Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD


  • Please log in to reply
4 replies to this topic

#1 Jprocks

Jprocks

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 PM

Posted 19 March 2016 - 11:23 AM

Hi as noted in the subject line I got the BSOD yesterday. I was running Skype at  the time. Skype has been playing up so have temporarily stopped it. Also when I boot I get an error message: Autocheck programme not found. Skipping Autocheck.

 

Here is the info requested and I have attached the two files.

  • OS Windows 10
  • X64
  • Original OS Windows 7
  • OEM Version
  • Age of System Approx 5 years
  • OS Age June 2015 (Windows Upgrade)
  • CPU Intel® Core(TM i3 CPU M370 @240GHz
  • Video Card Intel HD Graphics (Core i3)
  • Motherboard info. Sorry cannot find exact name only got this: LENOVO To be filled by O.E.M.
  • Power 20 Watt Brand Lenovo
  • System Manufacture Lenovo
  • Model IdeaCentre A310 10056
  • Desktop

 

 I have run a Virus check using the paid for Zone Alarm and 0 objects found. I have run the Free Anti Malware Bytes and that found:-

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 19-Mar-16
Scan Time: 2:38 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.03.19.03
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Christine
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 479082
Time Elapsed: 1 hr, 38 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{24388210-673C-4D0F-A587-59B77B702FEC}, , [7629d2b7e7b24ceac1cfcebc887c19e7], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\Conduit, , [b7e8ec9d8e0baf87ed3691fc8282ce32], 
PUP.Optional.Telstra.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\edmgmpmklgfbohogafcfobonnkogchec, , [1788d7b28b0e48eedb6994e75ea613ed], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-934610324-1652336806-3374578002-1000\SOFTWARE\Conduit, , [b0ef36538f0af54126fc0f7e63a1b749], 
 
Registry Values: 1
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{24388210-673C-4D0F-A587-59B77B702FEC}|Path, \LaunchPreSignup, , [7629d2b7e7b24ceac1cfcebc887c19e7]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 7
PUP.Optional.Conduit, C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\Toolbar.exe, , [d2cde1a80396f6405b4c66a83ec4db25], 
PUP.Optional.MyPCBackup, C:\Program Files (x86)\OLBPre\OLBPre.exe, , [009fe0a99603fc3a736c06e2f011857b], 
PUP.Optional.Conduit, C:\Users\Christine\Downloads\zaAvSetupWeb_133_209_000.exe, , [cad5aadf8415fa3c47609c72f60cca36], 
PUP.Optional.Conduit, C:\Users\Christine\Downloads\zaAvSetupWeb_134_261_000.exe, , [2f70fb8e52479d9902a5f618ed154db3], 
PUP.Optional.DownLoadAdmin, C:\Users\Christine\Downloads\cbsidlm-tr1_8-File_Shredder-ORG2-10662831.exe, , [c6d9aadf6237c472cb4d6f89a35e8977], 
PUP.Optional.DownLoadAdmin, C:\Users\Christine\Downloads\cbsidlm-tr1_9-ScreenHunter_Free-ORG2-10063246.exe, , [5e41d2b73960280e090fac4cf30e4eb2], 
PUP.Optional.Conduit, C:\Users\Christine\Downloads\HSS-2.76-install-a-393-conduit.zip, , [f0af0188e1b8999d8b1c7c9216ecf907], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
The system also runs with System Mechanic but I have stopped that compacting the registry on start up.
 
Any suggestions would be welcome. Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:28 PM

Posted 19 March 2016 - 06:30 PM

My first suggestion is to get checked out in the AmIInfected forums.

At work the Conduit virus has given us headaches for a long, long time.
You want to be sure that all traces are removed:

 

If infected, I'd suggest posting over in the Am I Infected forum:  http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Please read the pinned topics at the top of the forum for instructions on how to post there.

 

There are no memory dumps (BSOD reports) in the uploaded reports.

But you do have a MEMORY,dmp file in the C:\Windows directory.

Please zip it up and upload it to a free file-hosting service (such as OneDrive or DropBox), be sure it's shared out, and post a link to it here.

Also:

 

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file):  http://www.carrona.org/setmini.html
More info on dump file options here: http://support.microsoft.com/kb/254649

 

Your UEFI/BIOS (version DGKT12AUS) dates from 2010.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.

Only 8 Windows Update hotfixes installed.  Most build 10586 (TH2/1511) systems have more than this.  Please visit Windows Update and get ALL available Windows Updates.
The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.
There are lot's of recent Windows Update failures listed in the WER section of the MSINFO32 report.

This device has issues in Device Manager:

 

Not Available    SW\{CFD669F1-9BC2-11D0-8299-0000F822FE8A}\{0A4252A0-7E70-11D0-A5D6-28DB04C10000}    This device is not configured correctly.

This device has something to do with kernel streaming proxies, probably video.

I'd suggest right clicking on it and select "Uninstall"

Then reboot and see if it comes back.

Also, as this is a Microsoft device, ensure that you have all updates applied.


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Jprocks

Jprocks
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 PM

Posted 20 March 2016 - 04:48 AM

Hi there and thanks for coming back to me.

 

I have posted the question into the said forum.

 

Here is the link to the file on Dropbox. https://www.dropbox.com/s/ms84zau0p566bg9/memory.zip?dl=0

 

Will check for updates on Lenovo but sorry bit confused by your warning:-

 

WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.

 

  • As in how can I stop the computer shutting down if it just decides to shut down? Or am I being silly... Cheers
  •  

Am checking for updates. Find it strange that I have missed so many as have always allowed, but of course not checked manually. Shall do so in future.

 

I am connecting to the internet via a VPN as need to access websites with the TLD of .co.uk as am now living in spain. So would I still need to uninstall?

 

Thanks Jason



#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:28 PM

Posted 20 March 2016 - 04:16 PM

No, you're not being silly.  I added that caution when a user who had a problem with random shutdowns decided to update their BIOS.

The system shutdown during the flash - and that damaged the motherboard.
In the old days you could replace the chip that was fried - but I don't know about now.

The point here is if you live in an area that has power outages during a certain time of day - don't do it then.

Or, if you think that the system might shut off during the flash - then don't do it.

But a normal system in a normal environment - the odds are that you won't have a power failure or a random shutdown at that time.

 

I usually don't check for updates myself - until I have a problem.

Then I update everything I can lay my hands on!

But it's a good idea to keep an eye on them if you remember.

 

Finally, most of the systems that have this problem are those that have to boot into the BIOS to flash it.

The one's that start the flash in Windows generally run faster and have less problems - and spend less time on the flash, so there's even less chance of a power outage/random shutdown.

 

You shouldn't have to uninstall the VPN - but I would make sure that it's the latest version and it's fully updated.

 

The memory dumps involves McAfee, ZoneAlarm, and your networking drivers

I'd suspect that there's a conflict between the firewall in McAfee and your ZoneAlarm.

As such, I'd suggest uninstalling ZoneAlarm and see if that stops the problems.

 

I also see Kaspersky in there.

My suggestion is to uninstall the McAfee also.

You should only use one antivirus and one firewall at a time.

 

Finally, there's this older stuff:

Please update these older drivers. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

NCREMOTEPCI.SYS             Mon Sep 11 16:47:50 2006 (4505CB76)
Technisat digital satellite driver http://www.technisat.com/index149b.html?nav=Software_Drivers,en,33
http://www.carrona.org/drivers/driver.php?id=NCREMOTEPCI.SYS
 
btwl2cap.sys                Fri Apr  3 20:28:45 2009 (49D6A9BD)
Broadcom Bluetooth L2CAP Servicen http://www.broadcom.com/support/bluetooth/
http://www.carrona.org/drivers/driver.php?id=btwl2cap.sys
 
There's other older drivers also, so I'd also suggest updating those that you find at the Lenovo website.

Analysis:
The following is for informational purposes only.
**************************Fri Jul 10 11:15:22.638 2015 (UTC - 4:00)**************************
Loading Dump File [C:\Users\John\SysnativeBSODApps\MEMORY.DMP]
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Built by: 7601.18869.amd64fre.win7sp1_gdr.150525-0603
System Uptime: 0 days 5:41:52.245
*** ERROR: Module load completed but symbols could not be loaded for mfenlfk.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
Probably caused by : NETIO.SYS ( NETIO!CalloutStreamDataInit+1d )
BugCheck D1, {8, 2, 0, fffff88001d26a1d}
BugCheck Info: DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88001d26a1d, address which referenced memory
BUGCHECK_STR:  0xD1
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
PROCESS_NAME:  firefox.exe
FAILURE_BUCKET_ID:  X64_0xD1_NETIO!CalloutStreamDataInit+1d
CPUID:        "Intel® Core™ i3 CPU       M 370  @ 2.40GHz"
MaxSpeed:     2400
CurrentSpeed: 2394
  BIOS Version                  DGKT12AUS
  BIOS Release Date             09/10/2010
  Manufacturer                  LENOVO
  Product Name                  IdeaCentre A310 10056
  Baseboard Product             To be filled by O.E.M.
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``


3rd Party Drivers:
The following is for information purposes only.
**************************Fri Jul 10 11:15:22.638 2015 (UTC - 4:00)**************************
NCREMOTEPCI.SYS             Mon Sep 11 16:47:50 2006 (4505CB76)
btwl2cap.sys                Fri Apr  3 20:28:45 2009 (49D6A9BD)
intelppm.sys                Mon Jul 13 19:19:25 2009 (4A5BC0FD)
HECIx64.sys                 Thu Sep 17 15:54:16 2009 (4AB293E8)
btwavdt.sys                 Tue Jan 12 16:43:04 2010 (4B4CECE8)
btwaudio.sys                Tue Jan 12 16:44:18 2010 (4B4CED32)
btwrchid.sys                Tue Jan 12 16:44:35 2010 (4B4CED43)
bcmwl664.sys                Thu Jan 21 22:30:58 2010 (4B591BF2)
IntcDAud.sys                Wed Feb  3 08:38:31 2010 (4B697C57)
Impcd.sys                   Fri Feb 26 18:32:11 2010 (4B8859FB)
amdxata.sys                 Fri Mar 19 12:18:18 2010 (4BA3A3CA)
btusbflt.sys                Thu Apr  8 21:11:36 2010 (4BBE7EC8)
RTKVHD64.sys                Thu May 13 08:23:02 2010 (4BEBEF26)
clwvd.sys                   Tue Jul 27 21:13:47 2010 (4C4F844B)
ElRawDsk.sys                Tue Oct 26 05:34:13 2010 (4CC6A095)
Rt64win7.sys                Fri Jun 10 02:33:15 2011 (4DF1BAAB)
VMC412.sys                  Fri Sep  2 01:01:54 2011 (4E606342)
mfehidk.sys                 Mon Oct 10 16:40:22 2011 (4E935836)
mfewfpk.sys                 Mon Oct 10 16:40:40 2011 (4E935848)
mfenlfk.sys                 Mon Oct 10 16:41:04 2011 (4E935860)
mfeavfk.sys                 Mon Oct 10 16:41:51 2011 (4E93588F)
mfefirek.sys                Mon Oct 10 16:44:46 2011 (4E93593E)
igdkmd64.sys                Tue Jan 10 17:28:09 2012 (4F0CBB79)
GEARAspiWDM.sys             Thu May  3 15:56:17 2012 (4FA2E2E1)
PDFsFilter.sys              Thu May 10 12:29:02 2012 (4FABECCE)
HD-Hypervisor-amd64.sys     Wed Aug 29 08:38:25 2012 (503E0D41)
vmci.sys                    Fri May 17 21:19:18 2013 (5196D716)
VMNET.SYS                   Thu Jul 18 15:42:50 2013 (51E8453A)
vmnetadapter.sys            Thu Jul 18 15:43:00 2013 (51E84544)
vmnetbridge.sys             Thu Jul 18 15:43:47 2013 (51E84573)
vsock.sys                   Wed Jul 31 22:46:10 2013 (51F9CBF2)
kl1.sys                     Mon Mar 31 03:46:43 2014 (53391D63)
klhk.sys                    Tue Aug 12 10:32:07 2014 (53EA2567)
hcmon.sys                   Thu Aug 21 11:06:58 2014 (53F60B12)
klflt.sys                   Wed Sep  3 09:33:19 2014 (5407189F)
klwtp.sys                   Tue Sep 16 08:00:42 2014 (5418266A)
klif.sys                    Tue Sep 23 07:07:24 2014 (5421546C)
vsdatant.sys                Tue Oct 21 02:41:24 2014 (54460014)
appobserver64.sys           Fri Jan 16 09:37:18 2015 (54B9221E)
nnfwdk64.sys                Fri Jan 16 09:37:19 2015 (54B9221F)
vmnetuserif.sys             Fri Jan 16 19:34:16 2015 (54B9AE08)
VMkbd.sys                   Fri Jan 16 20:10:05 2015 (54B9B66D)
vmx86.sys                   Fri Jan 16 21:03:26 2015 (54B9C2EE)

 

http://www.carrona.org/drivers/driver.php?id=NCREMOTEPCI.SYS
http://www.carrona.org/drivers/driver.php?id=btwl2cap.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=btwavdt.sys
http://www.carrona.org/drivers/driver.php?id=btwaudio.sys
http://www.carrona.org/drivers/driver.php?id=btwrchid.sys
http://www.carrona.org/drivers/driver.php?id=bcmwl664.sys
http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
http://www.carrona.org/drivers/driver.php?id=Impcd.sys
http://www.carrona.org/drivers/driver.php?id=amdxata.sys
http://www.carrona.org/drivers/driver.php?id=btusbflt.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=clwvd.sys
http://www.carrona.org/drivers/driver.php?id=ElRawDsk.sys
http://www.carrona.org/drivers/driver.php?id=Rt64win7.sys
VMC412.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=mfehidk.sys
http://www.carrona.org/drivers/driver.php?id=mfewfpk.sys
http://www.carrona.org/drivers/driver.php?id=mfenlfk.sys
http://www.carrona.org/drivers/driver.php?id=mfeavfk.sys
http://www.carrona.org/drivers/driver.php?id=mfefirek.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=PDFsFilter.sys
http://www.carrona.org/drivers/driver.php?id=HD-Hypervisor-amd64.sys
http://www.carrona.org/drivers/driver.php?id=vmci.sys
http://www.carrona.org/drivers/driver.php?id=VMNET.SYS
http://www.carrona.org/drivers/driver.php?id=vmnetadapter.sys
http://www.carrona.org/drivers/driver.php?id=vmnetbridge.sys
http://www.carrona.org/drivers/driver.php?id=vsock.sys
http://www.carrona.org/drivers/driver.php?id=kl1.sys
http://www.carrona.org/drivers/driver.php?id=klhk.sys
http://www.carrona.org/drivers/driver.php?id=hcmon.sys
http://www.carrona.org/drivers/driver.php?id=klflt.sys
http://www.carrona.org/drivers/driver.php?id=klwtp.sys
http://www.carrona.org/drivers/driver.php?id=klif.sys
http://www.carrona.org/drivers/driver.php?id=vsdatant.sys
appobserver64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
nnfwdk64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=vmnetuserif.sys
http://www.carrona.org/drivers/driver.php?id=VMkbd.sys
http://www.carrona.org/drivers/driver.php?id=vmx86.sys
 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 Jprocks

Jprocks
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:28 PM

Posted 21 March 2016 - 08:11 AM

Hi many thanks for coming back and I shall get on this ASAP and when done post back here. Also thanks for picking up the McAfee as yes did (years ago) buy this. Strangely enough as soon as I ran it I started getting virus so removed it. Obviously not enough. Cheers Jason




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users