Several BSOD, no singular triggers

mmurray1988 · 31 Aug 2014

carwiz said:

The dumps are all over the place. Something is corrupting memory on the fly. Did AdwCleaner report anything when you ran it?

Download Autoruns from here: Autoruns for Windows

Unzip the files to a folder then double click on Autoruns.exe. No install is necessary.
Do NOT uncheck any boxes in the main screen. In the menu bar, click on File and select Save. Save the file to your desktop. This will create a file named Autoruns.arn. Zip this file and upload it.

Added: Forgot to mention - Before saving the file, click on Options in the menu bar then select Filter Options. Make sure all boxes are unchecked EXCEPT "Verify code signatures". If the Rescan button becomes active, click it.

It should look like the image below.

These are what Adw picked up

Attachment 331409

Attachment 331410

Attachment 331411

carwiz · 31 Aug 2014

Did you remove them? The last one (Trovi.com) is a known source for malware and root kits. AZ can also install malware. I have no idea what "updater" might be doing.

Re-run MBAM, EEK and now add TDSSKiller from here: Anti-rootkit utility TDSSKiller

Where's the file from Autoruns?

mmurray1988 · 31 Aug 2014

carwiz said:

Did you remove them? The last one (Trovi.com) is a known source for malware and root kits. AZ can also install malware. I have no idea what "updater" might be doing.

Re-run MBAM, EEK and now add TDSSKiller from here: Anti-rootkit utility TDSSKiller

Where's the file from Autoruns?

I've been working on getting rid of the Trovi

Here is the Autoruns

Attachment 331433

mmurray1988 · 01 Sep 2014

Recent BSOD

Attachment 331486

carwiz · 01 Sep 2014

What's the status of the scans and malware removal?

carwiz · 01 Sep 2014

BugCheck D1, {ffffea801bae3030, 6, 0, fffff8800f6b9558}

Code:

 
Unable to load image nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
Probably caused by : nvlddmkm.sys ( nvlddmkm+1d4558 )
Followup: MachineOwner
---------
SYMBOL_NAME:  nvlddmkm+1d4558
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: nvlddmkm
IMAGE_NAME:  nvlddmkm.sys
DEBUG_FLR_IMAGE_TIMESTAMP:  53b4446a
FAILURE_BUCKET_ID:  X64_0xD1_nvlddmkm+1d4558
BUCKET_ID:  X64_0xD1_nvlddmkm+1d4558
Followup: MachineOwner
---------
0: kd> lmvm nvlddmkm
start             end                 module name
fffff880`0f4e5000 fffff880`10173000   nvlddmkm T (no symbols)           
    Loaded symbol image file: nvlddmkm.sys
    Image path: nvlddmkm.sys
    Image name: nvlddmkm.sys
    Timestamp:        Wed Jul 02 12:42:02 2014 (53B4446A)
    CheckSum:         00C4C7C9
    ImageSize:        00C8E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

mmurray1988 · 01 Sep 2014

carwiz said:

BugCheck D1, {ffffea801bae3030, 6, 0, fffff8800f6b9558}

Code:

 
Unable to load image nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
Probably caused by : nvlddmkm.sys ( nvlddmkm+1d4558 )
Followup: MachineOwner
---------
SYMBOL_NAME:  nvlddmkm+1d4558
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: nvlddmkm
IMAGE_NAME:  nvlddmkm.sys
DEBUG_FLR_IMAGE_TIMESTAMP:  53b4446a
FAILURE_BUCKET_ID:  X64_0xD1_nvlddmkm+1d4558
BUCKET_ID:  X64_0xD1_nvlddmkm+1d4558
Followup: MachineOwner
---------
0: kd> lmvm nvlddmkm
start             end                 module name
fffff880`0f4e5000 fffff880`10173000   nvlddmkm T (no symbols)           
    Loaded symbol image file: nvlddmkm.sys
    Image path: nvlddmkm.sys
    Image name: nvlddmkm.sys
    Timestamp:        Wed Jul 02 12:42:02 2014 (53B4446A)
    CheckSum:         00C4C7C9
    ImageSize:        00C8E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

What's all that say?

Here's the scans

Attachment 331634

mmurray1988 · 03 Sep 2014

Still with me?