Vista64 BSOD - Driver, Hardware, Software?

[mitchellb]

System Info:

Operating System
MS Windows Vista Home Premium 64-bit SP2

CPU
Intel Mobile Core 2 Duo T5800 @ 2.00GHz 150 °F
Merom 65nm Technology

RAM
4.0GB Dual-Channel DDR2 @ 399MHz (6-6-6-18)

Motherboard
Compal 30F7 (CPU)

Graphics
Generic PnP Monitor (1280x800@60Hz)
Mobile Intel(R) 4 Series Express Chipset Family
Mobile Intel(R) 4 Series Express Chipset Family

Hard Drives
244GB FUJITSU MHZ2250BH G2 ATA Device (SATA)

Optical Drives
PIONEER DVDRW DR-TD08HB ATA Device

Audio
IDT High Definition Audio CODEC


I want to thank members who take the time to help address my PC errors. Your help is very much appreciated.

 

[ilikefree]

It's about 3:30am where Richc46 is just now.

 

[richc46]

Your BC code is 21 A.

0xC000021A: STATUS_SYSTEM_PROCESS_TERMINATED
This occurs when Windows switches into kernel mode and a user-mode subsystem, such as Winlogon or the Client Server Runtime Subsystem (CSRSS), is compromised. Security can no longer be guaranteed. Because Win can’t run without Winlogon or CSRSS, this is one of the few situations where the failure of a user-mode service can cause the system to stop responding. This Stop message also can occur as a result of malware infestation or when the computer is restarted after a system administrator has modified permissions so that the SYSTEM account no longer has adequate permissions to access system files and folders.

This code is rare. Although I have a list of BC codes I had to Google to find this one. May I suggest. That you run a full anti virus scan and download and run malwarebytes full scan.

Did you make any changes near the time the problem first happened?

Because at best it takes a few BSODs to satisfactorily diagnose, may I suggest that you wait unti you get 2 or 3 more and then post again.

 

[mitchellb]

Just to clarify, this error isn't due to a driver or hardware problem?

I will follow up after I finish with the virus and maleware scan. The BSOD usually occurs will browsing the internet (facebook, aol mail, wordpress, flickr). Sometimes on iTunes or Paint.NET

Because at best it takes a few BSODs to satisfactorily diagnose, may I suggest that you wait unti you get 2 or 3 more and then post again.

I will follow up later after 2 or 3 more BSODs. Am I to follow the "Blue Screen of Death (BSOD) Posting Instructions" again?

 

[richc46]

Run a full anti virus scan. Download and run a full scan with malwarebytes. If nothing is found use the computer. Then give me the dump reports as you get them. Use the posting instructions.
Dont think that its hardware.

 

[mitchellb]

Alright just finished from a full virus scan (Avira AntiVir Personal) - nothing was found, as well as a full malware scan (Malwarebyte's Anti-Malware). Infected files were found. Currently they are sitting in the quarantine section.

Should they be deleted?

I attached the log to post.

 

[richc46]

If they are in quarantine thats fine.
If you can delete, that would be even better, but not required.
Dont just delete yourself. If the AV can do it go with that.

 

[ilikefree]

You could be interested in this.

QFX Software - Anti-Keylogging Software and More

I use it, it just runs in the background

 

[mitchellb]

By "AV" you mean anti-virus?

But the malwarebytes' program detected the the threats, shouldn't they be deleted by the same program and not the Anti-Virus?

I'm assuming if I don't recieve future BSODs then all is well, and if I do recieve a BSOD, I am to report it for assistance.

Thank you, your help is very much appreciated.

 

[richc46]

By "AV" you mean anti-virus?

But the malwarebytes' program detected the the threats, shouldn't they be deleted by the same program and not the Anti-Virus?

I'm assuming if I don't recieve future BSODs then all is well, and if I do recieve a BSOD, I am to report it for assistance.

Thank you, your help is very much appreciated.

MB should delete
If you get a BSOD post the mini dump as before.

 

[mitchellb]

You could be interested in this.

QFX Software - Anti-Keylogging Software and More

I use it, it just runs in the background

@ilikefree

I want to state that the keylogger (Desktop Shark) was installed by me. I followed the websites uninstall instructions. I'm assuming like all programs when uninstalled, there was left over data.

Although, I could be wrong due to it being detected by Malwarebytes'. As this would be the first encounter of keylogger data on my HP Notebook. I could not find any evidence of the file being related to Desktop Shark Keylogger.

Suggestions on verifying it's DesktopShark leftover data after uninstall?

I will look into Anti-Keylogger, as suggested.

Thank you, your advice is very much appreciated.

 

[mitchellb]

By "AV" you mean anti-virus?

But the malwarebytes' program detected the the threats, shouldn't they be deleted by the same program and not the Anti-Virus?

I'm assuming if I don't recieve future BSODs then all is well, and if I do recieve a BSOD, I am to report it for assistance.

Thank you, your help is very much appreciated.

MB should delete
If you get a BSOD post the mini dump as before.

Alright, will do. If BSOD occurs, I will post.

 

[ilikefree]

The anti-keylogger post I gave you is a safe program and I have uninstalled it with Revo-Uninstaller and it found no leftover files. I then reinstalled it. It's a keeper.

 

[mitchellb]

As before thank you for your suggestions.

 

[mitchellb]

So I got another BSOD, I will follow posting instructions for help. Should I post my BSOD error here or create a new thread?

 

[richc46]

Keep everything in this thread.

 

[mitchellb]

Sorry for the delay. Another BSOD error occurred.

I ran the .EXE (BSOD Memory Dump & System File Collection) during the process, system crashed and BSOD appeared.

Once I was able to startup again, ran .EXE but forgot to RUN AS ADMINISTRATOR, so I close it and started all over again.

Again ran .EXE and success on process completion.

If you need the other Files (though not complete due to crash and admin, see above) I will post upon request.

The file attached is the one that was completed and not interrupted.

 

[richc46]

STOP 0xC000021A: STATUS_SYSTEM_PROCESS_TERMINATED Usual causes: User-mode device driver, system service, or third-party application, Mismatched system files

The reports are all consistent BC 21A. I was hoping for something a bit different because 21A is not a common BC and sometimes difficult to diagnose. That being said, I will have to use judgement on the correct course of action. Based upon research and experience, drivers are the most likely culprit.

Read and understand the warnings and if you agree run for 36 hours and give me all the dump reports.

Driver Verifier Inst
Since the driver that crashed you has not been listed you should run driver verifier
Please run Verifier with these settings:

Using Driver Verifier is an iffy proposition. Most times it'll crash and it'll tell you what the driver is. But sometimes it'll crash and won't tell you the driver. Other times it'll crash before you can log in to Windows. If you can't get to Safe Mode, then you'll have to resort to offline editing of the registry to disable Driver Verifier.
So, I'd suggest that you first backup your stuff and then make sure you've got access to another computer so you can contact us if problems arise. Then make a System Restore point (so you can restore the system using the Vista/Windows 7 Startup Repair feature).
Then, here's the procedure:
- Go to Start and type in "verifier" (without the quotes) and press Enter
- Select "Create custom settings (for code developers)" and click "Next"
- Select "Select individual settings from a full list" and click "Next"
- Select everything EXCEPT FOR "Low Resource Simulation" and click "Next"
NOTE: You can use Low Resource Simulation if you'd like. From my limited experimentation it makes the BSOD's come faster.
- Select "Select driver names from a list" and click "Next"
Then select all drivers NOT provided by Microsoft and click "Next"
- Select "Finish" on the next page.
Reboot the system and wait for it to crash to the Blue Screen. Continue to use your system normally, and if you know what causes the crash, do that repeatedly. The objective here is to get the system to crash because Driver Verifier is stressing the drivers out. If it doesn't crash for you, then let it run for at least 36 hours of continuous operation (an estimate on my part).
Reboot into Windows (after the crash) and turn off Driver Verifier by going back in and selecting "Delete existing settings" on the first page, then locate and zip up the memory dump file and upload it with your next post.
If you can't get into Windows because it crashes too soon, try it in Safe Mode.
If you can't get into Safe Mode, try using System Restore from your installation DVD to set the system back to the previous restore point that you created.
Enable the driver verifier
www.sevenforums.com/crash-lockup-debug-how/65331-using-driver-verifier-identify-issues-drivers.html

 

[mitchellb]

A difficult decision, I don't have access to another computer. I have to say, I don't think I will follow the procedure.

This may be a bit of a stretch but could it be this?

 

[richc46]

Looking at the reports, that does not look like a potential cause.