Inactive BSOD any time I shut down, no Internet connection

C

Chupadelpote

Posts: 71   +0
As I posted in this thread I've been having some troubles
https://www.techspot.com/community/topics/windows-7-x64-bsod-no-internet-since.184944/
Basically a bsod appears any time I shut down and I don't have acces to the internet, not a router problem, I reinstalled the network card drivers', using a previous restore point and some other things.

Eset Smart Security is disabled, I'm scaning with malwarebytes and it has found 1 infection so far, I was planning to run a registry check with Ccleaner after that.

Thank you
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
***** [Servicios] *****


***** [Ficheros / Carpetas] *****

Carpeta Presente : C:\ProgramData\boost_interprocess

***** [Registro] *****


***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] El registro no contiene ninguna entrada ilegítima.

-\\ Mozilla Firefox v [Imposible obtener la versión]

Perfil : default
Fichero : C:\Users\Héctor\AppData\Roaming\Mozilla\Firefox\Profiles\73lex1bf.default\prefs.js

[OK] El fichero no contiene ninguna entrada ilegítima.

-\\ Google Chrome v21.0.1180.83

Fichero : C:\Users\Héctor\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] El fichero no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[R1].txt - [719 octets] - [04/09/2012 22:26:02]

########## EOF - C:\AdwCleaner[R1].txt - [778 octets] ##########
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Versión de la Base de Datos: v2012.08.14.07
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Héctor :: HÉCTOR-PC [administrador]
04/09/2012 15:25:32
mbam-log-2012-09-04 (15-25-32).txt
Tipos de Análisis: Análisis Completo (C:\|D:\|E:\|)
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 637110
Tiempo transcurrido: 1 hora(s), 14 minuto(s), 20 segundo(s)
Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)
Archivos Detectados: 1
C:\$Recycle.Bin\S-1-5-21-2041811777-2680021307-3784352755-1001\$RZGD9TM.exe (Trojan.Agent.ck) -> En cuarentena y eliminado con éxito.
fin)
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Héctor at 22:58:16 on 2012-09-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.34.3082.18.6135.4587 [GMT 2:00]
.
AV: ESET Smart Security 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cortafuegos personal de ESET *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Héctor\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Héctor\Desktop\dds.com
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{AE7CD045-E861-484f-8273-0445EE161910}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [(Predeterminado)]
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2011-9-28 90112]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-11-16 735960]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-13 1262400]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-24 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-24 528760]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-6 1431888]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
S3 SaiHF51A;SaiHF51A;C:\Windows\system32\DRIVERS\SaiHF51A.sys --> C:\Windows\system32\DRIVERS\SaiHF51A.sys [?]
S3 SaiUF51A;SaiUF51A;C:\Windows\system32\DRIVERS\SaiUF51A.sys --> C:\Windows\system32\DRIVERS\SaiUF51A.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-09-04 20:58:17--------d-----w-C:\Users\HÚctor\AppData\Local\Microsoft
2012-09-02 20:13:0769000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{995CAE10-840D-42C6-BD92-4E19738D6C08}\offreg.dll
2012-08-31 13:41:209310152----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{995CAE10-840D-42C6-BD92-4E19738D6C08}\mpengine.dll
2012-08-29 11:53:03--------d-----w-C:\Mudbox
2012-08-28 19:30:58--------d-----w-C:\Windows\System32\SPReview
2012-08-28 19:07:14--------d-----w-C:\Windows\CheckSur
2012-08-28 18:27:57--------d-----w-C:\Windows\System32\EventProviders
2012-08-15 10:13:08552448----a-w-C:\Windows\System32\drivers\bthport.sys
2012-08-15 00:23:25--------d-----w-C:\Users\Héctor\AppData\Roaming\Malwarebytes
2012-08-15 00:23:1724904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-08-15 00:23:17--------d-----w-C:\ProgramData\Malwarebytes
2012-08-15 00:23:17--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-15 00:22:38--------d-----w-C:\Windows\pss
.
==================== Find3M ====================
.
2012-07-30 21:03:43426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-30 21:03:4270344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 17:31:123146752----a-w-C:\Windows\System32\win32k.sys
2012-07-04 22:01:3858880----a-w-C:\Windows\System32\browcli.dll
2012-07-04 22:01:38136704----a-w-C:\Windows\System32\browser.dll
2012-07-04 21:23:5541472----a-w-C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-06-13 09:20:0197682----a-w-C:\cuda.exe
.
============= FINISH: 22:58:36,71 ===============
 
Remove the Adware.
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
Please post the log.

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
AdwCleaner stops during the process with an error message:

Line 2058 (File "...adwcleamer.exe")
Error: Variable used without beign declared
 
That's the logfile

***** [Servicios] *****


***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\ProgramData\boost_interprocess

***** [Registro] *****


***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16421
 
I didn't know if I had to run Combofix after that, but I'm not a very patience guy

ComboFix 12-09-04.03 - Héctor 05/09/2012 19:54:34.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.34.3082.18.6135.4990 [GMT 2:00]
Running from: c:\users\HÚctor\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: Cortafuegos personal de ESET *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Héctor\AppData\Local\DNIeService.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-04 20:58 . 2012-09-04 20:58--------d-----w-c:\users\HÚctor
2012-08-31 13:41 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{995CAE10-840D-42C6-BD92-4E19738D6C08}\mpengine.dll
2012-08-29 11:56 . 2012-08-29 11:56--------d-----w-c:\users\HCTOR~3\AppData\Roaming\Dropbox
2012-08-29 11:54 . 2012-08-29 11:54--------d-----w-c:\users\HCTOR~3\AppData\Local\Microsoft
2012-08-29 11:54 . 2012-08-29 11:54--------d-----w-c:\users\HCTOR~3\AppData\Local\Google
2012-08-29 11:53 . 2012-08-29 11:53--------d-----w-c:\users\HCTOR~3\AppData\Roaming\Autodesk
2012-08-29 11:53 . 2012-08-29 11:53--------d-----w-C:\Mudbox
2012-08-28 19:30 . 2012-08-28 19:30--------d-----w-c:\windows\system32\SPReview
2012-08-28 19:07 . 2012-08-28 19:07--------d-----w-c:\windows\CheckSur
2012-08-28 18:27 . 2012-08-28 18:27--------d-----w-c:\windows\system32\EventProviders
2012-08-15 10:13 . 2012-07-06 19:58552448----a-w-c:\windows\system32\drivers\bthport.sys
2012-08-15 10:11 . 2012-06-29 04:5517809920----a-w-c:\windows\system32\mshtml.dll
2012-08-15 10:11 . 2012-06-29 04:0910925568----a-w-c:\windows\system32\ieframe.dll
2012-08-15 00:23 . 2012-08-15 00:23--------d-----w-c:\users\Héctor\AppData\Roaming\Malwarebytes
2012-08-15 00:23 . 2012-08-15 00:23--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-15 00:23 . 2012-08-15 00:23--------d-----w-c:\programdata\Malwarebytes
2012-08-15 00:23 . 2012-07-03 11:4624904----a-w-c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 10:10 . 2011-09-30 13:0962134624----a-w-c:\windows\system32\MRT.exe
2012-07-30 21:03 . 2012-05-19 21:35426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-30 21:03 . 2012-05-19 21:3570344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 09:20 . 2012-06-13 09:5197682----a-w-C:\cuda.exe
2012-06-09 05:30 . 2012-07-11 20:4514165504----a-w-c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:1794208----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:1794208----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:1794208----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:1794208----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2011-9-28 380928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-03-16 1847296]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-13 1431888]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2011-09-07 70016]
R3 SaiHF51A;SaiHF51A;c:\windows\system32\DRIVERS\SaiHF51A.sys [2007-05-31 175880]
R3 SaiUF51A;SaiUF51A;c:\windows\system32\DRIVERS\SaiUF51A.sys [2007-05-31 34432]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-12-18 44944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:1797792----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:1797792----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:1797792----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:1797792----a-w-c:\users\Héctor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2716216]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2041811777-2680021307-3784352755-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2041811777-2680021307-3784352755-1001\Software\SecuROM\License information*]
"datasecu"=hex:2e,61,f5,30,b3,a8,92,88,e8,6e,3a,ca,aa,23,fb,fa,d2,f8,a8,b8,cb,
03,aa,ba,be,07,04,02,e0,8e,48,50,90,91,01,12,cd,36,aa,de,ae,c9,9e,9d,14,53,\
"rkeysecu"=hex:e0,08,db,30,b3,d4,e4,07,99,23,2f,bc,f3,e6,b8,ef
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:a4,32,7d,92,39,cd,04,9e,1b,9c,2d,c5,92,52,65,2f,9e,ac,6f,03,38,
f7,da,68,5e,fd,b9,85,38,a3,f3,f7,44,d0,a1,77,4f,9b,90,54,d5,8e,cb,69,3d,1d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:a4,32,7d,92,39,cd,04,9e,1b,9c,2d,c5,92,52,65,2f,9e,ac,6f,03,38,
f7,da,68,5e,fd,b9,85,38,a3,f3,f7,44,d0,a1,77,4f,9b,90,54,d5,8e,cb,69,3d,1d,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
.
**************************************************************************
.
Completion time: 2012-09-05 20:03:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-05 18:03
.
Pre-Run: 66.353.328.128 bytes libres
Post-Run: 65.822.760.960 bytes libres
.
- - End Of File - - 95567A8733947E19FACC5D68B5F72490
 
Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-06 12:59:39
-----------------------------
12:59:39.510 OS Version: Windows x64 6.1.7600
12:59:39.510 Number of processors: 8 586 0x1A05
12:59:39.510 ComputerName: HÉCTOR-PC UserName: Héctor
12:59:42.131 Initialize success
12:59:56.223 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:59:56.223 Disk 0 Vendor: Intel___ 1.0. Size: 614400MB BusType: 8
12:59:56.223 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:59:56.223 Disk 1 Vendor: Intel___ 1.0. Size: 169735MB BusType: 8
12:59:56.239 Disk 0 MBR read successfully
12:59:56.239 Disk 0 MBR scan
12:59:56.239 Disk 0 Windows 7 default MBR code
12:59:56.255 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:59:56.255 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149900 MB offset 206848
12:59:56.270 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464397 MB offset 307202048
12:59:56.301 Disk 0 scanning C:\Windows\system32\drivers
13:00:03.633 Service scanning
13:00:12.291 Modules scanning
13:00:12.291 Disk 0 trace - called modules:
13:00:12.307 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:00:12.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071fb060]
13:00:12.307 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800633b050]
13:00:12.323 Scan finished successfully
13:00:25.068 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
13:00:25.099 The log file has been saved successfully to "G:\aswMBR.txt"
 
  1. Download Autoruns and save it to the Desktop.
  2. Upload Dump Files:

    Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your post.

    Here's how to do it:
    • Left click on the first minidump file.
    • Hold down the "Shift" key and left click on the last minidump file.
    • Right click on the blue highlighted area and select "Send to"
    • Select "Compressed (zipped) folder" and note where the folder is saved.
    • Upload that .zip file with your post.
    Note: If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post in the thread about the error so we can give further advice.

    If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend www.mediafire.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

    Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file).
  3. Run a System Health Report, press Start > type in perfmon /report and hit Enter. Once it is done calculating, hit File > Save as..., give it a file name and make sure it will be a HTML Report, and lastly make sure it saves to the Desktop. Once it is on the Desktop, Zip it up. Attach that file as well in your post.
While waiting for our reply, do the following:


Note: If you do not have DMP files in your MiniDMP folder, please let us know, then move on to the next step.
 
Here go the three last minidumps, I've some older ones saved onto my desktop.

Performance report gave an error trying to create the log, it says something like that (my computer is in spanish as yo already have noticed): Service didn't awnser on time to the start or control request
 

Attachments

  • Minidump.zip
    76.6 KB · Views: 2
Ok, I´ve started driver verification so I guess now I've to make normal use of my computer for a day to check any problems.

About HDD diagnosis I've a RAID config and an external eSata drive so I'm not sure how to do it, and I don't know if I had to wait until driver verification finishes.

I'm starting to think that it woul be easier to reinstall Windows and wait to see if another problems appears :p

Thanks a lot
 
Run chkdsk:
  1. Right-click the Start button and select Explore (alternatively, hit WINDOWS key E on your keyboard).
  2. Using Windows Explorer, navigate to your C:\ drive, then right-click the drive and select Properties
  3. In the Properties window that pops up, click the Tools tab and then, under "Error-checking", click on the button that says Check Now...
  4. In the Check disk options window that pops up, place a checkmark in both boxes:
    • Automatically fix file system errors
    • Scan for and attempt recovery of bad sectors
  5. Now click on Start
    • A new window will pop up saying, "Windows can't check the disk while it's in use".
  6. Click Yes to schedule the disk check.
  7. Now shut down (do NOT restart!) your computer, and then turn your computer back on with its power button.
    • When your computer turns on, you will see a black screen with white lettering, this is chkdsk running.
  8. Let chkdsk run through its five stages. When the utility finishes, Windows will boot to the Desktop.
    NOTE: Running chkdsk may take some time to complete. Please be patient and do NOT use the computer, press any keys, or try to stop the chkdsk scan once it has started!

==

Locate the chkdsk log and post it here:
  1. Click on Start, then click Run...
  2. Copy and paste the following text into the "Open:" box: eventvwr.msc /s
    NOTE there is a space between "eventvwr.msc" and "/s"!
  3. Click OK (or hit Enter).
    • This will bring up the Event Viewer window.
  4. In the left panel, click on Application
  5. The chkdsk log should be the first entry, with a source of Winlogon
    NOTE: If it is not the first log, click on View, and then on Newest First: that should place the chkdsk log at the top of the list.
  6. Click on the entry once.
  7. Right-click on the entry and choose Properties
  8. In the window that pops up, click on
    EventViewerPropertiesCopybutton.png
    to copy the log.
  9. Paste the log in a reply to this topic.
 
Nombre de registro:Application
Origen: Microsoft-Windows-Winlogon
Fecha: 11/09/2012 15:43:34
Id. del evento:4101
Categoría de la tarea:Ninguno
Nivel: Información
Palabras clave:Clásico
Usuario: No disponible
Equipo: HÉCTOR-PC
Descripción:
Licencia de Windows validada.
XML de evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Winlogon" />
<EventID Qualifiers="16384">4101</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-09-11T13:43:34.000000000Z" />
<EventRecordID>27829</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>HÉCTOR-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x00000000</Data>
<Data>0x00000001</Data>
</EventData>
</Event>
 
Ok, now I found it at first look :p, it was under Wininit, not winlogon. It's in spanish

Nombre de registro:Application
Origen: Microsoft-Windows-Wininit
Fecha: 11/09/2012 15:43:54
Id. del evento:1001
Categoría de la tarea:Ninguno
Nivel: Información
Palabras clave:Clásico
Usuario: No disponible
Equipo: HÉCTOR-PC
Descripción:


Comprobando el sistema de archivos en C:
El tipo del sistema de archivos es NTFS.

Se ha programado una comprobación del disco.
Windows comprobará ahora el disco.

CHKDSK está comprobando archivos (etapa 1 de 5)...
334592 registros de archivos procesados.

Comprobación de archivos completada.
355 registros de archivos grandes procesados.

0 registros de archivos no válidos procesados.

0 registros de EA procesados.

89 registros de análisis procesados.

CHKDSK está comprobando índices (etapa 2 de 5)...
423500 entradas de índice procesadas.

Comprobación de índices completada.
0 archivos no indizados examinados.

0 archivos no indizados recuperados.

CHKDSK está comprobando descriptores de seguridad (etapa 3 de 5)...
334592 SD/SID de archivo procesados.

Liberando 223 entradas de índice no usadas del índice $SII del archivo 0x9.
Liberando 223 entradas de índice no usadas del índice $SDH del archivo 0x9.
Liberando 223 descriptores de seguridad no usados.
Comprobación de descriptores de seguridad completada.
44455 archivos de datos procesados.

CHKDSK está comprobando el diario USN...
34716624 bytes de USN procesados.

Se ha completado la comprobación del diario USN.
CHKDSK está comprobando los datos de archivo (etapa 4 de 5)...
334576 archivos procesados.

Comprobación de datos de archivo completada.
CHKDSK está comprobando el espacio disponible (etapa 5 de 5)...
16069742 clústeres disponibles procesados.

La comprobación del espacio disponible se completó.
CHKDSK detectó espacio disponible marcado como asignado en el
mapa de bits de la tabla maestra de archivos (MFT).
Windows ha hecho algunas correciones en el sistema de archivos.

153497599 KB de espacio total en disco.
88652724 KB en 238891 archivos.
125220 KB en 44456 índices.
0 KB en sectores defectuosos.
440687 KB en uso por el sistema.
El archivo de registro ha ocupado 65536 kilobytes.
64278968 KB disponibles en disco.

4096 bytes en cada unidad de asignación.
38374399 unidades de asignación en disco en total.
16069742 unidades de asignación disponibles en disco.

Información interna:
00 1b 05 00 d9 52 04 00 71 01 08 00 00 00 00 00 .....R..q.......
fb 02 00 00 59 00 00 00 00 00 00 00 00 00 00 00 ....Y...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows ha finalizado la comprobación del disco.
Espere mientras se reinicia el sistema.

XML de evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-09-11T13:43:54.000000000Z" />
<EventRecordID>27838</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>HÉCTOR-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Comprobando el sistema de archivos en C:
El tipo del sistema de archivos es NTFS.

Se ha programado una comprobación del disco.
Windows comprobará ahora el disco.

CHKDSK está comprobando archivos (etapa 1 de 5)...
334592 registros de archivos procesados.

Comprobación de archivos completada.
355 registros de archivos grandes procesados.

0 registros de archivos no válidos procesados.

0 registros de EA procesados.

89 registros de análisis procesados.

CHKDSK está comprobando índices (etapa 2 de 5)...
423500 entradas de índice procesadas.

Comprobación de índices completada.
0 archivos no indizados examinados.

0 archivos no indizados recuperados.

CHKDSK está comprobando descriptores de seguridad (etapa 3 de 5)...
334592 SD/SID de archivo procesados.

Liberando 223 entradas de índice no usadas del índice $SII del archivo 0x9.
Liberando 223 entradas de índice no usadas del índice $SDH del archivo 0x9.
Liberando 223 descriptores de seguridad no usados.
Comprobación de descriptores de seguridad completada.
44455 archivos de datos procesados.

CHKDSK está comprobando el diario USN...
34716624 bytes de USN procesados.

Se ha completado la comprobación del diario USN.
CHKDSK está comprobando los datos de archivo (etapa 4 de 5)...
334576 archivos procesados.

Comprobación de datos de archivo completada.
CHKDSK está comprobando el espacio disponible (etapa 5 de 5)...
16069742 clústeres disponibles procesados.

La comprobación del espacio disponible se completó.
CHKDSK detectó espacio disponible marcado como asignado en el
mapa de bits de la tabla maestra de archivos (MFT).
Windows ha hecho algunas correciones en el sistema de archivos.

153497599 KB de espacio total en disco.
88652724 KB en 238891 archivos.
125220 KB en 44456 índices.
0 KB en sectores defectuosos.
440687 KB en uso por el sistema.
El archivo de registro ha ocupado 65536 kilobytes.
64278968 KB disponibles en disco.

4096 bytes en cada unidad de asignación.
38374399 unidades de asignación en disco en total.
16069742 unidades de asignación disponibles en disco.

Información interna:
00 1b 05 00 d9 52 04 00 71 01 08 00 00 00 00 00 .....R..q.......
fb 02 00 00 59 00 00 00 00 00 00 00 00 00 00 00 ....Y...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows ha finalizado la comprobación del disco.
Espere mientras se reinicia el sistema.
</Data>
</EventData>
</Event>
 
You must log in or register to reply here.

Similar threads

pioneerx01
Win 10 randomly crashes, no BSOD, no minidump, no error messages
Replies
4
Views
2K
bazz2004
B
Shawn Knight
Smart appliance buyers aren't keeping their devices connected to the Internet
Replies
19
Views
1K
Athlonite
Athlonite
Cal Jeffrey
Twitter shut down a major security flaw but not before a hacker exposed 5.4 million users
Replies
5
Views
867
Hodor
Hodor

Latest posts

Back