Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Memory Corruption?! [BSOD]


  • Please log in to reply
3 replies to this topic

#1 jinxiang

jinxiang

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 13 November 2014 - 09:58 AM

Please Advice.....
 
 
Microsoft ® Windows Debugger Version 6.3.9600.17029 AMD64
Copyright © Microsoft Corporation. All rights reserved.
 
 
Loading Dump File [C:\Users\JinXiang\Desktop\111314-27046-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
 
 
************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*c:\symbols\*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols\*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9200.16912.amd64fre.win8_gdr.140502-1507
Machine Name:
Kernel base = 0xfffff800`b8a7c000 PsLoadedModuleList = 0xfffff800`b8d48aa0
Debug session time: Thu Nov 13 22:24:20.281 2014 (UTC + 8:00)
System Uptime: 4 days 0:37:33.940
Loading Kernel Symbols
.
 
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
 
..............................................................
................................................................
.......................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck 3B, {c0000005, fffff8800689a4fb, fffff8800f2a2be0, 0}
 
Probably caused by : memory_corruption
 
Followup: memory_corruption
---------
 
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8800689a4fb, Address of the instruction which caused the bugcheck
Arg3: fffff8800f2a2be0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
 
Debugging Details:
------------------
 
 
DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump
 
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
 
FAULTING_IP: 
Npfs!NpCommonCleanup+14b
fffff880`0689a4fb ff00            inc     dword ptr [rax]
 
CONTEXT:  fffff8800f2a2be0 -- (.cxr 0xfffff8800f2a2be0;r)
rax=0000000000000001 rbx=ffffffffffffffff rcx=fffffa8010641e88
rdx=fffffa8014628e10 rsi=fffffa801453f1e0 rdi=fffff8a00b9faaa8
rip=fffff8800689a4fb rsp=fffff8800f2a35e0 rbp=fffff8800f2a3618
 r8=fffffa8010641dd0  r9=0000000000000012 r10=0000000000000028
r11=fffffa8010ce57f0 r12=0000000000000000 r13=0000000000000001
r14=fffffa8010641e88 r15=fffff8a00b9faa40
iopl=0         nv up ei pl zr na po cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010247
Npfs!NpCommonCleanup+0x14b:
fffff880`0689a4fb ff00            inc     dword ptr [rax] ds:002b:00000000`00000001=????????
Last set context:
rax=0000000000000001 rbx=ffffffffffffffff rcx=fffffa8010641e88
rdx=fffffa8014628e10 rsi=fffffa801453f1e0 rdi=fffff8a00b9faaa8
rip=fffff8800689a4fb rsp=fffff8800f2a35e0 rbp=fffff8800f2a3618
 r8=fffffa8010641dd0  r9=0000000000000012 r10=0000000000000028
r11=fffffa8010ce57f0 r12=0000000000000000 r13=0000000000000001
r14=fffffa8010641e88 r15=fffff8a00b9faa40
iopl=0         nv up ei pl zr na po cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010247
Npfs!NpCommonCleanup+0x14b:
fffff880`0689a4fb ff00            inc     dword ptr [rax] ds:002b:00000000`00000001=????????
Resetting default scope
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
 
BUGCHECK_STR:  0x3B
 
PROCESS_NAME:  nacl64.exe
 
CURRENT_IRQL:  0
 
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
 
LAST_CONTROL_TRANSFER:  from fffff8800689a385 to fffff8800689a4fb
 
STACK_TEXT:  
fffff880`0f2a35e0 fffff880`0689a385 : 00000000`00000001 fffffa80`10641dd0 00000000`00000000 fffff8a0`0ffc41b0 : Npfs!NpCommonCleanup+0x14b
fffff880`0f2a3660 fffff880`014010ee : fffffa80`10fcc950 00000000`00000000 00000000`00000000 00000000`00000000 : Npfs!NpFsdCleanup+0x21
fffff880`0f2a3690 fffff800`b8ebd2a6 : fffffa80`1453f1e0 00000000`00000000 00000000`00000000 00000000`00000000 : fltmgr!FltpDispatch+0xee
fffff880`0f2a36f0 fffff800`b8eb4b80 : fffffa80`14796ab0 fffff8a0`0bb8f980 00000000`00000000 00000000`00000000 : nt!IopCloseFile+0x146
fffff880`0f2a3780 fffff800`b8eb400b : 00000000`fffc0001 fffffa80`14796ad0 fffffa80`147a4000 00000000`00000004 : nt!ObpDecrementHandleCount+0xc0
fffff880`0f2a3820 fffff800`b8eff285 : ffff3987`ac8e16e2 00000000`00000001 00000000`00000001 fffff800`b8f02316 : nt!ObCloseHandleTableEntry+0x10b
fffff880`0f2a38f0 fffff800`b8f0d655 : fffffa80`147a4301 fffffa80`147a4080 fffffa80`147a4080 fffff8a0`0bb8f980 : nt!ExSweepHandleTable+0xb5
fffff880`0f2a3940 fffff800`b8eed954 : fffff8a0`10ef68d0 00000000`00000001 00000000`00000001 fffffa80`14544090 : nt!ObKillProcess+0x4d
fffff880`0f2a3970 fffff800`b8f1904d : 00000000`00000000 fffffa80`147a4001 000007f7`8f4ba000 fffffa80`14f25080 : nt!PspExitThread+0x544
fffff880`0f2a3a90 fffff800`b8ad5553 : fffffa80`147a4080 fffffa80`14f25080 fffff880`0f2a3b80 ffffffff`ffffffff : nt!NtTerminateProcess+0xfd
fffff880`0f2a3b00 000007fd`cb6d2dda : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000095`6292fd68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fd`cb6d2dda
 
 
CHKIMG_EXTENSION: !chkimg -lo 50 -d !Npfs
    fffff8800689a4fc-fffff8800689a4ff  4 bytes - Npfs!NpCommonCleanup+14c
[ 15 57 cb ff:00 00 00 00 ]
4 errors : !Npfs (fffff8800689a4fc-fffff8800689a4ff)
 
MODULE_NAME: memory_corruption
 
IMAGE_NAME:  memory_corruption
 
FOLLOWUP_NAME:  memory_corruption
 
DEBUG_FLR_IMAGE_TIMESTAMP:  0
 
MEMORY_CORRUPTOR:  LARGE
 
STACK_COMMAND:  .cxr 0xfffff8800f2a2be0 ; kb
 
FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE
 
BUCKET_ID:  MEMORY_CORRUPTION_LARGE
 
ANALYSIS_SOURCE:  KM
 
FAILURE_ID_HASH_STRING:  km:memory_corruption_large
 
FAILURE_ID_HASH:  {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
 
Followup: memory_corruption
---------
 
 
MiniToolBox by Farbar  Version: 21-07-2014
Ran by JinXiang (administrator) on 13-11-2014 at 22:41:05
Running from "C:\Users\JinXiang\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/13/2014 07:40:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
 
Error: (11/13/2014 07:40:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
 
Error: (11/13/2014 07:40:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
 
Error: (11/13/2014 07:37:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
 
Error: (11/13/2014 07:37:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
 
Error: (11/13/2014 07:37:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
 
Error: (11/10/2014 08:10:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
 
Error: (11/10/2014 08:10:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
 
Error: (11/10/2014 08:10:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
 
Error: (11/09/2014 09:27:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
 
 
System errors:
=============
Error: (11/13/2014 10:26:09 PM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff8800689a4fb, 0xfffff8800f2a2be0, 0x0000000000000000)C:\WINDOWS\Minidump\111314-27046-01.dmp111314-27046-01
 
Error: (11/13/2014 10:26:08 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 22:04:47 on ‎13/‎11/‎2014 was unexpected.
 
Error: (11/12/2014 11:11:31 PM) (Source: DCOM) (User: Audrey)
Description: {DE50C7BB-FAA7-4A7F-BA47-BF0EFCFE433D}
 
Error: (11/12/2014 11:11:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/12/2014 07:41:33 AM) (Source: DCOM) (User: Audrey)
Description: {DE50C7BB-FAA7-4A7F-BA47-BF0EFCFE433D}
 
Error: (11/12/2014 07:41:33 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/11/2014 11:18:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/11/2014 07:43:18 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/10/2014 07:24:55 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/09/2014 09:46:49 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 21:12:11 on ‎09/‎11/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-13 22:25:56.656
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-11-09 21:46:37.309
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-11-02 09:05:05.003
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-11-01 22:32:50.996
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-11-01 21:26:42.169
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-10-26 22:09:27.389
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-10-26 21:50:45.467
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-10-22 16:43:57.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-10-22 15:09:37.909
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-10-22 10:10:21.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
 
 
 clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
[Windows 8 Theme] Onodera Kosaki by kurohtenshi (HKLM-x32\...\{ef253b91-de41-4968-b2c6-ac23061c2249}_is1) (Version:  - k-rlitos.com)
=========================== Installed Programs ============================
μTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3103 - Acer Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Any Video Converter Professional 5.0.8 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Application Verifier x64 External Package (Version: 8.100.26629 - Microsoft) Hidden
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.8.0.0182 - Disc Soft Ltd)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Boris FX 10 (64 Bit) (HKLM\...\{BAF3FFCF-4BFC-42C9-A5F3-EF5F55615C29}) (Version: 10.0.1 - Boris FX, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dead Space? 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
DFX (HKLM-x32\...\DFX) (Version: 11.109.0.0 - Power Technology)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Far CryR 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Fate Kaleid Liner Prisma Illya 8&8.1 By Ricky version Lolisekai (HKLM-x32\...\{A677DB64-76C2-46A2-BA86-3531B67122B6}_is1) (Version: Lolisekai - Lolisekai.web.id)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Fantasy XIII, 粢・ 1.0 (HKLM-x32\...\Final Fantasy XIII_is1) (Version: 1.0 - =ラ瑕=)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.49.1022 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1022 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.49.1022 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.49.1022 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)
Intel® Network Connections 19.3.141.0 (Version: 19.3.141.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
IntelR Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kancolle Amatsukaze 8&8.1 By Ricky version Lolisekai (HKLM-x32\...\{92C6483C-A4AF-4CD8-A74A-9AF17C8312B1}_is1) (Version: Lolisekai - Lolisekai.web.id)
Kirito(GGO) By Ricky version 1 (HKLM-x32\...\{F6DEA469-BFC1-45E0-8131-1ECDBAEE500B}_is1) (Version: 1 - Ricky Handoko:Lolisekai)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{D1D37853-0004-3E36-A7AA-74F4EEA35F64}) (Version: 4.5.50930 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (HKLM-x32\...\{F68B404C-0E04-337F-A132-796508EE337A}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (HKLM-x32\...\{50AF8559-F490-381F-A6E7-06A07DE227DC}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MSI Development Tools (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero ControlCenter (x32 Version: 11.0.14500.0.45 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.16900.1.27 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.16001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3102 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3102 - Acer)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Download Helper (HKCU\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
SDK Debuggers (x32 Version: 8.100.26629 - Microsoft Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype? 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.15.201410271230 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.228 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.228 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
StartIsBack (HKLM-x32\...\StartIsBack) (Version: 2.1.2 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Ultra Windows 8 Theme Tool 0.1 (HKLM-x32\...\UW8TT_is1) (Version: 0.1 - H.Thuong)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.3.0.0 - Manuel Hoefs (Zottel))
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version:  - )
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Windows App Certification Kit Native Components (Version: 8.100.26629 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (x32 Version: 8.100.26695 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.100.26695 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit EULA (x32 Version: 8.100.25984 - Microsoft Corporations) Hidden
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{25981ccc-475f-4b68-850b-89d3fc287ff1}) (Version: 8.100.26695 - Microsoft Corporation)
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.26695 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.26695 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.26695 - Microsoft Corporation) Hidden
Windows Software Development Kit Redistributables (x32 Version: 8.100.26695 - Microsoft Corporation) Hidden
WPT Redistributables (x32 Version: 8.100.26695 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26629 - Microsoft) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
微??音?捷 2012 流行??更新 (KB2723161) (HKLM-x32\...\{A36C2A4B-FCAA-4D09-9B90-C9A4797423C3}) (Version: 15.0.1548 - Microsoft)
 
========================= Devices: ================================
 
 
**** End of log ****
 
 


BC AdBot (Login to Remove)

 


m

#2 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:20 PM

Posted 14 November 2014 - 10:24 AM

Hi jinxiang & Welcome to the forums ^_^,

 

I would need the Dump files in order to analyse the situation your system is in and help cure it ^_^.

Please note that without the Dump files, I can't help you out.

Kindly ZIP Up the dump files and then upload them to a File Hoster like Mediafire. The Dump files are located in "C:\Windows\Minidumps". You might need to copy them to some other folder before zipping them due to permission issues.

 

Once they are uploaded, paste back a link to it here and I would be glad to analyse them ^_^

 

 

-Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#3 jinxiang

jinxiang
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 20 November 2014 - 08:17 AM

Hi jinxiang & Welcome to the forums ^_^,

 

I would need the Dump files in order to analyse the situation your system is in and help cure it ^_^.

Please note that without the Dump files, I can't help you out.

Kindly ZIP Up the dump files and then upload them to a File Hoster like Mediafire. The Dump files are located in "C:\Windows\Minidumps". You might need to copy them to some other folder before zipping them due to permission issues.

 

Once they are uploaded, paste back a link to it here and I would be glad to analyse them ^_^

 

 

-Pranav

 

Here u go https://www.mediafire.com/?juj0f9qcnsbciu0



#4 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:20 PM

Posted 22 November 2014 - 11:50 AM

Hi Jinxiang ^_^,

 

I have analysed your dump files and below has been provided an analysis of the same for informative purposes :-

**************************Thu Nov 13 19:54:20.281 2014 (UTC + 5:30)**************************
Probably caused by : memory_corruption
 
BugCheck 3B, {c0000005, fffff8800689a4fb, fffff8800f2a2be0, 0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000003B]SYSTEM_SERVICE_EXCEPTION (3b)[/url]
 
BUGCHECK_STR:  0x3B
 
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
 
PROCESS_NAME:  nacl64.exe
 
FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE
 
MaxSpeed:     3200
 
CurrentSpeed: 3193
 
  BIOS Version                  P11-A3
 
  BIOS Release Date             10/18/2012
 
  Manufacturer                  Acer
 
  Product Name                  Predator G3620
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``

Below is a list of 3rd party drivers present on your system :-

**************************Thu Nov 13 19:54:20.281 2014 (UTC + 5:30)**************************
mwlPSDFilter.sys       Fri Mar 25 12:42:11 2011 (4D8C404B)
mwlPSDNServ.sys        Fri Mar 25 12:42:13 2011 (4D8C404D)
mwlPSDVDisk.sys        Fri Mar 25 12:42:23 2011 (4D8C4057)
btath_bus.sys          Thu Jun 21 10:52:17 2012 (4FE2AF89)
btath_lwflt.sys        Thu Jun 21 10:52:36 2012 (4FE2AF9C)
btath_avdt.sys         Thu Jun 21 10:52:40 2012 (4FE2AFA0)
btath_rcp.sys          Thu Jun 21 10:53:26 2012 (4FE2AFCE)
btath_hcrp.sys         Thu Jun 21 10:53:29 2012 (4FE2AFD1)
btath_a2dp.sys         Thu Jun 21 10:53:44 2012 (4FE2AFE0)
HECIx64.sys            Tue Jul  3 03:44:58 2012 (4FF21D62)
RtsUStor.sys           Thu Jul  5 07:29:11 2012 (4FF4F4EF)
iaStorA.sys            Tue Jul 10 02:12:33 2012 (4FFB4239)
dump_iaStorA.sys       Tue Jul 10 02:12:33 2012 (4FFB4239)
RTKVHD64.sys           Tue Jul 10 15:55:21 2012 (4FFC0311)
athw8x.sys             Tue Jul 24 21:14:00 2012 (500EC2C0)
btfilter.sys           Fri Aug  3 16:37:56 2012 (501BB10C)
btath_flt.sys          Fri Aug  3 16:39:44 2012 (501BB178)
dfx11_1x64.sys         Wed Aug 29 00:40:34 2012 (503D17AA)
intelppm.sys           Tue Nov  6 09:25:02 2012 (50988A16)
fdyji.sys              Tue Aug  6 04:03:54 2013 (52002852)
MpKsl0a7e3edd.sys      Thu Aug 22 04:21:16 2013 (52154464)
MpKsl60e7f03a.sys      Thu Aug 22 04:21:16 2013 (52154464)
nvhda64v.sys           Thu Nov 28 19:08:09 2013 (52974741)
NMgamingms.sys         Sun Dec  8 10:59:45 2013 (52A403C9)
dtsoftbus01.sys        Fri Feb 21 15:19:36 2014 (53072130)
nvvad64v.sys           Fri Mar 28 19:02:06 2014 (533579D6)
e1c63x64.sys           Sat May  3 01:02:51 2014 (5363F2E3)
mwac.sys               Wed Jun 18 07:37:00 2014 (53A0F444)
nvlddmkm.sys           Wed Jul  2 23:12:02 2014 (53B4446A)
NvStreamKms.sys        Fri Jul 25 17:05:56 2014 (53D2411C)
mbamchameleon.sys      Mon Aug 18 20:23:30 2014 (53F2136A)
mbam.sys               Wed Sep  3 23:20:25 2014 (540754E1)
MBAMSwissArmy.sys      Sat Sep 20 03:44:07 2014 (541CAAAF)

http://www.carrona.org/drivers/driver.php?id=mwlPSDFilter.sys
http://www.carrona.org/drivers/driver.php?id=mwlPSDNServ.sys
http://www.carrona.org/drivers/driver.php?id=mwlPSDVDisk.sys
http://www.carrona.org/drivers/driver.php?id=btath_bus.sys
http://www.carrona.org/drivers/driver.php?id=btath_lwflt.sys
http://www.carrona.org/drivers/driver.php?id=btath_avdt.sys
http://www.carrona.org/drivers/driver.php?id=btath_rcp.sys
http://www.carrona.org/drivers/driver.php?id=btath_hcrp.sys
http://www.carrona.org/drivers/driver.php?id=btath_a2dp.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=RtsUStor.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=athw8x.sys
http://www.carrona.org/drivers/driver.php?id=btfilter.sys
http://www.carrona.org/drivers/driver.php?id=btath_flt.sys
http://www.carrona.org/drivers/driver.php?id=dfx11_1x64.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
fdyji.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
MpKsl0a7e3edd.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
MpKsl60e7f03a.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
http://www.carrona.org/drivers/driver.php?id=NMgamingms.sys
http://www.carrona.org/drivers/driver.php?id=dtsoftbus01.sys
http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
http://www.carrona.org/drivers/driver.php?id=e1c63x64.sys
http://www.carrona.org/drivers/driver.php?id=mwac.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
http://www.carrona.org/drivers/driver.php?id=NvStreamKms.sys
http://www.carrona.org/drivers/driver.php?id=mbamchameleon.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys

 

I would suggest you to update the highlighted drivers. Furthermore, there is not much information within the Dump file :( . Is there only one dump file which is there in the Minidumps Folder? I would suggest you to run the Driver Verifier according to the below guide and make sure that you let it crash for few times. Once this is done, kindly upload the latest Dump files -

http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

 

Let me know how it goes ^_^

 

 

EDIT :- I see that there is an unknown driver present on your system named "fdyji.sys". Could you please do a manual search for the driver in your system and see if you could find any information regarding it?
 


Edited by blueelvis, 22 November 2014 - 11:56 AM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users