[emeraldnzl]

Hello again Slash12a,

I don't think there is a malware problem there.

Here is a link that tells you about Nonpaged Pool memory. Lot to take in but it is good information if you take it slowly and work your way through it may help you.

http://blogs.technet...26/3211216.aspx

If after that you still want help you should start a new topic in our technical section here explaining the problem. Tell them you have been here and also PM me to say that you are opening the topic and I will alert our tech people that it is there.

Now

We have a couple of last steps to perform and then you're all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

• Go to Start > Programs > Accessories and click on Run
• Copy and paste the the bolded text below in the box then hit OK
  
  Combofix /Uninstall
  
  

Step 2

• Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if unistalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

• Download Java for Windows
  
  Reboot your computer.
  You also need to unininstall older versions of Java.
  
• Click Start > Control Panel > Add or Remove Programs
• Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

• If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.
  
  * Click Start > Control Panel > System and Security > Windows Update
  * Under Windows Update click on Turn automatic updating on or off
  * Check items shown to ensure you receive updates automatically. Click OK.
  
  And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  
• Malwarebytes
• SuperAntiSpyWare

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

[Advertisements]

Alright, thanks for the suggestions. My computer has suddenly started BSOD'ing fairly frequently now too, about once a day. For some reason. I don't think it's Malware related though, so probably not for this discussion. Thank you for the links, I'll continue to look into the RAM problem and the BSODs and try to figure out what's going on and if they're related. Thanks for all the support.

[Slash12a]

Alright, thanks for the suggestions. My computer has suddenly started BSOD'ing fairly frequently now too, about once a day. For some reason. I don't think it's Malware related though, so probably not for this discussion. Thank you for the links, I'll continue to look into the RAM problem and the BSODs and try to figure out what's going on and if they're related. Thanks for all the support.

[emeraldnzl]

Hi Slash12a,

What's the error message you are getting with the BSOD's?

[Slash12a]

I downloaded BlueScreenView to read the crash dump files. It gives an HTML readout for all the BSODs, apparently I can't attach any files to this post, but I guess I can put the HTML code here and you can throw it in a text file and save it as html or something, it just organizes everything and gives you all the information. The main problems seem to be 'MEMORY_MANAGEMENT.' Problem flagged files are always 'ntoskrnl.exe' and sometimes 'hal.dll' and 'fltmgr.sys'

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html><head><title>Crash List</title></head>
<body>
 <h3>Crash List</h3>
<br><h4>Created by using <a href="http://www.nirsoft.net/" target="newwin">BlueScreenView</a></h4><p><table border="1" cellpadding="5"><tr bgcolor="E0E0E0">
<th>Dump File
<th>Crash Time
<th>Bug Check String
<th>Bug Check Code
<th>Parameter 1
<th>Parameter 2
<th>Parameter 3
<th>Parameter 4
<th>Caused By Driver
<th>Caused By Address
<th>File Description
<th>Product Name
<th>Company
<th>File Version
<th>Processor
<th>Crash Address
<th>Stack Address 1
<th>Stack Address 2
<th>Stack Address 3
<th>Computer Name
<th>Full Path
<th>Processors Count
<th>Major Version
<th>Minor Version
<th>Dump File Size
<tr><td bgcolor=#FFFFFF nowrap>102512-18922-01.dmp<td bgcolor=#FFFFFF nowrap>10/25/2012 5:42:20 PM<td bgcolor=#FFFFFF nowrap>MEMORY_MANAGEMENT<td bgcolor=#FFFFFF nowrap>0x0000001a<td bgcolor=#FFFFFF nowrap>00000000`00041201<td bgcolor=#FFFFFF nowrap>fffff680`0002bfa0<td bgcolor=#FFFFFF nowrap>feb00002`a41a6867<td bgcolor=#FFFFFF nowrap>fffffa80`0ddeb9b0<td bgcolor=#FFFFFF nowrap>ntoskrnl.exe<td bgcolor=#FFFFFF nowrap>ntoskrnl.exe+7efc0<td bgcolor=#FFFFFF nowrap>NT Kernel &amp; System<td bgcolor=#FFFFFF nowrap>Microsoft® Windows® Operating System<td bgcolor=#FFFFFF nowrap>Microsoft Corporation<td bgcolor=#FFFFFF nowrap>6.1.7601.17944 (win7sp1_gdr.120830-0333)<td bgcolor=#FFFFFF nowrap>x64<td bgcolor=#FFFFFF nowrap>ntoskrnl.exe+7efc0<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>C:\Windows\Minidump\102512-18922-01.dmp<td bgcolor=#FFFFFF nowrap>8<td bgcolor=#FFFFFF nowrap>15<td bgcolor=#FFFFFF nowrap>7601<td bgcolor=#FFFFFF nowrap>287,704
<tr><td bgcolor=#FFFFFF nowrap>102512-27034-01.dmp<td bgcolor=#FFFFFF nowrap>10/25/2012 5:08:40 AM<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>0x00000124<td bgcolor=#FFFFFF nowrap>00000000`00000000<td bgcolor=#FFFFFF nowrap>fffffa80`0ba50028<td bgcolor=#FFFFFF nowrap>00000000`ba000000<td bgcolor=#FFFFFF nowrap>00000000`00400405<td bgcolor=#FFFFFF nowrap>hal.dll<td bgcolor=#FFFFFF nowrap>hal.dll+12a3b<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>x64<td bgcolor=#FFFFFF nowrap>ntoskrnl.exe+7efc0<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>C:\Windows\Minidump\102512-27034-01.dmp<td bgcolor=#FFFFFF nowrap>8<td bgcolor=#FFFFFF nowrap>15<td bgcolor=#FFFFFF nowrap>7601<td bgcolor=#FFFFFF nowrap>290,888
<tr><td bgcolor=#FFFFFF nowrap>102312-25786-01.dmp<td bgcolor=#FFFFFF nowrap>10/23/2012 3:43:01 AM<td bgcolor=#FFFFFF nowrap>ATTEMPTED_WRITE_TO_READONLY_MEMORY<td bgcolor=#FFFFFF nowrap>0x000000be<td bgcolor=#FFFFFF nowrap>fffff8a0`0dadbd48<td bgcolor=#FFFFFF nowrap>80000002`de0d4101<td bgcolor=#FFFFFF nowrap>fffff880`03538980<td bgcolor=#FFFFFF nowrap>00000000`0000000b<td bgcolor=#FFFFFF nowrap>fltmgr.sys<td bgcolor=#FFFFFF nowrap>fltmgr.sys+25377<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>x64<td bgcolor=#FFFFFF nowrap>ntoskrnl.exe+7efc0<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>C:\Windows\Minidump\102312-25786-01.dmp<td bgcolor=#FFFFFF nowrap>8<td bgcolor=#FFFFFF nowrap>15<td bgcolor=#FFFFFF nowrap>7601<td bgcolor=#FFFFFF nowrap>290,888
<tr><td bgcolor=#FFFFFF nowrap>102212-18782-01.dmp<td bgcolor=#FFFFFF nowrap>10/22/2012 4:25:28 PM<td bgcolor=#FFFFFF nowrap>MEMORY_MANAGEMENT<td bgcolor=#FFFFFF nowrap>0x0000001a<td bgcolor=#FFFFFF nowrap>00000000`00041201<td bgcolor=#FFFFFF nowrap>fffff680`00021fb8<td bgcolor=#FFFFFF nowrap>ec600002`a4373867<td bgcolor=#FFFFFF nowrap>fffffa80`0e140920<td bgcolor=#FFFFFF nowrap>ntoskrnl.exe<td bgcolor=#FFFFFF nowrap>ntoskrnl.exe+7efc0<td bgcolor=#FFFFFF nowrap>NT Kernel &amp; System<td bgcolor=#FFFFFF nowrap>Microsoft® Windows® Operating System<td bgcolor=#FFFFFF nowrap>Microsoft Corporation<td bgcolor=#FFFFFF nowrap>6.1.7601.17944 (win7sp1_gdr.120830-0333)<td bgcolor=#FFFFFF nowrap>x64<td bgcolor=#FFFFFF nowrap>ntoskrnl.exe+7efc0<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>C:\Windows\Minidump\102212-18782-01.dmp<td bgcolor=#FFFFFF nowrap>8<td bgcolor=#FFFFFF nowrap>15<td bgcolor=#FFFFFF nowrap>7601<td bgcolor=#FFFFFF nowrap>288,032
<tr><td bgcolor=#FFFFFF nowrap>102212-17612-01.dmp<td bgcolor=#FFFFFF nowrap>10/22/2012 1:28:47 AM<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>0x00000124<td bgcolor=#FFFFFF nowrap>00000000`00000000<td bgcolor=#FFFFFF nowrap>fffffa80`0bae7028<td bgcolor=#FFFFFF nowrap>00000000`ba000000<td bgcolor=#FFFFFF nowrap>00000000`00400405<td bgcolor=#FFFFFF nowrap>hal.dll<td bgcolor=#FFFFFF nowrap>hal.dll+12a3b<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>x64<td bgcolor=#FFFFFF nowrap>ntoskrnl.exe+7efc0<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>&nbsp;<td bgcolor=#FFFFFF nowrap>C:\Windows\Minidump\102212-17612-01.dmp<td bgcolor=#FFFFFF nowrap>8<td bgcolor=#FFFFFF nowrap>15<td bgcolor=#FFFFFF nowrap>7601<td bgcolor=#FFFFFF nowrap>290,888
</table>

</body></html>

Edited by Slash12a, 26 October 2012 - 01:58 PM.

[emeraldnzl]

Hello Slash12a,

Memory Management is not my area of expertise.

However before you go to the Tech section let's just check one thing. There can be BSOD problems left over from a particular nasty infection. I don't think this is what has caused your machines symptoms but we best just make sure.

For this check we want to get some Boot Configuration Data:

To do this restart your computer tapping F10, you should find yourself at a black screen showing Edit Boot Options at the top.

Write down what you see in the bit between the brackets.

Hit Esc and then Enter to finish booting your computer up.

Post the information back here.

[Slash12a]

I do not see an option to edit boot options at the top. I boot off an Alienware version of windows so it might be slightly different than the normal version of Windows 7. When Pressing F10 I get brought to a systems diagnostics menu. F12 goes to boot options but that just asks where to boot from, F2 brings to system settings.

I did however run a memory test on my system, and when doing the 'WCMch Test' it gave me a Memory Compare Error. I'm still unsure as to what that means though. I did not see anything between brackets to give you, not sure what you're looking for.

[emeraldnzl]

I do not see an option to edit boot options at the top.

Try this:

Go to Start > All Programs > Accessories, right click on Command Prompt and click on Run as administrator.

Type bcdedit and hit Enter

Click on the little black command prompt icon top left of the Command Prompt window > Edit > Mark and drag the curser over the dialogue. Click the icon top left again > Edit > Copy.

Type exit to leave the Command prompt window.

Save to notepad

Copy and paste back here.

[Slash12a]

Here you go:

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {3be741c8-e3bd-11e0-8c9c-a185271156ac}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {3be741ca-e3bd-11e0-8c9c-a185271156ac}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {3be741c8-e3bd-11e0-8c9c-a185271156ac}
nx OptIn

[emeraldnzl]

The part I wanted to check is correct.

One thought occurred to me. Your machine is not overheating is it? Could explain symptoms.

http://lifehacker.co...y-its-important

[Slash12a]

That was one of my first thoughts too. I opened it up and cleaned all the dust out of the fans and everything, it was the first time I've done it since owning the computer though. I don't think that it's overheating. I downloaded a program to track the temperature of everything just now (Right after BSOD) and everything is around 40-50C, Highest thing being one of my graphics cards at 68 which doesn't seem horrible.

The BSODs seem to be getting more frequent now though, I've gotten 2 within the last 6 hours with different reasons for both. I guess I should try starting something on the tech forums. I'm almost to the point of reformatting or just building a whole new computer.

[emeraldnzl]

I am consulting on this to see if anyone on the staff has any ideas.

Might be a while as we all work in different time zones but I will get back to you one way or another within 24hours.

[Slash12a]

That'd be fantastic. I really appreciate all of your help and it'd be awesome if I could find a way to fix it that doesn't involve scrapping my computer haha.

If it's any help my last two BSODs were 'DRIVER_IRQL_NOT_LESS_OR_EQUAL' (Flagged 'ntoskrnl.exe+253d0' and 'USBPORT.SYS+fbad') the other was PFN_LIST_CORRUPT (Flagged 'mfehidk.sys+82d00' and 'ntoskrnl.exe+1050ec')

[emeraldnzl]

Hello again Slash12a,

While we are waiting I wonder if you might try something for me. On looking back on this thread I notice that McAfee Firewall is on and you appear to have Windows Defender/Windows Firewall (both have been indicated in different scans) enabled as well. If that is correct there will be conflict.

Go to Control Panel > System and Security > Windows Firewall > Check firewall status and on the left panel click Turn Windows Firewall on or off

• In the window that opens check the Turn off Windows Firewall (not recommended) items.
  
• Click OK.

Next

How to turn Windows Defender on or off

1. Open Windows Defender by clicking the Start button , clicking All Programs, and then clicking Windows Defender.

2. Click Tools, and then click Options.

3. Under Administrator options, select or clear the Use Windows Defender check box, and then click Save.

Administrator permission required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Try your computer after that. See how it goes and report back.

[Slash12a]

Strange, Windows Firewall says that it's being managed by McAfee, so it doesn't even give the option to turn it on or off, but I assume it's off because of McAfee. I assumed the same would be true for windows Defender but it turns out it wasn't, so I disabled that as well. I also found that my Nvidia control panel wasn't working and there were new drivers out for my card so I updated those. So far things seem smoother but it's only been a few hours. I'll have to see when happens through tomorrow.

I also played some games and noticed that my graphics cards are getting up to 77C and 84C respectively, which seems like it's on the high end. CPU is still in the mid 60s though. Might look into trying to get my graphics cards to fan more because even at 84C its only using 63% fan power.

Edited by Slash12a, 27 October 2012 - 03:37 AM.

[emeraldnzl]

I'll have to see when happens through tomorrow.

Look forward to hearing how it goes.