Computer Hope
Hardware => Drivers => Topic started by: The Raddish on February 04, 2011, 09:47:10 PM
-
I have a Lenovo Y550 with the following specs:
Intel Core 2 Duo processor T6600 (2.20GHz 800MHz 2MBL2)
nVidia Geforce GT 240M
4 GB PC3-8500 DDR3 SDRAM 1066MHz
320GB 5400RPM HD
1.3MP integrated Webcam
SuperMulti DVD Recordable
Intel WiFi Link 5100 1x2 (AGN) WLAN
15.6" HD WLED Glossy Screen (1366x768)
Operating system: Genuine Windows 7 Home Premium 64 Bit
I did a clean install when I got it a year ago, and up until a couple months ago it has been running great. I'm not sure what happened, but streaming video stopped playing smoothly, audio is really choppy, and latencies are so high that gaming is *censored* near impossible on it now. It used to be smooth like warm butter.
I have done a number of forum searches and have attempted to resolve these issues, but to no avail. I came across a useful utility called DPC Latency Checker (http://www.thesycon.de/deu/latency_check.shtml), I've been through all of the suggestions, and still get latencies that average around 8000uSec, but peak as high as 30,000uSec.
I have also recently noticed that I have three unknown devices that do not have drivers. I can't help but wonder if the two problems are somehow related.
Here is my Everest Home report to get things started.
--------[ EVEREST Home Edition (c) 2003-2005 Lavalys, Inc. ]------------------------------------------------------------
Version EVEREST v2.20.405
Homepage http://www.lavalys.com/
Report Type Quick Report
Computer LENOVO-Y550
Generator The Raddish
Operating System Windows 7 Home Premium Home Edition 6.1.7600
Date 2011-02-04
Time 20:30
--------[ PCI Devices ]-------------------------------------------------------------------------------------------------
[ Broadcom NetLink (TM) Gigabit Ethernet [NoDB] ]
Device Properties:
Device Description Broadcom NetLink (TM) Gigabit Ethernet [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 14E4-1698
Subsystem ID 17AA-3878
Device Class 0200 (Ethernet Controller)
Revision 10
[ High Definition Audio Controller [NoDB] ]
Device Properties:
Device Description High Definition Audio Controller [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 10DE-0BE2
Subsystem ID 17AA-38FF
Device Class 0800 (Programmable Interrupt Controller)
Revision A1
[ High Definition Audio Controller [NoDB] ]
Device Properties:
Device Description High Definition Audio Controller [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-293E
Subsystem ID 17AA-3A0D
Device Class 0800 (Programmable Interrupt Controller)
Revision 03
[ Intel(R) 82801 PCI Bridge - 2448 [NoDB] ]
Device Properties:
Device Description Intel(R) 82801 PCI Bridge - 2448 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2448
Subsystem ID 17AA-383F
Device Class 0800 (Programmable Interrupt Controller)
Revision 93
[ Intel(R) ICH9 Family PCI Express Root Port 1 - 2940 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family PCI Express Root Port 1 - 2940 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2940
Subsystem ID 17AA-3A0E
Device Class 0800 (Programmable Interrupt Controller)
Revision 03
[ Intel(R) ICH9 Family PCI Express Root Port 2 - 2942 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family PCI Express Root Port 2 - 2942 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2942
Subsystem ID 17AA-3A0F
Device Class 0800 (Programmable Interrupt Controller)
Revision 03
[ Intel(R) ICH9 Family PCI Express Root Port 3 - 2944 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family PCI Express Root Port 3 - 2944 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2944
Subsystem ID 17AA-3A10
Device Class 0800 (Programmable Interrupt Controller)
Revision 03
[ Intel(R) ICH9 Family PCI Express Root Port 4 - 2946 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family PCI Express Root Port 4 - 2946 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2946
Subsystem ID 17AA-3A11
Device Class 0800 (Programmable Interrupt Controller)
Revision 03
[ Intel(R) ICH9 Family PCI Express Root Port 5 - 2948 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family PCI Express Root Port 5 - 2948 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2948
Subsystem ID 17AA-3A12
Device Class 0800 (Programmable Interrupt Controller)
Revision 03
[ Intel(R) ICH9 Family PCI Express Root Port 6 - 294A [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family PCI Express Root Port 6 - 294A [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-294A
Subsystem ID 17AA-3A13
Device Class 0800 (Programmable Interrupt Controller)
Revision 03
[ Intel(R) ICH9 Family SMBus Controller - 2930 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family SMBus Controller - 2930 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2930
Subsystem ID 17AA-3A1D
Device Class 0800 (Programmable Interrupt Controller)
Revision 03
[ Intel(R) ICH9 Family Thermal Subsystem - 2932 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family Thermal Subsystem - 2932 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2932
Subsystem ID 17AA-3A1F
Device Class 0800 (Programmable Interrupt Controller)
Revision 03
[ Intel(R) ICH9 Family USB Universal Host Controller - 2934 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family USB Universal Host Controller - 2934 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2934
Subsystem ID 17AA-3A14
Device Class 0C03 (USB Controller)
Revision 03
[ Intel(R) ICH9 Family USB Universal Host Controller - 2935 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family USB Universal Host Controller - 2935 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2935
Subsystem ID 17AA-3A15
Device Class 0C03 (USB Controller)
Revision 03
[ Intel(R) ICH9 Family USB Universal Host Controller - 2936 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family USB Universal Host Controller - 2936 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2936
Subsystem ID 17AA-3A16
Device Class 0C03 (USB Controller)
Revision 03
[ Intel(R) ICH9 Family USB Universal Host Controller - 2937 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family USB Universal Host Controller - 2937 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2937
Subsystem ID 17AA-3A09
Device Class 0C03 (USB Controller)
Revision 03
[ Intel(R) ICH9 Family USB Universal Host Controller - 2938 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family USB Universal Host Controller - 2938 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2938
Subsystem ID 17AA-3A0A
Device Class 0C03 (USB Controller)
Revision 03
[ Intel(R) ICH9 Family USB Universal Host Controller - 2939 [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family USB Universal Host Controller - 2939 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2939
Subsystem ID 17AA-3A0B
Device Class 0C03 (USB Controller)
Revision 03
[ Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-293A
Subsystem ID 17AA-3A17
Device Class 0C03 (USB Controller)
Revision 03
[ Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293C [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293C [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-293C
Subsystem ID 17AA-3A0C
Device Class 0C03 (USB Controller)
Revision 03
[ Intel(R) ICH9M-E/M SATA AHCI Controller [NoDB] ]
Device Properties:
Device Description Intel(R) ICH9M-E/M SATA AHCI Controller [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2929
Subsystem ID 17AA-3A1A
Device Class 0101 (IDE Controller)
Revision 03
[ Intel(R) WiFi Link 5100 AGN [NoDB] ]
Device Properties:
Device Description Intel(R) WiFi Link 5100 AGN [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-4237
Subsystem ID 8086-1211
Device Class 0200 (Ethernet Controller)
Revision 00
[ LPC Interface Controller [NoDB] ]
Device Properties:
Device Description LPC Interface Controller [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2919
Subsystem ID 17AA-3A19
Device Class 0800 (Programmable Interrupt Controller)
Revision 03
[ Mobile Intel(R) 4 Series Chipset PCI Express Root Port - 2A41 [NoDB] ]
Device Properties:
Device Description Mobile Intel(R) 4 Series Chipset PCI Express Root Port - 2A41 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2A41
Subsystem ID 17AA-3A01
Device Class 0800 (Programmable Interrupt Controller)
Revision 07
[ Mobile Intel(R) 4 Series Chipset Processor to DRAM Controller - 2A40 [NoDB] ]
Device Properties:
Device Description Mobile Intel(R) 4 Series Chipset Processor to DRAM Controller - 2A40 [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 8086-2A40
Subsystem ID 17AA-3A00
Device Class 0800 (Programmable Interrupt Controller)
Revision 07
[ NVIDIA GeForce GT 240M [NoDB] ]
Device Properties:
Device Description NVIDIA GeForce GT 240M [NoDB]
Bus / Device / Function 32 / 1 / 1
Device ID 10DE-0A34
Subsystem ID 17AA-38FF
Device Class 0300 (VGA Display Controller)
Revision A2
-
Nobody has answered. Maybe they don't understand the question.
What is your question?
I did a clean install when I got it a year ago, and up until a couple months ago it has been running great. I'm not sure what happened, but streaming video stopped playing smoothly, audio is really choppy, and latencies are so high that gaming is *censored* near impossible on it now. It used to be smooth like warm butter.
Why did you do a clean in stall?
What did you install or change a few months ago?
You have no a backup of the whole system from an earlier time?
Apparently you do not have a a progressive backup or you would have used it and you wouldn't be here posting your problem.
What can I say? It took a long time to develop the Windows OS. Same is true for other OS. Trying to understand what goes wrong days or weeks after the fact is impossible. Unless you have tools and methods that narrow down the problem to a specific point in time.
-
Sorry, I'll try to be more concise.
I have two pointed questions, though one is more appropriate for this forum.
1. I have three unknown devices for which I can not find drivers. Are there any tools available that can aid in detecting what these devices are so that I can find and install the appropriate drivers?
2. As for the clean install, the computer was sold as coming with W7, but arrived with Vista installed and a license for W7HP. So I did a clean install of W7HP and downloaded/installed all the drivers from the lenovo site. Everything was great until a couple of months ago, then things really started slowing down. There is a delay when typing, I can't stream video/audio content without an incredible amount of choppiness, and gaming is now simply out of the question (freezing/very bad lag, really choppy sound).
I tried going back to a restore point after it first got choppy, but it didn't fix the problem.
-
Answer to the first question. You are using Everest, which is among the best tools to identify your hardware.
Second part.
Apparently something happened that is hard to pinpoint. It is very unlikely that hardware would change by itself. (But not impossible.) Sorry that I can not give you an answer. My best guess is that it would happen again even if you did a clean install. So I will not suggest you try that.
But rather than guess, have you looked at the Microsoft Knowledge Base for Windows 7 problems?
Support for Windows 7 technical problems and troubleshooting (http://support.microsoft.com/ph/14019)
Here is a search for unknown device'.
http://support.microsoft.com/search/default.aspx?query=unknown+device&catalog=LCID%3D1033&mode=r
It would seem you are not the only person with this problem.
-
Can you post a screen shot of device manager?
-
(http://img132.imageshack.us/img132/114/explodeddevicemanager.jpg)
[recovering disk space - old attachment deleted by admin]
-
As for unknown devices...
1. Open Device Manager (Control Panel>System>Hardware>Device Manager)
2. The hardware whose drivers are missing will appear as Unknown device, so it's easier to locate the device.
3. Right click on the unknown device and click on Properties.
4. Under the Properties window click on Details tab and select Device Instance Id (or Device Instance Path) from the drop down box.
5. You should see a code similar to this
PCI\VEN_8086&DEV_27DC&SUBSYS_30868086
&REV_01\4&1E46F438&0&40F0
6. The portion of the code highlighted in RED is the Vendor ID and the portion highlighted in GREEN is the Device ID. In this example:
Vendor ID = 8086
Device ID = 27DC
7. Once you have obtained both the IDs, proceed to PCI Database (http://www.pcidatabase.com/). There you can either search for the vendor from the vendor ID or directly get information about the device along with the vendor name by searching with the device ID.
8. Then from there you can go directly to the hardware manufactureres website and get the driver.
-
Broni,
I've used the PCI database in the past but the format for the Device Instance Path I have is different from what I've seen in the past:
HID\IRDEVICEV2&COL06\2&2818A073&1&0005
HID\IRDEVICEV2&COL07\2&2818A073&1&0006
HID\IRDEVICEV2&COL08\2&2818A073&1&0007
Any ideas?
Incidentally, this machine does not have an IR port.
-
I can see a whole bunch of HID (Human Interface Device) installed.
But....I don't think any of those unknown devices have anything to do with your issue.
I assume, all your issues are related to any online activities, correct?
What are your numbers from here: http://www.speedtest.net/ ?
Are you using wired, or wireless connection?
What type of connection is it and what is your ISP advertised speed?
-
Broni,
My speeds are pretty solid at ~6MB down, ~2MB up, which is good because that's what I'm paying for.
The network connection isn't the problem. The same computer booted into XP Pro or Ubuntu doesn't have the latency issues I am seeing. My problems are exclusive to Windows 7. I've simultaneously installed both XP and Ubuntu on my system to test this theory after my problems began to manifest and I was unable to solve them through conventional means. I'm convinced that the hardware is good and my network is solid.
I used to be able to game on this machine in Win7 pretty solidly. Now, the latencies and lag are so bad that gaming is no longer possible. I also can not stream any media what-so-ever without incredibly choppy sound, but once the media has completely queued, it behaves normally. I do not have these problems in XP or Ubuntu on this machine.
I've been through all the basic stuff, and I've uninstalled/reinstalled/updated all of the drivers for all of the devices (save the missing three). I've tried a 'repair' installation from Win7 without any change. I've stopped every process one-by-one to try to determine if a rogue I'd rather not have to do a clean install to abate this problem because I would prefer to understand what is causing the problem. A clean install is the easy way out.
I've been through all the knowledge bases and so far the best tool I have come across to see the latency issue has been DPC Latency Checker (http://www.thesycon.de/deu/latency_check.shtml). As I type this, I am currently averaging just shy of 4000uSec, with a current maximum of 67,245uSec. Normal range is under 500uSec. I have three other computers in the house that all operate with normal latencies.
Nearly everything I've read has pointed to device drivers as the culprit. However, reinstalling drivers doesn't solve the problem. I've received some excellent advice on this forum in the past and that's why I have returned, hoping for more of the same. :)
-
Aside from internet related issues, does the computer work fine in all other areas?
Let's see, if we can find some more info....
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
===================================================================
Download TCPView (http://technet.microsoft.com/en-us/sysinternals/bb897437).
Unzip download file and double click on Tcpview.exe to run the program.
When the program is fully running, go File>Save As and save the report as TCP.txt.
Post report's content in your next reply.
-
Interestingly, if I tried to run Process Explorer as administrator, it blue screens. :/ Worked fine running it normally.
[recovering disk space - old attachment deleted by admin]
-
You definitely have some serious issues.
System Idle Process (CPU not used) should be listed at about 90%, or better.
In your case, it's listed at 7.12%, which means over 90% of your CPU cycles is used by various processes.
Main users are FF at almost 35% and Windows Media Player Network Sharing Service at almost 23%.
Plus all kind of other processes in single digit CPU usage.
What's happening?
It's hard to say right away.
I'd suspect either some hardware issue, or an infection.
I suggest...
Read here: http://www.computerhope.com/forum/index.php/topic,46313.0.html
Start new topic here: http://www.computerhope.com/forum/index.php/board,7.0.html
Do NOT post any logs in THIS thread.
If declared clean, please return back here.
-
As I suspected, my system is free of malware (http://www.computerhope.com/forum/index.php/topic,116153.0.html). I actually was hoping that I had somehow contracted something so that it could be identified and fixed.
I'm going through some of these suggestions (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) this evening, starting with defragging the hard drive and the registry with Auslogics defrag tools. I'm open to further suggestions as well.
One thing I noted in the malware thread was that running utilities like Combofix or TFC as administrator immediately resulted in BSODs. I was able to run them in safe mode successfully, however.
-
Download BlueScreenView (in Zip file) (http://www.nirsoft.net/utils/blue_screen_view.html)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
-
Okay, apparently my machine either wasn't set up to record BSOD logs in the minidump directory, or somewhere along the line one of the utilities erased them. I did have a log in the C:\Windows\LiveKernelReports\WATCHDOG directory, but interestingly the last date was a couple weeks back. Actually, looking at the time stamp on most of these this computer didn't even physically exist yet so I'm not sure what we're actually looking at here.
I've configured windows to record BSOD logs now and I'll force a few and post those dumps, but in the meantime here is the latest watchdog dump log. I don't know if this will be useful or not.
==================================================
Filename : dxgkrnl.sys
Address In Stack : dxgkrnl.sys+1f8a0
From Address : fffff880`03c00000
To Address : fffff880`03cf4000
Size : 0x000f4000
Time Stamp : 0x4ac5509e
Time String : 10/1/2009 7:00:14 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : nvlddmkm.sys
Address In Stack : nvlddmkm.sys+134e0
From Address : fffff880`04891000
To Address : fffff880`05399b00
Size : 0x00b08b00
Time Stamp : 0x4a9cd725
Time String : 9/1/2009 2:11:17 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : ntoskrnl.exe
Address In Stack :
From Address : fffff800`03258000
To Address : fffff800`03834000
Size : 0x005dc000
Time Stamp : 0x4c1c44a9
Time String : 6/18/2010 10:16:41 PM
Product Name : Microsoft® Windows® Operating System
File Description : NT Kernel & System
File Version : 6.1.7600.16695 (win7_gdr.101026-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\ntoskrnl.exe
==================================================
==================================================
Filename : hal.dll
Address In Stack :
From Address : fffff800`0320f000
To Address : fffff800`03258000
Size : 0x00049000
Time Stamp : 0x4a5bdf08
Time String : 7/13/2009 7:27:36 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : kdcom.dll
Address In Stack :
From Address : fffff800`00bb1000
To Address : fffff800`00bbb000
Size : 0x0000a000
Time Stamp : 0x4a5bdfdb
Time String : 7/13/2009 7:31:07 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : mcupdate.dll
Address In Stack :
From Address : fffff880`00c4a000
To Address : fffff880`00c8e000
Size : 0x00044000
Time Stamp : 0x4a5bdf66
Time String : 7/13/2009 7:29:10 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : PSHED.dll
Address In Stack :
From Address : fffff880`00c8e000
To Address : fffff880`00ca2000
Size : 0x00014000
Time Stamp : 0x4a5be027
Time String : 7/13/2009 7:32:23 PM
Product Name : Microsoft® Windows® Operating System
File Description : Platform Specific Hardware Error Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\PSHED.dll
==================================================
==================================================
Filename : CLFS.SYS
Address In Stack :
From Address : fffff880`00ca2000
To Address : fffff880`00d00000
Size : 0x0005e000
Time Stamp : 0x4a5bc11d
Time String : 7/13/2009 5:19:57 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : CI.dll
Address In Stack :
From Address : fffff880`00d00000
To Address : fffff880`00dc0000
Size : 0x000c0000
Time Stamp : 0x4a5be01d
Time String : 7/13/2009 7:32:13 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : Wdf01000.sys
Address In Stack :
From Address : fffff880`00ebe000
To Address : fffff880`00f62000
Size : 0x000a4000
Time Stamp : 0x4a5bc19f
Time String : 7/13/2009 5:22:07 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : WDFLDR.SYS
Address In Stack :
From Address : fffff880`00f62000
To Address : fffff880`00f71000
Size : 0x0000f000
Time Stamp : 0x4a5bc11a
Time String : 7/13/2009 5:19:54 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : ACPI.sys
Address In Stack :
From Address : fffff880`00f71000
To Address : fffff880`00fc8000
Size : 0x00057000
Time Stamp : 0x4a5bc106
Time String : 7/13/2009 5:19:34 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : WMILIB.SYS
Address In Stack :
From Address : fffff880`00fc8000
To Address : fffff880`00fd1000
Size : 0x00009000
Time Stamp : 0x4a5bc117
Time String : 7/13/2009 5:19:51 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : msisadrv.sys
Address In Stack :
From Address : fffff880`00fd1000
To Address : fffff880`00fdb000
Size : 0x0000a000
Time Stamp : 0x4a5bc0fe
Time String : 7/13/2009 5:19:26 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : pci.sys
Address In Stack :
From Address : fffff880`00e00000
To Address : fffff880`00e33000
Size : 0x00033000
Time Stamp : 0x4a5bc117
Time String : 7/13/2009 5:19:51 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : vdrvroot.sys
Address In Stack :
From Address : fffff880`00e33000
To Address : fffff880`00e40000
Size : 0x0000d000
Time Stamp : 0x4a5bcadb
Time String : 7/13/2009 6:01:31 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : LPCFilter.sys
Address In Stack :
From Address : fffff880`00e40000
To Address : fffff880`00e4f000
Size : 0x0000f000
Time Stamp : 0x4a4aa680
Time String : 6/30/2009 5:57:52 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : partmgr.sys
Address In Stack :
From Address : fffff880`00e4f000
To Address : fffff880`00e64000
Size : 0x00015000
Time Stamp : 0x4a5bc11e
Time String : 7/13/2009 5:19:58 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : compbatt.sys
Address In Stack :
From Address : fffff880`00e64000
To Address : fffff880`00e6d000
Size : 0x00009000
Time Stamp : 0x4a5bc3b6
Time String : 7/13/2009 5:31:02 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : BATTC.SYS
Address In Stack :
From Address : fffff880`00e6d000
To Address : fffff880`00e79000
Size : 0x0000c000
Time Stamp : 0x4a5bc3b5
Time String : 7/13/2009 5:31:01 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : volmgr.sys
Address In Stack :
From Address : fffff880`00e79000
To Address : fffff880`00e8e000
Size : 0x00015000
Time Stamp : 0x4a5bc11d
Time String : 7/13/2009 5:19:57 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : volmgrx.sys
Address In Stack :
From Address : fffff880`010ce000
To Address : fffff880`0112a000
Size : 0x0005c000
Time Stamp : 0x4a5bc141
Time String : 7/13/2009 5:20:33 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : mountmgr.sys
Address In Stack :
From Address : fffff880`0112a000
To Address : fffff880`01144000
Size : 0x0001a000
Time Stamp : 0x4a5bc11a
Time String : 7/13/2009 5:19:54 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : iaStor.sys
Address In Stack :
From Address : fffff880`0128e000
To Address : fffff880`013aa000
Size : 0x0011c000
Time Stamp : 0x4a7c1cc9
Time String : 8/7/2009 6:23:37 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : atapi.sys
Address In Stack :
From Address : fffff880`013aa000
To Address : fffff880`013b3000
Size : 0x00009000
Time Stamp : 0x4a5bc113
Time String : 7/13/2009 5:19:47 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : ataport.SYS
Address In Stack :
From Address : fffff880`013b3000
To Address : fffff880`013dd000
Size : 0x0002a000
Time Stamp : 0x4a5bc118
Time String : 7/13/2009 5:19:52 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : msahci.sys
Address In Stack :
From Address : fffff880`013dd000
To Address : fffff880`013e8000
Size : 0x0000b000
Time Stamp : 0x4a5bcabd
Time String : 7/13/2009 6:01:01 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : PCIIDEX.SYS
Address In Stack :
From Address : fffff880`013e8000
To Address : fffff880`013f8000
Size : 0x00010000
Time Stamp : 0x4a5bc114
Time String : 7/13/2009 5:19:48 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : amdxata.sys
Address In Stack :
From Address : fffff880`01200000
To Address : fffff880`0120b000
Size : 0x0000b000
Time Stamp : 0x4a12f2eb
Time String : 5/19/2009 11:56:59 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : fltmgr.sys
Address In Stack :
From Address : fffff880`0120b000
To Address : fffff880`01257000
Size : 0x0004c000
Time Stamp : 0x4a5bc11f
Time String : 7/13/2009 5:19:59 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : fileinfo.sys
Address In Stack :
From Address : fffff880`01257000
To Address : fffff880`0126b000
Size : 0x00014000
Time Stamp : 0x4a5bc481
Time String : 7/13/2009 5:34:25 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : Ntfs.sys
Address In Stack :
From Address : fffff880`01457000
To Address : fffff880`015fa000
Size : 0x001a3000
Time Stamp : 0x4a5bc14f
Time String : 7/13/2009 5:20:47 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : msrpc.sys
Address In Stack :
From Address : fffff880`01144000
To Address : fffff880`011a2000
Size : 0x0005e000
Time Stamp : 0x4a5bc17c
Time String : 7/13/2009 5:21:32 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : ksecdd.sys
Address In Stack :
From Address : fffff880`01400000
To Address : fffff880`0141a000
Size : 0x0001a000
Time Stamp : 0x4a5bc156
Time String : 7/13/2009 5:20:54 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : cng.sys
Address In Stack :
From Address : fffff880`01000000
To Address : fffff880`01073000
Size : 0x00073000
Time Stamp : 0x4a5bc814
Time String : 7/13/2009 5:49:40 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : pcw.sys
Address In Stack :
From Address : fffff880`0141a000
To Address : fffff880`0142b000
Size : 0x00011000
Time Stamp : 0x4a5bc0ff
Time String : 7/13/2009 5:19:27 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : Fs_Rec.sys
Address In Stack :
From Address : fffff880`0142b000
To Address : fffff880`01435000
Size : 0x0000a000
Time Stamp : 0x4a5bc111
Time String : 7/13/2009 5:19:45 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : ndis.sys
Address In Stack :
From Address : fffff880`016a3000
To Address : fffff880`01795000
Size : 0x000f2000
Time Stamp : 0x4a5bc184
Time String : 7/13/2009 5:21:40 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : NETIO.SYS
Address In Stack :
From Address : fffff880`01795000
To Address : fffff880`017f5000
Size : 0x00060000
Time Stamp : 0x4a5bc18a
Time String : 7/13/2009 5:21:46 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : ksecpkg.sys
Address In Stack :
From Address : fffff880`01600000
To Address : fffff880`0162b000
Size : 0x0002b000
Time Stamp : 0x4b21e0b4
Time String : 12/11/2009 12:03:32 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : tcpip.sys
Address In Stack :
From Address : fffff880`01800000
To Address : fffff880`019fd000
Size : 0x001fd000
Time Stamp : 0x4c15a458
Time String : 6/13/2010 9:39:04 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : fwpkclnt.sys
Address In Stack :
From Address : fffff880`0162b000
To Address : fffff880`01675000
Size : 0x0004a000
Time Stamp : 0x4a5bc164
Time String : 7/13/2009 5:21:08 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : volsnap.sys
Address In Stack :
From Address : fffff880`01073000
To Address : fffff880`010bf000
Size : 0x0004c000
Time Stamp : 0x4a5bc128
Time String : 7/13/2009 5:20:08 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : spldr.sys
Address In Stack :
From Address : fffff880`01675000
To Address : fffff880`0167d000
Size : 0x00008000
Time Stamp : 0x4a0858bb
Time String : 5/11/2009 10:56:27 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : rdyboost.sys
Address In Stack :
From Address : fffff880`011a2000
To Address : fffff880`011dc000
Size : 0x0003a000
Time Stamp : 0x4a5bc48a
Time String : 7/13/2009 5:34:34 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : mup.sys
Address In Stack :
From Address : fffff880`0167d000
To Address : fffff880`0168f000
Size : 0x00012000
Time Stamp : 0x4a5bc201
Time String : 7/13/2009 5:23:45 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : hwpolicy.sys
Address In Stack :
From Address : fffff880`0168f000
To Address : fffff880`01698000
Size : 0x00009000
Time Stamp : 0x4a5bc0fa
Time String : 7/13/2009 5:19:22 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : fvevol.sys
Address In Stack :
From Address : fffff880`00dc0000
To Address : fffff880`00dfa000
Size : 0x0003a000
Time Stamp : 0x4abd7db2
Time String : 9/25/2009 8:34:26 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : disk.sys
Address In Stack :
From Address : fffff880`01435000
To Address : fffff880`0144b000
Size : 0x00016000
Time Stamp : 0x4a5bc11d
Time String : 7/13/2009 5:19:57 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : CLASSPNP.SYS
Address In Stack :
From Address : fffff880`00e8e000
To Address : fffff880`00ebe000
Size : 0x00030000
Time Stamp : 0x4a5bc11e
Time String : 7/13/2009 5:19:58 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : cdrom.sys
Address In Stack :
From Address : fffff880`02dc5000
To Address : fffff080`02def000
Size : 0xfffff8000002a000
Time Stamp : 0x4a5bc11a
Time String : 7/13/2009 5:19:54 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : Null.SYS
Address In Stack :
From Address : fffff880`02def000
To Address : fffff880`02df8000
Size : 0x00009000
Time Stamp : 0x4a5bc109
Time String : 7/13/2009 5:19:37 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : Beep.SYS
Address In Stack :
From Address : fffff880`02df8000
To Address : fffff880`02dff000
Size : 0x00007000
Time Stamp : 0x4a5bca8d
Time String : 7/13/2009 6:00:13 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : vga.sys
Address In Stack :
From Address : fffff880`02c00000
To Address : 206459d6`02c0e000
Size : 0x206461560000e000
Time Stamp : 0x4a5bc587
Time String : 7/13/2009 5:38:47 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : VIDEOPRT.SYS
Address In Stack :
From Address : fffff880`02c0e000
To Address : fffff87f`02c33000
Size : 0xffffffff00025000
Time Stamp : 0x4a5bc58b
Time String : 7/13/2009 5:38:51 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : watchdog.sys
Address In Stack :
From Address : fffff880`02c33000
To Address : fffff880`02c43000
Size : 0x00010000
Time Stamp : 0x4a5bc53f
Time String : 7/13/2009 5:37:35 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : RDPCDD.sys
Address In Stack :
From Address : fffff880`02c43000
To Address : 206459d6`02c4c000
Size : 0x2064615600009000
Time Stamp : 0x4a5bce62
Time String : 7/13/2009 6:16:34 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : rdpencdd.sys
Address In Stack :
From Address : fffff880`02c4c000
To Address : 6c5265cd`02c55000
Size : 0x6c526d4d00009000
Time Stamp : 0x4a5bce62
Time String : 7/13/2009 6:16:34 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : rdprefmp.sys
Address In Stack :
From Address : fffff880`02c55000
To Address : 6c5265cd`02c5e000
Size : 0x6c526d4d00009000
Time Stamp : 0x4a5bce63
Time String : 7/13/2009 6:16:35 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : Msfs.SYS
Address In Stack :
From Address : fffff880`02c5e000
To Address : fffff880`02c69000
Size : 0x0000b000
Time Stamp : 0x4a5bc113
Time String : 7/13/2009 5:19:47 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : Npfs.SYS
Address In Stack :
From Address : fffff880`02c69000
To Address : fffff880`02c7a000
Size : 0x00011000
Time Stamp : 0x4a5bc114
Time String : 7/13/2009 5:19:48 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : tdx.sys
Address In Stack :
From Address : fffff880`011dc000
To Address : fffff880`011fa000
Size : 0x0001e000
Time Stamp : 0x4a5bc16b
Time String : 7/13/2009 5:21:15 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : TDI.SYS
Address In Stack :
From Address : fffff880`02c7a000
To Address : fffff880`02c87000
Size : 0x0000d000
Time Stamp : 0x4a5bc16e
Time String : 7/13/2009 5:21:18 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : aswTdi.SYS
Address In Stack :
From Address : fffff880`01279000
To Address : fffff880`01289000
Size : 0x00010000
Time Stamp : 0x4c290822
Time String : 6/28/2010 2:37:54 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : afd.sys
Address In Stack :
From Address : fffff880`03a9a000
To Address : fffff880`03b24000
Size : 0x0008a000
Time Stamp : 0x4a5bc184
Time String : 7/13/2009 5:21:40 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : aswRdr.SYS
Address In Stack :
From Address : fffff880`03b24000
To Address : 206459d6`03b2e000
Size : 0x206461560000a000
Time Stamp : 0x4c29070b
Time String : 6/28/2010 2:33:15 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : netbt.sys
Address In Stack :
From Address : fffff880`03b2e000
To Address : fffff880`03b73000
Size : 0x00045000
Time Stamp : 0x4a5bc178
Time String : 7/13/2009 5:21:28 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : wfplwf.sys
Address In Stack :
From Address : fffff880`03b73000
To Address : 206459d6`03b7c000
Size : 0x2064615600009000
Time Stamp : 0x4a5bccb6
Time String : 7/13/2009 6:09:26 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : pacer.sys
Address In Stack :
From Address : fffff880`03b7c000
To Address : fffff880`03ba2000
Size : 0x00026000
Time Stamp : 0x4a5bccc5
Time String : 7/13/2009 6:09:41 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : vwififlt.sys
Address In Stack :
From Address : fffff880`03ba2000
To Address : fffff880`03bb8000
Size : 0x00016000
Time Stamp : 0x4a5bcc3a
Time String : 7/13/2009 6:07:22 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : vpcnfltr.sys
Address In Stack :
From Address : fffff880`03bb8000
To Address : fffff880`03bcc000
Size : 0x00014000
Time Stamp : 0x4ab97aae
Time String : 9/22/2009 7:32:30 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : netbios.sys
Address In Stack :
From Address : fffff880`03bcc000
To Address : 206459d6`03bdb000
Size : 0x206461560000f000
Time Stamp : 0x4a5bccb6
Time String : 7/13/2009 6:09:26 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : wanarp.sys
Address In Stack :
From Address : fffff880`03bdb000
To Address : fffff880`03bf6000
Size : 0x0001b000
Time Stamp : 0x4a5bcced
Time String : 7/13/2009 6:10:21 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : vpcvmm.sys
Address In Stack :
From Address : fffff880`03a00000
To Address : fffff880`03a56580
Size : 0x00056580
Time Stamp : 0x4b3c5265
Time String : 12/31/2009 1:27:33 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : termdd.sys
Address In Stack :
From Address : fffff880`03a57000
To Address : 206459d6`03a6b000
Size : 0x2064615600014000
Time Stamp : 0x4a5bce64
Time String : 7/13/2009 6:16:36 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : rdbss.sys
Address In Stack :
From Address : fffff880`03cf9000
To Address : fffff080`03d4a000
Size : 0xfffff80000051000
Time Stamp : 0x4a5bc219
Time String : 7/13/2009 5:24:09 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : nsiproxy.sys
Address In Stack :
From Address : fffff880`03d4a000
To Address : fffff880`03d56000
Size : 0x0000c000
Time Stamp : 0x4a5bc15e
Time String : 7/13/2009 5:21:02 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : mssmbios.sys
Address In Stack :
From Address : fffff880`03d56000
To Address : fffff880`03d61000
Size : 0x0000b000
Time Stamp : 0x4a5bc3be
Time String : 7/13/2009 5:31:10 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : discache.sys
Address In Stack :
From Address : fffff880`03d61000
To Address : fffff880`03d70000
Size : 0x0000f000
Time Stamp : 0x4a5bc52e
Time String : 7/13/2009 5:37:18 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : dfsc.sys
Address In Stack :
From Address : fffff880`03d70000
To Address : 206459d6`03d8e000
Size : 0x206461560001e000
Time Stamp : 0x4a5bc200
Time String : 7/13/2009 5:23:44 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : blbdrive.sys
Address In Stack :
From Address : fffff880`03d8e000
To Address : fffff880`03d9f000
Size : 0x00011000
Time Stamp : 0x4a5bc4df
Time String : 7/13/2009 5:35:59 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : aswSP.SYS
Address In Stack :
From Address : fffff880`03d9f000
To Address : fffff880`03dc2000
Size : 0x00023000
Time Stamp : 0x4c29080e
Time String : 6/28/2010 2:37:34 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : tunnel.sys
Address In Stack :
From Address : fffff880`03dc2000
To Address : 206459d6`03de8000
Size : 0x2064615600026000
Time Stamp : 0x4a5bccc1
Time String : 7/13/2009 6:09:37 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : nvBridge.kmd
Address In Stack :
From Address : fffff880`0539a000
To Address : fffff880`0539b180
Size : 0x00001180
Time Stamp : 0x4a9cd18e
Time String : 9/1/2009 1:47:26 AM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : dxgmms1.sys
Address In Stack :
From Address : fffff880`0539c000
To Address : fffff880`053e2000
Size : 0x00046000
Time Stamp : 0x4a5bc578
Time String : 7/13/2009 5:38:32 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : HDAudBus.sys
Address In Stack :
From Address : fffff880`04800000
To Address : fffff880`04824000
Size : 0x00024000
Time Stamp : 0x4a5bcbf5
Time String : 7/13/2009 6:06:13 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : usbuhci.sys
Address In Stack :
From Address : fffff880`04824000
To Address : fffff880`04831000
Size : 0x0000d000
Time Stamp : 0x4a5bcc03
Time String : 7/13/2009 6:06:27 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : USBPORT.SYS
Address In Stack :
From Address : fffff880`04831000
To Address : fffff880`04887000
Size : 0x00056000
Time Stamp : 0x4a5bcc07
Time String : 7/13/2009 6:06:31 PM
Product Name :
File Description :
File Version :
Company :
Full Path :
==================================================
==================================================
Filename : usbehci.sys
Address In Stack :
From Address : fffff880`053e2000
To Address&nbs
-
Okay, I don't know what's going on here. I've forced about a half dozen BSOD's with ComboFix and TFC, but there are no dump records in the Minidump folder.
I've gone through the steps outlined here (http://blog.nirsoft.net/2010/07/27/how-to-configure-windows-to-create-minidump-files-on-bsod/), and I've verified that the registry key for CrashDumpEnabled is set properly, but there are still no dump reports.
Any ideas? ???
-
I have no idea why dumps are not created, either.
Also, those dates are confusing, since nothing recent is listed.
I'd like to check something....
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file) (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Link 2 (zipped file) (http://www.kernelmode.info/ARKs/RKUnhookerLE.zip)
Link 3 (.rar file) (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar)[/list]
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip (http://www.7-zip.org/) utility.
- Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator (http://vistasupport.mvps.org/run_as_administrator.htm).
- Click the Report tab, then click Scan.
- Check Drivers, Stealth, and uncheck the rest.
- Click OK.
- Wait until it's finished and then go to File > Save Report.
- Save the report to your Desktop.
- Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
-
Before it even gets a chance to run I get the following error:
(http://img411.imageshack.us/img411/4059/unhookererror.jpg)
-
Sorry, my fault. It won't run on 64-bit system.
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror (http://gmer.net/download.php)
This version will download a randomly named file (Recommended)
- Zipped Mirror (http://gmer.net/gmer.zip)
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection (http://www.bleepingcomputer.com/forums/topic114351.html) so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
(http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif)
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
-
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-19 00:25:11
Windows 6.1.7600
Running: io0wipge.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250@a8f27423ebc1 0xC0 0xD1 0x58 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250@a8f27423ebc1 0xC0 0xD1 0x58 0xA6 ...
---- EOF - GMER 1.0.15 ----
-
That looks fine.
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
I went to run the 64 bit version of process explorer as administrator, which caused yet another BSOD. This time, Windows wouldn't start, it went straight to another BSOD, and then the startup repair utility came up.
Now the machine is slow as Christmas. I'm typing five or six characters ahead before they show up on the screen. I went ahead and ran the 64 bit again (this time not as administrator), and here is the log:
Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 19.87 0 K 24 K
Interrupts n/a 0.74 0 K 0 K Hardware Interrupts
DPCs n/a 0.74 0 K 0 K Deferred Procedure Calls
System 4 7.36 108 K 796 K
smss.exe 356 424 K 1,156 K
csrss.exe 504 1,964 K 4,208 K
wininit.exe 556 1,484 K 4,564 K
services.exe 624 0.74 6,796 K 10,868 K
svchost.exe 788 4,080 K 9,208 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
dllhost.exe 3248 2,504 K 7,136 K
WmiPrvSE.exe 4424 2,680 K 6,388 K
nvvsvc.exe 876 2,404 K 7,320 K NVIDIA Driver Helper Service, Version 266.58 NVIDIA Corporation C:\Windows\system32\nvvsvc.exe
NvXDSync.exe 1148 5,596 K 15,112 K
nvvsvc.exe 1168 4,696 K 12,092 K
svchost.exe 916 4,456 K 8,472 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe 1004 20,364 K 24,164 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 1056 16,880 K 17,060 K
svchost.exe 392 2.94 78,564 K 89,872 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 1748 0.74 25,176 K 22,456 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 400 27,256 K 35,992 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
wuauclt.exe 4056 1,948 K 6,784 K Windows Update Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
svchost.exe 1100 9,120 K 16,472 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1296 14,888 K 16,084 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
AvastSvc.exe 1408 0.74 5,996 K 6,672 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
avast.setup 4852 13.98 4,352 K 10,916 K
spoolsv.exe 1716 7,812 K 14,340 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
taskhost.exe 2016 7,844 K 9,192 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
svchost.exe 1580 8,752 K 13,784 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
SASCore64.exe 1240 1,356 K 3,688 K "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
svchost.exe 2100 6,960 K 13,964 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
CommandService.exe 2140 1,460 K 4,964 K CommandService Application LeapFrog Enterprises, Inc. "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe"
NMSAccessU.exe 2212 912 K 3,112 K C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
FWService.exe 2252 12,344 K 1,408 K PC Tools Firewall Plus service PC Tools C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
nvSCPAPISvr.exe 2352 2,352 K 5,616 K Stereo Vision Control Panel API Server NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
svchost.exe 2392 1,880 K 5,576 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
WLIDSVC.EXE 2432 7,136 K 14,868 K "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE 2704 1,204 K 3,372 K
IAANTmon.exe 2508 2,108 K 6,340 K RAID Monitor Intel Corporation C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SearchIndexer.exe 3092 0.74 40,712 K 30,144 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 3784 8.09 3,772 K 8,276 K
SearchFilterHost.exe 1840 1,876 K 5,156 K
svchost.exe 3268 1,764 K 5,716 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
wmpnetwk.exe 3996 24.28 12,808 K 7,232 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
svchost.exe 3424 9,264 K 13,240 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
sppsvc.exe 4956 2,680 K 7,980 K Microsoft Software Protection Platform Service Microsoft Corporation C:\Windows\system32\sppsvc.exe
svchost.exe 3840 67,204 K 34,008 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k secsvcs
lsass.exe 632 3.68 5,372 K 13,192 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 640 2,556 K 4,372 K
csrss.exe 576 2,172 K 5,652 K
winlogon.exe 744 3,008 K 7,784 K
explorer.exe 1772 2.94 38,392 K 51,828 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
IAAnotif.exe 1884 2,144 K 7,020 K Event Monitor User Notification Tool Intel Corporation "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
utility.exe 1892 8,900 K 13,076 K Lenovo Battery Management Software Ver3.0 Lenovo(beijing) Limited "C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
Energy Management.exe 1908 2,728 K 7,808 K Lenovo Energy Management Software Lenovo (Beijing) Limited "C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
SynTPEnh.exe 1924 3,600 K 12,264 K Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
SynTPHelper.exe 4044 1,176 K 3,176 K
RAVCpl64.exe 1940 8,848 K 10,936 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Zoë.exe 1224 0.74 2,564 K 6,540 K "C:\Users\The Raddish\Documents\AHK\setup\Zoë.exe"
firefox.exe 924 0.74 339,504 K 359,616 K Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe"
plugin-container.exe 4344 20,800 K 25,308 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugin-container.exe" --channel=924.1744bac0.724808193 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.4.0b11" -omnijar C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\omni.jar 924 \\.\pipe\gecko-crash-server-pipe.924 plugin
plugin-container.exe 4248 2,736 K 8,372 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugin-container.exe" --channel=924.199d07c0.1114581051 "C:\Users\The Raddish\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" "Mozilla.Firefox.4.0b11" -omnijar C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\omni.jar 924 \\.\pipe\gecko-crash-server-pipe.924 plugin
googletalkplugin.exe 4212 10,980 K 14,216 K Google Talk Plugin Google "C:\Users\The Raddish\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
procexp64.exe 1032 10.30 17,712 K 34,448 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\The Raddish\Downloads\Process Explorer\procexp64.exe"
OnekeyDM.exe 1608 2,048 K 5,416 K OnekeyDM MFC Application "C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe"
Monitor.exe 1648 2,572 K 8,328 K Monitor Application LeapFrog Enterprises, Inc. "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
FirewallGUI.exe 500 0.74 15,504 K 3,844 K PC Tools Firewall GUI PC Tools "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
jusched.exe 564 1,164 K 4,332 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
-
I think, you need to run some hardware tests.
Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard+drive+diagnostic)
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Path=ServicesSupport/FujitsuDrivesUSandCanada/SoftwareUtilities#diagnostic
Note : If you do not know how to set your computer to boot from CD follow the steps HERE (http://www.hiren.info/pages/bios-boot-cdrom)
===================================================================================
A. If you have more than one RAM module installed, try starting/running computer with one RAM stick at a time.
NOTE Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A
B. If you have only one RAM stick installed...
...run memtest...
1. Download - Pre-Compiled Bootable ISO (.zip) (http://www.memtest.org/download/4.00/memtest86+-4.00.iso.zip)
2. Unzip downloaded memtest86+-....iso.zip file.
3. Inside, you'll find memtest86+-....iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:
(http://209.85.48.8/228/109/upload/p4393897.gif)
8. Locate memtest86+-....iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:
(http://209.85.48.8/228/109/upload/p4393911.gif)
10. Once the CD is created, boot from it, and memtest will automatically start to run.
The running program will look something like this depending on the size and number of ram modules installed:
(http://icrontic.com/draco/images/articles/diagnose_with_memtest86/main_menu.jpg)
It's recommended to run 5-6 passes. Each pass contains very same 8 tests.
This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.
(http://icrontic.com/draco/images/articles/diagnose_with_memtest86/testarea_cu.jpg)
The following image is the test results area:
(http://209.85.48.8/228/109/upload/p4393925.gif)
The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.
-
Broni,
I'll do these but keep in mind that both Ubuntu and XP are running just fine on this machine right now, no problems what-so-ever. I'd think that if I had a hardware issue it would manifest in both of those installations as well, wouldn't it?
-
True. I forgot about it.
Well, maybe it's time to reinstall Win 7 then.
-
Yeah, I was hoping to avoid that. Oh well, I guess we can't win 'em all.
Thanks for your help, it is appreciated. :)
-
I wish, we did better :(
-
I wish, we did better :(
Just a quick FYI for follow-up. After reinstall (which seems to be a two or three day affair these days), this machine is back to screamin'.
I really would like to have known what caused the slowdown.
Now that everything is reinstalled and running like it should, I'll be making an Arconis image. I should have done this long ago. Oh well, live and learn.
Thanks again for your help. :)
-
You're very welcome (http://www.smartestcomputing.us.com/public/style_emoticons/default/smiley_says_hello.gif)
Thanks for posting back :)