1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

BSOD Kernel Data Inpage Error

Discussion in 'Windows 7' started by qxza, Feb 7, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. qxza

    qxza Thread Starter

    Joined:
    Feb 7, 2013
    Messages:
    18
    Hello guys,
    This is my pc config:
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz, x64 Family 6 Model 15 Stepping 11
    Processor Count: 2
    RAM: 3316 Mb
    Graphics Card: Intel(R) G33/G31 Express Chipset Family, 256 Mb
    Hard Drives: C: Total - 67385 MB, Free - 44612 MB; E: Total - 102256 MB, Free - 65873 MB; I: Total - 476929 MB, Free - 143467 MB; K: Total - 307190 MB, Free - 224044 MB;
    Motherboard: Intel Corporation, DG33FB

    The system has been slow for a month or two..
    I have checked my seagate hdd with hdtune pro and moreover the hdd is just 1 year old.I checked other posts relating to the same problem..

    It has been fine untill yesterday when i left my computer on for doing some work and when i got up saw bsod with kernel inpage error
    BCCode: 1000007e
    BCP1: C0000005
    BCP2: E3864734
    BCP3: CB91F1B8
    BCP4: CB91ED90




    please help me. :(
     

    Attached Files:

  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    I can't see how to download the minidumps from the site you posted them on without creating an account.

    Please post them here as an attachment:

    Please follow this small guide to attach your minidump files so they can be analysed.


    First locate your minidump files, open Windows Explorer and click on the C: drive in the left pane, in the right pane look down the list of folders and double click on Windows to view its contents. NOTE: If your operating system is installed under a different drive letter then look there. Scroll down the contents of the Windows folder and look for a folder called minidump and double click on it. You should now see the minidump files which will have a .dmp extension.

    Zip up at least 6 of the most recent files into one zip folder (if there are less then just zip up what you have).


    NOTE: To zip up the files in Windows (all versions). Right click the file, click on Send To, and then click
    Compressed (zipped) Folder. That will create a zip folder containing a copy of the file, you should see it appear.


    If there is more than one .dmp file click on the first one, hold down the shift key and then click on the last one. That should highlight all the files. Then right click in the highlighted area, click on Send To, and then click Compressed (zipped) Folder.




    • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
    • Click on the Browse button, find the zip folder you made earlier and click on it so it becomes highlighted and click on Open.
    • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
    • When done, click on the Close this window button at the top of the page.
    • Enter your message-text in the message box, then click on Submit Message/Reply.
     
  3. qxza

    qxza Thread Starter

    Joined:
    Feb 7, 2013
    Messages:
    18
    Hey sorry just realized the gaffe..sorry for that..fixed it
    But i only 2 dump files are there..If there is a crash i will post it
    I donno how to check ram but changed the hdd cable connector and sata port on the mobo..
    The system was too damn slow for a 4 gig ram but after the change it has been better..
    I don think there is any hog or drag on system resource as whenever it used to be slow i used Resource Monitor in Task Manager and checked everything to be alright..
    This is the second bsod that has happened before the time of this post
    Do you(Mark) think it is coz of the controllers on Motherboard.Should i change the mobo?

    Update:
    Whenever i delete files in the window the update is not reflected and system has become a lil slow
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The BSOD' are not showing anything obvious but could both relate to a driver problem.

    What window are you talking about and what files are you trying to delete and why?

    Before we check the drivers please run these two scans and post the logs.

    Please also go Here and follow the instructions to run DDS, then Copy and Paste both the logs into your next reply.

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  5. qxza

    qxza Thread Starter

    Joined:
    Feb 7, 2013
    Messages:
    18
    GMER didn't show any root kit activity.So couldn't find any log file.
    Boot time has been fairly same although a little slow compared to boot times a month ago

    I am referring to desktop window as in WINDOWS EXPLORER ( display C ,D drive )
    While browsing through folders and files in explorer normal operations like cut paste and copy paste of video,text and audio files are not reflected in the active window suddenly.I have to right click and press refresh for the copied to be displayed or deleted files to be not shown..

    Also when i go to My Computer it takes about 10 seconds to display all the partitions and the usb drives..
    This has started only now..previously it was fine
     

    Attached Files:

  6. Lance1

    Lance1

    Joined:
    Aug 4, 2003
    Messages:
    5,613
    The dump file dated at 2\7 at 3:24 PM will not open. But the one at 9:13 PM did, the offending file for that bsod is NETIO.SYS "Network I/O Subsystem" Most times just updating the drivers for the Network card will solve this issue. Go to the manufactures site and download the latest drivers for the card.

    PHP:
    Microsoft (RWindows Debugger Version 6.12.0002.633 X86
    Copyright 
    (cMicrosoft CorporationAll rights reserved.


    Loading Dump File [C:\Users\LG-PC7\Desktop\020713-25521-01\020713-25521-01.dmp]
    Mini Kernel Dump FileOnly registers and stack trace are available

    Symbol search path is
    SRV*your local folder for symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is
    Windows 7 Kernel Version 7601 (Service Pack 1MP (2 procsFree x86 compatible
    Product
    WinNtsuiteTerminalServer SingleUserTS
    Built by
    7601.17514.x86fre.win7sp1_rtm.101119-1850
    Machine Name
    :
    Kernel base 0xe3640000 PsLoadedModuleList 0xe378a850
    Debug session time
    Thu Feb  7 07:41:58.975 2013 (UTC 8:00)
    System Uptime0 days 0:00:16.629
    Loading Kernel Symbols
    ...............................................................
    ....................................
    Loading User Symbols
    Loading unloaded module 
    list
    .
    *******************************************************************************
    *                                                                             *
    *                        
    Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !
    analyze -v to get detailed debugging information.

    BugCheck 1000007E, {c0000005e3864734cb91f1b8cb91ed90}

    Probably caused by NETIO.SYS NETIO!NmrClientAttachProvider+3f )

    FollowupMachineOwner
    ---------

    1kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        
    Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver
    /function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint 
    or assertion was hitbut this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code
    but ...
    If 
    this happensmake sure a debugger gets connected, and the
    system is booted 
    /DEBUG.  This will let us see why this breakpoint is
    happening
    .
    Arguments:
    Arg1c0000005The exception code that was not handled
    Arg2
    e3864734The address that the exception occurred at
    Arg3
    cb91f1b8Exception Record Address
    Arg4
    cb91ed90Context Record Address

    Debugging Details
    :
    ------------------


    EXCEPTION_CODE: (NTSTATUS0xc0000005 The instruction at 0x%08lx referenced memory at 0x%08lxThe memory could not be %s.

    FAULTING_IP
    nt!RtlEqualUnicodeString+2f
    e3864734 3b37            cmp     esi
    ,dword ptr [edi]

    EXCEPTION_RECORD:  cb91f1b8 -- (.exr 0xffffffffcb91f1b8)
    ExceptionAddresse3864734 (nt!RtlEqualUnicodeString+0x0000002f)
       
    ExceptionCodec0000005 (Access violation)
      
    ExceptionFlags00000000
    NumberParameters
    2
       Parameter
    [0]: 00000000
       Parameter
    [1]: 000090c8
    Attempt to read from address 000090c8

    CONTEXT
    :  cb91ed90 -- (.cxr 0xffffffffcb91ed90)
    eax=00000006 ebx=ca6fec16 ecx=ca6fec10 edx=00000004 esi=00640055 edi=000090c8
    eip
    =e3864734 esp=cb91f280 ebp=cb91f28c iopl=0         nv up ei pl nz na po nc
    cs
    =0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
    nt
    !RtlEqualUnicodeString+0x2f:
    e3864734 3b37            cmp     esi,dword ptr [edi]  ds:0023:000090c8=????????
    Resetting default scope

    CUSTOMER_CRASH_COUNT
    :  1

    DEFAULT_BUCKET_ID
    :  VISTA_DRIVER_FAULT

    PROCESS_NAME
    :  System

    CURRENT_IRQL
    :  0

    ERROR_CODE
    : (NTSTATUS0xc0000005 The instruction at 0x%08lx referenced memory at 0x%08lxThe memory could not be %s.

    EXCEPTION_PARAMETER1:  00000000

    EXCEPTION_PARAMETER2
    :  000090c8

    READ_ADDRESS
    GetPointerFromAddressunable to read from e37aa718
    Unable to read MiSystemVaType memory at e378a1a0
     000090c8 

    FOLLOWUP_IP

    NETIO!NmrClientAttachProvider+3f
    c9aeec06 85c0            test    eax
    ,eax

    BUGCHECK_STR
    :  0x7E

    LOCK_ADDRESS
    :  e37a7fa0 -- (!locks e37a7fa0)

    Resource nt!PiEngineLock (0xe37a7fa0)    Available

    WARNING
    SystemResourcesList->Flink chain invalidResource may be corrupted, or already deleted.


    WARNINGSystemResourcesList->Blink chain invalidResource may be corrupted, or already deleted.

    1 total locks

    PNP_TRIAGE

        
    Lock address  0xe37a7fa0
        Thread Count  
    0
        Thread address
    0x00000000
        Thread wait   
    0x0

    LAST_CONTROL_TRANSFER
    :  from e3864590 to e3864734

    STACK_TEXT
    :  
    cb91f28c e3864590 000090c8 ca6fec16 00000201 nt!RtlEqualUnicodeString+0x2f
    cb91f2b4 e38643d7 0160f448 cb91f300 00000201 nt
    !ObpLookupDirectoryUsingHash+0xa0
    cb91f2d8 e386693c ca60f448 cb91f300 00000201 nt
    !ObpLookupDirectoryEntry+0x80
    cb91f33c e3876ed6 00000000 cb91f390 00000240 nt
    !ObpLookupObjectName+0x371
    cb91f398 e386d9b4 cb91f4a4 c2783a38 e37ab300 nt
    !ObOpenObjectByName+0x165
    cb91f414 e3854fa8 cb91f4d8 02000000 cb91f4a4 nt
    !IopCreateFile+0x673
    cb91f45c cdc38727 cb91f4d8 02000000 cb91f4a4 nt
    !IoCreateFile+0x38
    cb91f4d0 cdc29427 cdc30f4c cb91f4ec e360c800 afd
    !AfdTdiGetBaseDeviceObject+0x5e
    cb91f4f0 cdc293ed c380c7e8 c380c7e8 c3849970 afd
    !AfdTdiGetBaseDeviceObjects+0x2c
    cb91f510 c9aeec06 c380c812 00000000 d6390268 afd
    !AfdWskNotifyAttachClient+0x119
    cb91f53c d638c757 c380c810 c3849970 d639027c NETIO
    !NmrClientAttachProvider+0x3f
    cb91f560 c9aeeac4 c380c810 00000000 cdc30dc4 rasl2tp
    !WskNotifyAttachProvider+0x8a
    cb91f58c c9aeed36 c380c830 c3601d90 00000000 NETIO
    !NmrpProposeAttachment+0x45
    cb91f5a8 c9aeed02 c380c830 c359b520 00000001 NETIO
    !NmrpAttachArray+0x22
    cb91f5d0 c9aeec8f 00000001 c359b520 00000001 NETIO
    !NmrpRegisterModule+0x61
    cb91f5f4 d639d1e0 d63a007b 00000000 d63911d0 NETIO
    !NmrRegisterClient+0x4d
    cb91f610 d63a007b d6391014 c380c920 00000000 rasl2tp
    !WskStartClientModule+0x24
    cb91f688 e38042e6 c380c920 c3809000 c000035f rasl2tp
    !DriverEntry+0x2d
    cb91f86c e37f07f4 00000000 00000000 cb91f894 nt
    !IopLoadDriver+0x7ed
    cb91f918 e3834811 d5586d60 00000001 d5586d4c nt
    !PipCallDriverAddDeviceQueryRoutine+0x34b
    cb91f950 e3835520 00000001 cb91fa1c c0000034 nt
    !RtlpCallQueryRegistryRoutine+0x2ea
    cb91f9bc e37fe6a4 40000000 800001cc cb91fa38 nt
    !RtlQueryRegistryValues+0x31d
    cb91fa98 e37fde12 c27a9d48 cb91fcc8 00000000 nt
    !PipCallDriverAddDevice+0x383
    cb91fc94 e37c9e0c c279de78 c36e8228 cb91fcc8 nt
    !PipProcessDevNodeTree+0x15d
    cb91fcd4 e3654cfd c36e8228 e37a5ec0 c277b8e0 nt
    !PiProcessStartSystemDevices+0x6d
    cb91fd00 e36bdaab 00000000 00000000 c277b8e0 nt
    !PnpDeviceActionWorker+0x241
    cb91fd50 e3849f5e 00000001 e4c7388a 00000000 nt
    !ExpWorkerThread+0x10d
    cb91fd90 e36f1219 e36bd99e 00000001 00000000 nt
    !PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt
    !KiThreadStartup+0x19


    SYMBOL_STACK_INDEX
    :  a

    SYMBOL_NAME
    :  NETIO!NmrClientAttachProvider+3f

    FOLLOWUP_NAME
    :  MachineOwner

    MODULE_NAME
    NETIO

    IMAGE_NAME
    :  NETIO.SYS

    DEBUG_FLR_IMAGE_TIMESTAMP
    :  4ce78963

    STACK_COMMAND
    :  .cxr 0xffffffffcb91ed90 kb

    FAILURE_BUCKET_ID
    :  0x7E_NETIO!NmrClientAttachProvider+3f

    BUCKET_ID
    :  0x7E_NETIO!NmrClientAttachProvider+3f

    Followup
    MachineOwner
     
  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    I found the same problem as Lance using Windows Debugger but Blue Screen View opened both dumps, the other dump showed a different error and only named a Windows driver so there is no consistancy, if you do get any more BSOD's please post them.

    I am copying the logs you provided, please always follow instructions when doing scans and Copy & Paste logs into your replies, do not attach them. I did not ask for HJT or GMER.

    RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Scan -- Date : 02/08/2013 16:05:02
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] afom.exe -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8s1sgz9l.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 13 ¤¤¤
    [RUN][BLACKLISTDLL] HKCU\[...]\Run : MSIDLL (rundll32.exe msicrx32.dll,juobcme) -> FOUND
    [RUN][BLACKLISTDLL] HKUS\S-1-5-21-2298247432-2297446744-3411332775-500[...]\Run : MSIDLL (rundll32.exe msicrx32.dll,juobcme) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{C6139AFD-7D57-4578-9615-4B5A3713959C} : NameServer (8.8.8.8,8.8.4.4,218.248.255.141,218.248.255.139) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{C6139AFD-7D57-4578-9615-4B5A3713959C} : NameServer (8.8.8.8,8.8.4.4,218.248.255.141,218.248.255.139) -> FOUND
    [DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{C6139AFD-7D57-4578-9615-4B5A3713959C} : NameServer (8.8.8.8,8.8.4.4,218.248.255.141,218.248.255.139) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 validation.sls.microsoft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
    --- User ---
    [MBR] 01e569997bf25d512a4aa93214ecb5b3
    [BSP] 9a88f8bcaa47da3054b86c4fc2c1f06b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 67385 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 138212928 | Size: 409447 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WD 5000AAK External USB Device +++++
    --- User ---
    [MBR] a0dd5729daf2e9c10b40f19bb971fcf9
    [BSP] 96545aae4c3a8e5d84fbb99372be0652 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: JetFlash TS2GJFV30 USB Device +++++
    --- User ---
    [MBR] cce8627371ec4223895968a81f67f6b6
    [BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 1955 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: JetFlash Transcend 16GB USB Device +++++
    --- User ---
    [MBR] 0b13a45d71e63ce593edc44cf971dee8
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2408 | Size: 15298 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_02082013_02d1605.txt >>
    RKreport[1]_S_02082013_02d1605.txt



    # AdwCleaner v2.111 - Logfile created 02/08/2013 at 16:09:54
    # Updated 05/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : Administrator - GORGAPP
    # Boot Mode : Normal
    # Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8s1sgz9l.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}

    ***** [Registry] *****

    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\PIP
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\Software\PIP
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=102876&gct=hp
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112763&tt=3512_4&babsrc=NT_def

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8s1sgz9l.default\prefs.js

    Found : user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://torrentz.eu/i\",\"title\":\"iTorrentz\"},[...]
    Found : user_pref("browser.search.order.1", "Ask.com");
    Found : user_pref("[email protected]", true);
    Found : user_pref("extensions.tweaktube.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20\"[...]

    *************************

    AdwCleaner[R1].txt - [2620 octets] - [08/02/2013 16:09:54]

    ########## EOF - C:\AdwCleaner[R1].txt - [2680 octets] ##########


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: BrowserJavaVersion: 10.9.2
    Run by Administrator at 15:49:18 on 2013-02-08
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3316.2150 [GMT 5.5:30]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\ChgService.exe
    C:\Windows\system32\CISVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Users\Administrator\Documents\System.exe
    C:\Windows\explorer.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8s1sgz9l.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\Microsoft Help\MsHelpCenter.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Windows\explorer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=102876&gct=hp
    uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
    uWinlogon: Shell = expstart.exe
    mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\users\administrator\documents\system.exe,c:\users\administrator\documents\system.exe,c:\users\administrator\documents\system.exe,c:\users\administrator\documents\system.exe,c:\users\administrator\documents\system.exe,c:\users\administrator\documents\system.exe,c:\users\administrator\documents\System.exe
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [Network] c:\users\administrator\documents\System.exe
    uRun: [MSIDLL] rundll32.exe msicrx32.dll,juobcme
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "J:\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    uPolicies-Explorer: TaskbarNoThumbnail = dword:0
    uPolicies-Explorer: QuickLaunchEnabled = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    TCP: Interfaces\{C6139AFD-7D57-4578-9615-4B5A3713959C} : NameServer = 8.8.8.8,8.8.4.4,218.248.255.141,218.248.255.139
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 validation.sls.microsoft.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\8s1sgz9l.default\
    FF - prefs.js: browser.search.selectedEngine - Torrentz Search
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&q=
    FF - prefs.js: network.proxy.http - 173.45.108.66
    FF - prefs.js: network.proxy.http_port - 3129
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2012-12-12 17:26; {e968fc70-8f95-4ab9-9e79-304de2a71ee1}; c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\8s1sgz9l.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
    FF - ExtSQL: 2012-12-31 17:04; [email protected]; c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\8s1sgz9l.default\extensions\[email protected]
    FF - ExtSQL: 2013-01-13 20:12; [email protected]; c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\8s1sgz9l.default\extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2011-12-22 17:35; [email protected]; c:\users\administrator\appdata\roaming\idm\idmmzcc5
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2012-3-3 135168]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-12-24 21992]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-10-26 99192]
    R2 Microsoft Help Center;Microsoft Help Center;c:\windows\microsoft help\MsHelpCenter.exe [2012-8-22 8667136]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
    S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 IduService;Intel(R) Desktop Utilities Service;c:\program files\intel\intel desktop utilities\iduServ.exe [2010-1-11 131248]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-5 117584]
    S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2010-5-14 105984]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-4-20 14216]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-4-20 8456]
    S3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [2011-12-22 39488]
    S3 pgusbwdm;usb-audio.de driver (commercial 2.8.45);c:\windows\system32\drivers\pgusbwdm.sys [2011-12-22 403008]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-22 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-22 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-24 1343400]
    .
    =============== Created Last 30 ================
    .
    2013-02-08 10:12:58 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{971e4b12-f345-436f-ba4f-a451ea5b4db8}\offreg.dll
    2013-02-07 10:27:43 -------- d-----w- c:\program files\Seagate
    2013-01-29 08:25:55 -------- d-----w- c:\program files\MKVToolNix
    2013-01-23 10:19:16 -------- d-----w- c:\program files\qBittorrent
    2013-01-19 16:51:17 -------- d-----w- c:\program files\CCleaner
    2013-01-15 15:43:29 -------- d-----w- c:\program files\CPUID
    2013-01-11 14:20:26 -------- d-----w- c:\programdata\Package Cache
    2013-01-11 13:50:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
    .
    ==================== Find3M ====================
    .
    2013-01-12 08:53:52 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-12 08:53:52 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-08 21:19:29 92 ----a-w- c:\windows\sfshell.tmp
    2013-01-04 10:55:36 916480 ----a-w- c:\windows\expstart.exe
    2012-11-15 20:01:32 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-10-02 10:04:28 1002008 ----a-w- c:\program files\Setup.exe
    2006-11-10 03:55:46 319456 ----a-w- c:\program files\difxapi.dll
    .
    ============= FINISH: 15:49:48.11 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/21/2011 4:36:39 AM
    System Uptime: 2/8/2013 3:40:42 PM (0 hours ago)
    .
    Motherboard: Intel Corporation | | DG33FB
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU1 | 2666/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 66 GiB total, 43.538 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 100 GiB total, 64.329 GiB free.
    I: is FIXED (NTFS) - 466 GiB total, 139.756 GiB free.
    K: is FIXED (NTFS) - 300 GiB total, 218.794 GiB free.
    Q: is Removable
    S: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.3
    Adobe Shockwave Player 11.6
    Apple Application Support
    µTorrent
    Bonjour
    CamStudio OSS Desktop Recorder
    CCleaner
    CPUID CPU-Z 1.62.0
    EASEUS Data Recovery Wizard Professional 5.0.1
    EASEUS Partition Master 9.1.1 Home Edition
    Easy Audio Cutter V2.1
    Exact Audio Copy 1.0beta3
    FLAC 1.2.1b (remove only)
    foobar2000 v1.2.2
    Google Update Helper
    HD Tune Pro 5.00
    Intel(R) Desktop Utilities
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Integrator Toolkit
    Intel(R) Management Engine Interface
    Intel(R) Network Connections 15.3.68.0
    Intel(R) TV Wizard
    Internet Download Manager
    iTunes
    Java 7 Update 9
    Java Auto Updater
    JavaFX 2.1.1
    Medieval CUE Splitter
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.2
    Microsoft IntelliType Pro 8.2
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    MKVToolNix 6.0.0
    Mobipocket Reader 6.2
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 Parser and SDK
    Realtek High Definition Audio Driver
    Samsung_MonSetup
    Simple File Shredder 3.1
    SpeedFan (remove only)
    swMSM
    System Requirements Lab for Intel
    TeraCopy 2.2 beta 2
    The KMPlayer (remove only)
    VLC media player 2.0.5
    WinPcap 4.1.1
    WinRAR 4.10 beta 3 (32-bit)
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/8/2013 8:03:49 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    2/8/2013 3:42:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SysTool
    2/8/2013 3:42:54 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Intel(R) Desktop Utilities Service service to connect.
    2/8/2013 2:04:56 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    2/8/2013 1:28:55 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    2/7/2013 9:13:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0xe3864734, 0xcb91f1b8, 0xcb91ed90). A dump was saved in: C:\Windows\Minidump\020713-25521-01.dmp. Report Id: 020713-25521-01.
    2/7/2013 8:58:57 AM, Error: Service Control Manager [7038] - The WinDefend service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/7/2013 8:58:57 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/7/2013 8:58:57 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147467243.
    2/7/2013 8:58:57 AM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not start due to a logon failure.
    2/7/2013 8:58:57 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    2/7/2013 8:58:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/7/2013 5:09:57 PM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
    2/7/2013 5:09:54 PM, Error: Service Control Manager [7034] - The Intel(R) Desktop Utilities Service service terminated unexpectedly. It has done this 1 time(s).
    2/7/2013 4:53:36 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    2/7/2013 4:29:46 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    2/7/2013 3:28:37 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the IduService service.
    2/7/2013 3:24:40 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/7/2013 3:24:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/7/2013 3:24:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/7/2013 3:24:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/7/2013 3:24:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/7/2013 3:24:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/7/2013 3:24:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/7/2013 3:24:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr SysTool tdx Wanarpv6 WfpLwf
    2/7/2013 3:24:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/7/2013 3:24:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/7/2013 3:24:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/7/2013 3:24:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/7/2013 3:24:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/7/2013 3:24:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/7/2013 3:24:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/7/2013 3:24:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/7/2013 3:24:21 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/7/2013 3:24:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/7/2013 3:24:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xc065c898, 0xc000000e, 0x625e0be0, 0xcb913000). A dump was saved in: C:\Windows\Minidump\020713-26067-01.dmp. Report Id: 020713-26067-01.
    2/7/2013 3:23:58 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    2/7/2013 11:51:01 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the CISVC service.
    2/7/2013 10:38:36 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    2/7/2013 1:59:36 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    2/7/2013 1:24:04 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    2/7/2013 1:04:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.
    2/6/2013 5:00:56 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
    2/5/2013 11:07:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    2/4/2013 7:30:27 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR4.
    2/4/2013 11:15:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.
    2/4/2013 11:14:39 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
    2/3/2013 9:38:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR26.
    2/3/2013 3:42:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR11.
    2/3/2013 12:24:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR6.
    2/2/2013 7:37:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xc0000005, 0xe3867382, 0xc917e890, 0xc917e470). A dump was saved in: C:\Windows\Minidump\020213-13852-01.dmp. Report Id: 020213-13852-01.
    2/2/2013 1:51:39 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
    2/2/2013 1:46:00 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 2 time(s).
    .
    ==== End Of File ===========================
     
  8. qxza

    qxza Thread Starter

    Joined:
    Feb 7, 2013
    Messages:
    18
    Oops sorry for that .I will remember to copy paste it in future

    I have updated network adapter driver yesterday as you guys suggested and it is once again system is running normal.
    I haven't had any bsod related to kernel inpage error since the 2 errors .Thank you guys Mark and Lance.

    But one minor problem,hope you guys can help me solve this.
    I leave the system in sleep whenever i take a break.Before the bsod error,whenever i used to switch on my modem and internet used to be on it never turned the system on from sleep.
    But now the system turns on itself without my interference whenever internet is on and this is annoying as the system is running even if put system on sleep mode bcoz the modem somehow causes the system to wake up.
    I want it go back the way it was
    Can you guys tell me how to solve this problem?
     
  9. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Go into the Device Manager and locate the Network Adapter you just updated the driver for.

    Right click on the device and select properties, under the Power Management tab uncheck the box next to 'Allow this device to wake the computer', click on OK and close the windows.

    Reboot and see if that has helped.
     
  10. qxza

    qxza Thread Starter

    Joined:
    Feb 7, 2013
    Messages:
    18
    Yes that did the job.Thanks once again Mark.
    But the system boot up has slowed down by 10 seconds before the bsod.
    How can i get the the boot to be faster?
     
  11. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You might have a problem with the hard drive as there are several errors in the log relating to it, there are also a lot of Service errors.

    We can start with a disc check and the second scan will check all the Windows Services so may show us what the problem is.

    Disk Check

    • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
    • You will then see the following message:
      chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
    • Type Y for yes, and hit Enter. Then reboot the computer.
    • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
    • When the Disk Check is done, it will finish loading Windows.


    Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
    Windows 7 Disk Check log

    Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
    You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.

    ===========================================================================

    Please download RKill
    There are three buttons to choose from with different names on, select the first one and save it to your desktop.


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
    • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
    • If the tool does not run from any of the links provided, please let me know.
     
  12. qxza

    qxza Thread Starter

    Joined:
    Feb 7, 2013
    Messages:
    18
    Log Name: Application
    Source: Microsoft-Windows-Wininit
    Date: 2/11/2013 3:22:14 PM
    Event ID: 1001
    Task Category: None
    Level: Information
    Keywords: Classic
    User: N/A
    Computer: GORGAPP
    Description:


    Checking file system on C:
    The type of the file system is NTFS.
    Volume label is W 7.

    A disk check has been scheduled.
    Windows will now check the disk.

    CHKDSK is verifying files (stage 1 of 5)...
    121088 file records processed.

    File verification completed.
    234 large file records processed.

    0 bad file records processed.

    2 EA records processed.

    41 reparse records processed.

    CHKDSK is verifying indexes (stage 2 of 5)...
    157354 index entries processed.

    Index verification completed.
    0 unindexed files scanned.

    0 unindexed files recovered.

    CHKDSK is verifying security descriptors (stage 3 of 5)...
    121088 file SDs/SIDs processed.

    Cleaning up 17 unused index entries from index $SII of file 0x9.
    Cleaning up 17 unused index entries from index $SDH of file 0x9.
    Cleaning up 17 unused security descriptors.
    Security descriptor verification completed.
    18134 data files processed.

    CHKDSK is verifying Usn Journal...
    33993680 USN bytes processed.

    Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
    121072 files processed.

    File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
    11846806 free clusters processed.

    Free space verification is complete.
    Windows has checked the file system and found no problems.

    69003039 KB total disk space.
    21347192 KB in 66152 files.
    44736 KB in 18135 indexes.
    0 KB in bad sectors.
    223887 KB in use by the system.
    65536 KB occupied by the log file.
    47387224 KB available on disk.

    4096 bytes in each allocation unit.
    17250759 total allocation units on disk.
    11846806 allocation units available on disk.

    Internal Info:
    00 d9 01 00 4a 49 01 00 44 4e 02 00 00 00 00 00 ....JI..DN......
    a7 02 00 00 29 00 00 00 00 00 00 00 00 00 00 00 ....)...........
    98 91 4d 00 50 01 4c 00 d0 18 4c 00 00 00 4c 00 ..M.P.L...L...L.

    Windows has finished checking your disk.
    Please wait while your computer restarts.
     
  13. qxza

    qxza Thread Starter

    Joined:
    Feb 7, 2013
    Messages:
    18
    Rkill 2.4.6 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/11/2013 06:42:32 PM in x86 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * C:\Windows\System32\ChgService.exe (PID: 1520) [WD-HEUR]
    * C:\Windows\Microsoft Help\MsHelpCenter.exe (PID: 1668) [WD-HEUR]
    * C:\Users\Administrator\Documents\System.exe (PID: 2232) [UP-HEUR]
    * C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\8s1sgz9l.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe (PID: 1732) [UP-HEUR]

    4 proccesses terminated!

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 validation.sls.microsoft.com

    Program finished at: 02/11/2013 06:43:02 PM
    Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)
     
  14. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, we have a few things to do.

    STEP 1
    When you ran ADWCleaner you didn't follow the instructions correctly, you used the Search button instead of Delete. Please run it again and use the Delete button and post the log.

    =================================================================
    STEP 2
    I should have spotted this straight away, but you don't appear to have an Anti Virus on your system, please download and install this: Microsoft Security Essentials Run the program and let it update the latest definitions and run a FULL system scan with it, delete anything it finds and report back with all the details.

    =================================================================
    STEP 3
    There is a suspicious file that RKill found which we need to check.

    Go to one of the following online services that analyzes suspicious files:

    In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

    C:\Users\Administrator\Documents\System.exe <- this file

    Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
    -- Post back with the results of the file analysis in your next reply.

    ================================================================
    STEP 4
    I'd also like you to run RogueKiller again, after you have run the scan click on the Registry tab and un-select all the entries apart from these two:

    HKCU\[...]\Run : MSIDLL (rundll32.exe msicrx32.dll,juobcme)
    HKUS\S-1-5-21-2298247432-2297446744-3411332775-500[...]\Run : MSIDLL (rundll32.exe msicrx32.dll,juobcme)

    Then click on the Delete button, then the Report button and post the log.
     
  15. qxza

    qxza Thread Starter

    Joined:
    Feb 7, 2013
    Messages:
    18
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088572

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice