1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

BSOD with 7F double fault

Discussion in 'Windows XP' started by sashkashurik, 2007/05/20.

  1. 2007/05/20
    sashkashurik

    sashkashurik Inactive Thread Starter

    Joined:
    2007/05/20
    Messages:
    11
    Likes Received:
    0
    A system was infected with a worm that was successfuly cleaned without formating: actual worm is unknown however, it is known that the system contained among others VirtuMundo(also known as Vundo).

    During cleanup, a syste may have been improperly modified: BSOD (ON RESTART, STARTUP, RETURN from hibernate or any other state) started to appear. Note that BSOD before had to do with atapi drivers(as stated by microsoft debug tool), that was fixed by reinstalling ATAPI from the website of the manufacurer. Then 7F error started to appear. I have updated Bios and atempted roll backs, all in vain.

    Searched for info at Microsoft and found nothing similar.
    Note that system reinstall is the LAST available option because OS CD is not available.
    The system starts properly in a safe mode which clearly indicates a driver/software problem(???) Moreover, the system starts in a normall mode after BSOD and memory dump are performed.

    here is the full log:
    Opened log file 'c:\debuglog.txt'

    Microsoft (R) Windows Debugger Version 6.7.0005.0
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINDOWS\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 2600.xpsp_sp2_qfe.070227-2300
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
    Debug session time: Fri May 18 18:59:43.890 2007 (GMT-4)
    System Uptime: 0 days 0:00:35.562
    WARNING: Process directory table base 070C0000 doesn't match CR3 00039000
    WARNING: Process directory table base 070C0000 doesn't match CR3 00039000
    Loading Kernel Symbols
    ...................................................................................................................
    Loading User Symbols

    Loading unloaded module list
    ........................
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 7F, {8, f7a9ed70, 0, 0}

    *** ERROR: Module load completed but symbols could not be loaded for xpdt.sys
    *** ERROR: Module load completed but symbols could not be loaded for klif.sys
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for DLARTL_N.SYS -
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for DLAIFS_M.SYS -
    Probably caused by : atapi.sys ( atapi!IdeSendCommand+d )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v;r;kv;!thread;lmtn;.logclose;q
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault). The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
    use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
    use .trap on that value
    Else
    .trap on the appropriate frame will show where the trap was taken
    (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
    Arg2: f7a9ed70
    Arg3: 00000000
    Arg4: 00000000

    Debugging Details:
    ------------------


    BUGCHECK_STR: 0x7f_8

    TSS: 00000028 -- (.tss 0x28)
    .tss 0x28
    eax=0000751b ebx=86f7c370 ecx=00030e01 edx=00000001 esi=86f7c0e8 edi=86b08c6c
    eip=f774bdf5 esp=f7c5eff4 ebp=f7c5f064 iopl=0 nv up ei ng nz na po nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
    atapi!IdeSendCommand+0xd:
    f774bdf5 53 push ebx
    .trap
    Resetting default scope

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    PROCESS_NAME: System

    LAST_CONTROL_TRANSFER: from f774cbbc to f774bdf5

    STACK_TEXT:
    f7c5f064 f774cbbc 86f7c370 86b08c6c 00000000 atapi!IdeSendCommand+0xd
    f7c5f0b0 f774f0ad 86f7c370 86b08c6c 86f7c1c8 atapi!AtapiStartIo+0x23e
    f7c5f0dc 804db6ab 01f7c030 00000002 86f7c030 atapi!IdeStartIoSynchronized+0x16f
    f7c5f10c f774ffe1 00000000 00000000 00000000 nt!KeSynchronizeExecution+0x21
    f7c5f124 f7a7ed28 86f7c030 00000000 f7c5f158 atapi!IdePortAllocateAccessToken+0x1b
    f7c5f134 80701c47 86f673b0 00000000 86dfce50 PCIIDEX!BmReceiveScatterGatherList+0x24
    f7c5f158 80701e0c 00000000 86f673b0 86df11c0 hal!HalBuildScatterGatherList+0x191
    f7c5f188 f7a7eddb 86f67148 86f673b0 86df11c0 hal!HalGetScatterGatherList+0x26
    f7c5f1bc f77508b1 86f67468 86717000 00007000 PCIIDEX!BmSetup+0x5f
    f7c5f1f4 804e60d9 86f7c030 86e027e8 86efe9f8 atapi!IdePortStartIo+0xeb
    f7c5f214 f774fc9a 86f7c030 86e027e8 00000000 nt!IoStartPacket+0xa1
    f7c5f240 aaa7c612 86f7c030 00e027e8 86e027e8 atapi!IdePortDispatch+0x4e6
    WARNING: Stack unwind information not available. Following frames may be wrong.
    f7c5f260 f77b5e12 86f67030 86e027e8 86f67030 xpdt+0x3612
    f7c5f290 aaa7c612 86f67030 f77caf8c 86e028a0 ACPI!ACPIDispatchIrp+0x15a
    f7c5f2b8 f785ed58 86b08bc0 86f2eb70 8691fd30 xpdt+0x3612
    f7c5f2e8 f785ee49 00007000 00007000 86f2eab8 CLASSPNP!ServiceTransferRequest+0xe4
    f7c5f30c aaa7c612 86f2eab8 00000000 86f7ed10 CLASSPNP!ClassReadWrite+0xff
    f7c5f330 aaa7c612 86f7ed10 8691fbe8 8691fbe8 xpdt+0x3612
    f7c5f360 aaa7c612 86f73900 8691fbe8 8691fd70 xpdt+0x3612
    f7c5f388 aaa7c612 86f70c10 8691fbe8 86f6c100 xpdt+0x3612
    f7c5f3ac f765dd26 f7c5f798 86f70b58 bd778000 xpdt+0x3612
    f7c5f58c f765efc8 f7c5f798 8691fbe8 86f6b4b0 Ntfs!NtfsNonCachedIo+0x2f8
    f7c5f788 f765ec24 f7c5f798 8691fbe8 0110070a Ntfs!NtfsCommonWrite+0x1824
    f7c5f8fc aaa7c612 86f6c020 8691fbe8 8691fbe8 Ntfs!NtfsFsdWrite+0xf3
    f7c5f920 aaa7c612 86f6d790 8691fbe8 8691fdb8 xpdt+0x3612
    f7c5f9d8 aa849013 009de790 8691fbe8 aaa7c612 xpdt+0x3612
    f7c5fa0c 804ee593 86f6b40b f7c5fa34 f7c5fac8 klif+0x15013
    f7c5fae4 804ee34b e174dde8 e174de04 e174de04 nt!MiFlushSectionInternal+0x3c3
    f7c5fb20 804eea15 86f6b2a8 00000000 00007000 nt!MmFlushSection+0x1f2
    f7c5fba8 f767ee07 00007000 f7c5fc48 00007000 nt!CcFlushCache+0x3a0
    f7c5fc70 f767ee89 e10142a8 e17f30e8 e10142a8 Ntfs!LfsFlushLfcb+0x227
    f7c5fc94 f76891d9 e10142a8 e17f30e8 e16c5c88 Ntfs!LfsFlushLbcb+0x81
    f7c5fcbc f767da60 e10142a8 a52f0244 00000000 Ntfs!LfsFlushToLsnPriv+0xf3
    f7c5fcfc f7689934 e16c5c88 a52f0244 00000000 Ntfs!LfsFlushToLsn+0x8e
    f7c5fd30 f7687dfc 86e0a668 86e0a668 e276dcc8 Ntfs!NtfsCommitCurrentTransaction+0x215
    f7c5fd44 f76bc4f2 86e0a668 86e0a668 86dfafdc Ntfs!NtfsCheckpointCurrentTransaction+0x21
    f7c5ff1c f7685932 86e0a668 86dfae70 86dfafdc Ntfs!NtfsCreateNewFile+0xb03
    f7c60170 f7682d2d 86e0a668 86dfae70 f7c601c8 Ntfs!NtfsCommonCreate+0x12ce
    f7c60254 aaa7c4db 86f6c020 86dfae70 86f2c2d0 Ntfs!NtfsFsdCreate+0x1dc
    f7c60684 aaa7c5e2 86f6c020 86dfae70 86dfae80 xpdt+0x34db
    f7c60778 8056c063 86f73900 00000000 86b123d0 xpdt+0x35e2
    f7c607f0 8056f2a8 00000000 f7c60830 00000240 nt!ObpLookupObjectName+0x53c
    f7c60844 8057e41e 00000000 00000000 57fd1a00 nt!ObOpenObjectByName+0xea
    f7c608c0 80583fa3 f7c609e0 c11d0080 f7c609bc nt!IopCreateFile+0x407
    f7c60908 f771b09d f7c609e0 c11d0080 f7c609bc nt!IoCreateFileSpecifyDeviceObjectHint+0x52
    f7c609e4 f771b502 80000e54 86f6c020 e2744c08 sr!SrCopyStream+0xe7
    f7c60b60 f771b87b 86f6d848 867fab40 e2700e84 sr!SrBackupFile+0x2b0
    f7c60bc8 f771d5a9 86f6d848 00000001 867fab40 sr!SrBackupFileAndLog+0x4b
    f7c60bf0 f771d72a 86f6d848 00000001 867fab40 sr!SrHandleFileChange+0x59
    f7c60c78 f771e277 86f6d848 f7c60cec e2700e60 sr!SrHandleFileOverwrite+0x164
    f7c60cc0 f771c84f 86f6d848 00000008 86dfb918 sr!SrHandleEvent+0x143
    f7c60d24 aaa7c612 86f6d848 00000000 867051d8 sr!SrCreate+0x129
    f7c60ddc aa849013 009de790 86705008 aaa7c612 xpdt+0x3612
    f7c60edc 8056c063 86f73900 00000000 86d45838 klif+0x15013
    f7c60f54 8056f2a8 00000000 f7c60f94 00000040 nt!ObpLookupObjectName+0x53c
    f7c60fa8 8057e41e 00000000 00000000 cc361000 nt!ObOpenObjectByName+0xea
    f7c61024 8057e4ed f7c61680 00110000 f7c6119c nt!IopCreateFile+0x407
    f7c61080 8057e530 f7c61680 00110000 f7c6119c nt!IoCreateFile+0x8e
    f7c610c0 804dd99f f7c61680 00110000 f7c6119c nt!NtCreateFile+0x30
    f7c610c0 804e3577 f7c61680 00110000 f7c6119c nt!KiFastCallEntry+0xfc
    f7c61164 f7ac7ee7 f7c61680 00110000 f7c6119c nt!ZwCreateFile+0x11
    f7c61684 f7ac804a f7c61938 00010000 00000001 DLARTL_N!FileOpen+0x89
    f7c616a4 f7ac6d12 f7c61938 8055fe88 86cc7f18 DLARTL_N!FileDelete+0x1b
    f7c61900 f7ac6fde f7c61938 aa6d83a4 aa6d8380 DLARTL_N!ClearProfileCache+0x50f
    f7c6191c f7ac7155 f7c61938 aa6d83a4 aa6d8380 DLARTL_N!ClearProfileCache+0x7db
    f7c61b40 f7ac71c9 aa6d83a4 aa6d8380 f7c61b64 DLARTL_N!WritePrivateProfileString+0x3b
    f7c61b8c aa6c672b aa6d83a4 aa6d8380 00000000 DLARTL_N!WritePrivateProfileLong+0x26
    f7c61bc4 aa6cd74b 00000001 00000005 f7c61bf0 DLAIFS_M+0x72b
    f7c61bd4 805eda97 86aa3948 00000001 86c61030 DLAIFS_M!GetSystemType+0x486
    f7c61bf0 aa6cd446 86c61030 aa6cd735 f7c61c24 nt!IoRegisterFsRegistrationChange+0xab
    f7c61c10 aa6cd34f 86c61030 866d8000 e26e5d7a DLAIFS_M!GetSystemType+0x181
    f7c61c84 8059e2e5 86c61030 866d8000 00000000 DLAIFS_M!GetSystemType+0x8a
    f7c61d54 805b8c92 00000e7c 00000001 00000000 nt!IopLoadDriver+0x66c
    f7c61d7c 804e23b5 00000e7c 00000000 86fc1020 nt!IopLoadUnloadDriver+0x45
    f7c61dac 80574128 aaacacf4 00000000 00000000 nt!ExpWorkerThread+0xef


    STACK_COMMAND: .tss 0x28 ; kb

    FOLLOWUP_IP:
    atapi!IdeSendCommand+d
    f774bdf5 53 push ebx

    SYMBOL_STACK_INDEX: 0

    SYMBOL_NAME: atapi!IdeSendCommand+d

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: atapi

    IMAGE_NAME: atapi.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 41107b4d

    FAILURE_BUCKET_ID: 0x7f_8_atapi!IdeSendCommand+d

    BUCKET_ID: 0x7f_8_atapi!IdeSendCommand+d

    Followup: MachineOwner
    ---------

    eax=f7a9e13c ebx=f7a9ed70 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
    eip=804df8e9 esp=f7aa2144 ebp=00000000 iopl=0 nv up di ng nz na pe nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000086
    nt!KiTrap08+0x48:
    804df8e9 ebee jmp nt!KiTrap08+0x38 (804df8d9)
    ChildEBP RetAddr Args to Child
    00000000 f774bdf5 00000000 00000000 00000000 nt!KiTrap08+0x48 (FPO: TSS 28:0)
    f7c5f064 f774cbbc 86f7c370 86b08c6c 00000000 atapi!IdeSendCommand+0xd (FPO: [Non-Fpo])
    f7c5f0b0 f774f0ad 86f7c370 86b08c6c 86f7c1c8 atapi!AtapiStartIo+0x23e (FPO: [Non-Fpo])
    f7c5f0dc 804db6ab 01f7c030 00000002 86f7c030 atapi!IdeStartIoSynchronized+0x16f (FPO: [Non-Fpo])
    f7c5f10c f774ffe1 00000000 00000000 00000000 nt!KeSynchronizeExecution+0x21
    f7c5f124 f7a7ed28 86f7c030 00000000 f7c5f158 atapi!IdePortAllocateAccessToken+0x1b (FPO: [Non-Fpo])
    f7c5f134 80701c47 86f673b0 00000000 86dfce50 PCIIDEX!BmReceiveScatterGatherList+0x24 (FPO: [Non-Fpo])
    f7c5f158 80701e0c 00000000 86f673b0 86df11c0 hal!HalBuildScatterGatherList+0x191 (FPO: [Non-Fpo])
    f7c5f188 f7a7eddb 86f67148 86f673b0 86df11c0 hal!HalGetScatterGatherList+0x26 (FPO: [Non-Fpo])
    f7c5f1bc f77508b1 86f67468 86717000 00007000 PCIIDEX!BmSetup+0x5f (FPO: [Non-Fpo])
    f7c5f1f4 804e60d9 86f7c030 86e027e8 86efe9f8 atapi!IdePortStartIo+0xeb (FPO: [Non-Fpo])
    f7c5f214 f774fc9a 86f7c030 86e027e8 00000000 nt!IoStartPacket+0xa1 (FPO: [Non-Fpo])
    f7c5f240 aaa7c612 86f7c030 00e027e8 86e027e8 atapi!IdePortDispatch+0x4e6 (FPO: [Non-Fpo])
    WARNING: Stack unwind information not available. Following frames may be wrong.
    f7c5f260 f77b5e12 86f67030 86e027e8 86f67030 xpdt+0x3612
    f7c5f290 aaa7c612 86f67030 f77caf8c 86e028a0 ACPI!ACPIDispatchIrp+0x15a (FPO: [Non-Fpo])
    f7c5f2b8 f785ed58 86b08bc0 86f2eb70 8691fd30 xpdt+0x3612
    f7c5f2e8 f785ee49 00007000 00007000 86f2eab8 CLASSPNP!ServiceTransferRequest+0xe4 (FPO: [Non-Fpo])
    f7c5f30c aaa7c612 86f2eab8 00000000 86f7ed10 CLASSPNP!ClassReadWrite+0xff (FPO: [Non-Fpo])
    f7c5f330 aaa7c612 86f7ed10 8691fbe8 8691fbe8 xpdt+0x3612
    f7c5f360 aaa7c612 86f73900 8691fbe8 8691fd70 xpdt+0x3612
    THREAD 86fc1020 Cid 0004.0038 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 1
    IRP List:
    86dfae70: (0006,0190) Flags: 00000884 Mdl: 00000000
    86705008: (0006,01fc) Flags: 00000884 Mdl: 00000000
    Not impersonating
    DeviceMap e1003178
    Owning Process 86fc4660 Image: System
    Wait Start TickCount 2275 Ticks: 1 (0:00:00:00.015)
    Context Switch Count 2156
    UserTime 00:00:00.000
    KernelTime 00:00:00.765
    Start Address nt!ExpWorkerThread (0x804e22f1)
    Stack Init f7c62000 Current f7c60a68 Base f7c62000 Limit f7c5f000 Call 0
    Priority 13 BasePriority 12 PriorityDecrement 0 DecrementCount 16
    ChildEBP RetAddr Args to Child
    00000000 f774bdf5 00000000 00000000 00000000 nt!KiTrap08+0x48 (FPO: TSS 28:0)
    f7c5f064 f774cbbc 86f7c370 86b08c6c 00000000 atapi!IdeSendCommand+0xd (FPO: [Non-Fpo])
    f7c5f0b0 f774f0ad 86f7c370 86b08c6c 86f7c1c8 atapi!AtapiStartIo+0x23e (FPO: [Non-Fpo])
    f7c5f0dc 804db6ab 01f7c030 00000002 86f7c030 atapi!IdeStartIoSynchronized+0x16f (FPO: [Non-Fpo])
    f7c5f10c f774ffe1 00000000 00000000 00000000 nt!KeSynchronizeExecution+0x21
    f7c5f124 f7a7ed28 86f7c030 00000000 f7c5f158 atapi!IdePortAllocateAccessToken+0x1b (FPO: [Non-Fpo])
    f7c5f134 80701c47 86f673b0 00000000 86dfce50 PCIIDEX!BmReceiveScatterGatherList+0x24 (FPO: [Non-Fpo])
    f7c5f158 80701e0c 00000000 86f673b0 86df11c0 hal!HalBuildScatterGatherList+0x191 (FPO: [Non-Fpo])
    f7c5f188 f7a7eddb 86f67148 86f673b0 86df11c0 hal!HalGetScatterGatherList+0x26 (FPO: [Non-Fpo])
    f7c5f1bc f77508b1 86f67468 86717000 00007000 PCIIDEX!BmSetup+0x5f (FPO: [Non-Fpo])
    f7c5f1f4 804e60d9 86f7c030 86e027e8 86efe9f8 atapi!IdePortStartIo+0xeb (FPO: [Non-Fpo])
    f7c5f214 f774fc9a 86f7c030 86e027e8 00000000 nt!IoStartPacket+0xa1 (FPO: [Non-Fpo])
    f7c5f240 aaa7c612 86f7c030 00e027e8 86e027e8 atapi!IdePortDispatch+0x4e6 (FPO: [Non-Fpo])
    WARNING: Stack unwind information not available. Following frames may be wrong.
    f7c5f260 f77b5e12 86f67030 86e027e8 86f67030 xpdt+0x3612
    f7c5f290 aaa7c612 86f67030 f77caf8c 86e028a0 ACPI!ACPIDispatchIrp+0x15a (FPO: [Non-Fpo])
    f7c5f2b8 f785ed58 86b08bc0 86f2eb70 8691fd30 xpdt+0x3612
    f7c5f2e8 f785ee49 00007000 00007000 86f2eab8 CLASSPNP!ServiceTransferRequest+0xe4 (FPO: [Non-Fpo])
    f7c5f30c aaa7c612 86f2eab8 00000000 86f7ed10 CLASSPNP!ClassReadWrite+0xff (FPO: [Non-Fpo])
    f7c5f330 aaa7c612 86f7ed10 8691fbe8 8691fbe8 xpdt+0x3612
    f7c5f360 aaa7c612 86f73900 8691fbe8 8691fd70 xpdt+0x3612
    f7c5f388 aaa7c612 86f70c10 8691fbe8 86f6c100 xpdt+0x3612
    f7c5f3ac f765dd26 f7c5f798 86f70b58 bd778000 xpdt+0x3612
    f7c5f58c f765efc8 f7c5f798 8691fbe8 86f6b4b0 Ntfs!NtfsNonCachedIo+0x2f8 (FPO: [Non-Fpo])
    f7c5f788 f765ec24 f7c5f798 8691fbe8 0110070a Ntfs!NtfsCommonWrite+0x1824 (FPO: [Non-Fpo])
    f7c5f8fc aaa7c612 86f6c020 8691fbe8 8691fbe8 Ntfs!NtfsFsdWrite+0xf3 (FPO: [Non-Fpo])
    f7c5f920 aaa7c612 86f6d790 8691fbe8 8691fdb8 xpdt+0x3612
    f7c5f9d8 aa849013 009de790 8691fbe8 aaa7c612 xpdt+0x3612
    f7c5fa0c 804ee593 86f6b40b f7c5fa34 f7c5fac8 klif+0x15013
    f7c5fae4 804ee34b e174dde8 e174de04 e174de04 nt!MiFlushSectionInternal+0x3c3 (FPO: [Non-Fpo])
    f7c5fb20 804eea15 86f6b2a8 00000000 00007000 nt!MmFlushSection+0x1f2 (FPO: [Non-Fpo])
    f7c5fba8 f767ee07 00007000 f7c5fc48 00007000 nt!CcFlushCache+0x3a0 (FPO: [Non-Fpo])
    f7c5fc70 f767ee89 e10142a8 e17f30e8 e10142a8 Ntfs!LfsFlushLfcb+0x227 (FPO: [Non-Fpo])
    f7c5fc94 f76891d9 e10142a8 e17f30e8 e16c5c88 Ntfs!LfsFlushLbcb+0x81 (FPO: [Non-Fpo])
    f7c5fcbc f767da60 e10142a8 a52f0244 00000000 Ntfs!LfsFlushToLsnPriv+0xf3 (FPO: [Non-Fpo])
    f7c5fcfc f7689934 e16c5c88 a52f0244 00000000 Ntfs!LfsFlushToLsn+0x8e (FPO: [Non-Fpo])
    f7c5fd30 f7687dfc 86e0a668 86e0a668 e276dcc8 Ntfs!NtfsCommitCurrentTransaction+0x215 (FPO: [Non-Fpo])
    f7c5fd44 f76bc4f2 86e0a668 86e0a668 86dfafdc Ntfs!NtfsCheckpointCurrentTransaction+0x21 (FPO: [Non-Fpo])
    f7c5ff1c f7685932 86e0a668 86dfae70 86dfafdc Ntfs!NtfsCreateNewFile+0xb03 (FPO: [Non-Fpo])
    f7c60170 f7682d2d 86e0a668 86dfae70 f7c601c8 Ntfs!NtfsCommonCreate+0x12ce (FPO: [Non-Fpo])
    f7c60254 aaa7c4db 86f6c020 86dfae70 86f2c2d0 Ntfs!NtfsFsdCreate+0x1dc (FPO: [Non-Fpo])

    start end module name
    804d7000 806fd000 nt ntkrnlmp.exe Wed Feb 28 04:52:47 2007 (45E550EF)
    806fd000 8071dc80 hal halmacpi.dll Wed Sep 28 19:35:25 2005 (433B28BD)
    aa6c6000 aa6db1c0 DLAIFS_M DLAIFS_M.SYS Thu Oct 06 12:42:00 2005 (434553D8)
    aa81c000 aa833480 dump_atapi dump_atapi.sys Wed Aug 04 01:59:41 2004 (41107B4D)
    aa834000 aa86f000 klif klif.sys Sat Jan 27 09:52:45 2007 (45BB673D)
    aa897000 aa905a00 mrxsmb mrxsmb.sys Fri May 05 05:41:42 2006 (445B1DD6)
    aa906000 aa930a00 rdbss rdbss.sys Fri May 05 05:47:55 2006 (445B1F4B)
    aa931000 aa952d00 afd afd.sys Wed Aug 04 02:14:13 2004 (41107EB5)
    aa953000 aa973f00 ipnat ipnat.sys Wed Sep 29 18:28:36 2004 (415B3714)
    aa974000 aa99bc00 netbt netbt.sys Wed Aug 04 02:14:36 2004 (41107ECC)
    aa99c000 aa9f3d80 tcpip tcpip.sys Thu Apr 20 07:51:47 2006 (444775D3)
    aa9f4000 aaa06400 ipsec ipsec.sys Wed Aug 04 02:14:27 2004 (41107EC3)
    aaa2f000 aaa3f280 Udfs Udfs.SYS Wed Aug 04 02:00:27 2004 (41107B7B)
    aaa40000 aaa58ee0 meiudf meiudf.sys Wed Jun 01 05:33:36 2005 (429D80F0)
    aaa79000 aaa8b000 xpdt xpdt.sys Tue May 15 15:33:11 2007 (464A0AF7)
    babfb000 babfd900 Dxapi Dxapi.sys Fri Aug 17 16:53:19 2001 (3B7D843F)
    bac58000 bac8b200 update update.sys Wed Aug 04 01:58:32 2004 (41107B08)
    bac8c000 bac9ce00 psched psched.sys Wed Aug 04 02:04:16 2004 (41107C60)
    bac9d000 bacb3680 ndiswan ndiswan.sys Wed Aug 04 02:14:30 2004 (41107EC6)
    bacb4000 bacd6680 ks ks.sys Wed Aug 04 02:15:20 2004 (41107EF8)
    bacd7000 bacef200 Apfiltr Apfiltr.sys Mon Nov 15 02:22:08 2004 (41985920)
    bacf0000 bad17e00 e100b325 e100b325.sys Mon Oct 10 18:31:40 2005 (434AEBCC)
    bad18000 bad28800 sdbus sdbus.sys Wed Aug 04 02:07:47 2004 (41107D33)
    bad29000 bad50b00 tifm21 tifm21.sys Wed Nov 30 11:13:04 2005 (438DCF90)
    bad51000 bad73e80 USBPORT USBPORT.SYS Wed Aug 04 02:08:34 2004 (41107D62)
    bad74000 bad87780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 02:07:04 2004 (41107D08)
    bad88000 baed27e0 ialmnt5 ialmnt5.sys Mon Nov 28 17:20:19 2005 (438B82A3)
    bf800000 bf9c2180 win32k win32k.sys Thu Mar 08 08:47:34 2007 (45F013F6)
    bf9c3000 bf9d4580 dxg dxg.sys Wed Aug 04 02:00:51 2004 (41107B93)
    bf9d5000 bf9e3000 ialmrnt5 ialmrnt5.dll Mon Nov 28 17:12:06 2005 (438B80B6)
    bf9e3000 bfa05000 ialmdnt5 ialmdnt5.dll Mon Nov 28 17:12:00 2005 (438B80B0)
    bfa05000 bfa39660 ialmdev5 ialmdev5.DLL Mon Nov 28 17:11:49 2005 (438B80A5)
    bfa3a000 bfb1c000 ialmdd5 ialmdd5.DLL Mon Nov 28 17:19:19 2005 (438B8267)
    bffa0000 bffe5c00 ATMFD ATMFD.DLL Wed Aug 04 03:56:56 2004 (411096C8)
    f75b9000 f75bcc80 mssmbios mssmbios.sys Wed Aug 04 02:07:47 2004 (41107D33)
    f75c1000 f75c3580 ndistapi ndistapi.sys Fri Aug 17 16:55:29 2001 (3B7D84C1)
    f75f9000 f7615000 kl1 kl1.sys Thu Nov 02 11:06:53 2006 (454A098D)
    f7615000 f762f580 Mup Mup.sys Wed Aug 04 02:15:20 2004 (41107EF8)
    f7630000 f765ca80 NDIS NDIS.sys Wed Aug 04 02:14:27 2004 (41107EC3)
    f765d000 f76e9400 Ntfs Ntfs.sys Fri Feb 09 06:10:31 2007 (45CC56A7)
    f76ea000 f7700780 KSecDD KSecDD.sys Wed Aug 04 01:59:45 2004 (41107B51)
    f7701000 f7716440 DRVMCDB DRVMCDB.SYS Mon Sep 12 17:38:27 2005 (4325F553)
    f7717000 f7728f00 sr sr.sys Wed Aug 04 02:06:22 2004 (41107CDE)
    f7729000 f7748780 fltMgr fltMgr.sys Mon Aug 21 05:14:57 2006 (44E97991)
    f7749000 f7760480 atapi atapi.sys Wed Aug 04 01:59:41 2004 (41107B4D)
    f7761000 f777f880 ftdisk ftdisk.sys Fri Aug 17 16:52:41 2001 (3B7D8419)
    f7780000 f779d480 pcmcia pcmcia.sys Wed Aug 04 02:07:45 2004 (41107D31)
    f779e000 f77aea80 pci pci.sys Wed Aug 04 02:07:45 2004 (41107D31)
    f77af000 f77dcd80 ACPI ACPI.sys Wed Aug 04 02:07:35 2004 (41107D27)
    f77fe000 f7806c00 isapnp isapnp.sys Fri Aug 17 16:58:01 2001 (3B7D8559)
    f780e000 f781ce80 ohci1394 ohci1394.sys Wed Aug 04 02:10:05 2004 (41107DBD)
    f781e000 f782b000 1394BUS 1394BUS.SYS Wed Aug 04 02:10:03 2004 (41107DBB)
    f782e000 f7838500 MountMgr MountMgr.sys Wed Aug 04 01:58:29 2004 (41107B05)
    f783e000 f784ac80 VolSnap VolSnap.sys Wed Aug 04 02:00:14 2004 (41107B6E)
    f784e000 f7856e00 disk disk.sys Wed Aug 04 01:59:53 2004 (41107B59)
    f785e000 f786a200 CLASSPNP CLASSPNP.SYS Wed Aug 04 02:14:26 2004 (41107EC2)
    f786e000 f7878380 imapi imapi.sys Wed Aug 04 02:00:12 2004 (41107B6C)
    f787e000 f788a180 cdrom cdrom.sys Wed Aug 04 01:59:52 2004 (41107B58)
    f788e000 f789d180 nic1394 nic1394.sys Wed Aug 04 01:58:28 2004 (41107B04)
    f789e000 f78ac080 redbook redbook.sys Wed Aug 04 01:59:34 2004 (41107B46)
    f790e000 f791d900 Cdfs Cdfs.SYS Wed Aug 04 02:14:09 2004 (41107EB1)
    f794e000 f795a880 rasl2tp rasl2tp.sys Wed Aug 04 02:14:21 2004 (41107EBD)
    f795e000 f7968200 raspppoe raspppoe.sys Wed Aug 04 02:05:06 2004 (41107C92)
    f796e000 f7979d00 raspptp raspptp.sys Wed Aug 04 02:14:26 2004 (41107EC2)
    f797e000 f7986900 msgpc msgpc.sys Wed Aug 04 02:04:11 2004 (41107C5B)
    f798e000 f7997f00 termdd termdd.sys Wed Aug 04 01:58:52 2004 (41107B1C)
    f799e000 f79a7480 NDProxy NDProxy.SYS Fri Aug 17 16:55:30 2001 (3B7D84C2)
    f79be000 f79cc100 usbhub usbhub.sys Wed Aug 04 02:08:40 2004 (41107D68)
    f79de000 f79e6700 wanarp wanarp.sys Wed Aug 04 02:04:57 2004 (41107C89)
    f79ee000 f79f6700 netbios netbios.sys Wed Aug 04 02:03:19 2004 (41107C27)
    f79fe000 f7a0cd80 arp1394 arp1394.sys Wed Aug 04 01:58:28 2004 (41107B04)
    f7a1e000 f7a26880 Fips Fips.SYS Fri Aug 17 21:31:49 2001 (3B7DC585)
    f7a4e000 f7a575a0 DRVNDDM DRVNDDM.SYS Fri Aug 12 16:21:43 2005 (42FD04D7)
    f7a5e000 f7a66d00 intelppm intelppm.sys Wed Aug 04 01:59:19 2004 (41107B37)
    f7a6e000 f7a7ae00 i8042prt i8042prt.sys Wed Aug 04 02:14:36 2004 (41107ECC)
    f7a7e000 f7a84200 PCIIDEX PCIIDEX.SYS Wed Aug 04 01:59:40 2004 (41107B4C)
    f7a86000 f7a8a900 PartMgr PartMgr.sys Fri Aug 17 21:32:23 2001 (3B7DC5A7)
    f7a8e000 f7a92e20 PxHelp20 PxHelp20.sys Mon Apr 25 15:48:02 2005 (426D4972)
    f7a96000 f7a9a880 TDI TDI.SYS Wed Aug 04 02:07:47 2004 (41107D33)
    f7ac6000 f7acb860 DLARTL_N DLARTL_N.SYS Thu Aug 25 15:16:15 2005 (430E18FF)
    f7ace000 f7ad3200 vga vga.sys Wed Aug 04 02:07:06 2004 (41107D0A)
    f7ad6000 f7adaa80 Msfs Msfs.SYS Wed Aug 04 02:00:37 2004 (41107B85)
    f7ade000 f7ae5880 Npfs Npfs.SYS Wed Aug 04 02:00:38 2004 (41107B86)
    f7b0e000 f7b12500 watchdog watchdog.sys Wed Aug 04 02:07:32 2004 (41107D24)
    f7b4e000 f7b53000 usbuhci usbuhci.sys Wed Aug 04 02:08:34 2004 (41107D62)
    f7b56000 f7b5c800 usbehci usbehci.sys Wed Aug 04 02:08:34 2004 (41107D62)
    f7b5e000 f7b64000 kbdclass kbdclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
    f7b66000 f7b6ba00 mouclass mouclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
    f7b6e000 f7b73200 iviaspi iviaspi.sys Thu Sep 11 02:36:53 2003 (3F601805)
    f7b76000 f7b7d000 GEARAspiWDM GEARAspiWDM.sys Mon Aug 07 13:11:27 2006 (44D7743F)
    f7bee000 f7bf2580 ptilink ptilink.sys Fri Aug 17 16:49:53 2001 (3B7D8371)
    f7bf6000 f7bfa080 raspti raspti.sys Fri Aug 17 16:55:32 2001 (3B7D84C4)
    f7c0e000 f7c11000 BOOTVID BOOTVID.dll Fri Aug 17 16:49:09 2001 (3B7D8345)
    f7c12000 f7c14480 compbatt compbatt.sys Fri Aug 17 16:57:58 2001 (3B7D8556)
    f7c16000 f7c19700 BATTC BATTC.SYS Fri Aug 17 16:57:52 2001 (3B7D8550)
    f7c1a000 f7c1cd80 ACPIEC ACPIEC.sys Fri Aug 17 16:57:55 2001 (3B7D8553)
    f7caa000 f7cac280 rasacd rasacd.sys Fri Aug 17 16:55:39 2001 (3B7D84CB)
    f7cd2000 f7cd4c00 TPwSav TPwSav.sys Wed Nov 30 20:50:33 2005 (438E56E9)
    f7cf2000 f7cf5700 CmBatt CmBatt.sys Wed Aug 04 02:07:39 2004 (41107D2B)
    f7cfa000 f7cfc880 pfc pfc.sys Fri Sep 19 19:47:22 2003 (3F6B958A)
    f7cfe000 f7cffb80 kdcom kdcom.dll Fri Aug 17 16:49:10 2001 (3B7D8346)
    f7d00000 f7d01100 WMILIB WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
    f7d2a000 f7d2b5c0 DLACDBHM DLACDBHM.SYS Thu Aug 25 15:16:50 2005 (430E1922)
    f7d2c000 f7d2d100 swenum swenum.sys Wed Aug 04 01:58:41 2004 (41107B11)
    f7d30000 f7d31280 USBD USBD.SYS Fri Aug 17 17:02:58 2001 (3B7D8682)
    f7d32000 f7d33f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 16:49:37 2001 (3B7D8361)
    f7d34000 f7d35080 Beep Beep.SYS Fri Aug 17 16:47:33 2001 (3B7D82E5)
    f7d36000 f7d37080 mnmdd mnmdd.SYS Fri Aug 17 16:57:28 2001 (3B7D8538)
    f7d38000 f7d39080 RDPCDD RDPCDD.sys Fri Aug 17 16:46:56 2001 (3B7D82C0)
    f7d5a000 f7d5b100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
    f7dc6000 f7dc6d00 pciide pciide.sys Fri Aug 17 16:51:49 2001 (3B7D83E5)
    f7dc7000 f7dc7d80 OPRGHDLR OPRGHDLR.SYS Fri Aug 17 16:57:55 2001 (3B7D8553)
    f7e2f000 f7e2fb80 Null Null.SYS Fri Aug 17 16:47:39 2001 (3B7D82EB)
    f7e3d000 f7e3dd00 dxgthk dxgthk.sys Fri Aug 17 16:53:12 2001 (3B7D8438)
    f7ec2000 f7ec2980 DLADResN DLADResN.SYS Thu Oct 06 12:45:09 2005 (43455495)
    f7f30000 f7f30c00 audstub audstub.sys Fri Aug 17 16:59:40 2001 (3B7D85BC)

    Unloaded modules:
    f7aa6000 f7aab000 Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    baedb000 baede000 Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7c06000 f7c0b000 Flpydisk.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7bfe000 f7c05000 Fdc.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f793e000 f7947000 csiidecoder_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7be6000 f7bed000 wowhd_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7bd6000 f7bde000 tsxt_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f792e000 f7939000 Tvs.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f791e000 f7927000 csiidecoder_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7bce000 f7bd5000 wowhd_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7bbe000 f7bc6000 tsxt_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f790e000 f7919000 Tvs.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78fe000 f7907000 csiidecoder_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7bb6000 f7bbd000 wowhd_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7ba6000 f7bae000 tsxt_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78ee000 f78f9000 Tvs.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78de000 f78e7000 csiidecoder_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b9e000 f7ba5000 wowhd_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b8e000 f7b96000 tsxt_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78ce000 f78d9000 Tvs.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78be000 f78c7000 csiidecoder_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b86000 f7b8d000 wowhd_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b7e000 f7b86000 tsxt_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78ae000 f78b9000 Tvs.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    Closing open log file c:\debuglog.txt
     
    Last edited: 2007/05/20
    sashkashurik,
    #1
  2. 2007/05/20
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    Arie,
    #2


  3. to hide this advert.

  4. 2007/05/20
    sashkashurik

    sashkashurik Inactive Thread Starter

    Joined:
    2007/05/20
    Messages:
    11
    Likes Received:
    0

    The remainder has been found and cleaned... at least SpyBot, Kaspersky, VundoFix and VirtumundoBeGone do not detect anything.

    Following is Hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 4:53:56 AM, on 5/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\godzilla\Desktop\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: (no name) - {1F9203F4-FC0C-4165-8D04-BDB2FA6E6721} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth Monitor.lnk = ?
    O4 - Global Startup: PC Health.lnk = C:\Program Files\TOSHIBA\TOSHIBA Management Console\TOSHealthLocalS.vbs
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177819736218
    O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 6812 bytes


    However, after a cleanup I have also deinstalled a few programs such as Acrobat Reader 7.0 Acrobat Pro 8.0 and Sonic DLA. This has generated a new error. Now the system can start only in a safe mode.

    Here is a new log:
    Opened log file 'c:\debuglog.txt'

    Microsoft (R) Windows Debugger Version 6.7.0005.0
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINDOWS\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 2600.xpsp_sp2_qfe.070227-2300
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
    Debug session time: Sat May 19 04:50:52.515 2007 (GMT-4)
    System Uptime: 0 days 0:00:20.203
    Loading Kernel Symbols
    .....................................................................................................................
    Loading User Symbols

    Loading unloaded module list
    ........................
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck A, {d8bf760, 2, 1, 806ff84a}

    *** ERROR: Module load completed but symbols could not be loaded for xpdt.sys
    *** ERROR: Module load completed but symbols could not be loaded for w39n51.sys
    Probably caused by : xpdt.sys ( xpdt+52f5 )

    Followup: MachineOwner
    ---------

    1: kd> !analyze -v;r;kv;lmtn;.logclose;q
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 0d8bf760, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000001, value 0 = read operation, 1 = write operation
    Arg4: 806ff84a, address which referenced memory

    Debugging Details:
    ------------------


    WRITE_ADDRESS: 0d8bf760

    CURRENT_IRQL: 2

    FAULTING_IP:
    hal!KfAcquireSpinLock+1a
    806ff84a f00fba2900 lock bts dword ptr [ecx],0

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    BUGCHECK_STR: 0xA

    PROCESS_NAME: System

    TRAP_FRAME: aa154ce8 -- (.trap 0xffffffffaa154ce8)
    .trap 0xffffffffaa154ce8
    ErrCode = 00000002
    eax=00000000 ebx=00000000 ecx=0d8bf760 edx=00000000 esi=863a2008 edi=861dd000
    eip=806ff84a esp=aa154d5c ebp=aa154d88 iopl=0 nv up ei pl zr na pe nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
    hal!KfAcquireSpinLock+0x1a:
    806ff84a f00fba2900 lock bts dword ptr [ecx],0 ds:0023:0d8bf760=????????
    .trap
    Resetting default scope

    LAST_CONTROL_TRANSFER: from 806ff84a to 804e0aac

    STACK_TEXT:
    aa154ce8 806ff84a badb0d00 00000000 804e80e0 nt!KiTrap0E+0x238
    aa154d58 aa5042f5 863a2008 861dcf70 00000000 hal!KfAcquireSpinLock+0x1a
    WARNING: Stack unwind information not available. Following frames may be wrong.
    aa154d88 aa504c06 863a2008 00000000 8050f950 xpdt+0x52f5
    aa154ddc 804ec791 aa501e48 00000000 00000000 xpdt+0x5c06
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    xpdt+52f5
    aa5042f5 8844240b mov byte ptr [esp+0Bh],al

    SYMBOL_STACK_INDEX: 2

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: xpdt

    IMAGE_NAME: xpdt.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 464a0af7

    SYMBOL_NAME: xpdt+52f5

    FAILURE_BUCKET_ID: 0xA_W_xpdt+52f5

    BUCKET_ID: 0xA_W_xpdt+52f5

    Followup: MachineOwner
    ---------

    eax=f7a5613c ebx=00000002 ecx=00000000 edx=40000000 esi=806ff84a edi=0d8bf760
    eip=804e0aac esp=aa154cd0 ebp=aa154ce8 iopl=0 nv up ei ng nz na pe nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
    nt!KiTrap0E+0x238:
    804e0aac f7457000000200 test dword ptr [ebp+70h],20000h ss:0010:aa154d58=00010246
    ChildEBP RetAddr Args to Child
    aa154ce8 806ff84a badb0d00 00000000 804e80e0 nt!KiTrap0E+0x238 (FPO: [0,0] TrapFrame @ aa154ce8)
    aa154d58 aa5042f5 863a2008 861dcf70 00000000 hal!KfAcquireSpinLock+0x1a (FPO: [0,0,0])
    WARNING: Stack unwind information not available. Following frames may be wrong.
    aa154d88 aa504c06 863a2008 00000000 8050f950 xpdt+0x52f5
    aa154ddc 804ec791 aa501e48 00000000 00000000 xpdt+0x5c06
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
    start end module name
    804d7000 806fd000 nt ntkrnlmp.exe Wed Feb 28 04:52:47 2007 (45E550EF)
    806fd000 8071dc80 hal halmacpi.dll Wed Sep 28 19:35:25 2005 (433B28BD)
    aa265000 aa27c480 dump_atapi dump_atapi.sys Wed Aug 04 01:59:41 2004 (41107B4D)
    aa31d000 aa38ba00 mrxsmb mrxsmb.sys Fri May 05 05:41:42 2006 (445B1DD6)
    aa38c000 aa3b6a00 rdbss rdbss.sys Fri May 05 05:47:55 2006 (445B1F4B)
    aa3b7000 aa3d8d00 afd afd.sys Wed Aug 04 02:14:13 2004 (41107EB5)
    aa3d9000 aa3f9f00 ipnat ipnat.sys Wed Sep 29 18:28:36 2004 (415B3714)
    aa3fa000 aa421c00 netbt netbt.sys Wed Aug 04 02:14:36 2004 (41107ECC)
    aa44a000 aa4a1d80 tcpip tcpip.sys Thu Apr 20 07:51:47 2006 (444775D3)
    aa4a2000 aa4b4400 ipsec ipsec.sys Wed Aug 04 02:14:27 2004 (41107EC3)
    aa4b5000 aa4c5280 Udfs Udfs.SYS Wed Aug 04 02:00:27 2004 (41107B7B)
    aa4c6000 aa4deee0 meiudf meiudf.sys Wed Jun 01 05:33:36 2005 (429D80F0)
    aa4ff000 aa511000 xpdt xpdt.sys Tue May 15 15:33:11 2007 (464A0AF7)
    aa539000 aa64b120 AGRSM AGRSM.sys Mon Nov 14 16:00:19 2005 (4378FAE3)
    aa6ec000 aa70d700 portcls portcls.sys Tue Mar 16 14:58:17 2004 (40574E49)
    aa70e000 aab1b000 RtkHDAud RtkHDAud.sys Fri Dec 09 03:48:37 2005 (439944E5)
    babdb000 bac0e200 update update.sys Wed Aug 04 01:58:32 2004 (41107B08)
    bac0f000 bac1fe00 psched psched.sys Wed Aug 04 02:04:16 2004 (41107C60)
    bac3c000 bac3ec00 TPwSav TPwSav.sys Wed Nov 30 20:50:33 2005 (438E56E9)
    bac48000 bac5e680 ndiswan ndiswan.sys Wed Aug 04 02:14:30 2004 (41107EC6)
    bac5f000 bac81680 ks ks.sys Wed Aug 04 02:15:20 2004 (41107EF8)
    bac82000 bac9a200 Apfiltr Apfiltr.sys Mon Nov 15 02:22:08 2004 (41985920)
    bac9b000 bacc2e00 e100b325 e100b325.sys Mon Oct 10 18:31:40 2005 (434AEBCC)
    bacc3000 bacd3800 sdbus sdbus.sys Wed Aug 04 02:07:47 2004 (41107D33)
    bacd4000 bacfbb00 tifm21 tifm21.sys Wed Nov 30 11:13:04 2005 (438DCF90)
    bacfc000 bad1ee80 USBPORT USBPORT.SYS Wed Aug 04 02:08:34 2004 (41107D62)
    bad1f000 bae7ba80 w39n51 w39n51.sys Mon Dec 05 03:55:28 2005 (43940080)
    bae7c000 baea1000 HDAudBus HDAudBus.sys Fri Jan 07 20:07:15 2005 (41DF3243)
    baea1000 baeb4780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 02:07:04 2004 (41107D08)
    baeb5000 bafff7e0 ialmnt5 ialmnt5.sys Mon Nov 28 17:20:19 2005 (438B82A3)
    bf800000 bf9c2180 win32k win32k.sys Thu Mar 08 08:47:34 2007 (45F013F6)
    bf9c3000 bf9d4580 dxg dxg.sys Wed Aug 04 02:00:51 2004 (41107B93)
    bf9d5000 bf9e3000 ialmrnt5 ialmrnt5.dll Mon Nov 28 17:12:06 2005 (438B80B6)
    bf9e3000 bfa05000 ialmdnt5 ialmdnt5.dll Mon Nov 28 17:12:00 2005 (438B80B0)
    bfa05000 bfa39660 ialmdev5 ialmdev5.DLL Mon Nov 28 17:11:49 2005 (438B80A5)
    bfa3a000 bfb1c000 ialmdd5 ialmdd5.DLL Mon Nov 28 17:19:19 2005 (438B8267)
    bffa0000 bffe5c00 ATMFD ATMFD.DLL Wed Aug 04 03:56:56 2004 (411096C8)
    f75af000 f75b1900 Dxapi Dxapi.sys Fri Aug 17 16:53:19 2001 (3B7D843F)
    f75eb000 f7605580 Mup Mup.sys Wed Aug 04 02:15:20 2004 (41107EF8)
    f7606000 f7632a80 NDIS NDIS.sys Wed Aug 04 02:14:27 2004 (41107EC3)
    f7633000 f76bf400 Ntfs Ntfs.sys Fri Feb 09 06:10:31 2007 (45CC56A7)
    f76c0000 f76d6780 KSecDD KSecDD.sys Wed Aug 04 01:59:45 2004 (41107B51)
    f76d7000 f76e8f00 sr sr.sys Wed Aug 04 02:06:22 2004 (41107CDE)
    f76e9000 f7708780 fltMgr fltMgr.sys Mon Aug 21 05:14:57 2006 (44E97991)
    f7709000 f7720480 atapi atapi.sys Wed Aug 04 01:59:41 2004 (41107B4D)
    f7721000 f773f880 ftdisk ftdisk.sys Fri Aug 17 16:52:41 2001 (3B7D8419)
    f7740000 f775d480 pcmcia pcmcia.sys Wed Aug 04 02:07:45 2004 (41107D31)
    f775e000 f776ea80 pci pci.sys Wed Aug 04 02:07:45 2004 (41107D31)
    f776f000 f779cd80 ACPI ACPI.sys Wed Aug 04 02:07:35 2004 (41107D27)
    f77be000 f77c6c00 isapnp isapnp.sys Fri Aug 17 16:58:01 2001 (3B7D8559)
    f77ce000 f77dce80 ohci1394 ohci1394.sys Wed Aug 04 02:10:05 2004 (41107DBD)
    f77de000 f77eb000 1394BUS 1394BUS.SYS Wed Aug 04 02:10:03 2004 (41107DBB)
    f77ee000 f77f8500 MountMgr MountMgr.sys Wed Aug 04 01:58:29 2004 (41107B05)
    f77fe000 f780ac80 VolSnap VolSnap.sys Wed Aug 04 02:00:14 2004 (41107B6E)
    f780e000 f7816e00 disk disk.sys Wed Aug 04 01:59:53 2004 (41107B59)
    f781e000 f782a200 CLASSPNP CLASSPNP.SYS Wed Aug 04 02:14:26 2004 (41107EC2)
    f782e000 f783d180 nic1394 nic1394.sys Wed Aug 04 01:58:28 2004 (41107B04)
    f783e000 f7846d00 intelppm intelppm.sys Wed Aug 04 01:59:19 2004 (41107B37)
    f784e000 f785ae00 i8042prt i8042prt.sys Wed Aug 04 02:14:36 2004 (41107ECC)
    f785e000 f7868380 imapi imapi.sys Wed Aug 04 02:00:12 2004 (41107B6C)
    f786e000 f787a180 cdrom cdrom.sys Wed Aug 04 01:59:52 2004 (41107B58)
    f787e000 f788c080 redbook redbook.sys Wed Aug 04 01:59:34 2004 (41107B46)
    f788e000 f7896880 Fips Fips.SYS Fri Aug 17 21:31:49 2001 (3B7DC585)
    f792e000 f793a880 rasl2tp rasl2tp.sys Wed Aug 04 02:14:21 2004 (41107EBD)
    f793e000 f7948200 raspppoe raspppoe.sys Wed Aug 04 02:05:06 2004 (41107C92)
    f794e000 f7959d00 raspptp raspptp.sys Wed Aug 04 02:14:26 2004 (41107EC2)
    f795e000 f7966900 msgpc msgpc.sys Wed Aug 04 02:04:11 2004 (41107C5B)
    f796e000 f7977f00 termdd termdd.sys Wed Aug 04 01:58:52 2004 (41107B1C)
    f797e000 f7987480 NDProxy NDProxy.SYS Fri Aug 17 16:55:30 2001 (3B7D84C2)
    f799e000 f79acb80 drmk drmk.sys Wed Aug 04 02:07:54 2004 (41107D3A)
    f79ae000 f79b8980 Tvs Tvs.sys Tue Nov 29 21:01:01 2005 (438D07DD)
    f79be000 f79c6f80 csiidecoder_kern_i386 csiidecoder_kern_i386.sys Tue Oct 25 20:33:04 2005 (435ECEC0)
    f79de000 f79ec100 usbhub usbhub.sys Wed Aug 04 02:08:40 2004 (41107D68)
    f7a0e000 f7a16700 wanarp wanarp.sys Wed Aug 04 02:04:57 2004 (41107C89)
    f7a1e000 f7a2cd80 arp1394 arp1394.sys Wed Aug 04 01:58:28 2004 (41107B04)
    f7a2e000 f7a36700 netbios netbios.sys Wed Aug 04 02:03:19 2004 (41107C27)
    f7a3e000 f7a44200 PCIIDEX PCIIDEX.SYS Wed Aug 04 01:59:40 2004 (41107B4C)
    f7a46000 f7a4a900 PartMgr PartMgr.sys Fri Aug 17 21:32:23 2001 (3B7DC5A7)
    f7a4e000 f7a52e20 PxHelp20 PxHelp20.sys Mon Apr 25 15:48:02 2005 (426D4972)
    f7a8e000 f7a93000 usbuhci usbuhci.sys Wed Aug 04 02:08:34 2004 (41107D62)
    f7a96000 f7a9c800 usbehci usbehci.sys Wed Aug 04 02:08:34 2004 (41107D62)
    f7aa6000 f7aac000 kbdclass kbdclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
    f7aae000 f7ab3a00 mouclass mouclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
    f7abe000 f7ac3200 iviaspi iviaspi.sys Thu Sep 11 02:36:53 2003 (3F601805)
    f7ac6000 f7acb200 vga vga.sys Wed Aug 04 02:07:06 2004 (41107D0A)
    f7ad6000 f7add000 GEARAspiWDM GEARAspiWDM.sys Mon Aug 07 13:11:27 2006 (44D7743F)
    f7ae6000 f7aeaa80 Msfs Msfs.SYS Wed Aug 04 02:00:37 2004 (41107B85)
    f7aee000 f7af5880 Npfs Npfs.SYS Wed Aug 04 02:00:38 2004 (41107B86)
    f7b46000 f7b4a500 watchdog watchdog.sys Wed Aug 04 02:07:32 2004 (41107D24)
    f7b6e000 f7b72880 TDI TDI.SYS Wed Aug 04 02:07:47 2004 (41107D33)
    f7b7e000 f7b82580 ptilink ptilink.sys Fri Aug 17 16:49:53 2001 (3B7D8371)
    f7b8e000 f7b92080 raspti raspti.sys Fri Aug 17 16:55:32 2001 (3B7D84C4)
    f7b9e000 f7ba5200 tsxt_kern_i386 tsxt_kern_i386.sys Tue Jan 25 17:35:24 2005 (41F6C9AC)
    f7bae000 f7bb4900 wowhd_kern_i386 wowhd_kern_i386.sys Thu Aug 18 12:45:49 2005 (4304BB3D)
    f7bbe000 f7bc5580 Modem Modem.SYS Wed Aug 04 02:08:04 2004 (41107D44)
    f7bce000 f7bd1000 BOOTVID BOOTVID.dll Fri Aug 17 16:49:09 2001 (3B7D8345)
    f7bd2000 f7bd4480 compbatt compbatt.sys Fri Aug 17 16:57:58 2001 (3B7D8556)
    f7bd6000 f7bd9700 BATTC BATTC.SYS Fri Aug 17 16:57:52 2001 (3B7D8550)
    f7bda000 f7bdcd80 ACPIEC ACPIEC.sys Fri Aug 17 16:57:55 2001 (3B7D8553)
    f7c6e000 f7c71700 CmBatt CmBatt.sys Wed Aug 04 02:07:39 2004 (41107D2B)
    f7c7a000 f7c7c880 pfc pfc.sys Fri Sep 19 19:47:22 2003 (3F6B958A)
    f7c92000 f7c94280 rasacd rasacd.sys Fri Aug 17 16:55:39 2001 (3B7D84CB)
    f7ca2000 f7ca4580 ndistapi ndistapi.sys Fri Aug 17 16:55:29 2001 (3B7D84C1)
    f7cb6000 f7cb9c80 mssmbios mssmbios.sys Wed Aug 04 02:07:47 2004 (41107D33)
    f7cbe000 f7cbfb80 kdcom kdcom.dll Fri Aug 17 16:49:10 2001 (3B7D8346)
    f7cc0000 f7cc1100 WMILIB WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
    f7cc8000 f7cc9100 swenum swenum.sys Wed Aug 04 01:58:41 2004 (41107B11)
    f7cd4000 f7cd5280 USBD USBD.SYS Fri Aug 17 17:02:58 2001 (3B7D8682)
    f7cd8000 f7cd9f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 16:49:37 2001 (3B7D8361)
    f7cdc000 f7cdd080 Beep Beep.SYS Fri Aug 17 16:47:33 2001 (3B7D82E5)
    f7ce0000 f7ce1080 mnmdd mnmdd.SYS Fri Aug 17 16:57:28 2001 (3B7D8538)
    f7ce4000 f7ce5080 RDPCDD RDPCDD.sys Fri Aug 17 16:46:56 2001 (3B7D82C0)
    f7cea000 f7ceb100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
    f7d86000 f7d86d00 pciide pciide.sys Fri Aug 17 16:51:49 2001 (3B7D83E5)
    f7d87000 f7d87d80 OPRGHDLR OPRGHDLR.SYS Fri Aug 17 16:57:55 2001 (3B7D8553)
    f7e08000 f7e08d00 dxgthk dxgthk.sys Fri Aug 17 16:53:12 2001 (3B7D8438)
    f7e69000 f7e69c00 audstub audstub.sys Fri Aug 17 16:59:40 2001 (3B7D85BC)
    f7ece000 f7eceb80 Null Null.SYS Fri Aug 17 16:47:39 2001 (3B7D82EB)

    Unloaded modules:
    f7ab6000 f7abb000 Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7c7e000 f7c81000 Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7a86000 f7a8b000 Flpydisk.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7a7e000 f7a85000 Fdc.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f791e000 f7927000 csiidecoder_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b4e000 f7b55000 wowhd_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b3e000 f7b46000 tsxt_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f790e000 f7919000 Tvs.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78fe000 f7907000 csiidecoder_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b36000 f7b3d000 wowhd_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b26000 f7b2e000 tsxt_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78ee000 f78f9000 Tvs.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78de000 f78e7000 csiidecoder_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b1e000 f7b25000 wowhd_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b0e000 f7b16000 tsxt_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78ce000 f78d9000 Tvs.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78be000 f78c7000 csiidecoder_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7b06000 f7b0d000 wowhd_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7af6000 f7afe000 tsxt_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f78ae000 f78b9000 Tvs.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f789e000 f78a7000 csiidecoder_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7aee000 f7af5000 wowhd_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7ade000 f7ae6000 tsxt_kern_i386.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f788e000 f7899000 Tvs.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    Closing open log file c:\debuglog.txt
     
    sashkashurik,
    #3
  5. 2007/05/20
    sashkashurik

    sashkashurik Inactive Thread Starter

    Joined:
    2007/05/20
    Messages:
    11
    Likes Received:
    0
    I have checked that xpdt.sys is not present on the system and should not be as it is part of a backdoor program.

    Moreover, I have been able to boot in a normal mode(checked twice) after I have disabled all audio, networking, and dvdram drivers.
     
    Last edited: 2007/05/20
    sashkashurik,
    #4
  6. 2007/05/21
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Dump data says that it is.
     
    PeteC,
    #5
  7. 2007/05/21
    sashkashurik

    sashkashurik Inactive Thread Starter

    Joined:
    2007/05/20
    Messages:
    11
    Likes Received:
    0
    Almost fixed

    You were right when saying that this was a security issue....

    It was a root kit that's why I could not find it in a system.

    Thank you for your help and sorry for being too stubborn.
     
    sashkashurik,
    #6
  8. 2007/05/21
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    No problem :) Trust you have a successful fix.
     
    PeteC,
    #7
  9. 2007/05/21
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    Arie,
    #8
  10. 2007/05/21
    sashkashurik

    sashkashurik Inactive Thread Starter

    Joined:
    2007/05/20
    Messages:
    11
    Likes Received:
    0
    sashkashurik,
    #9

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...