BSODs from Hell & Massive Explorer.exe RAM Use

[Appletax]

I'm working on a laptop that's experiencing many varying BSODs. I've always had an extremely difficult time trying to repair BSODs to the point where I don't think I've even repaired a BSOD. I always have to nuke and pave because nothing fixes the problem. With this laptop, I want to invest a lot of my time trying to fix the problem so I can become successful at fixing BSODs.

The customer said she downloaded something from her spam folder on accident, thinking it was related to her utility bill. The computer became slow after this. She was having issues with the BSODs before this incident.

The BSODs are very random and intermittent. At this point I can only login using SafeMode. I ran Malwarebytes overnight and the system didn't BSOD. I tried removing a piece of software and it did BSOD. There's no pattern.

Another issue is that the explorer.exe is always growing. I've seen it reach 1.5 GB+ in a few minutes.
When I double click on my flash drive in Computer to open it, I get this error message: "G:\ Application not found." I can open it from the Computer listed on the left pane.

Maybe there's a leaky driver that's corrupting the OS?

Here's the dump files:
http://www.technibble.com/forums/attachment.php?attachmentid=3549&stc=1&d=1389977321

Specs:
- HP G6-1c59nr
- Windows 7 x64
- AMD E-450 APU


Here's the list of almost all the things I've done:

- Checked the list of Windows updates that were installed down to when the blue screens started. No drivers were installed - just Windows updates.
- Defragmented the hard drive
- Ran check disk

- Virus removal using: Avast and SuperAntiSpyware while the hard drive was connected to my laptop with a USB-to-HDD cable, & manual removal.
Had a few pieces of malware, including:
. Removed BackgroundContainer.dll & startup task that came with Conduit

- Ran system file checker to verify and fix the Windows files - no problems detected
- Tune up w/ CCleaner
- Swapped RAM w/ known good - tried in other RAM slot
- Removed AVG w/ AVG Uninstaller x86 and x64 & ran Norton removal tool
- Ran Complete Internet Repair
- Ran Microsoft Fix It

- Enabled Windows Installer Service in Safe Mode to allow new drivers to be installed
. Uninstalled old drivers & reinstalled new using drivers from manufacturer's sites for: graphics, card reader, wireless, ethernet, audio, touchpad
. Tried to use SlimDrivers, but I always get a loading failure message.
. Manually updated the AMD SATA Controller driver using the newest drivers (from Softpedia)

- Ran the verifier program to check for issues with drivers - blue screen when restarting
- Checked SMART status of the hard drive: Good
- Hardware monitor reports these temperatures: CPU - 55 celcius, GPU - 51 celcius, HDD - 37 celcius... normal temps
- Blew air through the cooling system to reduce dust buildup
- Disabled & re-enabled intelppm.sys driver
- Deleted a leftover AVG driver
- Ran Hijack This and fixed some suspicious files

 

[AndyM]

Do you have access to MSDart? If so, you could create a boot disc, and use that to interrogate the BSOD.

Andy

 

[smashedbotatos]

Granted this won't cause explorer.exe to grow, but have you tested RAM?

Otherwise, there could be a toolbar or something running that is causing a memory leak.

I have seen a few different tool bars that cause this issue.
Dell
Lexmark
Lenovo
Toshiba
All the tool bars are just manufacturer junk-ware.

 

[Porthos]

- Virus removal using: Avast and SuperAntiSpyware while the hard drive was connected to my laptop with a USB-to-HDD cable, & manual removal.
Had a few pieces of malware, including:
. Removed BackgroundContainer.dll & startup task that came with Conduit

Im smelling rootkit. Run malwarebytes anti-rootkit.

 

[Appletax]

Granted this won't cause explorer.exe to grow, but have you tested RAM?

Otherwise, there could be a toolbar or something running that is causing a memory leak.

I have seen a few different tool bars that cause this issue.
Dell
Lexmark
Lenovo
Toshiba
All the tool bars are just manufacturer junk-ware.

Testing RAM is slow, so I just swapped it out with another stick. Didn't change a thing. I removed all the junk programs/toolbars. I couldn't uninstall the Keybar Toolbar because the uninstaller interface was messed up. I selected it in Hijack This and it went away. All the programs listed as installed look normal.

 

[tek9]

Sounds like a rootkit or malware to me.
Try running TDSSKiller, MalwareBytes anti-rootkit and other such software while the drive is slaved to your machine.
Try running some other offline anti-virus engines on it. Kaspersky, ESET etc.
Run a full HDD test in Seatools or Parted Magic and such to check the health of the HDD. SMART doesn't really tell much.

 

[ohio_grad_06]

See if you can google the stop code, that should give an idea. Also, if it was me, I'm thinking she may have something deep in there you can't see. Get a bootable cd of some kind and scan it that way, maybe Kaspersky rescue disc(I think that's still free), I believe avg and others have similar things. I'd try that. Use rogue killer on it also. But I'd start out with....

RogueKiller
ADWCleaner
JRT
Scan from bootable cd of some type if it still continues, and then finish with your normal tools. Uninstall all but one av, use gsmart control to do a quick test on hard drive, memtest on ram.

 

[Appletax]

Im smelling rootkit. Run malwarebytes anti-rootkit.

1st time it BSOD'd
2nd time: "Scan Finished: No malware found!"
I'll try another antirootkit program....

 

[Appletax]

Sounds like a rootkit or malware to me.
Try running TDSSKiller, MalwareBytes anti-rootkit and other such software while the drive is slaved to your machine.
Try running some other offline anti-virus engines on it. Kaspersky, ESET etc.
Run a full HDD test in Seatools or Parted Magic and such to check the health of the HDD. SMART doesn't really tell much.

Ran TDSSKiller. 1st time I went into a BSOD loop. 2nd time it found rootkit.boot.cidox.b!! Interesting, this is the first time I've found anything with this program.

I'll be damned, I'm able to boot into Windows the regular way for the first time in awhile. In the beginning. BSODs were intermittent with the normal boot, but since yesterday, I always got them.

I won't be surprised to see more BSODs. I am creating a SARDU boot CD w/ several antivirus boot discs to scan for more malware. I'll continue giving it a tune up and using it to see if it's cured.

Right now I'm waiting for the desktop to load. It's much slower than normal. I just got a popup asking for permission for Kaspersky to run. I think it needed to finish curing the rootkit.

Will report back later

 

[NYJimbo]

With this laptop, I want to invest a lot of my time trying to fix the problem so I can become successful at fixing BSODs.

Just remember that sometimes no matter how hard you work at it, some BSOD's cannot be fixed. Every now and then I get one that no matter what you do, even if you try EVERYTHING you cant fix it and you just wasted a lot of time.

Good luck, but don't kill yourself over one machine.

 

[ohio_grad_06]

If you need to, pull the drive, slave it to a bench machine and just start running the scans that way. I've done this using a hard drive dock before(3 scans running the drive started getting hot--fixed that by using a desk fan on high pointed right on the drive--so I rigged that but it worked lol).

 

[kisk]

Also make sure the MBR is standard with MBRCheck. If its not, first boot into recovery and reset the MBR in cmd prompt with "bootrec /fixmbr".

Then follow up (and I'm not sure why nobody has mentioned this) with a rescan using Combofix, then MBAR, then whatever other AV apps feel you should use. Rootkit infections will definitely cause BSODs, not to mention a major performance hit.

 

[lcoughey]

Perhaps I missed it, but at what point did you test the backup or make a full backup of the data on the drive? Am I to assume that there is no valuable data on the drive?

I sense that you have spent countless hours on this. Would it not have been cheaper to simply put in a new hard drive, re-load the OS and apps and then restore the client's data from the original drive?

If it is a hardware issue, the new OS install won't complete, helping you direct your attention further on hardware. If the OS and app install goes without a hitch, you know that the issue is with the hard drive and/or the file system.

 

[ComputerRepairTech]

If it is a hardware issue, the new OS install won't complete, helping you direct your attention further on hardware.

 

[lcoughey]

Are you suggesting that my comment is somewhat confusing? Now that I read it, I would have to agree.

"Install windows on a new drive. If it works with no issues, then you know that the original problem is hardware. If it doesn't work, the issue has to be the original hard drive and/or file system."

That make any more sense or am I digging myself into a hole?

 

[Mokester]

Think you meant if there still is issues with new drive, then there is a hardware problem. If not, then the problem was with the software or hard drive.

I understand the OP desire to expand their knowledge and skills, but I agree with the other poster...sometimes its just a big time sink. Its not about validating your skills, its about being efficient.

But if you havethe time on your hands and the customer away on vacay or something and you're not charging her for the 'training time' over a simple nuke and pave....well...swing away!

Are you suggesting that my comment is somewhat confusing? Now that I read it, I would have to agree.

"Install windows on a new drive. If it works with no issues, then you know that the original problem is hardware. If it doesn't work, the issue has to be the original hard drive and/or file system."

That make any more sense or am I digging myself into a hole?

 

[Appletax]

Just remember that sometimes no matter how hard you work at it, some BSOD's cannot be fixed. Every now and then I get one that no matter what you do, even if you try EVERYTHING you cant fix it and you just wasted a lot of time.

Good luck, but don't kill yourself over one machine.

Thanks for the advice. I know it's super frowned upon to nuke a machine without putting in a lot of effort so I am just trying to be a good tech

 

[B Trevathan]

I know it's super frowned upon to nuke a machine without putting in a lot of effort so I am just trying to be a good tech

I think it is only "super frowned upon" when that is all a person seems to do in just about every case, they don't try to fix anything differently, it seems they get set in the way they do things and already have their mind made up a N&P is the best way and they don't even try most of the advise they get in the replies. I think if you have the opportunity to learn different ways then you should, it will be better for you in the long run.

In some cases a N&P will be the best thing to do, of course it wouldn't be if there are hardware problems. That is where doing good diagnostics first comes in handy. N&P has been discussed on here over and over and everyone has their own opinion.

When I see many different and randomly timed BSODs my first thought is malware, what offline AV scans did you run with the SARDU boot CD you created, have you tried HitmanPro.Kickstart? I wouldn't rely on programs run inside of windoze to remove rootkits, that being said have you run aswMBR or GMER or ComboFix? Did you scan the MBR and check all the partitions offline?

 

[Appletax]

When I see many different and randomly timed BSODs my first thought is malware, what offline AV scans did you run with the SARDU boot CD you created, have you tried HitmanPro.Kickstart? I wouldn't rely on programs run inside of windoze to remove rootkits, that being said have you run aswMBR or GMER or ComboFix? Did you scan the MBR and check all the partitions offline?

The laptop has not given a single BSOD since I removed that rootkit. I finished its tune up and it works like new now

Thank you everyone for the advice. I may still be working on this system had I not talked to someone else about the problem because you can't always find a solution using Google.