Vista Freeze

[TheSorcerer]

Hi,

I have a problem regarding my Vista installation. I'm using it for a while now but since a few days I get lots of freezes, hangs and crashes of my Vista and I cannot figure out what is causing these crashes.
I'll explain the symptomps first: Somethimes it happens after the PC was running for hours sometimes it happens right after logging in. When the PC starts to freeze first one or two programs will stop to react, until everything freezes and won't react anymore. Funny about this is though that I can still talk in Vent and hear until the very last moment. Sometimes though the entire systems just starts to lag like crazy. If I have task manager opened there's no prcess using up CPU% other than System Idle Process. However in Reliability and Performance Monitor the CPU is usage is at exactly 50%. One core (I run a Core 2 Duo) is always at 100% and the other is at 0% and suddenly they switch and the other will be at 100% while the first is at 0%. That happens until finally the CPU calms down again. Just a few second after that though the system will BSOD and tell me a crucial system process was terminated.

When I look into the even manager I can see some events, that *might* be related to these errors.
What got my intention was the following combination of two errors that seem to be always before the system crashes:

Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
 For more information please see the following:
Not Applicable
     Scan ID: {9557F192-D125-4955-9E7A-753BB690A703}
     User: zauberwerkstatt\ip
     Name: Unknown
     ID: 
     Severity ID: 
     Category ID: 
     Path Found: driver:GarenaPEngine;file:C:\Users\ip\AppData\Local\Temp\GZF90D9.tmp
     Alert Type: Unclassified software
     Detection Type:

\??\C:\Users\ip\AppData\Local\Temp\GZF90D9.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

The GarenaPEngine service failed to start due to the following error: 
This driver has been blocked from loading

However, you'll say "Oh, that's a software bug, go talk to Garena support staff" but then I say "Please look at this:"

Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
 For more information please see the following:
Not Applicable
     Scan ID: {E8D9C401-DEAB-4F41-9D50-F79B913DE9BE}
     User: zauberwerkstatt\ip
     Name: Unknown
     ID: 
     Severity ID: 
     Category ID: 
     Path Found: driver:RkPavproc1
     Alert Type: Unclassified software
     Detection Type:

\??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

The RkPavproc1 service failed to start due to the following error: 
This driver has been blocked from loading

Same structure, comepletely different software and location.

However, when I look further back in my event logs I see this structure of errors without a following disruptive shutdown.
Oh when I run in Fail Safe mode the system seems to be stable up until now. I'm currently doing a complete system scan in the hope I find malware that might cause the problem. However, I'm afraid that something else, less easy to solve is the problem.

If anyone has any ideas what could cause my crashes or how to solve them please feel free to respond.

Thank you!

 

[acdcfan]

try to run hijackthis HijackThis Logfileauswertung, malware bytes Malwarebytes.org and DrWebCureIt Download Dr.Web CureIt! Free anti-virus scanner, cures computers viruses. adn see if anyone of these yields any results.
I am thinking that Rkpavproc1 is some sort of root kit that is screwing your computer

 

[rive0108]

Did you install/run Panda antivirus? It is a antivirus program driver for Panda.

BSOD are usually caused by Hardware/bad/buggy drivers.
\??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


About RkPavProc.sys

Size15,024 byte(s)
Status Unknown
VendorPanda Software International (Not Rated)
ProductRKPavProc Driver
Product version1.0.1.0
Sighting10-Apr-08

What does RkPavProc.sys do?

• Process - a process that runs on your computer
• Autorun - automatically runs every time you start your computer

RkPavProc.sys Version info

RkPavProc.sys describes itself as follows. Note that this information can easy be faked

Product NameRKPavProc Driver
Product Version1.0.1.0
File Version1.0.1.0
Copyright� Panda 2008
Internal NameRKPavProc
Original NameRKPavProc.sys
DescriptionAnti-malware Driver Support

OA Version(s):

• 2.1.0.31
• 2.1.0.131

Imported DLL's

• ntoskrnl.exe

Locations:

RkPavProc.sys is found in 1 location(s)

%DllDirectory%\drivers\

 

[TheSorcerer]

Yes I did some online virus scanning - cannot recall the name of it anymore though.
However, due to the fact that whenever my PC crashed BIOS wouldn't detect my S-ATA drive anymore and I had to do a complete poweroff before it would see it again, and the fact that chkdsk will hang when doing a complete check on C: I concluded that propably my drive is broken - I just recently lost data on my hard drive in several files which I first thought would have been due to crashes - I now believe its the other way around.
I formated and reinstalled my Vista but chkdsk would still hang at some point and not resume (I left it running approx 6 hours). Finally I booted my Linux and used a linux tool to scan my hard drive for errors and what happened while it scanned the hda0,0 (my windows system partition) is, that after a certain point in the filesystem it would start reporting hundreds of errors - effectively every sector past a certain one was reported as false.
A second later I recognized why: my entire filesystem disappeared. I was only able to run the softwrae that was currently in memory and couldn't access *any* hda partitions anymore.
Because I wasn't able to login on tty (bash not found) and couldn't ctrl+alt+delete (shutdown not found) I did the hard reset and saw BIOS not finding my hard drive again. It then struck me: there must be some hardware error on my harddisk that causes my computer to effectively shut down my hard disk when a process reads from the defect sector.
I contacted my hardware vendor seeking for a RMA. I will see soon if a new drive will fix my problems.

Thank you for your help though, I really appriciate it!

 

[bruce2]

Hi TheSorcerer, welcome to the board.

Assuming your pc is a desktop, laptop does not apply, I like to suggest you to check your SATA cable and connection while you are waiting for a new drive or can't come up with any other solutions. Loose SATA connection is a known cause for problems such as yours. Make sure the connection are secure and seat by disconnect and reconnect, shake, wiggle, and tug on the connector at the HDD. Also, swap SATA ports to be sure the port and connection are good. SATA cable comes with the mother board are problematic at time; replace them with after market ones when you have a chance.

Hope this helps.

Bruce

 

[TheSorcerer]

I think this is a more serious problem. Why I believe this? Well, I have done some more research. My hard disk is a Seagate Barracuda 7200.11 ST3500320AS. If you don't know what that means look here.

Oh and just for the crac, look at this S.M.A.R.T. cache vendor attributes from my hard disk:

=== START OF READ SMART DATA SECTION ===
SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000f   096   085   006    Pre-fail  Always       -       9061119
  3 Spin_Up_Time            0x0003   096   092   000    Pre-fail  Always       -       0
  4 Start_Stop_Count        0x0032   100   100   020    Old_age   Always       -       350
  5 Reallocated_Sector_Ct   0x0033   001   001   036    Pre-fail  Always   FAILING_NOW 2036
  7 Seek_Error_Rate         0x000f   078   060   030    Pre-fail  Always       -       4355160036
  9 Power_On_Hours          0x0032   097   097   000    Old_age   Always       -       2795
 10 Spin_Retry_Count        0x0013   100   100   097    Pre-fail  Always       -       2
 12 Power_Cycle_Count       0x0032   100   037   020    Old_age   Always       -       329
184 Unknown_Attribute       0x0032   100   100   099    Old_age   Always       -       0
187 Reported_Uncorrect      0x0032   001   001   000    Old_age   Always       -       1033
188 Unknown_Attribute       0x0032   100   092   000    Old_age   Always       -       163211247814
189 High_Fly_Writes         0x003a   098   098   000    Old_age   Always       -       2
190 Airflow_Temperature_Cel 0x0022   070   065   045    Old_age   Always       -       30 (Lifetime Min/Max 29/31)
194 Temperature_Celsius     0x0022   030   040   000    Old_age   Always       -       30 (0 11 0 0)
195 Hardware_ECC_Recovered  0x001a   029   024   000    Old_age   Always       -       9061119
197 Current_Pending_Sector  0x0012   100   100   000    Old_age   Always       -       11
198 Offline_Uncorrectable   0x0010   100   100   000    Old_age   Offline      -       11
199 UDMA_CRC_Error_Count    0x003e   200   200   000    Old_age   Always       -       0

Notice the reallocated sector count? Just in case you don't know what this means: basicly my hard drive has a big scratch all over it - well at least close to that

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: FAILED!
Drive failure expected in less than 24 hours. SAVE ALL DATA.

:D

Thanks for your advices!

 

[bruce2]

Oh, I see. Thanks for the info. Good luck on your new drive.