Windows 7 Laptop randomly shuts down, possibly virus, power supply and more...

Kelvin K Kong

New Member
Thanks for your interest.

Ok, firstly,

Photo0161_0011.jpg


..from that picture, it might have resulted from me have going on naughty naughty sites :tongue3:, ignoring McAfee site advisor, or me accidently clicking on an app in an un-legit version of Counter Strike Source, called 'Bot中英文語音轉換器'. I don't understand the Chinese. Came up with 'In English speech converter' in Google Translator. When I clicked on it, command prompt appeared and I think it automatically did something. The word 'Bot' seems suss. Can a virus be activate via the command prompt?
From that, could it lead to the hardware? I've been experiencing random shutdowns. Also this happened in the past days.
Before these bluescreens appeared, McAfee Internet Security Suite was alerting that my computer is a risk. But now, for the past few days, multiple scans and they're all clean.

Regarding power supply, could there been NOT enough power supply with my laptop's hardware? Which might possibly be one of the causes to my BSoD?;

http://windows7forums.com/blue-scre...-when-external-traktor-soundcard-plugged.html

My laptop ([FONT=inherit !important][FONT=inherit ! important]Acer [/FONT][/FONT][FONT=inherit !important][FONT=inherit ! important]Aspire[/FONT][/FONT] V3-571G running Intel Core i5-2450M ~3.1GHz, 8GB ram, 2GB nVidia GT640M graphics, [FONT=inherit !important][FONT=inherit ! important]Windows [/FONT][/FONT][FONT=inherit !important][FONT=inherit ! important]OS[/FONT][/FONT], 64-bit OS) is just a few weeks, old, with 1 year warranty. Bringing it to the store which I bought it from for some testing.

Also have been getting these kinda screens a few times:

539062_10151348971752166_1273446077_n.jpg

582600_10151358544592166_1269779018_n.jpg


Would restoring the OS help at all?

I have been researching about the computer shutting down problem, such as this:

Computer turns off without warning


Any help would be appreciated.

Thanks.
 

Attachments

  • 539062_10151348971752166_1273446077_n.jpg
    539062_10151348971752166_1273446077_n.jpg
    225.9 KB · Views: 544
  • 582600_10151358544592166_1269779018_n.jpg
    582600_10151358544592166_1269779018_n.jpg
    150.3 KB · Views: 498
Last edited:
It's hardly a [basic] hardware problem. 0x0000007b indicates system files have been deleted, or something. Most oftenly it is errors due to hardware or device drivers , which may present malicious files.

It would seem that your computer is inflicted. Give it a thorough scan, with your Antivirus program, and Malwarebytes, Malwarebytes : Free anti-malware download

It would also seem possible that you have a "standard" driver problem.

Best of luck. :)
 
Last edited:
It's hardly a [basic] hardware problem. 0x0000007b indicates system files have been deleted, or something. Most oftenly it is errors due to hardware or device drivers , which may present malicious files.

It would seem that your computer is inflicted. Give it a thorough scan, with your Antivirus program, and Malwarebytes, Malwarebytes : Free anti-malware download

It would also seem possible that you have a "standard" driver problem.

Best of luck. :)

Thanks for reply, Titanic.

Yea, something in System32 is missing.
As I have said, I've done multiple full scans with McAfee, nothing found.
Just did a full scan computer and external HDD with Malwarebytes, found nothing, but during the scan, McAfee found and removed a Trojan in the external HDD. Now what do I do now sir? Keep in mind that I have warranty.
So there are errors in the latop's hardware, possibly because of not enough power supply? Because power supply to the USB ports can be a factor of the USB errors, buffer underruns when running Traktor with the external soundcard. I can maintain close to no drop-outs with internet browser open, but that's it. That's with many things disabled to conserve power.
 
Thanks for mentioning you have a warranty. I would recommend that you take the computer to the seller, they usually "know what they do" and, even if it may take a few days, the end result should be bound to be at least as good as any self made efforts. The problem may be, if it's an infection, the warranty doesn't necessarily cover it - you'll be in the hands of their good will.

You can also try the sfc /scannow command prompt in Run. I've only used it once, when in trouble, and to be honest... it didn't do a *beep*. More info in How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7. If successful, that would be the easiest and fastest way. But since you seem to have a slightly more severe problem than merely a slight one, I'd recommend to at least try the use of your warranty.

I would not recommend a Restoration point, because it'll hardly help at all against malware.

Best of luck and success. :)
 
Last edited:
Thanks for mentioning you have a warranty. I would recommend that you take the computer to the seller, they usually "know what they do" and, even if it may take a few days, the end result should be bound to be at least as good as any self made efforts. The problem may be, if it's an infection, the warranty doesn't necessarily cover it - you'll be in the hands of their good will.

You can also try the sfc /scannow command prompt in Run. I've only used it once, when in trouble, and to be honest... it didn't do a *beep*. More info in How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7. If successful, that would be the easiest and fastest way. But since you seem to have a slightly more severe problem than merely a slight one, I'd recommend to at least try the use of your warranty.

I would not recommend a Restoration point, because it'll hardly help at all against malware.

Best of luck and success. :smile:

Used sfc/scannow . Came up with; "Windows Resource Protection did not find any integrity violations."

Now using Event Viewer. Displaying errors and criticals under Window logs > System .

Level - Date and Time - Source - Event - Task Cateory

Critical 1/09/2012 10:36:40 AM Kernel-Power 41 (63)

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 1/09/2012 12:24:57 AM
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Computer: KelvinKKong-PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2012-08-31T14:24:57.234417100Z" />
<EventRecordID>30288</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>KelvinKKong-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">false</Data>
<Data Name="PowerButtonTimestamp">129908933582032533</Data>
</EventData>
</Event>


Error 1/09/2012 10:36:54 AM EventLog 6008 None


Log Name: System
Source: EventLog
Date: 1/09/2012 10:36:54 AM
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: KelvinKKong-PC
Description:
The previous system shutdown at 12:37:28 AM on ‎1/‎09/‎2012 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-09-01T00:36:54.000000000Z" />
<EventRecordID>30501</EventRecordID>
<Channel>System</Channel>
<Computer>KelvinKKong-PC</Computer>
<Security />
</System>
<EventData>
<Data>12:37:28 AM</Data>
<Data>‎1/‎09/‎2012</Data>
<Data>
</Data>
<Data>
</Data>
<Data>24</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>DC07090006000100000025001C00F300DC07080005001F000E0025001C00F3003C0000003C000000000000000000000000000000000000000100000000000000</Binary>
</EventData>
</Event>


Both of these two occurred a few times last night.

Warning 1/09/2012 10:47:32 AM mfehidk 516 (256)

Log Name: System
Source: mfehidk
Date: 1/09/2012 10:47:32 AM
Event ID: 516
Task Category: (256)
Level: Warning
Keywords: Classic
User: N/A
Computer: KelvinKKong-PC
Description:
Process **\mcshield.exe pid (2500) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="mfehidk" />
<EventID Qualifiers="33024">516</EventID>
<Level>3</Level>
<Task>256</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-09-01T00:47:32.567243800Z" />
<EventRecordID>30679</EventRecordID>
<Channel>System</Channel>
<Computer>KelvinKKong-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\mfehidk</Data>
<Data>**\mcshield.exe</Data>
<Data>2500</Data>
<Binary>00000000030030000001000004020081000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>


Error 31/08/2012 3:51:46 PM Disk 11 None


Log Name: System
Source: Disk
Date: 31/08/2012 3:51:46 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: KelvinKKong-PC
Description:
The driver detected a controller error on \Device\Harddisk1\DR22.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">11</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-08-31T05:51:46.909653800Z" />
<EventRecordID>30146</EventRecordID>
<Channel>System</Channel>
<Computer>KelvinKKong-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk1\DR22</Data>
<Binary>0E00800001000000000000000B0004C003010000000000000000000000082D0000000000000000006848AA0000000000FFFFFFFF0600000058000000000000000000061208000010000000003C0000000000000000000000C0D0251280FAFFFF000000000000000060DC6E0E80FAFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>


Warning 27/08/2012 11:25:28 PM Kernel-Processor-Power 37 (7)

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 27/08/2012 11:25:28 PM
Event ID: 37
Task Category: (7)
Level: Warning
Keywords:
User: SYSTEM
Computer: KelvinKKong-PC
Description:
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0F67E49F-FE51-4E9F-B490-6F2948CC6027}" />
<EventID>37</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>7</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-08-27T13:25:28.301086600Z" />
<EventRecordID>28485</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="92" />
<Channel>System</Channel>
<Computer>KelvinKKong-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Group">0</Data>
<Data Name="Number">1</Data>
<Data Name="CapDurationInSeconds">71</Data>
<Data Name="PpcChanges">1</Data>
<Data Name="TpcChanges">0</Data>
<Data Name="PccChanges">0</Data>
</EventData>
</Event>


Warning 27/08/2012 10:16:07 PM Disk 51 None


Log Name: System
Source: Disk
Date: 27/08/2012 10:16:07 PM
Event ID: 51
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: KelvinKKong-PC
Description:
An error was detected on device \Device\Harddisk1\DR3 during a paging operation.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="32772">51</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-08-27T12:16:07.079340100Z" />
<EventRecordID>28466</EventRecordID>
<Channel>System</Channel>
<Computer>KelvinKKong-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk1\DR3</Data>
<Binary>030180000100000000000000330004802D0100000E0000C0000000000000000000000000000000004D13060000000000FFFFFFFF01000000580000080000000000200A1240022040000000003C0000000000010000000000684FEF0780FAFFFF00000000000000001040A00C80FAFFFF6003890D80FAFFFF408112000000000028000012814000008000000000000000000000000000000000000000000000000000000000000000</Binary>
</EventData>

</Event>

There is one or two more errors like this with different number after DR**.
All these happened multiple times.
'Kernel' errors are popping up alot. This can relate to my BSoD errors, when I didn't know how to control the drop-outs. By using BluescreenView, here are my last 2 BSoDs:

==================================================
Dump File : 081812-22635-01.dmp
Crash Time : 18/08/2012 9:26:03 PM
Bug Check String :
Bug Check Code : 0x0000010d
Parameter 1 : 00000000`00000006
Parameter 2 : 00000000`00000003
Parameter 3 : 0000057f`f50f5858
Parameter 4 : fffffa80`0ddf97c0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17835 (win7sp1_gdr.120503-2030)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081812-22635-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 335,321
==================================================

==================================================
Dump File : 081812-20529-01.dmp
Crash Time : 18/08/2012 9:22:39 PM
Bug Check String :
Bug Check Code : 0x0000010d
Parameter 1 : 00000000`00000006
Parameter 2 : 00000000`00000003
Parameter 3 : 0000057f`f2547578
Parameter 4 : fffffa80`0b8988f0
Caused By Driver : Wdf01000.sys
Caused By Address : Wdf01000.sys+d589
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081812-20529-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 335,321
==================================================


^found out it's the Kernel Mode Driver Framework Runtime


NTOSKRNL.EXE is missing or corrupt.
Link Removed - Invalid URL

"If event 41 is logged because power to the computer was interrupted, consider obtaining an uninterruptible power supply (UPS) such as a battery backup power supply. An underpowered or failing power supply may cause this behavior. For example, if you added RAM or additional devices or hard disks when this problem began, the power supply may cause the problem." Quote Mircosoft

Talking about RAM, I got +4GB RAM added when I bought this laptop, and that might be a factor.
 
Since you have a new computer with warranty, I would strongly suggest you contact the seller. Windows internal reports contain tons of information, sometimes problems can be solved through it but, most often it is, unfortunately, rather vague. My computer works fine, some problems with boot now and then, yet I have 1 criticals, 19 errors, and 13 warnings in the past 7 days - I never really noticed them!

What you need is for someone to take a look at your computer with a volt meter and stuff like that, supported by OS knowledge. This is not the first Forum I'm in, and whilst being in MSI Forum I witnessed how one person got a dozen answers to the problem, and they were all totally different. Guess what? None helped. And the helpers had up to 25,000 posts.

It's like calling a MD: "I have a headache". Not quite the same as you visit the Doctor, and give him / her the opportunity to check your head.

Many problems can be healed by "distant service". Many cannot. Many need physical contact with the object. You know, I'm a Photographer - I always need the physical / visual contact. Won't do otherwise.

Cheerio.

Titanic / Pauli
 
Sometimes a failing hard disk or SSD can cause erratic, intermittent problems. Try installing a tool such as WindowSMART 2012 or Link Removed - Invalid URL. Both can assess hard disk health and SSD health, and will alert you if something is amiss. WindowSMART can deliver alerts on Apple and Android mobile devices in addition to email and the desktop. If you install WindowSMART, use its export function to generate a dump of the disk SMART attributes and post the results here. I'm quite familiar with SMART so I could examine the results and see if anything is suggestive of HDD/SDD failure.

The wonky displays on the monitor would also make me question whether you've got a faulty video card. It is possible you've got a couple different problems going on here.
 
There are some things pointing at a hard drive controller. You say you do have an external hard drive and it is normally connected?

If the bugcheck code is really 7B, which is what it looks like as Titantic mentions, the definition is below. If it were to be 78, I added that one just in case.

Bug Check 0x7B: INACCESSIBLE_BOOT_DEVICE

The INACCESSIBLE_BOOT_DEVICE bug check has a value of 0x0000007B. This bug check indicates that the Microsoft Windows operating system has lost access to the system partition during startup.

Bug Check 0x78: PHASE0_EXCEPTION

This bug check occurs when an unexpected break is encountered during HAL initialization. This break can occur if you have set the /break parameter in your boot settings but have not enabled kernel debugging.

You also show a couple of 10D instances..

Bug Check 0x10D: WDF_VIOLATION

The WDF_VIOLATION bug check has a value of 0x0000010D. This indicates that Kernel-Mode Driver Framework (KMDF) detected that Windows found an error in a framework-based driver.

The following warning seems it might be important. I don't run McAfee, so maybe someone else would know, or their own forum. It may be normal for your version.

Process **\mcshield.exe pid (2500) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

mfehidk
 
I doubt that an external hard drive would cause the problem. The 0x7B (inaccessible boot device) will occur if the system is booting and cannot initialize the expected boot device (typically this is the primary HDD or SSD). A failing HDD or SSD has been known to cause a 0x7B, particularly if bad sectors are preventing the reading of critical system files.

If you have a second computer and an external disk enclosure, you may want to download one of the SMART tools I mentioned in the previous post, pop out the suspect disk and attach it to the working computer and then let the SMART tool (i.e. WindowSMART) examine the disk. This will tell you if the disk's own self-monitoring is detecting a problem. The appearance of bad sectors on an HDD, for example, has a high correlation with disk failure once the first bad sector pops up.

Another common cause of 0x7B is switching, in the BIOS, the disk controller mode from IDE to AHCI or IDE to RAID. This is because Windows is designed, by default, NOT to switch I/O controller drivers at boot time. This is done in the interest of performance. If you recently performed a "reset defaults" operation in the BIOS, it is possible--if not likely--the disk controller mode was changed. Check in the BIOS and be sure the controller mode is configured as you intended it, or correct it if it's wrong. Many controllers allow you to switch from AHCI to RAID without a problem, since RAID and AHCI are generally the "same" as far as Windows is concerned when it comes to loading drivers. But if you switch to IDE (or the other way), Windows will throw a 0x7B error at you.

If you go into Device Manager, you'll find that Windows lists IDE controllers in one section, and SCSI Controllers or Storage Controllers in another. AHCI/RAID drivers will show up under Storage (or SCSI) Controllers, while IDE drivers show up under IDE controllers. It's because these are different device classes that Windows gives up with a BSOD rather than hunting for an appropriate driver.

I also see McAfee referenced. Don't get me started on McAfee. We use McAfee Host Intrusion Prevention at work, and it causes more BSODs than anything. On all the computers we have in our home, not including my work-issued laptop, we average 1-2 BSODs per year, total. With McAfee HIPS, it's good for 2-3 BSODs per month! McAfee Endpoint Encryption also generates a fair share of BSODs, but we're allowed to use BitLocker Drive Encryption so I avoid McAfee whenever I can.
 
Back
Top