BSOD while surfing the net. Did rootkit scan thing earlier.

suzannec · 13 Mar 2012

Okay, so I just had a bit of a heart attack.

A few minutes ago, I was just browsing the net on reddit and I got a blue screen. There was a lot of text - I don't remember what it said. But this the error report when I restarted:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 109
BCP1: A3A039D89641250C
BCP2: B3B7465EE8BF5D5A
BCP3: FFFFF80000BD282C
BCP4: 0000000000000001
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\031312-25474-01.dmp
C:\Users\Suzanne\AppData\Local\Temp\WER-42806-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\windows\system32\en-US\erofflps.txt

Now, about an hour ago, I ran Norton Power Eraser. However, when I did the rootkit scan, it didn't say I was at risk for anything - but it DID fix a problem I was having.

For several days, I had been unable to access certain google things. I couldn't open blogger, I had to access my school email through google (versus this way from the actual school site). When I tried to load certain google pages, I'd get "404 error found nginx."

I used the Norton Power Eraser recommendation from this page where people were having a similar problem (although I had to access the page from another computer).

I ran the one scan option and it said everything was fine. I tried to go back to my email and now it's working.

And then about 30 minutes later, I get the BDOS.

Are these related?

What does my error report mean? Will this happen again?

I can't do a system restore, by the way, because of some other error that I've had for awhile (when I do a system restore, my internet stops working).

Edit: Okay, I read the BSOD thread instructions and I have attached the minidump file, the system health report, and the jcgriff2 folder thing.

zigzag3143 · 13 Mar 2012

We do need the DMP file as it contains the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.

If you are overclocking STOP

You may be able to get the DMP files without crashing by booting into safe mode (F8) with networking.

To enable us to assist you with your computer's BSOD symptoms, upload the contents of your "\Windows\Minidump" folder.

The procedure:

* Copy the contents of \Windows\Minidump to another (temporary) location somewhere on your machine.
* Zip up the copy.
* Attach the ZIP archive to your post using the "paperclip" (file attachments) button.
*If the files are too large please upload them to a file sharing service like "Rapidshare" and put a link to them in your reply.

To ensure minidumps are enabled:

* Go to Start, in the Search Box type: sysdm.cpl, press Enter.
* Under the Advanced tab, click on the Startup and Recovery Settings... button.
* Ensure that Automatically restart is unchecked.
* Under the Write Debugging Information header select Small memory dump (256 kB) in the dropdown box (the 256kb varies).
* Ensure that the Small Dump Directory is listed as %systemroot%\Minidump.
* OK your way out.
* Reboot if changes have been made.

suzannec · 13 Mar 2012

Hi. I assume you mean just copy the file itself. I couldn't open the file, it said I didn't have a program for it.

I didn't boot through safe mode to get this, though. Nothing happened from me copy/pasting it.

It came out to about 290 kb (compressed, around 29kb).

Edit: Updated original post with other reports.

JMH · 14 Mar 2012

* I note you have AVG.
AVG can be a contributing cause of BSOD'S .
Please remove and replace with Microsoft Security Essentials AT LEAST TO TEST

Download tools and utilities | AVG Worldwide[/B]

Microsoft Security Essentials - Free Antivirus for Windows

* Please download the free version of Malwarebytes.
Update it immediately.
Do a full system scan
Let us know the results at the end.

Malwarebytes : Download free malware, virus and spyware tools to get your computer back in shape!

* You are advised to run the System Update Readiness Tool (SURT) and then update to SP-1

32 Bit

Download: System Update Readiness Tool for Windows 7 (KB947821) [February 2012] - Microsoft Download Center - Download Details

64 Bit

Download: System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [February 2012] - Microsoft Download Center - Download Details

Now update to SP-1

Learn how to install Windows 7 Service Pack 1 (SP1)

zigzag3143 · 14 Mar 2012

suzannec said:

Hi. I assume you mean just copy the file itself. I couldn't open the file, it said I didn't have a program for it.

I didn't boot through safe mode to get this, though. Nothing happened from me copy/pasting it.

It came out to about 290 kb (compressed, around 29kb).

Edit: Updated original post with other reports.

Please follow JMH's suggestions to update, remove AVG, AND run malwarebytes

This crash was related to Kdcom.dll (part of the OS) but my concern is its date. It is dated Jan 12, 2012 while the rest of the OS is dated the correct July 13, 2009 (windows release date) making me suspect malware.

There are some fairly old drivers needing update.

Code:

ACFSDK64.sys    3/15/2007 7:08:46 PM        fffff880`04537000    fffff880`0453b280    0x00004280    0x45f9d1fe                        
000.fcl    9/26/2008 9:11:22 AM        fffff880`02adf000    fffff880`02b0a000    0x0002b000    0x48dcdf7a                        
vcsvad.sys    11/16/2008 5:51:18 AM        fffff880`05426000    fffff880`05430000    0x0000a000    0x491fed16                        
hardlock.sys    2/2/2009 11:34:08 AM        fffff880`044e9000    fffff880`04536c00    0x0004dc00    0x49871270                        
ACFXAU64.sys    4/29/2009 2:21:34 PM        fffff880`065f5000    fffff880`065fd000    0x00008000    0x49f89aae                        
spldr.sys    5/11/2009 12:56:27 PM        fffff880`017d2000    fffff880`017da000    0x00008000    0x4a0858bb                        
GEARAspiWDM.sys    5/18/2009 8:17:04 AM        fffff880`055b8000    fffff880`055c5000    0x0000d000    0x4a1151c0                        
amdxata.sys    5/19/2009 1:56:59 PM        fffff880`01333000    fffff880`0133e000    0x0000b000    0x4a12f2eb                        
SABI.sys    5/28/2009 2:38:02 AM        fffff880`02a2f000    fffff880`02a39000    0x0000a000    0x4a1e314a

How To Find Drivers:

- search Google for the name of the driver
- compare the Google results with what's installed on your system to figure out which device/program it belongs to
- visit the web site of the manufacturer of the hardware/program to get the latest drivers (DON'T use Windows Update or the Update driver function of Device Manager).
- if there are difficulties in locating them, post back with questions and someone will try and help you locate the appropriate program.

- - The most common drivers are listed on this page: Driver Reference Driver Reference
- - Driver manufacturer links are on this page: Drivers and Downloads