Jump to content

BSODs to black screen to fixed?


ztr
 Share

Recommended Posts

hi, i've tried helping my dad with his computer - i think i've made some progress, but thought i'd post logs here to be certain.

long story short: my dad was/is having issues with blue screening on his computer not sure specifically what causes the blue screens, i can attach the minidumps if you want those.

first thing i started with was downloading latest drivers for his motherboard because he mentioned he had a warning in device manager about pci simple communication (or something) i googled this and found installing intel management engine interface resolved it, i then left it a few days for him to use hoping that was the problem, but nope.

a few hours ago i thought i'd do some stress tests, i used furmark to stress test the GPU and CPU individually, that didn't cause a blue screen

the blue screen also happens when NOT doing anything intense - i was (re)installing some motherboard drivers, when i came to reinstall intel management engine interface the PC crashed during the install. when the computer restarted it got tot he windows logo screen and instantly blue screened it did this every restart. fortunately i was able to boot into safe mode - in there i went into device manager and uninstalled intel management engine interface and  restarted, that fixed those blue screens...

now i'm back in normal mode, i thought id transfer some tools ive seen here, adwcleaner, rkill, roguekiller, emisoft emergency kit and FRST

started off with RKILL, that found nothing. next i ran roguekiller, this found 3 things i think, 2 of which where reimage and PC protect web shield - i'll can attach the file below

now when it came to adwcleaner it found quite a few things, i cleaned em all and then i ran into another issue on restart...

black screen and cursor only - i restart into safe mode again

i ran some of the the tools again and restarted back to normal mode, now i'm back to normal windows desktop

i decided i'd run FRST and have you guys check the logs

thanks

 

AdwCleaner[C0].txt

AdwCleaner[S0].txt

AdwCleaner[S1].txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello ztr and welcome to Malwarebytes,

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Zip up and attach this folder:

C:\Windows\Minidump

Thank you,

Kevin...

 

 

Link to post
Share on other sites

hi Kevin, thanks for the reply

when i first booted the pc windows wanted to install updates but it failed to do so - i checked windows update history and all recent updates have failed

i installed and ran malwarebytes as instructed but i ran into some issues

near the end of the scan the computer blue screened and restarted

after restarting it blue screened again on the welcome screen

next restart it got past the welcome screen but stayed on a black screen with a cursor for about 1-2 mins then the desktop and icons finally shown up

also one of the fans is quite loud just on desktop now, i think it's the cpu fan.

malwarebytes scan log didn't save due to the crash it seems, the reports section is blank - it found 25 threats when i last seen where it was upto

i will attach minidumps for now

 

minidump.zip

Link to post
Share on other sites

Thanks for those logs, the mini dumps are not indicative of a specific driver fault. One thing I note from Malwarebytes logs is the use of 3rd part driver update programs. Do not use such software, especially free versions, they are unreliable and may come bundled with unwanted extras....

Run another scan with Malwarebytes, same settings as before, post that log...

Next,

Click on Start > All Programs > Accessories:

Right-click on the Command Prompt entry

Select "Run as Administrator" accept the UAC prompt - the Elevated Command Prompt window should pop up.

At the Command prompt, type

CHKDSK C: /R

hit the Enter key.

You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot.

The CHKDSK may take a few hours depending on the size of the drive, so be patient!

After the CHKDSK has run use the following instructions to find the log:

Check Disk report:
 
  • Press the WindowsKey + R on your keyboard at the same time. Type eventvwr into the run box and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • You mayl be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.



Next,

Now run SFC.

SFC -System File Checker - Instructions

Click on Start > All Programs > Accessories

Right-click on the Command Prompt entry

Select "Run as Administrator" accept the UAC prompt - the Elevated Command Prompt window should pop up.

At the Command prompt, type

SFC /SCANNOW

hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.


Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply.

Let me see those logs in your reply... Any improvement..?

Thanks,

Kevin..

Link to post
Share on other sites

i think we're making progress, SFC found some issues - it reported corrupt files but unable to repair.

i'll post chkdsk scan below and attach MBAM report and CBS.log

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          04/02/2018 13:13:54
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      home-PC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  230400 file records processed.                                        
File verification completed.
  876 large file records processed.                                  
  0 bad file records processed.                                    
  2 EA records processed.                                          
  48 reparse records processed.                                      
CHKDSK is verifying indexes (stage 2 of 5)...
  287906 index entries processed.                                        
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered.                                      
CHKDSK is verifying security descriptors (stage 3 of 5)...
  230400 file SDs/SIDs processed.                                        
Cleaning up 247 unused index entries from index $SII of file 0x9.
Cleaning up 247 unused index entries from index $SDH of file 0x9.
Cleaning up 247 unused security descriptors.
Security descriptor verification completed.
  28754 data files processed.                                          
CHKDSK is verifying Usn Journal...
  34337344 USN bytes processed.                                            
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  230384 files processed.                                                
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  213355116 free clusters processed.                                        
Free space verification is complete.
Windows has checked the file system and found no problems.

 976657407 KB total disk space.
 122769664 KB in 144249 files.
    104696 KB in 28755 indexes.
         0 KB in bad sectors.
    362583 KB in use by the system.
     65536 KB occupied by the log file.
 853420464 KB available on disk.

      4096 bytes in each allocation unit.
 244164351 total allocation units on disk.
 213355116 allocation units available on disk.

Internal Info:
00 84 03 00 d7 a3 02 00 b7 24 05 00 00 00 00 00  .........$......
b2 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00  ....0...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-02-04T13:13:54.000000000Z" />
    <EventRecordID>14985</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>home-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  230400 file records processed.                                        
File verification completed.
  876 large file records processed.                                  
  0 bad file records processed.                                    
  2 EA records processed.                                          
  48 reparse records processed.                                      
CHKDSK is verifying indexes (stage 2 of 5)...
  287906 index entries processed.                                        
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered.                                      
CHKDSK is verifying security descriptors (stage 3 of 5)...
  230400 file SDs/SIDs processed.                                        
Cleaning up 247 unused index entries from index $SII of file 0x9.
Cleaning up 247 unused index entries from index $SDH of file 0x9.
Cleaning up 247 unused security descriptors.
Security descriptor verification completed.
  28754 data files processed.                                          
CHKDSK is verifying Usn Journal...
  34337344 USN bytes processed.                                            
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  230384 files processed.                                                
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  213355116 free clusters processed.                                        
Free space verification is complete.
Windows has checked the file system and found no problems.

 976657407 KB total disk space.
 122769664 KB in 144249 files.
    104696 KB in 28755 indexes.
         0 KB in bad sectors.
    362583 KB in use by the system.
     65536 KB occupied by the log file.
 853420464 KB available on disk.

      4096 bytes in each allocation unit.
 244164351 total allocation units on disk.
 213355116 allocation units available on disk.

Internal Info:
00 84 03 00 d7 a3 02 00 b7 24 05 00 00 00 00 00  .........$......
b2 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00  ....0...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

 

CBS.log

MBAM report.txt

Edited by ztr
Link to post
Share on other sites

Please download VEW by Vino Rosso from HERE and save it to your Desktop.
 
  • Double-click VEW.exe. to start, Vista and Windows 7/8 users Right Click and select "Run as Administrator"
  • Under 'Select log to query...check the boxes for both Application and System.
  • Under 'Select type to list... select both Error and Critical.
  • Click the radio button for 'Number of events...Type 15 in the 1 to 20 box.
  • Then click the Run button.
  • Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.


Please post the Output log in your next reply.
Link to post
Share on other sites

hi Kevin

quick update before i do what you requested

after doing the previous things i went to shutdown his PC and windows wanted to install 4 updates

i started his PC back up to make sure it went well, i got to the desktop, went to windows update n i believe 2/4 were successful

so i thought i'd restart and make sure the computer is in a usable state for my dad to use it

then i got some issues, blue screen on startup, restarted, blue screen again, restarted...

tried safe mode, even that blue screened where it loads drivers (different error code i think, it ended in 24 everything else was 0's)

when safe mode blue screened i thought oh no, that isn't good...

i turned the pc off, left it about a minute, started it again, i got an options for automatic repair, i chose that

windows found disk errors and it seemed to have repaired what it founded - restarted and now back to desktop

i'm scared to even shutdown his PC now after all this blue screening

i will do VEW and get back to you

 

Link to post
Share on other sites

windows gave a popup about recovering, i copied the info it gave it also produced 2 files, i will attach them for you

Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.1.7601.2.1.0.256.1
  Locale ID:    2057

Additional information about the problem:
  BCCode:    24
  BCP1:    00000000001904FB
  BCP2:    FFFFF880009AFC58
  BCP3:    FFFFF880009AF4C0
  BCP4:    FFFFF80002C361FF
  OS Version:    6_1_7601
  Service Pack:    1_0
  Product:    256_1

Files that help describe the problem:
  C:\Windows\Minidump\020418-15796-01.dmp
  C:\Users\admin\AppData\Local\Temp\WER-50484-0.sysdata.xml

 

here is VEW output

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/02/2018 14:24:36

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/02/2018 14:22:46
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 04/02/2018 14:22:46
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 04/02/2018 14:16:37
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 04/02/2018 14:16:37
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 04/02/2018 14:12:48
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: mbamtray.exe, version: 3.0.0.1284, time stamp: 0x5a15a98e Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00 Exception code: 0xc0000005 Fault offset: 0x0018de83 Faulting process id: 0x8b4 Faulting application start time: 0x01d39dc239283e12 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: 79c16c50-09b5-11e8-a4b1-001cc0bf17de

Log: 'Application' Date/Time: 04/02/2018 13:47:29
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 04/02/2018 13:47:29
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 04/02/2018 13:22:39
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 04/02/2018 13:22:39
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 04/02/2018 13:17:45
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 04/02/2018 13:17:45
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 04/02/2018 11:00:04
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 04/02/2018 11:00:04
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 04/02/2018 09:07:56
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 04/02/2018 09:07:56
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/02/2018 14:12:05
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/02/2018 14:04:04
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/02/2018 09:35:56
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/02/2018 04:58:30
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/02/2018 04:32:08
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/02/2018 21:08:36
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/02/2018 20:01:19
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/02/2018 19:32:25
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/02/2018 19:00:52
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/02/2018 18:53:48
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/02/2018 07:53:52
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/02/2018 07:04:46
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/02/2018 13:46:00
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/02/2018 00:13:04
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/02/2018 17:26:42
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/02/2018 14:12:15
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880009afc58, 0xfffff880009af4c0, 0xfffff80002c361ff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020418-15796-01.

Log: 'System' Date/Time: 04/02/2018 14:04:13
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c000001d, 0xfffff800036858d0, 0xfffff88006c7ef30, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020418-16687-01.

Log: 'System' Date/Time: 04/02/2018 13:50:21
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070308: Security Update for Windows 7 for x64-based Systems (KB3075226).

Log: 'System' Date/Time: 04/02/2018 09:36:08
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff685bc800000, 0x0000000000000000, 0xfffff8000362995a, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .

Log: 'System' Date/Time: 04/02/2018 09:36:08
Type: Error Category: 0
Event: 1005 Source: Microsoft-Windows-WER-SystemErrorReporting
Unable to produce a minidump file from the full dump file.

Log: 'System' Date/Time: 04/02/2018 09:36:07
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 09:15:29 on ?04/?02/?2018 was unexpected.

Log: 'System' Date/Time: 04/02/2018 05:07:49
Type: Error Category: 0
Event: 3 Source: HECIx64
HECI driver has failed to perform handshake with the Firmware.

Log: 'System' Date/Time: 04/02/2018 04:58:32
Type: Error Category: 0
Event: 3 Source: HECIx64
HECI driver has failed to perform handshake with the Firmware.

Log: 'System' Date/Time: 04/02/2018 04:48:03
Type: Error Category: 0
Event: 3 Source: HECIx64
HECI driver has failed to perform handshake with the Firmware.

Log: 'System' Date/Time: 04/02/2018 04:32:12
Type: Error Category: 0
Event: 3 Source: HECIx64
HECI driver has failed to perform handshake with the Firmware.

Log: 'System' Date/Time: 04/02/2018 04:32:20
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007f (0x0000000000000008, 0x0000000080050033, 0x00000000000406f8, 0xfffff8800125847f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020418-17406-01.

Log: 'System' Date/Time: 04/02/2018 04:32:19
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 04:30:42 on ?04/?02/?2018 was unexpected.

Log: 'System' Date/Time: 04/02/2018 03:46:42
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070308: Security Update for Windows 7 for x64-based Systems (KB3075226).

Log: 'System' Date/Time: 04/02/2018 03:46:37
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070308: 2018-01 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4056894).

Log: 'System' Date/Time: 04/02/2018 03:45:59
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070308: Update for Windows 7 for x64-based Systems (KB2923545).

 

i can't find "C:\Users\admin\AppData\Local\Temp\WER-50484-0.sysdata.xml"

 

020418-15796-01.dmp

edit: i will attach a different one which is dated like 24 minutes ago (had to zip it first, the extension wasn't allowed)

also probably worth mentioning - malwarebytes keeps reporting real time protection is turned off (web protection only i believe)

 

WER-40812-0.sysdata.xml.zip

Edited by ztr
Link to post
Share on other sites

Make a clean install of Malwarebytes, see if that helps..

Totally Remove Malwarebytes from your system:

Download the latest version of MB-Clean by clicking this link: https://downloads.malwarebytes.com/file/mb_clean save to your Desktop, or a folder of your choice.
 
  • Close all open applications
  • Double-click and run mb-clean.exe
  • A prompt with an option to clean up the system will appear:



Yes - will proceed with backing up the license key (Malwarebytes 3.x only) and initiating the cleanup process. (Recommended)
No - will exit the utility

Once the cleanup process is completed, a prompt will appear:

Yes – will proceed and post reboot you will be prompted to continue with the downloading, installation and activation of latest version of Malwarebytes 3.x (Recommended)
No – will exit the utility and you will not be prompted (post reboot) to download, reinstall and re-activate (Not Recommended)

We recommend rebooting immediately. Additionally, stopping at this step is not recommended and will most likely not resolve your issue(s).

Upon reboot, a prompt will appear:

Yes - will download, install and activate the latest version of Malwarebytes 3.x (Recommended)
No - will exit the utility and the cleanup process is complete...

A log file ("mb-clean-results.txt") will be on your desktop

Next,

Make a scan with Malwarebytes, lets see if it completes:

Open Malwarebytes Anti-Malware.

  • On the Settings tab > Protection Scroll to and make sure the following are selected: Scroll to and make sure the following are selected:

    Scan for Rootkits
    Scan within Archives

  • Scroll further to Potential Threat Protection make sure the following are set as follows:

    Potentially Unwanted Programs (PUP`s)         set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s)  set as :- Alwaysdetect PUM`s (recommended)

  • Click on the Scan make sure Threat Scan is selected,

  • A Threat Scan will begin.

  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab

  • If asked to restart your computer to complete the removal, please do so

  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.

  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.

To get the log from Malwarebytes do the following:

  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options: > From export you have two options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     

  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Thanks,

Kevin..

Link to post
Share on other sites

hi Kevin, the note about malwarebytes real time protection was just a side note, only a trial after all

i think the blue screens are being caused by something more severe, maybe hardware i'm not sure

you didn't mention what to do with mb-clean-results, i'll attach it and paste mbam threat report (found nothing)

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/5/18
Scan Time: 6:04 AM
Log File: 6d16fd82-0a3a-11e8-8dfd-001cc0bf17de.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3869
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: home-PC\admin

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 225200
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

mb-clean-results.txt

Link to post
Share on other sites

I did not really need to see the md-clean log, I wanted a fresh install to see if this provoked a BSOD after/during a scan. There were references to MB files in previous event logs...

The next step is to run Driver Verifier, full instructions here:

If verifier causes a BSOD get the latest minidump file and zip/attach to your reply...

Thanks,

Kevin..

Link to post
Share on other sites

i've set up driver verifier as instructed then rebooted to desktop, no blue screen occurred

i typed "verifier /querysettings" into command prompt and got:

C:\Windows\system32>verifier /querysettings
Special pool: Enabled
Pool tracking: Enabled
Force IRQL checking: Enabled
I/O verification: Disabled
Deadlock detection: Enabled
DMA checking: Disabled
Security checks: Enabled
Force pending I/O requests: Disabled
Low resources simulation: Disabled
IRP Logging: Disabled
Miscellaneous checks: Enabled

Verified drivers:

amdxata.sys
mbamswissarmy.sys
hwinfo64a.sys
mbae64.sys
nvlddmkm.sys
hecix64.sys
e1e6232e.sys
ndis.sys
smb_driver_intel.sys
nvhda64v.sys
rtkvhd64.sys
dump_dumpata.sys
dump_atapi.sys
dump_dumpfve.sys
mbamchameleon.sys
farflt.sys
mbam.sys

C:\Windows\system32>

 

also not long before doing this, i was transferring some game saves from his computer to a USB stick and about half way through the PC crashed error code 1A (i think it mentioned memory management too), though this time there was 3 long beeps from the motherboard speaker and the computer refused to post multiple times

some tries later it managed to post i chose start normally it crashed again, same error code

shutdown booted chose automatic repair, this also blue screened

few restarts later got automatic repair again, this time it managed to succeed, clicked finished and restarted back to desktop

tried copying files to USB stick again and no crash this time, went to shutdown and windows wanted to update, we let it do it

restarted fine and then i carried out the instructions you requested

Edited by ztr
Link to post
Share on other sites

it was custom built at a pc shop, though its been modified since then (mobo+cpu swap) it has a mix of RAM sticks

i will get you some info

info i got with hwinfo64:

mobo - DQ3JO 

CPU - E8400

RAM - 2x 2GB PC2-6400 DDR2 & 2x 1GB PC2-6400 DDR2 (6GB total)

they're 2 sets each 2GB sticks are Princeton Technology, the 1GB sticks are Samsung M3

all sticks are running at same speed and timings (he's used these sticks for years)

how would i go about diagnosing RAM issues?

Edited by ztr
Link to post
Share on other sites

Kevin, i followed the instructions from here https://www.sysnative.com/forums/hardware-tutorials/24300-test-ram-passmark-memtest86.html

but the PC refuses to boot from USB i double checked the BIOS and both boot from USB and UEFI are enabled, i will test it on my PC to make sure its not the stick

edit: works fine on my system - still doesn't boot from stick on my dad's PC i tried with UEFI disabled and enabled

edit2: i'll try original memtest instead

Edited by ztr
Link to post
Share on other sites

hi Kevin,

i have great news, i decided to take the 2 1GB sticks out (leaving the 2 2GB sticks in)

the computer was on for a few hours before it was shutdown to remove the sticks, when the 2 sticks were removed one of them was much cooler in comparison to the other, does this indicate anything, such as that stick was faulty? (i can't remember what stick it is now tho, i mixed them up after taking them out)

booting with the 2 2GB sticks in the computer worked flawlessly for over half an hour whilst on a game which would've guaranteed a crash usually, we was happy with this result as we finally found the root cause. my dad remembered he had 2 extra sticks of that RAM from when he bought the bundle so we put those 2 sticks in and the computer has been fine since.

thank you very much for your help Kevin, much appreciated.

side question: i can boot to USB with FreeDOS on it (via Rufus USB tool), is there a DOS memtest i could use this way?

Edited by ztr
Link to post
Share on other sites

Yes really good news to hear you`ve located the fault to Ram, heat values can be a good indicator of Ram health. Have read at the following link:

https://turbofuture.com/computers/5-Symptoms-of-a-RAM-Problem-and-How-to-Fix-It

Regarding Memtest86, as far as i`m aware it can only be used either by CD or USB from the free version. There is a Pro version available at a cost, not sure what extras are included....

If no remaining issues or concerns run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.