IRQ conflict and random re-booting

Total speculation here but do a search on your computer for fdc.sys and include hidden and system files. Please post all locations found.

Again, pure speculation but worth a try if you don't mind going through the excercise.

 

I uninstalled Obscure.

Rockster, no i dont mind going through the exercises at all...anything to help....here are all the refs to it:

C:\WINDOWS\$NtServicePackUninstall$
C:\WINDOWS\ServicePackFiles\i386
C:\WINDOWS\system32\drivers
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356

 

Now I'm really going to step out of my element. That last location could be indicative of malware and I would suggest that you head over to the malware removal forum and follow the instructions to start a thread and post a log.

Again, I'll apologize ahead of time if this turns out to be a wild goose chase, but its probably better to be safe than sorry. Googling that e9500597a78495f397efb821e37bf356 will produce a hit at bleeping computer referencing a trojan and as an aside, I don't think you should be seeing fdc.sys in that location anyway.

 

Thanks very much, i'll do that now...its certainly worth a follow up. do you think its connected to my initial issue?

 

My initial response would be yes but that now puts both of my feet in my mouth. We would be best advised to see what comes of a thorough review of your logs by a trained malware analyst. Again, I'm walking in areas that are somewhat foreign to me.

 

I hope you are right...its cheaper than replacing hardware! I've posted in the malware section, so hopefully someone will come along and take a look.

Thanks for your help

 

Computer hasn't re-booted since un-install, but its not been long.

If there is some malware, is that whats causing obscure to crash? Is it ok for my PC to have IRQ sharing...is this perhaps not the issue and instead its something else?

 

Pete

I've been trying to review some 18,081 posts written by the master himself with the hope that some knowledge might rub off and sink in. No, actually, it is only a hunch. Pending the results of what happens over in the Malware forum, I'll answer that for you via PM.

 

velectro

I wouldn't be overly concerned about IRQ sharing in XP. I have run into very few issues with IRQ sharing since the days of Win9X. There was a issue pointed out earlier in your thread about an IRQ out of range which is usually the case of a driver trying to load "outside" of its memory range. Without getting too detailed, Win9X was very finicky about upper and lower memory addresses. This is quite uncommon with XP unless one has an incorrect driver loaded or trying to load.

 

Ah, i see...so that points to software issue...good...better than getting my credit card out!

 

Hold onto your shorts for a minute. You're not out of the woods yet. That most definately can be a hardware issue. Let's sit tight and take it one step at a time - this whole process quite often requires figuring out what a problem isn't caused by.

I'll keep my fingers crossed though - we might as well hope for the best.

 

Hi, I was doing a kaspersky online scan as request on my thread in the malware forum and it re-booted....so here is the minidump....


Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.10.0003.233 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini012809-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp3_gdr.080814-1236
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Jan 28 09:42:17.812 2009 (GMT+0)
System Uptime: 0 days 0:19:26.517
Loading Kernel Symbols
...............................................................
..............................................................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D4, {b40c6c48, ff, 1, 805469e9}

*** ERROR: Module load completed but symbols could not be loaded for klif.sys
Probably caused by : klif.sys ( klif+ee03 )

Followup: MachineOwner
---------

1: kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD (d4)
A driver unloaded without cancelling lookaside lists, DPCs, worker threads, etc.
The broken driver's name is displayed on the screen.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
An attempt was made to access the driver at raised IRQL after it unloaded.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: b40c6c48, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 805469e9, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: b40c6c48

CURRENT_IRQL: ff

FAULTING_IP:
nt!ExfInterlockedInsertTailList+19
805469e9 8910 mov dword ptr [eax],edx

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD4

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 804e235a to 805469e9

STACK_TEXT:
ba4fb900 804e235a 897a3cb8 ba4fb9ec ba4fb9e4 nt!ExfInterlockedInsertTailList+0x19
ba4fb918 804e3e9a 8a72e2a8 89b7c168 ba4fb950 nt!CcAllocateInitializeBcb+0x6e
ba4fb9a4 8056a36c 8a4f9f90 ba4fb9e4 00004000 nt!CcPinFileData+0x194
ba4fba18 8062bb8b 8a4f9f90 ba4fba40 00004000 nt!CcPinMappedData+0xf4
ba4fba68 8063b7de e1036b60 e3129d28 de7ed8e4 nt!CmpPinCmView+0x3d
ba4fba84 8064035e e1036b60 000fc658 e1036b60 nt!HvMarkCellDirty+0x6c
ba4fbaa4 8064045e e1036b60 006ac8e0 e10fbc38 nt!CmpMarkKeyDirty+0xa2
ba4fbabc 806345ee e1036b60 006ac8e0 00000001 nt!CmpFreeKeyByCell+0x14
ba4fbaec 80623d5a e5504d68 ba4fbb84 ba4fbc00 nt!CmDeleteKey+0x8c
ba4fbb4c b6891e03 80002230 b6891ddc 8055b640 nt!NtDeleteKey+0x138
WARNING: Stack unwind information not available. Following frames may be wrong.
ba4fbb78 8054162c 80002230 ba4fbc84 80500239 klif+0xee03
ba4fbb78 80500239 80002230 ba4fbc84 80500239 nt!KiFastCallEntry+0xfc
ba4fbbf4 8058d4e8 80002230 c0000365 00000000 nt!ZwDeleteKey+0x11
ba4fbc84 80580fcc 8000079c 00000000 00000000 nt!IopDriverLoadingFailed+0x282
ba4fbd54 80581487 8000079c 00000001 00000000 nt!IopLoadDriver+0x2c2
ba4fbd7c 8053877d 8000079c 00000000 8a7b88b8 nt!IopLoadUnloadDriver+0x45
ba4fbdac 805cff70 b5f93cdc 00000000 00000000 nt!ExpWorkerThread+0xef
ba4fbddc 805460ee 8053868e 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
klif+ee03
b6891e03 e9b3000000 jmp klif+0xeebb (b6891ebb)

SYMBOL_STACK_INDEX: a

SYMBOL_NAME: klif+ee03

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: klif

IMAGE_NAME: klif.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 49061772

FAILURE_BUCKET_ID: 0xD4_klif+ee03

BUCKET_ID: 0xD4_klif+ee03

Followup: MachineOwner
---------

eax=b40c6c48 ebx=8a72e2a8 ecx=80565d70 edx=897a3cb8 esi=80553380 edi=897a3cf0
eip=805469e9 esp=ba4fb8e8 ebp=ba4fb900 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210046
nt!ExfInterlockedInsertTailList+0x19:
805469e9 8910 mov dword ptr [eax],edx ds:0023:b40c6c48=????????
ChildEBP RetAddr Args to Child
ba4fb900 804e235a 897a3cb8 ba4fb9ec ba4fb9e4 nt!ExfInterlockedInsertTailList+0x19
ba4fb918 804e3e9a 8a72e2a8 89b7c168 ba4fb950 nt!CcAllocateInitializeBcb+0x6e (FPO: [4,0,0])
ba4fb9a4 8056a36c 8a4f9f90 ba4fb9e4 00004000 nt!CcPinFileData+0x194 (FPO: [Non-Fpo])
ba4fba18 8062bb8b 8a4f9f90 ba4fba40 00004000 nt!CcPinMappedData+0xf4 (FPO: [Non-Fpo])
ba4fba68 8063b7de e1036b60 e3129d28 de7ed8e4 nt!CmpPinCmView+0x3d (FPO: [Non-Fpo])
ba4fba84 8064035e e1036b60 000fc658 e1036b60 nt!HvMarkCellDirty+0x6c (FPO: [2,0,4])
ba4fbaa4 8064045e e1036b60 006ac8e0 e10fbc38 nt!CmpMarkKeyDirty+0xa2 (FPO: [2,1,4])
ba4fbabc 806345ee e1036b60 006ac8e0 00000001 nt!CmpFreeKeyByCell+0x14 (FPO: [3,0,0])
ba4fbaec 80623d5a e5504d68 ba4fbb84 ba4fbc00 nt!CmDeleteKey+0x8c (FPO: [1,4,4])
ba4fbb4c b6891e03 80002230 b6891ddc 8055b640 nt!NtDeleteKey+0x138 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
ba4fbb78 8054162c 80002230 ba4fbc84 80500239 klif+0xee03
ba4fbb78 80500239 80002230 ba4fbc84 80500239 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ ba4fbb84)
ba4fbbf4 8058d4e8 80002230 c0000365 00000000 nt!ZwDeleteKey+0x11 (FPO: [1,0,0])
ba4fbc84 80580fcc 8000079c 00000000 00000000 nt!IopDriverLoadingFailed+0x282 (FPO: [2,30,0])
ba4fbd54 80581487 8000079c 00000001 00000000 nt!IopLoadDriver+0x2c2 (FPO: [4,45,4])
ba4fbd7c 8053877d 8000079c 00000000 8a7b88b8 nt!IopLoadUnloadDriver+0x45 (FPO: [1,1,4])
ba4fbdac 805cff70 b5f93cdc 00000000 00000000 nt!ExpWorkerThread+0xef (FPO: [1,6,0])
ba4fbddc 805460ee 8053868e 00000001 00000000 nt!PspSystemThreadStartup+0x34 (FPO: [Non-Fpo])
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
start end module name
804d7000 806e4000 nt ntkrpamp.exe Thu Aug 14 10:33:13 2008 (48A3FBD9)
806e4000 80704d00 hal halmacpi.dll Sun Apr 13 19:31:27 2008 (4802517F)
b56d5000 b5715a80 HTTP HTTP.sys Sun Apr 13 19:53:48 2008 (480256BC)
b57ee000 b57f1e00 GTNDIS5 GTNDIS5.SYS Thu Sep 25 15:15:31 2003 (3F72F883)
b5bee000 b5c3f880 srv srv.sys Thu Dec 11 10:57:07 2008 (4940F203)
b5d56000 b5d6a480 wdmaud wdmaud.sys Sun Apr 13 20:17:18 2008 (48025C3E)
b5e5b000 b5e87180 mrxdav mrxdav.sys Sun Apr 13 19:32:42 2008 (480251CA)
b60b4000 b60b7900 ndisuio ndisuio.sys Sun Apr 13 19:55:57 2008 (4802573D)
b6620000 b662ed80 sysaudio sysaudio.sys Sun Apr 13 20:15:55 2008 (48025BEB)
b6670000 b6687900 dump_atapi dump_atapi.sys Sun Apr 13 19:40:29 2008 (4802539D)
b66b0000 b671f280 mrxsmb mrxsmb.sys Fri Oct 24 12:21:07 2008 (4901AFA3)
b6720000 b6733680 prodrv06 prodrv06.sys Thu May 13 12:19:35 2004 (40A359C7)
b6734000 b675ee80 rdbss rdbss.sys Sun Apr 13 20:28:38 2008 (48025EE6)
b675f000 b6780d00 afd afd.sys Thu Aug 14 11:04:35 2008 (48A40333)
b6781000 b67a6500 ipnat ipnat.sys Sun Apr 13 19:57:10 2008 (48025786)
b67a7000 b67cec00 netbt netbt.sys Sun Apr 13 20:20:59 2008 (48025D1B)
b67df000 b67e1900 Dxapi Dxapi.sys Fri Aug 17 21:53:19 2001 (3B7D843F)
b67f7000 b684f480 tcpip tcpip.sys Fri Jun 20 12:51:09 2008 (485B99AD)
b6850000 b6862600 ipsec ipsec.sys Sun Apr 13 20:19:42 2008 (48025CCE)
b6883000 b68bf000 klif klif.sys Mon Oct 27 19:33:06 2008 (49061772)
b6954000 b6977a80 portcls portcls.sys Sun Apr 13 20:19:40 2008 (48025CCC)
b6978000 b6e49000 RtkHDAud RtkHDAud.sys Mon Oct 13 11:26:04 2008 (48F3223C)
b7e59000 b7e64c00 fssfltr_tdi fssfltr_tdi.sys Tue Dec 09 00:59:19 2008 (493DC2E7)
b7ec9000 b7ed8900 Cdfs Cdfs.SYS Sun Apr 13 20:14:21 2008 (48025B8D)
b8ffd000 b8fff280 rasacd rasacd.sys Fri Aug 17 21:55:39 2001 (3B7D84CB)
b9011000 b906ef00 update update.sys Sun Apr 13 19:39:46 2008 (48025372)
b906f000 b907fe00 psched psched.sys Sun Apr 13 19:56:36 2008 (48025764)
b9080000 b9096580 ndiswan ndiswan.sys Sun Apr 13 20:20:41 2008 (48025D09)
b9097000 b90aaf00 VIDEOPRT VIDEOPRT.SYS Sun Apr 13 19:44:39 2008 (48025497)
b90ab000 b9684360 nv4_mini nv4_mini.sys Wed Sep 17 18:44:45 2008 (48D1420D)
b9685000 b975fb00 NVNRM NVNRM.SYS Tue Nov 28 00:33:25 2006 (456B83D5)
b9760000 b9782700 ks ks.sys Sun Apr 13 20:16:34 2008 (48025C12)
b9783000 b97ab000 HDAudBus HDAudBus.sys Thu May 26 16:46:29 2005 (4295EF55)
b97ab000 b9801f00 RT61 RT61.sys Thu Oct 27 08:06:27 2005 (43607C73)
b9802000 b9825200 USBPORT USBPORT.SYS Sun Apr 13 19:45:34 2008 (480254CE)
b9826000 b9839900 parport parport.sys Sun Apr 13 19:40:09 2008 (48025389)
b9846000 b9849c80 mssmbios mssmbios.sys Sun Apr 13 19:36:45 2008 (480252BD)
b984a000 b984c780 ndistapi ndistapi.sys Sun Apr 13 19:57:27 2008 (48025797)
b985a000 b985d1c0 cdrbsdrv cdrbsdrv.SYS Mon Mar 08 03:55:49 2004 (404BEEC5)
b9882000 b9da1000 kl1 kl1.sys Mon Jul 21 15:33:37 2008 (48849E41)
b9da1000 b9dbab80 Mup Mup.sys Sun Apr 13 20:17:05 2008 (48025C31)
b9dbb000 b9dd64c0 prohlp02 prohlp02.sys Thu May 13 14:00:03 2004 (40A37153)
b9dd7000 b9e03980 NDIS NDIS.sys Sun Apr 13 20:20:35 2008 (48025D03)
b9e04000 b9e90600 Ntfs Ntfs.sys Sun Apr 13 20:15:49 2008 (48025BE5)
b9e91000 b9ea7880 KSecDD KSecDD.sys Sun Apr 13 19:31:40 2008 (4802518C)
b9ea8000 b9eb9f00 sr sr.sys Sun Apr 13 19:36:50 2008 (480252C2)
b9eba000 b9ed9b00 fltmgr fltmgr.sys Sun Apr 13 19:32:58 2008 (480251DA)
b9eda000 b9ef1880 SCSIPORT SCSIPORT.SYS Sun Apr 13 19:40:29 2008 (4802539D)
b9ef2000 b9f17000 nvgts nvgts.sys Tue Aug 19 02:53:21 2008 (48AA2791)
b9f17000 b9f30c00 nvata nvata.sys Thu Oct 19 01:31:35 2006 (4536C767)
b9f31000 b9f48900 atapi atapi.sys Sun Apr 13 19:40:29 2008 (4802539D)
b9f49000 b9f67880 ftdisk ftdisk.sys Fri Aug 17 21:52:41 2001 (3B7D8419)
b9f68000 b9f78a80 pci pci.sys Sun Apr 13 19:36:43 2008 (480252BB)
b9f79000 b9fa6d80 ACPI ACPI.sys Sun Apr 13 19:36:33 2008 (480252B1)
ba0a8000 ba0b1180 isapnp isapnp.sys Sun Apr 13 19:36:40 2008 (480252B8)
ba0b8000 ba0c2580 MountMgr MountMgr.sys Sun Apr 13 19:39:45 2008 (48025371)
ba0c8000 ba0d4c80 VolSnap VolSnap.sys Sun Apr 13 19:41:00 2008 (480253BC)
ba0d8000 ba0e0e00 disk disk.sys Sun Apr 13 19:40:46 2008 (480253AE)
ba0e8000 ba0f4180 CLASSPNP CLASSPNP.SYS Sun Apr 13 20:16:21 2008 (48025C05)
ba0f8000 ba103000 klbg klbg.sys Tue Jan 29 14:29:18 2008 (479F383E)
ba128000 ba132e00 Fips Fips.SYS Sun Apr 13 19:33:27 2008 (480251F7)
ba168000 ba171000 HIDCLASS HIDCLASS.SYS Sun Apr 13 19:45:25 2008 (480254C5)
ba178000 ba186000 AmdK8 AmdK8.sys Mon Jun 19 07:37:31 2006 (4496462B)
ba188000 ba197c00 serial serial.sys Sun Apr 13 20:15:44 2008 (48025BE0)
ba198000 ba1a1000 klfltdev klfltdev.sys Thu Mar 13 15:02:27 2008 (47D94203)
ba1b8000 ba1c2480 imapi imapi.sys Sun Apr 13 19:40:57 2008 (480253B9)
ba1c8000 ba1d7600 cdrom cdrom.sys Sun Apr 13 19:40:45 2008 (480253AD)
ba1d8000 ba1e6100 redbook redbook.sys Sun Apr 13 19:40:27 2008 (4802539B)
ba1e8000 ba1f2000 nvnetbus nvnetbus.sys Tue Nov 28 00:33:52 2006 (456B83F0)
ba1f8000 ba204880 rasl2tp rasl2tp.sys Sun Apr 13 20:19:43 2008 (48025CCF)
ba208000 ba212200 raspppoe raspppoe.sys Sun Apr 13 19:57:31 2008 (4802579B)
ba218000 ba223d00 raspptp raspptp.sys Sun Apr 13 20:19:47 2008 (48025CD3)
ba228000 ba230900 msgpc msgpc.sys Sun Apr 13 19:56:32 2008 (48025760)
ba238000 ba241f00 termdd termdd.sys Sun Apr 13 19:38:36 2008 (4802532C)
ba288000 ba291e80 NDProxy NDProxy.SYS Sun Apr 13 19:57:28 2008 (48025798)
ba2a8000 ba2b6880 usbhub usbhub.sys Sun Apr 13 19:45:36 2008 (480254D0)
ba2b8000 ba2c6b00 drmk drmk.sys Sun Apr 13 19:45:12 2008 (480254B8)
ba2f8000 ba300700 wanarp wanarp.sys Sun Apr 13 19:57:20 2008 (48025790)
ba308000 ba310780 netbios netbios.sys Sun Apr 13 19:56:01 2008 (48025741)
ba328000 ba32e180 PCIIDEX PCIIDEX.SYS Sun Apr 13 19:40:29 2008 (4802539D)
ba330000 ba334d00 PartMgr PartMgr.sys Sun Apr 13 19:40:48 2008 (480253B0)
ba338000 ba33ca80 TDI TDI.SYS Sun Apr 13 20:00:04 2008 (48025834)
ba370000 ba376180 HIDPARSE HIDPARSE.SYS Sun Apr 13 19:45:22 2008 (480254C2)
ba378000 ba37d200 vga vga.sys Sun Apr 13 19:44:40 2008 (48025498)
ba380000 ba384a80 Msfs Msfs.SYS Sun Apr 13 19:32:38 2008 (480251C6)
ba388000 ba38f880 Npfs Npfs.SYS Sun Apr 13 19:32:38 2008 (480251C6)
ba390000 ba396000 StarOpen StarOpen.SYS Tue Jun 27 20:15:56 2006 (44A183EC)
ba398000 ba39fd80 usbccgp usbccgp.sys Sun Apr 13 19:45:38 2008 (480254D2)
ba3a0000 ba3a5900 dadder dadder.sys Thu Aug 02 10:32:24 2007 (46B1A4A8)
ba3d0000 ba3d4920 AegisP AegisP.sys Tue May 17 21:22:56 2005 (428A52A0)
ba418000 ba41c0a0 MRENDIS5 MRENDIS5.SYS Mon Nov 22 23:36:39 2004 (41A27807)
ba428000 ba42c500 watchdog watchdog.sys Sun Apr 13 19:44:59 2008 (480254AB)
ba440000 ba441000 fdc fdc.sys unavailable (00000000)
ba448000 ba44c300 usbohci usbohci.sys Sun Apr 13 19:45:34 2008 (480254CE)
ba450000 ba457600 usbehci usbehci.sys Sun Apr 13 19:45:34 2008 (480254CE)
ba460000 ba468000 klim5 klim5.sys Wed Apr 30 15:06:33 2008 (48187CE9)
ba468000 ba46c580 ptilink ptilink.sys Fri Aug 17 21:49:53 2001 (3B7D8371)
ba470000 ba474080 raspti raspti.sys Fri Aug 17 21:55:32 2001 (3B7D84C4)
ba478000 ba47e000 kbdclass kbdclass.sys Sun Apr 13 19:39:46 2008 (48025372)
ba480000 ba485a00 mouclass mouclass.sys Sun Apr 13 19:39:47 2008 (48025373)
ba488000 ba48d000 flpydisk flpydisk.sys Sun Apr 13 19:40:24 2008 (48025398)
ba4b8000 ba4bb000 BOOTVID BOOTVID.dll Fri Aug 17 21:49:09 2001 (3B7D8345)
ba578000 ba57a880 hidusb hidusb.sys Sun Apr 13 19:45:27 2008 (480254C7)
ba57c000 ba57ef80 mouhid mouhid.sys Fri Aug 17 21:47:57 2001 (3B7D82FD)
ba584000 ba587900 kbdhid kbdhid.sys Sun Apr 13 19:39:47 2008 (48025373)
ba5a4000 ba5a7d80 serenum serenum.sys Sun Apr 13 19:40:12 2008 (4802538C)
ba5a8000 ba5a9b80 kdcom kdcom.dll Fri Aug 17 21:49:10 2001 (3B7D8346)
ba5aa000 ba5ab100 WMILIB WMILIB.SYS Fri Aug 17 22:07:23 2001 (3B7D878B)
ba5ac000 ba5ad2e0 sfhlp01 sfhlp01.sys Mon Dec 01 15:20:51 2003 (3FCB5C53)
ba5ae000 ba5afb20 prosync1 prosync1.sys Sat Sep 06 13:22:06 2003 (3F59D16E)
ba5b6000 ba5b7a80 ParVdm ParVdm.SYS Fri Aug 17 21:49:49 2001 (3B7D836D)
ba5d0000 ba5d1100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 22:07:23 2001 (3B7D878B)
ba5e6000 ba5e7100 swenum swenum.sys Sun Apr 13 19:39:52 2008 (48025378)
ba5f4000 ba5f5280 USBD USBD.SYS Fri Aug 17 22:02:58 2001 (3B7D8682)
ba60c000 ba60df00 Fs_Rec Fs_Rec.SYS Fri Aug 17 21:49:37 2001 (3B7D8361)
ba60e000 ba60f080 Beep Beep.SYS Fri Aug 17 21:47:33 2001 (3B7D82E5)
ba610000 ba611080 mnmdd mnmdd.SYS Fri Aug 17 21:57:28 2001 (3B7D8538)
ba612000 ba613080 RDPCDD RDPCDD.sys Fri Aug 17 21:46:56 2001 (3B7D82C0)
ba670000 ba670d00 pciide pciide.sys Fri Aug 17 21:51:49 2001 (3B7D83E5)
ba72b000 ba72bd00 dxgthk dxgthk.sys Fri Aug 17 21:53:12 2001 (3B7D8438)
ba730000 ba730c00 audstub audstub.sys Fri Aug 17 21:59:40 2001 (3B7D85BC)
ba7e8000 ba7e8b80 Null Null.SYS Fri Aug 17 21:47:39 2001 (3B7D82EB)
bf000000 bf011600 dxg dxg.sys Sun Apr 13 19:38:27 2008 (48025323)
bf012000 bf5d8e00 nv4_disp nv4_disp.dll Wed Sep 17 18:38:33 2008 (48D14099)
bf800000 bf9c2c80 win32k win32k.sys Mon Sep 15 13:12:42 2008 (48CE513A)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Mon Apr 14 01:09:55 2008 (4802A0D3)

Unloaded modules:
b4095000 b40d1000 klif.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b4763000 b478e000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b53da000 b5405000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ba6f1000 ba6f2000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b5d08000 b5d33000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ba248000 ba255000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b7e69000 b7e77000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b5d33000 b5d56000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ba5c4000 ba5c6000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ba318000 ba321000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b9001000 b9005000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ba368000 ba36d000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
b9005000 b9008000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

Ok I will do, thanks very much.

 

I'm in total agreement with Arie and am tending to discount the odd location of that floppy disk controller file set but will await further review from Geri. In the meantime, you can do some other reading but let's sit tight and see what comes from your thread in malware removal. Rest assured they will help you get squared away and we need to eliminate malware as a potential contributor to this problem.

You have some of the best brains in this community following your thread over there. I know its frustrating but please be patient.

 

Thanks so much for all your help - you have all been superb, i am so appreciative. That web site makes for interesting reading

 

Hi velectro,

I would like for you to try finding things that will cause a bsod (other than the online scan) and create a list. Note the date/time and the app that caused it, if a dump is created for the bsod. Try running things that would be audio intensive, then video intensive, etc.
Once you have oh, say a half dozen or more dumps from various causes, please zip them along with your list and send them to me for analysis.

I personally do not suspect it is Kaspersky, though it's easy enough to rule it out by uninstalling it and trying to run the same things that you find cause a bsod. Make sure you write down or otherwise save the license key before uninstalling.

 

Hi Noahdfear, thanks for posting. I have a few new minidumps from yesterday but i'll follow your instructions about video/audio intensive stuff and collect some more before sending them to you.

I'll also uninstall kaspersky and use something else, just to rule it out.

 

I wouldn't go as far as using something else