Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD - POSSIBLY 0X0.....D1


  • Please log in to reply

#1
SSri09

SSri09

    Member

  • Member
  • PipPipPip
  • 144 posts
Hi,

I am getting the BSOD on a new xw8600 HP workstation. Early Jan, it crashed frequently. It went back to the vendor for a fix. It happened again. I updated all drivers including HP HID compliant mouse, video (quadro nvs440), xi-fi extreme fatality champ card, etc. I thought drivers fixed the problem. They did not. It crashed 3 times the day before and once today. It does not register anything in the Event Viewer. Memory dump does not get generated. I have now explicitly specified c:\windows\... for the memory dump.

Every time, I get Driver_IRQL_MORE_OR_LESS...I could not write down the codes it generates as it auto starts after the crash. Everytime I see most probably 0x0...D1,0x....8,0x...2,0x....0.

If I recollect from the start, when I complained about frequent BSOD with Driver_more_or..._equal, the BSODhappened only when I was using the pointing device (mouse) either by clicking it, or double clicking it or scrolling it.

I still get broadcom gigabit cable problem (WARNING: NETWORK CARD DOWN...PLEASE CHECK THE CABLE IS CONNECTED PROPERLY).

I ran the following tests, whose reports are pasted below.

SDFIX (in safe mode); BFU and RSI in normal mode. I would very much appreciate if some one could help me fix this problem. Thanks in advance.

Regards,
S Sri


***************
SDFIX REPORT


SDFix: Version 1.240
Run by Administrator on 30/01/2009 at 21:31

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp74.tmp - Deleted


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 21:42:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000149
"TracesSuccessful"=dword:00000009

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\\Program Files\\ITunes\\iTunes.exe"="E:\\Program Files\\ITunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 18 Dec 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!
***********

HIJACKTHIS REPORT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-30 22:14:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 43 GB (71%) free of 61 GB
Total RAM: 3071 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:02, on 30/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Checkpoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
E:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Checkpoint\ZAForceField\forcefield.exe
C:\Program Files\Checkpoint\ZAForceField\ISWMGR.exe
C:\Program Files\Checkpoint\ZAForceField\ISWMGR.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Checkpoint\ZAForceField\ISWMGR.exe
C:\Program Files\Checkpoint\ZAForceField\ISWMGR.exe
E:\Program Files\Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Utility\New Folder\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...;pf=workstation
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...;pf=workstation
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\Checkpoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\Checkpoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\Checkpoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7784 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ForceField Toolbar Registrar - C:\Program Files\Checkpoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-01-15 451976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ForceField Toolbar - C:\Program Files\Checkpoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-01-15 451976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2008-05-06 221300]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-28 136600]
"Syslog"= []
"ZoneAlarm Client"=E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-01-16 985480]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2008-08-06 23040]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-07-12 178712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-01-15 1830128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
APC UPS Status.lnk - E:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
E:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\ITunes\iTunes.exe"="E:\Program Files\ITunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-30 22:13:21 ----D---- C:\Program Files\trend micro
2009-01-30 22:13:20 ----D---- C:\rsit
2009-01-30 22:02:26 ----A---- C:\egd.txt
2009-01-30 22:02:25 ----D---- C:\WINDOWS\system32\bfubackups
2009-01-30 21:59:46 ----D---- C:\Utility
2009-01-30 21:30:26 ----D---- C:\WINDOWS\ERUNT
2009-01-30 21:29:08 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-30 21:15:24 ----D---- C:\SDFix
2009-01-30 14:33:20 ----D---- C:\Documents and Settings\Administrator\Application Data\BACS.exe
2009-01-29 10:18:12 ----A---- C:\WINDOWS\system32\qtintf.dll
2009-01-29 09:09:24 ----D---- C:\WINDOWS\system32\ENU
2009-01-29 09:09:24 ----A---- C:\WINDOWS\system32\Imsmudlg.exe
2009-01-29 09:09:00 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield
2009-01-28 22:34:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Logitech
2009-01-28 22:31:57 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-01-28 22:31:37 ----A---- C:\WINDOWS\KHALMNPR.Exe
2009-01-28 22:31:36 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2009-01-28 22:31:33 ----A---- C:\WINDOWS\system32\KemXML.dll
2009-01-28 22:31:33 ----A---- C:\WINDOWS\system32\KemWnd.dll
2009-01-28 22:31:33 ----A---- C:\WINDOWS\system32\KemUtil.dll
2009-01-28 22:31:33 ----A---- C:\WINDOWS\system32\kemutb.dll
2009-01-28 22:31:27 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-01-28 22:31:25 ----D---- C:\Program Files\Logitech
2009-01-28 22:31:24 ----D---- C:\Program Files\Common Files\Logitech
2009-01-28 20:52:42 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2009-01-28 16:53:54 ----A---- C:\WINDOWS\system32\AppSetup.exe
2009-01-28 11:34:38 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-28 09:03:54 ----D---- C:\Program Files\iPod
2009-01-28 09:03:53 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-28 09:03:21 ----D---- C:\Program Files\Bonjour
2009-01-28 09:02:57 ----D---- C:\Program Files\QuickTime
2009-01-27 14:22:25 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-27 14:22:19 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-27 14:20:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-26 16:36:42 ----D---- C:\Program Files\NOS
2009-01-26 16:36:42 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-01-26 13:48:07 ----D---- C:\Program Files\Adobe
2009-01-26 13:48:01 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-25 21:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-25 21:30:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-24 09:56:39 ----D---- C:\WINDOWS\Sun
2009-01-22 17:33:42 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2009-01-22 17:30:53 ----D---- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2009-01-22 17:25:23 ----A---- C:\XES7.tmp
2009-01-21 21:22:52 ----D---- C:\Documents and Settings\Administrator\Application Data\Leadertech
2009-01-21 17:11:55 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-01-21 13:20:45 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-01-21 13:20:45 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-01-21 10:50:40 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2009-01-16 14:35:36 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-01-16 14:35:04 ----D---- C:\Intel
2009-01-05 13:16:31 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-04 16:05:49 ----D---- C:\Program Files\SonicWallES
2009-01-04 15:59:48 ----A---- C:\WINDOWS\ODBC.INI
2009-01-04 15:59:45 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-01-04 15:23:25 ----D---- C:\Documents and Settings\Administrator\Application Data\Talkback
2009-01-04 15:23:13 ----D---- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2009-01-04 13:57:07 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-04 13:57:06 ----D---- C:\Program Files\MSBuild
2009-01-04 13:57:02 ----D---- C:\Program Files\Reference Assemblies
2009-01-04 13:56:46 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-01-04 13:56:46 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-01-04 13:56:45 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-01-04 13:56:38 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-04 13:36:13 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-01-04 12:59:07 ----D---- C:\Documents and Settings\Administrator\Application Data\TravelerSafe+
2009-01-02 18:47:51 ----D---- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
2009-01-02 18:43:39 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-02 18:43:39 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-02 18:43:39 ----A---- C:\WINDOWS\system32\java.exe
2009-01-02 18:43:15 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2009-01-02 15:46:41 ----D---- C:\Documents and Settings\Administrator\Application Data\CopyTrans
2009-01-02 15:45:15 ----D---- C:\Documents and Settings\Administrator\Application Data\CopyTransControlCenter
2009-01-02 14:12:02 ----A---- C:\rollback.ini
2009-01-02 12:53:56 ----A---- C:\WINDOWS\system32\stci.dll
2009-01-02 12:40:54 ----D---- C:\Program Files\Common Files\Acronis
2009-01-02 12:37:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-01-02 12:37:46 ----D---- C:\Program Files\Common Files\Adobe
2009-01-02 12:37:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-02 12:33:42 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2009-01-02 12:30:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2009-01-02 12:29:57 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-02 12:29:49 ----D---- C:\Program Files\Apple Software Update
2009-01-02 12:29:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-02 12:29:39 ----D---- C:\Program Files\Common Files\Apple
2009-01-02 12:29:39 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-01-02 12:22:51 ----D---- C:\Documents and Settings\Administrator\Application Data\#ISW.FS#
2009-01-02 12:22:45 ----D---- C:\Documents and Settings\Administrator\Application Data\CheckPoint
2009-01-02 12:19:14 ----D---- C:\Program Files\Checkpoint
2009-01-02 12:19:12 ----A---- C:\WINDOWS\zllsputility.exe
2009-01-02 12:19:09 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-01-02 12:19:08 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-01-02 12:19:08 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-01-02 12:19:07 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-01-02 12:19:07 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-01-02 12:19:07 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-01-02 12:19:06 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-01-02 12:19:06 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-01-02 12:19:06 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-01-02 12:16:57 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-01-02 12:16:57 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-01-02 12:16:57 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-01-02 12:16:56 ----D---- C:\WINDOWS\Internet Logs
2009-01-02 12:15:00 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 1 months======

2009-01-30 22:13:21 ----RD---- C:\Program Files
2009-01-30 22:02:25 ----D---- C:\WINDOWS\system32
2009-01-30 22:02:06 ----D---- C:\WINDOWS\Temp
2009-01-30 21:44:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-30 21:38:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-30 21:30:55 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-30 21:30:26 ----D---- C:\WINDOWS
2009-01-30 21:27:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-30 17:47:09 ----D---- C:\WINDOWS\Prefetch
2009-01-30 15:47:18 ----D---- C:\WINDOWS\security
2009-01-30 15:15:29 ----D---- C:\WINDOWS\system32\drivers
2009-01-30 14:34:06 ----SHD---- C:\WINDOWS\Installer
2009-01-30 14:34:00 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-30 14:34:00 ----D---- C:\Program Files\Broadcom
2009-01-30 14:33:58 ----RSD---- C:\WINDOWS\assembly
2009-01-30 14:33:56 ----HD---- C:\WINDOWS\inf
2009-01-30 14:25:18 ----D---- C:\SWSetup
2009-01-30 13:24:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-30 11:55:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-29 10:18:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-29 09:09:23 ----D---- C:\Program Files\Intel
2009-01-29 09:07:52 ----D---- C:\WINDOWS\system32\config
2009-01-28 22:34:11 ----D---- C:\WINDOWS\WinSxS
2009-01-28 22:31:24 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-01-28 22:31:24 ----D---- C:\Program Files\Common Files
2009-01-28 21:20:44 ----D---- C:\WINDOWS\nview
2009-01-28 21:20:44 ----D---- C:\WINDOWS\Help
2009-01-28 16:54:20 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-01-28 16:54:20 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-01-28 16:54:14 ----D---- C:\WINDOWS\system32\Data
2009-01-28 11:34:29 ----D---- C:\Program Files\Java
2009-01-28 08:57:24 ----D---- C:\WINDOWS\system32\Macromed
2009-01-27 23:40:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-27 14:48:12 ----D---- C:\WINDOWS\repair
2009-01-27 14:18:02 ----D---- C:\WINDOWS\Debug
2009-01-25 21:30:31 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-21 12:42:16 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2009-01-10 01:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-05 13:16:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-05 13:16:23 ----D---- C:\Program Files\Common Files\System
2009-01-05 13:16:14 ----RSD---- C:\WINDOWS\Fonts
2009-01-05 13:16:13 ----A---- C:\WINDOWS\win.ini
2009-01-04 16:00:43 ----D---- C:\WINDOWS\system32\wbem
2009-01-04 15:59:11 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-04 15:57:18 ----D---- C:\WINDOWS\system
2009-01-04 14:36:42 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-04 13:57:06 ----D---- C:\WINDOWS\system32\en-us
2009-01-04 13:56:54 ----D---- C:\WINDOWS\system32\spool
2009-01-04 13:53:58 ----D---- C:\Program Files\Internet Explorer
2009-01-02 14:25:30 ----SD---- C:\WINDOWS\Tasks
2009-01-02 12:53:31 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-12-11 148496]
R1 SASDIFSV;SASDIFSV; \??\E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-01-16 353160]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 ISWKL;ForceField ISWKL; \??\C:\Program Files\Checkpoint\ZAForceField\ISWKL.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-01-02 32768]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-09-17 161792]
R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
R3 CT20XUT.SYS;CT20XUT.SYS; C:\WINDOWS\System32\drivers\CT20XUT.SYS [2008-08-06 198168]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-08-06 534808]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\WINDOWS\System32\drivers\CTEXFIFX.SYS [2008-08-06 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\WINDOWS\System32\drivers\CTHWIUT.SYS [2008-08-06 73752]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-08-06 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-08-06 159256]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-08-06 95768]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x22k;Creative 20X2 HAL Driver; C:\WINDOWS\system32\drivers\ha20x22k.sys [2008-08-06 1221144]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 icsak;icsak; \??\C:\Program Files\Checkpoint\ZAForceField\AK\icsak.sys []
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-01-23 28176]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-08-06 129560]
R3 SASENUM;SASENUM; \??\E:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 42752]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 CT20XUT;CT20XUT; C:\WINDOWS\system32\drivers\CT20XUT.SYS [2008-08-06 198168]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-08-06 511000]
S3 CTEXFIFX;CTEXFIFX; C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2008-08-06 1353240]
S3 CTHWIUT;CTHWIUT; C:\WINDOWS\system32\drivers\CTHWIUT.SYS [2008-08-06 73752]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-08-06 1178136]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-09 105472]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-02-16 411168]
R2 APC UPS Service;APC UPS Service; E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2005-12-12 176193]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 425984]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-12 354840]
R2 IswSvc;ForceField IswSvc; C:\Program Files\Checkpoint\ZAForceField\IswSvc.exe [2009-01-15 390536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-28 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-04-25 576536]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-01-16 2401160]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-18 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2008-12-18 79360]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-01-26 33752]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

RSIT INFO.TXT

info.txt logfile of random's system information tool 1.05 2009-01-30 22:13:36

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9605AE52-2172-448F-BE56-B2086F932412}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9605AE52-2172-448F-BE56-B2086F932412}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBE814C2-4974-4C54-BABC-A8BB023E4E3D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBE814C2-4974-4C54-BABC-A8BB023E4E3D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBFEFF72-227B-4130-B6F4-6BCB66596BCB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom TPM Driver Installer-->MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
CCleaner (remove only)-->"E:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Creative Audio Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Dolby Digital Live Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBFEFF72-227B-4130-B6F4-6BCB66596BCB}\setup.exe" -l0x9 /remove
DrayTek Router Tools V3.7.1-->"E:\Program Files\DrayTek Router Tools V3.7.1\unins000.exe"
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IswTmp\DwlRun\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.exe" -l0x9 -removeonly
HP Performance Tuning Framework-->MsiExec.exe /I{2D5F91BD-BB3D-4E8C-B29C-C5BC42E194F1}
HP Workstation User Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808E5AB1-E98F-4362-AB10-B5B69CB2301C}\SETUP.exe" -l0x9 -removeonly
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalSetup-->MsiExec.exe /I{C89C8D86-44

Attached Files


  • 0

Advertisements


#2
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
I once again got the BSOD a while ago. It did not generate memory dump although I have correctly configured. I have now disabled autoreboot. I hope to get the full details of the BSOD next time. The stop error that I managed to write this time was

STOP 0x000000D1 (0x00000008,0x00000002,0x0A7D8A478)

ha20x22k.sys.address A7D8A478 base....

Last time, I got the same except it was STOP 0x000000D1 (0x00000008,0x00000002,0x00000000)

it is driver irql.

I would really appreciate some help with this information which can be taken over and above information posted yesterday.

Many thanks in advance the help.

SSri09
  • 0

#3
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
ANOTHER ONE: Last field is different: (Earlier it was 0xa7d8a478) this time (0xa31d9474)

I managed to get the error details fully this time:

Driver_IRQL_NOT_LESS_OR_EQUAL

STOP: 0X000000D1 (0x00000008,0x00000002,0x00000000,0xA31D947F)

ha20x22k.sys - address of A31D9474 base at A3174000.

I hope that some one will be able to help me. All drivers have been updated.
  • 0

#4
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
I have identified the source of BSOD problem. The source file: ha20x22k.sys is the creative xi-fi driver. I do not know whether there is any compatibility issue with this creative xi-fi fatality cham series and HP systems; May be there is.

The problem may occur if the driver was not completely installed. I have done in safe boot (1) uninstall the creative drivers and software; (2) ran Malwarebyte's anti-malware and CC Cleaner; (3) run www.Gurd3d.com's driver sweeper and closely followed it to manually deleted left over creative files and folders plus registry keys. I rebooted normally and then in safe mode to instal creative drivers and folders. Finally rebooted normally to update creative drivers and software.

I am hoping it would fix the driver_irql_more_or_less STOP 0X0...D1 errors. I will come back with further posts on this BSOD problem in the next few days.

thanks
  • 0

#5
SSri09

SSri09

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
The fix appeared to have solved the problem. System is working fine in the last few days; no BSOD stop 0X000000D1 error. Touch wood. Would post again if error pops up again.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP