asked on Strange BSOD and ini file keeps opening at boot up of Win 7
I very rarely have a BSOD on my rig, but here is one that just happened and I have no clue why or if it was just a burp in Win 7 Ultimate. However, since it happened, every time I restart or bootup, and after Win 7 is up and running, notepad opens the desktop ini file and I have to manually close it. What is that all about? I have attached all files for you people to look at and give me some feedback. I am going to run my AV scans, etc. just in case.
BSOD-12-29-13.docx
122913-12745-01.dmp
file-strange.jpg
WER-28033-0.sysdata.xml
BSOD-12-29-13.docx
122913-12745-01.dmp
file-strange.jpg
WER-28033-0.sysdata.xml
Windows 7Microsoft Legacy OSWindows OS
Last Comment
ArtG2521
ASKER
Will do and doing.
ASKER
Ok, finished. Bitdefender and Malware Bytes found some stuff and took care of it. EXCEPT the desktop.ini file keeps opening up after boot up and I have to close it every time. See the image I uploaded before called "file-strange". The desktop.ini file says:
[.ShellClassInfo]
LocalizedResourceName=@%Sy
[.ShellClassInfo]
LocalizedResourceName=@%Sy
See if you can log into the system with a different username (member of administrators group) and delete the file from the different username.
Get a copy of Process Explorer (free from Microsoft). Run it. Look down in the Explorer process and see if there is any process with a strange alpha numeric label. If so, kill the process and run malwarebytes again.
... Thinkpads_User
Get a copy of Process Explorer (free from Microsoft). Run it. Look down in the Explorer process and see if there is any process with a strange alpha numeric label. If so, kill the process and run malwarebytes again.
... Thinkpads_User
your dump file points to Vsserv.exe Which is the main Bitdefender process that provides continuous real-time protection
so best uninstall bitdefender for testing
so best uninstall bitdefender for testing
You also have a few outdated drivers so update them.
Filename: 000.fcl Fri Sep 26 23:11:22 2008
Command: c:\program files\cyberlink\powerdvd10
Description: Added by the PowerDVD universal media player.
File Location: %ProgramFiles%\cyberlink\p
Filename: lmimirr.sys Wed Apr 11 08:32:45 2007
Command: %System%\DRIVERS\lmimirr.s
Description: Video driver for the the LogMeIn remote management software.
File Location: %System%\DRIVERS\lmimirr.s
Filename: 000.fcl Fri Sep 26 23:11:22 2008
Command: c:\program files\cyberlink\powerdvd10
Description: Added by the PowerDVD universal media player.
File Location: %ProgramFiles%\cyberlink\p
Filename: lmimirr.sys Wed Apr 11 08:32:45 2007
Command: %System%\DRIVERS\lmimirr.s
Description: Video driver for the the LogMeIn remote management software.
File Location: %System%\DRIVERS\lmimirr.s
Bug Check Code 50 with 2nd parameter as 0 means "Page Fault in Non Paged area while reading". It means when operating system tries to read from memory [virtual memory] which reside on RAM [Physical memory] and which is supposed not to be paged out has not been found and inorder to save from file corruption Windows operating system gives a bugcheck code 0x00000050 . The memory address fffff80003b53b41 [Virutal memory address]
Nobus is absolutly correct the process which was running during the BSOD on processor 0 was VSSERV.EXE
Even if you are getting Shell32.dll error ,please dont play with it , its operating system file which is required at the time of booting . Your explorer gets loaded on the shell so dont try to delete the file.
Its always better to test with clean boot in order to find the root cause however when its related to antivirus or any application which uses kernla mode driver which gets loaded at boot time . You need to disable it through registry so that its completely gets deactivated.
Nobus is absolutly correct the process which was running during the BSOD on processor 0 was VSSERV.EXE
Even if you are getting Shell32.dll error ,please dont play with it , its operating system file which is required at the time of booting . Your explorer gets loaded on the shell so dont try to delete the file.
Its always better to test with clean boot in order to find the root cause however when its related to antivirus or any application which uses kernla mode driver which gets loaded at boot time . You need to disable it through registry so that its completely gets deactivated.
ASKER
Ratnesh & Nobus, I'm about a mid-level tech in experience, so I do not know exactly how to disable things in the registry. I need help/instructions to do this. I have a couple of questions so I can better understand:
Is the desktop.ini file that keeps opening just after boot, the Shell32.dll error?
Nobus, when you say uninstall Bitdefender, should I uninstall and then re-install? Or run a repair install? Or talk to Bitdefender tech support and notify them of this error and let them advise as well?
I've had NO BSODs since, but this desktop.ini file that keeps opening, is it directly related to the BSOD I had? It would seem that way. If so, then Bitdefender in taking care of a problem, has caused a slight malfunction somewhere that causes the ini to keep opening, yes?
Is the desktop.ini file that keeps opening just after boot, the Shell32.dll error?
Nobus, when you say uninstall Bitdefender, should I uninstall and then re-install? Or run a repair install? Or talk to Bitdefender tech support and notify them of this error and let them advise as well?
I've had NO BSODs since, but this desktop.ini file that keeps opening, is it directly related to the BSOD I had? It would seem that way. If so, then Bitdefender in taking care of a problem, has caused a slight malfunction somewhere that causes the ini to keep opening, yes?
First Uninstall [If you can else you can follow http://support.microsoft.com/kb/816071] Bit-defender and then verify if it reappears again or not. Then we can go ahead with other action plan based on the outcome.
ASKER
Quick note:
I ran Process Explorer, and there are NO strange alpha numeric labels.
I ran Process Explorer, and there are NO strange alpha numeric labels.
Did you try deleting the file from another username?
... Thinkpads_User
... Thinkpads_User
You can't find that in Process Explorer , if want you can see that, it may be visible in procmon however at what level that matters .
Is this error you are facing is happening with only one user ? if the answer is yes then recreate the user profile .
Did you try clean boot [Disabling all 3rd party application and then boot in normal mode] ?
Are you getting this issue in safe mode as well ? Whats about safemode with networking ?
Or updating Win32k.sys and shell32.dll will help you to resolve the issue. However if BitDefender get corrupt then even upgrading the system files will also not help . SO first uninstall the Bit defender and they try to verify. Deleting shell32.dll will destabilize your system , so if you want to check rename it .
Is this error you are facing is happening with only one user ? if the answer is yes then recreate the user profile .
Did you try clean boot [Disabling all 3rd party application and then boot in normal mode] ?
Are you getting this issue in safe mode as well ? Whats about safemode with networking ?
Or updating Win32k.sys and shell32.dll will help you to resolve the issue. However if BitDefender get corrupt then even upgrading the system files will also not help . SO first uninstall the Bit defender and they try to verify. Deleting shell32.dll will destabilize your system , so if you want to check rename it .
Art - i never talked about registry - all i said was "so best uninstall bitdefender for testing "
in the mean time, you can use a free AV, like AVG, or Avast
in the mean time, you can use a free AV, like AVG, or Avast
ASKER
I am the only user. I will try a couple of these things you all suggest. Give me a day or two and then I will post the resuts. In the mean time, everyone have a Happy New Year!!
Even though you are the only user, setting up a test user is quite easy. Make it a member of the admin group. You can always remove it later.
... Thinkpads_User
... Thinkpads_User
ASKER
Since I am off from work today, here is what I have done so far:
Boot up in safe mode. desktop.ini does NOT open after boot.
Boot up in safe mode with networking. desktop.ini does NOT open after boot.
Uninstalled Bitdefender. Re-started. desktop.ini file STILL opens (in Notepad).
Re-installed Bitdefender. Re-started. desktop.ini file STILL opens (in Notepad).
Did a search for "desktop.ini" file on "C" drive. It turns up only one file by that name. See the attached image called "desktop ini search". When I open this ini file it reads the following:
[.ShellClassInfo]
IconFile=folder.ico
IconIndex=0
ConfirmFileOp=0
But the desktop.ini file that opens at every re-boot is:
(space)
[.ShellClassInfo]
LocalizedResourceName=@%Sy
I have some questions:
How do I update Win32k.sys and shell32.dll?
How do I set up a test user and make it a member of the admin group? Is that just simply going to Users Accounts and creating a user?
desktop-ini-search.jpg
Boot up in safe mode. desktop.ini does NOT open after boot.
Boot up in safe mode with networking. desktop.ini does NOT open after boot.
Uninstalled Bitdefender. Re-started. desktop.ini file STILL opens (in Notepad).
Re-installed Bitdefender. Re-started. desktop.ini file STILL opens (in Notepad).
Did a search for "desktop.ini" file on "C" drive. It turns up only one file by that name. See the attached image called "desktop ini search". When I open this ini file it reads the following:
[.ShellClassInfo]
IconFile=folder.ico
IconIndex=0
ConfirmFileOp=0
But the desktop.ini file that opens at every re-boot is:
(space)
[.ShellClassInfo]
LocalizedResourceName=@%Sy
I have some questions:
How do I update Win32k.sys and shell32.dll?
How do I set up a test user and make it a member of the admin group? Is that just simply going to Users Accounts and creating a user?
desktop-ini-search.jpg
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Is that just simply going to Users Accounts and creating a user?
Yes. then go to groups and add the user to "administrators"
I use this method a lot. It may not work here if a virus continues to cause the issue, but it is worth a try.
... Thinkpads_User
Yes. then go to groups and add the user to "administrators"
I use this method a lot. It may not work here if a virus continues to cause the issue, but it is worth a try.
... Thinkpads_User
ASKER
Thanks to everyone's help, but Ratnesh is the clear winner. That solution when applied to Win 7, worked.
It could be memory, so check memory with memtest.ext (memtest.org).
More likely it is a virus corrupting your operating system.
Check for viruses with your own application and then scan with malwarebytes (malwarebytes.org).
... Thinkpads_User