We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

Computer Crash this Morning


buteman
Resolved

Likes # 0

Computer crashed this morning after downloading and running Eset smart security.

I did have Avast on but removed it completely using Revo uninstaller.

Eset did find a problem in the Firewall which I think it stopped from running but will have to wait till it stops scanning so that I can check what the fault was.

Ok Scan Just finished and the problem was.Port scanning Attack.

Source 221. 192.199.49:1.1200

target 82.29.12,241:6515 TCP

Any way of finding out what it is maybe one of my other security programs.

Probably a one off but will see if it happens again.Scan ran Ok that time without crashing.

032712-26972-01.dmp 27/03/2012 07:25:48 UNEXPECTEDKERNELMODE_TRAP 0x1000007f 0x00000008 0x807c6750 0x00000000 0x00000000 ehdrv.sys ehdrv.sys+19d0 ESET Helper driver ESET Smart Security ESET 5.0.87.0 32-bit ntoskrnl.exe+b4ae3 ntoskrnl.exe+11754 C:\Windows\Minidump\032712-26972-01.dmp 2 15 7601 179,019

Like this post
buteman

Likes # 0

Ahh yes just when we think it was sorted it's back again.

Maybe something to do with this Event Id 1530.

From Microsoft.

On a Windows Vista-based or Windows 7-based client computer, the following event may be logged in the Application log:

Log Name: Application Source: Microsoft-Windows-User Profiles Service Date: Date Event ID: 1530 Task Category: None Level: Warning Keywords: Classic User: SYSTEM Computer: ComputerName

Description: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3112862306-1016156048-4130204762-1000: Process 932 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3112862306-1016156048-4130204762-1000

It goes on to say as it is shut down it may corrupt the registry.But does not tell you how to fix it.

Like this post
buteman

Likes # 0

This is what I actually get.

  • Provider

    [ Name] Microsoft-Windows-User Profiles Service [ Guid] {89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}

    EventID 1530

    Version 0

    Level 3

    Task 0

    Opcode 0

    Keywords 0x8000000000000000

  • TimeCreated

    [ SystemTime] 2012-03-31T16:36:35.246714700Z

    EventRecordID 77631

    Correlation

  • Execution

    [ ProcessID] 1044 [ ThreadID] 4932

    Channel Application

    Computer roy-PC

  • Security

    [ UserID] S-1-5-18

    • EventData

    Detail 5 user registry handles leaked from \Registry\User\S-1-5-21-2846201677-1536757173-425328225-1001: Process 1204 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2846201677-1536757173-425328225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1204 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2846201677-1536757173-425328225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1204 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2846201677-1536757173-425328225-1001\Software Process 1204 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2846201677-1536757173-425328225-1001\Software\Policies Process 1204 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2846201677-1536757173-425328225-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Any way of fixing the registry without reformatting.I am only assuming that this is the main problem.

Like this post
rdave13

Likes # 0

Have a look at this answer.

Like this post
buteman

Likes # 0

Now I can turn everything off in msconfig except Eset.

Untick it and it reticks itself when I press apply.

Tried stopping it running in services and a box pops up that I cannot stop it running.

Just wondering if that could be my problem as it will not let me run the computer without it.

Just going to try in safe mode and see if that works.

it is the first time that I have not beeen able to disable a program in Services. Is that normal with an anti virus program.

Like this post
john bunyan

Likes # 0

Why not change your anti virus to ,say, Microsoft Security Essentials? I use Avira (free) but would use MSE if I started again.

Like this post
rdave13

Likes # 0

I think that john bunyan is right. Can you remove Eset and then run with MSE for a while. If all OK then it would prove that Eset was the problem. You could install it again at a later date and join their support forum for help.

http://www.wilderssecurity.com/index.php?s=f7c8ec29283283aac7e8acf4299ebaf3

Like this post
buteman

Likes # 0

rdave13

I was just thinking that myself it was giving me so much bother.

Don't like MSE but it will do for a start i suppose.

Like this post
buteman

Likes # 0

This seems to be the one that is causing the problem and makes the registry corrupt.

5 user registry handles leaked from \Registry\User\S-1-5-21-2846201677-1536757173-425328225-1001: Process 1176 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2846201677-1536757173-425328225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1176 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2846201677-1536757173-425328225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings Process 1176 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2846201677-1536757173-425328225-1001\Software Process 1176 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2846201677-1536757173-425328225-1001\Software\Policies Process 1176 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2846201677-1536757173-425328225-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Well I have downloaded MSE so will see how I get on with that. Started with a struggle at the first reboot but will see how I get on.

Like this post
johndrew

Likes # 0

I have done a few searches for this problem and read a lot of responses. The problem has been seen in both Vista and W7 with various AVs including MSE but there appears to be little in the way of a cure that I can find; the prevalent statement being that this is "normal" behaviour when a problem occurs.

One result I found appears very similar to this but is with Norton. And this result clearly shows Avira to have some form of conflict.

I suggest that trying MSE with the W7 firewall is a good way forward.

Like this post
buteman

Likes # 0

johndrew

Tried everything suggested and still not luck.

I think maybe because it is not connecting to the Internet that I am getting those problems.

So at the moment just trying to find out why it is not connecting and I have tried most things that i know.

I switched on my router and tarted up my other computer and it connects wirelessly no problem.

So the Modem must be fine and the problem must just be with my computer.It will connect to the Internet as long as I run HitmanPro so cant understand why it just will not run at start up.

Maybe something not running that should be running but what.Will have another good look through Services to see if I can spot anything.Anything anyone can think of which may help in the search would be appreciated.

MSE does not make any difference but it was worth a try.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Moto G2 (2014) vs Moto E comparison review: New Moto G is worth the extra cash

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Oculus Rift 'Crescent Bay' prototype hands-on: it's an amazing experience

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...