New Computer Keeps Crashing

I bought a new computer about five weeks ago. This week it started crashing (BSOD) frequently when running explorer. I have malware bytes loaded on my machine but haven't run it for a couple of days. No previous malware bytes runs detected any infected objects.

I truncated the attach.txt so the log would fit.

DDS (Ver_10-03-17.01) - NTFSX64
Run by Owner at 20:27:22.25 on Sun 06/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5885.4583 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Norton Security Suite\Engine\\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Norton Security Suite\Engine\\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Owner\Desktop\security may 2010\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton security suite\engine\\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton security suite\engine\\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton security suite\engine\\coIEPlg.dll
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
mRun: [RunAIShell] c:\program files (x86)\asus\ai manager\AsShellApplication.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BackupNowEZtray] "c:\program files (x86)\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files (x86)\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webportal.parsons.com/dana-cached/sc/JuniperSetupClient.cab
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [CanonSolutionMenu] c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe /logon
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0402000.00c\symds64.sys [2010-6-1 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0402000.00c\symefa64.sys [2010-6-1 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100429.001\BHDrvx64.sys [2010-4-29 678448]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0402000.00c\cchpx64.sys [2010-6-1 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100604.004\IDSviA64.sys [2010-6-8 463408]
R1 NEOFLTR_650_15255;Juniper Networks TDI Filter Driver (NEOFLTR_650_15255);c:\windows\system32\drivers\NEOFLTR_650_15255.SYS [2010-5-27 100472]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0402000.00c\ironx64.sys [2010-6-1 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0402000.00c\symtdiv.sys [2010-6-1 451120]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Device Handle Service;Device Handle Service;c:\windows\syswow64\AsHookDevice.exe [2010-1-21 196608]
R2 N360;Norton Security Suite;c:\program files (x86)\norton security suite\engine\\ccsvchst.exe [2010-6-1 126392]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-21 139264]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-5-3 61280]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28x.sys [2009-6-10 620544]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-4 1255736]

=============== Created Last 30 ================

2010-06-14 01:20:04 0 d-----w- c:\users\owner\appdata\roaming\Tific
2010-06-11 03:27:01 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-06-11 03:27:01 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-06-11 03:27:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 03:27:00 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 03:11:15 65536 --sha-w- c:\users\owner\NTUSER.DAT{f1f745ae-7506-11df-9436-e0cb4ee57b32}.TM.blf
2010-06-11 03:11:15 524288 --sha-w- c:\users\owner\NTUSER.DAT{f1f745ae-7506-11df-9436-e0cb4ee57b32}.TMContainer00000000000000000002.regtrans-ms
2010-06-11 03:11:15 524288 --sha-w- c:\users\owner\NTUSER.DAT{f1f745ae-7506-11df-9436-e0cb4ee57b32}.TMContainer00000000000000000001.regtrans-ms
2010-06-11 03:00:09 65536 --sha-w- c:\users\owner\NTUSER.DAT{66334b18-7505-11df-be70-e0cb4ee57b32}.TM.blf
2010-06-11 03:00:09 524288 --sha-w- c:\users\owner\NTUSER.DAT{66334b18-7505-11df-be70-e0cb4ee57b32}.TMContainer00000000000000000002.regtrans-ms
2010-06-11 03:00:09 524288 --sha-w- c:\users\owner\NTUSER.DAT{66334b18-7505-11df-be70-e0cb4ee57b32}.TMContainer00000000000000000001.regtrans-ms
2010-06-11 03:00:02 446901482 ----a-w- c:\windows\MEMORY.DMP
2010-06-11 01:45:38 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-31 21:43:54 0 d-----w- c:\program files\iPod
2010-05-31 21:43:53 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-05-31 21:43:53 0 d-----w- c:\program files\iTunes
2010-05-31 21:43:53 0 d-----w- c:\program files (x86)\iTunes
2010-05-31 21:43:08 0 d-----w- c:\programdata\Apple Computer
2010-05-31 21:42:54 0 d-----w- c:\program files\common files\Apple
2010-05-31 21:42:48 0 d-----w- c:\program files\Bonjour
2010-05-31 21:42:48 0 d-----w- c:\program files (x86)\Bonjour
2010-05-31 21:42:39 0 d-----w- c:\programdata\Apple
2010-05-28 04:30:24 100472 ----a-w- c:\windows\system32\drivers\NEOFLTR_650_15255.SYS
2010-05-28 04:30:09 0 d-----w- c:\program files (x86)\Juniper Networks
2010-05-28 04:29:53 0 d-----w- c:\users\owner\appdata\roaming\Juniper Networks
2010-05-25 22:55:52 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-25 22:55:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-16 22:20:42 0 d-----w- c:\users\owner\Tracing

==================== Find3M ====================

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-07 05:20:29 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-07 05:20:29 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-07 05:20:29 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-07 05:20:29 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-06 01:42:52 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-05-06 01:42:52 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-05-06 01:42:52 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39:28 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 13:33:36 50176 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2010-04-16 13:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 18:33:00 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:33:00 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 18:20:02 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:28:01.18 ===============

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/3/2010 5:13:10 PM
System Uptime: 6/13/2010 8:22:44 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | CM5571
Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz | LGA775 | 2700/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 924 GiB total, 869.679 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 298 GiB total, 106.915 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP32: 5/7/2010 12:20:12 AM - Installed Java(TM) 6 Update 20
RP33: 5/7/2010 12:31:42 AM - Windows Update
RP34: 5/7/2010 3:00:11 AM - Windows Update
RP35: 5/8/2010 3:00:12 AM - Windows Update
RP36: 5/10/2010 10:26:32 PM - Installed ScanSoft OmniPage SE 4
RP37: 5/11/2010 3:00:10 AM - Windows Update
RP38: 5/12/2010 3:00:11 AM - Windows Update
RP39: 5/20/2010 12:00:02 AM - Scheduled Checkpoint
RP40: 5/26/2010 3:00:12 AM - Windows Update
RP41: 5/31/2010 4:43:24 PM - Installed iTunes
RP42: 6/4/2010 3:00:12 AM - Windows Update
RP43: 6/10/2010 8:45:13 PM - Windows Update
RP44: 6/10/2010 9:22:21 PM - Windows Backup
RP46: 6/10/2010 10:27:14 PM - Windows Update
RP47: 6/12/2010 3:00:14 AM - Windows Update
RP48: 6/13/2010 7:00:23 PM - Windows Backup

Please run a disk check by following steps under "Graphical Interface:" here (http://www.w7forums.com/use-chkdsk-check-disk-t448.html).

Is it just Internet Explorer that keeps crashing (I assume you mean the browser with "explorer")?

Thanks for helping. Yes, the problem was occurring with internet explorer.

I ran the check disk, but I don't think it found anything. Is there a report somewhere?

We haven't used the computer alot since we were having the problems last Sunday, but there doesn't seem to be any issues right now.

There won't be any specific report generated after disk check operation.

Please try to run IE with addons disabled if crashing still occurs:
1. Click Start, and then type Internet Explorer in the "Search programs and files" box.
2. Click Internet Explorer (No Add-Ons). Internet Explorer opens without add-ons, toolbars, or plug-ins. See if the crashing occurs.

I ran Internet Explorer with add-ons disabled, and there was no crashing. Internet Explorer has been running ok regularly as well.

Today, the following messages showed up in the Action Center:

Check your backup.

Troubleshoot a problem with a device driver.

Troubleshoot a problem with Internet Explorer.

When I clicked on a file on my external hard drive within the WindowsImageBackup folder, the system crashed.

Is this malware or another problem?

Thanks for helping Blade.

Please run DDS again and post back attach.txt part.

When I clicked on a file on my external hard drive within the WindowsImageBackup folder, the system crashed.
Does it still do same? Was that some specific file?

This was the file:


I just double clicked it again without a crash.

Here is the attach.txt


To me it looks like there's possible some problem with hard drive or its file system. One forum dealing with general problems is Tech Support Guy (http://forums.techguy.org). I recommend to post a topic about symptoms there.

Thanks Blade. I will look for help there. tony p

You're welcome. Hopefully the problem gets sorted out :bigthumb: