• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved Driver Power State Failure in sleep mode


M15

New Member
Posts
8
#1
I am experiencing an issue with my laptop where I can't allow it to enter sleep mode or else it will restart/appear to have restarted the next time I wake it up. At first I thought it might be a power options issue, but I made sure that the computer was set to sleep and not restart when I close the lid. I've checked the bluescreen viewer and the cause of the restart seems to come from a driver power state failure coming from ntoskrnl.exe+1fcc1e, hal.dll+6a37, and storport.sys+33f0.

I've already run sfc/scannow to check for damaged files and I was also able to replace them using a DISM command, so now scanning the computer doesn't run into any errors, but this driver error still persists.

Sidenote: The driver errors mainly started after I reinstalled Kaspersky onto my computer to fix some issues that I had with it. Before that I was getting a couple of kernel data inpage errors, the latest of which occurred June 1.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model Number
    ACER Aspire M5-481PT
    CPU
    Intel(R) Core(TM) i5-337U CPU @ 1.80GHz
    Memory
    6GB
    Browser
    Mozilla Firefox
    Antivirus
    Kaspersky Internet Security 2014

blueelvis

OMG Debugger!
VIP Member
Pro User
India

Posts
2,097
#2
Hi M15 and welcome to the forums ^_^,

I am in the process of analyzing your dump files further. Below has been provided analysis of your dump files for Informative purposes.
Code:
**************************Fri Jun  6 04:50:12.040 2014 (UTC + 5:30)**************************Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe0017919e880, ffffd00049969950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
PROCESS_NAME:  System
 
FAILURE_BUCKET_ID:  0x9F_4_storport!RaSendIrpSynchronous
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Jun  6 01:42:48.219 2014 (UTC + 5:30)**************************
*** WARNING: Unable to verify timestamp for iaStorA.sys
 
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
 
Probably caused by : iaStorA.sys
 
BugCheck 9F, {3, ffffe000d7f8e060, ffffd000ca5e9930, ffffe000da3955c0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
PROCESS_NAME:  System
 
FAILURE_BUCKET_ID:  0x9F_3_POWER_DOWN_disk_IMAGE_iaStorA.sys
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Jun  5 23:56:42.783 2014 (UTC + 5:30)**************************
Probably caused by : pci.sys
 
BugCheck 9F, {3, ffffe0012d189060, ffffd000617b7930, ffffe0012f57e200}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
PROCESS_NAME:  System
 
FAILURE_BUCKET_ID:  0x9F_3_POWER_DOWN_iaStorA_IMAGE_pci.sys
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Jun  5 21:22:13.218 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe0019ea47880, fffff802cf015950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Jun  5 05:58:46.248 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe000e8130880, ffffd001c5d69950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Jun  5 04:36:25.248 2014 (UTC + 5:30)**************************
Probably caused by : memory_corruption ( nt!MmTrimAllSystemPagableMemory+d706 )
 
BugCheck 9F, {3, ffffe0016443f7f0, ffffd000f7bfb930, ffffe0016389e930}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu Jun  5 04:10:27.750 2014 (UTC + 5:30)**************************
Probably caused by : ntkrnlmp.exe ( nt!KeSynchronizeExecution+2246 )
 
BugCheck 9F, {4, 12c, ffffe001b68b7880, ffffd000945fb950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Jun  4 09:43:52.742 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe001eea89040, ffffd000725bf950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Wed Jun  4 03:58:06.504 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe00184f76040, fffff8036fc1cca0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jun  3 22:15:19.881 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe001450a6880, fffff8019321c950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jun  3 20:07:58.439 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe00012689040, ffffd00193dbf950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Tue Jun  3 00:46:43.646 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe001531e2880, fffff801a7c23ca0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Jun  2 12:24:01.197 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe0016968c880, ffffd001109fb950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Mon Jun  2 01:18:00.177 2014 (UTC + 5:30)**************************
Probably caused by : ntkrnlmp.exe ( nt!CcTestControl+21f61 )
 
BugCheck 7A, {fffff6e00083ba10, ffffffffc0000185, 1c413d880, ffffc00107742496}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000007A]KERNEL_DATA_INPAGE_ERROR (7a)[/url]
 
DISK_HARDWARE_ERROR: There was error with disk hardware
 
BUGCHECK_STR:  0x7a_c0000185
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jun  1 12:21:38.435 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe0009cd49880, ffffd000a41bf950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jun  1 09:14:54.947 2014 (UTC + 5:30)**************************
Probably caused by : memory_corruption ( nt!MmTrimAllSystemPagableMemory+d706 )
 
BugCheck 9F, {3, ffffe000ce364060, fffff8038861c930, ffffe000d39b7d40}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sun Jun  1 00:54:21.541 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe0003078b880, ffffd0008fbfb950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat May 31 10:44:54.062 2014 (UTC + 5:30)**************************
Probably caused by : memory_corruption ( nt!MmTrimAllSystemPagableMemory+d706 )
 
BugCheck 9F, {3, ffffe001d1d757f0, fffff8004061c930, ffffe001d63fe400}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat May 31 09:11:58.959 2014 (UTC + 5:30)**************************
*** WARNING: Unable to verify timestamp for win32k.sys
 
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
 
Probably caused by : memory_corruption
 
BugCheck 7A, {fffff6fc005970a8, ffffffffc0000185, 12ed85860, fffff800b2e15000}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000007A]KERNEL_DATA_INPAGE_ERROR (7a)[/url]
 
DISK_HARDWARE_ERROR: There was error with disk hardware
 
BUGCHECK_STR:  0x7a_c0000185
 
FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_LARGE_4096
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat May 31 08:24:09.843 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe000af9e2380, ffffd000c9ffb950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat May 31 07:34:32.859 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe000f9ef1040, ffffd0003c969950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat May 31 03:26:28.126 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe00159448040, ffffd00053369950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Sat May 31 01:06:40.251 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe000ef6c34c0, fffff8006941c950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri May 30 09:09:09.093 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe001e9feb040, fffff800c581c950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri May 30 08:13:31.932 2014 (UTC + 5:30)**************************
*** WARNING: Unable to verify timestamp for iaStorA.sys
 
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
 
Probably caused by : iaStorA.sys ( iaStorA+73b82 )
 
BugCheck 133, {0, 501, 500, 0}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x00000133]DPC_WATCHDOG_VIOLATION (133)[/url]
 
BUGCHECK_STR:  0x133
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri May 30 04:25:29.803 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe00159005500, ffffd00021dfb950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri May 30 01:43:15.478 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe00169ffe880, ffffd00112369950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
 
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Thu May 29 11:55:56.458 2014 (UTC + 5:30)**************************
Probably caused by : storport.sys ( storport!RaSendIrpSynchronous+70 )
 
BugCheck 9F, {4, 12c, ffffe001bbf2a880, ffffd00180dfb950}
BugCheck Info: [url=http://www.carrona.org/bsodindx.html#0x0000009F]DRIVER_POWER_STATE_FAILURE (9f)[/url]
 
BUGCHECK_STR:  0x9F
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
FAILURE_BUCKET_ID:  WRONG_SYMBOLS
 
MaxSpeed:     1800
 
CurrentSpeed: 1796
 
  BIOS Version                  V2.20
 
  BIOS Release Date             02/18/2013
 
  Manufacturer                  Acer
 
  Product Name                  Aspire M5-481PT
Below is a list of drivers which you must update immediately and see if the issue gets resolved or not. I am further analyzing your dump files and will post back soon.
Code:
**************************Fri Jun  6 04:50:12.040 2014 (UTC + 5:30)**************************
NTIDrvr.sys                 Tue Apr 20 07:07:59 2010 (4BCD0577)
UBHelper.sys                Tue Jul  6 09:49:26 2010 (4C32AECE)
94766073.sys                Fri Mar  4 14:50:03 2011 (4D70AEC3)
mwlPSDFilter.sys            Fri Mar 25 12:42:11 2011 (4D8C404B)
mwlPSDNServ.sys             Fri Mar 25 12:42:13 2011 (4D8C404D)
mwlPSDVDisk.sys             Fri Mar 25 12:42:23 2011 (4D8C4057)
GEARAspiWDM.sys             Fri May  4 01:26:17 2012 (4FA2E2E1)
RTKVHD64.sys                Tue Jun 12 15:32:32 2012 (4FD713B8)
IntcDAud.sys                Tue Jun 19 20:10:51 2012 (4FE08F73)
btath_hcrp.sys              Thu Jun 21 10:53:29 2012 (4FE2AFD1)
HECIx64.sys                 Tue Jul  3 03:44:58 2012 (4FF21D62)
irstrtdv.sys                Fri Jul 13 05:28:02 2012 (4FFF648A)
iaStorA.sys                 Fri Aug 17 02:02:56 2012 (502D58F8)
dump_iaStorA.sys            Fri Aug 17 02:02:56 2012 (502D58F8)
excsd.sys                   Sat Aug 18 05:37:27 2012 (502EDCBF)
excfs.sys                   Sat Aug 18 05:37:50 2012 (502EDCD6)
btath_rcp.sys               Fri Aug 24 20:57:40 2012 (50379D6C)
aPs2Kb2Hid.sys              Thu Aug 30 09:10:57 2012 (503EE0C9)
ETD.sys                     Wed Jan 16 12:26:37 2013 (50F64F25)
athw8x.sys                  Thu Jan 17 14:45:39 2013 (50F7C13B)
k57nd60a.sys                Wed Jan 30 06:18:55 2013 (51086DF7)
klpd.sys                    Fri Apr 12 17:04:45 2013 (5167F155)
klim6.sys                   Thu Jul 11 13:23:56 2013 (51DE6494)
klmouflt.sys                Thu Aug  8 18:39:08 2013 (52039874)
intelppm.sys                Thu Aug 22 14:16:35 2013 (5215CFEB)
iwdbus.sys                  Fri Sep 27 03:08:04 2013 (5244A93C)
igdkmd64.sys                Tue Oct  1 22:36:57 2013 (524B0131)
kl1.sys                     Fri Oct 18 14:48:22 2013 (5260FCDE)
btfilter.sys                Wed Oct 30 12:39:06 2013 (5270B092)
kneps.sys                   Thu Oct 31 19:15:52 2013 (52725F10)
klkbdflt.sys                Fri Dec 27 19:05:56 2013 (52BD823C)
klwfp.sys                   Wed Feb  5 19:03:44 2014 (52F23DB8)
klflt.sys                   Sun Mar  2 04:32:12 2014 (531266F4)
klif.sys                    Thu Mar  6 22:08:02 2014 (5318A46A)
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
**************************Fri Jun  6 01:42:48.219 2014 (UTC + 5:30)**************************
hiber_iaStorA.sys           Fri Aug 17 02:02:56 2012 (502D58F8)
http://www.carrona.org/drivers/driver.php?id=NTIDrvr.sys
http://www.carrona.org/drivers/driver.php?id=UBHelper.sys
94766073.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=mwlPSDFilter.sys
http://www.carrona.org/drivers/driver.php?id=mwlPSDNServ.sys
http://www.carrona.org/drivers/driver.php?id=mwlPSDVDisk.sys
http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
http://www.carrona.org/drivers/driver.php?id=btath_hcrp.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=irstrtdv.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=excsd.sys
http://www.carrona.org/drivers/driver.php?id=excfs.sys
http://www.carrona.org/drivers/driver.php?id=btath_rcp.sys
aPs2Kb2Hid.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=ETD.sys
http://www.carrona.org/drivers/driver.php?id=athw8x.sys
http://www.carrona.org/drivers/driver.php?id=k57nd60a.sys
http://www.carrona.org/drivers/driver.php?id=klpd.sys
http://www.carrona.org/drivers/driver.php?id=klim6.sys
http://www.carrona.org/drivers/driver.php?id=klmouflt.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=kl1.sys
http://www.carrona.org/drivers/driver.php?id=btfilter.sys
http://www.carrona.org/drivers/driver.php?id=kneps.sys
http://www.carrona.org/drivers/driver.php?id=klkbdflt.sys
http://www.carrona.org/drivers/driver.php?id=klwfp.sys
http://www.carrona.org/drivers/driver.php?id=klflt.sys
http://www.carrona.org/drivers/driver.php?id=klif.sys
http://www.carrona.org/drivers/driver.php?id=hiber_iaStorA.sys
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model Number
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!

blueelvis

OMG Debugger!
VIP Member
Pro User
India

Posts
2,097
#3
Hi M15,

Could you please download the GMER exe from this LINK and post back the results?
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model Number
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!

M15

New Member
Posts
8
#4
I downloaded the GMER.exe from the site and ran it, but it ran into a couple of errors.

C:Windows\system32\config\system: The process cannot access the file because it is being used by another process.

C:\Users\Matt Q\ntuser.dat: The process cannot access the file because it is being used by another process

At the end of the scan, I also saw that there was an unkown MBR code, but it didn't show it as a threat.
Disk \Device\Harddisk0\DR0 unknown MBR Code

After this, a BSOD occured saying Critical_Structure_Corruption. And now, I'm running GMER again, and apparently it can't access C:Windows\system32\config\software.


Update: I'm running a full virus scan right now, and it seems to have stopped at audiodg.exe\ntdll.dll which is apparently prone to infections. I'm also attaching the newer SF files so that it may help locate the exact problem.
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model Number
    ACER Aspire M5-481PT
    CPU
    Intel(R) Core(TM) i5-337U CPU @ 1.80GHz
    Memory
    6GB
    Browser
    Mozilla Firefox
    Antivirus
    Kaspersky Internet Security 2014

M15

New Member
Posts
8
#5
Running a full virus scan again, hopefully it doesn't get stuck this time, and to avoid the issue of it going into sleep mode overnight, I'm just going to set the power options so that it never goes to sleep while plugged in, and let the virus scan keep going.

GMER is still running into accessibility issues, so I might need to use a different rootkit detector. Any advice on trustworthy ones to use?

View attachment 44743
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model Number
    ACER Aspire M5-481PT
    CPU
    Intel(R) Core(TM) i5-337U CPU @ 1.80GHz
    Memory
    6GB
    Browser
    Mozilla Firefox
    Antivirus
    Kaspersky Internet Security 2014

blueelvis

OMG Debugger!
VIP Member
Pro User
India

Posts
2,097
#6
Hi M15,

Sorry for not replying lately as I was out of town. Nice Gif :p

I have analyzed your recent dump files as well but they are giving me the same error that is the Driver_verifier_Power_State_Failure. Below has been provided an analysis of your most recent dump file :-
Code:
2: kd> !analyze -v*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


DRIVER_POWER_STATE_FAILURE (9f)
A driver has failed to complete a power IRP within a specific time.
Arguments:
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp
	subsystem.
Arg2: 000000000000012c, Timeout in seconds.
Arg3: ffffe0002080f040, The thread currently holding on to the Pnp lock.
Arg4: ffffd000a7be9950, nt!TRIAGE_9F_PNP on Win7 and higher


Debugging Details:
------------------


Implicit thread is now ffffe000`2080f040


DRVPOWERSTATE_SUBCODE:  4


FAULTING_THREAD:  ffffe0002080f040


CUSTOMER_CRASH_COUNT:  1


DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT


BUGCHECK_STR:  0x9F


PROCESS_NAME:  System


CURRENT_IRQL:  2


ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre


LOCK_ADDRESS:  fffff800e52d5cc0 -- (!locks fffff800e52d5cc0)


Resource @ nt!PiEngineLock (0xfffff800e52d5cc0)    Available


WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.




WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.


1 total locks


PNP_TRIAGE: 
	Lock address  : 0xfffff800e52d5cc0
	Thread Count  : 0
	Thread address: 0x0000000000000000
	Thread wait   : 0x0


LAST_CONTROL_TRANSFER:  from fffff800e5057d1e to fffff800e5157e36


STACK_TEXT:  
ffffd000`abf0cb10 fffff800`e5057d1e : ffffd000`a7bc0180 ffffe000`2080f040 00000000`fffffffe 00000000`fffffffe : nt!KiSwapContext+0x76
ffffd000`abf0cc50 fffff800`e5057779 : 00000000`00000002 00000000`00000000 00000000`00000000 ffffe000`19dc22d0 : nt!KiSwapThread+0x14e
ffffd000`abf0ccf0 fffff800`e5067dfa : ffff521f`b4312861 00000000`00000000 ffffd000`abf0d100 ffffd000`abf0d101 : nt!KiCommitThreadWait+0x129
ffffd000`abf0cd70 fffff800`89f7d22c : ffffd000`abf0ce30 ffffd000`00000000 ffffe000`1fde3000 ffffd000`00000000 : nt!KeWaitForSingleObject+0x22a
ffffd000`abf0ce00 fffff800`89f81dd5 : ffffe000`1f8ff1d0 ffffe000`1fde3000 00000000`00000000 00000000`00000001 : storport!RaSendIrpSynchronous+0x70
ffffd000`abf0ce60 fffff800`89f83d50 : ffffd000`abf0d3f0 ffffd000`000000a0 ffffd000`abf0d430 fffff800`00000002 : storport!RaidBusEnumeratorIssueSynchronousRequest+0x191
ffffd000`abf0d090 fffff800`89f83a69 : ffffe000`1fde30e0 fffff800`00000001 ffffd000`abf0d290 00000000`00000001 : storport!RaidBusEnumeratorIssueReportLuns+0x68
ffffd000`abf0d0f0 fffff800`89f8370e : ffffe000`19de2268 fffff800`00000001 00000000`00000001 ffffd000`abf0d1f9 : storport!RaidBusEnumeratorGetLunListFromTarget+0x59
ffffd000`abf0d170 fffff800`89f818d4 : 00000000`00fe0200 0000b65c`00000001 00000000`00000001 00000000`00000000 : storport!RaidBusEnumeratorGetLunList+0x7e
ffffd000`abf0d260 fffff800`89f82ce7 : 00000000`00000000 ffffd000`abf0d500 00000000`00000000 00000000`00000000 : storport!RaidAdapterEnumerateBus+0x94
ffffd000`abf0d3d0 fffff800`89f828d6 : ffffe000`19de21a0 ffffd000`abf0d530 00000000`00000000 fffff800`e52a4200 : storport!RaidAdapterRescanBus+0xb7
ffffd000`abf0d4b0 fffff800`89f7cccd : 00000000`00000000 fffff800`8c493c65 ffffe000`2084c920 fffff800`8c493eed : storport!RaidAdapterQueryDeviceRelationsIrp+0xa6
ffffd000`abf0d570 fffff800`89f76dd1 : fffff800`e504c180 ffffd000`abf0d6c0 ffffe000`2084c920 ffffe000`19de2050 : storport!RaidAdapterPnpIrp+0x18d
ffffd000`abf0d610 fffff800`e53a6efa : ffffe000`2084c920 ffffe000`20804ef0 ffffe000`19de2050 00000000`00000003 : storport!RaDriverPnpIrp+0x8d
ffffd000`abf0d650 fffff800`e53a6dac : 00000000`00000000 ffffd000`abf0d6e9 fffff800`e504c180 fffff800`e5295d33 : nt!PnpAsynchronousCall+0x102
ffffd000`abf0d690 fffff800`e53a6c1d : ffffe000`20804ef0 ffffe000`20804ef0 ffffe000`192ac1a0 00000000`00000000 : nt!PnpQueryDeviceRelations+0x88
ffffd000`abf0d750 fffff800`e53b5a94 : ffffe000`19d6cd30 ffffe000`19d6cd30 00000000`00000002 00000000`00000000 : nt!PipEnumerateDevice+0xe9
ffffd000`abf0d7d0 fffff800`e54860a5 : ffffe000`1f6ee510 00000000`00000001 00000000`00000000 fffff800`e53c1f06 : nt!PipProcessDevNodeTree+0x17c
ffffd000`abf0da50 fffff800`e50f782c : 00000001`00000003 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PiProcessReenumeration+0x91
ffffd000`abf0daa0 fffff800`e5054adb : fffff800`e50f76c4 ffffd000`abf0dbd0 00000000`00000000 ffffe000`1df67130 : nt!PnpDeviceActionWorker+0x168
ffffd000`abf0db50 fffff800`e50d0794 : ffffe000`20813880 ffffe000`2080f040 ffffe000`2080f040 ffffe000`1910c040 : nt!ExpWorkerThread+0x293
ffffd000`abf0dc00 fffff800`e515b5c6 : ffffd000`a958e180 ffffe000`2080f040 ffffe000`20813880 00000000`00000108 : nt!PspSystemThreadStartup+0x58
ffffd000`abf0dc60 00000000`00000000 : ffffd000`abf0e000 ffffd000`abf08000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16




STACK_COMMAND:  .thread 0xffffe0002080f040 ; kb


FOLLOWUP_IP: 
storport!RaSendIrpSynchronous+70
fffff800`89f7d22c 8bc3            mov     eax,ebx


SYMBOL_STACK_INDEX:  4


SYMBOL_NAME:  storport!RaSendIrpSynchronous+70


FOLLOWUP_NAME:  MachineOwner


MODULE_NAME: storport


IMAGE_NAME:  storport.sys


DEBUG_FLR_IMAGE_TIMESTAMP:  53415ff7


IMAGE_VERSION:  6.3.9600.17090


BUCKET_ID_FUNC_OFFSET:  70


FAILURE_BUCKET_ID:  0x9F_4_storport!RaSendIrpSynchronous


BUCKET_ID:  0x9F_4_storport!RaSendIrpSynchronous


ANALYSIS_SOURCE:  KM


FAILURE_ID_HASH_STRING:  km:0x9f_4_storport!rasendirpsynchronous


FAILURE_ID_HASH:  {6c47e918-387f-a799-2bb3-a7c5408fae49}


Followup: MachineOwner
---------
There are a few problem devices found in your MSINFO32 report stating that Motherboard resources are in conflict. Could you please run Memtest from THIS website for atleast an overnight?

Also, before running memtest, please run aswMBR from this LINK. Also, please paste your log files of both GMER and aswMBR in your next post.
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model Number
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!

M15

New Member
Posts
8
#7
GMER Log
Code:
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-10 17:50:36
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d WDC_WD5000LPVX-22V0TT0 rev.01.01A01 465.76GB
Running: b1cses3j.exe; Driver: C:\Users\MATTQ~1\AppData\Local\Temp\uwlorkog.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 1                                                                                                                                                 fffff960000c4201 7 bytes [20, 0A, 02, 00, F0, 70, 01]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 9                                                                                                                                                 fffff960000c4209 6 bytes [88, B0, FF, 01, 23, DC]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381                                                                                       000000007729137d 16 bytes {JMP 0xffffffffffffffd3}
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386                                                                                       0000000077291512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                             0000000077291551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                   0000000077291577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516                                                                           0000000077291784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50                                                                                        00000000772917c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                   00000000772917e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                       0000000077291834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1                                                                               0000000077291841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513                                                                             0000000077291a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                 * 2
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                                                             0000000077292ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                                                         0000000077292c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Mozilla Firefox\firefox.exe[5500] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                  0000000077292c43 8 bytes [7C, 68, 16, FF, 00, 00, 00, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381                                                                                                       000000007729137d 16 bytes {JMP 0xffffffffffffffd3}
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386                                                                                                       0000000077291512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                             0000000077291551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                   0000000077291577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516                                                                                           0000000077291784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50                                                                                                        00000000772917c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                   00000000772917e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                       0000000077291834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1                                                                                               0000000077291841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513                                                                                             0000000077291a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                 * 2
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                                                                             0000000077292ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                                                                         0000000077292c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Desktop\aswmbr.exe[5440] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                                  0000000077292c43 8 bytes [7C, 68, 4F, 7F, 00, 00, 00, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDefaultNpAcl + 772                                                                                                    00007fffea55293c 8 bytes {JMP 0xffffffffffffff8c}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmAddToAverageDWORD + 21                                                                                             00007fffea552959 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmSetIfMaxDWORD + 95                                                                                                 00007fffea5529c7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWriteEndScenario + 220                                                                                           00007fffea552aac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmEndSession + 272                                                                                                   00007fffea552bc4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmStartSession + 8                                                                                                   00007fffea553018 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmStartSession + 940                                                                                                 00007fffea5533bc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWriteFull + 64                                                                                                   00007fffea553404 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWriteFull + 503                                                                                                  00007fffea5535bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmIsSessionDisabled + 792                                                                                            00007fffea553fe0 8 bytes {JMP 0xffffffffffffffa9}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlVerifyVersionInfo + 835                                                                                               00007fffea554933 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 336                                                                                                  00007fffea554bac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 472                                                                                                  00007fffea554c34 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                 * 2
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 567                                                                                                00007fffea55543f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmAddToStream + 592                                                                                                  00007fffea5556b4 8 bytes {JMP 0xffffffffffffffa9}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmAddToStreamEx + 875                                                                                                00007fffea555a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmEventEnabled + 139                                                                                                 00007fffea555f8b 8 bytes {JMP 0xffffffffffffffd1}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmEventEnabled + 224                                                                                                 00007fffea555fe0 16 bytes {JMP 0xffffffffffffffcf}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmEventWrite + 119                                                                                                   00007fffea5560df 8 bytes {JMP 0xffffffffffffffac}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWrite + 43                                                                                                       00007fffea556113 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwEventWrite + 628                                                                                                      00007fffea55635c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                 * 3
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateBoundaryDescriptor + 584                                                                                        00007fffea556658 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddSIDToBoundaryDescriptor + 8                                                                                        00007fffea556668 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddSIDToBoundaryDescriptor + 519                                                                                      00007fffea556867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteBoundaryDescriptor + 23                                                                                         00007fffea556887 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!A_SHAFinal + 300                                                                                                         00007fffea556bf0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!A_SHAInit + 44                                                                                                           00007fffea556c24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateServiceSid + 292                                                                                                00007fffea559188 8 bytes {JMP 0xffffffffffffffdc}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLengthRequiredSid + 20                                                                                                00007fffea5591a4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLengthRequiredSid + 352                                                                                               00007fffea5592f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeSid + 35                                                                                                    00007fffea55931b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddAce + 339                                                                                                          00007fffea55950b 8 bytes {JMP 0xffffffffffffffdc}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlNewSecurityObjectEx + 99                                                                                              00007fffea559577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlIsValidProcessTrustLabelSid + 103                                                                                     00007fffea5595e7 8 bytes {JMP 0xffffffffffffffe6}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlIsValidProcessTrustLabelSid + 751                                                                                     00007fffea55986f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSidDominatesForTrust + 135                                                                                            00007fffea559a67 8 bytes {JMP 0xffffffffffffffaa}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateSecurityDescriptor + 43                                                                                         00007fffea55a7bf 8 bytes {JMP 0xfffffffffffffff5}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSetDaclSecurityDescriptor + 104                                                                                       00007fffea55a8e8 8 bytes {JMP 0xffffffffffffffe5}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddMandatoryAce + 356                                                                                                 00007fffea55aa78 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlMapGenericMask + 64                                                                                                   00007fffea55d270 8 bytes {JMP 0xffffffffffffffd0}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlOpenCurrentUser + 208                                                                                                 00007fffea55d39c 8 bytes {JMP 0xffffffffffffffa3}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCheckTokenCapability + 952                                                                                            00007fffea55d75c 8 bytes [F0, 69, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAppendUnicodeToString + 167                                                                                           00007fffea55e56b 8 bytes [D0, 69, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlLengthSidAsUnicodeString + 84                                                                                         00007fffea55e5c8 8 bytes {JMP 0xffffffffffffffdc}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlValidSecurityDescriptor + 243                                                                                         00007fffea55e6c3 8 bytes [B0, 69, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddAccessAllowedAce + 379                                                                                             00007fffea55e847 8 bytes [A0, 69, F8, 7F, 00, 00, 00, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                   00007fffea5dac50 8 bytes {JMP QWORD [RIP-0x7c8ac]}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                 00007fffea5dadd0 8 bytes {JMP QWORD [RIP-0x7c86b]}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                       00007fffea5dae00 8 bytes {JMP QWORD [RIP-0x7db96]}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                     00007fffea5daf20 8 bytes {JMP QWORD [RIP-0x7d7ca]}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                         00007fffea5dafd0 8 bytes {JMP QWORD [RIP-0x7dc3a]}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                         00007fffea5db690 8 bytes {JMP QWORD [RIP-0x7ce4f]}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                       00007fffea5db990 8 bytes {JMP QWORD [RIP-0x7d2d3]}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                       00007fffea5dc210 8 bytes {JMP QWORD [RIP-0x7dc4e]}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381                                                                                                   000000007729137d 16 bytes {JMP 0xffffffffffffffd3}
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386                                                                                                   0000000077291512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                                         0000000077291551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                               0000000077291577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516                                                                                       0000000077291784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50                                                                                                    00000000772917c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                               00000000772917e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                                   0000000077291834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1                                                                                           0000000077291841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513                                                                                         0000000077291a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                 * 2
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                                                                         0000000077292ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                                                                     0000000077292c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Matt Q\Downloads\b1cses3j.exe[4524] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                              0000000077292c43 8 bytes [7C, 68, F8, 7F, 00, 00, 00, ...]

---- User IAT/EAT - GMER 2.1 ----

IAT      C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcConnectPortEx]                                                                                                       [52d41250] 

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [720:912]                                                                                                                                                             fffff96000944b90
Thread   C:\WINDOWS\system32\svchost.exe [904:360]                                                                                                                                                           00007fffe6591b40
Thread   C:\WINDOWS\System32\svchost.exe [456:1088]                                                                                                                                                          00007fffe34b1400
Thread   C:\WINDOWS\System32\svchost.exe [456:1144]                                                                                                                                                          00007fffe3441ed0
Thread   C:\WINDOWS\System32\svchost.exe [456:1204]                                                                                                                                                          00007fffe30ee054
Thread   C:\WINDOWS\System32\svchost.exe [456:1212]                                                                                                                                                          00007fffe333e840
Thread   C:\WINDOWS\System32\svchost.exe [456:1256]                                                                                                                                                          00007fffe2c1ed08
Thread   C:\WINDOWS\System32\svchost.exe [456:1296]                                                                                                                                                          00007fffe314482c
Thread   C:\WINDOWS\System32\svchost.exe [456:3848]                                                                                                                                                          00007fffdc196dd0
Thread   C:\WINDOWS\System32\svchost.exe [456:3856]                                                                                                                                                          00007fffdc194f30
Thread   C:\WINDOWS\system32\svchost.exe [616:1308]                                                                                                                                                          00007fffe1261ee0
Thread   C:\WINDOWS\system32\svchost.exe [616:2368]                                                                                                                                                          00007fffde2dcbc0
Thread   C:\WINDOWS\system32\svchost.exe [616:2412]                                                                                                                                                          00007fffdf401b40
Thread   C:\WINDOWS\system32\svchost.exe [616:3004]                                                                                                                                                          00007fffdc5b79a0
Thread   C:\WINDOWS\system32\svchost.exe [616:3008]                                                                                                                                                          00007fffdc5b73e0
Thread   C:\WINDOWS\system32\svchost.exe [616:3012]                                                                                                                                                          00007fffdc614e0c
Thread   C:\WINDOWS\system32\svchost.exe [616:2608]                                                                                                                                                          00007fffdc3b2b48
Thread   C:\WINDOWS\system32\svchost.exe [616:2604]                                                                                                                                                          00007fffdc45130c
Thread   C:\WINDOWS\system32\svchost.exe [616:2700]                                                                                                                                                          00007fffdc45130c
Thread   C:\WINDOWS\system32\svchost.exe [616:1340]                                                                                                                                                          00007fffdc614e0c
Thread   C:\WINDOWS\system32\svchost.exe [616:6412]                                                                                                                                                          00007fffde9d5340
Thread   C:\WINDOWS\system32\svchost.exe [616:6652]                                                                                                                                                          00007fffdcd710e0
Thread   C:\WINDOWS\system32\svchost.exe [616:3636]                                                                                                                                                          00007fffc40438e0
Thread   C:\WINDOWS\system32\svchost.exe [724:2636]                                                                                                                                                          00007fffddf10b50
Thread   C:\WINDOWS\system32\svchost.exe [724:2680]                                                                                                                                                          00007fffddf0c574
Thread   C:\WINDOWS\system32\svchost.exe [724:2684]                                                                                                                                                          00007fffddf0f55c
Thread   C:\WINDOWS\system32\svchost.exe [724:2688]                                                                                                                                                          00007fffddf11674
Thread   C:\WINDOWS\system32\svchost.exe [724:2692]                                                                                                                                                          00007fffddf07490
Thread   C:\WINDOWS\system32\svchost.exe [724:2760]                                                                                                                                                          00007fffddb74b04
Thread   C:\WINDOWS\system32\svchost.exe [724:1564]                                                                                                                                                          00007fffddf0d5a0
Thread   C:\WINDOWS\system32\svchost.exe [724:5776]                                                                                                                                                          00007fffc40c6c08
Thread   C:\WINDOWS\system32\svchost.exe [724:4760]                                                                                                                                                          00007fffc40c6800
Thread   C:\WINDOWS\system32\svchost.exe [1128:1116]                                                                                                                                                         00007fffdf7e4b30
Thread   C:\WINDOWS\system32\svchost.exe [1128:2056]                                                                                                                                                         00007fffdeb2dff0
Thread   C:\WINDOWS\system32\svchost.exe [1128:2668]                                                                                                                                                         00007fffddc73584
Thread   C:\WINDOWS\system32\svchost.exe [1128:2672]                                                                                                                                                         00007fffddc73560
Thread   C:\WINDOWS\system32\svchost.exe [1128:2676]                                                                                                                                                         00007fffddc86738
Thread   C:\WINDOWS\system32\svchost.exe [1128:2828]                                                                                                                                                         00007fffdd541ef8
Thread   C:\WINDOWS\system32\svchost.exe [1128:2836]                                                                                                                                                         00007fffdd5335f4
Thread   C:\WINDOWS\system32\svchost.exe [1128:2844]                                                                                                                                                         00007fffdd5335f4
Thread   C:\WINDOWS\system32\svchost.exe [1128:2848]                                                                                                                                                         00007fffdd5335f4
Thread   C:\WINDOWS\system32\svchost.exe [1128:2852]                                                                                                                                                         00007fffdd5335f4
Thread   C:\WINDOWS\system32\svchost.exe [1128:2856]                                                                                                                                                         00007fffdd5335f4
Thread   C:\WINDOWS\system32\svchost.exe [1128:3624]                                                                                                                                                         00007fffde9d5340
Thread   C:\WINDOWS\system32\svchost.exe [1128:3464]                                                                                                                                                         00007fffdfb514f0
Thread   C:\WINDOWS\system32\svchost.exe [1360:1800]                                                                                                                                                         00007fffdfb22b90
Thread   C:\WINDOWS\system32\svchost.exe [1360:2620]                                                                                                                                                         00007fffdfb267bc
Thread   C:\WINDOWS\system32\svchost.exe [1360:2816]                                                                                                                                                         00007fffdd092110
Thread   C:\WINDOWS\system32\svchost.exe [1360:2820]                                                                                                                                                         00007fffdd061584
Thread   C:\WINDOWS\system32\svchost.exe [1360:2868]                                                                                                                                                         00007fffdcfd1b40
Thread   C:\WINDOWS\system32\svchost.exe [1360:992]                                                                                                                                                          00007fffe35a1040
Thread   C:\WINDOWS\system32\svchost.exe [1360:76]                                                                                                                                                           00007fffe35a4608
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:1640]                                                                                                                                                           0000000000c2301f
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:1728]                                                                                                                                                           00000000711e6c50
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3088]                                                                                                                                                           000000006f721120
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3180]                                                                                                                                                           00000000713257fe
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3208]                                                                                                                                                           000000006f4df6c8
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3212]                                                                                                                                                           000000006f4df6c8
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3344]                                                                                                                                                           000000006cd3b503
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3356]                                                                                                                                                           000000006cd3b503
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3360]                                                                                                                                                           000000006cd3b503
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3376]                                                                                                                                                           000000006c2b6b60
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3380]                                                                                                                                                           000000006c2b6b60
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3388]                                                                                                                                                           000000006c300320
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3396]                                                                                                                                                           000000006c6f975d
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3460]                                                                                                                                                           000000006f4df6c8
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:3472]                                                                                                                                                           000000006cbb8730
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:2552]                                                                                                                                                           0000000055c01b6e
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [1636:5920]                                                                                                                                                           000000007325a4c5
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [2120:2124]                                                                                                                                                           000000000040f0bc
Thread   C:\WINDOWS\system32\taskhostex.exe [2072:3232]                                                                                                                                                      00007fffdd7d2310
Thread   C:\WINDOWS\system32\taskhostex.exe [2072:1312]                                                                                                                                                      00007fffdd9022a0
Thread   C:\WINDOWS\system32\taskhostex.exe [2072:1460]                                                                                                                                                      00007fffea01bc40
Thread   C:\WINDOWS\system32\taskhostex.exe [2072:344]                                                                                                                                                       00007fffe1011120
Thread   C:\WINDOWS\system32\taskhostex.exe [2072:3568]                                                                                                                                                      00007fffdf7e4b30
Thread   C:\WINDOWS\Explorer.EXE [2616:1216]                                                                                                                                                                 00007fffd41157a4
Thread   C:\WINDOWS\Explorer.EXE [2616:3288]                                                                                                                                                                 00007fffd233e780
Thread   C:\WINDOWS\Explorer.EXE [2616:1588]                                                                                                                                                                 00007fffe2c1ed08
Thread   C:\WINDOWS\Explorer.EXE [2616:1584]                                                                                                                                                                 00007fffe2c1ed08
Thread   C:\WINDOWS\Explorer.EXE [2616:3456]                                                                                                                                                                 00007fffd216a760
Thread   C:\WINDOWS\Explorer.EXE [2616:1220]                                                                                                                                                                 00007fffe2c1ed08
Thread   C:\WINDOWS\Explorer.EXE [2616:2396]                                                                                                                                                                 00007fffdfc71e40
Thread   C:\WINDOWS\Explorer.EXE [2616:1528]                                                                                                                                                                 00007fffdd318c54
Thread   C:\WINDOWS\Explorer.EXE [2616:5428]                                                                                                                                                                 00007fffd40076cc
Thread   C:\WINDOWS\Explorer.EXE [2616:5724]                                                                                                                                                                 00007fffd40076cc
Thread   C:\WINDOWS\Explorer.EXE [2616:5548]                                                                                                                                                                 00007fffd40076cc
Thread   C:\WINDOWS\Explorer.EXE [2616:3096]                                                                                                                                                                 00007fffd40076cc
Thread   C:\WINDOWS\Explorer.EXE [2616:6576]                                                                                                                                                                 00007fffdd31d6bc
Thread   C:\WINDOWS\Explorer.EXE [2616:4888]                                                                                                                                                                 00007fffdd31d6bc
Thread   C:\WINDOWS\Explorer.EXE [2616:1196]                                                                                                                                                                 00007fffdd31d6bc
Thread   C:\WINDOWS\Explorer.EXE [2616:2912]                                                                                                                                                                 00007fffdd31d6bc
Thread   C:\WINDOWS\Explorer.EXE [2616:1576]                                                                                                                                                                 00007fffdd31d6bc
Thread   C:\WINDOWS\Explorer.EXE [2616:5528]                                                                                                                                                                 00007fffe04c2774
Thread   C:\WINDOWS\Explorer.EXE [2616:3488]                                                                                                                                                                 00007fffdd31d6bc
Thread   C:\WINDOWS\Explorer.EXE [2616:7100]                                                                                                                                                                 00007fffe1f71e70
Thread   C:\WINDOWS\Explorer.EXE [2616:5948]                                                                                                                                                                 00007fffe1f71c00
Thread   C:\WINDOWS\Explorer.EXE [2616:5652]                                                                                                                                                                 00007fffdd31d6bc
Thread   C:\WINDOWS\Explorer.EXE [2616:4528]                                                                                                                                                                 00007fffdd31d6bc
Thread   C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [3820:1096]                                                                                                                           00007fffe04c2774
Thread   C:\WINDOWS\System32\Taskmgr.exe [5180:3052]                                                                                                                                                         00007fffe04c2774
---- Processes - GMER 2.1 ----

Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\aswEngin.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (High level antivirus engine/ALWIL Software)(2014-06-11 00:38:44)           0000000064280000
Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\aswScan.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (Low level antivirus engine/ALWIL Software)(2014-06-11 00:38:44)             0000000064200000
Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\MSVCP71.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2014-06-11 00:38:44)  000000007c3a0000
Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\aswCmnOS.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (Antivirus HW dependent library/ALWIL Software)(2014-06-11 00:38:44)        0000000064000000
Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\aswCmnB.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (High level portable functions/ALWIL Software)(2014-06-11 00:38:44)          0000000064080000
Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\aswCmnS.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (Common non-portable functions/ALWIL Software)(2014-06-11 00:38:44)          0000000064100000
Library  C:\Users\MATTQ~1\AppData\Local\Temp\_av4_\MSVCR71.dll (*** suspicious ***) @ C:\Users\Matt Q\Desktop\aswmbr.exe [5440] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-06-11 00:38:44)    000000007c340000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                               unknown MBR code

---- EOF - GMER 2.1 ----
aswMBR Log
Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-10 17:38:44
-----------------------------
17:38:44.810    OS Version: Windows x64 6.2.9200 
17:38:44.810    Number of processors: 4 586 0x3A09
17:38:44.811    ComputerName: THEBLACKSAX  UserName: Matt Q
17:38:44.859    Initialze error 1 
17:39:12.388    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
17:39:12.390    Disk 0 Vendor: WDC_WD5000LPVX-22V0TT0 01.01A01 Size: 476940MB BusType: 11
17:39:12.395    Disk 0 MBR read successfully
17:39:12.396    Disk 0 MBR scan
17:39:12.399    Disk 0 unknown MBR code
17:39:12.417    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
17:39:12.419    Disk 0 scanning C:\WINDOWS\system32\drivers
17:39:12.421    Service scanning
17:39:12.937    Modules scanning
17:39:12.940    Disk 0 trace - called modules:
17:39:12.944    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 
17:39:12.948    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000c9def4e0]
17:39:12.951    3 CLASSPNP.SYS[fffff80184b9927b] -> nt!IofCallDriver -> \Device\0000002d[0xffffe000c79b54a0]
17:39:12.954    Scan finished successfully
17:39:50.177    Disk 0 MBR has been saved successfully to "C:\Users\Matt Q\Desktop\MBR.dat"
17:39:50.193    The log file has been saved successfully to "C:\Users\Matt Q\Desktop\aswMBR log June 10 2014.txt"
Haven't run the Memtest86 yet as the computer doesn't seem to recognize the USB or the D: drive, so I can't install the program onto either in order to run it. I'll probably have to restart the computer and try it then.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model Number
    ACER Aspire M5-481PT
    CPU
    Intel(R) Core(TM) i5-337U CPU @ 1.80GHz
    Memory
    6GB
    Browser
    Mozilla Firefox
    Antivirus
    Kaspersky Internet Security 2014

M15

New Member
Posts
8
#8
Ran Memtest86 and it didn't find any errors I believe.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model Number
    ACER Aspire M5-481PT
    CPU
    Intel(R) Core(TM) i5-337U CPU @ 1.80GHz
    Memory
    6GB
    Browser
    Mozilla Firefox
    Antivirus
    Kaspersky Internet Security 2014

blueelvis

OMG Debugger!
VIP Member
Pro User
India

Posts
2,097
#9
Hi M15,

I am not able to pin point the cause in these dump files so I am asking my expert friends. Will post back here soon of what they say.
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model Number
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!

M15

New Member
Posts
8
#10
Thanks for the help so far.

As another update, the computer seems to be able to start up once and go to sleep once without restarting, and once the computer wakes up from this initial sleep, I get a notification saying:

Intel Rapid Storage Technology
SATA Disk on Controller 0, Port 1: Detected

Now after this notification if I put the computer to sleep, it will restart, probably experiencing the error. So, I let the computer restart again and watched the Intel application and it doesn't seem to have one of the internal ports connected on initial startup, but as soon as I put it to sleep and wake it up again, it connects to the SSD inside and later disconnects leaving an empty internal port. It seems that somewhere between waking up the computer, connecting to the SSD and later disconnecting causes the error to occur when the computer goes to sleep.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model Number
    ACER Aspire M5-481PT
    CPU
    Intel(R) Core(TM) i5-337U CPU @ 1.80GHz
    Memory
    6GB
    Browser
    Mozilla Firefox
    Antivirus
    Kaspersky Internet Security 2014

blueelvis

OMG Debugger!
VIP Member
Pro User
India

Posts
2,097
#11
Hi M15,

I got a reply and here is what they told me to ask you :-

1. First, remove Kaspersky Antivirus using this **LINK** to see if the issue still occurs or not as there are many cases when the Antivirus is to be blamed. Replace with Microsoft Security Essentials using this **LINK**. Test whether this solves your problem or not.

2. Please update your Bluetooth drivers. If you are using an external Bluetooth device, try removing it and see if the BSOD stops or not. Furthermore, please update your Qualcomm Atheros Drivers using this **LINK**.

3. Please remove NTI CD-ROM Filter Driver by NewTech Infosystems (likely a part of Acer Empowering Technology), and ExpressCache as well.

4. Please update your Intel Rapid Storage driver (Dates back to 2012) as it is old and probably causing the issue.

5. Please make sure that the firmware of your SSD is up-to-date. Also, see if there is any loose connection or not.


Follow these steps, one by one and see if the problem gets solved before proceeding to the next step. Let me know how it goes ^_^
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model Number
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!

M15

New Member
Posts
8
#12
The problem was solved after removing the NTI CD Driver by renaming it and uninstalling ExpressCache, so now the computer can be closed and put to sleep without restarting. After I saw that it worked, I changed the name of the NTI Driver back to normal so I could continue to access my D: drive and the computer is still working properly. The connection issue also seems to have resolved itself in the process, so I guess ExpressCache was somehow interrupting it or something. Since it's been fixed, I went ahead and tried to update the Intel rapid Storage Technology driver since it was old, but I guess updating it doesn't allow the Intel Rapid Storage application to run. Instead I rolled back that particular driver and things are still working fine. I'll probably update that driver in the future, but for now I'll just leave my computer as is.

Thanks for the help blueelvis, saved me from getting completely angry at my computer.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model Number
    ACER Aspire M5-481PT
    CPU
    Intel(R) Core(TM) i5-337U CPU @ 1.80GHz
    Memory
    6GB
    Browser
    Mozilla Firefox
    Antivirus
    Kaspersky Internet Security 2014

blueelvis

OMG Debugger!
VIP Member
Pro User
India

Posts
2,097
#13
The problem was solved after removing the NTI CD Driver by renaming it and uninstalling ExpressCache, so now the computer can be closed and put to sleep without restarting. After I saw that it worked, I changed the name of the NTI Driver back to normal so I could continue to access my D: drive and the computer is still working properly. The connection issue also seems to have resolved itself in the process, so I guess ExpressCache was somehow interrupting it or something. Since it's been fixed, I went ahead and tried to update the Intel rapid Storage Technology driver since it was old, but I guess updating it doesn't allow the Intel Rapid Storage application to run. Instead I rolled back that particular driver and things are still working fine. I'll probably update that driver in the future, but for now I'll just leave my computer as is.

Thanks for the help blueelvis, saved me from getting completely angry at my computer.
I am glad that the problem has been solved. Anyways, I would suggest you to test your system extensively. In case of any further issues, please do not hesitate to post back ^_^
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model Number
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!