BSOD - System Service Exception, IRQL etc

mattpayne11

New Member
I have been running Vista 64 Ultimate for 3 years without a single problem (I know - amazing right), and tonight I was greeted with the BSOD over and over again. I've tried system restore to two different points to no avail. The only things I've done in the past week are update via the Windows update, install Adobe Lightroom, and share my printer on my home network. I'm at a loss. I build my own computers so it is not often I find myself stuck.

I ran the memory test - no findings.

I've attached my dmp files - hopefully that will shed some light?

Thanks for any help!
 

Attachments

  • Minidump.zip
    38.6 KB · Views: 12

My Computer

Last edited:

My Computer

System One

  • Manufacturer/Model
    HP-Pavilion m9280.uk-a
    CPU
    2.30 gigahertz AMD Phenom 9600 Quad-Core
    Motherboard
    ASUSTek Computer INC. NARRA3 3.02
    Memory
    3582 Megabytes Usable Installed Memory (4 Gig)
    Graphics Card(s)
    ASUS NVIDIA Geforce GTS450
    Sound Card
    Realtek High Definition 7.1 Audio (HP drivers)
    Monitor(s) Displays
    HP w2408 24.0" (Dual monitor)
    Screen Resolution
    1920 * 1200, 1920 * 1200
    Hard Drives
    3*500 Gigabytes Usable Hard Drive Capacity
    Plus 2x USB (160Gig each) external HDD
    BluRay & DVD Weiters
    HL-DT-ST BD-RE GGW-H20L SCSI CdRom (Bluray RW) Device
    AlViDrv BDDVDROM SCSI CdRom (Blueray) Device
    TSSTcorp CDDVDW TS-H653N SCSI CdRom
    Internet Speed
    40 Meg

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Start by removing Daemon Tools, as it is using SPTD. Then remove SPTD with this tool: http://www.duplexsecure.com/download/SPTDinst-v174-x64.exe
Code:
sptd.sys         Sun Oct 11 16:55:14 2009 (4AD24632)
awj95yx5.SYS     Tue Jul 14 17:12:55 2009 (4A5CF4D7)
ag8u7i3z.SYS     Tue Jul 14 17:12:55 2009 (4A5CF4D7)
One dump blamed SPTD; not a very common occurrence!

That should solve your problem. If not, please post back with the full BSOD report, as directed here: http://www.vistax64.com/crashes-debugging/282419-blue-screen-death-bsod-posting-instructions.html

...Summary of the dumps:
Code:
[FONT=lucida console]
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Debug session time: Sat Dec  4 19:52:48.481 2010 (UTC - 5:00)
System Uptime: 0 days 0:01:59.184
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
Probably caused by : ataport.SYS ( ataport!IdeCompleteScsiIrp+60 )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xA
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  X64_0xA_ataport!IdeCompleteScsiIrp+60
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Debug session time: Sat Dec  4 19:30:49.893 2010 (UTC - 5:00)
System Uptime: 0 days 0:02:04.612
Probably caused by : ntkrnlmp.exe ( nt!ObpCloseHandleTableEntry+ce )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x3B
PROCESS_NAME:  LMIGuardianSvc.
FAILURE_BUCKET_ID:  X64_0x3B_nt!ObpCloseHandleTableEntry+ce
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
  
[/FONT]
 

My Computer

System One

  • Manufacturer/Model
    Jonathan King
    CPU
    AMD Athlon Dual Core Processor 4850e overclocked @ 2.92 GHz
    Motherboard
    ASRock A780 FullDisplayPort
    Memory
    6.0GB Dual-Channel DDR2 290MHz Crucial Technology
    Graphics Card(s)
    ATI 3200 (onboard), nVidia 7200 GS (PCIe)
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    17" Cybervison ds69T, 17" Starlogic
    Screen Resolution
    1024x768
    Hard Drives
    WD 320GB SATA, Hitachi 1TB SATA
    PSU
    Antec ea-430d 430W
    Case
    Antec 300
    Cooling
    stock cpu, 120mm rear, 140mm top
    Keyboard
    Microsoft Wired Desktop 500 (PS/2)
    Mouse
    Microsoft Wired Desktop 500 (USB)
    Internet Speed
    9.32 Mb/s download; 0.36 Mb/s upload
    Other Info
    Other OS's:
    Windows 7 Professional x64, Windows Professional x86, Ubuntu x64
Code:
awj95yx5.SYS     Tue Jul 14 17:12:55 2009 (4A5CF4D7)
ag8u7i3z.SYS     Tue Jul 14 17:12:55 2009 (4A5CF4D7)

Surely they have got to be malware. The only randomly generated drivers which are not malicious which I know about are the AVZ monitoring drivers, and you won't have those on your system!
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS 420
    CPU
    Intel Core 2 Quad Q9300 2.50GHz
    Motherboard
    Stock Dell 0TP406
    Memory
    4 gb (DDR2 800) 400MHz
    Graphics Card(s)
    ATI Radeon HD 3870 (512 MBytes)
    Sound Card
    Onboard
    Monitor(s) Displays
    1 x Dell 2007FP and 1 x (old) Sonic flat screen
    Screen Resolution
    1600 x 1200 and 1280 x 1204
    Hard Drives
    1 x 640Gb (SATA 300)
    Western Digital: WDC WD6400AAKS-75A7B0

    1 x 1Tb (SATA 600)
    Western Digital: Caviar Black, SATA 6GB/S, 64Mb cache, 8ms
    Western Digital: WDC WD1002FAEX-00Z3A0 ATA Device
    PSU
    Stock PSU - 375W
    Case
    Dell XPS 420
    Cooling
    Stock Fan
    Keyboard
    Dell Bluetooth
    Mouse
    Advent Optical ADE-WG01 (colour change light up)
    Internet Speed
    120 kb/s
    Other Info
    ASUS USB 3.0 5Gbps/SATA 6Gbps - PCI-Express Combo Controller Card (U3S6)
Well I used Malwarebytes and cleaned off a billion viruses etc... but now the problem is even worse. I even get BSOD's in safe mode. Not good. I don't know how to uninstall daemon tools in safemode, but the tool you posted said that no versions of that driver are on my computer.

Additionally - I've added more of my crash logs for your perusal...
 

Attachments

  • Minidump.zip
    154.1 KB · Views: 7

My Computer

Go to search type
cmd
in cmd type driverquery
Do you see sptd
If so use the uninstall tool to remove it
If you cannot, rename it sptd.bup.

C-->Windows-->System 32-->drivers.
location of drivers

If the above does not work, others will read the dump reports. I will not be able for a few more days.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Its gone then. You must have unistalled, bucause it was there at the time of Jons analysis. I would read your BSOD reports if I were home, but just wait until someone else analyzes it.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
I don't really know what I am doing, but I have just run all of your dump files. Every single "Probably caused by" line blames the Windows Kernal, which means nothing. Looking at your very latest dump file, sptd.sys is shown as an unloaded module.

Actually, Fs_Rec.sys and TSDDD.dll do get blamed, but I don't think we can really make much of that either.

Wait for http://www.vistax64.com/member.php?u=145515 I have just failed!

Richard

P.S. Could you upload the MBAM logs? Thanks!

Here is the report from the last one, also showing loaded modules:


Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Richard\Desktop\Dumps\Mini120510-07.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Machine Name:
Kernel base = 0xfffff800`0225b000 PsLoadedModuleList = 0xfffff800`0241fdd0
Debug session time: Sun Dec  5 16:42:54.488 2010 (UTC + 0:00)
System Uptime: 0 days 0:01:31.988
Loading Kernel Symbols
...............................................................
......................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {10, c, 0, fffff800022cb194}

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+20b )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000010, memory referenced
Arg2: 000000000000000c, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800022cb194, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002482080
 0000000000000010 

CURRENT_IRQL:  c

FAULTING_IP: 
nt!IopCompleteRequest+b74
fffff800`022cb194 4c8b4910        mov     r9,qword ptr [rcx+10h]

CUSTOMER_CRASH_COUNT:  7

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  TSVNCache.exe

IRP_ADDRESS:  ffffffffffffff88

TRAP_FRAME:  fffffa6001b60450 -- (.trap 0xfffffa6001b60450)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa6001e3a3e8 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800022cb194 rsp=fffffa6001b605e0 rbp=fffffa8005829638
 r8=fffffa800538c3b0  r9=fffffa6001b606d0 r10=fffffa80039adf30
r11=fffffa8005287a90 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!IopCompleteRequest+0xb74:
fffff800`022cb194 4c8b4910        mov     r9,qword ptr [rcx+10h] ds:00000000`00000010=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800022b526e to fffff800022b54d0

STACK_TEXT:  
fffffa60`01b60308 fffff800`022b526e : 00000000`0000000a 00000000`00000010 00000000`0000000c 00000000`00000000 : nt!KeBugCheckEx
fffffa60`01b60310 fffff800`022b414b : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`058295c0 : nt!KiBugCheckDispatch+0x6e
fffffa60`01b60450 fffff800`022cb194 : 00000200`002b0000 00000000`00000000 fffffa80`0591fa00 fffff800`022b7c7f : nt!KiPageFault+0x20b
fffffa60`01b605e0 fffff800`022d6bbe : 00000000`00000000 fffffa80`0591fa00 00000000`00000000 00000000`00000000 : nt!IopCompleteRequest+0xb74
fffffa60`01b606a0 fffff800`022b79af : fffffa80`04f1c3e0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x19e
fffffa60`01b60740 fffff800`022ac3db : 00000000`00000000 fffffa80`0591fa00 fffffa80`00000000 fffffa80`0584c040 : nt!KiSwapThread+0x3ef
fffffa60`01b607b0 fffff800`022e13bb : 000007ff`00000000 fffffa80`0000001b bbb00001`02d0d800 00000000`00000000 : nt!KeWaitForSingleObject+0x2cb
fffffa60`01b60840 fffff800`022bca75 : ffffffff`ffb3b4c0 fffffa80`04f1e440 00000000`00000001 00000000`00000000 : nt!ExpWaitForResource+0x43
fffffa60`01b608a0 fffffa60`012254c4 : 00000000`00000000 fffff880`009a1aa0 00000000`00000000 00000000`00000000 : nt!ExAcquireResourceExclusiveLite+0xa5
fffffa60`01b608f0 fffffa60`012cff37 : fffff880`009a1aa0 fffffa80`05924810 fffff880`009a1bd0 00000000`12ea362a : Ntfs!NtfsAcquireExclusiveFcb+0x64
fffffa60`01b60940 fffffa60`01225e29 : 00000000`00000000 00000000`00000000 fffffa60`01e3a2d0 fffffa80`0591fa00 : Ntfs!NtfsCommonCleanup+0x277
fffffa60`01b60d30 fffff800`022af587 : fffffa60`01e3a2d0 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsCommonCleanupCallout+0x19
fffffa60`01b60d60 fffff800`022af53e : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`022c6eca : nt!KxSwitchKernelStackCallout+0x27
fffffa60`01e3a200 fffff800`022c6eca : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
fffffa60`01e3a220 fffffa60`01223f82 : fffffa60`01e3a370 fffffa60`01e3a370 fffffa80`05924810 fffffa80`05924810 : nt!KeExpandKernelStackAndCalloutEx+0x19a
fffffa60`01e3a2a0 fffffa60`012d9f78 : fffffa60`01e3a370 fffffa80`05924810 fffffa60`01e3a370 fffffa60`01e3a520 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffffa60`01e3a310 fffffa60`00768e91 : fffffa60`01e3a370 fffffa80`05924810 fffffa80`05924bb0 00000000`00000000 : Ntfs!NtfsFsdCleanup+0x138
fffffa60`01e3a570 fffffa60`007670dd : fffffa80`0564b6f0 00000000`00000000 fffffa80`048d3d00 00000000`00000000 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x211
fffffa60`01e3a5e0 fffff800`025229e4 : fffffa80`05625d20 00000000`00000004 fffffa80`0591fa01 fffff880`0bff6850 : fltmgr!FltpDispatch+0xcd
fffffa60`01e3a640 fffff800`02518050 : 00000000`00000000 fffffa80`05625d20 fffff880`0bfc6020 fffffa60`00000519 : nt!IopCloseFile+0x184
fffffa60`01e3a6d0 fffff800`0251fbe7 : fffff880`0bfc6020 fffffa80`00000001 fffffa80`058f3c10 00000000`00000000 : nt!ObpDecrementHandleCount+0xc0
fffffa60`01e3a760 fffff800`02503208 : fffff880`0bf618a0 00000000`00000000 fffffa80`0591fa00 00000000`00000008 : nt!ObpCloseHandleTableEntry+0xb7
fffffa60`01e3a800 fffff800`02503187 : 00000000`00000004 fffff800`024e6736 fffffa80`058f3c10 00000000`00000001 : nt!ObpCloseHandleProcedure+0x30
fffffa60`01e3a840 fffff800`02503d11 : fffff880`0bfc5a01 fffff800`025023e0 fffffa80`058f3c10 fffff880`0bf618a0 : nt!ExSweepHandleTable+0x73
fffffa60`01e3a870 fffff800`0250e645 : fffff880`0bfc5ab0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObKillProcess+0x61
fffffa60`01e3a8b0 fffff800`025023fd : fffffa60`00000000 fffff800`0251c301 000007ff`fffd8000 fffffa80`78457350 : nt!PspExitThread+0x46d
fffffa60`01e3a9a0 fffff800`022d6e61 : fffffa60`01e3aa01 fffffa80`0590fb10 00000000`00000000 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffffa60`01e3a9d0 fffff800`022da785 : fffffa60`01e3aca0 fffffa60`01e3aa70 fffff800`02502410 00000000`00000001 : nt!KiDeliverApc+0x441
fffffa60`01e3aa70 fffff800`022b501d : 00000000`00000000 fffffa80`0591e2a0 00000000`00000000 00000000`00000000 : nt!KiInitiateUserApc+0x75
fffffa60`01e3abb0 00000000`7785704a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0xa2
00000000`0291f5e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7785704a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiPageFault+20b
fffff800`022b414b 488b0506e31c00  mov     rax,qword ptr [nt!KiInterlockedPopEntrySListResumeEntryPoint (fffff800`02482458)]

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiPageFault+20b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c0e5ae3

FAILURE_BUCKET_ID:  X64_0xA_nt!KiPageFault+20b

BUCKET_ID:  X64_0xA_nt!KiPageFault+20b

Followup: MachineOwner
---------

1: kd> lmtsmn
start             end                 module name
fffffa60`00b68000 fffffa60`00bbe000   acpi     acpi.sys     Sat Apr 11 06:03:26 2009 (49E0249E)
fffffa60`00a00000 fffffa60`00a08000   atapi    atapi.sys    Sat Apr 11 06:34:19 2009 (49E02BDB)
fffffa60`0099b000 fffffa60`009bf000   ataport  ataport.SYS  Sat Apr 11 06:34:25 2009 (49E02BE1)
fffff960`00a60000 fffff960`00ac1000   ATMFD    ATMFD.DLL    Wed May 26 16:10:41 2010 (4BFD39F1)
fffffa60`00dc6000 fffffa60`00de2000   cdrom    cdrom.sys    Sat Apr 11 06:34:39 2009 (49E02BEF)
fffffa60`006b4000 fffffa60`00766000   CI       CI.dll       Sat Apr 11 08:08:09 2009 (49E041D9)
fffffa60`00fc8000 fffffa60`00ff4000   CLASSPNP CLASSPNP.SYS Sat Apr 11 06:34:15 2009 (49E02BD7)
fffffa60`00657000 fffffa60`006b4000   CLFS     CLFS.SYS     Sat Apr 11 05:54:21 2009 (49E0227D)
fffffa60`02e77000 fffffa60`02e85000   crashdmp crashdmp.sys Sat Apr 11 06:34:31 2009 (49E02BE7)
fffffa60`01200000 fffffa60`0120a000   crcdisk  crcdisk.sys  Thu Nov 02 09:39:40 2006 (4549BCDC)
fffffa60`013ec000 fffffa60`01400000   disk     disk.sys     Sat Apr 11 06:34:38 2009 (49E02BEE)
fffffa60`02e91000 fffffa60`02e99000   dump_atapi dump_atapi.sys Sat Apr 11 06:34:19 2009 (49E02BDB)
fffffa60`02e85000 fffffa60`02e91000   dump_dumpata dump_dumpata.sys Sat Apr 11 06:34:22 2009 (49E02BDE)
fffffa60`02e99000 fffffa60`02eac000   dump_dumpfve dump_dumpfve.sys Sat Jan 19 05:52:25 2008 (47919019)
fffffa60`02eac000 fffffa60`02eb8000   Dxapi    Dxapi.sys    Sat Jan 19 06:08:00 2008 (479193C0)
fffff960`004f0000 fffff960`0050e000   dxg      dxg.sys      Sat Apr 11 06:09:45 2009 (49E02619)
fffffa60`011a7000 fffffa60`011d3000   ecache   ecache.sys   Sat Apr 11 06:36:18 2009 (49E02C52)
fffffa60`00db9000 fffffa60`00dc6000   fdc      fdc.sys      Sat Jan 19 06:28:45 2008 (4791989D)
fffffa60`009bf000 fffffa60`009d3000   fileinfo fileinfo.sys Sat Jan 19 06:05:23 2008 (47919323)
fffffa60`025cc000 fffffa60`025d7000   flpydisk flpydisk.sys Sat Jan 19 06:28:45 2008 (4791989D)
fffffa60`00766000 fffffa60`007ad000   fltmgr   fltmgr.sys   Sat Apr 11 05:54:38 2009 (49E0228E)
fffff960`008b0000 fffff960`008b9000   framebuf framebuf.dll Sat Jan 19 06:32:18 2008 (47919972)
fffffa60`025d7000 fffffa60`025e1000   Fs_Rec   Fs_Rec.SYS   Sat Jan 19 05:53:41 2008 (47919065)
fffffa60`011d3000 fffffa60`011fc000   fvevol   fvevol.sys   Sat Apr 11 05:52:54 2009 (49E02226)
fffffa60`0117b000 fffffa60`011a7000   fwpkclnt fwpkclnt.sys Sat Apr 11 06:42:44 2009 (49E02DD4)
fffffa60`00de2000 fffffa60`00def000   GEARAspiWDM GEARAspiWDM.sys Mon May 18 13:17:04 2009 (4A1151C0)
fffff800`02215000 fffff800`0225b000   hal      hal.dll      Sat Apr 11 08:04:56 2009 (49E04118)
fffffa60`00a08000 fffffa60`00af5000   HDAudBus HDAudBus.sys Sat Apr 11 06:39:38 2009 (49E02D1A)
fffffa60`007e2000 fffffa60`007f4000   HIDCLASS HIDCLASS.SYS Sat Apr 11 06:39:32 2009 (49E02D14)
fffffa60`025f8000 fffffa60`025ffb80   HIDPARSE HIDPARSE.SYS Sat Jan 19 06:33:51 2008 (479199CF)
fffffa60`007d9000 fffffa60`007e2000   hidusb   hidusb.sys   Sat Apr 11 06:39:32 2009 (49E02D14)
fffffa60`02519000 fffffa60`02527000   kbdclass kbdclass.sys Sat Jan 19 06:28:05 2008 (47919875)
fffffa60`02e6c000 fffffa60`02e77000   kbdhid   kbdhid.sys   Sat Apr 11 06:33:40 2009 (49E02BB4)
fffffa60`00605000 fffffa60`00608000   kdcom    kdcom.dll    Tue Nov 30 14:40:39 2010 (4CF50CE7)
fffffa60`02535000 fffffa60`02569000   ks       ks.sys       Sat Apr 11 06:33:51 2009 (49E02BBF)
fffffa60`00c05000 fffffa60`00c8c000   ksecdd   ksecdd.sys   Mon Jun 15 14:15:18 2009 (4A364966)
fffffa60`02e07000 fffffa60`02e1a000   LHidFilt LHidFilt.Sys Thu Nov 29 10:13:01 2007 (474E90AD)
fffffa60`02e25000 fffffa60`02e38000   LMouFilt LMouFilt.Sys Thu Nov 29 10:13:05 2007 (474E90B1)
fffffa60`007c9000 fffffa60`007d9000   LUsbFilt LUsbFilt.Sys Thu Nov 29 10:13:08 2007 (474E90B4)
fffffa60`00608000 fffffa60`00643000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Apr 11 08:05:41 2009 (49E04145)
fffffa60`02527000 fffffa60`02533000   mouclass mouclass.sys Sat Jan 19 06:28:05 2008 (47919875)
fffffa60`02e1a000 fffffa60`02e25000   mouhid   mouhid.sys   Sat Jan 19 06:28:10 2008 (4791987A)
fffffa60`00988000 fffffa60`0099b000   mountmgr mountmgr.sys Sat Jan 19 06:28:01 2008 (47919871)
fffffa60`007ad000 fffffa60`007b8000   Msfs     Msfs.SYS     Sat Jan 19 05:53:55 2008 (47919073)
fffffa60`00bbe000 fffffa60`00bc8000   msisadrv msisadrv.sys Sat Jan 19 06:02:50 2008 (4791928A)
fffffa60`00af5000 fffffa60`00b2e000   msiscsi  msiscsi.sys  Sat Apr 11 06:36:09 2009 (49E02C49)
fffffa60`00c8c000 fffffa60`00cdc000   msrpc    msrpc.sys    Sat Apr 11 06:32:13 2009 (49E02B5D)
fffffa60`02569000 fffffa60`02574000   mssmbios mssmbios.sys Sat Jan 19 06:02:54 2008 (4791928E)
fffffa60`013da000 fffffa60`013ec000   mup      mup.sys      Sat Apr 11 05:54:47 2009 (49E02297)
fffffa60`00e05000 fffffa60`00fc8000   ndis     ndis.sys     Sat Apr 11 06:43:15 2009 (49E02DF3)
fffffa60`00cdc000 fffffa60`00d35000   NETIO    NETIO.SYS    Sat Apr 11 06:43:34 2009 (49E02E06)
fffffa60`007b8000 fffffa60`007c9000   Npfs     Npfs.SYS     Sat Apr 11 05:54:22 2009 (49E0227E)
fffff800`0225b000 fffff800`02772000   nt       ntkrnlmp.exe Tue Jun 08 15:59:47 2010 (4C0E5AE3)
fffffa60`0120e000 fffffa60`0138e000   Ntfs     Ntfs.sys     Sat Apr 11 05:55:38 2009 (49E022CA)
fffffa60`025e1000 fffffa60`025ea000   Null     Null.SYS     Thu Nov 02 09:37:15 2006 (4549BC4B)
fffffa60`008e9000 fffffa60`008fe000   partmgr  partmgr.sys  Sat Apr 11 06:34:51 2009 (49E02BFB)
fffffa60`00bc8000 fffffa60`00bf8000   pci      pci.sys      Sat Apr 11 06:03:33 2009 (49E024A5)
fffffa60`00bf8000 fffffa60`00bff000   pciide   pciide.sys   Sat Apr 11 06:34:28 2009 (49E02BE4)
fffffa60`00978000 fffffa60`00988000   PCIIDEX  PCIIDEX.SYS  Sat Apr 11 06:34:22 2009 (49E02BDE)
fffffa60`00643000 fffffa60`00657000   PSHED    PSHED.dll    Sat Apr 11 08:08:17 2009 (49E041E1)
fffffa60`0246c000 fffffa60`02506000   rdpdr    rdpdr.sys    Sat Apr 11 06:49:54 2009 (49E02F82)
fffffa60`00b3a000 fffffa60`00b68000   SCSIPORT SCSIPORT.SYS Sat Jan 19 06:28:52 2008 (479198A4)
fffffa60`02402000 fffffa60`0245f000   storport storport.sys Sat Apr 11 06:34:45 2009 (49E02BF5)
fffffa60`02533000 fffffa60`02534480   swenum   swenum.sys   Thu Nov 02 09:37:33 2006 (4549BC5D)
fffffa60`01005000 fffffa60`0117b000   tcpip    tcpip.sys    Wed Jun 16 15:51:56 2010 (4C18E50C)
fffffa60`0245f000 fffffa60`0246c000   TDI      TDI.SYS      Sat Apr 11 06:44:14 2009 (49E02E2E)
fffffa60`02506000 fffffa60`02519000   termdd   termdd.sys   Sat Apr 11 06:48:13 2009 (49E02F1D)
fffff960`006e0000 fffff960`006ea000   TSDDD    TSDDD.dll    unavailable (00000000)
fffffa60`02574000 fffffa60`02584000   umbus    umbus.sys    Sat Jan 19 06:34:16 2008 (479199E8)
fffffa60`02e50000 fffffa60`02e6c000   usbccgp  usbccgp.sys  Sat Jan 19 06:34:04 2008 (479199DC)
fffffa60`02400000 fffffa60`02401e00   USBD     USBD.SYS     Sat Jan 19 06:33:53 2008 (479199D1)
fffffa60`00da8000 fffffa60`00db9000   usbehci  usbehci.sys  Sat Apr 11 06:39:36 2009 (49E02D18)
fffffa60`02584000 fffffa60`025cc000   usbhub   usbhub.sys   Sat Apr 11 06:39:52 2009 (49E02D28)
fffffa60`00d62000 fffffa60`00da8000   USBPORT  USBPORT.SYS  Sat Apr 11 06:39:39 2009 (49E02D1B)
fffffa60`02e38000 fffffa60`02e50000   USBSTOR  USBSTOR.SYS  Sat Apr 11 06:39:38 2009 (49E02D1A)
fffffa60`00d56000 fffffa60`00d62000   usbuhci  usbuhci.sys  Sat Jan 19 06:33:56 2008 (479199D4)
fffffa60`025ea000 fffffa60`025f8000   vga      vga.sys      Sat Jan 19 06:32:21 2008 (47919975)
fffffa60`009d3000 fffffa60`009f8000   VIDEOPRT VIDEOPRT.SYS Sat Jan 19 06:32:25 2008 (47919979)
fffffa60`008fe000 fffffa60`00912000   volmgr   volmgr.sys   Sat Apr 11 06:34:49 2009 (49E02BF9)
fffffa60`00912000 fffffa60`00978000   volmgrx  volmgrx.sys  Sat Apr 11 06:35:14 2009 (49E02C12)
fffffa60`0138e000 fffffa60`013d2000   volsnap  volsnap.sys  Sat Apr 11 06:35:33 2009 (49E02C25)
fffffa60`00def000 fffffa60`00dff000   watchdog watchdog.sys Sat Apr 11 06:09:16 2009 (49E025FC)
fffffa60`00801000 fffffa60`008db000   Wdf01000 Wdf01000.sys Sat Jan 19 06:33:27 2008 (479199B7)
fffffa60`008db000 fffffa60`008e9000   WDFLDR   WDFLDR.SYS   Sat Jan 19 06:32:33 2008 (47919981)
fffff960`000f0000 fffff960`003a4000   win32k   win32k.sys   Tue Aug 31 15:57:22 2010 (4C7D1852)
fffffa60`00b31000 fffffa60`00b3a000   WMILIB   WMILIB.SYS   Sat Jan 19 06:33:45 2008 (479199C9)

Unloaded modules:
fffffa60`00d35000 fffffa60`00d43000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffffa60`00ff4000 fffffa60`01000000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffffa60`013d2000 fffffa60`013da000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00008000
fffffa60`00d43000 fffffa60`00d56000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
fffffa60`013d2000 fffffa60`013da000   spldr.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00008000
fffffa60`00a0b000 fffffa60`00b31000   sptd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00126000
1: kd> lmvm nt
start             end                 module name
fffff800`0225b000 fffff800`02772000   nt         (pdb symbols)          C:\Program Files\Debugging Tools for Windows (x86)\sym\ntkrnlmp.pdb\37BC833C16084A489F75E5BCDC9F70BC2\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Mapped memory image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\ntoskrnl.exe\4C0E5AE3517000\ntoskrnl.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Timestamp:        Tue Jun 08 15:59:47 2010 (4C0E5AE3)
    CheckSum:         00489B3B
    ImageSize:        00517000
    File version:     6.0.6002.18267
    Product version:  6.0.6002.18267
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntkrnlmp.exe
    OriginalFilename: ntkrnlmp.exe
    ProductVersion:   6.0.6002.18267
    FileVersion:      6.0.6002.18267 (vistasp2_gdr.100608-0458)
    FileDescription:  NT Kernel & System
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
1: kd> .trap 0xfffffa6001b60450
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa6001e3a3e8 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800022cb194 rsp=fffffa6001b605e0 rbp=fffffa8005829638
 r8=fffffa800538c3b0  r9=fffffa6001b606d0 r10=fffffa80039adf30
r11=fffffa8005287a90 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!IopCompleteRequest+0xb74:
fffff800`022cb194 4c8b4910        mov     r9,qword ptr [rcx+10h] ds:00000000`00000010=????????????????
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS 420
    CPU
    Intel Core 2 Quad Q9300 2.50GHz
    Motherboard
    Stock Dell 0TP406
    Memory
    4 gb (DDR2 800) 400MHz
    Graphics Card(s)
    ATI Radeon HD 3870 (512 MBytes)
    Sound Card
    Onboard
    Monitor(s) Displays
    1 x Dell 2007FP and 1 x (old) Sonic flat screen
    Screen Resolution
    1600 x 1200 and 1280 x 1204
    Hard Drives
    1 x 640Gb (SATA 300)
    Western Digital: WDC WD6400AAKS-75A7B0

    1 x 1Tb (SATA 600)
    Western Digital: Caviar Black, SATA 6GB/S, 64Mb cache, 8ms
    Western Digital: WDC WD1002FAEX-00Z3A0 ATA Device
    PSU
    Stock PSU - 375W
    Case
    Dell XPS 420
    Cooling
    Stock Fan
    Keyboard
    Dell Bluetooth
    Mouse
    Advent Optical ADE-WG01 (colour change light up)
    Internet Speed
    120 kb/s
    Other Info
    ASUS USB 3.0 5Gbps/SATA 6Gbps - PCI-Express Combo Controller Card (U3S6)

My Computer

System One

  • Manufacturer/Model
    HP-Pavilion m9280.uk-a
    CPU
    2.30 gigahertz AMD Phenom 9600 Quad-Core
    Motherboard
    ASUSTek Computer INC. NARRA3 3.02
    Memory
    3582 Megabytes Usable Installed Memory (4 Gig)
    Graphics Card(s)
    ASUS NVIDIA Geforce GTS450
    Sound Card
    Realtek High Definition 7.1 Audio (HP drivers)
    Monitor(s) Displays
    HP w2408 24.0" (Dual monitor)
    Screen Resolution
    1920 * 1200, 1920 * 1200
    Hard Drives
    3*500 Gigabytes Usable Hard Drive Capacity
    Plus 2x USB (160Gig each) external HDD
    BluRay & DVD Weiters
    HL-DT-ST BD-RE GGW-H20L SCSI CdRom (Bluray RW) Device
    AlViDrv BDDVDROM SCSI CdRom (Blueray) Device
    TSSTcorp CDDVDW TS-H653N SCSI CdRom
    Internet Speed
    40 Meg
I do have LogmeIn installed.

I'm going to upload my MBAM logs and a Hijackthis log...

Thanks for all the help! Safemode seems to be usable now again... I've deleted some registry entries based on a few hijackthis logs that were obvious malware.

Matt
 

Attachments

  • mbam-log-2010-12-04 (23-16-29).txt
    2.3 KB · Views: 33
  • mbam-log-2010-12-05 (13-41-57).txt
    2.8 KB · Views: 31
  • mbam-log-2010-12-05 (07-58-29).txt
    1 KB · Views: 28
  • hijackthis.log
    11.9 KB · Views: 23

My Computer

Back
Top