Tech Support Forum banner
Status
Not open for further replies.
1 - 20 of 34 Posts

· Registered
Joined
·
24 Posts
Discussion Starter · #1 ·
Hello,
getting blue screen freezes then boot and sometimes failed to boot randomly.

· OS - Windows 8.1, 8, 7 or Vista? windows 7
· x86 (32-bit) or x64 ? x64
· What was the original installed OS on sthe ystem? windows 7
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? full retailer
· Approximate age of system (hardware) 3 years
· Approximate age of OS installation (if you know) dont know sorry
· Have you re-installed the OS? no.

· CPU AMD Phenom(tm) II X4 945 Processor
· Video Card You Have: AMD Radeon R7 200 Series
· MotherBoard (if NOT a laptop) dunno how sorry
· Power Supply - brand & wattage (if NOT a laptop) dunno how too

· System Manufacturer dunno
· Exact model number (if laptop, check label on bottom) dunno

Laptop or Desktop? desktop


P.S
seaz.rar [ that's the html file zipped]
 

Attachments

· TSF Enthusiast
Joined
·
325 Posts
Hi

Just did Drive Verifier has it says in your sticky thread , and couldnt boot my computer , after windows logo had a blue screen [ndis.sys].
Some notes about driver verifier:


- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

- Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1
 

· TSF Enthusiast
Joined
·
325 Posts
Shouldn't be related, but more importantly, you attached the same file as before.

Need you to actually run the SysnativeBSODCollectionApp.exe again to gather new logs. Then attach the NEW SysnativeFileCollectionApp.zip it creates. :)
 

· TSF Enthusiast
Joined
·
325 Posts
For some reason the BSOD that occured while Driver Verifier was on wasn't properly logged. Don't worry about it for now. There are some other things I'd like to take care of first.

Code:
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
It suggests a driver was at fault, but doesn't specify which driver. Daemon Tools Lite may be skewing with the results.

Code:
dtsoftbus01.sys             Fri Jan 13 07:45:46 2012 (4F10358A)
Please disable all CD/DVD emulation software until further notice. Disable them using DeFogger.

There's some adware in your logs and a rather interesting driver which I'll list below

Some of the adware:
Code:
Start Menu\Programs\saafE  ssaVVe	Public:Start Menu\Programs\saafE  ssaVVe	Public
Start Menu\Programs\SearchNewTab	Public:Start Menu\Programs\SearchNewTab	Public
Assistant	699fd52f	Stopped	Auto	Own Process	"c:\windows\system32\rundll32.exe" "c:\progra~3\assist~1\assistantsvc.dll",service	Ignore	LocalSystem	0
The driver I haven't seen before:

Code:
Neo_0055.sys                Fri Jul 11 12:35:39 2014 (53C0206B)
It apparently belongs to something called Neo VPN.

Code:
     28768   07/26/2014      13:51:37  "C:\Windows\System32\DriverStore\FileRepository\[B]neo_vpn[/B].inf_amd64_neutral_d9ebb3cc8fece8cb\Neo_0055.sys"
Additional information: What is neo_0055.sys ? (id:32566904) | System Explorer

Is this software something you are familiar with / installed intentionally?

I'd like to run a few anti-malware based scans and gather some more logs for review. Please uninstall AVG 2015 before we begin and keep it uninstalled and DO NOT install any other software while these fixes are being applied. The AVG Removal Tool can be found here: http://download.avg.com/filedir/util/support/avg_remover_stf_x64_2015_5501.exe -- Download and run it.

Start with the above steps, I'll create a few additional steps for you in another post.
 

· TSF Enthusiast
Joined
·
325 Posts
Step 1

Please download TDSSKiller and save it to your desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
  • Attach the log file to your next message.


__

Step 2:



Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:

  • Click on "Remove Selected".
  • Then click "Save Results" and select Text file (*.txt)
  • Save the log to your desktop and then attach it to your next post for review.
 

· TSF Enthusiast
Joined
·
325 Posts
Step 3:

Please download AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Attach this log to your next post.

__

Step 4:

Scan with Junkware Removal Tool
  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Press any key to continue with the scan and allow some time for the scan to complete.
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Attach JRT.txt to your next reply.

__

Step 5: Last step to identify remaining traces

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • You are on a 64-bit operating system so choose the 64-bit version of the tool.
  • Double click on FRST64.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please attach BOTH logs to your next reply.
 

· Registered
Joined
·
24 Posts
Discussion Starter · #12 ·
For some reason the BSOD that occured while Driver Verifier was on wasn't properly logged. Don't worry about it for now. There are some other things I'd like to take care of first.

Code:
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
It suggests a driver was at fault, but doesn't specify which driver. Daemon Tools Lite may be skewing with the results.

Code:
dtsoftbus01.sys             Fri Jan 13 07:45:46 2012 (4F10358A)
Please disable all CD/DVD emulation software until further notice. Disable them using DeFogger.

There's some adware in your logs and a rather interesting driver which I'll list below

Some of the adware:
Code:
Start Menu\Programs\saafE  ssaVVe    Public:Start Menu\Programs\saafE  ssaVVe    Public
Start Menu\Programs\SearchNewTab    Public:Start Menu\Programs\SearchNewTab    Public
Assistant    699fd52f    Stopped    Auto    Own Process    "c:\windows\system32\rundll32.exe" "c:\progra~3\assist~1\assistantsvc.dll",service    Ignore    LocalSystem    0
The driver I haven't seen before:

Code:
Neo_0055.sys                Fri Jul 11 12:35:39 2014 (53C0206B)
It apparently belongs to something called Neo VPN.

Code:
     28768   07/26/2014      13:51:37  "C:\Windows\System32\DriverStore\FileRepository\[B][COLOR=Red]neo_vpn[/COLOR][/B].inf_amd64_neutral_d9ebb3cc8fece8cb\Neo_0055.sys"
Additional information: What is neo_0055.sys ? (id:32566904) | System Explorer

Is this software something you are familiar with / installed intentionally?

I'd like to run a few anti-malware based scans and gather some more logs for review. Please uninstall AVG 2015 before we begin and keep it uninstalled and DO NOT install any other software while these fixes are being applied. The AVG Removal Tool can be found here: http://download.avg.com/filedir/util/support/avg_remover_stf_x64_2015_5501.exe -- Download and run it.

Start with the above steps, I'll create a few additional steps for you in another post.
First of all , I thank u for your fast respond.
Now , i have daemon tools for like 2 years i dont think it causes the BSOD,
i dont familair with the VPN software.
and i will run this tests ASAP. i will remove AVG right away.
 

· Registered
Joined
·
24 Posts
Discussion Starter · #13 ·
First , thank you for everything
Second , After i deleted some of my memory on the hard drive my BSOD went less more fraquently ...
And now after you adviced me to delete AVG as I did it BSOD did not happen for like 2 days ,
Will keep you update if it happens again , thanks!
 

· Registered
Joined
·
24 Posts
Discussion Starter · #14 ·
First of all , I thank u for your fast respond.
Now , i have daemon tools for like 2 years i dont think it causes the BSOD,
i dont familair with the VPN software.
and i will run this tests ASAP. i will remove AVG right away.
Hey , the BSOD came again but this time after getting bsod the computer problem solving told me its about my disk drive and directed me to this files :
 

Attachments

· TSF Enthusiast
Joined
·
325 Posts
Hi,

Please upload this file to VirusTotal : C:\Windows\system32\drivers\ipnat.sys
Give me the link it produces.

__

Next, Find and upload this file to your next message: C:\Windows\Minidump\062115-20326-01.dmp

__

Lastly, attached to my post is a file named fixlist.txt
Download the file. Don't rename it!
Place fixlist.txt in the same directory(folder) as Farbar Recovery Scan Tool (FRST.exe)
Open Farbar Recovery Scan Tool
Press the Fix button once and wait.
Follow the instructions on your screen. A reboot will be needed, so allow it to reboot your computer.
When finished, the program may try to launch again on startup, allow it to do so as it should pop up a log for you to review entitled Fixlog.txt
Attach Fixlog.txt to your next message.
Experiment with the PC now without installing any programs.
 

Attachments

· Registered
Joined
·
24 Posts
Discussion Starter · #20 · (Edited)
Hi,

Please upload this file to VirusTotal : C:\Windows\system32\drivers\ipnat.sys
Give me the link it produces.

__

Next, Find and upload this file to your next message: C:\Windows\Minidump\062115-20326-01.dmp

__

Lastly, attached to my post is a file named fixlist.txt
Download the file. Don't rename it!
Place fixlist.txt in the same directory(folder) as Farbar Recovery Scan Tool (FRST.exe)
Open Farbar Recovery Scan Tool
Press the Fix button once and wait.
Follow the instructions on your screen. A reboot will be needed, so allow it to reboot your computer.
When finished, the program may try to launch again on startup, allow it to do so as it should pop up a log for you to review entitled Fixlog.txt
Attach Fixlog.txt to your next message.
Experiment with the PC now without installing any programs.
Everytime im trying the FRST with he fixlist computer crashing so meanwhile :

About virustotal u told me , the file im trying to find is located there but its like unvaildable to the website when i trying locate the file through virustotal its like he's hidden. from all the .sys files only one is shown.
Im in safe mode + network , imma try the fixlist from here
Well managed to do it through safe mode, waiting for your response!
 

Attachments

1 - 20 of 34 Posts
Status
Not open for further replies.
Top