Solved BSOD every time running windows normally.

reaper032587 · Jun 11, 2013

I get a blue screen after logging into windows normally and after all my programs load up. It crashed after that. Bluescreenview says it is my ntoskrnl.exe

reaper032587 · Jun 11, 2013

most recent BSOD had a PAGE_FAULT_IN_NONPAGED_AREA with a error code of 0x00000050

koolkat77 · Jun 11, 2013

Hi and welcome to seven forums reaper032587.

BSOD Analyse
```````
Security App

Code:

BHDrvx64.sys                Tue May 21 02:47:31 2013 (519A8BE3)
BHDrvx64.sys                Wed Apr 10 11:39:03 2013 (5164FAF7)
ENG64.SYS                   Fri Apr 26 12:10:48 2013 (517A1A68)
EX64.SYS                    Fri Apr 26 12:08:58 2013 (517A19FA)
EraserUtilRebootDrv.sys     Wed Aug  1 05:36:50 2012 (50186C12)
IDSvia64.sys                Wed Aug 29 08:48:40 2012 (503D8308)
Ironx64.SYS                 Tue Nov 15 08:00:53 2011 (4EC1C7D5)
SRTSP64.SYS                 Tue Jul  3 00:20:28 2012 (4FF1E66C)
SRTSPX64.SYS                Tue Jul  3 00:20:37 2012 (4FF1E675)
SYMDS64.SYS                 Tue May 17 04:15:03 2011 (4DD1A1E7)
SYMEFA64.SYS                Sat May 19 07:29:56 2012 (4FB6F794)
SYMEVENT64x86.SYS           Wed Nov 23 00:30:48 2011 (4ECBEA58)
SYMNETS.SYS                 Sun Nov 13 03:11:53 2011 (4EBEE119)
avgtpx64.sys                Tue May  7 18:38:19 2013 (5188F5BB)

Crashes indicate Norton/Symantec & AVG being a possible cause. Remove Norton/Symantec & AVG and replace with Microsoft Security Essentials to see if it provides more stability. Uninstallers (removal tools) for common antivirus software. Microsoft Security Essentials and Malwarebytes are recommended from a strict BSOD perspective. They do not cause blue screens on the system as other AV products do.

Microsoft Security Essentials, Free antivirus for windows and Malwarebytes Anti-Malware Free

Information

:warn: Do not start the free trial of MalwareBytes, unselect that option when prompted.
:tip: Update and make full scans with both separately.

Scan your system with the following:

Kaspersky TDSSKiller - How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)

ESET online scanner - One-time virus scanner free with ESET online scanner

Drivers: You need to update these drivers or update their software to their latest version available:

scmndisp.sys Wed Jan 17 13:48:03 2007 - Netgear Neutral Wireless Solution
lmimirr.sys Wed Apr 11 04:32:45 2007 - RemotelyAnywhere Mirror Miniport Driver or LogMeIn Mirror Miniport Driver
RaInfo.sys Sat Jan 5 00:57:14 2008 - LogMeIn/RemotelyAnywhere Kernel Information Provider
BS_I2cIo.sys Mon Jun 16 12:45:18 2008 - BIOSTAR I2C I/O driver Found in BIOSTAR BIOS Flash Utility
GEARAspiWDM.sys Mon May 18 18:17:04 2009 - CD-ROM Class Filter Driver by Gear Software.[br]Also comes with iTunes

Daemon Tools/Alcohol %
sptd.sys Sun Aug 19 03:05:38 2012 - SCSI Pass Through Direct Host - Daemon Tools (known BSOD issues with Win7)
```
Daemon Tools (and Alcohol % software) are known to cause BSOD's on some Win7 systems (mostly due to the sptd.sys driver, although we have seen dtsoftbus01.sys blamed on several occasions). Please uninstall the program, then use the following free tool to ensure that the troublesome sptd.sys driver is removed from your system (pick the 32 or 64 bit system depending on your system's configuration): DuplexSecure - FAQ

As an alternative, many people recommend the use of Total Mounter or Magic ISO

Start up

Keep less stuff at the start-up. Only anti-virus, this helps avoid driver conflicts and improves time to log in to windows.
Troubleshoot a Problem by Performing a Clean Startup in Windows 7 or Vista
How to Change, Add, or Remove Startup Programs in Windows 7

SFC /scannow to check windows for corruption:

How to Repair Windows 7 System Files with System File Checker
1. Click Start

2. In the search box, type Command Prompt
3. In the list that appears, right-click on cmd.exe and choose Run as administrator
4. In the command window that opens, type

sfc /scannow

and hit enter.

Disk Check

For errors on your Hard drive(s): How to Run Disk Check in Windows 7

Memtest86+

Run Memtest86+ for at least 8-10 passes. It may take up to 20 passes to find problems. Make sure to run it once after the system has been on for a few hours and is warm, and then also run it again when the system has been off for a few hours and is cold. How to Test and Diagnose RAM Issues with Memtest86+

Note

Pay close attention to part 3 of the tutorial in order to rule the faulty RAM stick out.

Tip

Do this test overnight.

BSOD BUGCHECK SUMMARY

Code:

Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Debug session time: Tue Jun 11 09:23:57.260 2013 (UTC + 6:00)
System Uptime: 0 days 0:00:32.884
BugCheck 50, {fffff8a006896000, 0, fffff8000252a43a, 0}
Probably caused by : ntkrnlmp.exe ( nt!wcsstr+56 )
BUGCHECK_STR:  0x50
PROCESS_NAME:  smss.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Debug session time: Tue Jun 11 09:04:14.965 2013 (UTC + 6:00)
System Uptime: 0 days 0:00:33.260
BugCheck CD, {fffff9800c369000, 0, fffff8000312843a, 0}
Probably caused by : ntkrnlmp.exe ( nt!wcsstr+56 )
BUGCHECK_STR:  0xCD
PROCESS_NAME:  smss.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Debug session time: Tue Jun 11 08:22:09.474 2013 (UTC + 6:00)
System Uptime: 0 days 0:04:39.864
BugCheck A, {dc, 2, 1, fffff800030a6e45}
Probably caused by : ntkrnlmp.exe ( nt!KeStackAttachProcess+115 )
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Debug session time: Tue Jun 11 08:16:22.482 2013 (UTC + 6:00)
System Uptime: 0 days 0:04:35.107
BugCheck 1E, {ffffffffc0000005, fffff800024ae26b, 0, 7efa0000}
Probably caused by : ntkrnlmp.exe ( nt!RtlImageNtHeaderEx+3f )
BUGCHECK_STR:  0x1E_c0000005_R
PROCESS_NAME:  {397E31AA-0D78
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Debug session time: Tue Jun 11 08:11:04.349 2013 (UTC + 6:00)
System Uptime: 0 days 0:03:17.739
BugCheck A, {dc, 2, 1, fffff800030b4e45}
Probably caused by : ntkrnlmp.exe ( nt!KeStackAttachProcess+115 )
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Debug session time: Tue Jun 11 07:23:17.509 2013 (UTC + 6:00)
System Uptime: 0 days 0:08:06.898
BugCheck A, {dc, 2, 1, fffff8000310ae45}
Probably caused by : ntkrnlmp.exe ( nt!KeStackAttachProcess+115 )
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Debug session time: Wed Jun  5 07:16:15.252 2013 (UTC + 6:00)
System Uptime: 0 days 0:05:56.641
BugCheck A, {dc, 2, 1, fffff800030bde45}
Probably caused by : ntkrnlmp.exe ( nt!KeStackAttachProcess+115 )
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Debug session time: Tue Jun  4 11:28:38.175 2013 (UTC + 6:00)
System Uptime: 0 days 0:07:01.564
BugCheck 1E, {ffffffffc0000005, fffff8000309f26b, 0, 7efa0000}
Probably caused by : ntkrnlmp.exe ( nt!RtlImageNtHeaderEx+3f )
BUGCHECK_STR:  0x1E_c0000005_R
PROCESS_NAME:  iexplore.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Debug session time: Tue Jun  4 10:56:12.041 2013 (UTC + 6:00)
System Uptime: 0 days 0:05:51.430
BugCheck A, {dc, 2, 1, fffff800030b8e45}
Probably caused by : ntkrnlmp.exe ( nt!KeStackAttachProcess+115 )
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431
Debug session time: Tue Jun  4 10:31:59.074 2013 (UTC + 6:00)
System Uptime: 0 days 0:07:10.339
BugCheck 1E, {ffffffffc0000005, fffff800030ff247, 0, 400d02e0}
Probably caused by : ntkrnlmp.exe ( nt!output_l+31b )
BUGCHECK_STR:  0x1E_c0000005_R
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

reaper032587 · Jun 11, 2013

Thanks for the help. Going to try all these as soon as I get off work today. Hopefully it will clear it up

koolkat77 · Jun 11, 2013

Good luck, keep us updated.

reaper032587 · Jun 11, 2013

For some reason it will not let me run the ESET online scan. I can scroll and accept the terms then the next page the start scan button will not appear

reaper032587 · Jun 11, 2013

also there is a avg safeguard toolbar the everytime I try to uninstall it through programs freezes on me. And the avg uninstall link you gave me did not remove it

koolkat77 · Jun 11, 2013

Which browser are you using? Firefox?

reaper032587 · Jun 11, 2013

I use IE had firefox on here but uninstalled it a little while ago

koolkat77 · Jun 11, 2013

You can check in the extensions and remove it from there

reaper032587 · Jun 11, 2013

doesn't show it listed in the extensions. But it is in my programs and features list

koolkat77 · Jun 11, 2013

Sorry. Try removing it from add remove programs and control panel then check your ADDONs

reaper032587 · Jun 11, 2013

ok its gone now. But the ESET scanner isn't working. Is there another one I could use

koolkat77 · Jun 11, 2013

It's alright, have you run TDSSkiller?

reaper032587 · Jun 11, 2013

which one of those trials do I download to run that

reaper032587 · Jun 12, 2013

n/m found it and ran it and it found a rootkit.boot.pihar.c

koolkat77 · Jun 12, 2013

Go here: :ar: Anti-rootkit utility TDSSKiller

Expand - 1. How to disinfect a compromised system

Download the TDSSKiller.exe file. You can find the info how to download a file on the following pages:
For users of Windows 8
For users of Windows 7
For users of Windows Vista
Run the TDSSKiller.exe file on the infected (or possibly infected) computer.
Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed.
IMPORTANT
The utility has a graphical interface.

VistaKing · Jun 12, 2013

reaper032587

If you need help removing your rootkit open a new thread in the System Security section

koolkat77 · Jun 12, 2013

Good news reaper032587

If you still feel you need to recheck for virus, go ahead and open a thread at the system security section.

Complete the rest of the steps and let us know if you got more blue screens.

Solved BSOD every time running windows normally.

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

Similar threads