Blue Error Screen - Essexbay & Mchain - PLEASE READ!!!

[koolx]

a while back i couldnt start the service to avast. i then started a thread here to find a solution. someone there named, Essexboy, suggested that i run a program called, 'Windows Repair (all in one)'. i did as he suggested. but after running the prgram, i experienced blue screen errors. i then reformatted and restored a previous backup. but i still get blue screen errors. is it possible that the program couldve flashed my system badly, affecting my hard drive (even after restoring a backup on it) or other component of my laptop?

heres the link to my thread:
http://forum.avast.com/index.php?topic=103349.0;topicseen

also, after restoring a backup on my drive, i still get blue screen errors.

Essexboy or Mchain, if youre reading this, PLEASE inform me what to do.. i'm desperate.

[Pondus]

essexboy is notified 

[essexboy]

No it would not affect the backups, with the blue screen errors I would suspect a driver issue. Windows repair manipulates programmes and permissions and does nothing to the system hardware at all

So if you reformat the drive and install a backup then anything windows repair did was wiped along with the reformat

What is the blue screen error ?
Do you have any minidumps
 

[koolx]

No it would not affect the backups, with the blue screen errors I would suspect a driver issue. Windows repair manipulates programmes and permissions and does nothing to the system hardware at all

So if you reformat the drive and install a backup then anything windows repair did was wiped along with the reformat

What is the blue screen error ?
Do you have any minidumps

hi essexboy.. yes, heres the link to my minidumps.. theyre all there since this all started:

http://dropcanvas.com/g0yhm

[essexboy]

A quick analysis indicates that aswmon2 is one of the culprits.  Now this was a problem on the previous version with XP systems

Initially could you uninstall Avast and see if the Blue screens cease.  As another driver may be involved 

On Thu 9/13/2012 4:32:01 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini091312-03.dmp
This was probably caused by the following module: aswmon2.sys (aswMon2+0xAC7)
Bugcheck code: 0x24 (0x1902FE, 0xFFFFFFFFB9F81574, 0xFFFFFFFFB9F81270, 0xFFFFFFFFBAEAC64A)
Error: NTFS_FILE_SYSTEM
Bug check description: This indicates a problem occurred in the NTFS file system.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmon2.sys .
Google query: aswmon2.sys NTFS_FILE_SYSTEM

On Thu 9/13/2012 4:23:32 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini091312-02.dmp
This was probably caused by the following module: aswmon2.sys (aswMon2+0x7714)
Bugcheck code: 0x1000008E (0xFFFFFFFFC000001D, 0xFFFFFFFFB1763714, 0xFFFFFFFFB15108FF, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmon2.sys .
Google query: aswmon2.sys KERNEL_MODE_EXCEPTION_NOT_HANDLED_M

On Thu 9/13/2012 4:20:38 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini091312-01.dmp
This was probably caused by the following module: Unknown (0x00000000)
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0x0, 0xFFFFFFFFB12DACA0, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: Unknown .
Google query: Unknown KERNEL_MODE_EXCEPTION_NOT_HANDLED_M

On Wed 9/12/2012 9:34:19 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini091212-04.dmp
This was probably caused by the following module: win32k.sys (win32k+0x2B2B5)
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFFBF82B2B5, 0xFFFFFFFFB1823C10, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.

On Wed 9/12/2012 6:15:25 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini091212-03.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x100DD)
Bugcheck code: 0x10000050 (0xFFFFFFFFF05C371C, 0x0, 0xFFFFFFFF804E70DD, 0x2)
Error: CUSTOM_ERROR
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.

On Wed 9/12/2012 2:59:27 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini091212-02.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0xB4F1)
Bugcheck code: 0x100000D1 (0x68850FC0, 0x2, 0x0, 0x68850FC0)
Error: CUSTOM_ERROR
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.

On Sat 9/8/2012 4:26:10 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini090812-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0xB4F1)
Bugcheck code: 0x100000D1 (0x68850FC0, 0x2, 0x0, 0x68850FC0)
Error: CUSTOM_ERROR
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

7 crash dumps have been found and analyzed. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

unknown

aswmon2.sys

[koolx]

A quick analysis indicates that aswmon2 is one of the culprits.  Now this was a problem on the previous version with XP systems

Initially could you uninstall Avast and see if the Blue screens cease.  As another driver may be involved 

7 crash dumps have been found and analyzed. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

unknown

aswmon2.sys

hi essexboy.. i uninstalled avast and restarted my laptop without it. but i still get the same blue error screen. so it looks like the culprit is the other driver. how can i identify and remove this driver?

[essexboy]

We will do a clean boot first this will stop all drivers that are not windows related.  If you do not get the problem on the first reboot then we need to narrow down which driver it is

Step 1:

Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2:

Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.

Now we get to the tedious part,:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present ?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem

[koolx]

We will do a clean boot first this will stop all drivers that are not windows related.  If you do not get the problem on the first reboot then we need to narrow down which driver it is

i did what you asked and the problem persists. also, wheni tried to undo what you asked in the System Configuration Utility, i get the following error:

error loading C:\WINDOWS\system32\gvsirfmt.dll
the specified module cannot be found

and i especially cant check on the 'Use Modified BOOT.INI' feature.. what do i do about this?

[essexboy]

OK that shows me that you appear to have the malware on the backup image

error loading C:\WINDOWS\system32\gvsirfmt.dll
the specified module cannot be found

This is not a good file to have


Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post both logs

[koolx]

OK that shows me that you appear to have the malware on the backup image

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs[/list][/list]

hi essexboy.. the 2 files, OTL.txt and Extras.txt are attached in this post. please take a look at let me know the next steps.

i just want to very importantly add that when i take out my ram stick, i dont get any blue screen error. but when i put it back in, i get the errors. but i dont want to use my laptop without my ram stick.  i wanted you to know this as this may help you assess the issue.

[essexboy]

On completion of this run let me know if the blue screen returns


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {653D0EFF-653E-4B62-BEA0-BF2F909CE969} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1960408961-616249376-839522115-1003\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O20 - AppInit_DLLs: (dyeari.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\ljJDtUml) - File not found
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[koolx]

On completion of this run let me know if the blue screen returns

hi essexboy... i did as you requested.. attached is the log. please review it.. also, i mentioned in my last reply about the ram. can you please tell me whta you think? thank you.

[essexboy]

Didn't see that bit... But now I see it, that is the cause of your problem.. That stick of RAM is bad and needs to be replace

[mchain]

Watching on the sidelines.

[koolx]

Didn't see that bit... But now I see it, that is the cause of your problem.. That stick of RAM is bad and needs to be replace

ok i dont get it.. first you said it was the avast and unknown drivers. now you say its the stick of ram.. so which is it? i'm confused.