Bsod help

CarlTR6 · 09 Jan 2011

Thanks, Corrine; I appreciate the input. That is what I was hoping for.

ratchetclan4 · 10 Jan 2011

Ah, i must have gotten it off that then, also i did not know that Corrine thanks for the info
all appears to be well so far... had a few issues with windows installer closing everytime i tried to install something but a restarts fixed that. i have'nt had anymore BSODS so i assume it was either down to my ram slots, or that Trojan i got. can trojan.agent.ck's do that? also my fans in my computer seem to have went alot quieter they where really noisy before

Corrine · 10 Jan 2011

Hi, ratchetclan4.

Indeed, the results of a malware infection can cause BSOD's.

ratchetclan4 · 13 Jan 2011

haven't had one for two days and now its reoccured

On Thu 13/01/2011 20:14:08 GMT your computer crashed
crash dump file: C:\Windows\Minidump\011311-26364-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x71F00)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF800018C2139, 0xFFFFF8800BD24020, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.

On Thu 13/01/2011 20:14:08 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: dxgkrnl.sys (dxgkrnl!g_TdrForceTimeout+0x12D04)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF800018C2139, 0xFFFFF8800BD24020, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\drivers\dxgkrnl.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: DirectX Graphics Kernel
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.

CarlTR6 · 13 Jan 2011

Your dump blames dxgkrnl.sys, Windows system Direct X driver, for the crash. Usually when I find bugcheck 3B blaming Direct X, I find a third party firewall and/or a third party antivirus or outdated video, sound LAN wireless or Ethernet drivers. In this case, I see very outdated driver. I can't say this driver is the cause; but I can say it is not contributing to the stability of your system. Update this driver.

nvm62x64.sys Fri Oct 17 17:01:06 2008 - nVidia Ethernet Networking Driver (nForce chipset driver). Drivers - Download NVIDIA Drivers.

If you cannot update it and if you do not use Ethernet, rename the driver from .sys to .old. Reboot and the driver will not load.

Do you have any type of third party security program such a gaming security program, a keylogger protection program, a wi-fi or horspot protection program? I ask for two reasons: (1) the nature of your dump and (2) I see a driver, erqnxkdo.sys, that I cannot account for. It is shown as an unloaded module which means it was involved in the crash. I cannot find where this driver loads from on your system nor can I find it's date. This is indicative of some security programs, Daemon Tools - which produce one time drivers - and malware.

Code:

Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`01849000 PsLoadedModuleList = 0xfffff800`01a86e50
Debug session time: Thu Jan 13 15:14:08.454 2011 (GMT-5)
System Uptime: 0 days 1:11:38.578
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff800018c2139, fffff8800bd24020, 0}

Probably caused by : dxgkrnl.sys ( dxgkrnl!DxgkWaitForVerticalBlankEvent+548 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff800018c2139, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff8800bd24020, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!KiCommitThreadWait+2b9
fffff800`018c2139 48894808        mov     qword ptr [rax+8],rcx

CONTEXT:  fffff8800bd24020 -- (.cxr 0xfffff8800bd24020)
rax=ffeff88001e5f1a8 rbx=fffff88001e5f1a0 rcx=fffffa8004885140
rdx=00000000000007ff rsi=fffffa8003e31c20 rdi=0000000000000000
rip=fffff800018c2139 rsp=fffff8800bd24a00 rbp=0000000000000000
 r8=fffff80001849000  r9=0000000000000000 r10=fffffffffffffffb
r11=0000000000000246 r12=0000000000000000 r13=0000000000000000
r14=fffff88001e5e380 r15=0000000000000061
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0000  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
nt!KiCommitThreadWait+0x2b9:
fffff800`018c2139 48894808        mov     qword ptr [rax+8],rcx ds:002b:ffeff880`01e5f1b0=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  dwm.exe

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800018c41af to fffff800018c2139

STACK_TEXT:  
fffff880`0bd24a00 fffff800`018c41af : 00000000`00000000 80000000`00000001 00000000`00000061 80000000`00000001 : nt!KiCommitThreadWait+0x2b9
fffff880`0bd24a90 fffff880`0448f5bc : fffffa80`03e31b00 fffffa80`00000006 fffff880`0bd24c00 fffffa80`06cb4000 : nt!KeWaitForSingleObject+0x19f
fffff880`0bd24b30 fffff960`0018ba26 : 00000000`00000000 fffff880`0bd24c28 000007fe`00000000 00000000`000007ea : dxgkrnl!DxgkWaitForVerticalBlankEvent+0x548
fffff880`0bd24bf0 fffff800`018ba153 : fffffa80`03e31b60 fffffa80`03e30320 fffffa80`00000000 fffffa80`03e30320 : win32k!NtGdiDdDDIWaitForVerticalBlankEvent+0x12
fffff880`0bd24c20 000007fe`fe00138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`038cf6e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fe00138a


FOLLOWUP_IP: 
dxgkrnl!DxgkWaitForVerticalBlankEvent+548
fffff880`0448f5bc f0838628130000ff lock add dword ptr [rsi+1328h],0FFFFFFFFh

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  dxgkrnl!DxgkWaitForVerticalBlankEvent+548

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: dxgkrnl

IMAGE_NAME:  dxgkrnl.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc590

STACK_COMMAND:  .cxr 0xfffff8800bd24020 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_dxgkrnl!DxgkWaitForVerticalBlankEvent+548

BUCKET_ID:  X64_0x3B_dxgkrnl!DxgkWaitForVerticalBlankEvent+548

Followup: MachineOwner
---------

2: kd> lmtsmn
start             end                 module name
fffff880`00f92000 fffff880`00fe9000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
fffff880`03032000 fffff880`030bc000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`045a7000 fffff880`045bd000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`033c5000 fffff880`033da000   amdppm   amdppm.sys   Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`0113f000 fffff880`0114a000   amdxata  amdxata.sys  Tue May 19 13:56:59 2009 (4A12F2EB)
fffff880`00d98000 fffff880`00da1000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`00da1000 fffff880`00dcb000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
fffff880`015e2000 fffff880`015e9000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
fffff880`0338e000 fffff880`0339f000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`0854c000 fffff880`0856a000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
fffff960`00600000 fffff960`00627000   cdd      cdd.dll      Mon Jul 13 21:25:40 2009 (4A5BDE94)
fffff880`01200000 fffff880`0122a000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`00cbe000 fffff880`00d7e000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
fffff880`01450000 fffff880`01480000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00c60000 fffff880`00cbe000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`014c5000 fffff880`01538000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
fffff880`04597000 fffff880`045a7000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`084e2000 fffff880`084f0000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`032ed000 fffff880`03370000   csc      csc.sys      Mon Jul 13 19:24:26 2009 (4A5BC22A)
fffff880`03370000 fffff880`0338e000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
fffff880`0300b000 fffff880`0301a000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`0143a000 fffff880`01450000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`0493a000 fffff880`0495c000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
fffff880`084f0000 fffff880`084fa000   dump_diskdump dump_diskdump.sys Mon Jul 13 20:01:00 2009 (4A5BCABC)
fffff880`08539000 fffff880`0854c000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
fffff880`084fa000 fffff880`08539000   dump_nvstor64 dump_nvstor64.sys Tue Aug 04 20:31:07 2009 (4A78D2CB)
fffff880`04962000 fffff880`0496e000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`0445d000 fffff880`04551000   dxgkrnl  dxgkrnl.sys  Mon Jul 13 19:38:56 2009 (4A5BC590)
fffff880`04551000 fffff880`04597000   dxgmms1  dxgmms1.sys  Mon Jul 13 19:38:32 2009 (4A5BC578)
fffff880`01196000 fffff880`011aa000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
fffff880`0114a000 fffff880`01196000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
fffff880`01549000 fffff880`01553000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
fffff880`01400000 fffff880`0143a000   fvevol   fvevol.sys   Mon Jul 13 19:22:15 2009 (4A5BC1A7)
fffff880`0168b000 fffff880`016d5000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
fffff800`01800000 fffff800`01849000   hal      hal.dll      Mon Jul 13 21:27:36 2009 (4A5BDF08)
fffff880`034bb000 fffff880`034df000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
fffff880`048a1000 fffff880`048fd000   HdAudio  HdAudio.sys  Mon Jul 13 20:06:59 2009 (4A5BCC23)
fffff880`0499b000 fffff880`049b4000   HIDCLASS HIDCLASS.SYS Mon Jul 13 20:06:21 2009 (4A5BCBFD)
fffff880`049b4000 fffff880`049bc080   HIDPARSE HIDPARSE.SYS Mon Jul 13 20:06:17 2009 (4A5BCBF9)
fffff880`0498d000 fffff880`0499b000   hidusb   hidusb.sys   Mon Jul 13 20:06:22 2009 (4A5BCBFE)
fffff880`015d9000 fffff880`015e2000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
fffff880`045ed000 fffff880`045fc000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`049bd000 fffff880`049cb000   kbdhid   kbdhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff800`01764000 fffff800`0176e000   kdcom    kdcom.dll    Mon Jul 13 21:31:07 2009 (4A5BDFDB)
fffff880`0356c000 fffff880`035af000   ks       ks.sys       Mon Jul 13 20:00:31 2009 (4A5BCA9F)
fffff880`013e0000 fffff880`013fa000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
fffff880`01660000 fffff880`0168b000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:50:34 2009 (4A5BC84A)
fffff880`0495c000 fffff880`04961200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
fffff880`04823000 fffff880`04838000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`04800000 fffff880`04823000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`00c3f000 fffff880`00c4c000   mcupdate_AuthenticAMD mcupdate_AuthenticAMD.dll Mon Jul 13 21:29:09 2009 (4A5BDF65)
fffff880`049cb000 fffff880`049d9000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
fffff880`0355d000 fffff880`0356c000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`049d9000 fffff880`049e6000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff880`00d7e000 fffff880`00d98000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`011aa000 fffff880`011db000   MpFilter MpFilter.sys Tue Sep 14 20:19:28 2010 (4C901110)
fffff880`08d81000 fffff880`08d91000   MpNWMon  MpNWMon.sys  Tue Sep 14 20:19:30 2010 (4C901112)
fffff880`0856a000 fffff880`08582000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`08582000 fffff880`085ae000   mrxsmb   mrxsmb.sys   Mon Jul 13 19:23:59 2009 (4A5BC20F)
fffff880`085ae000 fffff880`085fb000   mrxsmb10 mrxsmb10.sys Mon Jul 13 19:24:08 2009 (4A5BC218)
fffff880`08400000 fffff880`08423000   mrxsmb20 mrxsmb20.sys Mon Jul 13 19:24:05 2009 (4A5BC215)
fffff880`00c00000 fffff880`00c0b000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`00ff2000 fffff880`00ffc000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`01000000 fffff880`0105e000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
fffff880`03000000 fffff880`0300b000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`017e9000 fffff880`017fb000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`016e8000 fffff880`017da000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`045e1000 fffff880`045ed000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`0488b000 fffff880`0489e000   ndisuio  ndisuio.sys  Mon Jul 13 20:09:25 2009 (4A5BCCB5)
fffff880`04400000 fffff880`0442f000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`035c1000 fffff880`035d6000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
fffff880`03146000 fffff880`03155000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`030bc000 fffff880`03101000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
fffff880`01600000 fffff880`01660000   NETIO    NETIO.SYS    Thu Apr 08 22:43:59 2010 (4BBE946F)
fffff880`0343b000 fffff880`034ae000   netr6164 netr6164.sys Thu Oct 15 23:15:23 2009 (4AD7E54B)
fffff880`08d91000 fffff880`08da6000   NisDrvWFP NisDrvWFP.sys Tue Sep 14 20:20:25 2010 (4C901149)
fffff880`00c0b000 fffff880`00c1c000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`031f2000 fffff880`031fe000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff800`01849000 fffff800`01e26000   nt       ntkrnlmp.exe Mon Jul 13 19:40:48 2009 (4A5BC600)
fffff880`0123d000 fffff880`013e0000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
fffff880`014bb000 fffff880`014c4000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`043fe000 fffff880`043ff180   nvBridge nvBridge.kmd Sat Oct 16 13:06:16 2010 (4CB9DB88)
fffff880`03824000 fffff880`043fda80   nvlddmkm nvlddmkm.sys Sat Oct 16 13:12:46 2010 (4CB9DD0E)
fffff880`034df000 fffff880`03542d80   nvm62x64 nvm62x64.sys Fri Oct 17 17:01:06 2008 (48F8FD12)
fffff880`00dcb000 fffff880`00df6000   nvstor   nvstor.sys   Wed May 20 02:45:37 2009 (4A13A711)
fffff880`01100000 fffff880`0113f000   nvstor64 nvstor64.sys Tue Aug 04 20:31:07 2009 (4A78D2CB)
fffff880`04838000 fffff880`0488b000   nwifi    nwifi.sys    Mon Jul 13 20:07:23 2009 (4A5BCC3B)
fffff880`0310a000 fffff880`03130000   pacer    pacer.sys    Mon Jul 13 20:09:41 2009 (4A5BCCC5)
fffff880`033da000 fffff880`033f7000   parport  parport.sys  Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`00e40000 fffff880`00e55000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00e00000 fffff880`00e33000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`00ec6000 fffff880`00ecd000   pciide   pciide.sys   Mon Jul 13 19:19:49 2009 (4A5BC115)
fffff880`00ecd000 fffff880`00edd000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`01538000 fffff880`01549000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`088de000 fffff880`08984000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`048fd000 fffff880`0493a000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
fffff880`00c4c000 fffff880`00c60000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`045bd000 fffff880`045e1000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`0442f000 fffff880`0444a000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`03800000 fffff880`03821000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
fffff880`03543000 fffff880`0355d000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`031a1000 fffff880`031f2000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
fffff880`0444a000 fffff880`04455000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
fffff880`015f7000 fffff880`01600000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`0122a000 fffff880`01233000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`01233000 fffff880`0123c000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`0159f000 fffff880`015d9000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
fffff880`049e6000 fffff880`049fe000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`08984000 fffff880`0898f000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`03200000 fffff880`0320c000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`03155000 fffff880`03172000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`017e2000 fffff880`017e9000   speedfan speedfan.sys Sun Sep 24 09:26:48 2006 (45168798)
fffff880`017da000 fffff880`017e2000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`08ce9000 fffff880`08d81000   srv      srv.sys      Mon Jul 13 19:25:11 2009 (4A5BC257)
fffff880`08423000 fffff880`0848c000   srv2     srv2.sys     Mon Jul 13 19:25:02 2009 (4A5BC24E)
fffff880`0898f000 fffff880`089bc000   srvnet   srvnet.sys   Mon Jul 13 19:24:58 2009 (4A5BC24A)
fffff880`0109e000 fffff880`01100000   storport storport.sys Mon Jul 13 20:01:18 2009 (4A5BCACE)
fffff880`045fc000 fffff880`045fd480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`01800000 fffff880`019fd000   tcpip    tcpip.sys    Thu Apr 08 22:45:54 2010 (4BBE94E2)
fffff880`08871000 fffff880`08883000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
fffff880`03025000 fffff880`03032000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
fffff880`00c1c000 fffff880`00c3a000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
fffff880`0318d000 fffff880`031a1000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
fffff960`00480000 fffff960`0048a000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff880`0339f000 fffff880`033c5000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
fffff880`0848e000 fffff880`084e2000   udfs     udfs.sys     Mon Jul 13 19:23:37 2009 (4A5BC1F9)
fffff880`035af000 fffff880`035c1000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`0496e000 fffff880`0498b000   usbccgp  usbccgp.sys  Mon Jul 13 20:06:45 2009 (4A5BCC15)
fffff880`0498b000 fffff880`0498cf00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
fffff880`0326d000 fffff880`0327e000   usbehci  usbehci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`0327e000 fffff880`032d8000   usbhub   usbhub.sys   Mon Jul 13 20:07:09 2009 (4A5BCC2D)
fffff880`0320c000 fffff880`03217000   usbohci  usbohci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`03217000 fffff880`0326d000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
fffff880`00e33000 fffff880`00e40000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`015e9000 fffff880`015f7000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`011db000 fffff880`01200000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`016d5000 fffff880`016e5000   vmstorfl vmstorfl.sys Mon Jul 13 19:42:54 2009 (4A5BC67E)
fffff880`00e55000 fffff880`00e6a000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`00e6a000 fffff880`00ec6000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
fffff880`01553000 fffff880`0159f000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
fffff880`034ae000 fffff880`034bb000   vwifibus vwifibus.sys Mon Jul 13 20:07:21 2009 (4A5BCC39)
fffff880`03130000 fffff880`03146000   vwififlt vwififlt.sys Mon Jul 13 20:07:22 2009 (4A5BCC3A)
fffff880`03172000 fffff880`0318d000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
fffff880`014ab000 fffff880`014bb000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`00edf000 fffff880`00f83000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
fffff880`00f83000 fffff880`00f92000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`03101000 fffff880`0310a000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff960`00000000 fffff960`0030f000   win32k   win32k.sys   Mon Jul 13 19:40:16 2009 (4A5BC5E0)
fffff880`00fe9000 fffff880`00ff2000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)

Unloaded modules:
fffff880`08800000 fffff880`08871000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`01480000 fffff880`0148e000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0148e000 fffff880`01498000   dump_storpor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0105e000 fffff880`0109d000   dump_nvstor6
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`01498000 fffff880`014ab000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`014ab000 fffff880`014bb000   erqnxkdo.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000

ratchetclan4 · 14 Jan 2011

erqnxkdo.sys i did a search for and i cannot find on my system also i tried
the .old thing to the nvidia ethernet driver but somehow its made the driver again
i do not have any third party programs like that installed
below is what i see in add/remove programs

Code:

UTorrent
adobe air
adobe flash player 10 activeX
adobe flash player 10 plugin
adobe reader X
asio4all
audacity 1.3.12 (unicode)
Call of duty: Black ops
conduit engine
ea download manager
ea download manager UI
edimax rt6x wireless lan card
fl studio 9
garrys mod
guitar pro 5.0
hardcore - fl studio plugin
hijackthis
IL download manager
Java 6 update 23
malware bytes anti malware
medal of honor
messenger plus! Live
Microsoft .NET Framework 4 client profile
Microsoft .NET Framework 4 Extended
Microsoft games for windows - LIVE
Microsoft games for windows - LIVE redistributable
microsoft security essentials
microsoft silverlight
Microsoft Visual C++ 2005 redistribuatble
Microsoft Visual C++ 2008 redistrubatble x86 9.0.30729.17
Microsoft Visual C++ 2005 redistrubatble x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
Nvidia 3d Vision Driver 260.99
Nvidia graphics driver 260.99
Nvidia physX system software 9.10.0514
Poizone - Fl studio plugin
Punkbuster services
rockstar games social club
sawer - fl studio plugin
skype toolbars
skype 5.1
speedfan
steam
toxic biohazard - fl studio plugin
utorrentbar toolbar
whocrashed 3.01
windows live essentials 2011
winrar 4.00 beta 4 (64-bit)

CarlTR6 · 14 Jan 2011

Hmm, I don't see anything in your list that would suspect as owning that driver. However, I am not familiar with several of the items on your list. Did you run a deepscan with Malwarebytes? I certaily don't want that driver to be from a nasty lurking about on your system.

ratchetclan4 · 14 Jan 2011

By deepscan im guessing you mean fullscan? yes i have done when i found that assassins creed trojan
but im doing another scan right now

ratchetclan4 · 14 Jan 2011

Done

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5485
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14/01/2011 21:27:53
mbam-log-2011-01-14 (21-27-48).txt
Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 375414
Time elapsed: 37 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

CarlTR6 · 14 Jan 2011

What did you do about this one: Registry Data Items Infected: 1