Tech Support Forum banner
Status
Not open for further replies.

BSOD - Help needed please

2K views 39 replies 2 participants last post by  andysan 
#1 ·
Hi All,

I have ran PERFMON and Sys file and enclose both ZIP files as per recommendations.

Can anyone assist and advise me please what cause of my BSOD and how to ideally fix?

many thanks :smile:
 

Attachments

#2 ·
Hi,

This driver is blamed for your most recent crash is: scmndisp.sys

Uninstall or update this driver.

Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 1, 82c680c9}

Unable to load image \SystemRoot\system32\DRIVERS\scmndisp.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for scmndisp.sys
*** ERROR: Module load completed but symbols could not be loaded for scmndisp.sys
Probably caused by : scmndisp.sys ( scmndisp+1324 )
Note to self.. Potential memory issue
 
#4 ·
Don't disable it that way.

Update:

You're using one of these right? -> Amazon.com: NETGEAR RangeMax Dual Band Wireless-N Adapter WNDA3100 v3: Electronics

If so, try removing this USB device and see if the crashes persist.

Code:
     21728   19/01/2007      18:20:54  "C:\Program Files\NETGEAR\WNDA3100v2\Driver\Protocol\SCMNdisP.sys"
Code:
    699896   06/11/2009      08:37:20  "C:\Program Files\NETGEAR\WNDA3100v2\Driver\WIN7\bcmwlhigh6.sys"
    838136   06/11/2009      08:40:26  "C:\Program Files\NETGEAR\WNDA3100v2\Driver\WIN7\bcmwlhigh664.sys"
__

Code:
Name	[00000011] WNDA3100v2 - RangeMax Dual Band Wireless-N USB Adapter
Product Type	WNDA3100v2 - RangeMax Dual Band Wireless-N USB Adapter
Service Name	BCMH43XX
Driver	c:\windows\system32\drivers\bcmwlhigh6.sys (5.60.180.11, 683.49 KB (699,896 bytes), 10/05/2015 20:00)
Some of the BSOD error codes are sometimes memory related. I'd rather try one thing at a time though. Start with what I previously mentioned.
 
#8 ·
Suffered another BSOD today:uhoh:

I had uninstalled my Netgear adaptor and reinstalled latest driver, direct from website yesterday and no crashes after extensive usage. PC later today crashed again.

I had yesterday ran memtest86 and also memory test from windows 7 both came back clear!

Think it's still the Netgear adaptor but not sure?
 
#13 ·
Thanks for that information.

Couple of things, first, uninstall Panda Internet Security. Use their removal tool here as well to increase the chances that all traces of it are removed: http://www.pandasecurity.com/resources/sop/UNINSTALLER.exe

Code:
PavTPK.sys
PavProc.sys
Driver Reference Table - PavTPK.sys

Code:
BugCheck 1000008E, {c0000005, 8977d885, 8e6a9a20, 0}
^ Quite often a memory related BSOD code.

__

If that alone does not solve your BSOD issues, follow these instructions for memtest86+

Run memtest for 8 passes:

Memtest86+:

Download Memtest86+ here:

Memtest86+ - Advanced Memory Diagnostic Tool

Which should I download?

You can either download the pre-compiled .ISO that you would burn to a CD and then boot from the CD, or you can download the auto-installer for the USB key. What this will do is format your USB drive, make it a bootable device, and then install the necessary files. Both do the same job, it's just up to you which you choose, or which you have available (whether it's CD or USB).

Do note that some older generation motherboards do not support USB-based booting, therefore your only option is CD (or Floppy if you really wanted to).

How Memtest works (you don't need to read, it's only for those interested in the specifics):

Memtest uses algorithms (specifically two), namely moving inversion & what is deemed Modulo-X. Essentially, the first algorithm fills the memory with a pattern. Starting at the low address, it checks to see if the pattern was changed (it should not have been), writes the patterns complement, increments the address, and repeats. Starting at the highest address (as opposed to the lowest), it follows the same checklist.

The reason for the second algorithm is due to a few limitations, with the first being that not all adjacent cells are being tested for interaction due to modern chips being 4 to 16 bits wide regarding data storage. With that said, patterns are used to go ahead and ensure that all adjacent cells have at least been written with all possible one and zero combinations.

The second is that caching, buffering and out of order execution will interfere with the moving inversions algorithm. However, the second algorithm used is not affected by this. For starting offsets of 0-20, the algorithm will write every 20th location with a pattern, write all other locations with the patterns complement, repeat the previous one (or more) times, and then check every 20th location for the previously mentioned pattern.

Now that you know how Memtest actually works, it's important to know that the tests it goes through all mean something different. It goes from Test 0 through Test 12, many of which use either one or the other algorithm discussed above, among many other things.

Any other questions, they can most likely be answered by reading this great guide here:

FAQ : please read before posting
 
#18 ·
Hi again

Another BSOD so I am not out of the woods yet!

I have installed a 'bluescreenview' program and this highlights problematic drivers and my latest BSOD was caused by

fltmgr.sys driver via the Bug checking string was listed as MEMORY_MANAGEMENT

I will now uninstall Panda.
 
#25 · (Edited)
Hi, yes go ahead and run chkdsk c: /f from CMD too. I do suspect some corruption after reviewing your sfc log.

__

Just so we're thorough, I want to remove all traces of Panda. This one driver still remains:

Code:
neti1644.sys                Wed Sep  1 01:51:56 2010 (4C7DF80C)
Malware scan of neti1644.sys (Panda Network Manager) 04a62755f26c04dad40282010038068d97565750 - herdProtect

__

Code:
MpFilter.sys                Thu Feb 26 16:32:01 2015 (54EF9EE1)
Belongs to Microsoft Security Essentials. Is it working as intended?

Code:
    245096   04/03/2015      19:34:52  "C:\Program Files\Microsoft Security Client\Drivers\mpfilter\mpfilter.sys"
__

Sign of adware which we'll remove too:

Code:
     13368   13/05/2015      17:45:38  "C:\Users\Andrew Alderson\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys"
__

Code:
     13392   11/05/2015      16:19:56  "C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_service_kms.exe_80743aea55b6f1bb19d41d734d11c3b95aa635_122b2d2b\Report.wer"
     13392   11/05/2015      15:08:49  "C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_service_kms.exe_80743aea55b6f1bb19d41d734d11c3b95aa635_15154d30\Report.wer"
     13492   11/05/2015      15:04:28  "C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_service_kms.exe_80743aea55b6f1bb19d41d734d11c3b95aa635_15896a8c\Report.wer"
Probably one of the reasons you got infected in the first place. :angel:

__

Please download TDSSKiller and save it to your desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
  • Attach the log file to your next message.


__

Step 2:



Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:

  • Click on "Remove Selected".
  • Then click "Save Results" and select Text file (*.txt)
  • Save the log to your desktop and then attach it to your next post for review.


Step 3:

Please download AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Attach this log to your next post.

__

Step 4:

Scan with Junkware Removal Tool
  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Press any key to continue with the scan and allow some time for the scan to complete.
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Attach JRT.txt to your next reply.

__

Step 5: Last step to identify remaining traces

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • You are on a 32-bit operating system so choose the 64-bit version of the tool.
  • Double click on FRST.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please attach BOTH logs to your next reply.
 
#26 ·
Thanks again for your continued support, its greatly appreciated!:smile:

I have ran all the programs and enclose the various reports.

After rebooting from running the 'malwarebytes' program I suffered immediately after booting to home screen another BSOD and driver cause was this program?
 

Attachments

#27 ·
I'm not sure what you're asking.

I have a question though, the Netgear adapter is currently installed isn't it?

I see:
Code:
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.0.0.133 - NETGEAR)
In Programs and Features. I thought you already uninstalled this.
 
#28 · (Edited)
Also, what is this "Reason Core Security" program?

The timestamps of it seem to suggest it was installed, or is apart of the Netgear software itself.

Code:
2015-05-25 11:23 - 2015-05-25 11:23 - 00001060 _____ () C:\Users\Public\Desktop\Reason Core Security.lnk
2015-05-25 11:23 - 2015-05-25 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2015-05-24 22:35 - 2015-05-24 22:28 - 00000900 _____ () C:\Users\Andrew Alderson\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
2015-05-24 22:28 - 2015-05-24 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
Let me know. I have my suspicions but would like to hear what it's actually from.
 
#30 · (Edited)
Reason code security is from the link you provided under 'netil644.sys'?
Which post?

__

Code:
Name	[00000007] VIA Rhine II Compatible Fast Ethernet Adapter
Adapter Type	Ethernet 802.3
Product Type	VIA Rhine II Compatible Fast Ethernet Adapter
Installed	Yes
PNP Device ID	PCI\VEN_1106&DEV_3065&SUBSYS_30651849&REV_7C\3&267A616A&0&90
Driver	c:\windows\system32\drivers\fetnd6.sys (1.9.0.10, 43.00 KB (44,032 bytes), 10/06/2009 22:18)
Can you use the wired connection instead? Got an ethernet cable?
 
#31 ·
This link via your 11.04am post

Malware scan of neti1644.sys (Panda Network Manager) 04a62755f26c04dad40282010038068d97565750 - herdProtect

I will keep PC on with netgear uninstalled to see if BSOD continues, I suffered more BSOD yesterday randomly
 
#32 · (Edited)
That's herdprotect's website, has nothing to do with "Reason Core Security" which is why I am unsure of why you installed it.

I'm attaching a file named fixlist.txt

Download and save this file in the same directory as FRST64.exe. It must remain named fixlist.txt.
No re-open FRST64.exe and press the [Fix] button.
Follow the prompts, and allow it to restart your computer.
Report back here with the Fixlog.txt the tool creates. Attach it to your next post.

DO NOT PLUG IN OR INSTALL THE NETGEAR ADAPTER or any other software for that matter. Just test if the computer still crashes. Use your wired connection in the meantime

Refer back to my post at Yesterday 09:40 PM for more information about the built it in wired connection on your computer.
 

Attachments

Status
Not open for further replies.
You have insufficient privileges to reply here.
Top