Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: BSOD-Possibly due to Virus Attack

16 May 2011   #1

Windows 7 Ultimate
BSOD-Possibly due to Virus Attack

Dear All,

Two days ago, I was struck with The famous BSOD error which has screwed up a lot of my time. I desperately need help. I tried my self and seems like I have been hit by some kind of Malware TrojanDownloader:Win32/KaraganyA which was allowed by my MSE, which is really bad. Anyways I have tried various registry cleaning softwares but nothing has worked for me. Could anybody please assist me by reading my dump file and telling me what should I do to restore my system, it is extremely important, Please Please help me.

My system Specification

OS Name - Microsoft Windows 7 Ultimate
Version - 6.1.7600 Build 7600
OS Manufacturer - Microsoft Corporation
System Model - Aspire 5740
System Type - X86-based PC
Processor Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz, 2128 Mhz, 2 Core(s), 4 Logical Processor(s)
BIOS Version/Date- Phoenix Technologies LTD V1.09, 11/26/2009
SMBIOS Version 2.6
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Installed Physical Memory (RAM) 3.00 GB

Unfortunately, I do not have a restore point on my machine . Kindly assist me and of you need more information please get back to me.

My System SpecsSystem Spec

16 May 2011   #2

Windows 7 Ultimate

The BSOD displays this error message

0X0000008E (0XC0000005, 0X8CA82487, 0XB08DF434, 0X00000000)
My System SpecsSystem Spec
16 May 2011   #3

windows 7 ultimate

Hi amandev and Welcome to the Forum.

If you are pretty sure you've got malware it's essential you get rid of that first.

Download, install and update Malwarebytes' Free. Then run a full scan in Safe Mode.

Also: Dr. Web, How To Remove Virus "TrojanDownloader:Win32/Karagany.A"
Ignore: 2. Download Security Space Pro (32-bit) or Security Space Pro (64-bit), save it in desktop.
It's the CureIt! scan you are after.

Usual causes:
Insufficient disk space, Device driver, Video card, BIOS, Breakpoint in startup without having a debugger attached, Hardware incompatibility, Faulty system service, 3rd party remote control, Memory

Your latest dump file lists ataport.SYS as the probable cause. This is a Windows System file and for it to be the cause of your crash is highly unlikely.
Old and incompatible drivers can and do cause issues with Windows 7, often giving false error codes.

As a Priority:

PC Tools is known to be a cause of BSOD's on many Windows 7 systems. Uninstall PC Tools, including ThreatFire. Download Microsoft Security Essentials as its replacement. Make sure your Windows firewall is switched on!

sptd.sys Sun Jul 26 21:12:28 2009 The sptd.sys driver is notorious for causing BSOD's with Windows 7. It's a driver used and installed along with Daemon Tools and Alcohol 120 which you'll also have to uninstall.
Then use the correct (32bit or 64bit) download from Duplex Secure - Downloads to uninstall the SPTD.SYS driver.
Make sure to select the uninstall button! DO NOT SELECT INSTALL!!

Outdated Drivers. Update:

AGRSM.sys Mon Nov 10 14:56:37 2008 TOSHIBA V92 Software Modem orAgere Systems Softor Creatix V.92 Data Fax Modem part of LSI Logic

athr.sys Tue Jun 09 19:04:52 2009 Atheros Extensible Wireless LAN driver for CB42/CB43/MB42/MB43 Network Adapter - D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B) discontinued 2008 Atheros

DKbFltr.sys Thu Mar 26 03:10:12 2009 Dritek Keyboard Filter driver

Drivers with Updates:

k57nd60x.sys Thu Aug 06 12:44:50 2009 Broadcom Ethernet

Bugcheck Analysis:
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8cb04487, b7f55434, 0}

Unable to load image \SystemRoot\system32\DRIVERS\MpFilter.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for MpFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys
Probably caused by : ataport.SYS ( ataport!IdePortDispatchDeviceControl+b )

Followup: MachineOwner

1: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
Arg1: c0000005, The exception code that was not handled
Arg2: 8cb04487, The address that the exception occurred at
Arg3: b7f55434, Trap Frame
Arg4: 00000000

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

8cb04487 80b98600000000  cmp     byte ptr [ecx+86h],0

TRAP_FRAME:  b7f55434 -- (.trap 0xffffffffb7f55434)
ErrCode = 00000000
eax=8893d338 ebx=00000000 ecx=00000000 edx=877d2008 esi=8893d338 edi=8893d338
eip=8cb04487 esp=b7f554a8 ebp=b7f554a8 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
8cb04487 80b98600000000  cmp     byte ptr [ecx+86h],0       ds:0023:00000086=??
Resetting default scope






LAST_CONTROL_TRANSFER:  from 84e4048c to 8cb04487

b7f554a8 84e4048c 8893d338 879d4eb0 87a68658 ataport!IdePortDispatchDeviceControl+0xb
b7f554c0 850e3a3d 8a595b40 8a595c64 00000000 nt!IofCallDriver+0x63
b7f55534 84fbcd8d 8aac9930 8799c948 b7f55564 nt!RawQueryFsSizeInfo+0xbe
b7f55558 84fbe0d5 8a595b40 00000018 97032373 nt!RawQueryVolumeInformation+0x7e
b7f555a0 84e4048c 87a685a0 8a595b40 8a595b40 nt!RawDispatch+0xd9
b7f555b8 855ab3e8 879d2648 00000000 8aac9930 nt!IofCallDriver+0x63
b7f555e4 84e4048c 879d2648 8a595b40 8a595b40 fltmgr!FltpDispatch+0xe2
b7f555fc 850423be 8a595c64 8a595b40 20206f49 nt!IofCallDriver+0x63
b7f5561c 85055cda 879d2648 8aac9930 00000001 nt!IopSynchronousServiceTail+0x1f8
b7f556a8 84e4741a 80000a01 b7f55798 b7f55780 nt!NtQueryVolumeInformationFile+0x440
b7f556a8 84e45e75 80000a01 b7f55798 b7f55780 nt!KiFastCallEntry+0x12a
b7f55734 855c9ead 80000ad0 b7f55798 b7f55780 nt!ZwQueryVolumeInformationFile+0x11
b7f55754 855e2560 80000ad0 b7f55798 b7f55780 fltmgr!FltQueryVolumeInformation+0x2f
WARNING: Stack unwind information not available. Following frames may be wrong.
b7f557d8 855e7a4e b7f5589c 00000008 00000001 MpFilter+0x9560
b7f55880 855bfbf5 b7f5589c 00000005 00000008 MpFilter+0xea4e
b7f558b4 855c0417 87a855b0 00000005 32ae30df fltmgr!FltpDoInstanceSetupNotification+0x69
b7f55900 855c07d1 88a0ee08 87a00ac8 00000005 fltmgr!FltpInitInstance+0x25d
b7f55970 855c08d7 88a0ee08 87a00ac8 00000005 fltmgr!FltpCreateInstanceFromName+0x285
b7f559dc 855c9cde 88a0ee08 87a00ac8 00000005 fltmgr!FltpEnumerateRegistryInstances+0xf9
b7f55a2c 855be7f4 87a00ac8 8a61f540 8aba8598 fltmgr!FltpDoFilterNotificationForNewVolume+0xe0
b7f55a70 84e4048c 879d2648 87a00ac8 8aba85f4 fltmgr!FltpCreate+0x206
b7f55a88 85044afd 97032db3 b7f55c30 00000000 nt!IofCallDriver+0x63
b7f55b60 8502557b 8893d338 a587e588 877bfd20 nt!IopParseDevice+0xed7
b7f55bdc 8504b729 00000000 b7f55c30 00000040 nt!ObpLookupObjectName+0x4fa
b7f55c38 85043a7b 0103e31c 8787e588 00000001 nt!ObOpenObjectByName+0x165
b7f55cb4 8504f392 0103e378 80100080 0103e31c nt!IopCreateFile+0x673
b7f55d00 84e4741a 0103e378 80100080 0103e31c nt!NtCreateFile+0x34
b7f55d00 77c96344 0103e378 80100080 0103e31c nt!KiFastCallEntry+0x12a
0103e2dc 00000000 00000000 00000000 00000000 0x77c96344


8cb04487 80b98600000000  cmp     byte ptr [ecx+86h],0


SYMBOL_NAME:  ataport!IdePortDispatchDeviceControl+b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ataport

IMAGE_NAME:  ataport.SYS


FAILURE_BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

BUCKET_ID:  0x8E_ataport!IdePortDispatchDeviceControl+b

Followup: MachineOwner
8ca05000 8ca4d000   ACPI     ACPI.sys     Tue Jul 14 00:11:11 2009 (4A5BBF0F)
91e32000 91e8c000   afd      afd.sys      Tue Jul 14 00:12:34 2009 (4A5BBF62)
935e3000 935f5000   AgileVpn AgileVpn.sys Tue Jul 14 00:55:00 2009 (4A5BC954)
95230000 95336000   AGRSM    AGRSM.sys    Mon Nov 10 14:56:37 2008 (49184BA5)
8cb39000 8cb42000   amdxata  amdxata.sys  Fri Mar 19 16:19:01 2010 (4BA3A3F5)
8caf5000 8cafe000   atapi    atapi.sys    Tue Jul 14 00:11:15 2009 (4A5BBF13)
8cafe000 8cb21000   ataport  ataport.SYS  Tue Jul 14 00:11:18 2009 (4A5BBF16)
93409000 93519000   athr     athr.sys     Tue Jun 09 19:04:52 2009 (4A2EA444)
8ca79000 8ca84000   BATTC    BATTC.SYS    Tue Jul 14 00:19:15 2009 (4A5BC0F3)
8cff1000 8cff8000   Beep     Beep.SYS     Tue Jul 14 00:45:00 2009 (4A5BC6FC)
91c8c000 91c9a000   blbdrive blbdrive.sys Tue Jul 14 00:23:04 2009 (4A5BC1D8)
854b0000 854b8000   BOOTVID  BOOTVID.dll  Tue Jul 14 02:04:34 2009 (4A5BD9A2)
939ce000 939e7000   bowser   bowser.sys   Wed Feb 23 05:05:24 2011 (4D649594)
825d0000 825ee000   cdd      cdd.dll      unavailable (00000000)
8ce11000 8ce30000   cdrom    cdrom.sys    Tue Jul 14 00:11:24 2009 (4A5BBF1C)
854fa000 855a5000   CI       CI.dll       Tue Jul 14 02:09:28 2009 (4A5BDAC8)
8cfc2000 8cfe7000   CLASSPNP CLASSPNP.SYS Tue Jul 14 00:11:20 2009 (4A5BBF18)
854b8000 854fa000   CLFS     CLFS.SYS     Tue Jul 14 00:11:10 2009 (4A5BBF0E)
93523000 93526700   CmBatt   CmBatt.sys   Tue Jul 14 00:19:18 2009 (4A5BC0F6)
8cd9e000 8cdfb000   cng      cng.sys      Tue Jul 14 00:32:55 2009 (4A5BC427)
8ca71000 8ca79000   compbatt compbatt.sys Tue Jul 14 00:19:18 2009 (4A5BC0F6)
935d6000 935e3000   CompositeBus CompositeBus.sys Tue Jul 14 00:45:26 2009 (4A5BC716)
9537d000 9538a000   crashdmp crashdmp.sys Tue Jul 14 00:45:50 2009 (4A5BC72E)
91c10000 91c74000   csc      csc.sys      Tue Jul 14 00:15:08 2009 (4A5BBFFC)
91c74000 91c8c000   dfsc     dfsc.sys     Tue Jul 14 00:14:16 2009 (4A5BBFC8)
91fb9000 91fc5000   discache discache.sys Tue Jul 14 00:24:04 2009 (4A5BC214)
8cfb1000 8cfc2000   disk     disk.sys     Tue Jul 14 00:11:28 2009 (4A5BBF20)
9353f000 93549000   DKbFltr  DKbFltr.sys  Thu Mar 26 03:10:12 2009 (49CAF214)
93929000 93942000   drmk     drmk.sys     Tue Jul 14 01:36:05 2009 (4A5BD2F5)
9538a000 95395000   dump_dumpata dump_dumpata.sys Tue Jul 14 00:11:16 2009 (4A5BBF14)
9539f000 953b0000   dump_dumpfve dump_dumpfve.sys Tue Jul 14 00:12:47 2009 (4A5BBF6F)
95395000 9539f000   dump_msahci dump_msahci.sys Tue Jul 14 00:45:50 2009 (4A5BC72E)
953b0000 953ba000   Dxapi    Dxapi.sys    Tue Jul 14 00:25:25 2009 (4A5BC265)
92d41000 92df8000   dxgkrnl  dxgkrnl.sys  Tue Nov 02 02:37:53 2010 (4CCF7981)
91cbb000 91cf4000   dxgmms1  dxgmms1.sys  Thu Feb 03 03:34:49 2011 (4D4A2259)
8cb42000 8cb53000   fileinfo fileinfo.sys Tue Jul 14 00:21:51 2009 (4A5BC18F)
855a5000 855d9000   fltmgr   fltmgr.sys   Tue Jul 14 00:11:13 2009 (4A5BBF11)
8cc0e000 8cc17000   Fs_Rec   Fs_Rec.sys   Tue Jul 14 00:11:14 2009 (4A5BBF12)
8cf7f000 8cfb1000   fvevol   fvevol.sys   Sat Sep 26 03:24:21 2009 (4ABD7B55)
8d158000 8d189000   fwpkclnt fwpkclnt.sys Tue Jul 14 00:12:03 2009 (4A5BBF43)
85214000 8524b000   hal      halmacpi.dll Tue Jul 14 00:11:03 2009 (4A5BBF07)
91d3f000 91d5e000   HDAudBus HDAudBus.sys Tue Jul 14 00:50:55 2009 (4A5BC85F)
938aa000 938fa000   HdAudio  HdAudio.sys  Tue Jul 14 00:51:46 2009 (4A5BC892)
92400000 9240a080   HECI     HECI.sys     Thu Sep 17 20:54:12 2009 (4AB293E4)
9d4df000 9d564000   HTTP     HTTP.sys     Tue Jul 14 00:12:53 2009 (4A5BBF75)
8d1e9000 8d1f1000   hwpolicy hwpolicy.sys Tue Jul 14 00:11:01 2009 (4A5BBF05)
93527000 9353f000   i8042prt i8042prt.sys Tue Jul 14 00:11:23 2009 (4A5BBF1B)
92424000 92d41000   igdkmd32 igdkmd32.sys Wed Aug 25 20:31:24 2010 (4C756F8C)
9359c000 935bab00   Impcd    Impcd.sys    Mon Oct 26 20:39:02 2009 (4AE608E6)
95343000 9537d000   IntcDAud IntcDAud.sys Fri Oct 30 14:55:29 2009 (4AEAFE61)
935bb000 935cd000   intelppm intelppm.sys Tue Jul 14 00:11:03 2009 (4A5BBF07)
91d5e000 91da3000   k57nd60x k57nd60x.sys Thu Aug 06 12:44:50 2009 (4A7AC232)
93549000 93556000   kbdclass kbdclass.sys Tue Jul 14 00:11:15 2009 (4A5BBF13)
88953000 8895b000   kdcom    kdcom.dll    Tue Jul 14 02:08:58 2009 (4A5BDAAA)
93813000 93847000   ks       ks.sys       Thu Mar 04 03:57:52 2010 (4B8F2FC0)
8cd8b000 8cd9e000   ksecdd   ksecdd.sys   Tue Jul 14 00:11:56 2009 (4A5BBF3C)
8cf2d000 8cf52000   ksecpkg  ksecpkg.sys  Fri Dec 11 04:04:22 2009 (4B21C4C6)
9521b000 9522b000   lltdio   lltdio.sys   Tue Jul 14 00:53:18 2009 (4A5BC8EE)
95200000 9521b000   luafv    luafv.sys    Tue Jul 14 00:15:44 2009 (4A5BC020)
85427000 8549f000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Tue Jul 14 02:06:41 2009 (4A5BDA21)
95336000 95343000   modem    modem.sys    Tue Jul 14 00:55:24 2009 (4A5BC96C)
953f5000 95400000   monitor  monitor.sys  Tue Jul 14 00:25:58 2009 (4A5BC286)
9358f000 9359c000   mouclass mouclass.sys Tue Jul 14 00:11:15 2009 (4A5BBF13)
8cadf000 8caf5000   mountmgr mountmgr.sys Tue Jul 14 00:11:27 2009 (4A5BBF1F)
855d9000 855ff680   MpFilter MpFilter.sys Tue Sep 14 22:23:59 2010 (4C8FE7EF)
939e7000 939f9000   mpsdrv   mpsdrv.sys   Tue Jul 14 00:52:52 2009 (4A5BC8D4)
9b612000 9b635000   mrxsmb   mrxsmb.sys   Wed Feb 23 05:05:29 2011 (4D649599)
9b635000 9b670000   mrxsmb10 mrxsmb10.sys Wed Feb 23 05:05:39 2011 (4D6495A3)
9b670000 9b68b000   mrxsmb20 mrxsmb20.sys Wed Feb 23 05:05:33 2011 (4D64959D)
8cb21000 8cb2b000   msahci   msahci.sys   Tue Jul 14 00:45:50 2009 (4A5BC72E)
85400000 8540b000   Msfs     Msfs.SYS     Tue Jul 14 00:11:26 2009 (4A5BBF1E)
8ca58000 8ca60000   msisadrv msisadrv.sys Tue Jul 14 00:11:09 2009 (4A5BBF0D)
8cd60000 8cd8b000   msrpc    msrpc.sys    Tue Jul 14 00:11:59 2009 (4A5BBF3F)
91faf000 91fb9000   mssmbios mssmbios.sys Tue Jul 14 00:19:25 2009 (4A5BC0FD)
8d1d9000 8d1e9000   mup      mup.sys      Tue Jul 14 00:14:14 2009 (4A5BBFC6)
8ce38000 8ceef000   ndis     ndis.sys     Tue Jul 14 00:12:24 2009 (4A5BBF58)
935f5000 93600000   ndistapi ndistapi.sys Tue Jul 14 00:54:24 2009 (4A5BC930)
939a2000 939b2000   ndisuio  ndisuio.sys  Tue Jul 14 00:53:51 2009 (4A5BC90F)
91dbb000 91ddd000   ndiswan  ndiswan.sys  Tue Jul 14 00:54:34 2009 (4A5BC93A)
93899000 938aa000   NDProxy  NDProxy.SYS  Tue Jul 14 00:54:27 2009 (4A5BC933)
91efe000 91f0c000   netbios  netbios.sys  Tue Jul 14 00:53:54 2009 (4A5BC912)
91e8c000 91ebe000   netbt    netbt.sys    Tue Jul 14 00:12:18 2009 (4A5BBF52)
8ceef000 8cf2d000   NETIO    NETIO.SYS    Fri Apr 09 03:32:21 2010 (4BBE91B5)
8540b000 85419000   Npfs     Npfs.SYS     Tue Jul 14 00:11:31 2009 (4A5BBF23)
91fa5000 91faf000   nsiproxy nsiproxy.sys Tue Jul 14 00:12:08 2009 (4A5BBF48)
84e04000 85214000   nt       ntkrpamp.exe Sat Apr 09 04:57:09 2011 (4D9FD915)
8cc31000 8cd60000   Ntfs     Ntfs.sys     Fri Mar 11 03:29:11 2011 (4D799707)
8ce30000 8ce37000   Null     Null.SYS     Tue Jul 14 00:11:12 2009 (4A5BBF10)
9395c000 939a2000   nwifi    nwifi.sys    Tue Jul 14 00:51:59 2009 (4A5BC89F)
91ece000 91eed000   pacer    pacer.sys    Tue Jul 14 00:53:58 2009 (4A5BC916)
8ca60000 8ca71000   partmgr  partmgr.sys  Tue Jul 14 00:11:35 2009 (4A5BBF27)
857b4000 857de000   pci      pci.sys      Tue Jul 14 00:11:16 2009 (4A5BBF14)
8cb2b000 8cb39000   PCIIDEX  PCIIDEX.SYS  Tue Jul 14 00:11:15 2009 (4A5BBF13)
8cb53000 8cb90000   PCTCore  PCTCore.sys  Wed Dec 08 21:20:21 2010 (4CFFF695)
8cb90000 8cbe7000   pctDS    pctDS.sys    Fri Jun 04 03:06:26 2010 (4C085FA2)
9d4d6000 9d4de260   PCTSDInj32 PCTSDInj32.sys Wed Sep 01 01:31:04 2010 (4C7D9EC8)
8cc00000 8cc0e000   pcw      pcw.sys      Tue Jul 14 00:11:10 2009 (4A5BBF0E)
9b6a3000 9b73a000   peauth   peauth.sys   Tue Jul 14 01:35:44 2009 (4A5BD2E0)
938fa000 93929000   portcls  portcls.sys  Tue Jul 14 00:51:00 2009 (4A5BC864)
8549f000 854b0000   PSHED    PSHED.dll    Tue Jul 14 02:09:36 2009 (4A5BDAD0)
91da3000 91dbb000   rasl2tp  rasl2tp.sys  Tue Jul 14 00:54:33 2009 (4A5BC939)
91ddd000 91df5000   raspppoe raspppoe.sys Tue Jul 14 00:54:53 2009 (4A5BC94D)
91fc5000 91fdc000   raspptp  raspptp.sys  Tue Jul 14 00:54:47 2009 (4A5BC947)
91fdc000 91ff3000   rassstp  rassstp.sys  Tue Jul 14 00:54:57 2009 (4A5BC951)
91f64000 91fa5000   rdbss    rdbss.sys    Tue Jul 14 00:14:26 2009 (4A5BBFD2)
9241a000 92424000   rdpbus   rdpbus.sys   Tue Jul 14 01:02:40 2009 (4A5BCB20)
8cff8000 8d000000   RDPCDD   RDPCDD.sys   Tue Jul 14 01:01:40 2009 (4A5BCAE4)
8cbe7000 8cbef000   rdpencdd rdpencdd.sys Tue Jul 14 01:01:39 2009 (4A5BCAE3)
8cbef000 8cbf7000   rdprefmp rdprefmp.sys Tue Jul 14 01:01:41 2009 (4A5BCAE5)
8cf52000 8cf7f000   rdyboost rdyboost.sys Tue Jul 14 00:22:02 2009 (4A5BC19A)
939b2000 939c5000   rspndr   rspndr.sys   Tue Jul 14 00:53:20 2009 (4A5BC8F0)
91f5e000 91f64000   SASDIFSV SASDIFSV.SYS Wed Feb 17 18:19:19 2010 (4B7C3327)
91f3c000 91f5e000   SASKUTIL SASKUTIL.SYS Mon May 10 18:15:22 2010 (4BE83F2A)
91f2f000 91f3c000   SCDEmu   SCDEmu.SYS   Sun Nov 02 08:44:10 2008 (490D685A)
8578e000 857b4000   SCSIPORT SCSIPORT.SYS Tue Jul 14 00:45:55 2009 (4A5BC733)
9b73a000 9b744000   secdrv   secdrv.SYS   Wed Sep 13 14:18:32 2006 (45080528)
8d1d1000 8d1d9000   spldr    spldr.sys    Mon May 11 17:13:47 2009 (4A084EBB)
9b765000 9b7cf000   spsys    spsys.sys    Mon May 11 17:37:10 2009 (4A085436)
85684000 85785000   sptd     sptd.sys     Sun Jul 26 21:12:28 2009 (4A6CB8AC)
9d484000 9d4d6000   srv      srv.sys      Wed Feb 23 05:06:08 2011 (4D6495C0)
9d435000 9d484000   srv2     srv2.sys     Wed Feb 23 05:05:54 2011 (4D6495B2)
9b744000 9b765000   srvnet   srvnet.sys   Wed Feb 23 05:05:46 2011 (4D6495AA)
93400000 93401380   swenum   swenum.sys   Tue Jul 14 00:45:08 2009 (4A5BC704)
93556000 9358c480   SynTP    SynTP.sys    Fri Sep 18 03:29:36 2009 (4AB2F090)
8d00f000 8d158000   tcpip    tcpip.sys    Mon Jun 14 04:36:59 2010 (4C15A3DB)
9b7cf000 9b7dc000   tcpipreg tcpipreg.sys Tue Jul 14 00:54:14 2009 (4A5BC926)
91e27000 91e32000   TDI      TDI.SYS      Tue Jul 14 00:12:12 2009 (4A5BBF4C)
91e10000 91e27000   tdx      tdx.sys      Tue Jul 14 00:12:10 2009 (4A5BBF4A)
91f1f000 91f2f000   termdd   termdd.sys   Tue Jul 14 01:01:35 2009 (4A5BCADF)
825a0000 825a9000   TSDDD    TSDDD.dll    Tue Jul 14 01:01:40 2009 (4A5BCAE4)
91c9a000 91cbb000   tunnel   tunnel.sys   Tue Jul 14 00:54:03 2009 (4A5BC91B)
93847000 93855000   umbus    umbus.sys    Tue Jul 14 00:51:38 2009 (4A5BC88A)
953ba000 953d1000   usbccgp  usbccgp.sys  Fri Mar 25 03:06:23 2011 (4D8C06AF)
9358d000 9358e700   USBD     USBD.SYS     Fri Mar 25 03:06:06 2011 (4D8C069E)
9240b000 9241a000   usbehci  usbehci.sys  Fri Mar 25 03:06:12 2011 (4D8C06A4)
93855000 93899000   usbhub   usbhub.sys   Fri Mar 25 03:06:43 2011 (4D8C06C3)
91cf4000 91d3f000   USBPORT  USBPORT.SYS  Fri Mar 25 03:06:22 2011 (4D8C06AE)
953d1000 953f4b80   usbvideo usbvideo.sys Thu Mar 04 04:04:40 2010 (4B8F3158)
8ca4d000 8ca58000   vdrvroot vdrvroot.sys Tue Jul 14 00:46:19 2009 (4A5BC74B)
8cc17000 8cc23000   vga      vga.sys      Tue Jul 14 00:25:50 2009 (4A5BC27E)
857de000 857ff000   VIDEOPRT VIDEOPRT.SYS Tue Jul 14 00:25:49 2009 (4A5BC27D)
8d189000 8d191380   vmstorfl vmstorfl.sys Tue Jul 14 00:28:44 2009 (4A5BC32C)
8ca84000 8ca94000   volmgr   volmgr.sys   Tue Jul 14 00:11:25 2009 (4A5BBF1D)
8ca94000 8cadf000   volmgrx  volmgrx.sys  Tue Jul 14 00:11:41 2009 (4A5BBF2D)
8d192000 8d1d1000   volsnap  volsnap.sys  Tue Jul 14 00:11:34 2009 (4A5BBF26)
93519000 93523000   vwifibus vwifibus.sys Tue Jul 14 00:52:02 2009 (4A5BC8A2)
91eed000 91efe000   vwififlt vwififlt.sys Tue Jul 14 00:52:03 2009 (4A5BC8A3)
91f0c000 91f1f000   wanarp   wanarp.sys   Tue Jul 14 00:55:02 2009 (4A5BC956)
8cc23000 8cc30000   watchdog watchdog.sys Tue Jul 14 00:24:10 2009 (4A5BC21A)
85605000 85676000   Wdf01000 Wdf01000.sys Tue Jul 14 00:11:36 2009 (4A5BBF28)
85676000 85684000   WDFLDR   WDFLDR.SYS   Tue Jul 14 00:11:25 2009 (4A5BBF1D)
91ec7000 91ece000   wfplwf   wfplwf.sys   Tue Jul 14 00:53:51 2009 (4A5BC90F)
82340000 8258b000   win32k   win32k.sys   Thu Mar 03 03:31:07 2011 (4D6F0B7B)
935cd000 935d6000   wmiacpi  wmiacpi.sys  Tue Jul 14 00:19:16 2009 (4A5BC0F4)
85785000 8578e000   WMILIB   WMILIB.SYS   Tue Jul 14 00:11:22 2009 (4A5BBF1A)
91ebe000 91ec7000   ws2ifsl  ws2ifsl.sys  Tue Jul 14 00:55:01 2009 (4A5BC955)
93942000 9395c000   WudfPf   WudfPf.sys   Tue Jul 14 00:50:13 2009 (4A5BC835)

Unloaded modules:
9b68b000 9b6a3000   parport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00018000
939c5000 939ce000   vwifimp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00009000
8d1f1000 8d1fe000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
8d000000 8d00b000   dump_pciidex
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
8cfe7000 8cff1000   dump_msahci.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
8ce00000 8ce11000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
Let us know how it goes. If you get further problems with blue screens, attach your new dump files and details and we'll move on from there.

My System SpecsSystem Spec

16 May 2011   #4
Microsoft MVP


If you can't run Malwarebytes in Safe Mode, boot BitDefender's Rescue CD to run a full scan: FREE Bootable AntiVirus Rescue CDs Download List

Sometimes the damage from serious infection is irreparable and requires a clean reinstall or running Factory Recovery if you have factory OEM.

However you can try repairing damaged System files running SFC -SCANNOW Command, if necessary from the System Recovery Options Command Line: SFC -SCANNOW Run in Command Prompt at Boot

If you regain enough functionality to stay on the Desktop and have a Windows 7 DVD you can run a Repair Install
although you'll need one with SP1 if you have it installed, otherwise you can uninstall Windows 7 Service Pack 1 (SP1).

Copy out your files to quarantine now using this method or Paragon Rescue CD: Copy & Paste - in Windows Recovery Console
System Repair Disc - Create
My System SpecsSystem Spec
17 May 2011   #5

Windows 7 Ultimate
My windows does not work any more

Hello Guys,

I scanned using the malware software and also used Doctor Cure, they found a couple of infected files and removed them.

Mow I am unable to boot the windows, both in safe mode as well as normal mode

Since I cannot start my windows, I coont even access the dumpfile anymore.

Kindly advise me, what should I do next.
My System SpecsSystem Spec
17 May 2011   #6

windows 7 ultimate

Hi amandev,

Run a start up repair by repeatedly tapping F8 at the boot screen and initially selecting System Recovery Options. See This Post for further details.
My System SpecsSystem Spec
17 May 2011   #7

Windows 7 Ultimate
I tried it as well - Does not work

Hello guys,

I tried the system repair already, it does not work .
My System SpecsSystem Spec
17 May 2011   #8

Windows 7 Ultimate

It gives an error message that the Windows was unable to repair the system
My System SpecsSystem Spec
17 May 2011   #9

Windows 7 Professional x64

Honestly, I suspect your best bet is to completely wipe the hard drive and start over. Create an Ubuntu Live CD, boot it up, and select "Try Ubuntu". Back up all your data to an external hard drive or network drive (such as Windows Live Skydrive), and then run the Clean All command. When done, reinstall Windows.
My System SpecsSystem Spec
18 May 2011   #10

Windows 7 Ultimate

Dear All,

I need some technical help now. My windows 7 Ultimate has failed and I cannot make it boot, i wish to try to repair it using a windows 7 DVD. Fortunately, I found a iso file of my windows using ubuntu and I quickly created a DVD out of it. It seems to be ok and when I try to install using ubuntu wine it shows not enough diskspace which makes sense because wine tries to install in its own disk space but I do not want that, i want to use this disk to repair my windows somehow. Unfortunately, due to some reasons the DVD I created is not a bootable drive and it does not begin automatically at the startup, using wine I can begin the setup.exe and it starts but not automatically as I wish it to be inorder to become repairing my windows. I tried making bootable usb also but I think there is some file missing in the iso file I have. Is there anyway I could add some file into the present DVD I created in order to make it bootable ?

In my windows folder I have BOOT EFI SOURCES SUPPORT UPGRADE AUTORUN.INF BOOTMGR and SETUP.exe I think i will try it once again but chances are quite glim. If anybody can help me with some information it would be very helpful.

Also in the Windows repair option I could go to x:/windows/windows32/ I do not know what is x here but if using this command prompt I could force my machine to run the setup.exe from the DVD this could also be one good solution to make windows start the intallation procedure.
My System SpecsSystem Spec

 BSOD-Possibly due to Virus Attack

Thread Tools

Similar help and support threads for2: BSOD-Possibly due to Virus Attack
Thread Forum
How can a phishing attack possibly work with e-mail filtration? System Security
Recently conquered Virus/Malware attack, now BSOD returns! BSOD Help and Support
Virus attack or what??? Please help me System Security
Random BSOD after possible virus attack BSOD Help and Support
Virus Attack? System Security
No regedit.exe / secpol.msc after virus attack General Discussion
sun java ever used as virus attack? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:16 AM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33