TechSpot

Trojan Win32.Sirefef, PC reboots every minute

Solved
By ihatetrojans
Jul 8, 2012
  1. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Combofix created restore point around 2:14AM today.
    Try to use it from safe mode.

    If successful re-run Combofix.
     
  2. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    Do I use the Combofix which has been renamed my_name.exe ?
     
  3. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    I suggest you download fresh copy.
    You can rename it if you wish.
     
  4. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    ComboFix 12-07-21.01 - daphene 23/07/2012 1:36.3.2 - x86 MINIMAL
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2036.1592 [GMT 2:00]
    Lancé depuis: c:\users\daphene\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\daphene.exe
    c:\daphene.exe\PEV.exe
    c:\daphene.exe\snapshot.00.dat
    c:\program files\Internet Explorer\minftnet.exe
    c:\program files\Internet Explorer\minftnet.ini
    c:\programdata\ntuser.dat
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-22 au 2012-07-22 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\users\daphene\AppData\Local\temp
    2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\users\maxime\AppData\Local\temp
    2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-22 20:29 . 2007-03-14 20:54 332800 ----a-w- c:\program files\Mozilla Firefox\GETxPUD\WGET.EXE
    2012-07-22 20:29 . 2006-03-17 18:39 147456 ----a-w- c:\program files\Mozilla Firefox\GETxPUD\BurnCDCC.exe
    2012-07-22 01:27 . 2012-07-22 01:27 -------- d-----w- C:\_OTL
    2012-07-22 01:12 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-22 01:02 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2012-07-22 01:02 . 2012-06-02 08:26 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
    2012-07-22 01:02 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-07-21 20:58 . 2012-07-21 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-21 20:58 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-21 20:28 . 2012-07-21 20:28 -------- d-----w- c:\programdata\RoboForm
    2012-07-21 20:27 . 2012-07-21 20:27 -------- d-----w- c:\program files\Siber Systems
    2012-07-21 20:25 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-21 20:25 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-21 20:25 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-07-21 20:25 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-21 20:25 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-21 20:25 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-21 20:23 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-21 20:23 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-07-21 20:23 . 2012-07-21 20:23 -------- d-----w- c:\programdata\AVAST Software
    2012-07-21 20:23 . 2012-07-21 20:23 -------- d-----w- c:\program files\AVAST Software
    2012-07-21 18:44 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-21 18:44 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-21 18:44 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-21 10:58 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-21 10:58 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-21 10:58 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-11 12:56 . 2012-07-22 23:02 -------- d-----w- c:\windows\system32\DBBK
    2012-07-11 12:56 . 2012-03-22 16:17 225664 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
    2012-07-11 12:56 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
    2012-07-11 12:56 . 2012-01-17 20:55 27528 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
    2012-07-11 12:56 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
    2012-07-11 12:56 . 2012-01-17 20:55 59272 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
    2012-07-11 12:56 . 2012-01-17 20:55 20744 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
    2012-07-11 12:56 . 2010-05-04 01:37 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
    2012-07-08 19:37 . 2012-07-09 19:54 -------- d-----w- C:\ZHP
    2012-07-08 19:37 . 2012-07-09 19:54 -------- d-----w- c:\program files\ZHPDiag
    2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\program files\Conduit
    2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\users\daphene\AppData\Local\Conduit
    2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\program files\WiseConvert
    2012-07-07 13:05 . 2012-07-07 13:05 -------- d-----w- c:\program files\VS Revo Group
    2012-07-07 13:04 . 2012-07-07 13:04 -------- d-----w- c:\users\daphene\AppData\Roaming\Malwarebytes
    2012-07-07 13:04 . 2012-07-07 13:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-07 12:52 . 2012-07-07 18:14 -------- d-----w- c:\program files\CCleaner
    2012-07-07 11:00 . 2012-07-07 11:00 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
    2012-07-05 22:52 . 2012-07-05 22:52 -------- d--h--w- c:\windows\msdownld.tmp
    2012-07-04 10:32 . 2012-07-04 10:32 -------- d-----w- C:\rei
    2012-07-04 10:32 . 2012-07-04 10:32 -------- d-----w- c:\program files\Reimage
    2012-07-04 10:11 . 2012-07-05 22:32 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-23 17:30 . 2012-06-23 17:30 -------- d-----w- c:\users\daphene\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 15:19 . 2012-03-30 09:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-23 15:19 . 2011-05-21 09:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-02 22:19 . 2012-06-21 12:00 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 12:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 11:59 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 11:59 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 12:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 12:00 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 11:59 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-21 11:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:12 . 2012-06-21 11:59 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-29 07:05 . 2012-05-29 07:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40AB41F-4AB8-436C-A6DB-8ACA15A107CF}\offreg.dll
    2012-05-27 13:50 . 2008-03-26 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-05-08 16:40 . 2012-05-29 06:21 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40AB41F-4AB8-436C-A6DB-8ACA15A107CF}\mpengine.dll
    2012-05-01 14:03 . 2012-06-15 15:47 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 15:41 . 2011-09-15 13:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
    "{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\WiseConvert\prxtbWise.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-21 96056]
    "Facebook Update"="c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-21 138096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
    2008-06-30 21:23 557149 ----a-w- c:\program files\Thomson\ST330\diagnostics\diagnostics.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
    2007-04-13 02:46 49152 ----a-w- c:\windows\Domino.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
    2012-07-21 21:25 138096 ----atw- c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-03-25 15:07 166424 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2011-01-12 10:21 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    2009-08-05 09:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-03-25 15:07 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-05-26 19:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2007-02-04 10:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
    2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-03-25 15:07 133656 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-07-03 09:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-02-29 06:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
    2007-04-07 01:56 54936 ----a-w- c:\windows\System32\jureg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-05-27 13:50 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
    2007-04-13 02:46 57344 ----a-w- c:\windows\ZSSnp211.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=""
    "FirewallOverride"=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:19]
    .
    2012-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000Core.job
    - c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 21:25]
    .
    2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000UA.job
    - c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 21:25]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 13:47]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 13:47]
    .
    2012-07-21 c:\windows\Tasks\HPCeeScheduleFordaphene.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-26 11:10]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/search?hl=fr&q=++&meta=
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://fr.yahoo.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Show avast! EasyPass Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|http://my.ebay.co.uk/ws/eBayISAPI.d...S/firefox/search/?q=ixquick&appver=&platform=
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd192d3&v=7.005.030.004&I=23&tp=ab&iy=b&ychte=fr&lng=en-US&q=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-23 01:44
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\st330service]
    "ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
    25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{00000000-0593-4356-9CF7-1D8C2B3343C0}"=hex:51,66,7a,6c,4c,1d,38,12,6e,03,13,
    04,a1,4b,38,06,e3,e1,5e,cc,2e,6d,07,d4
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{25BC7718-0BFA-40EA-B381-4B2D9732D686}"=hex:51,66,7a,6c,4c,1d,38,12,76,74,af,
    21,c8,45,84,05,cc,97,08,6d,92,6c,92,92
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA}"=hex:51,66,7a,6c,4c,1d,38,12,73,d4,59,
    48,d3,1c,6c,01,e1,4d,88,bc,2c,00,8d,ae
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
    e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:26,f7,ff,3c,32,26,cd,01
    .
    Heure de fin: 2012-07-23 01:47:15
    ComboFix-quarantined-files.txt 2012-07-22 23:47
    ComboFix2.txt 2012-07-22 00:31
    .
    Avant-CF: 154 356 658 176 octets libres
    Après-CF: 154 264 784 896 octets libres
    .
    - - End Of File - - 7D4BDF90F00F32EF75B9D055000D5F00
     
  5. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    I sent the above using Normal Mode. Prior to this, I tried running COMBO on Safe Mode but got messages that MSE wasn't disabled though I turned off Real Time Protection. I restarted the pc in Normal Mode, and uninstalled MSE. Went back to Safe Mode and ran Combo successfully.
    I also attempted the OTL.exe, it didn't work, pc froze.
    I'm going to crash myself as it's again 2 am.
    I really appreciate your help and am grateful for the patience you've shown to a novice.
    I hope other forum users coming here to seek help will be able to get their issues resolved.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Good to see you back in normal mode.

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  7. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! EasyPass
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    CA Yahoo! Anti-Spy (remove only)
    CCleaner
    Out of date Java installed!
    Adobe Flash Player 11.3.300.262
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````
     
  8. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

  9. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    FSS, Eset?
     
  10. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    Oops! Realized I just copied and pasted the Security Check log twice.
    Running Eset now and currently 2 threats detected Win32 Registry Booster and Reviver.
    Is it all right for the program to complete before I retrieve the FSS log ?
    Thanks !
     
  11. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Yes, that's fine.
     
     
  12. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    Thank you *nerd*
     
  13. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    90 mins of scanning and 46% completed. Will get back to you in a few hours. Thx
     
  14. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    C:\Users\daphene\Downloads\DriverReviverSetup.exe a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
    C:\Users\daphene\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Windows\System32\DBBK\85C5DEC9B6B5D6B9DE2C0331A102AD71 Win32/Sirefef.EZ trojan deleted - quarantined
    C:\Windows\System32\DBBK\C2FEB83E777091D2588B1EA1A23AFCC1 a variant of Win32/Medfos.AM trojan cleaned by deleting - quarantined
     
  15. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    Farbar Service Scanner Version: 22-07-2012
    Ran by daphene (administrator) on 24-07-2012 at 07:51:30
    Running from "C:\Users\daphene\Downloads"
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Other Services:
    ==============

    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys
    [2011-06-15 11:49] - [2011-04-21 15:58] - 0273408 ____A (Microsoft Corporation)

    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  16. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  17. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    [2012/07/24 20:14:38 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  18. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    I need a whole log not couple of lines.
     
  19. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    Sorry about this, evidently it was not working and I had to scan the pc again.
    I noticed that after I started the pc, the screen goes blue at times with the text that it was dumping physical files - it went in a flash so I couldn't read everything.
    Anyway, here's the log which I couldn't send as mysteriously ( for me ) I had no phone nor internet connection after I finsihed the OTL scan.
     
  20. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: daphene
    ->Temp folder emptied: 31832 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 22764526 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 855 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: maxime
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 58917 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 22,00 mb


    [EMPTYFLASH]

    User: All Users

    User: daphene
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: maxime

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: All Users

    User: daphene
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: maxime

    User: Public

    Total Java Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.54.0 log created on 07242012_202759

    Files\Folders moved on Reboot...
    C:\Windows\temp\_avast_\unp11698177.tmp moved successfully.
    C:\Windows\temp\_avast_\unp120428440.tmp moved successfully.
    C:\Windows\temp\_avast_\unp129444102.tmp moved successfully.
    C:\Windows\temp\_avast_\unp142728732.tmp moved successfully.
    C:\Windows\temp\_avast_\unp143298256.tmp moved successfully.
    C:\Windows\temp\_avast_\unp143338980.tmp moved successfully.
    C:\Windows\temp\_avast_\unp145878263.tmp moved successfully.
    C:\Windows\temp\_avast_\unp150570044.tmp moved successfully.
    C:\Windows\temp\_avast_\unp164720401.tmp moved successfully.
    C:\Windows\temp\_avast_\unp6437679.tmp moved successfully.
    C:\Windows\temp\_avast_\unp6772637.tmp moved successfully.
    C:\Windows\temp\_avast_\unp8544184.tmp moved successfully.
    C:\Windows\temp\_avast_\unp8562106.tmp moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Windows\temp\_avast_\unp11698177.tmp not found!
    File C:\Windows\temp\_avast_\unp120428440.tmp not found!
    File C:\Windows\temp\_avast_\unp129444102.tmp not found!
    File C:\Windows\temp\_avast_\unp142728732.tmp not found!
    File C:\Windows\temp\_avast_\unp143298256.tmp not found!
    File C:\Windows\temp\_avast_\unp143338980.tmp not found!
    File C:\Windows\temp\_avast_\unp145878263.tmp not found!
    File C:\Windows\temp\_avast_\unp150570044.tmp not found!
    File C:\Windows\temp\_avast_\unp164720401.tmp not found!
    File C:\Windows\temp\_avast_\unp6437679.tmp not found!
    File C:\Windows\temp\_avast_\unp6772637.tmp not found!
    File C:\Windows\temp\_avast_\unp8544184.tmp not found!
    File C:\Windows\temp\_avast_\unp8562106.tmp not found!
    [2012/07/24 20:35:07 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  21. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    The pc is doing relatively well except for the issues I mentioned in msg #94
    After rebooting automatically from the 'crash', I get this pop up Windows has recovered from an unexpected shutdown...
     
  22. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Download BlueScreenView
    No installation required.
    Double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
     
  23. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    Would it be all right to run this on Safe Mode with Network?
    The problem is when I first start the pc, it shows the blue screen about dumping files and then it restarts. When it restarts, I manage to log in but the screen freezes. I had to manually shut down the pc.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    That's fine.
     
  25. ihatetrojans

    ihatetrojans TS Rookie Topic Starter Posts: 68

    ==================================================
    Dump File : Mini072512-04.dmp
    Crash Time : 25/07/2012 19:41:46
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d63a54
    Parameter 4 : 0x89d63750
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072512-04.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072512-03.dmp
    Crash Time : 25/07/2012 19:34:51
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d67a54
    Parameter 4 : 0x89d67750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072512-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072512-02.dmp
    Crash Time : 25/07/2012 09:57:31
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d5b634
    Parameter 4 : 0x89d5b330
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+163cea
    Stack Address 2 : ntkrnlpa.exe+1d346f
    Stack Address 3 : ntkrnlpa.exe+1d389c
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072512-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072512-01.dmp
    Crash Time : 25/07/2012 09:25:17
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d6ba54
    Parameter 4 : 0x89d6b750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072512-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072412-06.dmp
    Crash Time : 24/07/2012 21:40:44
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d5fa54
    Parameter 4 : 0x89d5f750
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072412-06.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072412-05.dmp
    Crash Time : 24/07/2012 20:54:48
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d63a54
    Parameter 4 : 0x89d63750
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072412-05.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072412-04.dmp
    Crash Time : 24/07/2012 20:50:46
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d63a54
    Parameter 4 : 0x89d63750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072412-04.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072412-03.dmp
    Crash Time : 24/07/2012 20:34:59
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d5ba54
    Parameter 4 : 0x89d5b750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072412-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072412-02.dmp
    Crash Time : 24/07/2012 20:14:17
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d6fa54
    Parameter 4 : 0x89d6f750
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072412-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072412-01.dmp
    Crash Time : 24/07/2012 19:19:30
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d6ba54
    Parameter 4 : 0x89d6b750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072412-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072312-04.dmp
    Crash Time : 23/07/2012 23:59:36
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d63a54
    Parameter 4 : 0x89d63750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072312-04.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072312-03.dmp
    Crash Time : 23/07/2012 21:14:50
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d6ba54
    Parameter 4 : 0x89d6b750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072312-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072312-02.dmp
    Crash Time : 23/07/2012 01:50:09
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d6fa54
    Parameter 4 : 0x89d6f750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072312-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072312-01.dmp
    Crash Time : 23/07/2012 01:19:09
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d6fa54
    Parameter 4 : 0x89d6f750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072312-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072212-10.dmp
    Crash Time : 22/07/2012 23:16:56
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d5fa54
    Parameter 4 : 0x89d5f750
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072212-10.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072212-09.dmp
    Crash Time : 22/07/2012 20:33:37
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d57a54
    Parameter 4 : 0x89d57750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072212-09.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072212-08.dmp
    Crash Time : 22/07/2012 18:25:30
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d57a54
    Parameter 4 : 0x89d57750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072212-08.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072212-07.dmp
    Crash Time : 22/07/2012 18:12:00
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89d6ba54
    Parameter 4 : 0x89d6b750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072212-07.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072212-06.dmp
    Crash Time : 22/07/2012 11:47:33
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89963a54
    Parameter 4 : 0x89963750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072212-06.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072212-05.dmp
    Crash Time : 22/07/2012 02:00:14
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x8995fa54
    Parameter 4 : 0x8995f750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072212-05.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072212-04.dmp
    Crash Time : 22/07/2012 01:38:39
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x8995ba54
    Parameter 4 : 0x8995b750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072212-04.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072212-03.dmp
    Crash Time : 22/07/2012 00:19:05
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89963a54
    Parameter 4 : 0x89963750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072212-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072212-02.dmp
    Crash Time : 22/07/2012 00:06:35
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x89967634
    Parameter 4 : 0x89967330
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+163cea
    Stack Address 2 : ntkrnlpa.exe+1d346f
    Stack Address 3 : ntkrnlpa.exe+1d389c
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072212-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072212-01.dmp
    Crash Time : 22/07/2012 00:04:55
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : 0xcd6e0000
    Parameter 2 : 0x00000000
    Parameter 3 : 0x82c6a794
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+98339
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+98339
    Stack Address 1 : ntkrnlpa.exe+4dd94
    Stack Address 2 : ntkrnlpa.exe+25794
    Stack Address 3 : uwlyykow.sys+3601
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072212-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072112-03.dmp
    Crash Time : 21/07/2012 23:29:21
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x8995fa54
    Parameter 4 : 0x8995f750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072112-03.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini072112-02.dmp
    Crash Time : 21/07/2012 22:48:03
    Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x1000007e
    Parameter 1 : 0xc0000005
    Parameter 2 : 0x00000000
    Parameter 3 : 0x8996fa54
    Parameter 4 : 0x8996f750
    Caused By Driver :
    Caused By Address :
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : 32-bit
    Crash Address :
    Stack Address 1 : ntkrnlpa.exe+16c027
    Stack Address 2 : ntkrnlpa.exe+a5da2
    Stack Address 3 : ntkrnlpa.exe+1d5fe2
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini072112-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini011512-02.dmp
    Crash Time : 15/01/2012 11:00:24
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x87fd4030
    Parameter 2 : 0x8595f820
    Parameter 3 : 0x8a964000
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+a8266
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+a8266
    Stack Address 1 : ntkrnlpa.exe+abdc4
    Stack Address 2 : ntkrnlpa.exe+abbfc
    Stack Address 3 : ndis.sys+c0732
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini011512-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini011512-01.dmp
    Crash Time : 15/01/2012 10:58:37
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x8808e778
    Parameter 2 : 0x87010d78
    Parameter 3 : 0xaa2a7000
    Parameter 4 : 0x00000000
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+a83a9
    Stack Address 1 : hal.dll+7668
    Stack Address 2 : hal.dll+770c
    Stack Address 3 : hal.dll+3f6b
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini011512-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini011212-02.dmp
    Crash Time : 12/01/2012 08:28:52
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x87c23030
    Parameter 2 : 0x84674d78
    Parameter 3 : 0x81093000
    Parameter 4 : 0x00000000
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+a83a9
    Stack Address 1 : hal.dll+7668
    Stack Address 2 : hal.dll+770c
    Stack Address 3 : hal.dll+3f6b
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini011212-02.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini011212-01.dmp
    Crash Time : 12/01/2012 08:27:14
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x87cae758
    Parameter 2 : 0x86e4a398
    Parameter 3 : 0x82524000
    Parameter 4 : 0x00000000
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+a83a9
    Stack Address 1 : hal.dll+7668
    Stack Address 2 : hal.dll+770c
    Stack Address 3 : hal.dll+3f6b
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini011212-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini011112-01.dmp
    Crash Time : 11/01/2012 19:38:10
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x82b49640
    Parameter 2 : 0x8571e030
    Parameter 3 : 0x82b43000
    Parameter 4 : 0x00000000
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+a83a9
    Stack Address 1 : hal.dll+7668
    Stack Address 2 : hal.dll+770c
    Stack Address 3 : hal.dll+3f6b
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini011112-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini123111-01.dmp
    Crash Time : 31/12/2011 15:04:38
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x876fd718
    Parameter 2 : 0x86cadd78
    Parameter 3 : 0x89124000
    Parameter 4 : 0x00000000
    Caused By Driver : hal.dll
    Caused By Address : hal.dll+7468
    File Description : Hardware Abstraction Layer DLL
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+a83a9
    Stack Address 1 : hal.dll+7668
    Stack Address 2 : hal.dll+770c
    Stack Address 3 : hal.dll+3f6b
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini123111-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini112111-01.dmp
    Crash Time : 21/11/2011 14:24:53
    Bug Check String : DRIVER_POWER_STATE_FAILURE
    Bug Check Code : 0x0000009f
    Parameter 1 : 0x00000003
    Parameter 2 : 0x86c28430
    Parameter 3 : 0x86c28430
    Parameter 4 : 0x87dc0c08
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+cdb3f
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+cdb3f
    Stack Address 1 : ntkrnlpa.exe+313ab
    Stack Address 2 : ntkrnlpa.exe+30fc8
    Stack Address 3 : ntkrnlpa.exe+aa32b
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini112111-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini091811-01.dmp
    Crash Time : 18/09/2011 17:18:37
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x87c16030
    Parameter 2 : 0x84672658
    Parameter 3 : 0x8a21e000
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+a8266
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+a8266
    Stack Address 1 : ntkrnlpa.exe+34f56
    Stack Address 2 : ntkrnlpa.exe+aa32b
    Stack Address 3 : ntkrnlpa.exe+a9eeb
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini091811-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini060111-01.dmp
    Crash Time : 01/06/2011 09:42:37
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x878cb618
    Parameter 2 : 0x87a2c4a0
    Parameter 3 : 0x8a587000
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+a8266
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+a8266
    Stack Address 1 : ntkrnlpa.exe+ac599
    Stack Address 2 : ntkrnlpa.exe+ac447
    Stack Address 3 : ntkrnlpa.exe+ac751
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini060111-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini053011-01.dmp
    Crash Time : 30/05/2011 07:46:24
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x87848ac0
    Parameter 2 : 0x86c4ad78
    Parameter 3 : 0x8a510000
    Parameter 4 : 0x00000000
    Caused By Driver : ndis.sys
    Caused By Address : ndis.sys+139a
    File Description : NDIS 6.0 wrapper driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+a8266
    Stack Address 1 : ntkrnlpa.exe+ac85b
    Stack Address 2 : RTKVHDA.sys+1311e8
    Stack Address 3 : RTKVHDA.sys+13162d
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini053011-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini052911-01.dmp
    Crash Time : 29/05/2011 03:02:14
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x8482d030
    Parameter 2 : 0x842a5658
    Parameter 3 : 0xb7420000
    Parameter 4 : 0x00000000
    Caused By Driver : ntkrnlpa.exe
    Caused By Address : ntkrnlpa.exe+a8266
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+a8266
    Stack Address 1 : ntkrnlpa.exe+abdc4
    Stack Address 2 : ntkrnlpa.exe+abbfc
    Stack Address 3 : ndis.sys+c0732
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052911-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6002
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini052611-01.dmp
    Crash Time : 26/05/2011 08:21:27
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x87328d78
    Parameter 2 : 0x8656fd78
    Parameter 3 : 0xa73a9000
    Parameter 4 : 0x00000000
    Caused By Driver : ndis.sys
    Caused By Address : ndis.sys+139a
    File Description : NDIS 6.0 wrapper driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
    Processor : 32-bit
    Crash Address : ntkrnlpa.exe+b4926
    Stack Address 1 : ntkrnlpa.exe+b3c74
    Stack Address 2 : RTKVHDA.sys+1311e8
    Stack Address 3 : RTKVHDA.sys+13162d
    Computer Name :
    Full Path : C:\Windows\Minidump\Mini052611-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 6001
    Dump File Size : 139 008
    ==================================================

    ==================================================
    Dump File : Mini052111-01.dmp
    Crash Time : 21/05/2011 03:01:50
    Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
    Bug Check Code : 0x100000b8
    Parameter 1 : 0x8750dd78
    Parameter 2 : 0x84587030
    Parameter 3 : 0xc28c2000
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.