1.    20 Aug 2017 #1
    Join Date : Apr 2017
    Posts : 19
    Windows 10 64-bit (10586.1045)

    PC running slowly after BSOD, rootkit/malware suspected


    Hi everyone absolute newbie here

    So just this day i was working on my thesis and i had to use a friend's flash drive cause our files were in there, so
    i scanned it thoroughly first with Malwarebytes and Avast, and it showed no viruses.

    But after i finished my work and i started scanning my own computer with AV and aswMBR, aswMBR crashed and i was shown a bluescreen with an error CRITICAL_STRUCTURE_CORRUPTION.
    I had absolutely no clue that it would happen.

    The results with WhoCrashed were:




    On Sun 8/20/2017 3:48:04 PM your computer crashed
    crash dump file: C:\WINDOWS\Minidump\082017-32578-01.dmp
    This was probably caused by the following module: aswmbr.sys (aswMBR+0x1569)
    Bugcheck code: 0xC4 (0xF6, 0x1C8, 0xFFFFE00190B97080, 0xFFFFF801246D1569)
    Error: DRIVER_VERIFIER_DETECTED_VIOLATION
    Bug check description: This is the general bug check code for fatal errors found by Driver Verifier.
    A driver references a user-mode handle as kernel mode. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmbr.sys .
    Google query: aswmbr.sys DRIVER_VERIFIER_DETECTED_VIOLATION

    On Sun 8/20/2017 2:10:10 PM your computer crashed
    crash dump file: C:\WINDOWS\Minidump\082017-23421-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x1429F0)
    Bugcheck code: 0x109 (0xA3A01F59BFF764F1, 0xB3B72BE01278371E, 0xFFFFD00173A8D930, 0x2)
    Error: CRITICAL_STRUCTURE_CORRUPTION
    file path: C:\WINDOWS\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
    This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.

    On Sun 8/20/2017 2:10:10 PM your computer crashed
    crash dump file: C:\WINDOWS\memory.dmp
    This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
    Bugcheck code: 0x109 (0xA3A01F59BFF764F1, 0xB3B72BE01278371E, 0xFFFFD00173A8D930, 0x2)
    Error: CRITICAL_STRUCTURE_CORRUPTION
    Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
    This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.




    So i searched it up and it appeared that the others had rootkits while experiencing the same problem. I checked with FRST,DDS GMER, and RogueKiller on safe mode and GMER had no problems,Roguekiller just detected YTD downloader as an adware but i've been using it for months now and i have no problem with it.
    (FRST logs are attached)
    The thing is i still don't know the cause of that extremely random BSOD cause all i did was write my documents, and i even reinstalled my graphics driver just to be sure.

    So far after the BSOD, everything on my desktop is laggy and slow, refreshing takes 2 seconds, opening files takes 2-5 seconds. but on safe mode everything seems to work fine.

    Any help would be appreciated cause i still don't know everything about these things .
    HUGE thanks. (and sorry if this is on the wrong forum)
      My ComputerSystem Spec
  2.    20 Aug 2017 #2
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 16,921
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    Malwarebytes comes with a rootkit scanner. I believe you have to select the option & then reboot for it to scan.

    Other scanners you could use:

    TDSSKiller

    TDSSKiller is a utility created by Kaspersky Labs that is designed to remove the TDSS rootkit. This rootkit is know under other names such as Rootkit.Win32.TDSS, Tidserv, TDSServ, and Alureon. TDSSKiller will also attempt to remove other rootkits such as the ZeroAccess or ZeroAccess rootkit if it is detected.
    Note   Note
    When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.


    Norton Power Eraser

    This scanner also includes a rootkit scan.

    Other options you could try are a refresh, reset or repair.

    Refresh Windows 10 Windows 10 Installation Upgrade Tutorials

    Reset Windows 10 Windows 10 Installation Upgrade Tutorials

    Repair Install Windows 10 with an In-place Upgrade Windows 10 Installation Upgrade Tutorials
      My ComputerSystem Spec
  3.    20 Aug 2017 #3
    Join Date : Apr 2017
    Posts : 19
    Windows 10 64-bit (10586.1045)
    Thread Starter

    Quote Originally Posted by Borg 386 View Post
    Malwarebytes comes with a rootkit scanner. I believe you have to select the option & then reboot for it to scan.

    Other scanners you could use:

    TDSSKiller



    Note   Note
    When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.


    Norton Power Eraser

    This scanner also includes a rootkit scan.

    Other options you could try are a refresh, reset or repair.

    Refresh Windows 10 Windows 10 Installation Upgrade Tutorials

    Reset Windows 10 Windows 10 Installation Upgrade Tutorials

    Repair Install Windows 10 with an In-place Upgrade Windows 10 Installation Upgrade Tutorials
    Really huge thanks for answering.

    I've ran TDSS killer with TDLFS option checked and MBAM rootkit scanner, nothing.

    Just after i posted this yesterday, i scanned with GMER again, and it "found system modifications caused by rootkit activity", showing two entries highlighted in red, (1) atierss.exe (not sure) tied to AMD External Events Utility, (2) AODDriver2.sys, tied to AMD Overdrive.

    To be honest, i never used Overdrive, cause i figured i shouldnt be overclocking while i still have my warranty. The first one was sketchy.

    I dont know if this is still a rootkit or just malware, cause my system is still SO SLOW. I even uninstalled my gfx driver again just to be sure, yet to no avail.
    I have an mbam log with the rootkit scan if it helps.
    Attachment 149794
    Can you please help me figure this out? I really need this PC for my projects.
    Thanks again.
      My ComputerSystem Spec
  4.    21 Aug 2017 #4
    Join Date : Apr 2017
    Posts : 19
    Windows 10 64-bit (10586.1045)
    Thread Starter

    Can someone help me with this please?
    I seriously need this PC. I am already thinking of refreshing Windows, but i am too busy to reinstall all of my apps and my connection is seriously retarded.

    I've been scanning all day and nothing comes up on mbam, not even a single rootkit. Avast blocked GMER's setting so i cant click on system, sections etc. but it showed a bios64 entry in red.

    I dont know what i should be doing right now.
    Please help me.
      My ComputerSystem Spec
  5.    21 Aug 2017 #5
    Join Date : Jun 2015
    Posts : 12,854
    Windows 10 Pro

    Hi HootenannyMagic,

    You'll want to remove Avast while troubleshooting.

    So i searched it up and it appeared that the others had rootkits while experiencing the same problem. I checked with FRST,DDS GMER, and RogueKiller on safe mode and GMER had no problems,Roguekiller just detected YTD downloader as an adware but i've been using it for months now and i have no problem with it.
    (FRST logs are attached)
    Crashes are usually system specific, searching a BSOD error code shows only what others experienced which may not be the case for you. Out of hundreds of systems I've helped troubleshoot BSOD crashes, only a few were infected by something.
    The point, I doubt you have malware that's causing this.

    Follow BSOD Posting Instructions and upload the zip in your next reply.
      My ComputersSystem Spec
  6.    21 Aug 2017 #6
    Join Date : Apr 2017
    Posts : 19
    Windows 10 64-bit (10586.1045)
    Thread Starter

    Quote Originally Posted by axe0 View Post
    Hi HootenannyMagic,

    You'll want to remove Avast while troubleshooting.


    Crashes are usually system specific, searching a BSOD error code shows only what others experienced which may not be the case for you. Out of hundreds of systems I've helped troubleshoot BSOD crashes, only a few were infected by something.
    The point, I doubt you have malware that's causing this.

    Follow BSOD Posting Instructions and upload the zip in your next reply.
    Hello! huge thanks for answering (sir).
    Sorry i had to prematurely assume that it was a rootkit...but i have the zip attached
    I know disabling Avast's shields arent enough but i dont know...
    I kind of figured it out though...
    I believed i was just too paranoid about the infected flash drive that i scanned with many antimalware/adware up to antirootkits and such, until it kind of interfered with Avast and caused the system to crash (at least thats what i hypothesized).
    Also, due to the paranoia, i have turned on Driver Verifier and forgot to turn it off, causing my pc to crash consequently with all the scanning.
    And i also observed that the BSODs only happened yesterday when i was busy scanning. And almost all of it blames the windows kernel (ntoskrnl.exe and ntkrnlmp.exe), and kwldifoc.sys.
    I still cant form a full conclusion, but i must blame my sudden paranoia.
      My ComputerSystem Spec
  7.    22 Aug 2017 #7
    Join Date : Jun 2015
    Posts : 12,854
    Windows 10 Pro

    You ran multiple rootkit scans from which can be said to be very good. They catch most, not all, rootkits. The chance you get any rootkit they don't/can't catch is very small (relatively spoken) and since the scans did not come with signs of infection I'd say your clean of rootkits.

    Please do the following

    1. Download TFC from: TFC Download
    2. Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
    3. Double-click on the TFC icon.
    4. When the program starts, click on the Start button. TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
    5. When done, press OK to reboot your computer and finish the cleanup.

    (copy/pasted from BleepingComputer)

    Please make sure that you remove Avast, it seems to have caused multiple of the crashes.
      My ComputersSystem Spec
  8.    22 Aug 2017 #8
    Join Date : Jun 2015
    Posts : 12,854
    Windows 10 Pro

    Before I forget, make sure that Windows is fully updated regarding feature updates.
      My ComputersSystem Spec
  9.    22 Aug 2017 #9
    Join Date : Jun 2016
    Posts : 79
    8.1

    OP might want to consider a fresh install without any pirated software and see if they still have the problem ?
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Solved Windows running slowly in specific situations
Over the last few days (since maybe Thursday but definitely Friday) my Win10 machine has been running slowly in certain situations. The programs iTunes, GSAK, and Unreal Tournament 2004 run slowly in general, much slower than my new hardware has...
Performance & Maintenance
Constant Peripheral freezing,suspected USB and/or MoBo issues. No BSOD
The long and the short (I'd appreciate a read-through before deciding this is the wrong place to post) : System Details: Windows 10 Home ver: 1703 Build: 15063.250 CPU: i7-5820K RAM: HYNIX 16GB @2400MHz VGA: NVIDIA GeForce GTX 1060 MoBo:...
Drivers and Hardware
Computer running slowly (possibly because of process 'WmiApSrv.exe'
Hey, Seemingly out of nowhere for the past week my computer's been running very slowly when it comes to low intensity games / browsing. Specifically whenever I open a flash game my browser freezes. And whenever I'm playing WoW and there's like...
Performance & Maintenance
BSOD Whea_Uncorrectable_Error with two suspected culprit files
This thread is closed due to the issue stated being "resolved" (although not through conventional methods). I'm posting a second thread about my issues since I provided the incorrect information on my previous thread regarding this. This time...
BSOD Crashes and Debugging
Windows 10 Running very Slow!! Think I have a Virus or Malware Help!!
Hi, My laptop had been running extremely slow lately and I get all kinds of pop ups! I am running Windows 10 Home and have an HP laptop. I believe I have a virus or malware. I ran malwarebytes and it found nothing. I also have a hijack this log if...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:02.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums