mosheelm Posted September 8, 2020 ID:1406373 Share Posted September 8, 2020 Hi I keep having BSOD on win10 startup please help me diagnose this issue dump files are here https://drive.google.com/drive/folders/12IE0LoRr4N-wR-ZJNDAWSfoX8V-uheRK?usp=sharing Link to post Share on other sites More sharing options...
Porthos Posted September 8, 2020 ID:1406385 Share Posted September 8, 2020 41 minutes ago, mosheelm said: please help me diagnose this issue Can you please collect and upload as an attachment the diagnostic data using our MBST? Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Link to post Share on other sites More sharing options...
mosheelm Posted September 8, 2020 Author ID:1406433 Share Posted September 8, 2020 Hi Porthos, thank you for your quick response, see attached mbst-grab-results.zip Link to post Share on other sites More sharing options...
kevinf80 Posted September 8, 2020 ID:1406482 Share Posted September 8, 2020 Hiya mosheelm, Upload Files to Virustotal Go to http://www.virustotal.com/ Click the Choose file button Navigate to the file C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the URL address back here please. Repeat the above steps for the following file C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Thanks, Kevin.. Link to post Share on other sites More sharing options...
mosheelm Posted September 8, 2020 Author ID:1406494 Share Posted September 8, 2020 8 hours ago, Porthos said: Can you please collect and upload as an attachment the diagnostic data using our MBST? Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Hi Porthos, thank you for your quick response, see attached mbst-grab-results.zip Link to post Share on other sites More sharing options...
mosheelm Posted September 8, 2020 Author ID:1406498 Share Posted September 8, 2020 Hi Kevin, thank you for your response https://www.virustotal.com/gui/file/357fe5065f43fa87d92c196164ce70aec5537736b0094ff1189d60b528a22545/detection couldnt find someth in TEMP so i scanned the file under my user name https://www.virustotal.com/gui/file/1f0f49569c45bc4802a52632f673e00e9b177fbeb56a610cc8f426c57d07e686/detection best Moshe Link to post Share on other sites More sharing options...
kevinf80 Posted September 9, 2020 ID:1406557 Share Posted September 9, 2020 Hiya Moshe, Run the following, when the fix completes your system will reboot.. See if the BSOD ceases... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Thanks, Kevin fixlist.txt Link to post Share on other sites More sharing options...
mosheelm Posted September 9, 2020 Author ID:1406624 Share Posted September 9, 2020 Thanks Kevin, I run FRST64, see fixlog attached, BSOD is gone for now, can you please share what was the problem and how can i avoid it? Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 9, 2020 ID:1406659 Share Posted September 9, 2020 That fixlog.txt is not related whatsoever to the fixlist.txt that I attached to my last reply... Link to post Share on other sites More sharing options...
mosheelm Posted September 9, 2020 Author ID:1406704 Share Posted September 9, 2020 Thanks Kevin, I run FRST64, see fixlog attached, Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 9, 2020 ID:1406716 Share Posted September 9, 2020 That log is from FRST fix Run 3, all entries show as "not found" the last one you posted was from Run 1, that result had nothing whatsoever to do with what fix I posted. From those results I can assume that Run 2 is what I really need to see. However as run 3 does not find what i`m looking for, also your system is now booting normally it is safe to assume that the malicious bootstrapper entry has been removed by FRST in run 2.... We still need an overview of your system booted in normal mode... From normal mode run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Link to post Share on other sites More sharing options...
mosheelm Posted September 9, 2020 Author ID:1406736 Share Posted September 9, 2020 Thanks Kevin, I run FRST64, with the fixlist you sent and probably run it once with some previous fixlist...sorry for the confusion, i need to keep track of these. attached is the FRST scan logs FRST.txt Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 10, 2020 ID:1406792 Share Posted September 10, 2020 Hiya Moshe, Thanks for those logs... Continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Report tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply... Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 11, 2020 ID:1407037 Share Posted September 11, 2020 Any progress...? Link to post Share on other sites More sharing options...
mosheelm Posted September 11, 2020 Author ID:1407158 Share Posted September 11, 2020 Hi Kevin Run the FRST however log was created in some FRST\logs folder and the fixlist is gone Run the SCAN and attached the log Run MWbites and attached the log Run adaware caused HW crash needed to plug off the system from main... luckily everything back to normal after few BSOD will run Microsoft's Safety Scanner shortly AdwCleaner[C00].txt AdwCleaner[S00].txt MWbites report 9-11-20.txt Fixlog_11-09-2020 13.39.02.txt Link to post Share on other sites More sharing options...
mosheelm Posted September 11, 2020 Author ID:1407160 Share Posted September 11, 2020 msert.log Link to post Share on other sites More sharing options...
kevinf80 Posted September 11, 2020 ID:1407162 Share Posted September 11, 2020 Hiya Moshe, Thanks for those logs, what is the current status of your PC; any issues or concerns...? One more scan please: Scan with Autoruns Please download Sysinternals Autoruns from the following link: https://live.sysinternals.com/autoruns.exe save it to your desktop. Note: If using Windows Vista, Windows 7, Windows 8/8.1 or Windows 10 then you also need to do the following: Right-click on Autoruns.exe and select Properties Click on the Compatibility tab Under Privilege Level check the box next to Run this program as an administrator Click on Apply then click OK Double-click Autoruns.exe to run it. Once it starts, please press the Esc key on your keyboard. Now that scanning is stopped, click on the Options button at the top of the program and verify that the following are checked, if they are unchecked, check them:Hide empty locationsHide Windows entries Click on the Options button at the top of the program and select Scan Options... then in the Autoruns Scan Options dialog enable/check the following two options:Verify code signaturesCheck VirusTotal.com Once that's done click the Rescan button at the bottom of the Autoruns Scan Options dialog and this will start the scan again, this time let it finish. When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the file to your desktop and close Autoruns. Right click on the file on your desktop that you just saved and hover your mouse over Send To and select Compressed (zipped) Folder Attach the ZIP folder you just created to your next reply Thank you, Kevin... Link to post Share on other sites More sharing options...
mosheelm Posted September 12, 2020 Author ID:1407231 Share Posted September 12, 2020 Hi Kevin, BSODs are back again, working from safemode again run the autorun scan see the results below best Moshe MOSHE-PC-ROG.zip Link to post Share on other sites More sharing options...
mosheelm Posted September 12, 2020 Author ID:1407233 Share Posted September 12, 2020 Hi Kevin, Run MalwareBytes again found one issue, report below: Moshe Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/09/2020 Scan Time: 00:33 Log File: 4a907888-f4ca-11ea-87c1-0c9d92165267.json -Software Information- Version: 4.2.0.82 Components Version: 1.0.1036 Update Package Version: 1.0.29729 Licence: Trial -System Information- OS: Windows 10 (Build 18362.1016) CPU: x64 File System: NTFS User: MOSHE-PC-ROG\selm9 -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 280908 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 1 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.Linkury, C:\USERS\SELM9\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Web Data, Replaced, 263, 455234, 1.0.29729, , ame, , 4314934090B644C257DAA5BF18F36283, 55E57B32BBB926D9EDF6313E8A9A4F58D862A2AF5BDE3D59509181C41C745B80 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
mosheelm Posted September 12, 2020 Author ID:1407234 Share Posted September 12, 2020 Hi Kevin, it seems like there are some failed updates the win10 tries to undo, which gives me a lot of BSODs. now i can login without safe mode - for now. Link to post Share on other sites More sharing options...
kevinf80 Posted September 12, 2020 ID:1407235 Share Posted September 12, 2020 Hiya Moshe, 1Obit uninstaller shows several hits by VirusTotal in autoruns log, I want you to uninstall that program: Revo Uninstaller Download Revo Uninstaller Portable and save it to your desktop. Right-click RevoUninstaller_Portable.zip and select Extract All. When prompted, select Browse and select Desktop to extract the files to your desktop. Right-click RevoUPort.exe and select Run as Administrator. Read and accept the End User License Agreement. Right-click the following program and select UninstallProgram to uninstall Revo Uninstaller will create a System Restore point. Once complete, the program's uninstaller will open. Follow the prompts to uninstall the program. Note: Do not restart the computer if prompted. In the Scanning Modes dialog box, select Advanced > Scan. On the Found leftover registry entries dialog box (if present) click Select All > Delete > Yes. On the Found leftover files and folders dialog box (if present) click Select All > Delete > Yes. Click OK if prompted, then Finish. Open an elevated command prompt, at the prompt copy/paste the following command:reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" /s > 0 & notepad 0 Hit enter. Notepad should open with task lists. Copy or attache to your reply... Thanks, Kevin Link to post Share on other sites More sharing options...
mosheelm Posted September 12, 2020 Author ID:1407237 Share Posted September 12, 2020 Hi Kevin, still working from Safemode, MWbits and adware scans came clean. I run the Revo on the on IOBit and removed it Run the cmd you provided see attached file best Moshe 0.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 12, 2020 ID:1407238 Share Posted September 12, 2020 Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Link to post Share on other sites More sharing options...
mosheelm Posted September 12, 2020 Author ID:1407307 Share Posted September 12, 2020 Thank you Kevin, see attached Addition.txt FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 12, 2020 ID:1407311 Share Posted September 12, 2020 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Zip up and attach this folder C:\Windows\minidump you will probably have to copy and paste that folder to your desktop first... fixlist.txt Link to post Share on other sites More sharing options...
Recommended Posts