Answer» Okay, apparently my machine either wasn't set up to record BSOD logs in the minidump directory, or somewhere along the line one of the utilities erased them. I did have a log in the C:\Windows\LiveKernelReports\WATCHDOG directory, but interestingly the last date was a couple weeks back. Actually, looking at the time stamp on most of these this computer didn't even physically exist yet so I'm not sure what we're actually looking at here.
I've configured windows to record BSOD logs now and I'll force a few and post those dumps, but in the meantime here is the latest watchdog dump log. I don't know if this will be useful or not.
================================================== Filename : dxgkrnl.sys Address In Stack : dxgkrnl.sys+1f8a0 From Address : fffff880`03c00000 To Address : fffff880`03cf4000 Size : 0x000f4000 Time Stamp : 0x4ac5509e Time String : 10/1/2009 7:00:14 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : nvlddmkm.sys Address In Stack : nvlddmkm.sys+134e0 From Address : fffff880`04891000 To Address : fffff880`05399b00 Size : 0x00b08b00 Time Stamp : 0x4a9cd725 Time String : 9/1/2009 2:11:17 AM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : ntoskrnl.exe Address In Stack : From Address : fffff800`03258000 To Address : fffff800`03834000 Size : 0x005dc000 Time Stamp : 0x4c1c44a9 Time String : 6/18/2010 10:16:41 PM Product Name : Microsoft® Windows® Operating System File Description : NT Kernel & System File Version : 6.1.7600.16695 (win7_gdr.101026-1503) Company : Microsoft Corporation Full Path : C:\Windows\system32\ntoskrnl.exe ==================================================
================================================== Filename : hal.dll Address In Stack : From Address : fffff800`0320f000 To Address : fffff800`03258000 Size : 0x00049000 Time Stamp : 0x4a5bdf08 Time String : 7/13/2009 7:27:36 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : kdcom.dll Address In Stack : From Address : fffff800`00bb1000 To Address : fffff800`00bbb000 Size : 0x0000a000 Time Stamp : 0x4a5bdfdb Time String : 7/13/2009 7:31:07 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : mcupdate.dll Address In Stack : From Address : fffff880`00c4a000 To Address : fffff880`00c8e000 Size : 0x00044000 Time Stamp : 0x4a5bdf66 Time String : 7/13/2009 7:29:10 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : PSHED.dll Address In Stack : From Address : fffff880`00c8e000 To Address : fffff880`00ca2000 Size : 0x00014000 Time Stamp : 0x4a5be027 Time String : 7/13/2009 7:32:23 PM Product Name : Microsoft® Windows® Operating System File Description : Platform Specific Hardware Error Driver File Version : 6.1.7600.16385 (win7_rtm.090713-1255) Company : Microsoft Corporation Full Path : C:\Windows\system32\PSHED.dll ==================================================
================================================== Filename : CLFS.SYS Address In Stack : From Address : fffff880`00ca2000 To Address : fffff880`00d00000 Size : 0x0005e000 Time Stamp : 0x4a5bc11d Time String : 7/13/2009 5:19:57 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : CI.dll Address In Stack : From Address : fffff880`00d00000 To Address : fffff880`00dc0000 Size : 0x000c0000 Time Stamp : 0x4a5be01d Time String : 7/13/2009 7:32:13 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : Wdf01000.sys Address In Stack : From Address : fffff880`00ebe000 To Address : fffff880`00f62000 Size : 0x000a4000 Time Stamp : 0x4a5bc19f Time String : 7/13/2009 5:22:07 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : WDFLDR.SYS Address In Stack : From Address : fffff880`00f62000 To Address : fffff880`00f71000 Size : 0x0000f000 Time Stamp : 0x4a5bc11a Time String : 7/13/2009 5:19:54 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : ACPI.sys Address In Stack : From Address : fffff880`00f71000 To Address : fffff880`00fc8000 Size : 0x00057000 Time Stamp : 0x4a5bc106 Time String : 7/13/2009 5:19:34 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : WMILIB.SYS Address In Stack : From Address : fffff880`00fc8000 To Address : fffff880`00fd1000 Size : 0x00009000 Time Stamp : 0x4a5bc117 Time String : 7/13/2009 5:19:51 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : msisadrv.sys Address In Stack : From Address : fffff880`00fd1000 To Address : fffff880`00fdb000 Size : 0x0000a000 Time Stamp : 0x4a5bc0fe Time String : 7/13/2009 5:19:26 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : pci.sys Address In Stack : From Address : fffff880`00e00000 To Address : fffff880`00e33000 Size : 0x00033000 Time Stamp : 0x4a5bc117 Time String : 7/13/2009 5:19:51 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : vdrvroot.sys Address In Stack : From Address : fffff880`00e33000 To Address : fffff880`00e40000 Size : 0x0000d000 Time Stamp : 0x4a5bcadb Time String : 7/13/2009 6:01:31 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : LPCFilter.sys Address In Stack : From Address : fffff880`00e40000 To Address : fffff880`00e4f000 Size : 0x0000f000 Time Stamp : 0x4a4aa680 Time String : 6/30/2009 5:57:52 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : partmgr.sys Address In Stack : From Address : fffff880`00e4f000 To Address : fffff880`00e64000 Size : 0x00015000 Time Stamp : 0x4a5bc11e Time String : 7/13/2009 5:19:58 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : compbatt.sys Address In Stack : From Address : fffff880`00e64000 To Address : fffff880`00e6d000 Size : 0x00009000 Time Stamp : 0x4a5bc3b6 Time String : 7/13/2009 5:31:02 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : BATTC.SYS Address In Stack : From Address : fffff880`00e6d000 To Address : fffff880`00e79000 Size : 0x0000c000 Time Stamp : 0x4a5bc3b5 Time String : 7/13/2009 5:31:01 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : volmgr.sys Address In Stack : From Address : fffff880`00e79000 To Address : fffff880`00e8e000 Size : 0x00015000 Time Stamp : 0x4a5bc11d Time String : 7/13/2009 5:19:57 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : volmgrx.sys Address In Stack : From Address : fffff880`010ce000 To Address : fffff880`0112a000 Size : 0x0005c000 Time Stamp : 0x4a5bc141 Time String : 7/13/2009 5:20:33 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : mountmgr.sys Address In Stack : From Address : fffff880`0112a000 To Address : fffff880`01144000 Size : 0x0001a000 Time Stamp : 0x4a5bc11a Time String : 7/13/2009 5:19:54 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : iaStor.sys Address In Stack : From Address : fffff880`0128e000 To Address : fffff880`013aa000 Size : 0x0011c000 Time Stamp : 0x4a7c1cc9 Time String : 8/7/2009 6:23:37 AM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : atapi.sys Address In Stack : From Address : fffff880`013aa000 To Address : fffff880`013b3000 Size : 0x00009000 Time Stamp : 0x4a5bc113 Time String : 7/13/2009 5:19:47 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : ataport.SYS Address In Stack : From Address : fffff880`013b3000 To Address : fffff880`013dd000 Size : 0x0002a000 Time Stamp : 0x4a5bc118 Time String : 7/13/2009 5:19:52 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : msahci.sys Address In Stack : From Address : fffff880`013dd000 To Address : fffff880`013e8000 Size : 0x0000b000 Time Stamp : 0x4a5bcabd Time String : 7/13/2009 6:01:01 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : PCIIDEX.SYS Address In Stack : From Address : fffff880`013e8000 To Address : fffff880`013f8000 Size : 0x00010000 Time Stamp : 0x4a5bc114 Time String : 7/13/2009 5:19:48 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : amdxata.sys Address In Stack : From Address : fffff880`01200000 To Address : fffff880`0120b000 Size : 0x0000b000 Time Stamp : 0x4a12f2eb Time String : 5/19/2009 11:56:59 AM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : fltmgr.sys Address In Stack : From Address : fffff880`0120b000 To Address : fffff880`01257000 Size : 0x0004c000 Time Stamp : 0x4a5bc11f Time String : 7/13/2009 5:19:59 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : fileinfo.sys Address In Stack : From Address : fffff880`01257000 To Address : fffff880`0126b000 Size : 0x00014000 Time Stamp : 0x4a5bc481 Time String : 7/13/2009 5:34:25 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : Ntfs.sys Address In Stack : From Address : fffff880`01457000 To Address : fffff880`015fa000 Size : 0x001a3000 Time Stamp : 0x4a5bc14f Time String : 7/13/2009 5:20:47 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : msrpc.sys Address In Stack : From Address : fffff880`01144000 To Address : fffff880`011a2000 Size : 0x0005e000 Time Stamp : 0x4a5bc17c Time String : 7/13/2009 5:21:32 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : ksecdd.sys Address In Stack : From Address : fffff880`01400000 To Address : fffff880`0141a000 Size : 0x0001a000 Time Stamp : 0x4a5bc156 Time String : 7/13/2009 5:20:54 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : cng.sys Address In Stack : From Address : fffff880`01000000 To Address : fffff880`01073000 Size : 0x00073000 Time Stamp : 0x4a5bc814 Time String : 7/13/2009 5:49:40 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : pcw.sys Address In Stack : From Address : fffff880`0141a000 To Address : fffff880`0142b000 Size : 0x00011000 Time Stamp : 0x4a5bc0ff Time String : 7/13/2009 5:19:27 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : Fs_Rec.sys Address In Stack : From Address : fffff880`0142b000 To Address : fffff880`01435000 Size : 0x0000a000 Time Stamp : 0x4a5bc111 Time String : 7/13/2009 5:19:45 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : ndis.sys Address In Stack : From Address : fffff880`016a3000 To Address : fffff880`01795000 Size : 0x000f2000 Time Stamp : 0x4a5bc184 Time String : 7/13/2009 5:21:40 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : NETIO.SYS Address In Stack : From Address : fffff880`01795000 To Address : fffff880`017f5000 Size : 0x00060000 Time Stamp : 0x4a5bc18a Time String : 7/13/2009 5:21:46 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : ksecpkg.sys Address In Stack : From Address : fffff880`01600000 To Address : fffff880`0162b000 Size : 0x0002b000 Time Stamp : 0x4b21e0b4 Time String : 12/11/2009 12:03:32 AM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : tcpip.sys Address In Stack : From Address : fffff880`01800000 To Address : fffff880`019fd000 Size : 0x001fd000 Time Stamp : 0x4c15a458 Time String : 6/13/2010 9:39:04 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : fwpkclnt.sys Address In Stack : From Address : fffff880`0162b000 To Address : fffff880`01675000 Size : 0x0004a000 Time Stamp : 0x4a5bc164 Time String : 7/13/2009 5:21:08 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : volsnap.sys Address In Stack : From Address : fffff880`01073000 To Address : fffff880`010bf000 Size : 0x0004c000 Time Stamp : 0x4a5bc128 Time String : 7/13/2009 5:20:08 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : spldr.sys Address In Stack : From Address : fffff880`01675000 To Address : fffff880`0167d000 Size : 0x00008000 Time Stamp : 0x4a0858bb Time String : 5/11/2009 10:56:27 AM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : rdyboost.sys Address In Stack : From Address : fffff880`011a2000 To Address : fffff880`011dc000 Size : 0x0003a000 Time Stamp : 0x4a5bc48a Time String : 7/13/2009 5:34:34 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : mup.sys Address In Stack : From Address : fffff880`0167d000 To Address : fffff880`0168f000 Size : 0x00012000 Time Stamp : 0x4a5bc201 Time String : 7/13/2009 5:23:45 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : hwpolicy.sys Address In Stack : From Address : fffff880`0168f000 To Address : fffff880`01698000 Size : 0x00009000 Time Stamp : 0x4a5bc0fa Time String : 7/13/2009 5:19:22 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : fvevol.sys Address In Stack : From Address : fffff880`00dc0000 To Address : fffff880`00dfa000 Size : 0x0003a000 Time Stamp : 0x4abd7db2 Time String : 9/25/2009 8:34:26 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : disk.sys Address In Stack : From Address : fffff880`01435000 To Address : fffff880`0144b000 Size : 0x00016000 Time Stamp : 0x4a5bc11d Time String : 7/13/2009 5:19:57 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : CLASSPNP.SYS Address In Stack : From Address : fffff880`00e8e000 To Address : fffff880`00ebe000 Size : 0x00030000 Time Stamp : 0x4a5bc11e Time String : 7/13/2009 5:19:58 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : cdrom.sys Address In Stack : From Address : fffff880`02dc5000 To Address : fffff080`02def000 Size : 0xfffff8000002a000 Time Stamp : 0x4a5bc11a Time String : 7/13/2009 5:19:54 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : Null.SYS Address In Stack : From Address : fffff880`02def000 To Address : fffff880`02df8000 Size : 0x00009000 Time Stamp : 0x4a5bc109 Time String : 7/13/2009 5:19:37 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : Beep.SYS Address In Stack : From Address : fffff880`02df8000 To Address : fffff880`02dff000 Size : 0x00007000 Time Stamp : 0x4a5bca8d Time String : 7/13/2009 6:00:13 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : vga.sys Address In Stack : From Address : fffff880`02c00000 To Address : 206459d6`02c0e000 Size : 0x206461560000e000 Time Stamp : 0x4a5bc587 Time String : 7/13/2009 5:38:47 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : VIDEOPRT.SYS Address In Stack : From Address : fffff880`02c0e000 To Address : fffff87f`02c33000 Size : 0xffffffff00025000 Time Stamp : 0x4a5bc58b Time String : 7/13/2009 5:38:51 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : watchdog.sys Address In Stack : From Address : fffff880`02c33000 To Address : fffff880`02c43000 Size : 0x00010000 Time Stamp : 0x4a5bc53f Time String : 7/13/2009 5:37:35 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : RDPCDD.sys Address In Stack : From Address : fffff880`02c43000 To Address : 206459d6`02c4c000 Size : 0x2064615600009000 Time Stamp : 0x4a5bce62 Time String : 7/13/2009 6:16:34 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : rdpencdd.sys Address In Stack : From Address : fffff880`02c4c000 To Address : 6c5265cd`02c55000 Size : 0x6c526d4d00009000 Time Stamp : 0x4a5bce62 Time String : 7/13/2009 6:16:34 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : rdprefmp.sys Address In Stack : From Address : fffff880`02c55000 To Address : 6c5265cd`02c5e000 Size : 0x6c526d4d00009000 Time Stamp : 0x4a5bce63 Time String : 7/13/2009 6:16:35 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : Msfs.SYS Address In Stack : From Address : fffff880`02c5e000 To Address : fffff880`02c69000 Size : 0x0000b000 Time Stamp : 0x4a5bc113 Time String : 7/13/2009 5:19:47 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : Npfs.SYS Address In Stack : From Address : fffff880`02c69000 To Address : fffff880`02c7a000 Size : 0x00011000 Time Stamp : 0x4a5bc114 Time String : 7/13/2009 5:19:48 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : tdx.sys Address In Stack : From Address : fffff880`011dc000 To Address : fffff880`011fa000 Size : 0x0001e000 Time Stamp : 0x4a5bc16b Time String : 7/13/2009 5:21:15 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : TDI.SYS Address In Stack : From Address : fffff880`02c7a000 To Address : fffff880`02c87000 Size : 0x0000d000 Time Stamp : 0x4a5bc16e Time String : 7/13/2009 5:21:18 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : aswTdi.SYS Address In Stack : From Address : fffff880`01279000 To Address : fffff880`01289000 Size : 0x00010000 Time Stamp : 0x4c290822 Time String : 6/28/2010 2:37:54 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : afd.sys Address In Stack : From Address : fffff880`03a9a000 To Address : fffff880`03b24000 Size : 0x0008a000 Time Stamp : 0x4a5bc184 Time String : 7/13/2009 5:21:40 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : aswRdr.SYS Address In Stack : From Address : fffff880`03b24000 To Address : 206459d6`03b2e000 Size : 0x206461560000a000 Time Stamp : 0x4c29070b Time String : 6/28/2010 2:33:15 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : netbt.sys Address In Stack : From Address : fffff880`03b2e000 To Address : fffff880`03b73000 Size : 0x00045000 Time Stamp : 0x4a5bc178 Time String : 7/13/2009 5:21:28 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : wfplwf.sys Address In Stack : From Address : fffff880`03b73000 To Address : 206459d6`03b7c000 Size : 0x2064615600009000 Time Stamp : 0x4a5bccb6 Time String : 7/13/2009 6:09:26 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : pacer.sys Address In Stack : From Address : fffff880`03b7c000 To Address : fffff880`03ba2000 Size : 0x00026000 Time Stamp : 0x4a5bccc5 Time String : 7/13/2009 6:09:41 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : vwififlt.sys Address In Stack : From Address : fffff880`03ba2000 To Address : fffff880`03bb8000 Size : 0x00016000 Time Stamp : 0x4a5bcc3a Time String : 7/13/2009 6:07:22 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : vpcnfltr.sys Address In Stack : From Address : fffff880`03bb8000 To Address : fffff880`03bcc000 Size : 0x00014000 Time Stamp : 0x4ab97aae Time String : 9/22/2009 7:32:30 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : netbios.sys Address In Stack : From Address : fffff880`03bcc000 To Address : 206459d6`03bdb000 Size : 0x206461560000f000 Time Stamp : 0x4a5bccb6 Time String : 7/13/2009 6:09:26 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : wanarp.sys Address In Stack : From Address : fffff880`03bdb000 To Address : fffff880`03bf6000 Size : 0x0001b000 Time Stamp : 0x4a5bcced Time String : 7/13/2009 6:10:21 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : vpcvmm.sys Address In Stack : From Address : fffff880`03a00000 To Address : fffff880`03a56580 Size : 0x00056580 Time Stamp : 0x4b3c5265 Time String : 12/31/2009 1:27:33 AM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : termdd.sys Address In Stack : From Address : fffff880`03a57000 To Address : 206459d6`03a6b000 Size : 0x2064615600014000 Time Stamp : 0x4a5bce64 Time String : 7/13/2009 6:16:36 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : rdbss.sys Address In Stack : From Address : fffff880`03cf9000 To Address : fffff080`03d4a000 Size : 0xfffff80000051000 Time Stamp : 0x4a5bc219 Time String : 7/13/2009 5:24:09 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : nsiproxy.sys Address In Stack : From Address : fffff880`03d4a000 To Address : fffff880`03d56000 Size : 0x0000c000 Time Stamp : 0x4a5bc15e Time String : 7/13/2009 5:21:02 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : mssmbios.sys Address In Stack : From Address : fffff880`03d56000 To Address : fffff880`03d61000 Size : 0x0000b000 Time Stamp : 0x4a5bc3be Time String : 7/13/2009 5:31:10 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : discache.sys Address In Stack : From Address : fffff880`03d61000 To Address : fffff880`03d70000 Size : 0x0000f000 Time Stamp : 0x4a5bc52e Time String : 7/13/2009 5:37:18 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : dfsc.sys Address In Stack : From Address : fffff880`03d70000 To Address : 206459d6`03d8e000 Size : 0x206461560001e000 Time Stamp : 0x4a5bc200 Time String : 7/13/2009 5:23:44 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : blbdrive.sys Address In Stack : From Address : fffff880`03d8e000 To Address : fffff880`03d9f000 Size : 0x00011000 Time Stamp : 0x4a5bc4df Time String : 7/13/2009 5:35:59 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : aswSP.SYS Address In Stack : From Address : fffff880`03d9f000 To Address : fffff880`03dc2000 Size : 0x00023000 Time Stamp : 0x4c29080e Time String : 6/28/2010 2:37:34 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : tunnel.sys Address In Stack : From Address : fffff880`03dc2000 To Address : 206459d6`03de8000 Size : 0x2064615600026000 Time Stamp : 0x4a5bccc1 Time String : 7/13/2009 6:09:37 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : nvBridge.kmd Address In Stack : From Address : fffff880`0539a000 To Address : fffff880`0539b180 Size : 0x00001180 Time Stamp : 0x4a9cd18e Time String : 9/1/2009 1:47:26 AM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : dxgmms1.sys Address In Stack : From Address : fffff880`0539c000 To Address : fffff880`053e2000 Size : 0x00046000 Time Stamp : 0x4a5bc578 Time String : 7/13/2009 5:38:32 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : HDAudBus.sys Address In Stack : From Address : fffff880`04800000 To Address : fffff880`04824000 Size : 0x00024000 Time Stamp : 0x4a5bcbf5 Time String : 7/13/2009 6:06:13 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : usbuhci.sys Address In Stack : From Address : fffff880`04824000 To Address : fffff880`04831000 Size : 0x0000d000 Time Stamp : 0x4a5bcc03 Time String : 7/13/2009 6:06:27 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : USBPORT.SYS Address In Stack : From Address : fffff880`04831000 To Address : fffff880`04887000 Size : 0x00056000 Time Stamp : 0x4a5bcc07 Time String : 7/13/2009 6:06:31 PM Product Name : File Description : File Version : Company : Full Path : ==================================================
================================================== Filename : usbehci.sys Address In Stack : From Address : fffff880`053e2000 To Address&nbsOkay, I don't know what's going on here. I've forced about a half dozen BSOD's with ComboFix and TFC, but there are no dump records in the Minidump folder.
I've gone through the steps outlined here, and I've verified that the registry key for CrashDumpEnabled is set properly, but there are still no dump reports.
Any ideas? I have no idea why dumps are not created, either. Also, those dates are confusing, since nothing recent is listed.
I'd like to check something....
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file) Link 2 (zipped file) Link 3 (.rar file)[/list] In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
- Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
- Click the Report tab, then click Scan.
- Check Drivers, Stealth, and uncheck the rest.
- Click OK.
- Wait until it's finished and then go to File > Save Report.
- Save the report to your Desktop.
- Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".Before it even gets a chance to run I get the following error:
Sorry, my fault. It won't run on 64-bit system.
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended)
- Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the INTERNET and close all running PROGRAMS.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
IMPORTANT! If for some reason GMER refuses to run, try again. If it still fails, try to UN-check "Devices" in right pane. If still no joy, try to run it from Safe Mode. GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-19 00:25:11 Windows 6.1.7600 Running: io0wipge.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xC0 0xD1 0x58 0xA6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xC0 0xD1 0x58 0xA6 ...
---- EOF - GMER 1.0.15 ---- That looks fine.
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program. Click on View > Select Colunms. In addition to already pre-selected options, make sure, the Command Line is selected, and press OK. Go File>Save As, and save the report as Procexp.txt. Attach the file to your next reply.I went to run the 64 bit version of process explorer as administrator, which caused yet another BSOD. This time, Windows wouldn't start, it went straight to another BSOD, and then the startup repair utility came up.
Now the machine is slow as Christmas. I'm typing five or six characters ahead before they show up on the screen. I went ahead and ran the 64 bit again (this time not as administrator), and here is the log:
Process PID CPU Private Bytes Working Set Description Company Name Command Line System Idle Process 0 19.87 0 K 24 K Interrupts n/a 0.74 0 K 0 K Hardware Interrupts DPCs n/a 0.74 0 K 0 K Deferred Procedure Calls System 4 7.36 108 K 796 K smss.exe 356 424 K 1,156 K csrss.exe 504 1,964 K 4,208 K wininit.exe 556 1,484 K 4,564 K services.exe 624 0.74 6,796 K 10,868 K svchost.exe 788 4,080 K 9,208 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch dllhost.exe 3248 2,504 K 7,136 K WmiPrvSE.exe 4424 2,680 K 6,388 K nvvsvc.exe 876 2,404 K 7,320 K NVIDIA Driver Helper Service, Version 266.58 NVIDIA Corporation C:\Windows\system32\nvvsvc.exe NvXDSync.exe 1148 5,596 K 15,112 K nvvsvc.exe 1168 4,696 K 12,092 K svchost.exe 916 4,456 K 8,472 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS svchost.exe 1004 20,364 K 24,164 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted audiodg.exe 1056 16,880 K 17,060 K svchost.exe 392 2.94 78,564 K 89,872 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted dwm.exe 1748 0.74 25,176 K 22,456 K Desktop Window MANAGER Microsoft Corporation "C:\Windows\system32\Dwm.exe" svchost.exe 400 27,256 K 35,992 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs wuauclt.exe 4056 1,948 K 6,784 K Windows Update Microsoft Corporation "C:\Windows\system32\wuauclt.exe" svchost.exe 1100 9,120 K 16,472 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService svchost.exe 1296 14,888 K 16,084 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService AvastSvc.exe 1408 0.74 5,996 K 6,672 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" avast.setup 4852 13.98 4,352 K 10,916 K spoolsv.exe 1716 7,812 K 14,340 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe taskhost.exe 2016 7,844 K 9,192 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe" svchost.exe 1580 8,752 K 13,784 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork SASCore64.exe 1240 1,356 K 3,688 K "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" svchost.exe 2100 6,960 K 13,964 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation CommandService.exe 2140 1,460 K 4,964 K CommandService Application LeapFrog Enterprises, Inc. "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe" NMSAccessU.exe 2212 912 K 3,112 K C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe FWService.exe 2252 12,344 K 1,408 K PC Tools Firewall Plus service PC Tools C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe nvSCPAPISvr.exe 2352 2,352 K 5,616 K Stereo Vision Control Panel API Server NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe svchost.exe 2392 1,880 K 5,576 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc WLIDSVC.EXE 2432 7,136 K 14,868 K "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSVCM.EXE 2704 1,204 K 3,372 K IAANTmon.exe 2508 2,108 K 6,340 K RAID Monitor Intel Corporation C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe SearchIndexer.exe 3092 0.74 40,712 K 30,144 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding SearchProtocolHost.exe 3784 8.09 3,772 K 8,276 K SearchFilterHost.exe 1840 1,876 K 5,156 K svchost.exe 3268 1,764 K 5,716 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted wmpnetwk.exe 3996 24.28 12,808 K 7,232 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe" svchost.exe 3424 9,264 K 13,240 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet sppsvc.exe 4956 2,680 K 7,980 K Microsoft Software Protection Platform Service Microsoft Corporation C:\Windows\system32\sppsvc.exe svchost.exe 3840 67,204 K 34,008 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k secsvcs lsass.exe 632 3.68 5,372 K 13,192 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe lsm.exe 640 2,556 K 4,372 K csrss.exe 576 2,172 K 5,652 K winlogon.exe 744 3,008 K 7,784 K explorer.exe 1772 2.94 38,392 K 51,828 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE IAAnotif.exe 1884 2,144 K 7,020 K Event Monitor User Notification Tool Intel Corporation "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe" utility.exe 1892 8,900 K 13,076 K Lenovo Battery Management Software Ver3.0 Lenovo(beijing) Limited "C:\Program Files (x86)\Lenovo\Energy Management\utility.exe" Energy Management.exe 1908 2,728 K 7,808 K Lenovo Energy Management Software Lenovo (Beijing) Limited "C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe" SynTPEnh.exe 1924 3,600 K 12,264 K Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" SynTPHelper.exe 4044 1,176 K 3,176 K RAVCpl64.exe 1940 8,848 K 10,936 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s Zoë.exe 1224 0.74 2,564 K 6,540 K "C:\Users\The Raddish\Documents\AHK\setup\Zoë.exe" firefox.exe 924 0.74 339,504 K 359,616 K Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe" plugin-container.exe 4344 20,800 K 25,308 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugin-container.exe" --channel=924.1744bac0.724808193 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.4.0b11" -omnijar C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\omni.jar 924 \\.\pipe\gecko-crash-server-pipe.924 plugin plugin-container.exe 4248 2,736 K 8,372 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugin-container.exe" --channel=924.199d07c0.1114581051 "C:\Users\The Raddish\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" "Mozilla.Firefox.4.0b11" -omnijar C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\omni.jar 924 \\.\pipe\gecko-crash-server-pipe.924 plugin googletalkplugin.exe 4212 10,980 K 14,216 K Google Talk Plugin Google "C:\Users\The Raddish\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe" procexp64.exe 1032 10.30 17,712 K 34,448 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\The Raddish\Downloads\Process Explorer\procexp64.exe" OnekeyDM.exe 1608 2,048 K 5,416 K OnekeyDM MFC Application "C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe" Monitor.exe 1648 2,572 K 8,328 K Monitor Application LeapFrog Enterprises, Inc. "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" FirewallGUI.exe 500 0.74 15,504 K 3,844 K PC Tools Firewall GUI PC Tools "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s jusched.exe 564 1,164 K 4,332 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
I think, you need to run some hardware tests.
Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard+drive+diagnostic) Make sure, you select tool, which is appropriate for the brand of your hard drive. Depending on the program, it'll create bootable FLOPPY, or bootable CD. If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable. For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Path=ServicesSupport/FujitsuDrivesUSandCanada/SoftwareUtilities#diagnostic
Note : If you do not know how to set your computer to boot from CD follow the steps HERE
===================================================================================
A. If you have more than one RAM module installed, try starting/running computer with one RAM stick at a time.
NOTE Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A
B. If you have only one RAM stick installed... ...run memtest...
1. Download - Pre-Compiled Bootable ISO (.zip) 2. Unzip downloaded memtest86+-....iso.zip file. 3. Inside, you'll find memtest86+-....iso file. 4. Download, and install ImgBurn: http://www.imgburn.com/ 5. Insert blank CD into your CD drive. 6. Open ImgBurn, and click on Write image file to disc 7. Click on Browse for a file... icon:
8. Locate memtest86+-....iso file, and click Open button. 9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:
10. Once the CD is created, boot from it, and memtest will automatically start to run.
The running program will look something like this depending on the size and number of ram modules installed:
It's recommended to run 5-6 passes. Each pass contains very same 8 tests.
This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.
The following image is the test results area:
The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.
Broni,
I'll do these but keep in mind that both Ubuntu and XP are running just fine on this machine right now, no problems what-so-ever. I'd think that if I had a hardware issue it would manifest in both of those installations as well, wouldn't it?True. I forgot about it. Well, maybe it's time to reinstall Win 7 then.Yeah, I was hoping to avoid that. Oh well, I guess we can't win 'em all.
Thanks for your help, it is appreciated. I wish, we did better
Quote from: Broni on February 21, 2011, 10:46:56 AMI wish, we did better
Just a quick FYI for follow-up. After reinstall (which seems to be a two or three day affair these days), this machine is back to screamin'.
I really would like to have known what caused the slowdown.
Now that everything is reinstalled and running like it should, I'll be making an Arconis image. I should have done this long ago. Oh well, live and learn.
Thanks again for your help. You're very welcome Thanks for posting back
|