Jump to content

BSOD Stop 1E and Stop 0A after install 2.0.1.1004 Win7 x64


Recommended Posts

Log Name:      Application

Source:        Microsoft-Windows-Wininit

Date:          4/17/14 10:10:08 PM

Event ID:      1001

Task Category: None

Level:         Information

Keywords:      Classic

User:          N/A

Computer:      admin-PC

Description:

 

 

Checking file system on C:

The type of the file system is NTFS.

 

 

A disk check has been scheduled.

Windows will now check the disk.                         

 

CHKDSK is verifying files (stage 1 of 3)...

  316416 file records processed.                                         

 

File verification completed.

  648 large file records processed.                                   

 

  0 bad file records processed.                                     

 

  0 EA records processed.                                           

 

  41 reparse records processed.                                      

 

CHKDSK is verifying indexes (stage 2 of 3)...

  403050 index entries processed.                                        

 

Index verification completed.

  0 unindexed files scanned.                                        

 

  0 unindexed files recovered.                                      

 

CHKDSK is verifying security descriptors (stage 3 of 3)...

  316416 file SDs/SIDs processed.                                        

 

Cleaning up 660 unused index entries from index $SII of file 0x9.

Cleaning up 660 unused index entries from index $SDH of file 0x9.

Cleaning up 660 unused security descriptors.

Security descriptor verification completed.

  43318 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

  33684976 USN bytes processed.                                            

 

Usn Journal verification completed.

CHKDSK discovered free space marked as allocated in the

master file table (MFT) bitmap.

CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.

 

 473872383 KB total disk space.

 140908184 KB in 207035 files.

    109720 KB in 43319 indexes.

         0 KB in bad sectors.

    432259 KB in use by the system.

     65536 KB occupied by the log file.

 332422220 KB available on disk.

 

      4096 bytes in each allocation unit.

 118468095 total allocation units on disk.

  83105555 allocation units available on disk.

 

Internal Info:

00 d4 04 00 fe d1 03 00 df b1 06 00 00 00 00 00  ................

19 02 00 00 29 00 00 00 00 00 00 00 00 00 00 00  ....)...........

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

Event Xml:


  <System>

    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />

    <EventID Qualifiers="16384">1001</EventID>

    <Version>0</Version>

    <Level>4</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2014-04-18T03:10:08.000000000Z" />

    <EventRecordID>33904</EventRecordID>

    <Correlation />

    <Execution ProcessID="0" ThreadID="0" />

    <Channel>Application</Channel>

    <Computer>admin-PC</Computer>

    <Security />

  </System>

  <EventData>

    <Data>

 

Checking file system on C:

The type of the file system is NTFS.

 

 

A disk check has been scheduled.

Windows will now check the disk.                         

 

CHKDSK is verifying files (stage 1 of 3)...

  316416 file records processed.                                         

 

File verification completed.

  648 large file records processed.                                   

 

  0 bad file records processed.                                     

 

  0 EA records processed.                                           

 

  41 reparse records processed.                                      

 

CHKDSK is verifying indexes (stage 2 of 3)...

  403050 index entries processed.                                        

 

Index verification completed.

  0 unindexed files scanned.                                        

 

  0 unindexed files recovered.                                      

 

CHKDSK is verifying security descriptors (stage 3 of 3)...

  316416 file SDs/SIDs processed.                                        

 

Cleaning up 660 unused index entries from index $SII of file 0x9.

Cleaning up 660 unused index entries from index $SDH of file 0x9.

Cleaning up 660 unused security descriptors.

Security descriptor verification completed.

  43318 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

  33684976 USN bytes processed.                                            

 

Usn Journal verification completed.

CHKDSK discovered free space marked as allocated in the

master file table (MFT) bitmap.

CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.

 

 473872383 KB total disk space.

 140908184 KB in 207035 files.

    109720 KB in 43319 indexes.

         0 KB in bad sectors.

    432259 KB in use by the system.

     65536 KB occupied by the log file.

 332422220 KB available on disk.

 

      4096 bytes in each allocation unit.

 118468095 total allocation units on disk.

  83105555 allocation units available on disk.

 

Internal Info:

00 d4 04 00 fe d1 03 00 df b1 06 00 00 00 00 00  ................

19 02 00 00 29 00 00 00 00 00 00 00 00 00 00 00  ....)...........

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

 

Windows has finished checking your disk.

Please wait while your computer restarts.

</Data>

  </EventData>

</Event>

Link to post
Share on other sites

  • Root Admin

One of the files I asked about appears to only be on virtual machines is why I asked.  Not a big deal.

 

Please run the clean removal again now.  But after the install make sure you go in and uncheck the Anti-Rootkit scanner under Advanced Options.

 

Then restart the computer one more time.

 

Then let me know if a scan is still causing a BSOD or not.

Link to post
Share on other sites

  • Root Admin

Great, that's good news.  I think it was hopefully just a combination of some minor PUP entries and old Java that may have been causing the conflict.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

 
Remove the rest of the tools used:
 
Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:

If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.