Removed infections, now windows is constantly rebooting and recovering from maj

This is a Desk top comp. in a home.
using windows 7 pro. with service pack 1. 64 bit
windows experience index is 3.8
Intel 2 quad CPU 4 GB of RAM
Windows reports, that it is up to date.
We do not have the windows install disk. we have a code. the system is not backed up, for we ahave been saving up $$$ to purchase a back up external drive, but have yet to saved enough. :frowning:

comodo CIS found infections on my son’s comp. that he uses for his college studies. and when it removed them or quarantined them, issues have appeared. here is what is now happening every day:
Now his computer is constantly rebooting, like 2 and 4 times a day, all on its own. and when it reboots a window appears announcing that windows has recovered from a major error. If he stops using the computer to get a drink or snack from the kitchen, upon his return to the computer he finds it has rebooted and the error announcement is on the screen, again, and he was gone for less than 2 mins. if he is constantly using the computer, the error report does not appear ? and the comp. does not reboot.???
I have deffraged the main drive. I have attempted to run additional scans using CIS and Comodo cleaning essentials. Both programs start but cannot finish, with out the windows error report popping up and the comp. rebooting. So I can’t run a scan at the moment.
Plus, I looked and do not see any system restore points??? ???.. and he has been using the comp. for 8 months now.

I even ran a scan with malwarebytes, and it too can not complete a scan!
I have attached several comodo reports and logs should they be of help to you.
Help please. Thanks Comodo pros!

here is what the error pop up report says: (and for the record, I don’t have a clue to what it means)
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: a
BCP1: FFFFF8A0001E2BD8
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF800030CA25B
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\091514-17238-01.dmp
C:\Users\User\AppData\Local\Temp\WER-32978-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Statement

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

[attachment deleted by admin]

This is general advice, but it may still be useful:
http://www.techsupportalert.com/content/how-fix-malware-infected-computer.htm

:-TU thank you Chiron for once again coming to my rescue! here is a progress report.
Followed the instructions listed in the article you wrote. ( excellent work by the way , thank you for writing this. :-TU
I have reached the point where I removed all restore points. and again ran essential cleaning… it ran for 10 hrs. and 43 mins. and found no infections. I rebooted computer has it instructed i do. When it rebooted the windows pop up again appeared saying windows recovered from a severe error . just as before.??
So i here is what the details of that pop up say. i don’t understand what it means nor where to look or go to to correct the problem. perhaps you do? and could tel me then.
I looked at Microsoft fix it solutions but didn’t find words that exactly matched what I saw in the pop up. So i don’t know what to down;load now from Microsoft fix it. Please, can you help here also? perhaps provide a link to the proper fix it down load please? This is a windows 7 64 bit system. with service pack 1

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: a
BCP1: FFFFF8A000097DE8
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF8000307425B
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\091714-19515-01.dmp
C:\Users\User\AppData\Local\Temp\WER-46628-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Statement

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

I’m really not sure what is causing this. My best guess is that some of the infection removed were protected in such a way that removing them damaged some of the system files. However, I don’t know for sure.

My advice would be to run Windows Repair Kit. However, make sure to follow all of the recommended steps, including checking the hard drive for errors, etc… Perhaps it will be able to find, and fix, a related problem. Then just have Windows Repair Kit run all of the fixes it has. I have used it many times on my computers, and I’ve always just had it run all fixes. I’ve never experienced any problems, so I doubt you woudl either.

However, if that doesn’t work my only other advice would be to try following the advice here. Perhaps Windows can fix itself. If that doesn’t work then I’m sorry to say I’m out of ideas. Hopefully someone else has some more specific thoughts.

Thanks.

With BlueScreenView you can get some more detailed information on the nature of the BSOD. We are very interested in the Bug Check Code. That may point a a finger to what’s happening.

Thank you both! very good ideas both of you. :-TU :-TU :-TU
so before I do anything I downloaded and ran the blue screen view. I hope I found and put here the info you requested.
I looked for a windows fix kit that would run all it has, but i saw none , instead all I saw were individual listings and i would have to choose one or several. imagine my frustration. is there a means that you can provide me a direct link to that very one .? i would love that. :slight_smile: that way I can get easily , if it is needed. below is the info I hope you requested. also see the zipped attachment. With my limited knowledge of what your having me do and the amazing results I see on my monitor, I am very surprised i actually got blue screen view to work and was able to post the results which i hope are what you wanted. Hurrah to me! ;D
let me know if you need anything more.
I have a strong feeling that with the two of you in my corner, we will whip this! Hurrah!

091714-19515-01.dmp 9/17/2014 2:05:46 PM IRQL_NOT_LESS_OR_EQUAL 0x0000000a fffff8a000097de8 0000000000000002 0000000000000000 fffff8000307425b ntoskrnl.exe ntoskrnl.exe+75bc0 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18409 (win7sp1_gdr.140303-2144) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\091714-19515-01.dmp 4 15 7601 275,864 9/17/2014 2:07:04 PM

Bug check code: Ox0000000a file name: ntoskrnl.exe Address in st… ntoskrnl.exe+f20d4

[attachment deleted by admin]

Thank you for the bug check codes.

Going by STOP 0x0000000A, 0x000000A, IRQL_NOT_LESS_OR_EQUAL it suggests that there seems to be a problem with either kernel level operating executables (typically drivers from security programs or hardware components) or with hardware.

To start with the kernel perspective. Please enumerate all security programs you had installed in the past and run clean up tools for them to make sure no left overs of them are around. A list of such tools can be found here: ESET Knowledgebase .

With regard to other drivers. Did you over the past period when the problems started to arise update drivers on that system?

To take the hardware angle. Did you make any recent changes to the hardware of the system? A usual suspect with this is flawed memory. Get one of the memory testers from 4 Best Free Memory Test Programs (April 2023) . I always use WinDiag from Microsoft. Before testing make sure to revert any overclocks made to your system. If one or more errors are found the memory is broken and needs to be replaced. Depending on warranty period you may try to get the memory replaced under warranty.

Thank you friends! :-TU :-TU :-TU
Wow! i was not aware of memory testing software! nice!
No over clocking has been done to this computer by me or any of us in the family…wouldn’t know how to.
Have not adding any new items to inside the computer. Not Ram or any thing.
We are having moments (like right) when the computer does not see the HP printer hooked up to it even though it did just hrs. ago and did see it for weeks and months on end, up to just 2 weeks ago.
And just earlier today the printer worked just fine with the computer. yet last night it did not see the printer. Now tonight there is a yellow symbol on the HP printer’s icon in “system”. but trouble shooting can’t find a problem and reports it is just fine.???

I ran Ccleaner’s cleaner, and registry cleaner. registry found no problems.
I downloaded some of the Microsoft fix it ‘programs’ that i thought I understood. such as memory repair; printer repair; update repair; and maintenance issues repair. but those found no trouble to repair. ???

We have not updated drivers for this computer nor any part of it ourselves. perhaps i should do that? tonight as well. i am still getting family with windows 7 from XP…there is much to familiarize myself with.

I have downloaded eset av remover.
also memtest86;
mtinst Microsoft m exe
I will run these tonight.

before installing Comodo the computer had AVAST installed. I used AVAST’s uninstaller . but perhaps it still left something behind?..I guess i will know later on tonight.

Also, i just now thought to add that my son uses this computer, seeing how it is his. to also play games on line. maybe knowing this sheds new light on “something”, “some item” " a new lead’ for you?..
also I just now thought that he did tell me that he was clicking to allow some things from the gaming sights he visits frequently because it was interfering with his play concentration. Tonight i am wondering might he have allowed something he shouldn’t have?? but i don’t know how to find in comodo a list of allowed “______” what ever they would be called. so that i could uploaded that list to you folks to look at and maybe you’l see some items to red flagged, and reverse the permissions they have been mistakenly granted. How about it? where do I find a list of those that were granted to be trust worthy? meanwhile I’ll be working on running those mem tests and updates… if i can learn how.

Let’s for now focus on running the removal tool for Avast and running a memory test. I have used Windiag to good effect.

As to the problem with the printer. Are you using the latest drivers of your printer? It is a problem worth investigating at HP support forum as well as it is more their field expertise.

I don’t think the blue screen may be related to actions your son allowed in the firewall.

I apologize for the delay in replying, but it has been very hectic here at the house these past 4 days to say the least. there was several things every day to pull me away from the computer problem. but I’m back for now.
So memory test showed up to be just fine, no issues there.
eset removal tools wants to remove Comodo!.. it finds nothing else. that is the way I am interpreting the results. so i said no i will not uninstall comodo, ( i went threw hrs. of setting it up the way it is now. i followed Chiron’s instructions and everything!) and i guess stopped it from proceeding.
So i don’t know what to add or do any more on that issue?

Did not replace anything inside the computer since bringing it home.
Have not up[dated any drivers that we are aware of. Only getting updates for programs.
getting updated drivers, sounds very involved… . i wish getting updates for programs took care of that driver updating also.
can you tell me how to update drivers? and drivers for what?
the HP printer issue is solved. not truly certain what happened to correct it. but i found something about print spooling was a contributing factor. and i was not aware of the existence or definition of print spooling before today.

oh and the problems seem to never end, because yesterday and today there are issues now with malwarebytes , and i think maybe Comodo is contributing to. For malwarebytes will not update and will not show itself as fully protected. and it reports there is no real time protection and that it can not access the update server. I made a screen print of it and attached it here.

[attachment deleted by admin]

Did you run the Avast uninstaller tool, Avast Removal Tool | Download Avast Clear | Avast , to get rid off possible left overs of Avast? The reason why I am asking is that you’re referring to Eset rather than Avast.

Did not replace anything inside the computer since bringing it home. Have not up[dated any drivers that we are aware of. Only getting updates for programs. getting updated drivers, sounds very involved.... . i wish getting updates for programs took care of that driver updating also. can you tell me how to update drivers? and drivers for what? the HP printer issue is solved. not truly certain what happened to correct it. but i found something about [u]print spooling[/u] was a contributing factor. and i was not aware of the existence or definition of print spooling before today.
I was curious to know if you had updated a driver on your system. Sometimes there can be a clue in that a problem started after updating a driver.

Sometimes a hard drive can cause memory related stop errors iirc. Could you run checkdisk: How to use CHKDSK (Check Disk) | Windows 7 Forums ?

Then download CrystalDiskInfo and let is take a look at the hard drive and post a screenshot here.

oh and the problems seem to never end, because yesterday and today there are issues now with malwarebytes , and i think maybe Comodo is contributing to. For malwarebytes will not update and will not show itself as fully protected. and it reports there is no real time protection and that it can not access the update server. I made a screen print of it and attached it here.
Please make sure that MBAM folders are [url=http://help.comodo.com/topic-72-1-522-6302-Exclusions.html]excluded in CIS[/url] and vice versa. That way they don't bite each other.

Hi, I made a mistake in my reply when I typed eset, I meant Avast. The avast removal tool wants to remove comodo. ! So No I have not run it. afraid to, because I don’t want to remove Comodo, I love comodo. i followed Chiron’s instructions and everything and i spent hrs. setting it up the way it is now!
what do you advise I do?

I Have downloaded crystal disc and will run that.
I Have added MBAM folders to comodos exclusion lists. will see what results come from that.
I Have scheduled a check disc to run on next boot up. ( thanks for the link on how to find that and schedule it in windows 7!)

Something has happened to malwarebytes, the latest scan from malwarebytes shows no data base, and MBAM wants to update data base, but for some reason it can’t or won’t ?? I will see if adding MBAM folders to CIS exclusions helps.
I will post again as soon as possible, if this site will let me, I don’t think it will for 12 hrs.??? why I wonder.

Also add CIS folders to the MBAM exclusions list.

Also follow Chiron’s advice to let Windows check and when needed try to fix it’s self. It’s an important step after you had checkdisk do its magic:

I am having trouble getting windows repair kit fixes Chiron wrote of, to run. Will you type up instructions for me please so i can run those on both Windows 7 64 bit and a windows XP pro V. 2002 with SP 3 32 bit system. ( i would like to run the windows fix on two different computers
: )

Ok, the blue screen events have stopped … for some reason. but hurrah! :slight_smile:
The constant rebooting has stopped, for some reason, but again, hurrah! :slight_smile:
I think we are gaining on the issues! hurrah! :slight_smile:
The printer works also. Hurrah!

Now it seems there is just an issue of Malwarebytes can’t access the update server and that the malwarebytes protection turns itself off regularly ??? that shouldn’t happen.

I don’t see how to put CIS folders into exclusion with MBAM, all i can find is where i can put web sites into exclusions, i don’t think that is what your asking me to do, or is it? … tell me?

I ran a windows check disk, had it scan or repair and do what ever else i could check mark for it to do. it ran for 6 hrs. and ended and i never saw any results…mmm odd? or not? but i was not in front of the monitor when it ended.
I ran crystal disk and attached the results.
Do you see any red flags in any of the attachments? Note the crystal disk results are saved in a open office doc. format. We Don’t have word. sorry.

[attachment deleted by admin]

Please don’t cross post your other problem. It creates confusion.

Did you try: http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html ?

Ok, the blue screen events have stopped .. for some reason. but hurrah! :) The constant rebooting has stopped, for some reason, but again, hurrah! :) I think we are gaining on the issues! hurrah! :)
Blue screens usually don't stop just like that... I am just being cautious.
The printer works also. Hurrah!
Good news. It is an unrelated problem but most likely unrelated to blue screen problem because USB drivers don't run in kernel space.
Now it seems there is just an issue of Malwarebytes[u] can't access the update server[/u] and [u]that the malwarebytes protection turns itself off regularly ???[/u] that shouldn't happen.

I don’t see how to put CIS folders into exclusion with MBAM, all i can find is where i can put web sites into exclusions, i don’t think that is what your asking me to do, or is it? … tell me?

Please see attached image for MBAM exclusions.

I ran a windows check disk, had it scan or repair and do what ever else i could check mark for it to do. it ran for 6 hrs. and ended and i never saw any results.....mmm odd? or not? but i was not in front of the monitor when it ended.
You need to be in front of the monitor to know the result. It is capable of fixing errrors it found. It will tell if it found errors and whether they could be fixed or not. To know run it again while sitting in front of the monitor.

It is not clear to me if checkdisk ran for 6 hrs or that you were 6 hrs away from your computer

I ran crystal disk and attached the results. Do you see any red flags in any of the attachments? Note the crystal disk results are saved in a open office doc. format. We Don't have word. sorry.
Could you post a screenshot of CrystalDisk showing the results for your drive?

I quickly browsed through the other logs you provided. It is not a tool I am familiar with. If you want to have them analyzed please ask the folks at the Geeks To Go Forums. I am troubleshooting with methods I’m familiar with; learning how to properly use an unknown analysis tool is beyound the scope of what can be reasonably expected.

Next times only provide us with information we asked for and nothing more. Also don’t bring in problems from other computers or other programs. The problem with MBAM is likely unrelated to the blue screen problem.

[attachment deleted by admin]

it = that ‘scan disc’ ran for 6 hrs. …not me. The HDD in this troubled computer is 698 GB. so i expect it to take a while.
Attached is the screen print of crystal disc you asked for.

[attachment deleted by admin]

Your disk had some bad sectors reallocated. That’s not necessarily bad but it is worth keeping an eye on the drive in the future. It sometimes can be a sign of a hard drive being on its way to its end. How old is this drive?

There are no pending sectors. Those are the ones that will make Windows hiccup for real when it tries to read data from those sectors. It will try various times to get them read and that will sorta freeze your system.

I would say keep an eye on your disk in the future and check pending sectors and reallocated sectors from time to time.