Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSODs, Possible caused by driver or Virus etc


  • Please log in to reply
13 replies to this topic

#1 schweppes4rums

schweppes4rums

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 13 January 2016 - 06:23 AM

Hello All , 

 

I'm new to the forum and this is my first post.  Looking at the help this site gives is immeasurable , i hope someone can help me with BSODs im getting quite frequently when im attempting to fix it.

 

Please find my bug report .txt zipped file created with Nirsofts Blue Screen View.  It has been pointing to a specific driver ntkrnlpa.exe that has been the cause of most of the crashes. 

 

I have ran numerous anti virus , anti rootkit tests,  including GMER, Combofix, Malware Bytes, Comodo Cleaning Essentials and recently EMSIsoft which did find Win32 Bunndle virus which has now been deleted.   GMER does advice rootkit like behaviour but when i test the MBR for any changes using mbrchecker is advises \PhysicalDrive0   Windows 7 MBR code detected  -- which means that the MBR has not been modified.  

 

The driver is a kernal system file so i attempting to do a sysprep but this also crashed somehow.   Also it has been frequently crashing when scanning with Rogue Killer and it is usually crashing when searching for rootkits. 

 

Would anyone be interested to help locate this cause, perhaps checking out my GMER, Combofix logs to help determine the fault, would be much appreciated.. Ive been on this a whole week and have another issue with Comodo Internet Security not installing as i can not seem to get rid of all its Registry entries using Regedt32 , my permissions to delete them are denied even though i am logged in as Admin. It suddenly stopped working and cut my internet connection which i suspected was caused by virus perhaps.. 

 

Thanks in advance... 

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:51 PM

Posted 13 January 2016 - 07:16 AM

ntoskrnl.exe (also seen as ntkrnlpa.exe, ntkrnlmp.exe, or ntkrpamp.exe) is the kernel (core) of the Windows operating system.  It is protected by security features and the Windows System File Checker.  As such, if this file was to blame, you'd be experiencing many more problems other than the occasional BSOD.

In most cases this file is blamed because another file (typically a 3rd party driver) has corrupted the memory space that ntoskrnl.exe considers as it's own.  When this happens, ntoskrnl.exe typically finds unknown data (from the 3rd party driver) in it's memory space.  At this point the OS panics and throws a BSOD to prevent damage to the system.

More info here:  https://en.wikipedia.org/wiki/Ntoskrnl.exe

Now, please note that your Driver Verifier enabled memory dumps tend to blame networking components (mostly tcpipreg.sys)

While this is a Windows driver, we presume that Windows drivers aren't likely to be at fault because of the error correcting mechanisms built into Windows.

That leaves us with 3rd party drivers as the most likely cause (followed by hardware, then by Windows drivers)

 

Interestingly, you're having issues with Comodo.
We also know, from past experience, that we have frequent problems with Comodo in some Windows systems

The easiest way to uninstall Comodo would be to reinstall the program, then uninstall it.  The hope being that the reinstallation will fix the problems that prevented the uninstallation in the first place.

 

Beyond that, here's how to uninstall the firewall:  https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/8/0/firewall-uninstall-issues

 

So, I would suggest first having your system looked at in the Am I Infected forum:
 

 

If infected, I'd suggest posting over in the Am I Infected forum:  http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Please read the pinned topics at the top of the forum for instructions on how to post there.

 

Then, when they give you a clean bill of health, if the problems still exist let's go at this in 2 ways:

- a manual removal of the Comodo stuff

- Beyond that, let's try looking at these reports:
 

Please run this report collecting tool (even though you may not be reporting BSOD's) so we can provide a complete analysis:  http://omgdebugging.com/bsod-inspector/
When done a Notepad document will open with the name of the file and it's location.
By default it'll be a .zip file located on your Desktop
Simply upload the .zip file with your next post and we'll move on from there.

 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 schweppes4rums

schweppes4rums
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 13 January 2016 - 07:30 AM

Nice post Usasma,  Very knowledgeable, thanks for the wiki link.  

 

I've tried numerate times to uninstall and reinstall the latest version of comodo without success,  ive posted for some help on comodo forum but had the usual try uninstalling via the recommendations of a forum discussion on this topic posted by Chiron, who provided advice to use Revo unintaller and Comodo cleaning tool, neither has been able to fully clean the registry of entries assigned to comodo such as cmdagent etc which all seem to need deletion to help force comodo to stay put after a system reboot. 

 

I will do as you say and post in the "am i infected forum" and get back to you ASAP.  

 

thanks for the quick response on this.. 



#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:51 PM

Posted 13 January 2016 - 07:44 AM

I spend most of my time working with stuff in the kernel space - so I've been up to date on this stuff for a long while now.

 

You go lucky and hit me on one of my days off.  Otherwise I'd be at work and you'd still be waiting for a reply :0)

 

We can manually remove the Comodo stuff if needed - but let's see what happens in the Am I Infected forums first.

As I recall, there may be some additional things to search for - but I'll have to research that prior to starting on the manual removal.


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 schweppes4rums

schweppes4rums
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 13 January 2016 - 08:15 AM

Hello Usasma,  I'm lucky you're around then , i've ran bsod inspector downloaded from the link you provided and run it as administrator , during the scan it fails and stops with windows found a problem and then continues but then does not post the log at the desktop.  Where are the logs saved ? 



#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:51 PM

Posted 13 January 2016 - 05:04 PM

Try this one instead:  http://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

 

If that doesn't work, then try these 3 things:

 

Upload Dump Files:
NOTE:  If using a disk cleaning utility, please stop using it while we are troubleshooting your issues.
Please go to C:\Windows\Minidump and zip up the contents of the folder.  Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there.  If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP.  If you find it, zip it up and upload it to a free file hosting service.  Then post the link to it in your topic so that we can download it. 

Also, search your entire hard drive for files ending in .dmp, .mdmp, and .hdmp.  Zip up any that you find and upload them with your next post.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file):  http://www.carrona.org/setmini.html
More info on dump file options here: http://support.microsoft.com/kb/254649

MSINFO32:
Please go to Start and type in "msinfo32.exe" (without the quotes) and press Enter
Save the report as an .nfo file, then zip up the .nfo file and upload/attach the .zip file with your next post.
Also, save a copy as a .txt file and include it also (it's much more difficult to read, but we have greater success in getting the info from it).

If you're having difficulties with the format, please open an elevated (Run as administrator) Command Prompt and type (or copy/paste) "msinfo32 /nfo %USERPROFILE%\Desktop\TEST.NFO" (without the quotes) and press Enter.  Then navigate to Desktop to retrieve the TEST.NFO file.  If you have difficulties with making this work, please post back.  Then zip up the .nfo file and upload/attach the .zip file with your next post.

systeminfo:
Please open an elevated (Run as administrator) Command Prompt and type (or copy/paste) "systeminfo.exe >%USERPROFILE%\Desktop\systeminfo.txt" (without the quotes) and press Enter.  Then navigate to Desktop to retrieve the syteminfo.txt file.  If you have difficulties with making this work, please post back.  Then zip up the .txt file and upload/attach the .zip file with your next post.

 


Edited by usasma, 13 January 2016 - 05:04 PM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 schweppes4rums

schweppes4rums
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 14 January 2016 - 12:40 AM

Morning Usasma, Hope all is well. 

 

 

I've ran Systanitive successfully,  I was requested to post in the Virus, Trojan, Spyware, and Malware Removal Logs forum , http://www.bleepingcomputer.com/forums/t/602117/requested-to-post-topic-here-to-check-if-infected-please-help/

 

Still waiting for anyone to get back to me.  Please find the attached zipped Systanative dmps.

 

I hope these would help shed some light on why im getting these BSOD's on my system. 

 

thanks .. 

 

 

Attached File  SysnativeFileCollectionApp.zip   2.91MB   1 downloads

 

 

 

 

 

 

 

 



#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:51 PM

Posted 14 January 2016 - 05:30 PM

Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  In particular, this missing driver is critical and needs Windows Updates to update: 

Security Processor Loader Driver    ROOT\LEGACY_SPLDR\0000    This device is not present, is not working properly, or does not have all its drivers installed.

 

Also, there's enough problems in the WER section of MSINFO32 that I suspect malware.

Malware work takes precedence over the BSOD work.

 

Daemon Tools (and Alcohol % software) are known to cause BSOD's on some Windows systems (mostly due to the sptd.sys driver, although I have seen both dtsoftbus01.sys and dtscsibus.sys blamed on several occasions).

Please un-install the program, then use the following free tool to ensure that the troublesome sptd.sys driver is removed from your system (pick the 32 or 64 bit system depending on your system's configuration):  New link (15 Aug 2012):  http://www.duplexsecure.com/downloads (pick the appropriate version for your system and select "Un-install" when you run it).
Alternate link:  http://www.disc-tools.com/download/sptd
Manual procedure here:  http://daemonpro-help.com/en/problems_and_solutions/registry_and_sptd_problems.html
NOTE:  The uninstaller may not find the SPTD.sys driver.  Don't worry about it, just let us know in your post.

There's several BSOD's here:

- those due to TrueSight.sys - a driver for RogueKiller.  Please uninstall that program.

- those due to PeerBlock (pbfilter.sys).  Please uninstall that program.

- those due to Comodo (cmdguard.sys and tcpipreg.sys)

- and one due to disk hardware (please run a free hard drive diagnostic:  http://www.carrona.org/hddiag.html )

 

If running Driver Verifier, please turn it off now.  It has served it's purpose and is no longer needed.

 

The 2005/6 version of ASACPI.sys (the Asus ATK0110 ACPI Utility driver) is known to cause BSOD's on Windows systems.  Please update to the 2009 version available at the Asus support website for your mobo.  If unable to find it, please post back with the make/model of your mobo so we can research it.
 

Analysis:
The following is for informational purposes only.

**************************Wed Jan 13 05:26:02.057 2016 (UTC - 5:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\011316-8782-01.dmp]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Built by: 7601.18939.x86fre.win7sp1_gdr.150722-0600
System Uptime: 0 days 0:49:22.133
*** WARNING: Unable to verify timestamp for pbfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for pbfilter.sys
*** WARNING: Unable to verify timestamp for TrueSight.sys
*** ERROR: Module load completed but symbols could not be loaded for TrueSight.sys
Probably caused by : pbfilter.sys ( pbfilter+2419 )
BugCheck A, {80741004, 2, 1, 841034f6}
BugCheck Info: IRQL_NOT_LESS_OR_EQUAL (a)
Arguments:
Arg1: 80741004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 841034f6, address which referenced memory
BUGCHECK_STR:  0xA
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  0xA_pbfilter+2419
CPUID:        "Genuine Intel® CPU           U2300  @ 1.20GHz"
MaxSpeed:     1200
CurrentSpeed: 1236
  BIOS Version                  206    
  BIOS Release Date             08/20/2009
  Manufacturer                  ASUSTeK Computer Inc.        
  Product Name                  UL30A               
  Baseboard Product             UL30A     
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

The rest of the memory dump summaries are hidden in the Spoiler tag below.  Click on "Show" to reveal them.

Spoiler




3rd Party Drivers:
The following is for information purposes only.

**************************Wed Jan 13 05:26:02.057 2016 (UTC - 5:00)**************************
ATKACPI.sys                 Thu Dec 14 02:11:57 2006 (4580F93D)
L1C62x86.sys                Wed Apr  1 01:07:46 2009 (49D2F6A2)
intelppm.sys                Mon Jul 13 19:11:03 2009 (4A5BBF07)
amdxata.sys                 Fri Mar 19 12:19:01 2010 (4BA3A3F5)
igdkmd32.sys                Fri Feb 11 14:12:10 2011 (4D558A0A)
athr.sys                    Tue Jun 21 04:00:51 2011 (4E004FB3)
truecrypt.sys               Tue Feb  7 04:09:26 2012 (4F30EA46)
tap0901.sys                 Thu Aug 22 08:40:00 2013 (521606A0)
VBoxNetFlt.sys              Fri Nov  1 12:08:49 2013 (5273D211)
VBoxUSBMon.sys              Fri Nov  1 12:08:49 2013 (5273D211)
VBoxNetAdp.sys              Fri Nov  1 12:08:49 2013 (5273D211)
VBoxDrv.sys                 Fri Nov  1 12:09:46 2013 (5273D24A)
pbfilter.sys                Tue Nov 19 00:55:22 2013 (528AFD4A)
pwdrvio.sys                 Wed Jun 18 20:57:18 2014 (53A2356E)
dtlitescsibus.sys           Thu Mar 26 22:05:38 2015 (5514BAF2)
mbam.sys                    Tue Aug 11 13:35:14 2015 (55CA3252)
TrueSight.sys               Wed Oct  7 02:08:53 2015 (5614B6F5)
pssnap.sys                  Mon Oct 12 10:39:20 2015 (561BC618)
epp.sys                     Fri Oct 23 11:30:30 2015 (562A5296)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jan 12 04:38:23.247 2016 (UTC - 5:00)**************************
pxkbf.sys                   Thu Nov 25 11:04:37 2010 (4CEE8915)
pxscan.sys                  Thu Nov 25 11:04:39 2010 (4CEE8917)
pxrts.sys                   Thu Nov 25 11:04:41 2010 (4CEE8919)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Jan 11 16:23:27.955 2016 (UTC - 5:00)**************************
mbr.sys                     Sun Nov  7 03:39:54 2010 (4CD665DA)
aswVmm.sys                  Mon Apr 28 07:15:20 2014 (535E3848)
aswMBR.sys                  Thu Nov 13 07:03:50 2014 (54649E26)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jan 10 04:37:24.030 2016 (UTC - 5:00)**************************
ccekrnl.dat                 Sun Jul  8 21:46:20 2012 (4FFA37EC)
cmdhlp.sys                  Tue Aug  4 19:18:41 2015 (55C14851)
cmderd.sys                  Wed Nov 18 11:44:20 2015 (564CAAE4)
cmdguard.sys                Wed Nov 18 11:45:05 2015 (564CAB11)
hitmanpro37.sys             Wed Dec  9 11:09:33 2015 (5668523D)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat Jan  9 02:41:18.992 2016 (UTC - 5:00)**************************
CFRMD.sys                   Tue Jul 17 01:05:30 2012 (5004F29A)
inspect.sys                 Tue Aug  4 19:18:31 2015 (55C14847)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jan  5 06:11:35.233 2016 (UTC - 5:00)**************************
ambakdrv.sys                Tue Dec 25 03:45:55 2012 (50D967C3)
ammntdrv.sys                Tue Dec 25 03:45:56 2012 (50D967C4)
amwrtdrv.sys                Tue Dec 25 03:45:56 2012 (50D967C4)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Dec 23 20:20:25.081 2015 (UTC - 5:00)**************************
hmd.sys                     Tue Oct  1 07:04:06 2013 (524AAC26)
http://www.carrona.org/drivers/driver.php?id=ATKACPI.sys
http://www.carrona.org/drivers/driver.php?id=L1C62x86.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd32.sys
http://www.carrona.org/drivers/driver.php?id=athr.sys
http://www.carrona.org/drivers/driver.php?id=truecrypt.sys
http://www.carrona.org/drivers/driver.php?id=tap0901.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetFlt.sys
http://www.carrona.org/drivers/driver.php?id=VBoxUSBMon.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetAdp.sys
http://www.carrona.org/drivers/driver.php?id=VBoxDrv.sys
http://www.carrona.org/drivers/driver.php?id=pbfilter.sys
http://www.carrona.org/drivers/driver.php?id=pwdrvio.sys
http://www.carrona.org/drivers/driver.php?id=dtlitescsibus.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
TrueSight.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=pssnap.sys
epp.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=pxkbf.sys
http://www.carrona.org/drivers/driver.php?id=pxscan.sys
http://www.carrona.org/drivers/driver.php?id=pxrts.sys
http://www.carrona.org/drivers/driver.php?id=mbr.sys
http://www.carrona.org/drivers/driver.php?id=aswVmm.sys
http://www.carrona.org/drivers/driver.php?id=aswMBR.sys
ccekrnl.dat - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=cmdhlp.sys
http://www.carrona.org/drivers/driver.php?id=cmderd.sys
http://www.carrona.org/drivers/driver.php?id=cmdguard.sys
http://www.carrona.org/drivers/driver.php?id=hitmanpro37.sys
http://www.carrona.org/drivers/driver.php?id=CFRMD.sys
http://www.carrona.org/drivers/driver.php?id=inspect.sys
http://www.carrona.org/drivers/driver.php?id=ambakdrv.sys
http://www.carrona.org/drivers/driver.php?id=ammntdrv.sys
http://www.carrona.org/drivers/driver.php?id=amwrtdrv.sys
http://www.carrona.org/drivers/driver.php?id=hmd.sys
 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 schweppes4rums

schweppes4rums
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 15 January 2016 - 01:36 PM

Hello Usasma , unbelievably i'm now having problem downloading any updates , found a number of important updates to download but the windows update is stuck and hung on 0% with the green download worm  bar running it seems forever.  Running Windows Fix it doesnt solve this problem either.  I'm looking now for a solution to this problem and will get back to you if i get it to darn download.  

 

My Event viewer shows The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state. So i'm not sure what this means. 

 

I've uninstalled the programs you have recommended in your previous post.  The download for SPTD.sys   did not find the SPTD driver.

 

I'm surprised you have found a BSOD with hardware issue as i recently installed a new Sandisk Ultra Pro 2 SSD drive to this laptop. 

 

I do not have a CD burner or even a cd slot with this laptop so i'm unsure how to go about running the hardware diagnostic you provided a link for since you need to burn an img of an ISO.

 

I've also checked for the driver in question ATK0110 ACPI Utility driver at the Asus support but can not find one specific for the windows 7. 

 

thanks for the guidance on this. 



#10 schweppes4rums

schweppes4rums
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 15 January 2016 - 03:39 PM

Hello Usasma,  I'm afraid i'm not able to update windows, it is currently hung on checking for updates, the green worm bar just keeps loading.  I had ran windows diagnostic tool which cleaned out the update history and fixed what it advised was some security settings that had been changed but it was not able to install updates.   I have even attempted to delete the contents of the software distribution folder but was unable to as it advised access denied on a few of folders. 

 

Im thinking i definetely seem to have some malware here that may have changed also the security settings for windows update and is why i can not seem to download and install any new updates. 

 

Do you have any fresh ideas of what i can do here. 

 

Much appreciated. 



#11 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:51 PM

Posted 17 January 2016 - 03:46 PM

If infected, I'd suggest posting over in the Am I Infected forum:  http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Please read the pinned topics at the top of the forum for instructions on how to post there.

Here's what to try for Windows Updates:

There's not many experts at fixing Windows Updates.
I am not one of them.
But the few experts that there are a sorely overworked - so getting a reply will be difficult.
I'll continue to attempt to help here, but please bear with me.


First, please try the Windows Update troubleshooter/fixes listed here:
Windows Update Troubleshooter:  https://support.microsoft.com/en-us/gp/windows-update-issues/en-us
Windows Update Troubleshooter KB article:  https://support.microsoft.com/en-us/kb/2714434
Reset Windows Update Components KB article:  https://support.microsoft.com/en-us/kb/971058

Then, if that doesn't fix the Windows Update problem, please do the following 2 things. (copied from here:  http://www.sysnative.com/forums/windows-update/4736-windows-update-forum-posting-instructions.html ):

Run SFCFix

    This free tool of neimiro's creation (see above link) is a very good starting point for the diagnosis and repair of all Windows Update and System File Checker corruptions. We therefore need you to run this tool prior to collecting logfiles.

        -  First download and run a copy of the tool from http://www.sysnative.com/niemiro/apps/SFCFix.exe.
        -  Work through any on-screen prompts and then await completion (runtime is approximately 15 minutes).
        -  Once it has finished, if there are any unrepaired corruptions (the tool will notify you if it has succeeded in repairing all corruptions if they're simple in which case we're no longer needed) or unresolved problems with your computer, you need to post us the complete logfile which opens on exit. Simply copy (Ctrl-A, Ctrl-C) and paste (Ctrl-V) the entire logfile into your new thread (also know as a 'topic'). How to create a new thread is shown later on in this post.

Export CBS folder
NOTE:  This is not for me (I can't read them).  This is in case you decide to post in the OS forums asking for help from the experts. 

        -  On Windows 8/10, press the Windows key, type This PC, and press Enter.
        -  On Windows Vista/7, click the Start button StartButton_16x16.gif then click Computer.
        -  Double-click on the C: drive, under the Hard Disk Drives category, and then scroll down to, and double click on the Windows folder.
        -  Find and double click on the Logs folder.
        -  Right-click on the CBS folder, and select Copy.
        -  Go back to your Desktop, right-click on it, and select Paste. You should now see a copy of the CBS folder appear on your Desktop called CBS.
        -  Right-click on this new folder, and navigate through Send to, and select Compressed (zipped) folder.
        -  A new file, also called CBS (CBS.zip), but this time with a different icon, will be created.


As for the first item (SFCFix), just copy and paste into your post as indicated.
For the second item (CBS log), if you'd like it analyzed, start a post in the OS forums, then zip it up and upload it with your next post there (it's not needed in this topic as I can't read it).
If it's too big to upload (or you get an error), just upload it to a free file hosting service (such as OneDrive or DropBox).  Ensure that it's shared and then post a link to it here.

 

For the updated driver, download the attached file and scan it with an antivirus.

If clean, then Extract it to a convenient location and double click on the AsAcpiIns.exe file

It will install the 2009 version of the 32 bit ASACPI.sys driver

Reboot for the changes to take effect

 

 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#12 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:51 PM

Posted 17 January 2016 - 03:48 PM

For the hardware diagnostics:

- you can run the MemTest versions from a USB drive

- you can run the hard drive diagnostics by using the Windows version instead of the DOS version

- the rest of the utilities work within Windows - so there shouldn't be an issue with them.


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#13 schweppes4rums

schweppes4rums
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 19 January 2016 - 09:48 AM

hello usasma. hope all is well with you ? 

 

i checked out the link you provided and downloaded crystle disk info Shizuku edition , please find the screenshot below. it says that my sandisk ultra 2 is in good condition. i dont know how to go about running a complete hardware diagnostic to determine any hardware problems if there are any. 

 

Does this program mean that the hard disk is unlikely to be at fault in producing those BSODs i was getting.  I ran driver verifier to check and ran in to BSOD which was caused by tcpipeg.sys , which you had advised is probably being caused by comodo. except i can not find any drivers related to comodo in the non plug and play in device management with the option to show hidden selected.  please find a screen shots of the non plug and play .

 

thanks . 

 

 

 

 

 

 

 

 

Attached Files



#14 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:51 PM

Posted 20 January 2016 - 07:21 AM

BSOD analysis for the user/consumer is a complicated endeavor, relying on doing lot's of things at once and making guesses based on the likelihood of a problem occurring.

The first thing is to post in the Am I Infected forum and get clearance from them.

If we continue to work here while the system is infected, all of your work can be wiped out by the malware repairs.

And then we'd face a new set of problems if the system continued to misbehave.

 

There are 11 or 12 tests in the hardware diagnostics page. 

You must do all of them (you can skip the 5 or 6 Video 2 tests if there aren't significant video issues with your system):

- anti-malware (this includes your post over in the Am I Infected forums)

- memory

- hard drive (you have completed this with the CrystalMark tests)

- Video 1 - Furmark

- Prime95

- Video 2 - other video (5 or 6 tests)

- CPU stress

 

You must realize that the CrystalMark test is using SMART technology.  This is a predictive technology which relies upon certain markers in/on the SSD.  As such it's not 100% accurate, but it is the best test that we have for SSD's, so it'll have to do at this time.  Should we (later on) discover further evidence that points at the SSD, then we'd have to reconsider this conclusion.

 

Please finish the rest of the hardware diagnostics and post back here with the results.


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users