case
    Antec Sonata
    Cooling
    Antec 12cm SmartCool
    Keyboard
    Logitech LX710
    Mouse
    Logitech MX100 Laser
    Internet Speed
    Bell Canada DSL 12MBps (supposedly)
    Other Info
    2 x HP Pavilion 9700v Laptops
Hello indijones,
This is the result of your bugcheck.

STOP 0x000000F4: CRITICAL_OBJECT_TERMINATION

Open a command prompt as administrator and type sfc/scannow press enter and let it scan, if errors are found, you may need to run it more than once, until the system is clean.

Download and run these free apps.

CCleaner - Optimization and Cleaning - Free Download (Backup Your Registry When Prompted).

Malwarebytes

Go to the Event Viewer and see if there are errors there that point to a system problem.


Look in your processes list and look for a process with the name hey.exe let me know if its there, in some cases this has been linked to a Trojan. If it is present, stop the process and see if the problem disappears.

Also, can you please list your system specs, thanks.

Give this a try, good luck and post your results.
 

My Computer

System One

  • Manufacturer/Model
    Self Build
    CPU
    QX9650 (black box) [email protected]
    Motherboard
    Asus P5Q Premium
    Memory
    8GB-4x2GB Corsair Dominator DDR 2-1066
    Graphics Card(s)
    2 x ASUS EAH 4870 X 2 (Quad)
    Sound Card
    Supreme FX 2
    Monitor(s) Displays
    Fujitsu Siemens 22inch flat screen
    Screen Resolution
    1680x1050
    Hard Drives
    150 Gig WD Raptor
    300 Gig Maxtor
    300 Gig Maxtor, (External)
    PSU
    CoolerMaster 1000
    Case
    CoolerMaster N-Vidia stacker 830
    Cooling
    Noctua NH-U12P x 1x120mm fan, 6x120mm case fans
    Keyboard
    Logitech G15
    Mouse
    Logitech G5
    Internet Speed
    20Mbps
    Other Info
    Audio FX Pro 5+1 gaming head set
Thanks for stepping in, stoneys-nutz; been busy.

indijones, also note the following:

Run a full scan of MalWareBytes in Safe Mode, to avoid conflicts with other programs.

If it finds hey.exe anywhere or csrss.exe anywhere other than in the Windows\System32 folder, delete them. csrss.exe is a legitimate Windows program, but only if it's in that folder.

It should find one or both, but, if it doesn't, run a search looking for them.

Ed
 

My Computer

System One

  • Manufacturer/Model
    Home Grown Desktop
    CPU
    Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
    Motherboard
    ASUS P5B-E
    Memory
    3006 MB
    Graphics Card(s)
    NVIDIA GeForce 8400 GS 512MB
    Sound Card
    Motherboard - SoundMax
    Monitor(s) Displays
    ViewSonic VX2235wm / Dell 17" Generic PnP Anolog
    Screen Resolution
    1680 x 1050 x 4294967296 colors / 1024 x 768
    Hard Drives
    3 x ST3250620AS 250GB SATA IDE
    1 x WDC WD1200JD-00GBB0 120 GB SATA IDE
    PSU
    Enerrmax 535W All-in-one SLI 20/24+6+
    Case
    Antec Sonata
    Cooling
    Antec 12cm SmartCool
    Keyboard
    Logitech LX710
    Mouse
    Logitech MX100 Laser
    Internet Speed
    Bell Canada DSL 12MBps (supposedly)
    Other Info
    2 x HP Pavilion 9700v Laptops
stoneys-nutz said:
Hello indijones,
This is the result of your bugcheck.

STOP 0x000000F4: CRITICAL_OBJECT_TERMINATION

Open a command prompt as administrator and type sfc/scannow press enter and let it scan, if errors are found, you may need to run it more than once, until the system is clean.

Download and run these free apps.

CCleaner - Optimization and Cleaning - Free Download (Backup Your Registry When Prompted).

Malwarebytes

Go to the Event Viewer and see if there are errors there that point to a system problem.


Look in your processes list and look for a process with the name hey.exe let me know if its there, in some cases this has been linked to a Trojan. If it is present, stop the process and see if the problem disappears.

Also, can you please list your system specs, thanks.

Give this a try, good luck and post your results.
Click to expand...


Hi there!

I just went over your steps and got to the last one where I shall look after "hey.exe". The other steps didnt bring any positive result. It is there but if i try to stop it, I get the message that the OS will be shutdown immediately after the command. How can I override thatone?


I should add that I use Windows 7 Ultimate 64bit Version but i hope that doesnt matter:o.
I have amd phenom II 940, Radeon 5770 and 4GB 800mhz Kingston Ram.
 

My Computer

System One

My Computer

System One

  • Manufacturer/Model
    Self Build
    CPU
    QX9650 (black box) [email protected]
    Motherboard
    Asus P5Q Premium
    Memory
    8GB-4x2GB Corsair Dominator DDR 2-1066
    Graphics Card(s)
    2 x ASUS EAH 4870 X 2 (Quad)
    Sound Card
    Supreme FX 2
    Monitor(s) Displays
    Fujitsu Siemens 22inch flat screen
    Screen Resolution
    1680x1050
    Hard Drives
    150 Gig WD Raptor
    300 Gig Maxtor
    300 Gig Maxtor, (External)
    PSU
    CoolerMaster 1000
    Case
    CoolerMaster N-Vidia stacker 830
    Cooling
    Noctua NH-U12P x 1x120mm fan, 6x120mm case fans
    Keyboard
    Logitech G15
    Mouse
    Logitech G5
    Internet Speed
    20Mbps
    Other Info
    Audio FX Pro 5+1 gaming head set
So at the moment it looks like this:
1. I started in save mode and checked again with malwarebytes. It didnt find something new, but i activated the "all-time checking mode" which forced a file at the restart not to open. I´ll have to check the name of this one...
2. I just deleted the file "hey.exe" without any special trick.
3. After the normal restart the file isnt open.
4. The Tiny Trojan Removal Tool didnt find anything in the quick whole search and goes now with the extended edition checking the whole computer.
5. After a restart I will check if everythings working right now.
 

My Computer

System One

So I made it.
The Tiny Trojan Removal Tool didnt help me, but Malwarebytes rocks! Atm i still have the problem that after a restart Malwarebytes informs me that the Xxx.XX data is loading but it forces it down. Deleting wasnt successfull :/
However it works and I think these were the steps:

1. After a crash start Windows in safe mode. "Hey.exe" wont load up.
2. Delete "Hey.exe", whereever it is (i cant remember).
3. Use Malwarebytes and configure it to check all the time whats happening.
4. After a normal restart Malwarebytes will inform you that a program called "XxX.xXx" had been blocked.


Now just another question: How do I get rid of these left files? I show you them within the log of Malwarebytes:
C:\Users\Kleriker\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Kleriker\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Kleriker\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

Thanks for every help which was given, especially to stoneys-nutz! Thanks!
 

My Computer

System One

Guys, THANKS for your responses. When the blue screen showed up the first time, I checked Processes under Task Manager and found HEY.EXE and CSRSS.EXE. When I tried to delete them from Task Manager, computer rebooted with blue screen. They are still there. I'll follow your instructions and post the results. THANKS again!
 

My Computer

System One

I ran sfc/scannow that gave the message "Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in C:\Windows\Logs\CBS\CBS.log" which is 44MB. Then I ran CCLEANER that deleted some temp files and registry files. I backed up registry before doing that.

I did a full scan with MalwareBytes that gave the following log:

QUOTE
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
5/4/2010 20:49:59
mbam-log-2010-05-04 (20-49-59).txt
Scan type: Full scan (C:\|)
Objects scanned: 578679
Time elapsed: 1 hour(s), 59 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Nighat\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Nighat\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Nighat\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
UNQUOTE

Then I ran Downloader Tiny Trojan Removal Tool that showed the following infected files:

C:\Windows\SysWOW64\Process.exe
C:\Windows\System32\Process.exe
HKEY_CLASSES_ROOT\CLSID\00000000-0000-0000-0000-000000000000

Task Manager shows hey.exe*32 (1 file, 2944k) and csrss.exe (2 iles: 2652k & 3256k). A search shows the location C:\Users\Nighat\AppData\Roaming for hey.exe and C:\Windows\System32 for csrss.exe. The surprising thing is that the size of csrss.exe in System32 folder is 7.5kb! No other csrss.exe shows up in the search! I tried to delete hey.exe from Roaming folder but wouldn't let me saying that the program is running. Also tried to delete csrss.exe from Task Manager that resulted in rebooting with blue screen.

Now what shall I do next? Shall I delete Process.exe files and Reg Value that Downloader Tiny Trojan Removal Tool detected?

My system is 64 bit Vista Home Prem on Acer Desktop with 8GB RAM, Intel Core 2 Quad 2.33 GHz Processor with 350 GB hard drive. Thanks!
 

My Computer

System One

I rebooted the comp in safe mode after blue screen and deleted hey.exe from Roaming folder. After that the computer shut down normally and the blue screen is gone! But still I see 2 csrss.exe files in Task Manager. This problem has screwed up a few of my programs that I have to reinstall. I'll turn the computer off normally again and see what happens. Will post the result tomorrow. Thanks to all of you!
 

My Computer

System One

csrss stands for "Client Server Run Time Subsystem", and is an essential subsystem that must be running at all times, so i would leave that alone.
 

My Computer

System One

  • Manufacturer/Model
    Self Build
    CPU
    QX9650 (black box) [email protected]
    Motherboard
    Asus P5Q Premium
    Memory
    8GB-4x2GB Corsair Dominator DDR 2-1066
    Graphics Card(s)
    2 x ASUS EAH 4870 X 2 (Quad)
    Sound Card
    Supreme FX 2
    Monitor(s) Displays
    Fujitsu Siemens 22inch flat screen
    Screen Resolution
    1680x1050
    Hard Drives
    150 Gig WD Raptor
    300 Gig Maxtor
    300 Gig Maxtor, (External)
    PSU
    CoolerMaster 1000
    Case
    CoolerMaster N-Vidia stacker 830
    Cooling
    Noctua NH-U12P x 1x120mm fan, 6x120mm case fans
    Keyboard
    Logitech G15
    Mouse
    Logitech G5
    Internet Speed
    20Mbps
    Other Info
    Audio FX Pro 5+1 gaming head set
Hi indie,

Stoney's right; csrss.exe normally shows up twice. The sizes you mentioned are showing how much memory it's using, not the file size. Leave it alone.

Yes, delete both of the process.exe files, and the HKEY_CLASSES_ROOT key; they're not a part of Windows.

You've likely still got some program file somewhere on your system that generated that hey.exe file in the first place. In future, it'd be a good idea to run MalWareBytes full scan on a regular (say, weekly) basis. And be careful of what you download...

Ed
 

My Computer

System One

  • Manufacturer/Model
    Home Grown Desktop
    CPU
    Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
    Motherboard
    ASUS P5B-E
    Memory
    3006 MB
    Graphics Card(s)
    NVIDIA GeForce 8400 GS 512MB
    Sound Card
    Motherboard - SoundMax
    Monitor(s) Displays
    ViewSonic VX2235wm / Dell 17" Generic PnP Anolog
    Screen Resolution
    1680 x 1050 x 4294967296 colors / 1024 x 768
    Hard Drives
    3 x ST3250620AS 250GB SATA IDE
    1 x WDC WD1200JD-00GBB0 120 GB SATA IDE
    PSU
    Enerrmax 535W All-in-one SLI 20/24+6+
    Case
    Antec Sonata
    Cooling
    Antec 12cm SmartCool
    Keyboard
    Logitech LX710
    Mouse
    Logitech MX100 Laser
    Internet Speed
    Bell Canada DSL 12MBps (supposedly)
    Other Info
    2 x HP Pavilion 9700v Laptops
Your very welcome, glad you got it fixed. good luck. :)
 

My Computer

System One

  • Manufacturer/Model
    Self Build
    CPU
    QX9650 (black box) [email protected]
    Motherboard
    Asus P5Q Premium
    Memory
    8GB-4x2GB Corsair Dominator DDR 2-1066
    Graphics Card(s)
    2 x ASUS EAH 4870 X 2 (Quad)
    Sound Card
    Supreme FX 2
    Monitor(s) Displays
    Fujitsu Siemens 22inch flat screen
    Screen Resolution
    1680x1050
    Hard Drives
    150 Gig WD Raptor
    300 Gig Maxtor
    300 Gig Maxtor, (External)
    PSU
    CoolerMaster 1000
    Case
    CoolerMaster N-Vidia stacker 830
    Cooling
    Noctua NH-U12P x 1x120mm fan, 6x120mm case fans
    Keyboard
    Logitech G15
    Mouse
    Logitech G5
    Internet Speed
    20Mbps
    Other Info
    Audio FX Pro 5+1 gaming head set
You must log in or register to reply here.
Back
Top