BSOD after system setting idle for 8 hours

Mike, here is the result:

X-Clean - Found three items and cleaned

HazardShield - Found and deleted one item

Adaware found nothing

One interesting note: After all this, I rebooted in Safe Mode - with Networking (didn't mean to just hit enter on wrong selection) to run Spybot S&D - just to check. It crashed when Spybot started. Rebooted in plain Safe Mode ran Spybot....no problem.. found nothing.

Thanks

Mitch

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:16 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DebugDiag\DbgSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172003704917
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172715836890
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

--
End of file - 4239 bytes


DSS Log:

Deckard's System Scanner v20071014.68
Run by James Whinery on 2008-05-21 12:39:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as James Whinery.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:27 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DebugDiag\DbgSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\New Folder\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JAMESW~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172003704917
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172715836890
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

--
End of file - 4250 bytes

-- Files created between 2008-04-21 and 2008-05-21 -----------------------------

2008-05-21 10:31:05 0 d-------- C:\Program Files\Hazard Shield
2008-05-21 10:16:06 0 d-------- C:\Program Files\Lavasoft
2008-05-21 10:16:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-21 00:58:20 0 d-------- C:\Documents and Settings\James Whinery\Application Data\Malwarebytes
2008-05-21 00:58:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-21 00:58:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-21 00:29:47 0 dr-h----- C:\Documents and Settings\James Whinery\Recent
2008-05-20 12:46:13 0 d-------- C:\Program Files\ACW
2008-05-20 12:35:05 0 d-------- C:\WINDOWS\Prefetch
2008-05-20 12:33:07 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-20 12:33:07 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-05-20 04:07:59 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-20 04:07:59 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-20 04:07:59 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-20 04:07:59 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-20 04:07:59 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-20 04:07:59 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-20 04:07:59 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-20 04:07:59 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-20 04:07:59 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-20 04:07:59 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-20 04:07:59 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-20 04:07:59 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-20 04:07:59 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-20 04:07:59 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-19 09:18:58 0 d-------- C:\Program Files\S3
2008-05-17 19:58:06 0 d-------- C:\AOC
2008-05-15 12:18:21 0 d-------- C:\Program Files\Western Digital Technologies
2008-05-14 23:24:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-13 16:44:55 0 d-------- C:\Documents and Settings\James Whinery\Application Data\Corel
2008-05-13 04:09:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-13 04:09:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-12 17:57:11 0 d-------- C:\Program Files\Alwil Software
2008-05-12 17:55:19 0 d-------- C:\Program Files\CCleaner
2008-05-12 14:18:08 0 d-------- C:\Program Files\Windows Resource Kits
2008-05-12 13:03:22 0 d-------- C:\Program Files\Trend Micro
2008-05-12 06:30:42 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-12 06:13:48 0 d-------- C:\Program Files\VIA
2008-05-12 05:51:11 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-05-12 05:40:21 0 d-------- C:\symbols
2008-05-12 05:21:42 0 d-------- C:\symcache
2008-05-12 05:19:11 0 d-------- C:\Program Files\Debugging Tools for Windows (x86)
2008-05-01 19:03:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-25 06:31:50 4194304 --a------ C:\Documents and Settings\James Whinery\ntuser.dat
2008-04-22 16:00:00 66048 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


-- Find3M Report ---------------------------------------------------------------

2008-05-21 10:15:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 12:14:09 0 d-------- C:\Program Files\Messenger
2008-05-20 12:11:44 0 d-------- C:\Program Files\Movie Maker
2008-05-20 12:11:22 0 d-------- C:\Program Files\Windows NT
2008-05-20 05:31:09 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-20 05:16:12 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-16 20:57:44 0 d-------- C:\Program Files\DebugDiag
2008-05-16 12:44:19 0 d-------- C:\Documents and Settings\James Whinery\Application Data\Lavasoft
2008-05-13 20:24:51 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-13 16:44:58 61678 --a------ C:\Documents and Settings\James Whinery\Application Data\PFP110JPR.{PB
2008-05-13 16:44:58 12358 --a------ C:\Documents and Settings\James Whinery\Application Data\PFP110JCM.{PB


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
"KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []
"VTTimer "= "VTTimer.exe" [03/08/2005 03:33 AM C:\WINDOWS\system32\VTTimer.exe]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- End of Deckard's System Scanner: finished at 2008-05-21 12:40:06 ------------

Crash Dump generated by startiing SpybotS&D in safe w/networking

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini052108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Wed May 21 12:45:05.502 2008 (GMT-5)
System Uptime: 0 days 0:01:04.019
Loading Kernel Symbols
....................................................................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41284, 7fdbc001, 1b15, c0503000}

Probably caused by : memory_corruption ( nt!MiLocateWsle+c0 )

Followup: MachineOwner
---------

kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00041284, A PTE or the working set list is corrupt.
Arg2: 7fdbc001
Arg3: 00001b15
Arg4: c0503000

Debugging Details:
------------------


BUGCHECK_STR: 0x1a_41284

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 80524d93 to 8053331e

STACK_TEXT:
f71f5b58 80524d93 0000001a 00041284 7fdbc001 nt!KeBugCheckEx+0x1b
f71f5b90 804eb297 00001b15 7fdbc000 c03007fc nt!MiLocateWsle+0xc0
f71f5bc0 804eb58e c01ff6f0 7fdbc000 00000000 nt!MiDeletePte+0x1bb
f71f5c84 804eb684 000002f0 7fedffff 00000000 nt!MiDeleteVirtualAddresses+0x162
f71f5ca0 8056889d 7fd00000 7fedffff f71f5d64 nt!MiDeleteFreeVm+0x1d
f71f5d4c 804de7ec ffffffff 0012f504 0012f508 nt!NtFreeVirtualMemory+0x431
f71f5d4c 7c90eb94 ffffffff 0012f504 0012f508 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012f4f8 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiLocateWsle+c0
80524d93 006a00 add byte ptr [edx],ch

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MiLocateWsle+c0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c0

BUCKET_ID: 0x1a_41284_nt!MiLocateWsle+c0

Followup: MachineOwner
---------

eax=ffdff13c ebx=7fdbc001 ecx=00000000 edx=fffff001 esi=c0503000 edi=c050bffc
eip=8053331e esp=f71f5b40 ebp=f71f5b58 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KeBugCheckEx+0x1b:
8053331e 5d pop ebp
ChildEBP RetAddr Args to Child
f71f5b58 80524d93 0000001a 00041284 7fdbc001 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])
f71f5b90 804eb297 00001b15 7fdbc000 c03007fc nt!MiLocateWsle+0xc0 (FPO: [Non-Fpo])
f71f5bc0 804eb58e c01ff6f0 7fdbc000 00000000 nt!MiDeletePte+0x1bb (FPO: [Non-Fpo])
f71f5c84 804eb684 000002f0 7fedffff 00000000 nt!MiDeleteVirtualAddresses+0x162 (FPO: [Non-Fpo])
f71f5ca0 8056889d 7fd00000 7fedffff f71f5d64 nt!MiDeleteFreeVm+0x1d (FPO: [Non-Fpo])
f71f5d4c 804de7ec ffffffff 0012f504 0012f508 nt!NtFreeVirtualMemory+0x431 (FPO: [Non-Fpo])
f71f5d4c 7c90eb94 ffffffff 0012f504 0012f508 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ f71f5d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012f4f8 00000000 00000000 00000000 00000000 0x7c90eb94
start end module name
804d7000 806eb100 nt ntoskrnl.exe Tue Mar 01 18:59:37 2005 (42250FF9)
806ec000 806ffd80 hal halacpi.dll Wed Aug 04 00:59:04 2004 (41107B28)
bf800000 bf9c1180 win32k win32k.sys Wed Oct 05 19:05:44 2005 (43446A58)
bf9c2000 bf9d3580 dxg dxg.sys Wed Aug 04 01:00:51 2004 (41107B93)
bff50000 bff52480 framebuf framebuf.dll Wed Aug 04 02:56:31 2004 (411096AF)
f6abd000 f6b0f180 srv srv.sys Wed Aug 04 01:14:44 2004 (41107ED4)
f6b38000 f6b5b000 Fastfat Fastfat.SYS Wed Aug 04 01:14:15 2004 (41107EB7)
f6d0f000 f6d12280 ndisuio ndisuio.sys Wed Aug 04 01:03:10 2004 (41107C1E)
f7003000 f701a480 dump_atapi dump_atapi.sys Wed Aug 04 00:59:41 2004 (41107B4D)
f7043000 f70b0680 mrxsmb mrxsmb.sys Wed Oct 27 20:14:16 2004 (418047E8)
f70b1000 f70dba00 rdbss rdbss.sys Wed Oct 27 20:13:57 2004 (418047D5)
f70dc000 f70fdd00 afd afd.sys Wed Aug 04 01:14:13 2004 (41107EB5)
f70fe000 f7125c00 netbt netbt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
f7126000 f7146f00 ipnat ipnat.sys Wed Aug 04 01:04:48 2004 (41107C80)
f7147000 f719ea80 tcpip tcpip.sys Wed Aug 04 01:14:39 2004 (41107ECF)
f719f000 f71b1400 ipsec ipsec.sys Wed Aug 04 01:14:27 2004 (41107EC3)
f71d2000 f71e5780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 01:07:04 2004 (41107D08)
f72ae000 f72e1200 update update.sys Wed Aug 04 00:58:32 2004 (41107B08)
f72e2000 f72f2e00 psched psched.sys Wed Aug 04 01:04:16 2004 (41107C60)
f72fb000 f72fd900 Dxapi Dxapi.sys Fri Aug 17 15:53:19 2001 (3B7D843F)
f731b000 f7331680 ndiswan ndiswan.sys Wed Aug 04 01:14:30 2004 (41107EC6)
f7332000 f7354680 ks ks.sys Wed Aug 04 01:15:20 2004 (41107EF8)
f7355000 f7377e80 USBPORT USBPORT.SYS Wed Aug 04 01:08:34 2004 (41107D62)
f7398000 f73b2580 Mup Mup.sys Wed Aug 04 01:15:20 2004 (41107EF8)
f73b3000 f73dfa80 NDIS NDIS.sys Wed Aug 04 01:14:27 2004 (41107EC3)
f73e0000 f746c480 Ntfs Ntfs.sys Wed Aug 04 01:15:06 2004 (41107EEA)
f746d000 f7483780 KSecDD KSecDD.sys Wed Aug 04 00:59:45 2004 (41107B51)
f7484000 f7495f00 sr sr.sys Wed Aug 04 01:06:22 2004 (41107CDE)
f7496000 f74b5780 fltmgr fltmgr.sys Mon Aug 21 04:14:57 2006 (44E97991)
f74b6000 f74cd480 atapi atapi.sys Wed Aug 04 00:59:41 2004 (41107B4D)
f74ce000 f74ec880 ftdisk ftdisk.sys Fri Aug 17 15:52:41 2001 (3B7D8419)
f74ed000 f74fda80 pci pci.sys Wed Aug 04 01:07:45 2004 (41107D31)
f74fe000 f752bd80 ACPI ACPI.sys Wed Aug 04 01:07:35 2004 (41107D27)
f754d000 f7555c00 isapnp isapnp.sys Fri Aug 17 15:58:01 2001 (3B7D8559)
f755d000 f7567500 MountMgr MountMgr.sys Wed Aug 04 00:58:29 2004 (41107B05)
f756d000 f7579c80 VolSnap VolSnap.sys Wed Aug 04 01:00:14 2004 (41107B6E)
f757d000 f7585e00 disk disk.sys Wed Aug 04 00:59:53 2004 (41107B59)
f758d000 f7599200 CLASSPNP CLASSPNP.SYS Wed Aug 04 01:14:26 2004 (41107EC2)
f759d000 f75a7e80 uagp35 uagp35.sys Wed Aug 04 01:07:43 2004 (41107D2F)
f75cd000 f75d9180 cdrom cdrom.sys Wed Aug 04 00:59:52 2004 (41107B58)
f75dd000 f75eb080 redbook redbook.sys Wed Aug 04 00:59:34 2004 (41107B46)
f75ed000 f75f7380 imapi imapi.sys Wed Aug 04 01:00:12 2004 (41107B6C)
f75fd000 f7607a00 fetnd5bv fetnd5bv.sys Mon Feb 25 23:54:01 2008 (47C3A979)
f760d000 f7619e00 i8042prt i8042prt.sys Wed Aug 04 01:14:36 2004 (41107ECC)
f761d000 f7629880 rasl2tp rasl2tp.sys Wed Aug 04 01:14:21 2004 (41107EBD)
f762d000 f7637200 raspppoe raspppoe.sys Wed Aug 04 01:05:06 2004 (41107C92)
f763d000 f7648d00 raspptp raspptp.sys Wed Aug 04 01:14:26 2004 (41107EC2)
f764d000 f7655900 msgpc msgpc.sys Wed Aug 04 01:04:11 2004 (41107C5B)
f765d000 f7666f00 termdd termdd.sys Wed Aug 04 00:58:52 2004 (41107B1C)
f766d000 f767b100 usbhub usbhub.sys Wed Aug 04 01:08:40 2004 (41107D68)
f767d000 f7686480 NDProxy NDProxy.SYS Fri Aug 17 15:55:30 2001 (3B7D84C2)
f769d000 f76a5360 aswTdi aswTdi.SYS Thu May 15 18:14:09 2008 (482CC3C1)
f76ad000 f76b5700 netbios netbios.sys Wed Aug 04 01:03:19 2004 (41107C27)
f76cd000 f76dc900 Cdfs Cdfs.SYS Wed Aug 04 01:14:09 2004 (41107EB1)
f77cd000 f77d3200 PCIIDEX PCIIDEX.SYS Wed Aug 04 00:59:40 2004 (41107B4C)
f77d5000 f77d9900 PartMgr PartMgr.sys Fri Aug 17 20:32:23 2001 (3B7DC5A7)
f77f5000 f77fa000 usbuhci usbuhci.sys Wed Aug 04 01:08:34 2004 (41107D62)
f77fd000 f7803800 usbehci usbehci.sys Wed Aug 04 01:08:34 2004 (41107D62)
f781d000 f7823b00 fdc fdc.sys Wed Aug 04 00:59:25 2004 (41107B3D)
f7825000 f782aa00 mouclass mouclass.sys Wed Aug 04 00:58:32 2004 (41107B08)
f782d000 f7833000 kbdclass kbdclass.sys Wed Aug 04 00:58:32 2004 (41107B08)
f784d000 f7851880 TDI TDI.SYS Wed Aug 04 01:07:47 2004 (41107D33)
f785d000 f7861580 ptilink ptilink.sys Fri Aug 17 15:49:53 2001 (3B7D8371)
f786d000 f7871080 raspti raspti.sys Fri Aug 17 15:55:32 2001 (3B7D84C4)
f787d000 f7882000 flpydisk flpydisk.sys Wed Aug 04 00:59:24 2004 (41107B3C)
f7895000 f789a200 vga vga.sys Wed Aug 04 01:07:06 2004 (41107D0A)
f78a5000 f78a9a80 Msfs Msfs.SYS Wed Aug 04 01:00:37 2004 (41107B85)
f78b5000 f78bc880 Npfs Npfs.SYS Wed Aug 04 01:00:38 2004 (41107B86)
f78ed000 f78f1500 watchdog watchdog.sys Wed Aug 04 01:07:32 2004 (41107D24)
f795d000 f7960000 BOOTVID BOOTVID.dll Fri Aug 17 15:49:09 2001 (3B7D8345)
f79e1000 f79e3580 ndistapi ndistapi.sys Fri Aug 17 15:55:29 2001 (3B7D84C1)
f79f5000 f79f8c80 mssmbios mssmbios.sys Wed Aug 04 01:07:47 2004 (41107D33)
f7a2d000 f7a2f280 rasacd rasacd.sys Fri Aug 17 15:55:39 2001 (3B7D84CB)
f7a3d000 f7a3ff00 ws2ifsl ws2ifsl.sys Fri Aug 17 15:55:58 2001 (3B7D84DE)
f7a4d000 f7a4eb80 kdcom kdcom.dll Fri Aug 17 15:49:10 2001 (3B7D8346)
f7a4f000 f7a50100 WMILIB WMILIB.SYS Fri Aug 17 16:07:23 2001 (3B7D878B)
f7a51000 f7a52500 viaide viaide.sys Wed Aug 04 00:59:42 2004 (41107B4E)
f7a57000 f7a58100 swenum swenum.sys Wed Aug 04 00:58:41 2004 (41107B11)
f7a5b000 f7a5c280 USBD USBD.SYS Fri Aug 17 16:02:58 2001 (3B7D8682)
f7a61000 f7a62f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 15:49:37 2001 (3B7D8361)
f7a65000 f7a66080 Beep Beep.SYS Fri Aug 17 15:47:33 2001 (3B7D82E5)
f7a69000 f7a6a080 RDPCDD RDPCDD.sys Fri Aug 17 15:46:56 2001 (3B7D82C0)
f7a6f000 f7a70100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 16:07:23 2001 (3B7D878B)
f7bc4000 f7bc4b80 Null Null.SYS Fri Aug 17 15:47:39 2001 (3B7D82EB)
f7c86000 f7c86d00 dxgthk dxgthk.sys Fri Aug 17 15:53:12 2001 (3B7D8438)
Closing open log file c:\debuglog.txt

 

OK since it is involved with the network lets clear all that!

D/L Hostman http://www.abelhadigital.com/2007/12/hostsman-3155-released.html

Install and check all 4 host boxes. MVPS, hphost, Mike's and Peter's. Let it replace your current hosts file.

After above is complete do the below.

Then paste each line below 1 at a time to an open CMD prompt and hit enter, ignore any errors for now.
----------------------------------------------------------------------
netsh interface ip delete arpcache

ipconfig /flushdns

ipconfig /release *

ipconfig /renew *

ipconfig /registerdns

nbtstat -RR

netsh winsock show catalog > "%USERPROFILE% "\Desktop\lsp.txt

netsh winsock reset catalog

netsh winsock show catalog >> "%USERPROFILE% "\Desktop\lsp.txt
----------------------------------------------------------------------

Then reboot and paste the lsp.txt on your desktop back to here!

Retest for issue by running Spybot (no dump necessary) if it fails again. If Spybot don't fail then try the Monopoly.

Mike

 

Ok, "I'll be back "

Mitch

 

Mike,

All complete.

After reboot. Started Spybot - system crashed.

Tried same in plain Safe Mode - no crash

Here is the LSP.txt ??

The following command was not found: winsock show catalog.
The following command was not found: winsock show catalog.


Mitch

 

Ok I am getting low on Ammo but......

In services stop and disable all of the below just to get them out of the way. Can be put back anytime later but I would not as none of them are needed by most home users and very few business users. Basically stuff M$ thought you should have.

DNS Client
Fast User switching
Indexing service
Messenger
Net logon
Net.TCP Port Sharing
NetMeeting Remote Desktop Sharing
IPsec services
QoS RSVP
Remote Registry
Uninterruptable power supply
Universal Plug and play
Web Client
Windows media player Network Sharing

Then:

Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles

Have XP CD available in case DAF needs a file.

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here 1 at a time do the below

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking
Watch for any File not found or other errors and make note as this may lead to the fix!

Reboot retest!

Get back to us.

Mike

 

I was wondering....

Mitch

 

Mike,

Things seemed to go well. However, when running DAF when I repaired permissions a dos window came open showing writes to the registry and at the end of each command it said "denied ".

Otherwise things seem to be ok. Wndows was bothering me about installing updates so I let it. It hung on "clean up" on SP2 twice. Really don't know if I should uninstall SP2 and try again or just uninstall until we are done.

I know I should have asked first, but "gosh, how difficult could this be "

Mitch

 

So far so good. SP2 install complete. Will report back again.

Mitch

 

Good morning Mitch

Did you work all night?

Any way this permissions access denied is very likely our problem.

I assume you are testing for the issue under SP2 now.

If you still have issues then it will be related to permissions.

We may have to repair the permissions in "Safe Mode Command prompt ". But first just run the DAF repair permissions.

If it still gets access denied on "any" entry then do the steps below.

1. get the location of Dial-a-fix on the HD. Write this down.

2. boot to Safe Mode Command prompt

3. cd\

4. cd Program Files (or where ever DAF folder is)

5. cd Dial-a-fix

6. Once in Dial-a-fix folder
type
dial-a-fix
then do the repair permissions

Reboot

Retest for issue.

Mike

 

Mike, checked the system when I woke up (few minutes ago) and no crashes while I was asleep.

Will do the DAF and be back.

Mitch

 

If it don't fail with SpyBot or monopoly then we have the issue fixed.

But the permissions will need to be fixed befor going to SP3.

Mike

 

Permissions repaired successfully (no errors I could see anyway).

Restarted system.

Had to check......started Spybot and it crashed.

Two odd things I have noticed - which are probably unrelated -

about a minute after the system reboots I get a bubble telling me no firewall is turned on; but it is turned on.

you had me disable some services. The only one that won't stay disabled is DNS Client. I found this out last night. After a reboot ie6 would just sit and wait for a web page to load (several minutes). So I thought I had disabled something in error so I looked at your list and compared it to services. DNS Client was runniing and automatic so I stopped (it didn't want to), disabled it. This morning I noticed the same problem and when I checked, there it was running and automatic.

weird

Mitch

 

OK Mitch use DAF second page (Hammer) and do the following.

Reset WMI/WBEM

Reinstall Windows Firewall.

Mike

 

DAF instructions complete. Firewall problem persists.

I do have an event warning from last reboot:

Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 63
Date: 5/22/2008
Time: 12:45:33 PM
User: HOME\James
Computer: HOME
Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

It is unusual that The DNS Client is restarting when set to Disabled, and none of these programs will be missed and actually increase performance and free a small amount of RAM.

When you installed the Hostman did it not also want to turn off the DNS client? Run Hostman again let it update and allow it to turn off DNS Client. Then recheck it in Services to see if it is off again.

Ok after doing the last post clear the event logs, reboot and immediately recheck the logs and let me know about any errors (red) items.

We are almost ready to bite the bullet and install sp3.

When we attempt to install SP3 we will do a cleanup, set a new restore point and any other backup or Image you are using before we do it.

In preparation of this:

D/L EruNT http://www.derfisch.de/lars/erunt-setup.exe
Download install, let it add entry in startup and do backup all hives.

Look at properties of Local Area connection inform me of what is listed under "This connection uses the following ".

Mike

 

That warning is normal and will go away.

Run windowsupdate again for any new updates since SP2.

If that is the only thing we have then I have confidence we may get a good SP3 install.

Let me know.

Mike

 

Mike,

I'm getting all updates now. Will report back when that is done.

In Hostman DNS Client box was greyed out. Still disabled Will let you know if it re-enables.

No errors in the event logs.

I played Monopoly for a while today. No problems. System seems to be only crashing on Spybot....

Mitch
SP3 or Bust

 

Ok. Apparently the only update I need is SP3.

I'm ready when you are.

Mitch

Amost forgot.

Local Area Connection is using the following

Client for Microsoft Networks
File and Print Sharing for Microsoft Networks
QoS Packet Scheduler
Internet Protocol (TCP/IP)

 

Had to go out for errands!

heading out again for an hour.

Uncheck QoS Packet Scheduler

Reboot

do cleanups

run the sp3 you have not online if possible

Mike