Inactive I might have a virus

justsomeguy · 2011/10/01

[Inactive] I might have a virus

HI I have been having random freezes, reboots, shut downs and bluescreens with my computer for awhile now and cant figure out what’s causing this. It doesn’t happen all the time. It will have a day or two sometimes where it doesn’t crash and then it goes right back to crashing. I have been working with Arie to try and sort this out and he thought one of my dumprep files seemed suspicious and to post here. The funny thing is after doing the fixes that Arie had mentioned to me my computer worked perfectly for 4 days with no problems. It wasn’t until I updated Windows that it started crashing again. When I checked to see what the update was it was a Windows Security update. I didn’t know if that might be a sign or not.
To let you know what in the form of protection I have running is Norton 360 with its firewall and its all up to date. I run scans pretty regularly with Malwarebytes and it is up to date. I, from time to time, have booted into a Linux live usb and ran what I believe is avast, to check for viruses as well and I also have a hardware firewall running.
I have followed the steps posted for the scans that are asked for to be reviewed here. All went smoothly except for Gmer. I ran it twice, both times I didn’t get any description or warnings for Root kits, like the instructions seemed to state I would, but both times after it running for 4 or so hours my computer crashed before I could get or save a log. The first time it gave me a warning, something about no internet connection so it wasn’t able to save a log and that it could be a hardware problem or a network problem to save a log locally, but I had to come back to it so when I did the computer had crashed. The second time I ran it while Windows was in safe mode and I waited the 4 or so hours. When it finished again no warnings, this time at all, not even like the one the first time, but when I hit save log it gave me a window stating "C:\Documents and Settings\Username\My Documents is not accessible.
Insufficient system resources exist to complete the requested service." and then my computer beeped and then froze. There where things listed under the tab that says Rootkit/Malwaer but I assume these are just things it scanned, no red listings like the pictures of Gmer show. Any way any info or help that anyone can give would really be appreciated. Thanks in advance. Incidentally if interested the link to my other discussion with Arie is here: http://www.windowsbbs.com/windows-xp/100399-random-bluescreens-freezes.html

Here are the other logs:
Malwarebytes:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7811

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/1/2011 9:59:10 AM
mbam-log-2011-10-01 (09-59-10).txt

Scan type: Quick scan
Objects scanned: 243296
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

aswMBR:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-27 21:50:58
-----------------------------
21:50:58.125 OS Version: Windows 5.1.2600 Service Pack 3
21:50:58.125 Number of processors: 4 586 0xF07
21:50:58.125 ComputerName: DMASTER UserName: Mine
21:50:58.546 Initialize success
21:51:40.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000080
21:51:40.531 Disk 0 Vendor: WDC_WD3200YS-01PGB0 21.00M21 Size: 305245MB BusType: 3
21:51:40.531 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000081
21:51:40.546 Disk 1 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 3
21:51:42.546 Disk 0 MBR read successfully
21:51:42.546 Disk 0 MBR scan
21:51:42.546 Disk 0 Windows XP default MBR code
21:51:42.546 Disk 0 scanning sectors +625121280
21:51:42.578 Disk 0 scanning C:\WINDOWS\system32\drivers
21:51:49.593 Service scanning
21:51:50.468 Modules scanning
21:51:56.218 Disk 0 trace - called modules:
21:51:56.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
21:51:56.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6d0ab8]
21:51:56.234 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000082[0x8a697f18]
21:51:56.234 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\00000080[0x8a6a4030]
21:51:56.250 Scan finished successfully
21:52:07.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mine\Desktop\MBR.dat "
21:52:07.656 The log file has been saved successfully to "C:\Documents and Settings\Mine\Desktop\aswMBR.txt "

dds:
DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Mine at 9:44:38 on 2011-10-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.680 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Stickies\stickies.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe "
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe "
uRun: [AdobeBridge]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [RemoTerm.exe] c:\program files\common files\pctv systems\remoterm\RemoTerm.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\mine\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\docume~1\mine\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\checkf~1.lnk - c:\program files\common files\pctv systems\webupdater\WebUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1308387136750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{340365C9-28FB-4E3A-9FC8-EC648B6245F7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C3253275-A342-4255-8388-5C5F280B2AF5} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mine\application data\mozilla\firefox\profiles\flflhomn.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-8-15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-8-15 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-8-15 136312]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-6-20 12184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-28 366152]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-8-15 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-11 2255464]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-18 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-18 399416]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2011-7-9 4807536]
R3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [2009-8-24 44544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-28 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110930.030\IDSXpx86.sys [2011-10-1 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-28 22216]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110930.033\NAVENG.SYS [2011-10-1 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20110930.033\NAVEX15.SYS [2011-10-1 1576312]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\drivers\SaiK0CCB.sys [2010-8-10 138760]
R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\drivers\SaiU0CCB.sys [2010-8-10 35336]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-6-17 128272]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-7-9 10752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-27 00:23:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 18:18:17 -------- d-----w- c:\program files\iPod
2011-09-26 18:18:15 -------- d-----w- c:\program files\iTunes
2011-09-26 18:17:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-09-26 18:17:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-09-26 18:17:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-09-26 18:17:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-09-26 18:17:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-09-26 18:17:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-09-26 18:17:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-09-26 18:16:03 -------- d-----w- c:\program files\Bonjour
2011-09-26 00:10:43 53248 ------w- c:\windows\system32\wdmioctl.dll
2011-09-26 00:10:43 1285632 ------w- c:\windows\system32\SMMedia.dll
2011-09-26 00:10:42 49152 ------w- c:\windows\system32\DSndUp.exe
2011-09-26 00:10:42 45056 ------w- c:\windows\system32\CleanUp.exe
2011-09-26 00:10:42 -------- d-----w- c:\program files\Analog Devices
2011-09-26 00:10:20 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2011-09-26 00:10:20 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2011-09-26 00:10:20 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-09-26 00:10:20 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2011-09-26 00:10:20 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2011-09-26 00:10:20 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2011-09-26 00:10:20 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2011-09-25 22:58:23 -------- d-----w- C:\symbols
2011-09-25 22:38:56 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-09-24 21:18:08 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-22 06:07:25 -------- d-----w- c:\windows\system32\appmgmt
2011-09-21 04:24:26 -------- d-sh--w- C:\found.001
2011-09-19 06:37:34 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-09-19 06:37:31 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-09-19 06:37:30 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-09-19 06:37:28 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-09-19 06:37:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-09-19 06:37:16 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-09-19 06:37:13 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-09-19 06:37:12 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-09-19 06:37:10 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-09-19 06:37:09 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-09-19 06:37:01 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-09-19 06:37:00 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-09-19 06:35:59 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-09-19 06:34:58 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-09-19 06:33:58 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-09-19 06:32:58 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2011-09-19 06:31:56 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-09-19 06:30:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-09-19 06:29:59 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2011-09-19 06:28:58 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-09-19 06:27:58 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2011-09-19 06:26:58 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2011-09-19 06:25:57 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2011-09-19 06:24:58 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-09-19 06:23:59 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2011-09-19 06:22:59 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2011-09-19 06:21:59 50176 -c--a-w- c:\windows\system32\dllcache\cyyport.sys
2011-09-19 06:20:59 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2011-09-18 05:34:41 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-09-18 04:08:27 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-09-18 04:08:27 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-09-18 04:08:27 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-09-18 04:08:27 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-09-18 04:08:26 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-09-18 04:08:26 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-09-18 04:08:25 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-09-15 21:51:42 -------- d-----w- c:\documents and settings\mine\local settings\application data\Ahead
2011-09-15 21:25:37 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2011-09-15 21:25:36 476320 ------w- c:\windows\system32\ImagXpr7.dll
2011-09-15 21:25:36 471040 ------w- c:\windows\system32\ImagXRA7.dll
2011-09-15 21:25:36 262144 ------w- c:\windows\system32\ImagXR7.dll
2011-09-15 21:25:36 1568768 ------w- c:\windows\system32\ImagX7.dll
2011-09-15 21:24:43 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-09-15 21:24:42 -------- d-----w- c:\program files\CyberLink DVD Solution
2011-09-12 05:55:30 -------- d-----w- c:\program files\Seagate
2011-09-12 05:54:46 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-09-08 04:14:36 10438568 ----a-r- c:\documents and settings\mine\application data\microsoft\installer\{8dc485d5-ab09-489f-8d8b-7a229f595f33}\PhotoSceneEditor.exe
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-09-11 07:17:47 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-09-11 07:17:47 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-09-11 07:17:45 280276 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 18:18:00 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-08-15 18:18:00 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-27 23:57:02 114176 ------w- c:\windows\system32\emPRP.ax
2011-07-22 22:48:15 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-19 01:49:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-19 01:49:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-14 19:01:46 587 ----a-w- c:\windows\uninstallstickies.bat
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 9:45:39.04 ===============

Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/13/2011 8:49:13 PM
System Uptime: 10/1/2011 9:30:28 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | StrikerExtreme
Processor: Intel(R) Core(TM)2 Quad CPU @ 2.66GHz | Socket 775 | 2672/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 201.505 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 77.954 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP43: 7/2/2011 2:43:06 PM - System Checkpoint
RP44: 7/3/2011 10:00:25 PM - System Checkpoint
RP45: 7/5/2011 11:27:07 AM - System Checkpoint
RP46: 7/6/2011 12:25:38 PM - System Checkpoint
RP47: 7/9/2011 3:43:40 PM - System Checkpoint
RP48: 7/10/2011 8:28:18 PM - System Checkpoint
RP49: 7/12/2011 10:58:58 AM - System Checkpoint
RP50: 7/12/2011 12:47:22 PM - Norton 360 Registry Clean
RP51: 7/13/2011 2:17:34 PM - Software Distribution Service 3.0
RP52: 7/14/2011 5:58:28 PM - System Checkpoint
RP53: 7/15/2011 6:21:30 PM - System Checkpoint
RP54: 7/17/2011 3:24:34 PM - System Checkpoint
RP55: 7/18/2011 3:25:56 PM - System Checkpoint
RP56: 7/18/2011 6:38:48 PM - Installed DirectX
RP57: 7/18/2011 6:45:59 PM - Installed DirectX
RP58: 7/19/2011 5:33:00 PM - Installed Autodesk Maya 2012 English Documentation
RP59: 7/19/2011 6:28:59 PM - Software Distribution Service 3.0
RP60: 7/20/2011 7:57:16 PM - System Checkpoint
RP61: 7/22/2011 4:40:09 PM - Norton 360 Registry Clean
RP62: 7/27/2011 3:36:14 PM - System Checkpoint
RP63: 7/28/2011 6:18:17 PM - System Checkpoint
RP64: 7/30/2011 11:34:48 AM - System Checkpoint
RP65: 7/31/2011 3:11:32 PM - System Checkpoint
RP66: 8/1/2011 6:18:14 PM - System Checkpoint
RP67: 8/2/2011 9:02:54 PM - System Checkpoint
RP68: 8/4/2011 3:54:22 AM - Installed DirectX
RP69: 8/5/2011 5:49:00 AM - Installed TVCenter.
RP70: 8/6/2011 1:03:02 PM - Installed %1 %2.
RP71: 8/8/2011 4:58:34 PM - NU15 system restore
RP72: 8/8/2011 5:32:13 PM - Software Distribution Service 3.0
RP73: 8/10/2011 5:11:52 PM - System Checkpoint
RP74: 8/10/2011 7:31:00 PM - Software Distribution Service 3.0
RP75: 8/13/2011 6:29:51 PM - System Checkpoint
RP76: 8/14/2011 4:24:58 PM - About to remove pctools from reg
RP77: 8/15/2011 10:27:09 AM - Restore Operation
RP78: 8/15/2011 10:39:06 AM - Restore Operation
RP79: 8/15/2011 10:44:34 AM - Restore Operation
RP80: 8/15/2011 10:46:24 AM - Software Distribution Service 3.0
RP81: 8/16/2011 12:10:45 PM - System Checkpoint
RP82: 8/17/2011 11:47:09 AM - Software Distribution Service 3.0
RP83: 8/17/2011 12:02:19 PM - Restore Operation
RP84: 8/17/2011 12:07:14 PM - Restore Operation
RP85: 8/17/2011 12:12:08 PM - Restore Operation
RP86: 8/17/2011 12:22:50 PM - Update to an unsigned driver
RP87: 8/17/2011 1:21:37 PM - Update to an unsigned driver
RP88: 8/17/2011 2:28:12 PM - Unsigned driver install
RP89: 8/21/2011 6:00:37 PM - System Checkpoint
RP90: 8/22/2011 7:37:29 PM - System Checkpoint
RP91: 8/23/2011 11:34:13 PM - Software Distribution Service 3.0
RP92: 8/28/2011 11:48:22 AM - System Checkpoint
RP93: 8/29/2011 12:24:11 PM - System Checkpoint
RP94: 8/30/2011 8:09:44 PM - System Checkpoint
RP95: 8/31/2011 8:56:13 PM - System Checkpoint
RP96: 9/5/2011 1:06:42 PM - System Checkpoint
RP97: 9/7/2011 2:49:16 AM - Software Distribution Service 3.0
RP98: 9/7/2011 9:14:16 PM - Installed Autodesk Photo Scene Editor
RP99: 9/7/2011 11:10:19 PM - Restore Operation
RP100: 9/7/2011 11:17:35 PM - Software Distribution Service 3.0
RP101: 9/10/2011 11:50:36 AM - System Checkpoint
RP102: 9/10/2011 11:05:14 PM - Restore Operation
RP103: 9/10/2011 11:08:42 PM - Restore Operation
RP104: 9/10/2011 11:12:14 PM - Restore Operation
RP105: 9/10/2011 11:38:36 PM - Norton 360 Registry Clean
RP106: 9/11/2011 10:54:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP107: 9/11/2011 10:55:29 PM - Installed SeaTools for Windows
RP108: 9/13/2011 10:19:13 AM - System Checkpoint
RP109: 9/15/2011 2:38:57 PM - Software Distribution Service 3.0
RP110: 9/16/2011 8:55:46 PM - System Checkpoint
RP111: 9/16/2011 10:12:46 PM - Configured NVIDIA ForceWare Network Access Manager
RP112: 9/17/2011 9:14:02 PM - Installed FEAR
RP113: 9/17/2011 9:33:24 PM - Installed DirectX 9.0
RP114: 9/17/2011 11:07:37 PM - Installed FEAR Extraction Point
RP115: 9/17/2011 11:17:53 PM - Installed FEAR Extraction Point
RP116: 9/17/2011 11:28:57 PM - Installed FEAR Extraction Point
RP117: 9/18/2011 12:17:12 PM - Installed FEAR Extraction Point
RP118: 9/18/2011 12:20:35 PM - Installed FEAR Extraction Point
RP119: 9/21/2011 8:41:12 PM - System Checkpoint
RP120: 9/21/2011 11:07:16 PM - Removed iTunes
RP121: 9/21/2011 11:14:22 PM - Installed iTunes
RP122: 9/21/2011 11:19:10 PM - Removed iTunes
RP123: 9/25/2011 3:37:07 PM - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
RP124: 9/25/2011 4:58:29 PM - Configured SoundMAX
RP125: 9/25/2011 4:58:41 PM - Removed SoundMAX
RP126: 9/25/2011 5:10:24 PM - Installed SoundMAX
RP127: 9/25/2011 5:10:42 PM - Installed SoundMAX
RP128: 9/26/2011 10:55:27 AM - Removed QuickTime
RP129: 9/26/2011 10:56:17 AM - Removed Apple Software Update
RP130: 9/26/2011 10:56:49 AM - Removed Apple Mobile Device Support
RP131: 9/26/2011 10:58:05 AM - Removed Bonjour
RP132: 9/26/2011 10:58:22 AM - Removed Apple Application Support
RP133: 9/26/2011 11:18:09 AM - Installed iTunes
RP134: 9/26/2011 12:23:58 PM - Norton 360 Registry Clean
RP135: 9/26/2011 12:56:41 PM - Fixing iTunes reg after this
RP136: 9/26/2011 1:13:01 PM - Software Distribution Service 3.0
RP137: 9/26/2011 1:46:09 PM - Restore Operation
RP138: 9/27/2011 2:34:09 PM - System Checkpoint
RP139: 9/28/2011 12:29:11 AM - Before trying Zbrush4r2
RP140: 9/28/2011 12:30:51 AM - Installed ZBrush 4R2
RP141: 9/28/2011 12:46:08 AM - Software Distribution Service 3.0
RP142: 9/29/2011 9:21:21 AM - System Checkpoint
RP143: 10/1/2011 8:55:01 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
3D Windows XP Screen Saver
7-Zip 9.20
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader X (10.1.1)
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Autodesk Backburner 2012.0.0
Autodesk DirectConnect 2012 32-bit
Autodesk MatchMover 2012 32-bit
Autodesk Maya 2012 32-bit
Autodesk Maya 2012 English Documentation
Autodesk Photo Scene Editor
AutoUpdate
Bonjour
Composite 2012
Debugging Tools for Windows (x86)
DivX Codec
DVD Solution
EPSON TWAIN 5
eReg
EVE Online Demo
FEAR
FEAR Extraction Point
FreeCommander 2009.02b
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
IsoBuster 2.8.5
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Left 4 Dead 2
LightScribe 1.4.31.1
Logitech SetPoint 6.30
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Mozilla Firefox 6.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Launcher
Nero OEM
neroxml
nLite 1.4.9.1
Norton 360
NVIDIA Control Panel 280.26
NVIDIA Drivers
NVIDIA Graphics Driver 280.26
NVIDIA Install Application
NVIDIA nView 135.94
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update 1.4.28
NVIDIA Update Components
PC Probe II
PDF Settings CS5
Picasa 3
Portal 2
PowerISO
PxMergeModule
QuickTime
RadioSure
Rainmeter
RocketDock 1.3.5
Sandboxie 3.56 (32-bit)
Sculptris Alpha 6
SeaTools for Windows
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype Toolbars
Skypeâ„¢ 5.3
Smart File Advisor 1.1.1
Smart Technology Programming Software 7.0.0.26
SoundMAX
Steam
Stickies 7.1a
System Requirements Lab
Team Fortress 2
TeamViewer 6
TVCenter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
Vista Drive Icon 1.4
VLC media player 1.1.11
Wacom Tablet
WebFldrs XP
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
ZBrush 4
ZBrush 4R2
.
==== Event Viewer Messages From Past Week ========
.
9/30/2011 4:04:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/30/2011 3:43:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu SRTSPX SymIRON SYMTDI Tcpip
9/30/2011 3:43:41 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 3:43:41 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 3:43:41 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 3:43:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 3:43:41 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 3:43:41 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/30/2011 3:42:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/30/2011 3:42:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/27/2011 9:46:59 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/1/2011 12:04:13 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
10/1/2011 12:04:13 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .
.
==== End Of File ===========================

Reply

Forward

Admin. · 2011/10/01

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2011/10/01

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

==========================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

justsomeguy · 2011/10/02

HI Broni thank you for your response. I ran the scans as you asked. I was just curious about the request for the extra scans, is that just normal or did you see something that peeked your interest? Either way here are the results and again thank you for your help:

RKUnhookerLE:
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xB6B60000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12546048 bytes (NVIDIA Corporation, NVIDIA Windows XP Miniport Driver, Version 280.26 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 4214784 bytes (NVIDIA Corporation, NVIDIA Windows XP Display driver, Version 280.26 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB067A000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111001.004\NAVEX15.SYS 1572864 bytes (Symantec Corporation, AV Engine)
0xB2B7B000 C:\WINDOWS\system32\DRIVERS\LV302V32.SYS 1273856 bytes (Logitech Inc., Logitech QuickCam Driver)
0xB77AA000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 1105920 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xB2DE8000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110920.001\BHDrvx86.sys 831488 bytes (Symantec Corporation, BASH Driver)
0xB7D7E000 SYMEFA.SYS 765952 bytes
0xB7CC7000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB0822000 C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect)
0xB2D52000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xB2F2F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB2ED1000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB5A4D000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB3060000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110930.030\IDSxpx86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
0xB3107000 C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0xB3188000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB13E7000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB7E4B000 SYMDS.SYS 356352 bytes
0xB7757000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 339968 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xB32C4000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 311296 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xBD417000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB0998000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB5AD3000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB14B7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7C9A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAEF55000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB2FC7000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB78B8000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB3038000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB30E1000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB30BB000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0xB0F01000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB2FF2000 C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
0xB32A0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB7903000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB78E0000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB3267000 C:\WINDOWS\system32\drivers\adidts.sys 139264 bytes (Analog Devices, Inc., Analog Devices DTS Driver)
0xB3016000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB1D93000 C:\Program Files\Sandboxie\SbieDrv.sys 135168 bytes (SANDBOXIE L.T.D, Sandboxie Kernel Mode Driver)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7EA2000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB2EB3000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB2B39000 C:\WINDOWS\System32\Drivers\dump_nvata.sys 106496 bytes
0xB7C80000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7EF1000 nvata.sys 106496 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) IDE Performance Driver)
0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7EC2000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB3289000 C:\WINDOWS\system32\drivers\AEAudio.sys 94208 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xB7D67000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB5B14000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB7EDA000 SI3132.sys 94208 bytes (Silicon Image, Inc, Serial ATA miniport driver)
0xB1B4E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB0666000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111001.004\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB6B4C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB31E1000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB7D54000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7E39000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB5B03000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB3421000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB82D8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8188000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB8278000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB7997000 C:\WINDOWS\system32\DRIVERS\azvusb.sys 61440 bytes (AzureWave Technologies, Inc., Virtual USB Hub)
0xB7927000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB82E8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB1FB4000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB3441000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xB7957000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB81A8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB7967000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 53248 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xB81B8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB8318000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 53248 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB81D8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB8168000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB82C8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB81C8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB82A8000 C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB7987000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB79A7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB0D79000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB8308000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB82B8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB3411000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xB3451000 C:\WINDOWS\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xB81E8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB8288000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB82F8000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xB79B7000 C:\WINDOWS\system32\drivers\SaiBus.sys 36864 bytes (Saitek, Smart Technology Helpers)
0xB3431000 C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys 36864 bytes (Wacom Technology, Wacom HID Mouse Monitor Filter Driver)
0xB8268000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB83B8000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xB83C0000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xB84A8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8338000 SiRemFil.sys 32768 bytes (Silicon Image, Inc, Filter driver for Silicon Image SATALink controllers.)
0xB83A0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8418000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8460000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xB8408000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB8428000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB064E000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB8420000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8450000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8458000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8498000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8468000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB84A0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8440000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8448000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB8438000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8410000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB83C8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB7C1A000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB1F40000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xB859C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB1F18000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB7C1E000 C:\WINDOWS\system32\DRIVERS\SaiMini.sys 16384 bytes (Saitek, Saitek Magic Mini Driver)
0xB84BC000 SiWinAcc.sys 16384 bytes (Silicon Image, Inc, Windows Accelerator Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB3164000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB3540000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB7C58000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB8580000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB080E000 C:\WINDOWS\system32\DRIVERS\psi_mf.sys 12288 bytes (Secunia, Secunia PSI Driver)
0xB3514000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8568000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
0xB8612000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xB85D0000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
0xB85B0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB8608000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB85AE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB85E8000 C:\WINDOWS\system32\DRIVERS\lv302af.sys 8192 bytes (Logitech Inc., Audio filter for Express Plus)
0xB85B2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB85B4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB862C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8630000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8760000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB87B5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB872D000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xB87AD000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Combofix:
ComboFix 11-10-02.03 - Mine 10/02/2011 16:00:30.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1160 [GMT -7:00]
Running from: c:\documents and settings\Mine\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-02 to 2011-10-02 )))))))))))))))))))))))))))))))
.
.
2011-09-30 23:03 . 2011-09-30 23:04 -------- d-----w- c:\documents and settings\Administrator
2011-09-27 00:23 . 2011-09-28 23:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 00:10 . 2005-05-04 15:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2011-09-26 00:10 . 2001-09-11 21:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2011-09-26 00:10 . 2011-09-26 00:11 -------- d-----w- c:\program files\Analog Devices
2011-09-26 00:10 . 2006-07-10 21:42 49152 ------w- c:\windows\system32\DSndUp.exe
2011-09-26 00:10 . 2002-04-17 21:05 45056 ------w- c:\windows\system32\CleanUp.exe
2011-09-26 00:10 . 2011-09-26 00:10 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-09-26 00:10 . 2011-09-26 00:10 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-09-26 00:10 . 2004-04-19 06:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-09-26 00:10 . 2004-04-19 06:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-09-26 00:10 . 2004-04-19 06:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-09-26 00:10 . 2004-04-19 06:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-09-26 00:10 . 2004-04-19 06:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-09-25 22:58 . 2011-09-26 16:41 -------- d-----w- C:\symbols
2011-09-25 22:38 . 2011-10-02 01:26 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-09-25 22:38 . 2011-09-25 22:38 -------- d-----w- c:\program files\Microsoft SDKs
2011-09-21 04:24 . 2011-09-21 04:24 -------- d-----w- C:\found.001
2011-09-19 06:26 . 2001-08-18 05:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2011-09-19 06:25 . 2001-08-17 19:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2011-09-19 06:24 . 2001-08-17 20:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-09-19 06:23 . 2001-08-17 19:15 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2011-09-19 06:22 . 2001-08-17 19:11 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2011-09-19 06:21 . 2001-08-18 05:36 28672 -c--a-w- c:\windows\system32\dllcache\cyycoins.dll
2011-09-19 06:20 . 2001-08-18 05:36 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2011-09-18 19:07 . 2011-09-18 19:07 -------- d-----w- c:\documents and settings\Mine\Application Data\InstallShield
2011-09-18 05:34 . 2011-09-18 05:34 -------- d--h--r- c:\documents and settings\Mine\Application Data\SecuROM
2011-09-18 05:34 . 2011-09-18 05:34 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-09-18 04:08 . 2005-11-14 06:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-09-18 04:08 . 2005-11-14 06:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-09-18 04:08 . 2005-11-14 06:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-09-18 04:08 . 2005-11-14 06:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-09-18 04:08 . 2011-09-18 04:08 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-09-18 04:08 . 2005-11-14 06:22 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-09-18 04:08 . 2011-09-18 04:08 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-09-15 21:51 . 2011-09-15 21:51 -------- d-----w- c:\documents and settings\Mine\Local Settings\Application Data\Ahead
2011-09-15 21:26 . 2011-09-15 21:26 -------- d-----w- c:\program files\Common Files\LightScribe
2011-09-15 21:25 . 2000-06-26 18:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2011-09-15 21:25 . 2004-07-27 00:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2011-09-15 21:25 . 2004-07-27 00:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2011-09-15 21:25 . 2004-07-27 00:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2011-09-15 21:25 . 2004-07-27 00:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2011-09-15 21:25 . 2011-09-15 21:25 -------- d-----w- c:\program files\Common Files\Ahead
2011-09-15 21:25 . 2011-09-22 06:16 -------- d-----w- c:\program files\Ahead
2011-09-15 21:24 . 2004-10-01 22:00 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-09-15 21:24 . 2011-09-15 21:24 -------- d-----w- c:\program files\CyberLink DVD Solution
2011-09-12 18:06 . 2011-09-12 18:06 -------- d-----w- c:\documents and settings\Mine\Application Data\DivX
2011-09-12 15:47 . 2011-09-12 15:47 -------- d-----w- c:\documents and settings\Mine\Application Data\SystemRequirementsLab
2011-09-12 05:55 . 2011-09-12 05:55 -------- d-----w- c:\program files\Seagate
2011-09-12 05:54 . 2011-09-12 05:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-09-08 04:14 . 2011-09-08 04:14 10438568 ----a-r- c:\documents and settings\Mine\Application Data\Microsoft\Installer\{8DC485D5-AB09-489F-8D8B-7A229F595F33}\PhotoSceneEditor.exe
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00 . 2011-06-29 01:53 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 18:18 . 2011-08-15 18:18 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-08-15 18:18 . 2011-08-15 18:18 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-03 11:49 . 2011-06-18 21:14 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-03 11:49 . 2011-06-18 21:14 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-07-27 23:57 . 2010-09-01 21:55 114176 ------w- c:\windows\system32\emPRP.ax
2011-07-22 22:52 . 2011-07-22 22:52 53248 ----a-r- c:\documents and settings\Mine\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-07-22 22:48 . 2011-06-20 18:17 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-19 01:49 . 2011-07-19 01:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-19 01:49 . 2011-07-19 01:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-14 19:01 . 2011-07-14 19:01 587 ----a-w- c:\windows\uninstallstickies.bat
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2006-02-28 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-07 17:15 . 2011-06-20 01:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl "= "c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 412432]
"RocketDock "= "c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"RemoTerm.exe "= "c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-06-10 226576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\Mine\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-7-31 100864]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-7-14 1122304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Check for Updates.lnk - c:\program files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-18 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe "=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe "=
"c:\\Program Files\\PCTV Systems\\TVCenter\\TVCenter.exe "=
"c:\\Program Files\\Common Files\\PCTV Systems\\PVR\\VideoControl.exe "=
"c:\\Program Files\\Common Files\\PCTV Systems\\StreamingServer\\StrmServer.exe "=
"c:\\Program Files\\Steam\\steamapps\\common\\eve online\\eve.exe "=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe "=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe "=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe "=
"c:\\Program Files\\Steam\\steamapps\\common\\Fear\\FEARXP\\FEARXP.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP "= 5985:TCP:*isabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [8/15/2011 11:17 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [8/15/2011 11:17 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110920.001\BHDrvx86.sys [9/26/2011 4:21 PM 816760]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [8/15/2011 11:17 AM 136312]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/20/2011 11:17 AM 12184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/28/2011 6:53 PM 366152]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [8/15/2011 11:17 AM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9/11/2011 12:17 AM 2255464]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/18/2011 11:44 PM 399416]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [7/9/2011 5:13 PM 4807536]
R3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [8/24/2009 9:14 AM 44544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/28/2011 8:38 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110930.030\IDSXpx86.sys [10/1/2011 9:01 AM 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/28/2011 6:53 PM 22216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [7/9/2011 5:13 PM 10752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\drivers\SaiK0CCB.sys [8/10/2010 9:40 AM 138760]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\drivers\SaiU0CCB.sys [8/10/2010 9:40 AM 35336]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*Deregistered* - BlackBox
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-DMASTER-Mine.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-25 10:44]
.
2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Mine\Application Data\Mozilla\Firefox\Profiles\flflhomn.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-02 16:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath "= "\ "c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-2146994945-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:00,87,22,c3,3a,3a,c7,88,fa,1d,d0,00,b8,0c,a8,df,01,cf,76,8b,e7,d2,0c,
1a,c2,3b,fb,8f,37,1e,fe,c1,6d,7f,aa,e2,c9,aa,e1,12,9f,9d,d7,ce,25,07,b1,ae,\
"?? "=hex:16,51,86,ea,31,01,71,a7,66,40,b9,66,96,a5,5b,f5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2011-10-02 16:13:36
ComboFix-quarantined-files.txt 2011-10-02 23:13
.
Pre-Run: 216,261,459,968 bytes free
Post-Run: 216,612,085,760 bytes free
.
- - End Of File - - E1113F33E2076C2878B27FE0952F1F99

broni · 2011/10/02

All look clean.
It must be some other reason for BSODs.

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

justsomeguy · 2011/10/03

In BlueScreenView, whats highlighted in red, Is that usually the culprit for that crash? If so is it looking like ntoskrnl and win32k.sys are the problem? I'm just trying to figure out how you read them, anyway here is the outcome:
==================================================
Dump File : Mini100111-03.dmp
Crash Time : 10/1/2011 5:54:40 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000004
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100111-03.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================
Dump File : Mini100111-02.dmp
Crash Time : 10/1/2011 4:23:04 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x04851016
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000000
Parameter 4 : 0x80502cd1
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+b82
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2bcd1
Stack Address 1 : ntoskrnl.exe+5e8d8
Stack Address 2 : win32k.sys+b82
Stack Address 3 : SYMEVENT.SYS+14a69
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100111-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini100111-01.dmp
Crash Time : 10/1/2011 12:53:47 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000004
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100111-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini092911-01.dmp
Crash Time : 9/29/2011 10:33:07 AM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x805387bc
Parameter 3 : 0xb84f3cc0
Parameter 4 : 0xb84f39bc
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+617bc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+617bc
Stack Address 1 : ntoskrnl.exe+f8fa8
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092911-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini092611-01.dmp
Crash Time : 9/26/2011 9:01:55 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x80522718
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+4b718
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+4b718
Stack Address 1 : ntoskrnl.exe+4bab0
Stack Address 2 : ntoskrnl.exe+3db2f
Stack Address 3 : ntoskrnl.exe+495dd
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092611-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini092511-03.dmp
Crash Time : 9/25/2011 4:09:31 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x082cdeb4
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502386
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b386
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b386
Stack Address 1 : ntoskrnl.exe+2b45b
Stack Address 2 : ntoskrnl.exe+24017
Stack Address 3 : ntoskrnl.exe+e9794
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092511-03.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini092511-02.dmp
Crash Time : 9/25/2011 3:08:18 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x0a0897e4
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502386
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b386
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b386
Stack Address 1 : ntoskrnl.exe+2b45b
Stack Address 2 : ntoskrnl.exe+24017
Stack Address 3 : ntoskrnl.exe+5ed05
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092511-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini092511-01.dmp
Crash Time : 9/25/2011 2:10:20 PM
Bug Check String : PFN_LIST_CORRUPT
Bug Check Code : 0x0000004e
Parameter 1 : 0x00000002
Parameter 2 : 0x0003df74
Parameter 3 : 0x0007feef
Parameter 4 : 0x00000002
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+22f43
Stack Address 1 : ntoskrnl.exe+4ac68
Stack Address 2 : ntoskrnl.exe+37ffd
Stack Address 3 : ntoskrnl.exe+38ac4
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092511-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini092011-02.dmp
Crash Time : 9/20/2011 9:04:45 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf2eb7c50
Parameter 2 : 0x00000000
Parameter 3 : 0xbf8011bb
Parameter 4 : 0x00000002
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+11bb
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : win32k.sys+11bb
Stack Address 1 : win32k.sys+32acd
Stack Address 2 : win32k.sys+1ade
Stack Address 3 : win32k.sys+19ede
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092011-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini092011-01.dmp
Crash Time : 9/20/2011 11:15:43 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000034
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092011-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini091811-02.dmp
Crash Time : 9/18/2011 3:44:01 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000007
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091811-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini091811-01.dmp
Crash Time : 9/18/2011 11:48:45 AM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000001
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000008
Parameter 4 : 0x00000001
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091811-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini091711-01.dmp
Crash Time : 9/17/2011 9:40:33 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x805cfac5
Parameter 3 : 0xb851fc30
Parameter 4 : 0xb851f92c
Caused By Driver : hal.dll
Caused By Address : hal.dll+2a3c
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+f8ac5
Stack Address 1 : ntoskrnl.exe+ea03f
Stack Address 2 : ntoskrnl.exe+e44b2
Stack Address 3 : ntoskrnl.exe+4f6fa
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091711-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini091311-01.dmp
Crash Time : 9/13/2011 3:14:34 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000004
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091311-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini091111-02.dmp
Crash Time : 9/11/2011 10:43:14 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf15b6c50
Parameter 2 : 0x00000000
Parameter 3 : 0xbf8011bb
Parameter 4 : 0x00000002
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+11bb
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : win32k.sys+11bb
Stack Address 1 : win32k.sys+32acd
Stack Address 2 : win32k.sys+1ade
Stack Address 3 : win32k.sys+19ede
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091111-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini091111-01.dmp
Crash Time : 9/11/2011 2:03:15 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x0055c98c
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502386
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b386
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b386
Stack Address 1 : ntoskrnl.exe+2b45b
Stack Address 2 : ntoskrnl.exe+24017
Stack Address 3 : ntoskrnl.exe+e9794
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091111-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini091011-01.dmp
Crash Time : 9/10/2011 10:23:13 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x0055ca2c
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502d10
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+b82
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2bd10
Stack Address 1 : ntoskrnl.exe+5e8d8
Stack Address 2 : win32k.sys+b82
Stack Address 3 : win32k.sys+5bbe3
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091011-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini082111-01.dmp
Crash Time : 8/21/2011 5:08:10 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf2bb8c50
Parameter 2 : 0x00000000
Parameter 3 : 0xbf8011bb
Parameter 4 : 0x00000002
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+11bb
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : win32k.sys+11bb
Stack Address 1 : win32k.sys+32acd
Stack Address 2 : win32k.sys+1ade
Stack Address 3 : win32k.sys+19ede
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082111-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini081711-01.dmp
Crash Time : 8/17/2011 4:05:13 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x00000cd4
Parameter 3 : 0x00000046
Parameter 4 : 0x8923c188
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+22f43
Stack Address 1 : ntoskrnl.exe+74583
Stack Address 2 : ntoskrnl.exe+5eb76
Stack Address 3 : Ntfs.sys+66af
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini081711-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini081611-02.dmp
Crash Time : 8/16/2011 6:29:39 PM
Bug Check String : DEREF_UNKNOWN_LOGON_SESSION
Bug Check Code : 0x00000046
Parameter 1 : 0x00000000
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+22f43
Stack Address 1 : ntoskrnl.exe+120f1f
Stack Address 2 : ntoskrnl.exe+121c2d
Stack Address 3 : ntoskrnl.exe+e44aa
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini081611-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini081611-01.dmp
Crash Time : 8/16/2011 4:34:51 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000004
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini081611-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini081411-01.dmp
Crash Time : 8/14/2011 3:14:43 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000b92
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x805172f6
Caused By Driver : nvata.sys
Caused By Address : nvata.sys+1d48
File Description : NVIDIA® nForce(TM) IDE Performance Driver
Product Name : NVIDIA nForce(TM) IDE Driver
Company : NVIDIA Corporation
File Version : 5.10.2600.0691 built by: WinDDK
Processor : 32-bit
Crash Address : ntoskrnl.exe+402f6
Stack Address 1 : ntoskrnl.exe+4b4cb
Stack Address 2 : ntoskrnl.exe+4bc4e
Stack Address 3 : ntoskrnl.exe+44c2b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini081411-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

Dump File : Mini080611-01.dmp
Crash Time : 8/6/2011 3:43:05 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8054b168
Parameter 3 : 0xb26a6c00
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+bf6
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : ntoskrnl.exe+74168
Stack Address 1 : win32k.sys+2346
Stack Address 2 : win32k.sys+289f
Stack Address 3 : win32k.sys+1e83
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080611-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini080511-02.dmp
Crash Time : 8/5/2011 6:55:59 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x0a0e0023
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x804e893f
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+1193f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+1193f
Stack Address 1 : ntoskrnl.exe+931a5
Stack Address 2 : ntoskrnl.exe+155f5f
Stack Address 3 : ntoskrnl.exe+160f67
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080511-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini080511-01.dmp
Crash Time : 8/5/2011 6:48:17 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x05021008
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502cd6
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2bcd6
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2bcd6
Stack Address 1 : ntoskrnl.exe+2328d
Stack Address 2 : ntoskrnl.exe+138412
Stack Address 3 : ntoskrnl.exe+6a67c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080511-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini080311-01.dmp
Crash Time : 8/3/2011 10:17:25 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x0dfc783d
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x8054521f
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+6e21f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+6e21f
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080311-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini080211-02.dmp
Crash Time : 8/2/2011 11:25:31 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x0a1a0061
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502cca
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2bcca
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2bcca
Stack Address 1 : ntoskrnl.exe+2bf2f
Stack Address 2 : ntoskrnl.exe+26a6b
Stack Address 3 : ntoskrnl.exe+fb78b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080211-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini080211-01.dmp
Crash Time : 8/2/2011 7:19:45 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf8535dc
Parameter 3 : 0xb05f9b1c
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+535dc
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : win32k.sys+535dc
Stack Address 1 : win32k.sys+53b3f
Stack Address 2 : win32k.sys+19d46
Stack Address 3 : win32k.sys+19e0a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini080211-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini073011-02.dmp
Crash Time : 7/30/2011 11:46:10 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000004
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini073011-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini073011-01.dmp
Crash Time : 7/30/2011 10:12:49 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x31373242
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000000
Parameter 4 : 0x804faf71
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+23f71
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+23f71
Stack Address 1 : ntoskrnl.exe+cf298
Stack Address 2 : ntoskrnl.exe+6a67c
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini073011-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072711-02.dmp
Crash Time : 7/27/2011 1:05:16 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8052d30f
Parameter 3 : 0xb84f3a88
Parameter 4 : 0xb84f3784
Caused By Driver : SYMEFA.SYS
Caused By Address : SYMEFA.SYS+1c231
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+5630f
Stack Address 1 : SYMEFA.SYS+1c231
Stack Address 2 : SYMEFA.SYS+1751b
Stack Address 3 : SYMEFA.SYS+18402
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072711-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

Dump File : Mini072711-01.dmp
Crash Time : 7/27/2011 12:39:23 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8052d15c
Parameter 3 : 0xb1637b94
Parameter 4 : 0xb1637890
Caused By Driver : SYMEFA.SYS
Caused By Address : SYMEFA.SYS+1c0d7
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+5615c
Stack Address 1 : ntoskrnl.exe+564d1
Stack Address 2 : SYMEFA.SYS+1c0d7
Stack Address 3 : SYMEFA.SYS+fe7e
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072711-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072511-01.dmp
Crash Time : 7/25/2011 12:37:18 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000004
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072511-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072411-01.dmp
Crash Time : 7/24/2011 9:35:31 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x80000003
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502cd8
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2bcd8
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2bcd8
Stack Address 1 : ntoskrnl.exe+2bf2f
Stack Address 2 : ntoskrnl.exe+25f5c
Stack Address 3 : ntoskrnl.exe+cc375
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072411-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072311-01.dmp
Crash Time : 7/23/2011 12:13:51 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000004
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072311-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072211-06.dmp
Crash Time : 7/22/2011 10:12:56 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8054bfd2
Parameter 3 : 0xb1cceb3c
Parameter 4 : 0x00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74fd2
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+74fd2
Stack Address 1 : ntoskrnl.exe+1362d8
Stack Address 2 : ntoskrnl.exe+10a864
Stack Address 3 : ntoskrnl.exe+9665c
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072211-06.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072211-05.dmp
Crash Time : 7/22/2011 9:28:13 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0xb850b49c
Parameter 3 : 0xb850b198
Parameter 4 : 0xb7ccd496
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+6496
File Description : NT File System Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+22f43
Stack Address 1 : Ntfs.sys+dff0
Stack Address 2 : Ntfs.sys+31033
Stack Address 3 : ntoskrnl.exe+1819f
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072211-05.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072211-04.dmp
Crash Time : 7/22/2011 8:46:34 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0xb85277f4
Parameter 3 : 0xb85274f0
Parameter 4 : 0xb7e23493
Caused By Driver : SYMEFA.SYS
Caused By Address : SYMEFA.SYS+a5493
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+22f43
Stack Address 1 : Ntfs.sys+dff0
Stack Address 2 : Ntfs.sys+546d4
Stack Address 3 : ntoskrnl.exe+1819f
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072211-04.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072211-03.dmp
Crash Time : 7/22/2011 6:41:46 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x07e3e61c
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502cf2
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+178b
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2bcf2
Stack Address 1 : ntoskrnl.exe+2328d
Stack Address 2 : win32k.sys+178b
Stack Address 3 : win32k.sys+3602d
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072211-03.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072211-02.dmp
Crash Time : 7/22/2011 4:09:29 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf1753c50
Parameter 2 : 0x00000000
Parameter 3 : 0xbf8011bb
Parameter 4 : 0x00000002
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+11bb
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : win32k.sys+11bb
Stack Address 1 : win32k.sys+32acd
Stack Address 2 : win32k.sys+1ade
Stack Address 3 : win32k.sys+19ede
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072211-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072211-01.dmp
Crash Time : 7/22/2011 10:08:07 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x078dda1c
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502386
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b386
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b386
Stack Address 1 : ntoskrnl.exe+2b45b
Stack Address 2 : ntoskrnl.exe+23d22
Stack Address 3 : ntoskrnl.exe+e9a7b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072211-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072111-05.dmp
Crash Time : 7/21/2011 9:35:33 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf0af5c50
Parameter 2 : 0x00000000
Parameter 3 : 0xbf8011bb
Parameter 4 : 0x00000001
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+11bb
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : win32k.sys+11bb
Stack Address 1 : win32k.sys+32acd
Stack Address 2 : win32k.sys+1ade
Stack Address 3 : win32k.sys+19ede
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072111-05.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072111-04.dmp
Crash Time : 7/21/2011 8:49:25 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x078a0503
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000000
Parameter 4 : 0x804fa31f
Caused By Driver : hal.dll
Caused By Address : hal.dll+298e
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2331f
Stack Address 1 : hal.dll+298e
Stack Address 2 : fltmgr.sys+6f56
Stack Address 3 : fltmgr.sys+17d21
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072111-04.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072111-03.dmp
Crash Time : 7/21/2011 7:57:46 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x3f003f34
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x806e7a16
Caused By Driver : hal.dll
Caused By Address : hal.dll+2a16
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : hal.dll+2a16
Stack Address 1 : Ntfs.sys+7c4
Stack Address 2 : Ntfs.sys+29f7
Stack Address 3 : Ntfs.sys+3c5eb
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072111-03.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072111-02.dmp
Crash Time : 7/21/2011 7:46:50 PM
Bug Check String : DRIVER_CORRUPTED_EXPOOL
Bug Check Code : 0x100000c5
Parameter 1 : 0x00000004
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8054bfd2
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+74fd2
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+74fd2
Stack Address 1 : ntoskrnl.exe+16a34
Stack Address 2 : fltmgr.sys+16d15
Stack Address 3 : fltmgr.sys+16fe5
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072111-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072111-01.dmp
Crash Time : 7/21/2011 1:03:45 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x02990008
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072111-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini072011-01.dmp
Crash Time : 7/20/2011 9:30:02 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000008
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072011-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini071911-02.dmp
Crash Time : 7/19/2011 9:50:26 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf25fdc50
Parameter 2 : 0x00000000
Parameter 3 : 0xbf8011bb
Parameter 4 : 0x00000002
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+11bb
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : win32k.sys+11bb
Stack Address 1 : win32k.sys+32acd
Stack Address 2 : win32k.sys+1ade
Stack Address 3 : win32k.sys+19ede
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071911-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini071911-01.dmp
Crash Time : 7/19/2011 6:21:51 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x082783b4
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071911-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini071211-04.dmp
Crash Time : 7/12/2011 3:52:37 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x07b12478
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0xb43cdeca
Caused By Driver : IDSxpx86.sys
Caused By Address : IDSxpx86.sys+26eca
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : IDSxpx86.sys+26eca
Stack Address 1 : IDSxpx86.sys+2d2b6
Stack Address 2 : IDSxpx86.sys+2b1ea
Stack Address 3 : IDSxpx86.sys+28c20
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071211-04.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini071211-03.dmp
Crash Time : 7/12/2011 1:19:00 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf1f53c50
Parameter 2 : 0x00000000
Parameter 3 : 0xbf80117b
Parameter 4 : 0x00000002
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+117b
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : win32k.sys+117b
Stack Address 1 : win32k.sys+32ae9
Stack Address 2 : win32k.sys+1a9e
Stack Address 3 : win32k.sys+19e99
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071211-03.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini071211-02.dmp
Crash Time : 7/12/2011 12:34:47 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xb2a012c1
Parameter 2 : 0x00000000
Parameter 3 : 0x891fbda2
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+2ba4
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address :
Stack Address 1 : hal.dll+2ef2
Stack Address 2 : hal.dll+2ba4
Stack Address 3 : win32k.sys+676e8
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071211-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini071211-01.dmp
Crash Time : 7/12/2011 10:20:17 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00190d58
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071211-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini071111-02.dmp
Crash Time : 7/11/2011 11:20:08 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x1000000a
Parameter 1 : 0x00000004
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000001
Parameter 4 : 0x80502302
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2b302
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2b302
Stack Address 1 : ntoskrnl.exe+6eeef
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071111-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini071111-01.dmp
Crash Time : 7/11/2011 1:37:04 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf2572c50
Parameter 2 : 0x00000000
Parameter 3 : 0xbf80117b
Parameter 4 : 0x00000002
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+117b
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6119 (xpsp_sp3_gdr.110602-1657)
Processor : 32-bit
Crash Address : win32k.sys+117b
Stack Address 1 : win32k.sys+32ae9
Stack Address 2 : win32k.sys+1a9e
Stack Address 3 : win32k.sys+19e99
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini071111-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592
==================================================

Dump File : Mini062711-01.dmp
Crash Time : 6/27/2011 9:42:23 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x8054bfd2
Parameter 3 : 0xb24e4868
Parameter 4 : 0x00000000
Caused By Driver : fltmgr.sys
Caused By Address : fltmgr.sys+7600
File Description : Microsoft Filesystem Filter Manager
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Crash Address : ntoskrnl.exe+74fd2
Stack Address 1 : SRTSP.SYS+2032
Stack Address 2 : SRTSP.SYS+24a9
Stack Address 3 : SRTSP.SYS+1083a
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini062711-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 110,592

broni · 2011/10/03

Looking at those errors I'd say you still have RAM issue.

If you have more than one RAM module installed, try starting/running computer with one RAM stick at a time.

justsomeguy · 2011/10/03

Whats the sign that tells you about bad ram in the reports? Just trying to figure out how to read the info. I thought to mention also, in case a chunk of those DumpReps might be having to do with it, I did run Memtest86+ a little while back on each stick individually and found that 2 of my 4 sticks seemed to be bad and remove those. The 2, that I thought were OK, did get a few errors, but Memtest states that, I think anything under 50 to 100 errors were OK because of possible hiccups in the software. I did run a test recently on the remaining 2 and didn't get any errors but they were both in there at the same time. I will test the remaining 2, but is Memtest something good to do or would you advise just working with windows to test it? Also if Memtest86+ is good to run, how many passes should I run it for and how many, if any, errors would you say are acceptable? The other thing is too, is if all 4 sticks of ram are bad what would cause that or could it possibly be the Dimms/motherboard that's failing and is there any way to test for that?

broni · 2011/10/03

Type of errors (PAGE_FAULT_IN_NONPAGED_AREA, IRQL_NOT_LESS_OR_EQUAL, KERNEL_MODE_EXCEPTION_NOT_HANDLED) plus several different system file listed as BSODs culprits may indicate RAM issue.
Bad sockets, or even motherboard possible as well.

memtest is a fine program, but the only real test is to remove all RAM modules, but one and run the computer for a day, or so (or until some BSOD occurs).
If things are fine remove that RAM stick and replace it with next one.

justsomeguy · 2011/10/05

Hey broni. Thank you for the response. I think I found it and you were right (fingers crossed). The sticks of ram seemed to be OK, but the 3rd Dimm seem to be the culprit. Its been a day and a half with no crash. I'll keep those fingers crossed and see how it pans out over the next few days.

broni · 2011/10/05

Sounds promising

If you don't mind I'll remove all malware related logs and I'll move this topic to Windows XP forum.
Let me know.

justsomeguy · 2011/10/07

Hey broni just an update and a response. Its seems as if the Dimm was definitely a problem because I don't have any where near the amount of crashing I was, but I have received a few more crashes. I don't know if problems are occurring from things such as corrupted data or drivers from all the crashing before or what, but I am still, albeit a lot less, am still getting some crashing. I have in the last day wrote back and forth with Arie here is the link to that dialog/forum if your interested http://www.windowsbbs.com/windows-xp/100399-random-bluescreens-freezes.html
As far as you wanting to remove this thread that's fine because if I seem to be clean of malware as you said it looked like, then I guess there is no need to keep this case open. Again thank you for all your help.

broni · 2011/10/07

Since you have another topic running I'll simply mark this one as "Inactive ".

Log in or Sign up

Inactive I might have a virus

justsomeguy Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

justsomeguy Inactive Thread Starter

broni Moderator Malware Analyst

justsomeguy Inactive Thread Starter

broni Moderator Malware Analyst

justsomeguy Inactive Thread Starter

broni Moderator Malware Analyst

justsomeguy Inactive Thread Starter

broni Moderator Malware Analyst

justsomeguy Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive I might have a virus

justsomeguy Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

justsomeguy Inactive Thread Starter

broni Moderator Malware Analyst

justsomeguy Inactive Thread Starter

broni Moderator Malware Analyst

justsomeguy Inactive Thread Starter

broni Moderator Malware Analyst

justsomeguy Inactive Thread Starter

broni Moderator Malware Analyst

justsomeguy Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches