Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer started to crash a few days ago.


  • This topic is locked This topic is locked
47 replies to this topic

#1 chiquito3

chiquito3

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 14 August 2011 - 06:02 PM

Hello guys!

My PC running Windows 7 started to crash from time to time with the blue screen. I have not installed any new hardware.


I have a hijackthis log for you to check. i would appreciate all the help you can give me. This is it:



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:51:23 PM, on 8/14/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Advanced Woman Calendar\WomanCalendar.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
H:\HBCD\WinTools\StartupMonitor.exe
H:\HBCD\WinTools\Autorun.exe
G:\H - Downloads\HijackThis.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CFi ShellToys Utility Manager] "C:\Program Files\CFi\ShellToys\CFiShlMan.exe" -start
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Advanced Woman Calendar] "C:\Program Files (x86)\Advanced Woman Calendar\WomanCalendar.exe" -m
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Users\Chespirito-New\AppData\Roaming\install\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3114-W-A64-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12037 bytes

Edited by hamluis, 14 August 2011 - 09:06 PM.
Moved from Am I Infected to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 19 August 2011 - 06:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414419 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 chiquito3

chiquito3
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 20 August 2011 - 08:41 AM

I do still have the same situation of my PC going to the Blue Screen error telling that the malfunction is caused from a new hardware or software install but I don't recall any new installation. This happens from time to time and I have not been able to detect what is causing it. All the times it has happened the PC has been connected to the internet or downloading files. BTw I've notice that my anti virus avast makes the network connection too take more than 90 seconds after booting the PC. Here are the files:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Chespirito-New at 9:22:21 on 2011-08-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1045.18.7935.6330 [GMT -4:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = >>> 'Full Speed' Enabled <<<
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [<NO NAME>]
uRun: [CFi ShellToys Utility Manager] "C:\Program Files\CFi\ShellToys\CFiShlMan.exe" -start
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
uExplorerRun: [Policies] C:\Users\Chespirito-New\AppData\Roaming\install\svchost.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{16C63BB8-9C60-4431-84A9-9769B15CB385} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{75F84E66-49B9-423B-AFC8-24D627D5C67B} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: {16664848-0E00-11D2-8059-000000000000} - No File
mASetup: {8837IXWT-4M32-QFWJ-C2VL-XQ218PAB0YJX} - C:\Program Files\WinRAR\Formats\scvhost\scvhost.exe
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH-X64: {16664848-0E00-11D2-8059-000000000000} - No File
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chespirito-New\AppData\Roaming\Mozilla\Firefox\Profiles\d66isr82.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 bckd;bckd;C:\Windows\system32\drivers\bckd.sys --> C:\Windows\system32\drivers\bckd.sys [?]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-7-22 814344]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-7-12 42184]
R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2011-7-12 121000]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2011-6-10 2044688]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\system32\DRIVERS\PTSimBus.sys --> C:\Windows\system32\DRIVERS\PTSimBus.sys [?]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\system32\DRIVERS\PTSimHid.sys --> C:\Windows\system32\DRIVERS\PTSimHid.sys [?]
R3 yukonw7;Sterownik miniportu NDIS6.2 dla kontrolera Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MRVW148;Marvell TOPDOG ™ 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x);C:\Windows\system32\DRIVERS\MRVW148.sys --> C:\Windows\system32\DRIVERS\MRVW148.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 SATARaid5 Config Service;SATARaid5 Configuration Service;C:\Program Files\Silicon Image\3114-W-A64-R SATARAID5\SATARaid5ConfigService.exe [2005-10-5 148480]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-15 1153368]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-08-15 09:40:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-08-14 22:17:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-08-14 16:02:13 -------- d-----w- C:\Users\Chespirito-New\AppData\Roaming\SoftOrbits
2011-08-14 16:01:19 -------- d-----w- C:\Program Files (x86)\Advanced Woman Calendar
2011-08-14 10:13:24 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-08-11 18:16:30 -------- d-----w- C:\ModMii
2011-08-06 13:02:05 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-08-06 13:01:45 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-08-06 10:57:07 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-08-06 10:42:48 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-08-06 10:42:48 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-08-06 10:42:48 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-08-06 10:42:48 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-08-06 10:42:48 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-08-06 10:38:53 -------- d-----w- C:\Program Files (x86)\Viva Media
2011-07-26 10:41:46 -------- d-----w- C:\ProgramData\Elaborate Bytes
2011-07-26 10:41:19 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-07-25 13:00:44 -------- d-----w- C:\Program Files\DVDFab 8 Qt
2011-07-24 13:24:50 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-07-24 08:33:48 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2011-07-24 08:33:45 -------- d-----w- C:\Program Files (x86)\Panda Security
.
==================== Find3M ====================
.
2011-08-18 06:31:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-26 02:33:01 11114 ----a-w- C:\ProgramData\MainApp.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-04 11:43:53 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-04 11:37:39 129368 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2011-07-04 11:36:56 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-04 11:36:24 257368 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2011-07-04 11:32:24 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 04:09:00 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-10 21:46:04 107280 ----a-w- C:\Windows\System32\drivers\bckd.sys
2011-06-09 21:05:13 138872 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
2011-06-09 21:05:13 138872 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
.
============= FINISH: 9:23:19.74 ===============


Attached File  Attach.txt   16.67KB   1 downloads

#4 chiquito3

chiquito3
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 20 August 2011 - 08:42 AM

I made a double post and edited it.

sorry for that!

Edited by chiquito3, 20 August 2011 - 08:44 AM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 AM

Posted 20 August 2011 - 01:03 PM

Hello, my name is Elise and I'll assist you with this problem.

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 chiquito3

chiquito3
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 23 August 2011 - 05:53 AM

Thanks for your reply elise025. Here is the file:


==================================================
Dump File : 082311-20311-01.dmp
Crash Time : 8/23/2011 6:34:59 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0000357f
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082311-20311-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 082111-19968-01.dmp
Crash Time : 8/21/2011 7:38:09 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0000364b
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082111-19968-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 082111-19422-01.dmp
Crash Time : 8/21/2011 4:13:22 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022d723
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082111-19422-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 082111-21886-01.dmp
Crash Time : 8/21/2011 2:26:25 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`00210f3d
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082111-21886-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 082111-19983-01.dmp
Crash Time : 8/21/2011 1:03:01 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`00084999
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082111-19983-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 082011-22308-01.dmp
Crash Time : 8/20/2011 10:12:34 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`001e27b9
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082011-22308-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 082011-22058-01.dmp
Crash Time : 8/20/2011 12:55:53 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022ee1f
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082011-22058-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 082011-25677-01.dmp
Crash Time : 8/20/2011 12:25:59 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`001368cc
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082011-25677-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 082011-26863-01.dmp
Crash Time : 8/20/2011 7:27:38 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022d409
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082011-26863-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 082011-27830-01.dmp
Crash Time : 8/20/2011 7:20:21 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022ee21
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082011-27830-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 082011-25599-01.dmp
Crash Time : 8/20/2011 6:44:31 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022e196
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\082011-25599-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081611-28392-01.dmp
Crash Time : 8/16/2011 3:19:22 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff880`037bebd9
Parameter 3 : fffff880`080cb750
Parameter 4 : 00000000`00000000
Caused By Driver : tdx.sys
Caused By Address : tdx.sys+12bd9
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081611-28392-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081511-27518-01.dmp
Crash Time : 8/15/2011 7:19:22 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022c346
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081511-27518-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081511-29094-01.dmp
Crash Time : 8/15/2011 7:10:14 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022de6a
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081511-29094-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081511-41324-01.dmp
Crash Time : 8/15/2011 6:41:02 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022fc05
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081511-41324-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081411-29078-01.dmp
Crash Time : 8/14/2011 10:16:48 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022dad2
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081411-29078-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081411-27471-01.dmp
Crash Time : 8/14/2011 5:57:44 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022b751
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081411-27471-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081411-33399-01.dmp
Crash Time : 8/14/2011 4:41:41 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`00229c67
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081411-33399-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081411-28438-01.dmp
Crash Time : 8/14/2011 8:25:19 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022d485
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081411-28438-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081411-27939-01.dmp
Crash Time : 8/14/2011 8:17:59 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022bdff
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : afd.sys
Caused By Address : afd.sys+50425
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081411-27939-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081411-33977-01.dmp
Crash Time : 8/14/2011 6:04:04 AM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff880`03623bd9
Parameter 3 : fffff880`086c8a30
Parameter 4 : 00000000`00000000
Caused By Driver : tdx.sys
Caused By Address : tdx.sys+12bd9
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7fd00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081411-33977-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081411-30591-01.dmp
Crash Time : 8/14/2011 5:56:34 AM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`00228eb9
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7fd00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+7fd00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081411-30591-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081311-28953-01.dmp
Crash Time : 8/13/2011 7:49:43 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 00000000`00000007
Parameter 2 : 00000000`0022d3d4
Parameter 3 : 00000000`00000001
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7fd00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+7fd00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081311-28953-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

==================================================
Dump File : 081311-32432-01.dmp
Crash Time : 8/13/2011 7:35:05 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff880`03775bd9
Parameter 3 : fffff880`085a7a30
Parameter 4 : 00000000`00000000
Caused By Driver : bckd.sys
Caused By Address : bckd.sys+107d
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7fd00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081311-32432-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,528
==================================================

==================================================
Dump File : 061311-24507-01.dmp
Crash Time : 6/13/2011 12:41:57 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000046
Parameter 2 : fffff800`031015fc
Parameter 3 : fffff880`0aa48090
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7fd00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+7fd00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\061311-24507-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 275,584
==================================================

#7 chiquito3

chiquito3
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 23 August 2011 - 05:55 AM

Deleted double post.

Edited by chiquito3, 23 August 2011 - 05:57 AM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 AM

Posted 23 August 2011 - 11:49 AM

Hello again, this may be caused either by bad RAM or a corrupt driver. Lets check for the latter first.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 chiquito3

chiquito3
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 23 August 2011 - 01:11 PM

I did not know if I had to post it or attach it so I decided to attach it.

Here it is. Let me know. Thank you very much!

Attached Files



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 AM

Posted 23 August 2011 - 02:53 PM

Hi, how are things running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 chiquito3

chiquito3
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 23 August 2011 - 03:18 PM

Well it hasn't happened since I did the ComboFix but the error just happened from time to time so I can't say for sure if it is fixed. Is there any way to make sure?

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:11 AM

Posted 23 August 2011 - 04:01 PM

In that case, to be sure lets also run a memory diagnostic. Please follow the steps here and let me know if any errors were found.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 chiquito3

chiquito3
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 23 August 2011 - 06:42 PM

Now after the fix I can say that it is happening more often, a lot more often. I tried to do the memory diagnostic but I have not been able since it crashes continuously. Any advice?

#14 chiquito3

chiquito3
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 23 August 2011 - 08:28 PM

The test is at almost 70% and no errors. I think it would past with no problems. Are there any other suggestions?

#15 chiquito3

chiquito3
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 23 August 2011 - 09:40 PM

Ok it passed with no errors. Please advice what to do next.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users