Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD - Probably caused by : ntkrnlmp.exe


  • This topic is locked This topic is locked
3 replies to this topic

#1 Lost_in_BSOD

Lost_in_BSOD

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 24 August 2010 - 10:02 AM

Hi everyone,

Since I re-installed Windows on my Toshiba laptop, I have had a number of
BSODs happen, which, as far as I can tell, are not in any obvious connection
with anything I was doing on the laptop at those times. The crashes appear once
every two days or so.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Goran at 16:33:14.79 on Tue 08/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.222 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Documents and Settings\Goran\Desktop\Bezbednost\SysinternalsSuite\procexp.exe
C:\Program Files\Debugging Tools for Windows (x86)\windbg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Documents and Settings\Goran\Desktop\Bezbednost\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\www.update
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144313713062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274503079505
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\Goran\applic~1\mozilla\firefox\profiles\cgw6bmij.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-22 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-22 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-22 243024]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-3-23 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-3-3 25240]
R1 SASDIFSV;SASDIFSV;c:\docume~1\goran\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-5-21 9968]
R1 SASKUTIL;SASKUTIL;c:\docume~1\goran\locals~1\temp\sas_selfextract\SASKUTIL.sys [2010-5-21 74480]
R1 SymSMR130;SMR Utility Service 1.3.0;c:\windows\system32\drivers\SymSMR130.SYS [2010-8-24 63536]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-3-23 1778480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-8-18 1691480]
S3 SASENUM;SASENUM;\??\c:\docume~1\goran\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\goran\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-5 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-24 13:35:05 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-08-24 13:35:02 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2010-08-24 13:33:58 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2010-08-24 13:32:58 83968 -c--a-w- c:\windows\system32\dllcache\hpgt21.dll
2010-08-24 13:31:58 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-08-24 13:30:57 629952 -c--a-w- c:\windows\system32\dllcache\eqn.sys
2010-08-24 13:29:58 26698 -c--a-w- c:\windows\system32\dllcache\dlh5xnd5.sys
2010-08-24 13:28:59 28672 -c--a-w- c:\windows\system32\dllcache\cyycoins.dll
2010-08-24 13:27:59 66594 -c--a-w- c:\windows\system32\dllcache\c_858.nls
2010-08-24 13:26:58 24576 -c--a-w- c:\windows\system32\dllcache\agcgauge.ax
2010-08-24 12:47:23 63536 ----a-w- c:\windows\system32\drivers\SymSMR130.SYS
2010-08-24 12:47:23 0 ----a-w- c:\windows\system32\drivers\SymSMR130.dat
2010-08-24 12:17:58 155648 ----a-w- c:\windows\system32\RAMASST.exe
2010-08-20 11:27:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-08-18 13:01:19 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-08-18 13:01:18 0 d-----w- c:\program files\Belarc
2010-08-18 09:40:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-18 02:10:24 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-18 01:25:05 359016 ----a-w- c:\windows\vncutil.exe
2010-08-18 01:25:05 1833576 ----a-w- c:\windows\SkyTel.exe
2010-08-18 01:25:01 53864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-08-18 01:25:01 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-08-18 01:24:59 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-08-18 01:24:58 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-08-17 23:15:44 0 d-----w- c:\program files\Microsoft Network Monitor 3
2010-08-10 03:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 03:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-31 10:31:46 133440 ----a-w- c:\windows\system32\LnkProtect.dll

==================== Find3M ====================

2010-08-22 00:07:11 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-28 16:27:58 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-07-28 16:27:48 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-07-28 16:27:48 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-07-28 16:27:36 6108776 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-07-28 16:27:24 19557480 ----a-w- c:\windows\RTHDCPL.EXE
2010-07-28 16:27:12 2180712 ----a-w- c:\windows\MicCal.exe
2010-07-28 16:27:02 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-07-28 16:27:02 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-07-27 11:54:00 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-07-15 17:22:29 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 17:22:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 17:22:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 21:26:21 43968 ----a-w- c:\docume~1\goran\applic~1\GDIPFONTCACHEV1.DAT
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 21:16:47 278288 ----a-w- c:\windows\system32\guard32.dll

============= FINISH: 16:35:24.98 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/22/2010 6:12:04 AM
System Uptime: 8/24/2010 2:19:43 PM (2 hours ago)

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | U1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 47.973 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10418086&REV_02\4&2803E7C1&0&00E2
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10418086&REV_02\4&2803E7C1&0&00E2
Service: w39n51

==== System Restore Points ===================

RP21: 5/25/2010 10:43:41 PM - Software Distribution Service 3.0
RP22: 5/27/2010 1:23:01 AM - System Checkpoint
RP23: 5/28/2010 1:47:15 AM - System Checkpoint
RP24: 5/30/2010 5:59:37 AM - System Checkpoint
RP25: 5/31/2010 1:41:10 PM - System Checkpoint
RP26: 6/1/2010 1:59:11 PM - System Checkpoint
RP27: 6/3/2010 11:08:21 AM - Avg Update
RP28: 6/4/2010 12:25:54 PM - Software Distribution Service 3.0
RP29: 6/5/2010 1:10:27 PM - System Checkpoint
RP30: 6/5/2010 4:25:49 PM - Software Distribution Service 3.0
RP31: 6/6/2010 7:54:10 PM - System Checkpoint
RP32: 6/8/2010 12:23:21 AM - System Checkpoint
RP33: 6/9/2010 3:00:26 AM - Software Distribution Service 3.0
RP34: 6/10/2010 12:00:13 PM - System Checkpoint
RP35: 6/11/2010 2:18:46 PM - System Checkpoint
RP36: 6/12/2010 2:10:55 PM - Unsigned driver install
RP37: 6/13/2010 6:39:39 PM - System Checkpoint
RP38: 6/15/2010 11:02:00 PM - System Checkpoint
RP39: 6/17/2010 3:17:11 PM - System Checkpoint
RP40: 6/18/2010 3:35:28 PM - System Checkpoint
RP41: 6/19/2010 2:41:18 PM - Software Distribution Service 3.0
RP42: 6/19/2010 2:47:00 PM - Installed Compatibility Pack for the 2007 Office system
RP43: 6/20/2010 12:59:34 PM - Software Distribution Service 3.0
RP44: 6/23/2010 9:46:29 AM - Software Distribution Service 3.0
RP45: 6/24/2010 3:47:21 PM - System Checkpoint
RP46: 6/26/2010 4:12:30 PM - System Checkpoint
RP47: 6/27/2010 5:41:32 PM - Avg Update
RP48: 7/2/2010 12:20:19 PM - System Checkpoint
RP49: 7/3/2010 2:56:01 PM - Software Distribution Service 3.0
RP50: 7/7/2010 6:01:21 AM - System Checkpoint
RP51: 7/13/2010 6:14:55 PM - System Checkpoint
RP52: 7/14/2010 7:10:28 AM - Software Distribution Service 3.0
RP53: 7/15/2010 7:20:57 PM - Avg Update
RP54: 7/15/2010 7:22:41 PM - Avg Update
RP55: 7/17/2010 9:45:37 AM - System Checkpoint
RP56: 7/18/2010 6:25:50 PM - System Checkpoint
RP57: 7/20/2010 5:57:45 AM - System Checkpoint
RP58: 7/21/2010 12:19:31 AM - Avg Update
RP59: 7/24/2010 9:08:10 PM - System Checkpoint
RP60: 7/31/2010 10:34:10 AM - System Checkpoint
RP61: 8/2/2010 1:32:11 PM - System Checkpoint
RP62: 8/3/2010 2:23:50 PM - Software Distribution Service 3.0
RP63: 8/18/2010 12:26:14 AM - Software Distribution Service 3.0
RP64: 8/18/2010 1:14:47 AM - Software Distribution Service 3.0
RP65: 8/18/2010 3:23:22 AM - Pre_Drajvera
RP66: 8/18/2010 3:24:57 AM - Installed Realtek High Definition Audio Driver
RP67: 8/18/2010 3:50:41 AM - Posle_Drajvera
RP68: 8/18/2010 3:52:55 AM - Restore Operation
RP69: 8/18/2010 4:05:45 AM - Restore Operation
RP70: 8/18/2010 9:10:29 PM - Installed QuickTime
RP71: 8/22/2010 3:14:47 PM - System Checkpoint
RP72: 8/23/2010 6:25:17 PM - System Checkpoint
RP73: 8/24/2010 2:14:27 PM - Pre_DVD_drajvera
RP74: 8/24/2010 2:17:58 PM - Installed InstallShield Restore Point
RP75: 8/24/2010 2:18:03 PM - Installed DVD-RAM Driver
RP76: 8/24/2010 2:55:58 PM - Removed InstallShield Restore Point

==== Installed Programs ======================

7-Zip 9.13 beta
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 9.0
Belarc Advisor 8.1
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Debugging Tools for Windows (x86)
High Definition Audio Driver Package - KB888111
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 4
Macromedia Flash Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Office OneNote 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows SDK for Windows 7 (7.1)
mIWA
mLogView
mMHouse
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (3.0.4)
mPfMgr
mPfWiz
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
QuickTime
Realtek High Definition Audio Driver
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skype™ 4.2
Sonic DLA
Sonic RecordNow!
SpeedFan (remove only)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VLC media player 1.0.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

8/24/2010 10:03:38 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 8070194f, parameter3 f797dc30, parameter4 f797d92c.
8/24/2010 1:00:59 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMSMR130\0000 disappeared from the system without first being prepared for removal.
8/18/2010 4:12:03 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
8/18/2010 3:23:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/18/2010 3:23:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/18/2010 3:23:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX BANTExt cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Tosrfcom
8/18/2010 3:23:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2010 3:23:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2010 3:23:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2010 3:23:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2010 1:00:16 AM, error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Edited by hamluis, 24 August 2010 - 11:29 AM.
Included log data, moved from XP forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:48 PM

Posted 30 August 2010 - 09:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Lost_in_BSOD

Lost_in_BSOD
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 31 August 2010 - 07:53 AM

Hi Myrti,

Thank you for your reply.

I've actually managed to resolve the problem after an agonizing
three weeks of BSODs, and it turns out it was an outdated video card driver
that kept crashing the machine. Things seem stable and peaceful now. smile.gif

All the best,
Goran






#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:48 PM

Posted 31 August 2010 - 09:08 AM

Since this topic appears to be resolved, I will now close it. Thanks for letting us know.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users