Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I had a blue screen of death


  • This topic is locked This topic is locked
11 replies to this topic

#1 AceofSpadesX

AceofSpadesX

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:07:38 AM

Posted 04 January 2009 - 02:21 PM

Hi, pardon me for the lack of proper introductions and skip to the problem.

I have an Acer Aspire 4920G which i bought from my local school. It is configured to the school's settings and consists of files that are of great importance. Thus, my reluctance to try anything myself.

I was recently playing a game (Atlantica Online if you must know) when all of a sudden a blue screen appeared.

It lasted for a short 15secs or so, and then my laptop restarted.

I didn't managed to catch the details of the blue screen but it has affected my computer's performance to a certain extent.

It has also dropped the reliability of my system.

I have 6 different anti-virus / malware programmes running on my computer.

They are :

Spybot : Search and Destroy
Ad-Aware 2008
Malware-bytes
Threatfire
Symantec Antivirus
Windows Defender

I do regularly maintain my laptop by updating all 6 virus scanners and scanning my computer regularly. I do also download the latest windows updates.

I have tried un-installing the game and re-installing.

I have tried scanning my system with all 6 virus scanners and the results are clean.

So this is my HijackThis logfile.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:31 AM, on 5/1/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Republic Poly\UTClient\UTAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myrp.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ISA-Firewall.rp.sg:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-513554830-4007018817-501386850-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Admin')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: install.lnk = C:\Windows\Temp\setup.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: UTAgent.lnk = C:\Program Files\Republic Poly\UTClient\UTAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 13234 bytes







Just to provide you with more resources, here's my DDS logfile too.





DDS (Version 1.1.0) - NTFSx86
Run by 86392 at 2:37:35.84 on Mon 05/01/2009
Internet Explorer: 7.0.6000.16764
Microsoft® Windows Vista™ Enterprise 6.0.6000.0.1252.65.1033.18.3070.1454 [GMT 8:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Republic Poly\UTClient\UTAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\86392\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://myrp.sg
uInternet Settings,ProxyServer = ISA-Firewall.rp.sg:8080
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [eRecoveryService]
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\install.lnk - c:\windows\temp\setup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\utagent.lnk - c:\program files\republic poly\utclient\UTAgent.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-4-4 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-4-2 35712]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-11-18 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-11-18 39200]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-3-28 26624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
R3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2008-6-16 17408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-11-18 33056]
R4 FwcAgent;Firewall Client Agent;c:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]
R4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
R4 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-11-18 80744]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]

=============== Created Last 30 ================

2009-01-05 02:10 <DIR> --d----- c:\program files\Trend Micro
2009-01-05 01:48 506,368 a------- c:\windows\system32\msxml.dll
2009-01-05 01:48 <DIR> --d----- c:\programdata\Google
2009-01-04 00:12 354,339,491 a------- c:\windows\MEMORY.DMP
2008-12-20 11:13 1,383,424 a------- c:\windows\system32\mshtml.tlb
2008-12-18 16:02 <DIR> --d----- c:\program files\Lavasoft
2008-12-18 16:02 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-18 02:55 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-18 02:55 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-18 02:54 <DIR> --d----- c:\program files\iPod
2008-12-18 02:54 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 02:54 <DIR> --d----- c:\program files\iTunes
2008-12-18 02:54 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 02:52 <DIR> --d----- c:\program files\Bonjour
2008-12-11 15:22 <DIR> --d----- c:\users\86392\appdata\roaming\FastStone
2008-12-10 19:35 297,472 a------- c:\windows\system32\gdi32.dll
2008-12-10 19:34 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-10 19:34 1,687,040 a------- c:\windows\system32\gameux.dll
2008-12-10 19:34 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-10 19:32 2,048 a------- c:\windows\system32\tzres.dll
2008-12-10 19:30 2,923,520 a------- c:\windows\explorer.exe
2008-12-10 19:28 98,816 a------- c:\windows\system32\mfps.dll
2008-12-10 19:28 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-10 19:28 94,720 a------- c:\windows\system32\logagent.exe
2008-12-10 19:28 52,736 a------- c:\windows\system32\rrinstaller.exe
2008-12-10 19:28 2,855,424 a------- c:\windows\system32\mf.dll
2008-12-08 22:31 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2008-12-18 02:51 86,016 a------- c:\windows\inf\infstor.dat
2008-12-18 02:51 51,200 a------- c:\windows\inf\infpub.dat
2008-12-18 02:51 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-10 19:51 174 a--sh--- c:\program files\desktop.ini
2008-12-03 19:52 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 19:52 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-18 04:05 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2008-11-18 04:05 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2008-11-18 04:05 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2008-11-18 04:05 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2008-11-07 14:23 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-11-01 11:33 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 11:33 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 11:33 537,600 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 11:33 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 11:33 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-11-01 07:23 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-22 11:43 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-10-22 11:43 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-10-22 11:43 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-10-21 13:16 1,645,568 a------- c:\windows\system32\connect.dll
2008-10-16 12:40 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 12:40 56,320 a------- c:\windows\system32\iesetup.dll
2008-10-16 12:40 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-09-15 21:17 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-06-22 22:44 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-22 22:44 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-22 22:44 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-09-15 10:15 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008090120080908\index.dat
2008-09-22 10:15 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008091520080922\index.dat
2008-09-22 10:15 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008092220080923\index.dat

============= FINISH: 2:38:31.52 ===============



The game works fine for my brother's laptop which is also an Acer.

So please let me know what I can do to clean my laptop up so as to achieve maximum performance.

and on a side note, is my situation as descirbed above a software or hardware related issue?

Last but not least, your efforts on my dilema is greatly appreciated. =)

Attached Files


Bill Gates is a very rich man today... and do you want to know why? The answer is one word : versions. - Dave Barry

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:38 AM

Posted 17 January 2009 - 09:31 AM

Hi AdrielC,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Looking at your logs I don't see anything suspicious. Most probably your problem is not malware related. The first thing I think of is conflicting software.
I see both Windows Defender and ThreatFire are running at the same time. You might choose to run one of them. Windows Defender looks to me a better choice.

The second thing catches my eyes is running (unneeded) applications at startup. Most of them do not need to run at startup since they prolong the boot time and use CPU and memory resources without doing anything most of the time.

But we can take a look of some logs to see if there is anything I can spot.
  • You have attached the same DDS log that you have copied and pasted. Please attach or copy and paste the attach.txt

  • When the computer crashes after restart the system makes dump files (Minixxxxx.dmp where x represent a number). I need to see the file to find the cause of the crash.

    • Use Windows Advanced Search to find the file, to do that:
    • Press the Windows Key + F to open Advanced Search window.
    • On the right side of open window click on the drop down arrow by Advanced Search.
    • Click on the drop down arrow to the right of Location and select Computer.
    • Put a checkmark next to the Include non-indexed, hidden, and system files box.
    • On the right side in the Name field, type in mimi*.dmp to search for and click search.
  • Zip the file and attach the it to your reply. To attach the file:
    • When you press the ADDREPLY, under the reply window press Browse... show the path to the zip-file on your computer:
    • Highlight the zip-file and click Open then press the green UPLOAD button.
    Alternatively, instead of zipping and attaching, you can upload the file to the following site and give me the link to the file:
    http://www.mediafire.com/

    Note: The old mini dump files might have already been removed and you have to wait for the next crash and find the file before using cleanup utilities.


#3 AceofSpadesX

AceofSpadesX
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:07:38 AM

Posted 17 January 2009 - 12:46 PM

Hi Farbar,

I have attached the file that you needed. I appreaciate your help sincerely. I cannot attach the minidump file as it says I dun have the rights to access it. However title is as follows, "Mini010409-01". I hope that helps in your analysis. =)

Best Regards,
Adriel

Attached Files


Bill Gates is a very rich man today... and do you want to know why? The answer is one word : versions. - Dave Barry

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:38 AM

Posted 17 January 2009 - 02:08 PM

Adriel,

There is actually not much to say. The computer is still set to get through the school server and ISP. The system is build up by an administrator who has right to make major changes to the system. That is the reason you can't even make a copy of mini dump file. Therefore we can't do much about it. Even the tools we use to scan and make changes need administrators permission to do that.

If you also take a look at the errors on the event logs, they are mostly related to the permission and administrative privileges.

The only resolution for the problem is to reformat and reinstall a system you have adminostative right to do what you want with the system.

But for now:
  • You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ 6 Update 5
    Java™ 6 Update 7


    Additional instructions can be found here if needed.

    Java™ 6 Update 5
    Java™ 6 Update 7

  • Since there is no possibility of checking mini dump file, based on just experience I recommend you to disable ThreatFire for a while and see how it goes.

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.
Do you have any question before closing the topic?

#5 AceofSpadesX

AceofSpadesX
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:07:38 AM

Posted 18 January 2009 - 12:42 PM

Hey Farbar,

First of all, I sincerely thank you for all your tips and advices. Seeing that my system has stablised and all, I guess everything's pretty much back to normal. However, are there any tips you can offer me to help keep my system performing to its best? Also, if I would to go to my school's computer helpdesk, is there anything in particular that I should mention if I want to get the full administrator rights? P.S my school's helpdesk isn't so IT advanced and I am not so IT savy. =) btw, I already have the CCleaner and Auslogistics Defragmenter. Once again, Thanks =)

Best Regards,
Adriel
Bill Gates is a very rich man today... and do you want to know why? The answer is one word : versions. - Dave Barry

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:38 AM

Posted 18 January 2009 - 02:47 PM

You are very welcome Adriel.

I think the help desk could take a look at the mini dump file. If they give you administrative privileges we could take a look at the computer deeply.

You ask what to do to better the performance. I see a long list of 04 entries. They are applications that start up with windows.

NOT REQUIRED ITEMS: The following programs could be run on demand. You may run them when you need them by (double)clicking on the program shortcut. They do not need to run at startup since they prolong the boot time and use CPU and memory resources without doing anything most of the time. You may also consult Bleeping Computer Startup Programs Database and decide for yourself.

The items with [N] not needed to run at startup . The items with [U] are not needed unless the user use them frequently:

[N] O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
[U] O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
[N] O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[U] O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
[U] O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[U] O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
[N] O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[N] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[U] O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
[N] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[U] O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[U] O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[U] O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
[U] O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

This one I don't know:

O4 - Global Startup: install.lnk = C:\Windows\Temp\setup.exe

(If you decided to remove the entry go to Start -> all Programs -> Startup -> delete install. By doing this you delete the shortcut. The actual file is here: C:\Windows\Temp\setup.exe , it eventually will be deleted when you use CCleaner.)

The best way is to try first to configure those programs not to start up with Windows. You can install an application handling startup entries to disable the entries you can't disable from program options.

Good applications handling startup entries:

1. Startup Inspector for Windows for both novice and expert user: http://www.windowsstartup.com/startupinspector.php : It helps manage Windows® startup applications.

2. Startup Control Panel with easier interface than Autoruns: http://www.mlin.net/StartupCPL.shtml

4. Autoruns for more advanced users:http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx


Do you have any question?

#7 AceofSpadesX

AceofSpadesX
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:07:38 AM

Posted 20 January 2009 - 04:04 PM

Hey Farbar,

I've done the things you have stated in the previous post, however, I am working to get my school's helpdesk to give me full administrator rights. In the meantime, I hope you would not close this topic as of yet and I will post the details of the minidump asap which probably looks like it will be on this coming friday. I sincerely appreciate your patience in helping me improve my computer's system. =)

Best Regards,
Adriel
Bill Gates is a very rich man today... and do you want to know why? The answer is one word : versions. - Dave Barry

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:38 AM

Posted 20 January 2009 - 04:20 PM

We are in no harry Adriel and I'll keep the topic open. Just let me know if took too long.

#9 AceofSpadesX

AceofSpadesX
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:07:38 AM

Posted 23 January 2009 - 06:44 AM

Hi farbar,

I've got the information that you wanted. However, I do have some rather unfortunate news. Just yesterday, I experienced a 2nd Blue screen. The only thing I managed to catch was something to do with my display driver. Some useful information might be that be screen had flickered once or twice and a pop up told my that my display driver had recovered from an error. This was before the blue screen. I am currently using ATI Mobility Radeon HD 2400XT and my driver version is 7.01.01.670 . I hope that helps and let me know if you need any more information. The file named Mini010409-01 is the mini dump file from the first blue screen and the file named Mini012209-01 is the 2nd blue screen. Once again, your expertise in this area is greatly valued and I look forward to your prompt reply. =)

Best Regards,
Adriel

Attached Files


Bill Gates is a very rich man today... and do you want to know why? The answer is one word : versions. - Dave Barry

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:38 AM

Posted 23 January 2009 - 01:44 PM

Hello Adriel,

As a matter of fact I know more about malware removal than about system/ software computability/ hardware issues.

Since the logs look clean we are assuming the crashes are not caused by infection.

My impression:

The first BSOD occurred on 04-01-2009 and was related to win32k.sys (Windows Multi-User Win32 Driver). It did not occurred again and that might be good news.
The recent BSOD occurred on 22-01-2009 and was related to atikmdag.sys (ATI Mobility Radeon display driver ). The two crashes might be independent from or related to each other. I could be wrong but I think there goes something wrong in the interaction between the display driver and the RAM when the display driver tries to access some sections of the RAM.
Therefore the crashes might be related to a problem with the display driver or a RAM issue. To spot the issue you might think of the last system change you made before the first crash (updating Windows, updating the display driver or or installing a third software indicates a compatibility issue mainly effecting the display driver). If you have made no system changes there might be an issue with RAM.

What to do? I'm not sure if you have administrative privileges to perform these tasks (BTW some problem with administrative privileges might be related to Vista. It might be solved when you run a program by right-clicking and selecting "Run as Administrator"). Could you tell me about it? How did you get the mini dump files?

Here is some tips:
  • For the latest crash try this and see if the problem is solved as there are some reports about this:
    • Go to Start > Run. Alternatively open Task Manager, under File menu select New Task (Run...). Type services.msc and hit Enter.
    • In the right panel under Name tab find Ati External Event Utility.
    • Double-click on the service and set the Startup type to Disable ( I think the startup type is Automatic but note down the startup type in case you wanted to reverse the change made).
    • Click Apply and OK.
    • Close all the open windows. At the next reboot the service will not be started.
  • Concerning the possible RAM issues you can consult the following page. It also mentions a RAM diagnostic test. If you find it difficult to do that open a topic at hardware or Vista forum to get assistance on that. Doing a diagnostic test does no harm and rules out the faulty RAM:

    http://www.ehow.com/how_2269709_troubleshoot-ram.html

  • If the problem occurs again reinstalling the display driver or updating it, or if you have updated and the crash is because of the update, you have to roll beck the driver to the previous version.

Edited by farbar, 24 January 2009 - 06:52 PM.


#11 AceofSpadesX

AceofSpadesX
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:07:38 AM

Posted 24 January 2009 - 12:00 PM

Hey farbar,

Well, I guess that's good news for me that my computer isn't infected (it would really surprise me seeing that I have 2 firewalls and 7 different virus scanners).

Well for the administrator issues, well apparently since my laptop is configured to my school's domain, I guess it was pretty simple.

The process is as follows.

My Computer > C Drive > Windows > Minidump > right click on minidump file > properties > Security > allow > add user > allow all

and Viola! it was done.

well, seeing that it safe to say that my computer is not infected, I guess its also safe to close this topic.

Once again, thanks for all your help!!

Best Regards and Well wishes,
Adriel
Bill Gates is a very rich man today... and do you want to know why? The answer is one word : versions. - Dave Barry

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:38 AM

Posted 24 January 2009 - 06:58 PM

AdrielC,

You are welcome. Thanks for the feedback on accessing the mini dump file. I wish you happy computing.

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.

This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users