Solved Trojan Win32.Sirefef, PC reboots every minute

[Broni]

Combofix created restore point around 2:14AM today.
Try to use it from safe mode.

If successful re-run Combofix.

 

[ihatetrojans]

Do I use the Combofix which has been renamed my_name.exe ?

 

[Broni]

I suggest you download fresh copy.
You can rename it if you wish.

 

[ihatetrojans]

ComboFix 12-07-21.01 - daphene 23/07/2012 1:36.3.2 - x86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2036.1592 [GMT 2:00]
Lancé depuis: c:\users\daphene\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\daphene.exe
c:\daphene.exe\PEV.exe
c:\daphene.exe\snapshot.00.dat
c:\program files\Internet Explorer\minftnet.exe
c:\program files\Internet Explorer\minftnet.ini
c:\programdata\ntuser.dat
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-22 au 2012-07-22 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\users\daphene\AppData\Local\temp
2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\users\maxime\AppData\Local\temp
2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 20:29 . 2007-03-14 20:54 332800 ----a-w- c:\program files\Mozilla Firefox\GETxPUD\WGET.EXE
2012-07-22 20:29 . 2006-03-17 18:39 147456 ----a-w- c:\program files\Mozilla Firefox\GETxPUD\BurnCDCC.exe
2012-07-22 01:27 . 2012-07-22 01:27 -------- d-----w- C:\_OTL
2012-07-22 01:12 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-22 01:02 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-22 01:02 . 2012-06-02 08:26 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-22 01:02 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-21 20:58 . 2012-07-21 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 20:58 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 20:28 . 2012-07-21 20:28 -------- d-----w- c:\programdata\RoboForm
2012-07-21 20:27 . 2012-07-21 20:27 -------- d-----w- c:\program files\Siber Systems
2012-07-21 20:25 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-21 20:25 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-21 20:25 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-21 20:25 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-21 20:25 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-21 20:25 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-21 20:23 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-21 20:23 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-21 20:23 . 2012-07-21 20:23 -------- d-----w- c:\programdata\AVAST Software
2012-07-21 20:23 . 2012-07-21 20:23 -------- d-----w- c:\program files\AVAST Software
2012-07-21 18:44 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-21 18:44 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-21 18:44 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-21 10:58 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-21 10:58 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-21 10:58 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 12:56 . 2012-07-22 23:02 -------- d-----w- c:\windows\system32\DBBK
2012-07-11 12:56 . 2012-03-22 16:17 225664 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2012-07-11 12:56 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2012-07-11 12:56 . 2012-01-17 20:55 27528 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2012-07-11 12:56 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2012-07-11 12:56 . 2012-01-17 20:55 59272 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2012-07-11 12:56 . 2012-01-17 20:55 20744 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2012-07-11 12:56 . 2010-05-04 01:37 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2012-07-08 19:37 . 2012-07-09 19:54 -------- d-----w- C:\ZHP
2012-07-08 19:37 . 2012-07-09 19:54 -------- d-----w- c:\program files\ZHPDiag
2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\program files\Conduit
2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\users\daphene\AppData\Local\Conduit
2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\program files\WiseConvert
2012-07-07 13:05 . 2012-07-07 13:05 -------- d-----w- c:\program files\VS Revo Group
2012-07-07 13:04 . 2012-07-07 13:04 -------- d-----w- c:\users\daphene\AppData\Roaming\Malwarebytes
2012-07-07 13:04 . 2012-07-07 13:04 -------- d-----w- c:\programdata\Malwarebytes
2012-07-07 12:52 . 2012-07-07 18:14 -------- d-----w- c:\program files\CCleaner
2012-07-07 11:00 . 2012-07-07 11:00 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-07-05 22:52 . 2012-07-05 22:52 -------- d--h--w- c:\windows\msdownld.tmp
2012-07-04 10:32 . 2012-07-04 10:32 -------- d-----w- C:\rei
2012-07-04 10:32 . 2012-07-04 10:32 -------- d-----w- c:\program files\Reimage
2012-07-04 10:11 . 2012-07-05 22:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-23 17:30 . 2012-06-23 17:30 -------- d-----w- c:\users\daphene\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:19 . 2012-03-30 09:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 15:19 . 2011-05-21 09:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 12:00 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:00 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 11:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 11:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-29 07:05 . 2012-05-29 07:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40AB41F-4AB8-436C-A6DB-8ACA15A107CF}\offreg.dll
2012-05-27 13:50 . 2008-03-26 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-08 16:40 . 2012-05-29 06:21 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40AB41F-4AB8-436C-A6DB-8ACA15A107CF}\mpengine.dll
2012-05-01 14:03 . 2012-06-15 15:47 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 15:41 . 2011-09-15 13:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 08:49 176936 ----a-w- c:\program files\WiseConvert\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-21 96056]
"Facebook Update"="c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-21 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
2008-06-30 21:23 557149 ----a-w- c:\program files\Thomson\ST330\diagnostics\diagnostics.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2007-04-13 02:46 49152 ----a-w- c:\windows\Domino.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-21 21:25 138096 ----atw- c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-25 15:07 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-01-12 10:21 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-08-05 09:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-25 15:07 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 19:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-25 15:07 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-03 09:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 01:56 54936 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-27 13:50 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2007-04-13 02:46 57344 ----a-w- c:\windows\ZSSnp211.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"="
"
"FirewallOverride"="
"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:19]
.
2012-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000Core.job
- c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 21:25]
.
2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000UA.job
- c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 21:25]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 13:47]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 13:47]
.
2012-07-21 c:\windows\Tasks\HPCeeScheduleFordaphene.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-26 11:10]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/search?hl=fr&q=++&meta=
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show avast! EasyPass Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|http://my.ebay.co.uk/ws/eBayISAPI.d...S/firefox/search/?q=ixquick&appver=&platform=
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd192d3&v=7.005.030.004&I=23&tp=ab&iy=b&ychte=fr&lng=en-US&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-23 01:44
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{00000000-0593-4356-9CF7-1D8C2B3343C0}"=hex:51,66,7a,6c,4c,1d,38,12,6e,03,13,
04,a1,4b,38,06,e3,e1,5e,cc,2e,6d,07,d4
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{25BC7718-0BFA-40EA-B381-4B2D9732D686}"=hex:51,66,7a,6c,4c,1d,38,12,76,74,af,
21,c8,45,84,05,cc,97,08,6d,92,6c,92,92
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA}"=hex:51,66,7a,6c,4c,1d,38,12,73,d4,59,
48,d3,1c,6c,01,e1,4d,88,bc,2c,00,8d,ae
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:26,f7,ff,3c,32,26,cd,01
.
Heure de fin: 2012-07-23 01:47:15
ComboFix-quarantined-files.txt 2012-07-22 23:47
ComboFix2.txt 2012-07-22 00:31
.
Avant-CF: 154 356 658 176 octets libres
Après-CF: 154 264 784 896 octets libres
.
- - End Of File - - 7D4BDF90F00F32EF75B9D055000D5F00

 

[ihatetrojans]

I sent the above using Normal Mode. Prior to this, I tried running COMBO on Safe Mode but got messages that MSE wasn't disabled though I turned off Real Time Protection. I restarted the pc in Normal Mode, and uninstalled MSE. Went back to Safe Mode and ran Combo successfully.
I also attempted the OTL.exe, it didn't work, pc froze.
I'm going to crash myself as it's again 2 am.
I really appreciate your help and am grateful for the patience you've shown to a novice.
I hope other forum users coming here to seek help will be able to get their issues resolved.

 

[Broni]

Good to see you back in normal mode.

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[ihatetrojans]

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
avast! EasyPass
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
CA Yahoo! Anti-Spy (remove only)
CCleaner
Out of date Java installed!
Adobe Flash Player 11.3.300.262
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

 

[ihatetrojans]

dupe

 

[Broni]

FSS, Eset?

 

[ihatetrojans]

Oops! Realized I just copied and pasted the Security Check log twice.
Running Eset now and currently 2 threats detected Win32 Registry Booster and Reviver.
Is it all right for the program to complete before I retrieve the FSS log ?
Thanks !

 

[Broni]

Yes, that's fine.

 

[ihatetrojans]

Thank you

 

[ihatetrojans]

90 mins of scanning and 46% completed. Will get back to you in a few hours. Thx

 

[ihatetrojans]

C:\Users\daphene\Downloads\DriverReviverSetup.exe a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Users\daphene\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Windows\System32\DBBK\85C5DEC9B6B5D6B9DE2C0331A102AD71 Win32/Sirefef.EZ trojan deleted - quarantined
C:\Windows\System32\DBBK\C2FEB83E777091D2588B1EA1A23AFCC1 a variant of Win32/Medfos.AM trojan cleaned by deleting - quarantined

 

[ihatetrojans]

Farbar Service Scanner Version: 22-07-2012
Ran by daphene (administrator) on 24-07-2012 at 07:51:30
Running from "C:\Users\daphene\Downloads"
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-15 11:49] - [2011-04-21 15:58] - 0273408 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[ihatetrojans]

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/07/24 20:14:38 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

 

[Broni]

I need a whole log not couple of lines.

 

[ihatetrojans]

Sorry about this, evidently it was not working and I had to scan the pc again.
I noticed that after I started the pc, the screen goes blue at times with the text that it was dumping physical files - it went in a flash so I couldn't read everything.
Anyway, here's the log which I couldn't send as mysteriously ( for me ) I had no phone nor internet connection after I finsihed the OTL scan.

 

[ihatetrojans]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: daphene
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22764526 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 855 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: maxime
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58917 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22,00 mb


[EMPTYFLASH]

User: All Users

User: daphene
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: maxime

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: daphene
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: maxime

User: Public

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07242012_202759

Files\Folders moved on Reboot...
C:\Windows\temp\_avast_\unp11698177.tmp moved successfully.
C:\Windows\temp\_avast_\unp120428440.tmp moved successfully.
C:\Windows\temp\_avast_\unp129444102.tmp moved successfully.
C:\Windows\temp\_avast_\unp142728732.tmp moved successfully.
C:\Windows\temp\_avast_\unp143298256.tmp moved successfully.
C:\Windows\temp\_avast_\unp143338980.tmp moved successfully.
C:\Windows\temp\_avast_\unp145878263.tmp moved successfully.
C:\Windows\temp\_avast_\unp150570044.tmp moved successfully.
C:\Windows\temp\_avast_\unp164720401.tmp moved successfully.
C:\Windows\temp\_avast_\unp6437679.tmp moved successfully.
C:\Windows\temp\_avast_\unp6772637.tmp moved successfully.
C:\Windows\temp\_avast_\unp8544184.tmp moved successfully.
C:\Windows\temp\_avast_\unp8562106.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Windows\temp\_avast_\unp11698177.tmp not found!
File C:\Windows\temp\_avast_\unp120428440.tmp not found!
File C:\Windows\temp\_avast_\unp129444102.tmp not found!
File C:\Windows\temp\_avast_\unp142728732.tmp not found!
File C:\Windows\temp\_avast_\unp143298256.tmp not found!
File C:\Windows\temp\_avast_\unp143338980.tmp not found!
File C:\Windows\temp\_avast_\unp145878263.tmp not found!
File C:\Windows\temp\_avast_\unp150570044.tmp not found!
File C:\Windows\temp\_avast_\unp164720401.tmp not found!
File C:\Windows\temp\_avast_\unp6437679.tmp not found!
File C:\Windows\temp\_avast_\unp6772637.tmp not found!
File C:\Windows\temp\_avast_\unp8544184.tmp not found!
File C:\Windows\temp\_avast_\unp8562106.tmp not found!
[2012/07/24 20:35:07 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

 

[ihatetrojans]

The pc is doing relatively well except for the issues I mentioned in msg #94
After rebooting automatically from the 'crash', I get this pop up Windows has recovered from an unexpected shutdown...

 

[Broni]

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

[ihatetrojans]

Would it be all right to run this on Safe Mode with Network?
The problem is when I first start the pc, it shows the blue screen about dumping files and then it restarts. When it restarts, I manage to log in but the screen freezes. I had to manually shut down the pc.

 

[Broni]

That's fine.

 

[ihatetrojans]

==================================================
Dump File : Mini072512-04.dmp
Crash Time : 25/07/2012 19:41:46
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d63a54
Parameter 4 : 0x89d63750
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072512-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072512-03.dmp
Crash Time : 25/07/2012 19:34:51
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d67a54
Parameter 4 : 0x89d67750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072512-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072512-02.dmp
Crash Time : 25/07/2012 09:57:31
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d5b634
Parameter 4 : 0x89d5b330
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+163cea
Stack Address 2 : ntkrnlpa.exe+1d346f
Stack Address 3 : ntkrnlpa.exe+1d389c
Computer Name :
Full Path : C:\Windows\Minidump\Mini072512-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072512-01.dmp
Crash Time : 25/07/2012 09:25:17
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d6ba54
Parameter 4 : 0x89d6b750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072412-06.dmp
Crash Time : 24/07/2012 21:40:44
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d5fa54
Parameter 4 : 0x89d5f750
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072412-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072412-05.dmp
Crash Time : 24/07/2012 20:54:48
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d63a54
Parameter 4 : 0x89d63750
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072412-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072412-04.dmp
Crash Time : 24/07/2012 20:50:46
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d63a54
Parameter 4 : 0x89d63750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072412-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072412-03.dmp
Crash Time : 24/07/2012 20:34:59
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d5ba54
Parameter 4 : 0x89d5b750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072412-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072412-02.dmp
Crash Time : 24/07/2012 20:14:17
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d6fa54
Parameter 4 : 0x89d6f750
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072412-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072412-01.dmp
Crash Time : 24/07/2012 19:19:30
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d6ba54
Parameter 4 : 0x89d6b750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072412-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072312-04.dmp
Crash Time : 23/07/2012 23:59:36
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d63a54
Parameter 4 : 0x89d63750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072312-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072312-03.dmp
Crash Time : 23/07/2012 21:14:50
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d6ba54
Parameter 4 : 0x89d6b750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072312-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072312-02.dmp
Crash Time : 23/07/2012 01:50:09
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d6fa54
Parameter 4 : 0x89d6f750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072312-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072312-01.dmp
Crash Time : 23/07/2012 01:19:09
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d6fa54
Parameter 4 : 0x89d6f750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072312-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072212-10.dmp
Crash Time : 22/07/2012 23:16:56
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d5fa54
Parameter 4 : 0x89d5f750
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072212-10.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072212-09.dmp
Crash Time : 22/07/2012 20:33:37
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d57a54
Parameter 4 : 0x89d57750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072212-09.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072212-08.dmp
Crash Time : 22/07/2012 18:25:30
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d57a54
Parameter 4 : 0x89d57750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072212-08.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072212-07.dmp
Crash Time : 22/07/2012 18:12:00
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89d6ba54
Parameter 4 : 0x89d6b750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072212-07.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072212-06.dmp
Crash Time : 22/07/2012 11:47:33
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89963a54
Parameter 4 : 0x89963750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072212-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072212-05.dmp
Crash Time : 22/07/2012 02:00:14
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x8995fa54
Parameter 4 : 0x8995f750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072212-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072212-04.dmp
Crash Time : 22/07/2012 01:38:39
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x8995ba54
Parameter 4 : 0x8995b750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072212-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072212-03.dmp
Crash Time : 22/07/2012 00:19:05
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89963a54
Parameter 4 : 0x89963750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072212-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072212-02.dmp
Crash Time : 22/07/2012 00:06:35
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x89967634
Parameter 4 : 0x89967330
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+163cea
Stack Address 2 : ntkrnlpa.exe+1d346f
Stack Address 3 : ntkrnlpa.exe+1d389c
Computer Name :
Full Path : C:\Windows\Minidump\Mini072212-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072212-01.dmp
Crash Time : 22/07/2012 00:04:55
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xcd6e0000
Parameter 2 : 0x00000000
Parameter 3 : 0x82c6a794
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98339
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98339
Stack Address 1 : ntkrnlpa.exe+4dd94
Stack Address 2 : ntkrnlpa.exe+25794
Stack Address 3 : uwlyykow.sys+3601
Computer Name :
Full Path : C:\Windows\Minidump\Mini072212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072112-03.dmp
Crash Time : 21/07/2012 23:29:21
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x8995fa54
Parameter 4 : 0x8995f750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072112-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini072112-02.dmp
Crash Time : 21/07/2012 22:48:03
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : 0xc0000005
Parameter 2 : 0x00000000
Parameter 3 : 0x8996fa54
Parameter 4 : 0x8996f750
Caused By Driver :
Caused By Address :
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address :
Stack Address 1 : ntkrnlpa.exe+16c027
Stack Address 2 : ntkrnlpa.exe+a5da2
Stack Address 3 : ntkrnlpa.exe+1d5fe2
Computer Name :
Full Path : C:\Windows\Minidump\Mini072112-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini011512-02.dmp
Crash Time : 15/01/2012 11:00:24
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x87fd4030
Parameter 2 : 0x8595f820
Parameter 3 : 0x8a964000
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+a8266
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a8266
Stack Address 1 : ntkrnlpa.exe+abdc4
Stack Address 2 : ntkrnlpa.exe+abbfc
Stack Address 3 : ndis.sys+c0732
Computer Name :
Full Path : C:\Windows\Minidump\Mini011512-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini011512-01.dmp
Crash Time : 15/01/2012 10:58:37
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x8808e778
Parameter 2 : 0x87010d78
Parameter 3 : 0xaa2a7000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a83a9
Stack Address 1 : hal.dll+7668
Stack Address 2 : hal.dll+770c
Stack Address 3 : hal.dll+3f6b
Computer Name :
Full Path : C:\Windows\Minidump\Mini011512-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini011212-02.dmp
Crash Time : 12/01/2012 08:28:52
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x87c23030
Parameter 2 : 0x84674d78
Parameter 3 : 0x81093000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a83a9
Stack Address 1 : hal.dll+7668
Stack Address 2 : hal.dll+770c
Stack Address 3 : hal.dll+3f6b
Computer Name :
Full Path : C:\Windows\Minidump\Mini011212-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini011212-01.dmp
Crash Time : 12/01/2012 08:27:14
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x87cae758
Parameter 2 : 0x86e4a398
Parameter 3 : 0x82524000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a83a9
Stack Address 1 : hal.dll+7668
Stack Address 2 : hal.dll+770c
Stack Address 3 : hal.dll+3f6b
Computer Name :
Full Path : C:\Windows\Minidump\Mini011212-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini011112-01.dmp
Crash Time : 11/01/2012 19:38:10
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x82b49640
Parameter 2 : 0x8571e030
Parameter 3 : 0x82b43000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a83a9
Stack Address 1 : hal.dll+7668
Stack Address 2 : hal.dll+770c
Stack Address 3 : hal.dll+3f6b
Computer Name :
Full Path : C:\Windows\Minidump\Mini011112-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini123111-01.dmp
Crash Time : 31/12/2011 15:04:38
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x876fd718
Parameter 2 : 0x86cadd78
Parameter 3 : 0x89124000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+7468
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a83a9
Stack Address 1 : hal.dll+7668
Stack Address 2 : hal.dll+770c
Stack Address 3 : hal.dll+3f6b
Computer Name :
Full Path : C:\Windows\Minidump\Mini123111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini112111-01.dmp
Crash Time : 21/11/2011 14:24:53
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x86c28430
Parameter 3 : 0x86c28430
Parameter 4 : 0x87dc0c08
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+313ab
Stack Address 2 : ntkrnlpa.exe+30fc8
Stack Address 3 : ntkrnlpa.exe+aa32b
Computer Name :
Full Path : C:\Windows\Minidump\Mini112111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini091811-01.dmp
Crash Time : 18/09/2011 17:18:37
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x87c16030
Parameter 2 : 0x84672658
Parameter 3 : 0x8a21e000
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+a8266
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a8266
Stack Address 1 : ntkrnlpa.exe+34f56
Stack Address 2 : ntkrnlpa.exe+aa32b
Stack Address 3 : ntkrnlpa.exe+a9eeb
Computer Name :
Full Path : C:\Windows\Minidump\Mini091811-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini060111-01.dmp
Crash Time : 01/06/2011 09:42:37
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x878cb618
Parameter 2 : 0x87a2c4a0
Parameter 3 : 0x8a587000
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+a8266
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a8266
Stack Address 1 : ntkrnlpa.exe+ac599
Stack Address 2 : ntkrnlpa.exe+ac447
Stack Address 3 : ntkrnlpa.exe+ac751
Computer Name :
Full Path : C:\Windows\Minidump\Mini060111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini053011-01.dmp
Crash Time : 30/05/2011 07:46:24
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x87848ac0
Parameter 2 : 0x86c4ad78
Parameter 3 : 0x8a510000
Parameter 4 : 0x00000000
Caused By Driver : ndis.sys
Caused By Address : ndis.sys+139a
File Description : NDIS 6.0 wrapper driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a8266
Stack Address 1 : ntkrnlpa.exe+ac85b
Stack Address 2 : RTKVHDA.sys+1311e8
Stack Address 3 : RTKVHDA.sys+13162d
Computer Name :
Full Path : C:\Windows\Minidump\Mini053011-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini052911-01.dmp
Crash Time : 29/05/2011 03:02:14
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x8482d030
Parameter 2 : 0x842a5658
Parameter 3 : 0xb7420000
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+a8266
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18607 (vistasp2_gdr.120402-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+a8266
Stack Address 1 : ntkrnlpa.exe+abdc4
Stack Address 2 : ntkrnlpa.exe+abbfc
Stack Address 3 : ndis.sys+c0732
Computer Name :
Full Path : C:\Windows\Minidump\Mini052911-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini052611-01.dmp
Crash Time : 26/05/2011 08:21:27
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x87328d78
Parameter 2 : 0x8656fd78
Parameter 3 : 0xa73a9000
Parameter 4 : 0x00000000
Caused By Driver : ndis.sys
Caused By Address : ndis.sys+139a
File Description : NDIS 6.0 wrapper driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+b4926
Stack Address 1 : ntkrnlpa.exe+b3c74
Stack Address 2 : RTKVHDA.sys+1311e8
Stack Address 3 : RTKVHDA.sys+13162d
Computer Name :
Full Path : C:\Windows\Minidump\Mini052611-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
Dump File Size : 139 008
==================================================

==================================================
Dump File : Mini052111-01.dmp
Crash Time : 21/05/2011 03:01:50
Bug Check String : ATTEMPTED_SWITCH_FROM_DPC
Bug Check Code : 0x100000b8
Parameter 1 : 0x8750dd78
Parameter 2 : 0x84587030
Parameter 3 : 0xc28c2000