2ndOf3
asked on
BSOD ntoskrnl.exe
OS crashing to BSOD without warning.
Modification of system code or a critical data structure was detected. 052313-43617-01.dmp052313-43617-01.dmp
Window 7 home premium sp1 64 bit machine with AVG 2012 Free installed. Client reported some odd activity and possible virus. AVG could not remove. Client attempted Malwarebytes in safe mode and other fixes including CCleaner. Still was receiving this in AVG:
"C:\Windows\explorer.exe (2648):\memory_00200000";" Trojan horse Generic32.BQKA"
"C:\Windows\explorer.exe (2648)";"Trojan horse Generic32.BQKA"
Ran MRT in safe mode. Then uninstalled AVG and installed most current version and was able to get rid of the 'virus.' Client deosnt remember when the BSOD issue started. But thinks it was in the midst of trying to get rid of the virus.
Modification of system code or a critical data structure was detected. 052313-43617-01.dmp052313-43617-01.dmp
Window 7 home premium sp1 64 bit machine with AVG 2012 Free installed. Client reported some odd activity and possible virus. AVG could not remove. Client attempted Malwarebytes in safe mode and other fixes including CCleaner. Still was receiving this in AVG:
"C:\Windows\explorer.exe (2648):\memory_00200000";"
"C:\Windows\explorer.exe (2648)";"Trojan horse Generic32.BQKA"
Ran MRT in safe mode. Then uninstalled AVG and installed most current version and was able to get rid of the 'virus.' Client deosnt remember when the BSOD issue started. But thinks it was in the midst of trying to get rid of the virus.
Is it possible to boot into normal mode? If yes can you perform repair install (after making ure there are no more viruses)?
If you could boot up, download and run BitDefender Free Antivirus from:
< http://www.bitdefender.com/solutions/free.html >
< http://www.bitdefender.com/solutions/free.html >
ASKER
Ran Full Scan "Trend Micro Rescue disk did not detect any threats"
Malwarebytes, Hitman Pro, and Eset online scanner find NO viruses.
How do i repair the install? Normal mode works great other than the random BSOD.
Malwarebytes, Hitman Pro, and Eset online scanner find NO viruses.
How do i repair the install? Normal mode works great other than the random BSOD.
Dmp file is corrupted....i think the bsod was caused by avg. Uninstall avg and install malwarebytes or mse. Monitor the computer for a day.
Post results.
Ded9
Post results.
Ded9
Insert the installation disk into the ODD and perform "Update".
ASKER
ded9 - AVG has been uninstalled. Here is a dmp dile from a day earlier, maybe it is intact.
Marek1712 - This computer has no install disk, just a recovery partition. 052213-28236-01.dmp
Recovery manager options are: 1)MSFT Systm Restore, 2) MSFT startup repair, 3)system recovery.
Marek1712 - This computer has no install disk, just a recovery partition. 052213-28236-01.dmp
Recovery manager options are: 1)MSFT Systm Restore, 2) MSFT startup repair, 3)system recovery.
Find someone that has an OEM installation disc. It'll surely work.
ASKER
ded9 - BSOD happened again. The computer opens fine in normal mode. This time it crashed while viewing a single IE tab.
I will attempt to find a OEM installation disk.
I will attempt to find a OEM installation disk.
Dmp files are corrupted or the Microsoft bsod database does not have any info about this driver.
Try enabling drive verifier.
Enable driver verifier
1) Open an elevated command prompt
2) Type "verifier /standard /all" (no quotes)
3) Reboot your machine
4) Use machine again until it crashes
After the crash & reboot, go into safe mode with networking and upload the newest dmp file.
Disable driver verifier
1) Open an elevated command prompt
2) Type "verifier /reset" (no quotes)
3) Reboot your machine
Ded9
Try enabling drive verifier.
Enable driver verifier
1) Open an elevated command prompt
2) Type "verifier /standard /all" (no quotes)
3) Reboot your machine
4) Use machine again until it crashes
After the crash & reboot, go into safe mode with networking and upload the newest dmp file.
Disable driver verifier
1) Open an elevated command prompt
2) Type "verifier /reset" (no quotes)
3) Reboot your machine
Ded9
ASKER
It boots to BSOD now. Rebooting brings it to a repair restore screen. When that finishes the computer starts normally.
Where would i find the DMP file? There is NO new DMP in the C:\windows\minidump folder.
Where would i find the DMP file? There is NO new DMP in the C:\windows\minidump folder.
When you get the bsod after running the above commands then you need to boot in safe mode with networking and upload the dmp file.
Check whether system is configured to capture minidump.
http://blog.nirsoft.net/2010/07/27/how-to-configure-windows-to-create-minidump-files-on-bsod/
Ded9
Check whether system is configured to capture minidump.
http://blog.nirsoft.net/2010/07/27/how-to-configure-windows-to-create-minidump-files-on-bsod/
Ded9
ASKER
My minidump settings are exactly like in the link you sent.
There is no dmp file being created when the computer BSODs at startup. I will try a third time.
There is no dmp file being created when the computer BSODs at startup. I will try a third time.
ASKER
Opened in normal mode. Opened CMD using "run as administrator', typed in the verifier scrit provided above, rebooted. Windows begins to load and then BSOD. it is a different BSOD than before.
When i rebooted this time i started tapping F8 immediatley and was able to get to safe mode before i was forced to do the repair.
Here is the DMP file.
verifier-BSOD.JPG
052413-14586-01.dmp
When i rebooted this time i started tapping F8 immediatley and was able to get to safe mode before i was forced to do the repair.
Here is the DMP file.
verifier-BSOD.JPG
052413-14586-01.dmp
Again not much info in the dmp file ...but it does point to mcupdate.dll file (mcafee)
Boot the computer in safe mode with networking and then run mcafee removal tool to remove all traces of mcafee...also make sure you have disabled verifier
http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
Make sure you run a malwarebytes scan in safe mode with networking.
Post results.
Ded9
Boot the computer in safe mode with networking and then run mcafee removal tool to remove all traces of mcafee...also make sure you have disabled verifier
http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
Make sure you run a malwarebytes scan in safe mode with networking.
Post results.
Ded9
ASKER
Used mcafee uninstall tool,
Ran malwarebytes
here is log of what it found (I ran yesterday with no results)
I will reboot in normal mode now to see if BSOD returns
MBAM-log-2013-05-24--15-03-33-.txt
Ran malwarebytes
here is log of what it found (I ran yesterday with no results)
I will reboot in normal mode now to see if BSOD returns
MBAM-log-2013-05-24--15-03-33-.txt
I would also recommend a new user account ....after backing all the files from the old user account delete it.
If this is dell, hp kind of system then you can create your own OEM installation disk...just type recovery in search- normal mode or check manufacturer website on how to create this disk.
Ded9
If this is dell, hp kind of system then you can create your own OEM installation disk...just type recovery in search- normal mode or check manufacturer website on how to create this disk.
Ded9
ASKER
BSOD returned. Started Verifier as instructed in prior post. Rebooted and the startup failed. Here is the DMP file.
I am going to do a clean boot by changing settings in msconfig to see if the BSOD stops.
It is Memorial Day on monday and I will most likely not respond to posts until Tuesday.
Thanks for your help.
052513-13634-01.dmp
I am going to do a clean boot by changing settings in msconfig to see if the BSOD stops.
It is Memorial Day on monday and I will most likely not respond to posts until Tuesday.
Thanks for your help.
052513-13634-01.dmp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Go to C:\Windows\SysWOW64\config \systempro file\AppDa ta\Local\M icrosoft\W indows\Tem porary Internet Files\Content.IE5\ (might be easier using a command prompt). See if it has a massive amount of files. There is a rootkit virus that produces thousands and thousands of files here that hang up a lot of the anti-virus programs. Just fixed one presenting with BSOD among other issues and that was the key to being able to start getting rid of it. Once you get remove the huge amount of useless files, the programs can do their thing.
The command from this link helped me (using a different path):
https://www.experts-exchange.com/questions/22094886/How-to-delete-content-of-folder-Content-IE5-It-is-huge.html
The command from this link helped me (using a different path):
https://www.experts-exchange.com/questions/22094886/How-to-delete-content-of-folder-Content-IE5-It-is-huge.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was trying to avoid a OS reinstall, which is why I came to the experts-exchange. But in the end, as in many cases, the OS reinstall would have been faster.
< http://www.trendsecure.com/Info/Rescue_Disk/html/download.html >