BSOD coming frequently

Page 1 of 2 12 LastLast

  1. Posts : 10
    Windows 7 64 bit
       #1

    BSOD coming frequently


    Have been getting BSOD starting Christmas day 2012. First was BCCode 50. Then BCCode 96. Now BCCode f4 occurs when they system trys to do the update when shutting down. It also occurs if I try and do the updates manually.

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7601.2.1.0.256.48
    Locale ID: 1033

    Additional information about the problem:
    BCCode: f4
    BCP1: 0000000000000003
    BCP2: FFFFFA800BCD9B30
    BCP3: FFFFFA800BCD9E10
    BCP4: FFFFF800033C8460
    OS Version: 6_1_7601
    Service Pack: 1_0
    Product: 256_1

    Files that help describe the problem:
    C:\Windows\Minidump\010913-20358-01.dmp
    C:\Users\Ronald\AppData\Local\Temp\WER-57611-0.sysdata.xml

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt

    This is information from the most recent crash.

    I have run memtest86. It found no problems
    I ran the Dell hardware analyzer it showed no problems.
    I have more dump files from previus days

    Hopefully my dmp file is attached or was uploaded...
      My Computer


  2. Posts : 15,026
    Windows 10 Home 64Bit
       #2

    Welcome.

    Code:
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    Please disable driver verfier:

    Please upload your msinfo32.nfo file. To get this: Start Menu -> Type msinfo32 into the Search programs and files box -> When it opens, go to File, Save -> Save as msinfo32.nfo and save in a place you will remember -> Let it finish the process of gathering and saving the system info -> Right click the .nfo file, click send to compressed (zipped) folder -> Upload the .zip file here.

    Please upload your msinfo32.txt file. To get this: Start Menu -> Type msinfo32 into the Search programs and files box -> When it opens, go to File, Export -> Save as msinfo32.txt and save in a place you will remember -> Let it finish the process of gathering and saving the system info -> Right click the .txt file, click send to compressed (zipped) folder -> Upload the .zip file here.
      My Computer


  3. Posts : 10
    Windows 7 64 bit
    Thread Starter
       #3

    Requested files attached


    Good luck!
      My Computer


  4. Posts : 15,026
    Windows 10 Home 64Bit
       #4

    What antivirus app do you use?
      My Computer


  5. Posts : 10
    Windows 7 64 bit
    Thread Starter
       #5

    Windows defender
      My Computer


  6. Posts : 15,026
    Windows 10 Home 64Bit
       #6

    Make scans with the following:

    -Kaspersky TDSSKiller

    -ESET online scanner

    Microsoft Security Essentials.
    Recommended from a strict BSOD perspective, compatibility & stability compared to other antiviruses/internet security software. It is free and lightweight:-
       Warning
    Do not start the free trial of Malware Bytes; remember to deselect that option when prompted.


    Run a full scan with both (separately) once downloaded, installed and updated.
      My Computer


  7. Posts : 10
    Windows 7 64 bit
    Thread Starter
       #7

    Kaspersky results


    Ran Kaspersky. Found one item. Quarantined it first. Ran the scan again then cured it. I did not write down the name of the item. I don't know if that was important? Will run malware next.

    Here is the report:

    08:40:59.0378 4048 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    08:40:59.0909 4048 ============================================================
    08:40:59.0909 4048 Current date / time: 2013/01/10 08:40:59.0909
    08:40:59.0909 4048 SystemInfo:
    08:40:59.0909 4048
    08:40:59.0909 4048 OS Version: 6.1.7601 ServicePack: 1.0
    08:40:59.0909 4048 Product type: Workstation
    08:40:59.0909 4048 ComputerName: RONALD-PC
    08:40:59.0909 4048 UserName: Ronald
    08:40:59.0909 4048 Windows directory: C:\Windows
    08:40:59.0909 4048 System windows directory: C:\Windows
    08:40:59.0909 4048 Running under WOW64
    08:40:59.0909 4048 Processor architecture: Intel x64
    08:40:59.0909 4048 Number of processors: 8
    08:40:59.0909 4048 Page size: 0x1000
    08:40:59.0909 4048 Boot type: Normal boot
    08:40:59.0909 4048 ============================================================
    08:41:02.0701 4048 BG loaded
    08:41:02.0998 4048 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    08:41:03.0029 4048 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    08:41:03.0029 4048 Drive \Device\Harddisk2\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    08:41:03.0029 4048 ============================================================
    08:41:03.0029 4048 \Device\Harddisk0\DR0:
    08:41:03.0029 4048 MBR partitions:
    08:41:03.0029 4048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A4D000
    08:41:03.0029 4048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A61000, BlocksNum 0x72CA5000
    08:41:03.0029 4048 \Device\Harddisk1\DR1:
    08:41:03.0029 4048 MBR partitions:
    08:41:03.0029 4048 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    08:41:03.0029 4048 \Device\Harddisk2\DR2:
    08:41:03.0029 4048 MBR partitions:
    08:41:03.0029 4048 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0xA962F3, BlocksNum 0x16A03C0D
    08:41:03.0029 4048 \Device\Harddisk2\DR2\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xA962B4
    08:41:03.0029 4048 ============================================================
    08:41:03.0076 4048 C: <-> \Device\Harddisk0\DR0\Partition2
    08:41:03.0076 4048 D: <-> \Device\Harddisk1\DR1\Partition1
    08:41:03.0076 4048 F: <-> \Device\Harddisk2\DR2\Partition2
    08:41:03.0107 4048 G: <-> \Device\Harddisk2\DR2\Partition1
    08:41:03.0107 4048 ============================================================
    08:41:03.0107 4048 Initialize success
    08:41:03.0107 4048 ============================================================
      My Computer


  8. Posts : 15,026
    Windows 10 Home 64Bit
       #8

    Update the thread when you're done scanning with all the apps. :)
      My Computer


  9. Posts : 10
    Windows 7 64 bit
    Thread Starter
       #9

    Malware and ESET logs


    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.10.08
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ronald :: RONALD-PC [administrator]
    1/10/2013 11:06:38 AM
    MBAM-log-2013-01-10 (16-25-31).txt
    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 509030
    Time elapsed: 50 minute(s), 11 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 9
    C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\n (Trojan.0Access) -> No action taken.
    C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\U\00000004.@ (Trojan.0Access) -> No action taken.
    C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
    C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\U\000000cb.@ (Trojan.0Access) -> No action taken.
    C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\U\80000000.@ (Trojan.0Access) -> No action taken.
    C:\$Recycle.Bin\S-1-5-18\$bf85b9ec1403fe70ca17f882159b1a31\U\80000064.@ (Trojan.0Access) -> No action taken.
    C:\$Recycle.Bin\S-1-5-21-127904358-1895413300-3915022823-1000\$bf85b9ec1403fe70ca17f882159b1a31\n (Trojan.0Access) -> No action taken.
    C:\Users\Ronald\AppData\Local\Temp\dooi0h2ans.exe (Exploit.Drop.GS) -> No action taken.
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
    (end)

    ESET:

    C:\Users\All Users\Microsoft\Windows\DRM\5611.tmp Win64/Olmarik.AO trojan unable to clean
    C:\Users\All Users\Microsoft\Windows\DRM\5660.tmp Win64/Olmarik.AO trojan unable to clean
    C:\ProgramData\Microsoft\Windows\DRM\5611.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
    C:\ProgramData\Microsoft\Windows\DRM\5660.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\10.01.2013_08.37.17\mbr0001\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\Users\Ronald\AppData\Local\Temp\573C.tmp Win32/Olmarik.AYR trojan cleaned by deleting - quarantined
    C:\Users\Ronald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\28a8bade-23c01b9b Win32/Olmarik.AYR trojan cleaned by deleting - quarantined
    C:\Users\Ronald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\1a558184-440cdea7 a variant of Win32/Injector.AAHF trojan cleaned by deleting - quarantined
    C:\Users\Ronald\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\17b87d05-61342035 Java/Exploit.CVE-2012-1723.AV trojan cleaned by deleting - quarantined
    C:\Users\Ronald\AppData\Roaming\pstorecr.dll a variant of Win32/Ponmocup.FT trojan cleaned by deleting (after the next restart) - quarantined
      My Computer


  10. Posts : 15,026
    Windows 10 Home 64Bit
       #10

    What about MSE?

    Any new BSODs?
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:44.
Find Us