Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Driver Overran Stack Buffer BSOD


  • Please log in to reply
8 replies to this topic

#1 johueshua

johueshua

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 20 June 2014 - 06:14 PM

Unfortunately my BSOD errors persist, except this one is a new one..

I recently got a Driver Overran Stack Buffer BSOD error.

 

minidump:

https://www.sendspace.com/file/lisawf

 

speccy:

http://speccy.piriform.com/results/mS5cU1K1x5HI3yBBVV8sFY8

 

minitoolbox result:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Joshua (administrator) on 20-06-2014 at 19:14:03
Running from "C:\Users\Joshua\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/20/2014 07:03:52 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/20/2014 07:03:50 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/20/2014 03:40:39 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/20/2014 03:39:11 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/20/2014 01:32:12 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/20/2014 01:30:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2141

Error: (06/20/2014 01:30:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2141

Error: (06/20/2014 01:30:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/20/2014 01:30:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1000

Error: (06/20/2014 01:30:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1000


System errors:
=============
Error: (06/20/2014 07:02:27 PM) (Source: BugCheck) (User: )
Description: 0x000000f7 (0x08003a3ff5d50ef3, 0x00003a3ff5d50ef3, 0xffffc5c00a2af10c, 0x0000000000000000)C:\Windows\MEMORY.DMP062014-11250-01

Error: (06/20/2014 07:02:26 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:58:15 PM on ?6/?20/?2014 was unexpected.

Error: (06/20/2014 03:38:17 PM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff803a4bd7c29, 0xffffd000235cd820, 0x0000000000000000)C:\Windows\MEMORY.DMP062014-12062-01

Error: (06/20/2014 03:38:15 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:31:07 PM on ?6/?20/?2014 was unexpected.

Error: (06/20/2014 11:49:55 AM) (Source: DCOM) (User: Joshua-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/20/2014 11:49:25 AM) (Source: DCOM) (User: Joshua-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/19/2014 10:15:26 AM) (Source: NetBT) (User: )
Description: The name "JOSHUA-PC      :0" could not be registered on the interface with IP address 192.168.1.5.
The computer with the IP address 192.168.1.4 did not allow the name to be claimed by
this computer.

Error: (06/19/2014 10:15:04 AM) (Source: NetBT) (User: )
Description: The name "JOSHUA-PC      :0" could not be registered on the interface with IP address 192.168.1.5.
The computer with the IP address 192.168.1.4 did not allow the name to be claimed by
this computer.

Error: (06/19/2014 10:14:45 AM) (Source: NetBT) (User: )
Description: The name "JOSHUA-PC      :20" could not be registered on the interface with IP address 192.168.1.5.
The computer with the IP address 192.168.1.4 did not allow the name to be claimed by
this computer.

Error: (06/19/2014 10:14:45 AM) (Source: NetBT) (User: )
Description: The name "JOSHUA-PC      :0" could not be registered on the interface with IP address 192.168.1.5.
The computer with the IP address 192.168.1.4 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (06/20/2014 07:03:52 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/20/2014 07:03:50 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/20/2014 03:40:39 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/20/2014 03:39:11 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/20/2014 01:32:12 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/20/2014 01:30:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2141

Error: (06/20/2014 01:30:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2141

Error: (06/20/2014 01:30:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/20/2014 01:30:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1000

Error: (06/20/2014 01:30:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1000


CodeIntegrity Errors:
===================================
  Date: 2014-04-16 11:57:28.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-04-16 11:57:28.085
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-04-13 21:05:26.348
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-04-13 21:05:26.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-04-12 22:08:15.014
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-04-12 22:08:14.998
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-04-12 11:29:50.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

  Date: 2014-04-12 11:29:50.607
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.


=========================== Installed Programs ============================

Adobe Flash Player 14 Plugin (Version: 14.0.0.125)
Adobe Reader XI (11.0.07) (Version: 11.0.07)
Apple Application Support (Version: 3.0.3)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3972)
AVG 2014 (Version: 14.0.4592)
AVG 2014 (Version: 2014.0.4592)
AVG SafeGuard toolbar (Version: 18.1.7.598)
BioShock Infinite
Bonjour (Version: 3.0.0.10)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
HyperCam 2 (Version: 2.29.00)
Intel® Management Engine Components (Version: 9.0.0.1310)
Intel® Trusted Connect Service Client (Version: 1.27.757.1)
iTunes (Version: 11.2.2.3)
League of Legends (Version: 3.0.0)
Linkey (Version: 0.0.0.431)
MapleStory
Mathematica Extras 9.0 (3824406) (Version: 9.0.0)
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506)
Mozilla Firefox 30.0 (x86 en-US) (Version: 30.0)
Mozilla Maintenance Service (Version: 29.0.1)
MSVCRT Redists (Version: 1.0)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver 335.21 (Version: 335.21)
NVIDIA 3D Vision Driver 335.23 (Version: 335.23)
NVIDIA Control Panel 335.23 (Version: 335.23)
NVIDIA GeForce Experience 2.0 (Version: 2.0)
NVIDIA Graphics Driver 335.23 (Version: 335.23)
NVIDIA HD Audio Driver 1.3.30.1 (Version: 1.3.30.1)
NVIDIA Install Application (Version: 2.1002.151.1095)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA Network Service (Version: 1.0)
NVIDIA PhysX (Version: 9.13.1220)
NVIDIA PhysX System Software 9.13.1220 (Version: 9.13.1220)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523)
NVIDIA Update 12.4.55 (Version: 12.4.55)
NVIDIA Update Core (Version: 12.4.55)
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506)
Python 2.7.7 (Version: 2.7.7150)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Settings Manager (Version: 5.0.0.12302)
SHIELD Streaming (Version: 1.8.323)
Skype Click to Call (Version: 7.2.15747.10003)
Skype™ 6.16 (Version: 6.16.105)
Speccy (Version: 1.26)
Steam
The Forest
Total War: ROME II
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2878313) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2880458) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2881000) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition
Vegas Pro 12.0 (64-bit) (Version: 12.0.770)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.1 (Version: 2.1.1)
WinRAR 5.01 (64-bit) (Version: 5.01.0)
Wolfram Mathematica 9 (M-WIN-L 9.0.0 3868239) (Version: 9.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 6%
Total physical RAM: 32718.52 MB
Available physical RAM: 30745.85 MB
Total Pagefile: 65486.52 MB
Available Pagefile: 63274 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.93 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:212.37 GB) (Free:99.04 GB) NTFS
2 Drive d: () (Fixed) (Total:931.51 GB) (Free:859.34 GB) NTFS
3 Drive e: (ASRock SupportCD) (CDROM) (Total:2.08 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\JOSHUA-PC

Administrator            Guest                    Joshua                   

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 

 



BC AdBot (Login to Remove)

 


#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:03:10 AM

Posted 20 June 2014 - 06:46 PM

 There seems to be some corrupt systems files in that Speccy listing, namely sysapcrt.dll and services.exe.  I'd run SFC to try to correct that.  Go to the Search charm and type CMD, right-click CMD.EXE then click Run as administrator.  From the command prompt type sfc /scannow.  That will scan your system files and attempt to correct any it finds corrupt.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 johueshua

johueshua
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 21 June 2014 - 04:28 PM

It said that there were no integrity violations



#4 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:40 PM

Posted 22 June 2014 - 02:42 AM

Hi Johueshua,

 

Could you please goto this path "C:\Windows\Minidump", zip up the Dump files and upload them to a service such as One Drive or Dropbox so that they could be used for further analysis and helping you better and fast as well? ^_^


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#5 johueshua

johueshua
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 23 June 2014 - 11:55 AM

Hi blueelvis, I already posted the minidump zip files on sendspace. Should I reupload it on dropbox?



#6 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:40 PM

Posted 23 June 2014 - 04:32 PM

Hi Johueshua,
 
I have analyzed your 5 latest minidumps and they have the below 3rd party drivers.

**************************Sat Jun 21 04:31:47.684 2014 (UTC + 5:30)**************************
GEARAspiWDM.sys             Fri May  4 01:26:17 2012 (4FA2E2E1)
HECIx64.sys                 Tue Dec 18 01:02:21 2012 (50CF7345)
k57nd60a.sys                Wed Jan 30 06:18:55 2013 (51086DF7)
intelppm.sys                Thu Aug 22 14:16:35 2013 (5215CFEB)
dump_storahci.sys           Thu Aug 22 17:10:39 2013 (5215F8B7)
nvhda64v.sys                Thu Nov 28 19:08:09 2013 (52974741)
point64.sys                 Thu Dec 12 18:46:17 2013 (52A9B721)
NuidFltr.sys                Thu Dec 12 18:46:25 2013 (52A9B729)
dc3d.sys                    Thu Dec 12 18:46:35 2013 (52A9B733)
nvlddmkm.sys                Tue Mar  4 16:37:52 2014 (5315B408)
avgtpx64.sys                Wed Mar 12 16:18:45 2014 (53203B8D)
avgdiska.sys                Fri Mar 28 01:44:19 2014 (5334869B)
avgidsha.sys                Fri Mar 28 01:44:22 2014 (5334869E)
nvvad64v.sys                Fri Mar 28 19:02:06 2014 (533579D6)
avgwfpa.sys                 Mon Mar 31 19:36:42 2014 (53397672)
systemkmgrc1.cfg            Tue Apr  8 19:48:24 2014 (53440530)
avgidsdrivera.sys           Fri Apr 18 18:31:26 2014 (53512226)
NvStreamKms.sys             Wed Apr 30 06:29:44 2014 (53604B00)
avgrkx64.sys                Tue May 13 17:34:26 2014 (53720A4A)
avgmfx64.sys                Tue May 13 17:35:03 2014 (53720A6F)
avgloga.sys                 Tue May 13 17:36:01 2014 (53720AA9)
avgldx64.sys                Tue May 13 17:50:22 2014 (53720E06)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jun 10 21:29:43.707 2014 (UTC + 5:30)**************************
EagleX64.sys                Fri Jan  3 11:43:38 2014 (52C65512)

http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=k57nd60a.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=dump_storahci.sys
http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
http://www.carrona.org/drivers/driver.php?id=point64.sys
http://www.carrona.org/drivers/driver.php?id=NuidFltr.sys
http://www.carrona.org/drivers/driver.php?id=dc3d.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=avgtpx64.sys
http://www.carrona.org/drivers/driver.php?id=avgdiska.sys
http://www.carrona.org/drivers/driver.php?id=avgidsha.sys
http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
http://www.carrona.org/drivers/driver.php?id=avgwfpa.sys
systemkmgrc1.cfg - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=avgidsdrivera.sys
http://www.carrona.org/drivers/driver.php?id=NvStreamKms.sys
http://www.carrona.org/drivers/driver.php?id=avgrkx64.sys
http://www.carrona.org/drivers/driver.php?id=avgmfx64.sys
http://www.carrona.org/drivers/driver.php?id=avgloga.sys
http://www.carrona.org/drivers/driver.php?id=avgldx64.sys
http://www.carrona.org/drivers/driver.php?id=EagleX64.sys
 
Please try finding the updates of the above 3rd party drivers. 
 
Apparently, the interesting this is that I have highlighted a driver in BOLD and RED  , please do not attempt to update or try removing that as it is a Virus/Malware as a single search of that driver on google reveals. I am no expert in resolving the Malware problems.
 
Another thing to notice, is the information provided by your latest dump file :-

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
 

 
So, I would ask a MOD  to move this thread to appropriate location.


Edited by blueelvis, 23 June 2014 - 04:34 PM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#7 johueshua

johueshua
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 23 June 2014 - 09:48 PM

 

http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=k57nd60a.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=dump_storahci.sys
http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
http://www.carrona.org/drivers/driver.php?id=point64.sys
http://www.carrona.org/drivers/driver.php?id=NuidFltr.sys
http://www.carrona.org/drivers/driver.php?id=dc3d.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=avgtpx64.sys
http://www.carrona.org/drivers/driver.php?id=avgdiska.sys
http://www.carrona.org/drivers/driver.php?id=avgidsha.sys
http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
http://www.carrona.org/drivers/driver.php?id=avgwfpa.sys
systemkmgrc1.cfg - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=avgidsdrivera.sys
http://www.carrona.org/drivers/driver.php?id=NvStreamKms.sys
http://www.carrona.org/drivers/driver.php?id=avgrkx64.sys
http://www.carrona.org/drivers/driver.php?id=avgmfx64.sys
http://www.carrona.org/drivers/driver.php?id=avgloga.sys
http://www.carrona.org/drivers/driver.php?id=avgldx64.sys
http://www.carrona.org/drivers/driver.php?id=EagleX64.sys
 

Are these the drivers that I need to have installed?



#8 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:40 PM

Posted 23 June 2014 - 11:45 PM

Those are the 3rd party drivers present on your system which you need to sure are updated. ^_^


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#9 Riohclem

Riohclem

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 01 December 2014 - 01:01 AM

Hello folks. I need help with my computer and I don't know much about it at all. I'm running into this issue so instead of starting a new thread I though't I'd just continue. I read over the previous steps of what I should do so I have my minidump in a zip uploaded and my specs too. I was wondering if some one can quickly go over the dump file and tell me which driver is causing the issue, if it is indeed malware or if it some other problem. I would be grateful for any help in this matter thank you.

http://www.sendspace.com/filegroup/aZAG9%2FWXS%2FnuEAAiCVhYow is the minidump and speccy snapshot.

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users