Solved

BSOD ntoskrnl.exe

Posted on 2013-05-23
22
729 Views
Last Modified: 2013-06-08
OS crashing to BSOD without warning.
Modification of system code or a critical data structure was detected. 052313-43617-01.dmp052313-43617-01.dmp

Window 7 home premium sp1 64 bit machine with AVG 2012 Free installed. Client reported some odd activity and possible virus. AVG could not remove. Client attempted Malwarebytes in safe mode and other fixes including CCleaner. Still was receiving this in AVG:

"C:\Windows\explorer.exe (2648):\memory_00200000";"Trojan horse Generic32.BQKA"
 
"C:\Windows\explorer.exe (2648)";"Trojan horse Generic32.BQKA"

Ran MRT in safe mode. Then uninstalled AVG and installed most current version and was able to get rid of the 'virus.' Client deosnt remember when the BSOD issue started. But thinks it was in the midst of trying to get rid of the virus.
0
Comment
Question by:2ndOf3
  • 10
  • 6
  • 3
  • +2
22 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39191643
Boot up from a Trend Micro Rescue Disk and scan for virii:

http://www.trendsecure.com/Info/Rescue_Disk/html/download.html >
0
 
LVL 11

Expert Comment

by:marek1712
ID: 39191746
Is it possible to boot into normal mode? If yes can you perform repair install (after making ure there are no more viruses)?
0
 
LVL 24

Expert Comment

by:aadih
ID: 39191758
If you could boot up, download and run BitDefender Free Antivirus from:

http://www.bitdefender.com/solutions/free.html >
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:2ndOf3
ID: 39191789
Ran Full Scan "Trend Micro Rescue disk did not detect any threats"
Malwarebytes, Hitman Pro, and Eset online scanner find NO viruses.


How do i repair the install? Normal mode works great other than the random BSOD.
0
 
LVL 30

Expert Comment

by:ded9
ID: 39191925
Dmp file is corrupted....i think the bsod was caused by avg. Uninstall avg and install malwarebytes or mse. Monitor the computer for a day.


Post results.



Ded9
0
 
LVL 11

Expert Comment

by:marek1712
ID: 39191944
Insert the installation disk into the ODD and perform "Update".
0
 

Author Comment

by:2ndOf3
ID: 39192069
ded9 - AVG has been uninstalled. Here is a dmp dile from a day earlier, maybe it is intact.

Marek1712 - This computer has no install disk, just a recovery partition. 052213-28236-01.dmp

Recovery manager options are: 1)MSFT Systm Restore, 2) MSFT startup repair, 3)system recovery.
0
 
LVL 11

Expert Comment

by:marek1712
ID: 39192105
Find someone that has an OEM installation disc. It'll surely work.
0
 

Author Comment

by:2ndOf3
ID: 39192275
ded9 - BSOD happened again. The computer opens fine in normal mode. This time it crashed while viewing a single IE tab.

I will attempt to find a OEM installation disk.
0
 
LVL 30

Expert Comment

by:ded9
ID: 39193482
Dmp files are corrupted or the Microsoft bsod database does not have any info about this driver.


Try enabling drive verifier.

Enable driver verifier
1) Open an elevated command prompt
2) Type "verifier /standard /all"  (no quotes)
3) Reboot your machine
4) Use machine again until it crashes

After the crash & reboot, go into safe mode with networking and upload the newest dmp file.  

Disable driver verifier
1) Open an elevated command prompt
2) Type "verifier /reset" (no quotes)
3) Reboot your machine




Ded9
0
 

Author Comment

by:2ndOf3
ID: 39194608
It boots to BSOD now. Rebooting brings it to a repair restore screen. When that finishes the computer starts normally.

Where would i find the DMP file? There is NO new DMP in the C:\windows\minidump folder.
0
 
LVL 30

Expert Comment

by:ded9
ID: 39194702
When you get the bsod after running the above commands then you need to boot in safe mode with networking and upload the dmp file.

Check whether system is configured to capture minidump.

http://blog.nirsoft.net/2010/07/27/how-to-configure-windows-to-create-minidump-files-on-bsod/



Ded9
0
 

Author Comment

by:2ndOf3
ID: 39194739
My minidump settings are exactly like in the link you sent.

There is no dmp file being created when the computer BSODs at startup. I will try a third time.
0
 

Author Comment

by:2ndOf3
ID: 39194816
Opened in normal mode. Opened CMD using "run as administrator', typed in the verifier scrit provided above, rebooted. Windows begins to load and then BSOD. it is a different BSOD than before.
When i rebooted this time i started tapping F8 immediatley and was able to get to safe mode before i was forced to do the repair.
Here is the DMP file.
verifier-BSOD.JPG
052413-14586-01.dmp
0
 
LVL 30

Expert Comment

by:ded9
ID: 39195099
Again not much info in the dmp file ...but it does point to mcupdate.dll file (mcafee)

Boot the computer in safe mode with networking and then run mcafee removal tool to remove all traces of mcafee...also make sure you have disabled verifier



http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Make sure you run a malwarebytes scan in safe mode with networking.

Post results.


Ded9
0
 

Author Comment

by:2ndOf3
ID: 39195530
Used mcafee uninstall tool,
Ran malwarebytes
here is log of what it found (I ran yesterday with no results)

I will reboot in normal mode now to see if BSOD returns
MBAM-log-2013-05-24--15-03-33-.txt
0
 
LVL 30

Expert Comment

by:ded9
ID: 39196077
I would also recommend a new user account ....after backing all the files from the old user account delete it.

If this is dell, hp kind of system then you can create your own OEM installation disk...just type recovery  in search- normal mode or check manufacturer website on how to create this disk.





Ded9
0
 

Author Comment

by:2ndOf3
ID: 39196639
BSOD returned. Started Verifier as instructed in prior post. Rebooted and the startup failed. Here is the DMP file.

I am going to do a clean boot by changing settings in msconfig to see if the BSOD stops.

It is Memorial Day on monday and I will most likely not respond to posts until Tuesday.

Thanks for your help.
052513-13634-01.dmp
0
 
LVL 30

Accepted Solution

by:
ded9 earned 200 total points
ID: 39196723
No much info in the dmp file...i think the best option is to create the oem disc...backup data and reinstall windows.



Ded9
0
 
LVL 3

Expert Comment

by:ComputerMunkey
ID: 39211341
Go to C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\  (might be easier using a command prompt).  See if it has a massive amount of files.  There is a rootkit virus that produces thousands and thousands of files here that hang up a lot of the anti-virus programs.  Just fixed one presenting with BSOD among other issues and that was the key to being able to start getting rid of it.  Once you get remove the huge amount of useless files, the programs can do their thing.  

The command from this link helped me (using a different path):  
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/2000/Q_22094886.html
0
 

Assisted Solution

by:2ndOf3
2ndOf3 earned 0 total points
ID: 39216502
Thanks for everyones help.
The easiest solution was to reinstall the OS. Issue has cleared up.
0
 

Author Closing Comment

by:2ndOf3
ID: 39231327
I was trying to avoid a OS reinstall, which is why I came to the experts-exchange. But in the end, as in many cases, the OS reinstall would have been faster.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
recover deleted files by error 37 109
changing harddisk on computer in corporate 10 47
Moving from Windows 7 to Windows 10... 13 47
Missing page content. 7 30
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
An article on effective troubleshooting
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question