Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 903
  • Last Modified:

System shuts down in normal mode after a error dialogue box is displayed.

When I boot up in normal mode and login in after about a minute I get an error dialogue box. After I either send the error to MS or just close the dialog box, the computer runs for about a minute and then I get a dialogue box with the error message: ." this system is shutting down..the process c:\windows\system32\isass.exe teminated  code is 1073741819'.

After the message goes thru a 60 second count down, the system seems to hang and the only way to restart the computer is with a hard boot.

I am using a Dell Workstation 690.

Jeff Waymack
206 634-0849
Services---ContollerInfo-1.jpg
Error-Mess-Contents-.jpg
Error-Report-Content.jpg
Shut-Down-DB.jpg
hijackthis.log
stinger1001602.txt
FxSasser.log
0
Starbuck67
Asked:
Starbuck67
  • 7
  • 6
  • 5
  • +3
4 Solutions
 
orangutangCommented:
Do you have SP3? Also, scan with Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php)
0
 
jazzIIIloveCommented:
GTCO\xpoint32.exe
and wintab are the cradle i think...

malwarebytes now!
www.malwarebytes.org/
0
 
jazzIIIloveCommented:
let me say a nice detailed question...best regards...
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
willcompCommented:
If there are any recent minidump files in C:\Windows\Minidump folder, attach the two latest in a comment after renaming to a .txt extension.
0
 
nobusCommented:
0
 
Mohamed OsamaSenior IT ConsultantCommented:
This is a heavily infected system, you need to do the below

- ensure the system is up to date with regards to critical & security hotfixes from Microsoft (windows update)
- at the very least patch the MS08-067 vulnerability (which I believe is the source of this)

- download, install , update & run a full scan using Malwarebytes Antimalware .

http://www.malwarebytes.org/mbam.php


Hope this helps.

0
 
Starbuck67Author Commented:
Responsese:

orangutang:
Do you have SP3? Also, scan with Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php)

No, I do not. Last time I added SP3 I had all sorts of problems and ended up having to reinstall the OS and all apps.

***************************************************
jazzIIIlove:
GTCO\xpoint32.exe and wintab are the cradle i think..

I'm not sure what "are in the cradle" means. However, from my own research w2gtcc seems to be connected to wintab. I currently have my Calcomp digitizer disconnected in case that is the problem. However, I still get errors for w2gtcc in the System Event viewer on reboots..

************************************************willcomp:
If there are any recent minidump files in C:\Windows\Minidump folder, attach the two latest in a comment after renaming to a .txt extension.

Done. See attachments.

*************************************************
nobus:
is it isass or Lsas ?
http://www.annoyances.org/exec/forum/winxp/t1075745139

I read the article. In trouble shooting I did from the internet, one suggestion was to check for multiple copies of Lsass.exe and delete all copies except the one in C:\Windows\System32. I did find two other copies which I deleted. This did not solve my problem.

**************************************************

Is this what you were looking for?
Yes No
Admin3k:
This is a heavily infected system, you need to do the below

- ensure the system is up to date with regards to critical & security hotfixes from Microsoft (windows update)
- at the very least patch the MS08-067 vulnerability (which I believe is the source of this)

- download, install , update & run a full scan using Malwarebytes Antimalware .

http://www.malwarebytes.org/mbam.php

Other than not installing SP3 for above reason, I am up to date on all security hotfixes from Microsoft.

*******************************************

General Comment

Seems everybody likes the Malware product. I currently use Norton System Works and based on internet suggestion tried & bought Panda Virus Scan 2.0 that runs from the internet. I guess I could buy another detection program, but it seems like next time, someone else will suggest their own favorite.

Just complaining, but money doesn't grow on trees (now especially here in the U.S.).

Thanks for all your help so far!

Jeff Waymack
Mini090108-01.txt
Mini100908-01.txt
0
 
willcompCommented:
Malware Bytes AntiMalware has a free version that is all you need. It can be installed along with your AV software.

Minidumps are rather old. Latest one (about a month ago) was caused by a Norton driver. See if there are any newer minidump files.
0
 
jazzIIIloveCommented:
Hi there;

I personally use MalwareBytes with my AV solution, Norton Corporate...

Especially when i got infected with Antivirus2009 shit, MalwareBytes was my savior that is the reason why i recommnend using it...

Best regards...
0
 
jazzIIIloveCommented:
<<I'm not sure what "are in the cradle" means. However, from my own research w2gtcc seems to be <<connected to wintab. I currently have my Calcomp digitizer disconnected in case that is the problem.

cradle = source...

Let's remove Calcomp and examine the result...

Best regards...
0
 
Starbuck67Author Commented:
Responses:

*******************************************
willcomp:
Malware Bytes AntiMalware has a free version that is all you need. It can be installed along with your AV software.

Minidumps are rather old. Latest one (about a month ago) was caused by a Norton driver. See if there are any newer minidump files

There are no newer minidumps
I will download the free version of Malware and run it.

*********************************************************
jazzIIIlove:
<<I'm not sure what "are in the cradle" means. However, from my own research w2gtcc seems to be <<connected to wintab. I currently have my Calcomp digitizer disconnected in case that is the problem.

cradle = source...

Let's remove Calcomp and examine the result..

By remove, do you want me to uninstall the Calcomp Digitizer driver from Add Remove Programs?
0
 
jazzIIIloveCommented:
>>By remove, do you want me to uninstall the Calcomp Digitizer driver from Add Remove Programs?

Yep...
0
 
Starbuck67Author Commented:
I ran the Malware scan and have attached the log from that.

****************************************
jazzIIIlove:
>>By remove, do you want me to uninstall the Calcomp Digitizer driver from Add Remove Programs?

Yep...

Will do next.
mbam-log-2008-11-04--14-39-55-.txt
0
 
jazzIIIloveCommented:
hi there;

ok...since you fix the problems i guess...now let's have a kaspersky online scanner and see the situation...google kaspersky online scanner...

Best regards...
0
 
Starbuck67Author Commented:
Hi,

Here's the latest progress...


1) Ran Kaspersky - see attached file and corrected errors
2) Uninstalled Calcomp digitizer driver & software and then reinstalled the same
3) Rebooted after Calcomp process. Checked System Events and error for w2gtcc was still present. Digitizer works fine. Used computer sucessfully for 1 day.
4) Started bringing on line remote Lacie drives one at a time (firewire connection). Ran scans on each drive using Norton, Malware, Panda Active Scan 2.0 and then Kaspersky. Second drive has two partitions which I check individually.
5) Several software scanning utilites (Malware & Active Scan 2.0) identified possible security holes with various MS Operating and Communication software programs (Internet Explorer, DirectX9, etc). Using links provided by Active Scan 2.0, I installed 15 different MS security patches.
6) After installing MS security patches, I rebooted and received a 'PAGE_FAULT_IN_NONPAGED_AREA' bluescreen. I tried restarting in Normal Mode three times with the same result.
7) Rebooted in Safe Mode w/ Internet Access and I am now writing this to you.

Jeff
Kaspersky-Scan.txt
0
 
willcompCommented:
PAGE_FAULT_IN_NONPAGED_AREA --- there should be a minidump associated with this one. If so, attcah a copy to a comment as before.
0
 
Starbuck67Author Commented:
Responses:

**********************************************
willcomp:
PAGE_FAULT_IN_NONPAGED_AREA --- there should be a minidump associated with this one. If so, attcah a copy to a comment as before.

I seem to have the minidump generation some how turned off. Last file I have is date back in September of this year. What do I need to do to start generating minidumps again?

*****************************************
In other news...

I thought the problem might be a memory card error and so contacted Dell tech support. After trying several settings on my system and then trying to restore my system to earlier restore points he suggested to try uninstalling the recent security patches (see my previous note) on my system and then rebooting after each patch. I started on that process and after removing the second patch with no further success (still had Blue Screen...PAGE_FAULT_IN_NONPAGED_AREA) I decided to try disabling my digitizer and uninstalling related software.

This did not solve the problem and so I then disconnected the two remote Lacie drives (fire wire connnected thru Lacie fire wire card). After doing that and restarting the computer the Blue Screen was gone. I have talked to the tech people at Lacie and they have suggested...

1) Try USB
2) Try the fire wire connection on my workstation instead of their card
3) Try shifting their firewire card to another PCI slot.

I am now in the process of trying those suggestions.

Any other thoughts...?

Jeff

PS. Don't forget to tell me how to get minidumps generating again.
0
 
willcompCommented:
1.      Click Start, point to Settings, and then click Control Panel.
2.      Double-click System.
3.      Click the Advanced tab, and then click Settings under Startup and Recovery.
4.      In the Write debugging information list, click Small memory dump (64k).
0
 
Starbuck67Author Commented:
Responses:

**********************************************
willcomp:
1.      Click Start, point to Settings, and then click Control Panel.
2.      Double-click System.
3.      Click the Advanced tab, and then click Settings under Startup and Recovery.
4.      In the Write debugging information list, click Small memory dump (64k).

Here's an image of the Startup and Recovery dialog box when I opened it up. It looks like it is already setup correctly. If the minidump files are being created (?) then why don't I see them (what are they named and where are they located).

The minidump files I attached earlier came from this directory:

C:\WINDOWS\Minidump

Startup-Recovery.jpg
0
 
willcompCommented:
Minidumps should be created (settings are correct) and directory is C:\Windows\Minidump (%systemroot%\Minidump) assuming XP is installed in C:\Windows.
0
 
Starbuck67Author Commented:
Following items seemed to have resolved issue

1) Scans with Malware, Panda Active Scan 2.0 and Kaspersky cleaned up part of the problems.
2) There was some sort of conflict with a Lacie external drive and fire wire technology. Staff at Lacie helped trouble shoot the problem, but when the problem was identified, they had no solution. My work around is to use the USB connection for the problematic drive.
3) The possible problem with the Calcomp digitizer seems to stem from the fact the hardware and related driver have not been tested with XP. My conclusion is that the error' wg2tcc' represents an ability for XP to resolve the old driver. Although the event error always appears, my computer and the digizing tablet both work fine.

This problem arose from a file downloaded through Emule, I think. After fighting past the error message and automatic 60 second reboot by using safe mode and virus software in item (1) I was able to continue to resolve the individual problems above. This whole process took me nearly 5 days with probably nearly 100 reboots (that are really slow).

Thanks to all!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 7
  • 6
  • 5
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now