Solved Random BSOD, Malware Suspected

[Injust]

Hello,
I just had a BSOD. Everything was working fine for a few hours, then *blam*. I suspect malicious software for some reason, so can anybody help me try to find the reason? Just did an SFC scan, it's clean.
Thanks!
P.S. Look at my recent post HERE

 

[Arc]

From your TDSSKiller log ....

13:17:45.0261 5460  Detected object count: 2
13:17:45.0261 5460  Actual detected object count: 2
13:17:54.0554 5460  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:54.0554 5460  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:17:54.0554 5460  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:54.0554 5460  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dont skip but kill. That is why TDSSKiller for..... to kill them.

Run it again and kill.

If there are more issues even after killing, let us know.

 

[Injust]

Thanks, but never mind. The 2 files are perfectly fine, but just unsigned. VirusTotal scanned them and there were negative.

I now need BSOD help

 

[Injust]

Just did 3 scans in avast!: a rootkit scan, an autorun scan, and a memory scan. All 3 came back clean.

 

[VistaKing]

Might want to scan with Malwarebytes

:ar: Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer

   Note

Choose free version . When you're installing don't start the trial

 

[Injust]

I believe that I have done a Malwarebytes scan pretty recently, but I will do another one

 

[Injust]

I just did a full scan and there was 1 infected file. However, it was a false-positive.

 

[Arc]

Your crash dumps are not showing any finite probable cause. In such a situation, it is better to enable Driver Verifier to monitor the drivers.
Driver Verifier - Enable and Disable
Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.

   Information

Why Driver Verifier:
It puts a stress on the drivers, ans so it makes the unstable drivers crash. Hopefully the driver that crashes is recorded in the memory dump.

How Can we know that DV is enabled:
It will make the system bit of slow, laggy.

   Warning

Before enabling DV, make it sure that you have earlier System restore points made in your computer. You can check it easily by using CCleaner looking at Tools > System Restore.

If there is no points, make a System Restore Point manually before enabling DV.

   Tip

• If you fail to get on the Desktop because of DV, Boot into Advanced Boot Options > Safe mode. Disable DV there. Now boot normally again, and try following the instruction of enabling DV again.
• If you cannot boot in Safe mode too, do a System Restore to a point you made earlier.

Test your RAM modules for possible errors.
How to Test and Diagnose RAM Issues with Memtest86+
Run memtest for at least 8 passes, preferably overnight.

Let us know the results, with the subsequent crash dumps, if any.

 

[Injust]

Just BSOD'd right after restart for Driver Verifier The driver is amd_sata.sys.
I tried updating my drivers, but all my AMD drivers are up to date.
I'll try uninstalling the SATA driver now.
EDIT: I can't uninstall the SATA driver. IDK what to do now

 

[Arc]

It is Paragon Image Mounter (UIM) Plugin driver.

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {e1, fffff98001508f9c, 0, 0}

*** WARNING: Unable to verify timestamp for [URL="http://www.carrona.org/drivers/driver.php?id=uim_vimx64.sys"]uim_vimx64.sys[/URL]
*** ERROR: Module load completed but symbols could not be loaded for [URL="http://www.carrona.org/drivers/driver.php?id=uim_vimx64.sys"]uim_vimx64.sys[/URL]
Probably caused by : [URL="http://www.carrona.org/drivers/driver.php?id=uim_vimx64.sys"]uim_vimx64.sys[/URL] ( uim_vimx64+1827e )

Followup: MachineOwner
---------

Description here: Driver Reference Table - uim_vimx64.sys

I have seen a good number of issues caused by it .... Better you uninstall it.
Do you say that you have not installed Paragon? By any chance?

 

[Injust]

I have installed Paragon Backup & Recovery 12 Compact Edition.
It's from a giveaway.

 

[Arc]

As a test, uninstall paragon. It causes HDD malfunctioning in some cases, which lead to BSODs.

 

[Injust]

Aw shucks...
I got the Compact version from a giveaway. You can't get it normally, and there are many more features than the free version.
Should I try uninstalling it anyway? *Sigh* I use it to make backups every month.

 

[Injust]

I've just uninstalled Paragon, and will run the Driver Verifier too.

 

[Injust]

Arc, I've uninstalled Paragon, but the driver's still there.
Can I manually delete it?
EDIT: I've deleted all the Paragon drivers, and I'll re-run the Driver Verifier.

 

[Arc]

Delete them manually
Exactly the giveaway version .... all the paragon caused crashes I have noticed

 

[Injust]

Enabled Driver Verifier, restarted, and BSOD'd again at boot.
Driver was amd_sata.sys again.
Diagnostics files are attached.
My memory is fine, just did the test

 

[Arc]

There is no crash dump file in the zip you uploaded.

Free up the startup.

1. Click on the Start button
2. Type “msconfig (without quotes), click the resulting link. It will open the System Configuration window.
3. Select the “Startup” tab.
4. Deselect all items other than the antivirus.
5. Apply > OK
6. Accept then restart.

Then make it sure that the Crash Dump recording is properly configured.
Follow it: http://www.sevenforums.com/tutorials/174459-dump-files-configure-windows-create-bsod.html
Go to Option Two, Point 2. Download the .reg file and merge it in registry by double clicking it.

Search the .dmp files manually in the default path: C:\Windows\Minidump or %SystemRoot%\Minidump. Post it following the Blue Screen of Death (BSOD) Posting Instructions.

 

[Injust]

I don't know why there isn't a dump file, everything's properly configured now.
I deleted some drivers from Acronis and LogMeIn by description name because I uninstalled those programs.
Then, I enabled Driver Verifier and restarted the computer. Although it was laggy like **** (I'm running at 80% CPU, when I'm normally at 20% ), I was able to start without blue-screening.
I actually manually changed the Dumpfile to a Minidump, and it gave me an error to "change the pagefile size to over 1MB", when my pagefile is over 5800MB.
IDK why? Going to restart, hopefully I'll BSOD.

 

[Injust]

I haven't had any BSODs since my last post, so I'm marking this as solved. If I have any more issues, I'll re-open the thread.
Thanks!
Also, if anybody can, need help with my another issue, at http://www.sevenforums.com/general-discussion/282149-hard-drive-management-gone-haywire.html.