Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flash-related BSOD; reinstalls do not work


  • Please log in to reply
9 replies to this topic

#1 RisingManes

RisingManes

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:07:57 PM

Posted 17 July 2013 - 01:31 AM

I have been getting BSoDs for the past month. Viewing Flash videos will BSoD the computer. Worse yet, the crash dump never goes through, though it does mention the Nvidia driver. After much trial and error, I have determined that:

  • They only happen when Flash is installed.
  • Gaming is completely unaffected. Testing on 3DMark's Cloud Gate shows the GPU is fine.
  • Reinstalls don't fix the problem. Neither does updating the GPU driver.

I'm tempted to get a "Flash repair kit" program, but I need your input before I do so. Is this a good idea? 



BC AdBot (Login to Remove)

 


#2 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:27 AM

Posted 17 July 2013 - 01:49 AM

Hi
 
Welcome to the Bleeping Computer forum.   :welcome:
 
We need to collect some basic info to analyze and find the reason behind the crashes. So please follow the below steps.
 
:step1:  Post the full spec or model number of your Laptop\PC
 
:step2: Open C:\Windows\Minidump folder. Copy and  zip the entire contents of that folder and upload to any free file hosting site of your choice. You may have to disable UAC to copy them.
 
Example file hosting sites :
 
 
 
 
 
 
 
Post the download link to the dumps in next reply.
 
:step3:  Generate a report about your system using Speccy by reading the guide below. Make sure to run the Speccy after running the system about one or more hour. This will give us an indication of current CPU -GPU temperature status.
 
 
 Post the web link displayed by Speccy in next reply.
 
:step4:  Download and run Minitoolbox from http://www.bleepingcomputer.com/download/minitoolbox/
 
    Run the tool and only select the following tick boxes.
 
    -List last 10 Event viewer errors
    -List installed programs
    -List devices
    -List users, partition and memory size
 
Now click "Go" and post the output in next reply  (or upload the result.txt with dump files)

Edited by Anshad Edavana, 17 July 2013 - 02:04 AM.


#3 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:07:57 PM

Posted 17 July 2013 - 02:06 AM

It got worse. For the second time ever, Windows failed to start. I'm currently attempting a startup repair, and I'll let you know.
 
UPDATE: It seems I cannot copypaste the content of the minidump, despite being an admin. Something is afoot.
 

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>copy C:\Windows\Minidump\071313-22604-01.dmp
Access is denied.
        0 file(s) copied.


Am I not the administrator? I'm running the command prompt on admin...

 

Regardless: I will fill you in on what I can. The model is a Gateway DX4840.

 

The Speccy link:

 

http://speccy.piriform.com/results/vrvvtXUWUKrOZb5arUiD3ep

 

And finally, the output... my, my. This is quite long. Here's a Pastebin instead.

 

http://pastebin.com/eWggHZX5


Edited by RisingManes, 17 July 2013 - 03:00 AM.


#4 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:27 AM

Posted 17 July 2013 - 03:15 AM

Hi

 

Thanks for the update but the crash dumps are the most needed one. You need to disable UAC and restart the system to copy the dumps.

 

http://windows.microsoft.com/en-in/windows-vista/turn-user-account-control-on-or-off

 

 

I forgot to say about that.

 

Are you getting the same error with all different browsers ?


Edited by Anshad Edavana, 17 July 2013 - 03:18 AM.


#5 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:07:57 PM

Posted 17 July 2013 - 01:36 PM

If I have Chrome use the PC's plugin rather than its native one, then yes.

 

I disabled UAC, but it still wouldn't let me copy the file, asking for Administrator permissions. Also, explorer.exe froze before I could interact with Windows, so I'm beginning to suspect a piece of malware is the culprit.

 

I'm going to try again in safe mode.



#6 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:07:57 PM

Posted 17 July 2013 - 01:48 PM

e1802624f902da8d6374f43535eb0a1a.png

This is getting stupid.

 

Should also mention that I keep getting UAC requests from a... SystemPerformanceProperies.exe, was it? And it's published by Unknown. That one raised alarm bells, and I only just noticed now.


Edited by RisingManes, 17 July 2013 - 02:01 PM.


#7 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:07:57 PM

Posted 17 July 2013 - 10:52 PM

Hello? I'm unsure on whether bumping the thread constitutes a violation as it does on most others, but I'd like to have the computer back at working capacity. Please respond.



#8 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:27 AM

Posted 17 July 2013 - 11:47 PM

Hi

 

We are in different timezone so please understand that there may be a delay in response. Without the crash dumps it is really hard to find the reason. Please try these steps.

 

:step1: Update Direct X by running the below tool.

 

http://www.microsoft.com/en-in/download/details.aspx?id=35

 

:step2: Scan for malwares using the below programs.

 

TDSS killerhttp://www.bleepingcomputer.com/download/tdsskiller/

 

ESET online scannerhttp://www.eset.com/int/online-scanner-popup/

 

Malwarebytes freehttps://www.bleepingcomputer.com/download/malwarebytes-anti-malware//

 

 

:step3: If the above steps didn't helps , Uninstall flash player plug-in and Google chrome browser. Download and install latest Chrome and observe how the flash videos works in it. Please leave the Chrome to it's default settings. 

 

Don't manually update the flash player. Use Chrome's default updater to do that.

 

https://support.google.com/chrome/answer/95414?hl=en

 

 

Let me know your findings. 


Edited by Anshad Edavana, 18 July 2013 - 12:18 AM.


#9 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:07:57 PM

Posted 18 July 2013 - 09:05 AM

It is worth noting that I uninstalled Flash prior to making the thread to increase OS stability.

My findings so far:

After installing DirectX, the file operation did request my permission. After giving it, it still would refuse to work.

TDSSKiller.exe did, in fact, find 3 threats. After quarantine failed (among them was Akamai, which I recognized), I wound up deleting them. No change from before.

Curiously, after running TDSSKiller, two filepaths showed up on my Recent Folders tab in Windows Explorer, among them System32. Screenshots and paths of the other two are as follows:
C:\Windows\System32\Macromed\Flash
http://gyazo.com/cada9e05c1b718b0326047f97ad77a53.png

C:\Windows\SysWOW64\Macromed\Flash
http://gyazo.com/1c8021900a68cc4cf2d7b45fc69c6151.png

Doing a test rar of these files, I have found that a copy of the latter attempted to latch onto my desktop the same way the dump file is doing.

Upon several tries, the copy was deleted.

ESET was handy in removing some things I didn't actually want. The log is as follows:

C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\49EIPlug.dll    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\49EZSETP.dll    a variant of Win32/Toolbar.MyWebSearch.Q application    cleaned by deleting - quarantined
C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISb.dll    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Users\Lamira\AppData\LocalLow\UtilityChest_49EI\Installr\Cache\00047399.exe    a variant of Win32/Toolbar.MyWebSearch.O application    cleaned by deleting - quarantined
C:\Users\Lamira\Downloads\SoftonicDownloader_para_windows-live-messenger-2009.exe    a variant of Win32/SoftonicDownloader.A application    cleaned by deleting - quarantined
C:\Users\Lamira\Downloads\Installations\Programs\Apponic_Downloader_for_APNG_Assembler_2_1.exe    a variant of Win32/InstallCore.AY application    cleaned by deleting - quarantined
C:\Users\Lamira\Downloads\Installations\Programs\cbsidlm-tr1_7-GameBoost-10312315.exe    Win32/DownloadAdmin.D application    cleaned by deleting - quarantined
C:\Users\Lamira\Downloads\Installations\Programs\MsgPlusLive-490.exe    a variant of Win32/MessengerPlus application    cleaned by deleting - quarantined
C:\Users\Lamira\Downloads\Installations\Programs\SoftonicDownloader64828.exe    a variant of Win32/SoftonicDownloader.A application    cleaned by deleting - quarantined

Ran MalwareBytes, which detected nothing.

Still cannot copy the minidump file, though I had UAC on at the time. Installing Flash through normal means, and a cursory test, shows it works,

but I don't trust it entirely yet, and I have been awake for well over 20 hours at this point due to unrelated reasons.

I have this screenshot from Firefox, my browser of choice:

0161a163bd6cd54c041089bde3e8724a.png

Disabling the outdated Shockwave Flash disables all of Flash on Firefox.

Right now, I'm interested in enabling overwriting the crash dump for future diagnoses. Any suggestions?


Edited by RisingManes, 18 July 2013 - 01:32 PM.


#10 Anshad Edavana

Anshad Edavana

  • Members
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:27 AM

Posted 18 July 2013 - 11:24 AM

Hi

 

Kaspersky TDSS killer is a special utility used to find and remove a limited number of the most dangerous malwares belongs to the family rootkits. Even if it found a single threat, it means you got the most notorious infection which may require manual removal. 

 

What you should do next is to open a malware removal help request by reading the below guidelines. A trained malware helper will assist you to inspect the system and remove if there are any remnants of the rootkit.

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

Since the number of malware removal requests are very large, you may have to wait a little to get help from the Malware Response Team.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users