[Diverged]

Hello,
getting blue screen freezes then boot and sometimes failed to boot randomly.

· OS - Windows 8.1, 8, 7 or Vista? windows 7
· x86 (32-bit) or x64 ? x64
· What was the original installed OS on sthe ystem? windows 7
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? full retailer
· Approximate age of system (hardware) 3 years
· Approximate age of OS installation (if you know) dont know sorry
· Have you re-installed the OS? no.

· CPU AMD Phenom(tm) II X4 945 Processor
· Video Card You Have: AMD Radeon R7 200 Series
· MotherBoard (if NOT a laptop) dunno how sorry
· Power Supply - brand & wattage (if NOT a laptop) dunno how too

· System Manufacturer dunno
· Exact model number (if laptop, check label on bottom) dunno

Laptop or Desktop? desktop


P.S
seaz.rar [ that's the html file zipped]

 

[Diverged]

Just did Drive Verifier has it says in your sticky thread , and couldnt boot my computer , after windows logo had a blue screen [ndis.sys].

 

[thisisu]

Hi

Just did Drive Verifier has it says in your sticky thread , and couldnt boot my computer , after windows logo had a blue screen [ndis.sys].

Some notes about driver verifier:

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.

- Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

 

[Diverged]

Hi



Some notes about driver verifier:

After driver verifier I succeed getting my computer back to the start , but still no answer about BSOD.

 

[thisisu]

Now run the Sysnative app again and attach the newer SysnativeFileCollectionApp.zip for review.

 

[Diverged]

For your info I dont know if it's related but after I deleted some memory from my hard drive the blue screen became less oftenly , However it still happens.

 

[thisisu]

Shouldn't be related, but more importantly, you attached the same file as before.

Need you to actually run the SysnativeBSODCollectionApp.exe again to gather new logs. Then attach the NEW SysnativeFileCollectionApp.zip it creates.

 

[Diverged]

oh thanks ,


a screen just popped the minute the computer booted :

BCCode: 1e
BCP1: 0000000000000000
BCP2: 0000000000000000
BCP3: 0000000000000000
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

If it helps of course

 

[thisisu]

For some reason the BSOD that occured while Driver Verifier was on wasn't properly logged. Don't worry about it for now. There are some other things I'd like to take care of first.

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

It suggests a driver was at fault, but doesn't specify which driver. Daemon Tools Lite may be skewing with the results.

dtsoftbus01.sys             Fri Jan 13 07:45:46 2012 (4F10358A)

Please disable all CD/DVD emulation software until further notice. Disable them using DeFogger.

There's some adware in your logs and a rather interesting driver which I'll list below

Some of the adware:

Start Menu\Programs\saafE  ssaVVe	Public:Start Menu\Programs\saafE  ssaVVe	Public
Start Menu\Programs\SearchNewTab	Public:Start Menu\Programs\SearchNewTab	Public
Assistant	699fd52f	Stopped	Auto	Own Process	"c:\windows\system32\rundll32.exe" "c:\progra~3\assist~1\assistantsvc.dll",service	Ignore	LocalSystem	0

The driver I haven't seen before:

Neo_0055.sys                Fri Jul 11 12:35:39 2014 (53C0206B)

It apparently belongs to something called Neo VPN.

     28768   07/26/2014      13:51:37  "C:\Windows\System32\DriverStore\FileRepository\[B]neo_vpn[/B].inf_amd64_neutral_d9ebb3cc8fece8cb\Neo_0055.sys"

Additional information: What is neo_0055.sys ? (id:32566904) | System Explorer

Is this software something you are familiar with / installed intentionally?

I'd like to run a few anti-malware based scans and gather some more logs for review. Please uninstall AVG 2015 before we begin and keep it uninstalled and DO NOT install any other software while these fixes are being applied. The AVG Removal Tool can be found here: http://download.avg.com/filedir/util/support/avg_remover_stf_x64_2015_5501.exe -- Download and run it.

Start with the above steps, I'll create a few additional steps for you in another post.

 

[thisisu]

Step 1

Please download TDSSKiller and save it to your desktop.

• Start tdsskiller.exe with administrator privileges.
• Accept the EULA and the KSN Statement.
• Click on Change parameters
• Make sure that all available options (except "Loaded modules") are checked and click OK.
• Click on Start scan
• If any threats are found don't delete them but choose the Skip option for all of them.
• Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
• Attach the log file to your next message.

__

Step 2:

Please download and install Malwarebytes Anti-Malware.

• Please open Malwarebytes Anti-Malware and update the database.
• Click "Settings" and go to "Detection and Protection"
• Make sure "Scan for Rootkits" is checked.
• Click on Dashboard, then click on Scan Now to start the scan.
• If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:

• Click on "Remove Selected".
• Then click "Save Results" and select Text file (*.txt)
• Save the log to your desktop and then attach it to your next post for review.

 

[thisisu]

Step 3:

Please download AdwCleaner (by Xplode) and save it to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select "Run As Administrator"
• Click on the Scan button.
• After the scan has finished, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
  Attach this log to your next post.

__

Step 4:

Scan with Junkware Removal Tool

• Please download Junkware Removal Tool and save the file to your Desktop.
• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select "Run As Administrator"
• Press any key to continue with the scan and allow some time for the scan to complete.
• Upon completion, a log (JRT.txt) will open on your desktop.
• Attach JRT.txt to your next reply.

__

Step 5: Last step to identify remaining traces

Please download Farbar Recovery Scan Tool and save it to your Desktop.

• You are on a 64-bit operating system so choose the 64-bit version of the tool.
• Double click on FRST64.exe to run the tool.
  Vista/Windows 7/8 users right-click and select "Run As Administrator"
• Make sure the option Addition.txt is checked and press the Scan button.
• When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
• Please attach BOTH logs to your next reply.

 

[Diverged]

For some reason the BSOD that occured while Driver Verifier was on wasn't properly logged. Don't worry about it for now. There are some other things I'd like to take care of first.

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

It suggests a driver was at fault, but doesn't specify which driver. Daemon Tools Lite may be skewing with the results.

dtsoftbus01.sys             Fri Jan 13 07:45:46 2012 (4F10358A)

Please disable all CD/DVD emulation software until further notice. Disable them using DeFogger.

There's some adware in your logs and a rather interesting driver which I'll list below

Some of the adware:

Start Menu\Programs\saafE  ssaVVe    Public:Start Menu\Programs\saafE  ssaVVe    Public
Start Menu\Programs\SearchNewTab    Public:Start Menu\Programs\SearchNewTab    Public
Assistant    699fd52f    Stopped    Auto    Own Process    "c:\windows\system32\rundll32.exe" "c:\progra~3\assist~1\assistantsvc.dll",service    Ignore    LocalSystem    0

The driver I haven't seen before:

Neo_0055.sys                Fri Jul 11 12:35:39 2014 (53C0206B)

It apparently belongs to something called Neo VPN.

     28768   07/26/2014      13:51:37  "C:\Windows\System32\DriverStore\FileRepository\[B][COLOR=Red]neo_vpn[/COLOR][/B].inf_amd64_neutral_d9ebb3cc8fece8cb\Neo_0055.sys"

Additional information: What is neo_0055.sys ? (id:32566904) | System Explorer

Is this software something you are familiar with / installed intentionally?

I'd like to run a few anti-malware based scans and gather some more logs for review. Please uninstall AVG 2015 before we begin and keep it uninstalled and DO NOT install any other software while these fixes are being applied. The AVG Removal Tool can be found here: http://download.avg.com/filedir/util/support/avg_remover_stf_x64_2015_5501.exe -- Download and run it.

Start with the above steps, I'll create a few additional steps for you in another post.

First of all , I thank u for your fast respond.
Now , i have daemon tools for like 2 years i dont think it causes the BSOD,
i dont familair with the VPN software.
and i will run this tests ASAP. i will remove AVG right away.

 

[Diverged]

First , thank you for everything
Second , After i deleted some of my memory on the hard drive my BSOD went less more fraquently ...
And now after you adviced me to delete AVG as I did it BSOD did not happen for like 2 days ,
Will keep you update if it happens again , thanks!

 

[Diverged]

First of all , I thank u for your fast respond.
Now , i have daemon tools for like 2 years i dont think it causes the BSOD,
i dont familair with the VPN software.
and i will run this tests ASAP. i will remove AVG right away.

Hey , the BSOD came again but this time after getting bsod the computer problem solving told me its about my disk drive and directed me to this files :

 

[thisisu]

Hi again,

Please follow the directions provided in post #10 and #11.

Thank you

 

[Diverged]

Hi again,

Please follow the directions provided in post #10 and #11.

Thank you

Hey, thank you for your help ! , I wasnt in my house for a week so excuse me bout it .

I will make step by step and edit this reply cause of BSOD crashing so oftenly lately.

 

[Diverged]

Having trouble in step 2 cause my computer wont be up for the malware scan
Meanwhile the other steps

 

[Diverged]

Managed to make all scans ,
Waiting for your response , much thanks!

 

[thisisu]

Hi,

Please upload this file to VirusTotal : C:\Windows\system32\drivers\ipnat.sys
Give me the link it produces.

__

Next, Find and upload this file to your next message: C:\Windows\Minidump\062115-20326-01.dmp

__

Lastly, attached to my post is a file named fixlist.txt
Download the file. Don't rename it!
Place fixlist.txt in the same directory(folder) as Farbar Recovery Scan Tool (FRST.exe)
Open Farbar Recovery Scan Tool
Press the Fix button once and wait.
Follow the instructions on your screen. A reboot will be needed, so allow it to reboot your computer.
When finished, the program may try to launch again on startup, allow it to do so as it should pop up a log for you to review entitled Fixlog.txt
Attach Fixlog.txt to your next message.
Experiment with the PC now without installing any programs.

 

[Diverged]

Hi,

Please upload this file to VirusTotal : C:\Windows\system32\drivers\ipnat.sys
Give me the link it produces.

__

Next, Find and upload this file to your next message: C:\Windows\Minidump\062115-20326-01.dmp

__

Lastly, attached to my post is a file named fixlist.txt
Download the file. Don't rename it!
Place fixlist.txt in the same directory(folder) as Farbar Recovery Scan Tool (FRST.exe)
Open Farbar Recovery Scan Tool
Press the Fix button once and wait.
Follow the instructions on your screen. A reboot will be needed, so allow it to reboot your computer.
When finished, the program may try to launch again on startup, allow it to do so as it should pop up a log for you to review entitled Fixlog.txt
Attach Fixlog.txt to your next message.
Experiment with the PC now without installing any programs.

Everytime im trying the FRST with he fixlist computer crashing so meanwhile :

About virustotal u told me , the file im trying to find is located there but its like unvaildable to the website when i trying locate the file through virustotal its like he's hidden. from all the .sys files only one is shown.
Im in safe mode + network , imma try the fixlist from here
Well managed to do it through safe mode, waiting for your response!