Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still problems after upgrade from Vista to 7HP 32bit -


  • This topic is locked This topic is locked
3 replies to this topic

#1 bwrighttwo

bwrighttwo

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 23 December 2012 - 11:43 PM

Hi. This machine has been a topic on these boards with a different user id (loragail). I have also had help with this machine prior with mOle. Since then I have done a clean re-install and upgraded from Vista to Win7 HP 32bit. I have also used Ninite to update Java, Flash, and some other things you will see in the DDS. I did download Kaspersky with a disk and key and have since removed it with Revo. This machine has a bad history. Problems it has now is it opens and freezes on black screen or scrambled startup screen. It has also BSOD"d with minidump probs.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by oldpawn at 0:18:31 on 2012-12-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.1275 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Users\oldpawn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\oldpawn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\oldpawn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\oldpawn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5FDA7F67-3592-4E69-B411-BE97C69EF36A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5FDA7F67-3592-4E69-B411-BE97C69EF36A}\6657C696675677F627C646 : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 603240]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-12-23 1343400]
.
=============== Created Last 30 ================
.
2012-12-24 07:30:46 -------- d-----w- c:\users\oldpawn\appdata\local\ElevatedDiagnostics
2012-12-24 07:30:29 -------- d-----w- c:\users\oldpawn\appdata\roaming\Malwarebytes
2012-12-24 07:15:38 -------- d-----w- c:\users\oldpawn\appdata\roaming\Auslogics
2012-12-24 05:56:45 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-24 05:47:02 98816 ----a-w- c:\windows\sed.exe
2012-12-24 05:47:02 256000 ----a-w- c:\windows\PEV.exe
2012-12-24 05:47:02 208896 ----a-w- c:\windows\MBR.exe
2012-12-24 01:28:33 70656 ----a-w- c:\windows\system32\fontsub.dll
2012-12-24 01:28:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-24 01:28:33 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-24 01:13:11 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-12-24 01:13:10 5120 ----a-w- c:\windows\system32\wmi.dll
2012-12-24 01:13:10 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-12-24 01:10:19 -------- d-----w- c:\windows\system32\Wat
2012-12-24 01:05:48 850944 ----a-w- c:\windows\system32\sbe.dll
2012-12-24 01:04:55 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-24 01:04:54 41984 ----a-w- c:\windows\system32\browcli.dll
2012-12-24 01:04:54 102912 ----a-w- c:\windows\system32\browser.dll
2012-12-24 01:04:34 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c4c3b7e1-21b6-4945-9d3d-40f8ad1ea4f2}\mpengine.dll
2012-12-24 01:04:33 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-12-24 00:58:55 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-12-24 00:58:55 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-12-24 00:58:53 769024 ----a-w- c:\windows\system32\localspl.dll
2012-12-24 00:58:50 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-12-24 00:58:46 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-12-24 00:58:45 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-12-24 00:58:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-24 00:57:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-24 00:57:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-24 00:53:37 -------- d-----w- c:\program files\Auslogics
2012-12-24 00:52:35 -------- d-----w- c:\program files\VS Revo Group
2012-12-24 00:52:21 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-24 00:52:21 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-24 00:52:09 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-24 00:47:51 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-24 00:47:51 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-24 00:46:36 -------- d-----w- c:\users\oldpawn\appdata\local\Google
2012-12-24 00:46:30 -------- d-----w- c:\program files\GUM73D7.tmp
2012-12-24 00:35:55 -------- d-----w- c:\windows\system32\catroot2
2012-12-24 00:28:43 303616 ----a-w- C:\SetACL.exe
2012-12-24 00:20:20 290304 ----a-w- C:\subinacl.exe
2012-12-24 00:18:55 -------- d-----w- C:\RegBackup
2012-12-24 00:00:38 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-12-24 00:00:25 -------- d-----w- c:\program files\Tweaking.com
2012-12-23 23:50:25 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-12-23 23:50:25 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-12-23 23:46:35 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-12-23 23:46:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-12-23 23:32:04 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-12-23 23:32:04 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-12-23 23:06:48 -------- d-----w- c:\users\oldpawn\appdata\local\Diagnostics
2012-12-23 22:52:40 -------- d-----w- c:\program files\Belkin
2012-12-23 22:52:17 -------- d-sh--w- c:\windows\Installer
2012-12-23 22:52:16 -------- d-----w- c:\windows\{7EBEACC7-A0C9-4DA4-9A63-3DC7D244B051}
2012-12-23 22:41:38 -------- d-----w- c:\programdata\Malwarebytes
2012-12-23 14:01:56 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
==================== Find3M ====================
.
2012-11-22 02:56:02 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 0:18:52.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 26 December 2012 - 07:21 PM

Here is the link to the topic this machine was looked at when it was running Vista.http://www.bleepingcomputer.com/forums/topic465028.html/page__view__findpost__p__2803664__fromsearch__1
These are from the last 3 blue screens if it helps. They are all from doing an Avast scan. One Boot Time and 2 regular scans.

122512-12355-01.dmp 12/25/2012 11:35:41 PM MEMORY_MANAGEMENT 0x0000001a 0x00041287 0x040484e0 0x00000000 0x00000000 storport.sys storport.sys+44b0 Microsoft Storage Port Driver Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17514 (win7sp1_rtm.101119-1850) 32-bit ntkrnlpa.exe+8db3f ntkrnlpa.exe+40ae8 ntkrnlpa.exe+4152d C:\Windows\Minidump\122512-12355-01.dmp 2 15 7601 159,784


122612-12386-01.dmp 12/26/2012 12:52:22 AM MEMORY_MANAGEMENT 0x0000001a 0x00041287 0x00000f85 0x00000000 0x00000000 ntkrnlpa.exe ntkrnlpa.exe+8db3f NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17944 (win7sp1_gdr.120830-0333) 32-bit ntkrnlpa.exe+8db3f ntkrnlpa.exe+40ae8 ntkrnlpa.exe+95e80 ntkrnlpa.exe+9d0a9 C:\Windows\Minidump\122612-12386-01.dmp 2 15 7601 150,304


122612-13915-01.dmp 12/26/2012 12:09:21 AM MEMORY_MANAGEMENT 0x0000001a 0x00005003 0xc0802000 0x0000ebc2 0x0e402700 ntkrnlpa.exe ntkrnlpa.exe+dee98 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17944 (win7sp1_gdr.120830-0333) 32-bit ntkrnlpa.exe+dee98 ntkrnlpa.exe+63d3b ntkrnlpa.exe+9dbfa ntkrnlpa.exe+8f7b0 C:\Windows\Minidump\122612-13915-01.dmp 2 15 7601 140,352

Edited by bwrighttwo, 26 December 2012 - 07:37 PM.


#3 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 28 December 2012 - 01:34 PM

This topic can be closed as I think I have solved my problem. Thanks

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 AM

Posted 28 December 2012 - 09:38 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users