Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD Crashing Possible Disk Errors


  • Please log in to reply
8 replies to this topic

#1 CrisGer

CrisGer

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:05:07 AM

Posted 21 August 2009 - 12:34 PM

I am experiencing multiple BSOD crashes, and cant seem to resolve it need help if possible. I tried to restore but restores wont complete, the system keeps telling me to choose another date, and it wont complete plst 60%. I have the error logs as i have debug analysis activated.

I also have an external HD, Acronis True Image Home, with a complete back up of the system but i am afraid to use it because of a warning i get that says to restore the entire system i must clear the disk completely and there is some partition information that is useful. My local tech is out of town and I am afraid to wait until next week ..in case a total system loss is imminent. When i try to proceed with the full Retore with this Acronis set up, i get the choice to pick these options:

NTFS (Unlabeled) C: Capacity 279.5 GB Used 247.3 GB Type NTFS
MBR and Track 0 (was not sure what that was)
if i check them both....

it asks for destination of Disk 1,

if i choose 279.5 GB Maxtor 72300S0 Banc Interface Unkown,

i get an alert that says:

"The destination hard disk you have chosen contains some partitions that could contain useful data. Hard disk image restoring is possible only if the hard disk drive is empty. Press OK to confirm deletion of all partitions on the destination Hard disk before restoring."



I have run Malwaare Antivirus with defnitions updated and found one trojan, once cleared that these problems seemed to increase. I cannot complete a scan with Spybot, the system reboots.

I have an AMD 3300 with 2.4. ghz, 3 GB of RAM and a 400 GB HD, using FX7600GT. I had memory problems a whilea go and replaced all the memory to upgrade to 3 GB RAM. It seems to be a driver pool corruption possibly. here are the 5 most recent debug reports and any help very much appreciated. These are fro m the most recent last night,, going backwards chronologicaly.

ps: i have been working as a beta tester for a major game company, and that may be one source of a bad driver, also have been studying some older games, as I am a game researcher, so there are several sources for possible bad drivers. I dont know how to check the disk for errors, or how to use the other internal tools for such, ....but this did not seem to be a virus problem from my work with such in the past. I tried to defrag but was unable to complete it, as it BSOD'd. I had a lot on the system but freed up about 70 GB of HD memory so the system is more stress free now.


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini101508-05.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Wed Oct 15 23:14:05.140 2008 (GMT-6)
System Uptime: 0 days 0:04:15.775
Loading Kernel Symbols
.........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 695f, 85117ea8}

*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
GetUlongFromAddress: unable to read from 8055b8f0
*** WARNING: Unable to verify timestamp for AVFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for AVFilter.sys
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for atksgt.sys
*** ERROR: Module load completed but symbols could not be loaded for atksgt.sys
*** WARNING: Unable to verify timestamp for nv4_disp.dll
*** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for dump_SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_SI3112r.sys
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for AVRec.sys
*** ERROR: Module load completed but symbols could not be loaded for AVRec.sys
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for tandpl.sys
*** ERROR: Module load completed but symbols could not be loaded for tandpl.sys
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for lirsgt.sys
*** ERROR: Module load completed but symbols could not be loaded for lirsgt.sys
*** WARNING: Unable to verify timestamp for ACEDRV05.sys
*** ERROR: Module load completed but symbols could not be loaded for ACEDRV05.sys
*** WARNING: Unable to verify timestamp for ctac32k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctac32k.sys
*** WARNING: Unable to verify timestamp for ctsfm2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctsfm2k.sys
*** WARNING: Unable to verify timestamp for X4HSX32.Sys
*** ERROR: Module load completed but symbols could not be loaded for X4HSX32.Sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for ha10kx2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha10kx2k.sys
*** WARNING: Unable to verify timestamp for hap16v2k.sys
*** ERROR: Module load completed but symbols could not be loaded for hap16v2k.sys
*** WARNING: Unable to verify timestamp for AVHook.sys
*** ERROR: Module load completed but symbols could not be loaded for AVHook.sys
*** WARNING: Unable to verify timestamp for azdyrgs4.SYS
*** ERROR: Module load completed but symbols could not be loaded for azdyrgs4.SYS
*** WARNING: Unable to verify timestamp for yk51x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk51x86.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
*** WARNING: Unable to verify timestamp for nv4_mini.sys
*** ERROR: Module load completed but symbols could not be loaded for nv4_mini.sys
*** WARNING: Unable to verify timestamp for SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for SI3112r.sys
*** WARNING: Unable to verify timestamp for nvatabus.sys
*** ERROR: Module load completed but symbols could not be loaded for nvatabus.sys
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for si3112.sys
*** ERROR: Module load completed but symbols could not be loaded for si3112.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for nv_agp.sys
*** ERROR: Module load completed but symbols could not be loaded for nv_agp.sys
*** WARNING: Unable to verify timestamp for ctprxy2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctprxy2k.sys
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
*** WARNING: Unable to verify timestamp for enodpl.sys
*** ERROR: Module load completed but symbols could not be loaded for enodpl.sys
*** WARNING: Unable to verify timestamp for mchInjDrv.sys
*** ERROR: Module load completed but symbols could not be loaded for mchInjDrv.sys
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
Probably caused by : FILTNT.SYS ( FILTNT+264e )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 0000695f, Memory contents of the pool block
Arg4: 85117ea8, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055b8f0

POOL_ADDRESS: 85117ea8

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 5

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: iexplore.exe

LAST_CONTROL_TRANSFER: from 80543e86 to 804f8aef

STACK_TEXT:
bacbf8d0 80543e86 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
bacbf920 edc6cd86 85117ea8 00000000 852b1594 nt!ExFreePoolWithTag+0x2a0
bacbf944 edc74286 00117ea8 852b1590 bacbf9c8 tcpip!CloseRCE+0x100
bacbf968 edc77ee3 072b1590 bacbf900 bacbf99c tcpip!CloseTCB+0x107
bacbf978 edc77ec7 852b1590 00000040 bacbf900 tcpip!TryToCloseTCB+0x38
bacbf99c edc73fe7 bacbf900 00000000 00000002 tcpip!TdiDisconnect+0x205
bacbf9e8 edc72bcf 85116cd8 00000000 85116d6c tcpip!TCPDisconnect+0xfd
bacbfa04 804edfe3 85355030 85116cd8 85116d90 tcpip!TCPDispatchInternalDeviceControl+0x14d
bacbfa14 edc4164e 868f8310 8534e268 00000000 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
bacbfa5c 804edfe3 853535b8 85116cd8 85116cd8 FILTNT+0x264e
bacbfa6c edbe3c59 bacbfac8 868f82f0 85121008 nt!IopfCallDriver+0x31
bacbfa90 edbe3deb 853535b8 851a1b30 bacbfc90 afd!AfdBeginAbort+0x1f3
bacbfb00 edbd68aa 851a1b30 0001202b 09c67101 afd!AfdPartialDisconnect+0x230
bacbfc50 805748d7 851a1b30 00000001 01d3fb54 afd!AfdFastIoDeviceControl+0x9a
bacbfd00 8056d5ba 00000694 00000350 00000000 nt!IopXxxControlFile+0x261
bacbfd34 8053ca28 00000694 00000350 00000000 nt!NtDeviceIoControlFile+0x2a
bacbfd34 7c90eb94 00000694 00000350 00000000 nt!KiFastCallEntry+0xf8
01d3fba8 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
FILTNT+264e
edc4164e ?? ???

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: FILTNT+264e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: FILTNT

IMAGE_NAME: FILTNT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 3d09df6b

FAILURE_BUCKET_ID: 0xc2_7_FILTNT+264e

BUCKET_ID: 0xc2_7_FILTNT+264e

Followup: MachineOwner
---------

kd> lmvm FILTNT
start end module name
edc3f000 edc53f20 FILTNT T (no symbols)
Loaded symbol image file: FILTNT.SYS
Image path: FILTNT.SYS
Image name: FILTNT.SYS
Timestamp: Fri Jun 14 06:19:55 2002 (3D09DF6B)
CheckSum: 00018F2E
ImageSize: 00014F20
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
kd> lmvm FILTNT
start end module name
edc3f000 edc53f20 FILTNT T (no symbols)
Loaded symbol image file: FILTNT.SYS
Image path: FILTNT.SYS
Image name: FILTNT.SYS
Timestamp: Fri Jun 14 06:19:55 2002 (3D09DF6B)
CheckSum: 00018F2E
ImageSize: 00014F20
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
---------------------------------------------------------------------------------
2.

Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini121508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Tue Dec 16 00:54:00.218 2008 (GMT-6)
System Uptime: 1 days 11:39:19.870
Loading Kernel Symbols
...................................................................................................................................................
Loading User Symbols
Loading unloaded module list
......................................
Unable to load image AVHook.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for AVHook.sys
*** ERROR: Module load completed but symbols could not be loaded for AVHook.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {b0, 2, 0, 804ee24b}

Probably caused by : AVHook.sys ( AVHook+1e4e )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000b0, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804ee24b, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 000000b0

CURRENT_IRQL: 2

FAULTING_IP:
nt!IoDetachDevice+27
804ee24b 8b80b0000000 mov eax,dword ptr [eax+0B0h]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: PCTAV.exe

LAST_CONTROL_TRANSFER: from f12e1e4e to 804ee24b

STACK_TEXT:
b6791008 f12e1e4e 885846d0 8a65bad0 8a2f7bb8 nt!IoDetachDevice+0x27
WARNING: Stack unwind information not available. Following frames may be wrong.
b6791090 804edfe3 88800690 8a65bac0 8a65bac0 AVHook+0x1e4e
b67910a0 80577672 8a638320 8a275e44 b6791248 nt!IopfCallDriver+0x31
b6791180 805b390a 8a638338 00000000 8a275da0 nt!IopParseDevice+0xa12
b6791208 805afdeb 00000000 b6791248 00000040 nt!ObpLookupObjectName+0x56a
b679125c 8056a3b1 00000000 00000000 00000001 nt!ObOpenObjectByName+0xeb
b67912d8 8056ad28 0012cb9c 00100001 0012cb40 nt!IopCreateFile+0x407
b6791334 8056e50f 0012cb9c 00100001 0012cb40 nt!IoCreateFile+0x8e
b6791374 8053ca28 0012cb9c 00100001 0012cb40 nt!NtOpenFile+0x27
b6791374 7c90eb94 0012cb9c 00100001 0012cb40 nt!KiFastCallEntry+0xf8
0012ce0c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
AVHook+1e4e
f12e1e4e ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: AVHook+1e4e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: AVHook

IMAGE_NAME: AVHook.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 452c4918

FAILURE_BUCKET_ID: 0xA_AVHook+1e4e

BUCKET_ID: 0xA_AVHook+1e4e

Followup: MachineOwner
---------

kd> lmvm AVHook
start end module name
f12e0000 f12ea000 AVHook T (no symbols)
Loaded symbol image file: AVHook.sys
Image path: AVHook.sys
Image name: AVHook.sys
Timestamp: Tue Oct 10 19:30:00 2006 (452C4918)
CheckSum: 0001482D
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
---------------------------------------------------
3.
Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini103108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Fri Oct 31 18:51:55.593 2008 (GMT-6)
System Uptime: 0 days 7:00:47.220
Loading Kernel Symbols
...............................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 9C, {4, 805461f0, b2000000, 70f0f}

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MACHINE_CHECK_EXCEPTION (9c)
A fatal Machine Check Exception has occurred.
KeBugCheckEx parameters;
x86 Processors
If the processor has ONLY MCE feature available (For example Intel
Pentium), the parameters are:
1 - Low 32 bits of P5_MC_TYPE MSR
2 - Address of MCA_EXCEPTION structure
3 - High 32 bits of P5_MC_ADDR MSR
4 - Low 32 bits of P5_MC_ADDR MSR
If the processor also has MCA feature available (For example Intel
Pentium Pro), the parameters are:
1 - Bank number
2 - Address of MCA_EXCEPTION structure
3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
4 - Low 32 bits of MCi_STATUS MSR for the MCA bank that had the error
IA64 Processors
1 - Bugcheck Type
1 - MCA_ASSERT
2 - MCA_GET_STATEINFO
SAL returned an error for SAL_GET_STATEINFO while processing MCA.
3 - MCA_CLEAR_STATEINFO
SAL returned an error for SAL_CLEAR_STATEINFO while processing MCA.
4 - MCA_FATAL
FW reported a fatal MCA.
5 - MCA_NONFATAL
SAL reported a recoverable MCA and we don't support currently
support recovery or SAL generated an MCA and then couldn't
produce an error record.
0xB - INIT_ASSERT
0xC - INIT_GET_STATEINFO
SAL returned an error for SAL_GET_STATEINFO while processing INIT event.
0xD - INIT_CLEAR_STATEINFO
SAL returned an error for SAL_CLEAR_STATEINFO while processing INIT event.
0xE - INIT_FATAL
Not used.
2 - Address of log
3 - Size of log
4 - Error code in the case of x_GET_STATEINFO or x_CLEAR_STATEINFO
AMD64 Processors
1 - Bank number
2 - Address of MCA_EXCEPTION structure
3 - High 32 bits of MCi_STATUS MSR for the MCA bank that had the error
4 - Low 32 bits of MCi_STATUS MSR for the MCA bank that had the error
Arguments:
Arg1: 00000004
Arg2: 805461f0
Arg3: b2000000
Arg4: 00070f0f

Debugging Details:
------------------

NOTE: This is a hardware error. This error was reported by the CPU
via Interrupt 18. This analysis will provide more information about
the specific error. Please contact the manufacturer for additional
information about this error and troubleshooting assistance.

This error is documented in the following publication:

- Bios and Kernel Developers Guid for AMD Athlon® 64 and AMD Opteron® Processors
Bit Mask:

MA Model Specific MCA
O ID Other Information Error Code Error Code
VV SDP ___________|____________ _______|_______ _______|______
AEUECRC| | | |
LRCNVVC| | | |
^^^^^^^| | | |
6 5 4 3 2 1
3210987654321098765432109876543210987654321098765432109876543210
----------------------------------------------------------------
1011001000000000000000000000000000000000000001110000111100001111


VAL - MCi_STATUS register is valid
Indicates that the information contained within the IA32_MCi_STATUS
register is valid. When this flag is set, the processor follows the
rules given for the OVER flag in the IA32_MCi_STATUS register when
overwriting previously valid entries. The processor sets the VAL
flag and software is responsible for clearing it.

UC - Error Uncorrected
Indicates that the processor did not or was not able to correct the
error condition. When clear, this flag indicates that the processor
was able to correct the error condition.

EN - Error Enabled
Indicates that the error was enabled by the associated EEj bit of the
IA32_MCi_CTL register.

PCC - Processor Context Corrupt
Indicates that the state of the processor might have been corrupted
by the error condition detected and that reliable restarting of the
processor may not be possible.

BUSCONNERR - Bus and Interconnect Error BUS{LL}_{PP}_{RRRR}_{II}_{T}_err
These errors match the format 0000 1PPT RRRR IILL



Concatenated Error Code:
--------------------------
_VAL_UC_EN_PCC_BUSCONNERR_30F

This error code can be reported back to the manufacturer.
They may be able to provide additional information based upon
this error. All questions regarding STOP 0x9C should be
directed to the hardware manufacturer.

BUGCHECK_STR: 0x9C_AuthenticAMD

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from 806d38df to 804f8aef

STACK_TEXT:
805461c8 806d38df 0000009c 00000004 805461f0 nt!KeBugCheckEx+0x1b
805462f4 806cec2e 80042000 00000000 00000000 hal!HalpMcaExceptionHandler+0xdd
805462f4 00000000 80042000 00000000 00000000 hal!HalpMcaExceptionHandlerWrapper+0x46


STACK_COMMAND: kb

SYMBOL_NAME: ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: 0x9C_AuthenticAMD_ANALYSIS_INCONCLUSIVE

BUCKET_ID: 0x9C_AuthenticAMD_ANALYSIS_INCONCLUSIVE

Followup: MachineOwner
---------

kd> lmvm Unknown_Module
start end module name
kd> lmvm Unknown_Module
start end module name
kd> lmvm Unknown_Module
start end module name-------
---------------------------------------------------------------------------------------------
4.

Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini101508-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Wed Oct 15 23:09:03.890 2008 (GMT-6)
System Uptime: 0 days 0:03:58.530
Loading Kernel Symbols
.........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 68f7, 851a6ec8}

GetUlongFromAddress: unable to read from 8055b8f0
*** WARNING: Unable to verify timestamp for AVFilter.sys
*** ERROR: Module load completed but symbols could not be loaded for AVFilter.sys
*** WARNING: Unable to verify timestamp for atksgt.sys
*** ERROR: Module load completed but symbols could not be loaded for atksgt.sys
*** WARNING: Unable to verify timestamp for PROTECT.DLL
*** ERROR: Module load completed but symbols could not be loaded for PROTECT.DLL
*** WARNING: Unable to verify timestamp for MAILFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for MAILFILT.DLL
*** WARNING: Unable to verify timestamp for ADBLOCK.DLL
*** ERROR: Module load completed but symbols could not be loaded for ADBLOCK.DLL
*** WARNING: Unable to verify timestamp for HTTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTTPFILT.DLL
*** WARNING: Unable to verify timestamp for nv4_disp.dll
*** ERROR: Module load completed but symbols could not be loaded for nv4_disp.dll
*** WARNING: Unable to verify timestamp for ATMFD.DLL
*** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
*** WARNING: Unable to verify timestamp for dump_SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_SI3112r.sys
*** WARNING: Unable to verify timestamp for FILTNT.SYS
*** ERROR: Module load completed but symbols could not be loaded for FILTNT.SYS
*** WARNING: Unable to verify timestamp for mchInjDrv.sys
*** ERROR: Module load completed but symbols could not be loaded for mchInjDrv.sys
*** WARNING: Unable to verify timestamp for tandpl.sys
*** ERROR: Module load completed but symbols could not be loaded for tandpl.sys
*** WARNING: Unable to verify timestamp for CONTENT.DLL
*** ERROR: Module load completed but symbols could not be loaded for CONTENT.DLL
*** WARNING: Unable to verify timestamp for AVRec.sys
*** ERROR: Module load completed but symbols could not be loaded for AVRec.sys
*** WARNING: Unable to verify timestamp for lirsgt.sys
*** ERROR: Module load completed but symbols could not be loaded for lirsgt.sys
*** WARNING: Unable to verify timestamp for enodpl.sys
*** ERROR: Module load completed but symbols could not be loaded for enodpl.sys
*** WARNING: Unable to verify timestamp for HTMLFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for HTMLFILT.DLL
*** WARNING: Unable to verify timestamp for DNSCACHE.DLL
*** ERROR: Module load completed but symbols could not be loaded for DNSCACHE.DLL
*** WARNING: Unable to verify timestamp for ACEDRV05.sys
*** ERROR: Module load completed but symbols could not be loaded for ACEDRV05.sys
*** WARNING: Unable to verify timestamp for ctac32k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctac32k.sys
*** WARNING: Unable to verify timestamp for ctsfm2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctsfm2k.sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for ha10kx2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha10kx2k.sys
*** WARNING: Unable to verify timestamp for hap16v2k.sys
*** ERROR: Module load completed but symbols could not be loaded for hap16v2k.sys
*** WARNING: Unable to verify timestamp for AVHook.sys
*** ERROR: Module load completed but symbols could not be loaded for AVHook.sys
*** WARNING: Unable to verify timestamp for aasbni80.SYS
*** ERROR: Module load completed but symbols could not be loaded for aasbni80.SYS
*** WARNING: Unable to verify timestamp for yk51x86.sys
*** ERROR: Module load completed but symbols could not be loaded for yk51x86.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctaud2k.sys
*** WARNING: Unable to verify timestamp for nv4_mini.sys
*** ERROR: Module load completed but symbols could not be loaded for nv4_mini.sys
*** WARNING: Unable to verify timestamp for SI3112r.sys
*** ERROR: Module load completed but symbols could not be loaded for SI3112r.sys
*** WARNING: Unable to verify timestamp for nvatabus.sys
*** ERROR: Module load completed but symbols could not be loaded for nvatabus.sys
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for si3112.sys
*** ERROR: Module load completed but symbols could not be loaded for si3112.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for nv_agp.sys
*** ERROR: Module load completed but symbols could not be loaded for nv_agp.sys
*** WARNING: Unable to verify timestamp for X4HSX32.Sys
*** ERROR: Module load completed but symbols could not be loaded for X4HSX32.Sys
*** WARNING: Unable to verify timestamp for ctprxy2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctprxy2k.sys
*** WARNING: Unable to verify timestamp for SiWinAcc.sys
*** ERROR: Module load completed but symbols could not be loaded for SiWinAcc.sys
*** WARNING: Unable to verify timestamp for POP3FILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for POP3FILT.DLL
*** WARNING: Unable to verify timestamp for FTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for FTPFILT.DLL
*** WARNING: Unable to verify timestamp for IMAPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for IMAPFILT.DLL
*** WARNING: Unable to verify timestamp for NNTPFILT.DLL
*** ERROR: Module load completed but symbols could not be loaded for NNTPFILT.DLL
GetUlongFromAddress: unable to read from 8055b8f0
Probably caused by : ntkrnlpa.exe ( nt!ExFreePoolWithTag+2a0 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 000068f7, Memory contents of the pool block
Arg4: 851a6ec8, Address of the block of pool being deallocated

Debugging Details:
------------------

GetUlongFromAddress: unable to read from 8055b8f0
GetUlongFromAddress: unable to read from 8055b8f0

POOL_ADDRESS: 851a6ec8

BUGCHECK_STR: 0xc2_7

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 80543e86 to 804f8aef

STACK_TEXT:
f7ae3c54 80543e86 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
f7ae3ca4 80544277 851a6ec8 00000000 f7ae3cc0 nt!ExFreePoolWithTag+0x2a0
f7ae3cb4 f72727bb 851a6ec8 f7ae3cdc f7270481 nt!ExFreePool+0xf
f7ae3cc0 f7270481 f728fe20 851a6ec8 00000000 Ntfs!ExFreeToPagedLookasideList+0x1e
f7ae3cdc f7270666 851a6ec8 00000001 00000000 Ntfs!NtfsCleanupIrpContext+0x10d
f7ae3cf4 f729a414 851a6ec8 00000000 00000000 Ntfs!NtfsCompleteRequest+0x35
f7ae3d74 80533fe6 00000000 00000000 86600b30 Ntfs!NtfsFspClose+0x1a5
f7ae3dac 805c4cce 00000000 00000000 00000000 nt!ExpWorkerThread+0x100
f7ae3ddc 805411c2 80533ee6 80000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExFreePoolWithTag+2a0
80543e86 8b45f8 mov eax,dword ptr [ebp-8]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!ExFreePoolWithTag+2a0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c

FAILURE_BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

BUCKET_ID: 0xc2_7_nt!ExFreePoolWithTag+2a0

Followup: MachineOwner
---------

kd> lmvm nt
start end module name
804d7000 806cd580 nt # (pdb symbols) c:\symbols\ntkrnlpa.pdb\F612363DB38C423CB08559DDBCA9F2F71\ntkrnlpa.pdb
Loaded symbol image file: ntkrnlpa.exe
Mapped memory image file: c:\symbols\ntkrnlpa.exe\45E53F9C1f6580\ntkrnlpa.exe
Image path: ntkrnlpa.exe
Image name: ntkrnlpa.exe
Timestamp: Wed Feb 28 01:38:52 2007 (45E53F9C)
CheckSum: 00200031
ImageSize: 001F6580
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0411.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlpa.exe
OriginalFilename: ntkrnlpa.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
-----------------------------------------------------------------------------------
5

Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini101508-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Wed Oct 15 23:04:19.781 2008 (GMT-6)
System Uptime: 0 days 3:07:56.410
Loading Kernel Symbols
.........................................................................................................................................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000C5, {1, 2, 1, 80543a03}

Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+fd )

Followup: Pool_corruption
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00000001, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 80543a03, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR: 0xC5_2

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeferredFreePool+fd
80543a03 8913 mov dword ptr [ebx],edx

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: System

LAST_CONTROL_TRANSFER: from 8054406f to 80543a03

STACK_TEXT:
f78b6c84 8054406f 85309838 866710f4 86671090 nt!ExDeferredFreePool+0xfd
f78b6cc4 804e4787 86671090 00000000 806d0298 nt!ExFreePoolWithTag+0x489
f78b6cf4 804e3dba 00000001 8054f510 8512cee0 nt!CcDeleteSharedCacheMap+0x141
f78b6d2c 804e61aa 86bc04f0 8055a3c0 86bc6960 nt!CcWriteBehind+0x316
f78b6d74 80533fe6 86bc04f0 00000000 86bc6960 nt!CcWorkerThread+0x126
f78b6dac 805c4cce 86bc04f0 00000000 00000000 nt!ExpWorkerThread+0x100
f78b6ddc 805411c2 80533ee6 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+fd
80543a03 8913 mov dword ptr [ebx],edx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExDeferredFreePool+fd

FOLLOWUP_NAME: Pool_corruption

IMAGE_NAME: Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+fd

BUCKET_ID: 0xC5_2_nt!ExDeferredFreePool+fd

Followup: Pool_corruption
---------

kd> lmvm Pool_Corruption
start end module name

and my dxdiag:
------------------
System Information
------------------
Time of this report: 8/21/2009, 11:30:58
Machine name: CHRIS-25CB808AE
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 2 (2600.xpsp_sp2_gdr.090206-1233)
Language: English (Regional Setting: English)
System Manufacturer: NVIDIA
System Model: AWRDACPI
BIOS: Award Modular BIOS v6.00PG
Processor: AMD Athlon™ 64 Processor 3400+, MMX, 3DNow, ~2.4GHz
Memory: 3072MB RAM
Page File: 352MB used, 4602MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.2180 32bit Unicode

------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Sound Tab 2: No problems found.
Sound Tab 3: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: NVIDIA GeForce 7600 GS
Manufacturer: NVIDIA
Chip type: GeForce 7600 GS
DAC type: Integrated RAMDAC
Device Key: Enum\PCI\VEN_10DE&DEV_02E1&SUBSYS_A5423842&REV_A2
Display Memory: 256.0 MB
Current Mode: 1024 x 768 (32 bit) (120Hz)
Monitor: Gateway VX1100
Monitor Max Res: 1600,1200
Driver Name: nv4_disp.dll
Driver Version: 6.14.0011.8585 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 4/30/2009 22:02:00, 5896320 bytes
WHQL Logo'd: n/a
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: nv4_mini.sys
Mini VDD Date: 4/30/2009 22:02:00, 8055584 bytes
Device Identifier: {D7B71E3E-41A1-11CF-7B7A-498503C2CB35}
Vendor ID: 0x10DE
Device ID: 0x02E1
SubSys ID: 0xA5423842
Revision ID: 0x00A2
Revision ID: 0x00A2
Video Accel: ModeMPEG2_C ModeMPEG2_D ModeWMV9_B ModeWMV9_A
Deinterlace Caps: {6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
Registry: OK
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Enabled
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run

-------------
Sound Devices
-------------
Description: SB Audigy 2 ZS Audio [A800]
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: PCI\VEN_1102&DEV_0004&SUBSYS_20021102&REV_04
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: ctaud2k.sys
Driver Version: 5.12.0001.1196 (English)
Driver Attributes: Final Retail
WHQL Logo'd: n/a
Date and Size: 8/11/2006 15:45:38, 499584 bytes
Other Files:
Driver Provider: Creative
HW Accel Level: Full
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: Yes
EAX™ 2.0 Listen/Src: Yes, Yes
I3DL2™ Listen/Src: No, No
Sensaura™ ZoomFX™: No
Registry: OK
Sound Test Result: Not run

Description: Modem #0 Line Playback (emulated)
Default Sound Playback: No
Default Voice Playback: No
Hardware ID:
Manufacturer ID: 1
Product ID: 81
Type: Emulated
Driver Name:
Driver Version:
Driver Attributes:
WHQL Logo'd:
Date and Size:
Other Files:
Driver Provider:
HW Accel Level: Full
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX™ 2.0 Listen/Src: No, No
I3DL2™ Listen/Src: No, No
Sensaura™ ZoomFX™: No
Registry: OK
Sound Test Result: Not run

Description: C-Media USB Headphone Set
Default Sound Playback: No
Default Voice Playback: No
Hardware ID: USB\Vid_0d8c&Pid_000c&Rev_0100&MI_00
Manufacturer ID: 65535
Product ID: 65535
Type: WDM
Driver Name: usbaudio.sys
Driver Version: 5.01.2600.2180 (English)
Driver Attributes: Final Retail
WHQL Logo'd: n/a
Date and Size: 8/4/2004 00:07:56, 59264 bytes
Other Files:
Driver Provider: Microsoft
HW Accel Level: Full
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX™ 2.0 Listen/Src: No, No
I3DL2™ Listen/Src: No, No
Sensaura™ ZoomFX™: No
Registry: OK
Sound Test Result: Not run

---------------------
Sound Capture Devices
---------------------
Description: SB Audigy 2 ZS Audio [A800]
Default Sound Capture: Yes
Default Voice Capture: No
Driver Name: ctaud2k.sys
Driver Version: 5.12.0001.1196 (English)
Driver Attributes: Final Retail
Date and Size: 8/11/2006 15:45:38, 499584 bytes
Cap Flags: 0x0
Format Flags: 0x0

Description: Modem #0 Line Record (emulated)
Default Sound Capture: No
Default Voice Capture: No
Driver Name:
Driver Version:
Driver Attributes:
Date and Size:
Cap Flags: 0x0
Format Flags: 0x0

Description: C-Media USB Headphone Set
Default Sound Capture: No
Default Voice Capture: Yes
Driver Name: usbaudio.sys
Driver Version: 5.01.2600.2180 (English)
Driver Attributes: Final Retail
Date and Size: 8/4/2004 00:07:56, 59264 bytes
Cap Flags: 0x0
Format Flags: 0x0

-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: Enabled
Ports: SB Audigy 2 ZS DirectMusic Synthesizer [A800], Hardware (Kernel Mode), Output, DLS, Internal, Default Port
SB Audigy 2 ZS Audio [A800], Software (Kernel Mode), Output, DLS, Internal
USB Audio Device, Software (Kernel Mode), Output, DLS, Internal
Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
SB Audigy 2 ZS Synth A [A800] [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
SB Audigy 2 ZS Sw Synth [A800] [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
SB Audigy 2 ZS Synth B [A800] [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
SB Audigy 2 ZS MIDI IO [A800] [Emulated], Hardware (Not Kernel Mode), Output, No DLS, External
Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
SB Audigy 2 ZS MIDI IO [A800] [Emulated], Hardware (Not Kernel Mode), Input, No DLS, External
Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal
Registry: OK
Test Result: Not run

-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Logitech Extreme 3D Pro USB
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC215
FF Driver: n/a

Device Name: C-Media USB Headphone Set
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x0D8C, 0x000C
FF Driver: n/a

Poll w/ Interrupt: No
Registry: OK

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x10DE, 0x00E7
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 7/27/2007 06:00:00, 57600 bytes
| Driver: usbd.sys, 7/27/2007 06:00:00, 4736 bytes
|
+-+ USB Human Interface Device
| | Vendor/Product ID: 0x046D, 0xC025
| | Location: USB-PS/2 Optical Mouse
| | Matching Device ID: usb\class_03&subclass_01
| | Service: HidUsb
| | Driver: hidclass.sys, 7/27/2007 06:00:00, 36224 bytes
| | Driver: hidparse.sys, 7/27/2007 06:00:00, 24960 bytes
| | Driver: hid.dll, 7/27/2007 06:00:00, 20992 bytes
| | Driver: hidusb.sys, 7/27/2007 06:00:00, 9600 bytes
| |
| +-+ HID-compliant mouse
| | | Vendor/Product ID: 0x046D, 0xC025
| | | Matching Device ID: hid_device_system_mouse
| | | Service: mouhid
| | | Driver: mouclass.sys, 7/27/2007 06:00:00, 23040 bytes
| | | Driver: mouhid.sys, 7/27/2007 06:00:00, 12160 bytes

----------------
Gameport Devices
----------------
+ PCI bus
| Matching Device ID: *pnp0a03
| Service: pci
| Driver: pci.sys, 7/27/2007 06:00:00, 68224 bytes
|
+-+ Standard Game Port
| | Matching Device ID: *pnpb02f
| | Service: gameenum
| | Driver: gameenum.sys, 7/27/2007 06:00:00, 10624 bytes
|
+ PCI standard PCI-to-PCI bridge
| Location: PCI bus 0, device 14, function 0
| Matching Device ID: pci\cc_0604
| Service: pci
| Driver: pci.sys, 7/27/2007 06:00:00, 68224 bytes
|
+-+ Creative Game Port
| | Location: PCI bus 2, device 8, function 1
| | Matching Device ID: pci\ven_1102&dev_7003&subsys_00401102
| | Service: gameenum
| | Driver: gameenum.sys, 7/27/2007 06:00:00, 10624 bytes

------------
PS/2 Devices
------------
+ Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
| Matching Device ID: *pnp0303
| Service: i8042prt
| Driver: i8042prt.sys, 7/27/2007 06:00:00, 52736 bytes
| Driver: kbdclass.sys, 7/27/2007 06:00:00, 24576 bytes
|
+ HID Keyboard Device
| Matching Device ID: hid_device_system_keyboard
| Service: kbdhid
| Driver: kbdhid.sys, 7/27/2007 06:00:00, 14848 bytes
| Driver: kbdclass.sys, 7/27/2007 06:00:00, 24576 bytes
|
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 8/4/2004 02:01:08, 40840 bytes
| Driver: kbdclass.sys, 7/27/2007 06:00:00, 24576 bytes
|
+ HID-compliant mouse
| Matching Device ID: hid_device_system_mouse
| Service: mouhid
| Driver: mouclass.sys, 7/27/2007 06:00:00, 23040 bytes
| Driver: mouhid.sys, 7/27/2007 06:00:00, 12160 bytes
|
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 8/4/2004 02:01:08, 40840 bytes
| Driver: mouclass.sys, 7/27/2007 06:00:00, 23040 bytes

----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.2180)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.2180)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.2180)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.2180)

DirectPlay Voice Wizard Tests: Full Duplex: Passed, Half Duplex: Passed, Mic: Passed
DirectPlay Test Result: Not run
Registry: OK

-------------------
DirectPlay Adapters
-------------------
DirectPlay8 Modem Service Provider: Lucent Win Modem
DirectPlay8 Serial Service Provider: COM1
DirectPlay8 Serial Service Provider: COM2
DirectPlay8 Serial Service Provider: COM3
DirectPlay8 TCP/IP Service Provider: Local Area Connection - IPv4 -

-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech™ 8.6 kbit/s

-------------------------
DirectPlay Lobbyable Apps
-------------------------
Flight Simulator (DX8) - Registry: OK, ExeFile: FS9.Exe (<File Missing>) LauncherFile: (<File Missing>)
Combat Flight Simulator 2 (DX7) - Registry: OK, ExeFile: cfs2.ICD (<File Missing>)
Jedi Knight 1.0 (DX7) - Registry: OK, ExeFile: JK.EXE (<File Missing>)
Microsoft Flight Simulator 2004 (DX7) - Registry: OK, ExeFile: FS9.Exe (<File Missing>)
Star Wars Jedi Knight Jedi Academy (DX7) - Registry: OK, ExeFile: jamp.exe (1.00.0000.0000)
Star Wars JK II Jedi Outcast (DX7) - Registry: OK, ExeFile: jk2mp.exe ()

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 75.0 GB
Total Space: 286.2 GB
File System: NTFS
Model: Maxtor 7 L300S0 SCSI Disk Device

Drive: E:
Free Space: 288.0 GB
Total Space: 476.8 GB
File System: FAT32
Model: WD 5000BEV External USB Device

Drive: D:
Model: HL-DT-ST DVD-RAM GH22NP20
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 49536 bytes

--------------
System Devices
--------------
Name: Lucent Win Modem
Device ID: PCI\VEN_11C1&DEV_0452&SUBSYS_1513144F&REV_00\4&3191A3E6&0&3870
Driver: n/a

Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_E0001458&REV_13\4&3191A3E6&0&5870
Driver: C:\WINDOWS\system32\DRIVERS\yk51x86.sys, 8.61.0002.0003 (English), 11/22/2006 09:01:00, 250496 bytes

Name: Creative Game Port
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&3191A3E6&0&4170
Driver: C:\WINDOWS\system32\drivers\gameenum.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 10624 bytes

Name: OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_1102&DEV_4001&SUBSYS_00101102&REV_04\4&3191A3E6&0&4270
Driver: C:\WINDOWS\system32\DRIVERS\ohci1394.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 61056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\1394bus.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 61824 bytes
Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 60800 bytes
Driver: C:\WINDOWS\system32\DRIVERS\enum1394.sys, 5.01.2600.0000 (English), 8/17/2001 07:46:40, 6400 bytes

Name: Creative SB Audigy 2 ZS (WDM)
Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_20021102&REV_04\4&3191A3E6&0&4070
Driver: C:\WINDOWS\system32\ksuser.dll, 5.03.2600.2180 (English), 8/4/2004 01:56:44, 4096 bytes
Driver: C:\WINDOWS\system32\ksproxy.ax, 5.03.2600.2180 (English), 8/4/2004 01:56:58, 130048 bytes
Driver: C:\WINDOWS\system32\drivers\ks.sys, 5.03.2600.2180 (English), 7/27/2007 06:00:00, 140928 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 60288 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 145792 bytes
Driver: C:\WINDOWS\system32\drivers\stream.sys, 5.03.2600.2180 (English), 7/27/2007 06:00:00, 48640 bytes
Driver: C:\WINDOWS\system32\wdmaud.drv, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 23552 bytes
Driver: C:\WINDOWS\system32\drivers\ctac32k.sys, 5.12.0001.1196 (English), 8/11/2006 15:45:14, 502272 bytes
Driver: C:\WINDOWS\system32\drivers\ctaud2k.sys, 5.12.0001.1196 (English), 8/11/2006 15:45:38, 499584 bytes
Driver: C:\WINDOWS\system32\drivers\ctoss2k.sys, 5.12.0001.1196 (English), 8/11/2006 15:45:24, 116224 bytes
Driver: C:\WINDOWS\system32\drivers\ctprxy2k.sys, 5.12.0001.1196 (English), 8/11/2006 15:45:40, 7168 bytes
Driver: C:\WINDOWS\system32\drivers\ctsfm2k.sys, 5.12.0001.1196 (English), 8/11/2006 15:45:18, 143872 bytes
Driver: C:\WINDOWS\system32\drivers\emupia2k.sys, 5.12.0001.1196 (English), 8/11/2006 15:45:18, 78336 bytes
Driver: C:\WINDOWS\system32\drivers\ha10kx2k.sys, 5.12.0001.1196 (English), 8/11/2006 15:45:26, 766976 bytes
Driver: C:\WINDOWS\system32\drivers\haP16v2k.sys, 5.12.0001.1196 (English), 8/11/2006 15:45:26, 154112 bytes
Driver: C:\WINDOWS\system32\drivers\haP17v2k.sys, 5.12.0001.1196 (English), 8/11/2006 15:45:28, 180224 bytes
Driver: C:\WINDOWS\system32\drivers\ha20x2k.sys, 5.12.0001.1196 (English), 8/11/2006 15:45:32, 1110016 bytes
Driver: C:\WINDOWS\system32\drivers\pfmodnt.sys, 3.00.0000.0012 (English), 8/11/2006 15:56:36, 8192 bytes
Driver: C:\WINDOWS\system32\ctdlang.dat, 8/11/2006 15:49:24, 323640 bytes
Driver: C:\WINDOWS\system32\ctdnlstr.dat, 8/11/2006 15:49:24, 44567 bytes
Driver: C:\WINDOWS\system32\ctstatic.dat, 8/11/2006 15:43:04, 313207 bytes
Driver: C:\WINDOWS\system32\ctdaught.dat, 8/11/2006 15:43:04, 53932 bytes
Driver: C:\WINDOWS\system32\a3d.dll, 80.00.0000.0003 (English), 8/11/2006 15:56:28, 33792 bytes
Driver: C:\WINDOWS\system32\commonfx.dll, 5.12.0001.1196 (English), 8/11/2006 15:48:08, 87552 bytes
Driver: C:\WINDOWS\system32\ctaudfx.dll, 5.12.0001.1196 (English), 8/11/2006 15:48:12, 536576 bytes
Driver: C:\WINDOWS\system32\ctsblfx.dll, 5.12.0001.1196 (English), 8/11/2006 15:48:32, 548352 bytes
Driver: C:\WINDOWS\system32\cteapsfx.dll, 5.12.0001.1196 (English), 8/11/2006 15:48:28, 160768 bytes
Driver: C:\WINDOWS\system32\CTEXFIFX.dll, 5.12.0001.1196 (English), 8/11/2006 15:48:42, 1170432 bytes
Driver: C:\WINDOWS\system32\CTHWIUT.DLL, 5.12.0001.1196 (English), 8/11/2006 15:48:52, 61952 bytes
Driver: C:\WINDOWS\system32\CT20XUT.DLL, 5.12.0001.1196 (English), 8/11/2006 15:48:50, 158720 bytes
Driver: C:\WINDOWS\system32\ctemupia.dll, 5.12.0001.1196 (English), 8/11/2006 15:48:52, 108032 bytes
Driver: C:\WINDOWS\system32\piaproxy.dll, 5.12.0001.1196 (English), 8/11/2006 15:45:16, 73728 bytes
Driver: C:\WINDOWS\system32\ctdproxy.dll, 5.12.0001.1196 (English), 8/11/2006 15:45:34, 71680 bytes
Driver: C:\WINDOWS\system32\sfman32.dll, 5.12.0001.0130 (English), 8/11/2006 15:45:20, 21504 bytes
Driver: C:\WINDOWS\system32\ctbas2w.dat, 8/11/2006 15:45:08, 140643 bytes
Driver: C:\WINDOWS\system32\ctsbas2w.dat, 8/11/2006 15:43:26, 265042 bytes
Driver: C:\WINDOWS\system32\SBAudigy.ico, 8/17/2001 13:42:28, 7406 bytes
Driver: C:\WINDOWS\system32\Audigy.bmp, 11/13/2001 10:48:20, 1912 bytes
Driver: C:\WINDOWS\system32\ctcoinst.dll, 3.00.0002.0036 (English), 8/11/2006 15:57:04, 81920 bytes
Driver: C:\WINDOWS\system32\ctdvinst.dll, 0.04.0000.0036 (English), 8/11/2006 15:57:06, 146432 bytes
Driver: C:\WINDOWS\system32\drivers\ctdvda2k.sys, 5.13.0001.0467 (English), 11/10/2005 18:06:04, 340704 bytes

Name: NVIDIA GeForce 7600 GS
Device ID: PCI\VEN_10DE&DEV_02E1&SUBSYS_A5423842&REV_A2\4&1AD7642&0&0058
Driver: c:\nvidia\winxp\185.85\english\NvCplSetupEng.exe, 14.00.0000.0162 (English), 4/30/2009 22:02:00, 20878144 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys, 6.14.0011.8585 (English), 4/30/2009 22:02:00, 8055584 bytes
Driver: C:\WINDOWS\system32\nv4_disp.dll, 6.14.0011.8585 (English), 4/30/2009 22:02:00, 5896320 bytes
Driver: C:\WINDOWS\system32\nvapi.dll, 6.14.0011.8585 (English), 4/30/2009 22:02:00, 806912 bytes
Driver: C:\WINDOWS\system32\nvcuda.dll, 6.14.0011.8585 (English), 4/30/2009 22:02:00, 1720320 bytes
Driver: C:\WINDOWS\system32\nvcuvenc.dll, 6.14.0011.8585 (English), 4/30/2009 22:02:00, 1314816 bytes
Driver: C:\WINDOWS\system32\nvcuvid.dll, 6.14.0011.8585 (English), 4/30/2009 22:02:00, 663552 bytes
Driver: C:\WINDOWS\system32\nvdata.bin, 4/30/2009 22:02:00, 1579630 bytes
Driver: C:\WINDOWS\system32\nvoglnt.dll, 6.14.0011.8585 (English), 4/30/2009 22:02:00, 9994240 bytes
Driver: C:\WINDOWS\system32\nvcod.dll, 1.04.0006.0041 (English), 4/30/2009 22:02:00, 143360 bytes
Driver: C:\WINDOWS\system32\nvcodins.dll, 1.04.0006.0041 (English), 4/30/2009 22:02:00, 143360 bytes

Name: PCI standard PCI-to-PCI bridge
Device ID: PCI\VEN_10DE&DEV_00ED&SUBSYS_00000000&REV_A2\3&13C0B0C5&0&70
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 68224 bytes

Name: Standard Enhanced PCI to USB Host Controller
Device ID: PCI\VEN_10DE&DEV_00E8&SUBSYS_50041458&REV_A2\3&13C0B0C5&0&12
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 26624 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 57600 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 7168 bytes

Name: Standard OpenHCD USB Host Controller
Device ID: PCI\VEN_10DE&DEV_00E7&SUBSYS_50041458&REV_A1\3&13C0B0C5&0&11
Driver: C:\WINDOWS\system32\drivers\usbohci.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 17024 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 57600 bytes

Name: Standard OpenHCD USB Host Controller
Device ID: PCI\VEN_10DE&DEV_00E7&SUBSYS_50041458&REV_A1\3&13C0B0C5&0&10
Driver: C:\WINDOWS\system32\drivers\usbohci.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 17024 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 7/27/2007 06:00:00, 57600 bytes

Name: NVIDIA nForce3 250 Parallel ATA Controller (v2.6)
Device ID: PCI\VEN_10DE&DEV_00E5&SUBSYS_50021458&REV_A2\3&13C0B0C5&0&40
Driver: C:\WINDOWS\system32\DRIVERS\nvatabus.sys, 5.10.2600.0446 (English), 6/3/2004 11:40:46, 79360 bytes
Driver: C:\WINDOWS\system32\idecoi.dll, 1.00.0000.0001 (English), 6/3/2004 11:40:48, 294400 bytes

Name: NVIDIA nForce PCI System Management
Device ID: PCI\VEN_10DE&DEV_00E4&SUBSYS_0C111458&REV_A1\3&13C0B0C5&0&09
Driver: n/a

Name: NVIDIA nForce3 250 AGP Host to PCI Bridge
Device ID: PCI\VEN_10DE&DEV_00E2&SUBSYS_00000000&REV_A2\3&13C0B0C5&0&58
Driver: C:\WINDOWS\system32\DRIVERS\nv_agp.SYS, 4.12.0001.0436 (English), 4/2/2004 16:40:00, 21760 bytes
Driver: C:\WINDOWS\system32\NVCOG.DLL, 1.00.0000.0015 (English), 4/2/2004 16:40:00, 32256 bytes

Name: PCI standard host CPU bridge
Device ID: PCI\VEN_10DE&DEV_00E1&SUBSYS_00000000&REV_A1\3&13C0B0C5&0&00
Driver: n/a

Name: PCI standard ISA bridge
Device ID: PCI\VEN_10DE&DEV_00E0&SUBSYS_00000000&REV_A2\3&13C0B0C5&0&08
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.0000 (English), 7/27/2007 06:00:00, 35840 bytes

Name: Silicon Image SiI 3512 SATARaid Controller
Device ID: PCI\VEN_1095&DEV_3512&SUBSYS_65121095&REV_01\4&3191A3E6&0&6870
Driver: n/a

Name: PCI standard host CPU bridge
Device ID: PCI\VEN_1022&DEV_1103&SUBSYS_00000000&REV_00\3&13C0B0C5&0&C3
Driver: n/a

Name: PCI standard host CPU bridge
Device ID: PCI\VEN_1022&DEV_1102&SUBSYS_00000000&REV_00\3&13C0B0C5&0&C2
Driver: n/a

Name: PCI standard host CPU bridge
Device ID: PCI\VEN_1022&DEV_1101&SUBSYS_00000000&REV_00\3&13C0B0C5&0&C1
Driver: n/a

Name: PCI standard host CPU bridge
Device ID: PCI\VEN_1022&DEV_1100&SUBSYS_00000000&REV_00\3&13C0B0C5&0&C0
Driver: n/a

------------------
DirectX Components
------------------
ddraw.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 266240 bytes
ddrawex.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 27136 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 7/27/2007 06:00:00 10496 bytes
d3d8.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 1179648 bytes
d3d8thk.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 8192 bytes
d3d9.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 1689088 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 7/27/2007 06:00:00 436224 bytes
d3dim700.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 825344 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 7/27/2007 06:00:00 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 7/27/2007 06:00:00 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 7/27/2007 06:00:00 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 7/27/2007 06:00:00 34816 bytes
dplay.dll: 5.00.2134.0001 English Final Retail 7/27/2007 06:00:00 33040 bytes
dplayx.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 229888 bytes
dpmodemx.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 23552 bytes
dpwsock.dll: 5.00.2134.0001 English Final Retail 7/27/2007 06:00:00 42768 bytes
dpwsockx.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 57344 bytes
dplaysvr.exe: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 30208 bytes
dpnsvr.exe: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 18432 bytes
dpnet.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 375296 bytes
dpnlobby.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 3584 bytes
dpnaddr.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 3584 bytes
dpvoice.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 212480 bytes
dpvsetup.exe: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 83456 bytes
dpvvox.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 116736 bytes
dpvacm.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 21504 bytes
dpnhpast.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 35328 bytes
dpnhupnp.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 60928 bytes
dpserial.dll: 5.00.2134.0001 English Final Retail 7/27/2007 06:00:00 53520 bytes
dinput.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 159232 bytes
dinput8.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 181760 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 7/27/2007 06:00:00 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 7/27/2007 06:00:00 394240 bytes
joy.cpl: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 68608 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 7/27/2007 06:00:00 76800 bytes
pid.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 35328 bytes
gameenum.sys: 5.01.2600.2180 English Final Retail 7/27/2007 06:00:00 10624 bytes
dsound.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 367616 bytes
dsound3d.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 1294336 bytes
dswave.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 19456 bytes
dsdmo.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 181760 bytes
dsdmoprp.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 71680 bytes
dmusic.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 104448 bytes
dmband.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 28672 bytes
dmcompos.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 61440 bytes
dmime.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 181248 bytes
dmloader.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 35840 bytes
dmstyle.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 105984 bytes
dmsynth.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 103424 bytes
dmscript.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 82432 bytes
system.dll: 1.01.4322.2407 English Final Retail 4/29/2008 09:37:11 1232896 bytes
Microsoft.DirectX.Direct3D.dll: 9.05.0132.0000 English Final Retail 7/22/2009 13:51:29 473600 bytes
Microsoft.DirectX.Direct3DX.dll: 5.04.0000.3900 English Final Retail 7/22/2009 13:51:25 2676224 bytes
Microsoft.DirectX.Direct3DX.dll: 9.04.0091.0000 English Final Retail 7/22/2009 13:51:26 2846720 bytes
Microsoft.DirectX.Direct3DX.dll: 9.05.0132.0000 English Final Retail 7/22/2009 13:51:26 563712 bytes
Microsoft.DirectX.Direct3DX.dll: 9.06.0168.0000 English Final Retail 7/22/2009 13:51:26 567296 bytes
Microsoft.DirectX.Direct3DX.dll: 9.07.0239.0000 English Final Retail 7/22/2009 13:51:27 576000 bytes
Microsoft.DirectX.Direct3DX.dll: 9.08.0299.0000 English Final Retail 7/22/2009 13:51:27 577024 bytes
Microsoft.DirectX.Direct3DX.dll: 9.09.0376.0000 English Final Retail 7/22/2009 13:51:27 577536 bytes
Microsoft.DirectX.Direct3DX.dll: 9.10.0455.0000 English Final Retail 7/22/2009 13:51:28 577536 bytes
Microsoft.DirectX.Direct3DX.dll: 9.11.0519.0000 English Final Retail 7/22/2009 13:51:28 578560 bytes
Microsoft.DirectX.Direct3DX.dll: 9.12.0589.0000 English Final Retail 7/22/2009 13:51:29 578560 bytes
Microsoft.DirectX.DirectDraw.dll: 5.04.0000.2904 English Final Retail 7/22/2009 13:51:30 145920 bytes
Microsoft.DirectX.DirectInput.dll: 5.04.0000.2904 English Final Retail 7/22/2009 13:51:30 159232 bytes
Microsoft.DirectX.DirectPlay.dll: 5.04.0000.2904 English Final Retail 7/22/2009 13:51:30 364544 bytes
Microsoft.DirectX.DirectSound.dll: 5.04.0000.2904 English Final Retail 7/22/2009 13:51:30 178176 bytes
Microsoft.DirectX.AudioVideoPlayback.dll: 5.04.0000.2904 English Final Retail 7/22/2009 13:51:29 53248 bytes
Microsoft.DirectX.Diagnostics.dll: 5.04.0000.2904 English Final Retail 7/22/2009 13:51:29 12800 bytes
Microsoft.DirectX.dll: 5.04.0000.2904 English Final Retail 7/22/2009 13:51:28 223232 bytes
dx7vb.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 619008 bytes
dx8vb.dll: 5.03.2600.2180 English Final Retail 8/3/2004 08:56:44 1227264 bytes
dxdiagn.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 2113536 bytes
mfc40.dll: 4.01.0000.6140 English Final Retail 7/27/2007 06:00:00 924432 bytes
mfc42.dll: 6.02.4131.0000 English Final Retail 7/27/2007 06:00:00 1028096 bytes
wsock32.dll: 5.01.2600.2180 English Final Retail 7/27/2007 06:00:00 22528 bytes
amstream.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 70656 bytes
devenum.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 59904 bytes
dxmasf.dll: 6.04.0009.1125 English Final Retail 7/27/2007 06:00:00 498205 bytes
mciqtz.drv: 4.00.0096.0729 English Final Retail 3/22/1998 13:50:02 11776 bytes
mciqtz32.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 35328 bytes
mpg2splt.ax: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 148992 bytes
msdmo.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 14336 bytes
encapi.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 20480 bytes
qasf.dll: 10.00.0000.3802 English Final Retail 1/28/2005 13:44:28 221184 bytes
qcap.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 192512 bytes
qdv.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 279040 bytes
qdvd.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 385024 bytes
qedit.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 562176 bytes
qedwipes.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 733696 bytes
quartz.dll: 6.05.2600.3497 English Final Retail 12/20/2008 16:43:25 1287680 bytes
quartz.vxd: Final Retail 3/22/1998 13:50:02 5672 bytes
strmdll.dll: 4.01.0000.3937 English Final Retail 10/3/2008 04:15:47 247326 bytes
vidx16.dll: 0.00.0000.0000 English Final Retail 3/22/1998 13:50:02 10240 bytes
iac25_32.ax: 2.00.0005.0053 English Final Retail 7/27/2007 06:00:00 199680 bytes
ir41_32.ax: 4.51.0016.0003 English Final Retail 7/27/2007 06:00:00 848384 bytes
ir41_qc.dll: 4.30.0062.0002 English Final Retail 7/27/2007 06:00:00 120320 bytes
ir41_qcx.dll: 4.30.0064.0001 English Final Retail 7/27/2007 06:00:00 338432 bytes
ir50_32.dll: 5.2562.0015.0055 English Final Retail 7/27/2007 06:00:00 755200 bytes
ir50_qc.dll: 5.00.0063.0048 English Final Retail 7/27/2007 06:00:00 200192 bytes
ir50_qcx.dll: 5.00.0064.0048 English Final Retail 7/27/2007 06:00:00 183808 bytes
ivfsrc.ax: 5.10.0002.0051 English Final Retail 7/27/2007 06:00:00 154624 bytes
mswebdvd.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 204288 bytes
ks.sys: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 140928 bytes
ksproxy.ax: 5.03.2600.2180 English Final Retail 8/4/2004 01:56:58 130048 bytes
ksuser.dll: 5.03.2600.2180 English Final Retail 8/4/2004 01:56:44 4096 bytes
stream.sys: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 48640 bytes
mspclock.sys: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 5376 bytes
mspqm.sys: 5.01.2600.2180 English Final Retail 7/27/2007 06:00:00 4992 bytes
mskssrv.sys: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 7552 bytes
swenum.sys: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 4352 bytes
mpeg2data.ax: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 118272 bytes
msvidctl.dll: 6.05.2600.2180 English Final Retail 7/27/2007 06:00:00 1428480 bytes
vbisurf.ax: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 30720 bytes
msyuv.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 17408 bytes
wstdecod.dll: 5.03.2600.2180 English Final Retail 7/27/2007 06:00:00 50688 bytes

------------------
DirectShow Filters
------------------

DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMSpeech Decoder DMO,0x00600800,1,1,,
WMVideo Advanced Decoder DMO,0x00800001,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00800001,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
WMV9 Advanced Profile Decoder,0x00600800,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.3497
DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.2180
Nero Digital Audio Decoder,0x00600000,1,1,NeAudio.ax,1.00.0004.0042
Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.3497
WM ASF Reader,0x00400000,0,0,qasf.dll,10.00.0000.3802
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,11.00.5721.5145
AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.3497
WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.3497
Indeo® video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.0015.0055
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2600.2180
WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2600.2180
WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.3497
Indeo® video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.0015.0055
WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.3497
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.3497
Essien R&D MPEG Writer Filter,0x00200000,2,0,mpgfiltr.ax,2.05.0001.0000
Video Grabber,0x00200000,1,0,grabfilt.ax,
oRipa Audio Capture Filter,0x00200000,0,1,CommonFilters.dll,
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.05.0000.0050
Nero Audio Stream Renderer,0x00200000,1,0,NeRender.ax,1.00.0001.0008
Mpeg2Dec Filter,0x40000002,1,1,Mpeg2DecFilter.ax,
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2600.2180
WAV Dest,0x00200000,0,0,viscomwave.dll,9.00.0000.0000
Internal LMRT Renderer,0x00800001,1,0,LMRTREND.dll,6.00.0004.0827
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000
oRipa Restamp Filter,0x00200000,1,1,CommonFilters.dll,
Nero QuickTime™ Video Decoder,0x00400000,1,1,NeQTDec.ax,1.00.0000.0004
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.3497
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.3497
File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,9.00.0000.3250
TrueMotion 2.0 Decompressor,0x00600001,1,1,tm20dec.ax,1.00.0000.0001
WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.2180
Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,6.05.2600.3497
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000
WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Nero ES Video Reader,0x00600000,0,1,NDParser.ax,2.00.0002.0036
Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASX file Parser,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,9.00.0000.3250
NSC file Parser,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.3497
Windows Media source filter,0x00600000,0,2,wmpasf.dll,9.00.0000.3250
Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.3497
Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2600.2180
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.2180
Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.3497
WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.2180
Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.3497
Nero Audio Sample Renderer,0x00200000,1,0,NeRender.ax,1.00.0001.0008
WM ASF Writer,0x00400000,0,0,qasf.dll,10.00.0000.3802
WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.2180
oRipa Video Source,0x00200000,0,1,VideoSource.dll,
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4487
Nero Video Stream Renderer,0x00200000,1,0,NeRender.ax,1.00.0001.0008
File writer,0x00200000,1,0,qcap.dll,6.05.2600.2180
WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000
DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.2180
oRipa Video Test Source Filter,0x00200000,0,1,VideoTestFilter.dll,
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.2180
Cutlist File Source,0x00200000,0,1,qcut.dll,6.00.0002.0902
AC3Filter,0x40000000,1,1,ac3filter.ax,0.07.0000.0000
AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.3497
.RAM file Parser,0x00600000,1,0,wmpasf.dll,9.00.0000.3250
WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2600.2180
Audio Grabber,0x00200000,1,0,audiograbber.ax,
DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.2180
Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053
Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,9.00.0000.3250
ASF DIB Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF ACM Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF ICM Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF URL Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000
URL StreamRenderer,0x00600000,1,0,LMRTREND.dll,6.00.0004.0827
Nero Video Decoder,0x00600000,2,2,NeVideo.ax,2.00.0002.0030
Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.2180
Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.2180
WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
IVF source filter,0x00600000,0,1,ivfsrc.ax,5.10.0002.0051
WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2600.2180
Ligos MPEG Video Decoder,0x00800000,1,1,Mpeg2Decoder.ax,1.02.0000.0079
Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.2180
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.2180
RealPlayer Audio Filter,0x00200000,1,1,rdsf3260.dll,6.00.0012.1800
AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.3497
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Photodex NULL filter,0x00200000,1,0,nullfilter.ax,
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.3497
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.3497
Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.3497
MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.3497
Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.3497
File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.3497
XML Playlist,0x00400000,1,0,wmpasf.dll,9.00.0000.3250
Nero File Source,0x00200000,0,1,NeFileSrc.ax,1.00.0000.0006
Nero QuickTime™ Audio Decoder,0x00400000,1,1,NeQTDec.ax,1.00.0000.0004
Nero DVD Decoder,0x00600000,2,2,NeVideo.ax,2.00.0002.0030
Nero Digital Parser,0x00600000,0,3,NDParser.ax,2.00.0002.0036
AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.2180
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.3497
File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.3497
File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.3497
WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
oRipa Video Resample,0x00200000,1,1,CommonFilters.dll,
WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Nero Video Sample Renderer,0x00200000,1,0,NeRender.ax,1.00.0001.0008
Video Grabber,0x00200000,1,0,videograbber.ax,
Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.2180
QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.3497
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.3497
Indeo® video 4.4 Decompression Filter,0x00640000,1,1,ir41_32.ax,4.51.0016.0003
Indeo® video 4.4 Compression Filter,0x00200000,1,1,ir41_32.ax,4.51.0016.0003
Ligos MPEG Splitter,0x00800000,1,1,Mpeg2Parser.ax,1.02.0000.0079

WDM Streaming Data Transforms:
Microsoft Kernel Acoustic Echo Canceller,0x00000000,0,0,,
Microsoft Kernel GS Wavetable Synthesizer,0x00200000,1,1,,5.03.2600.2180
Microsoft Kernel DLS Synthesizer,0x00200000,1,1,,5.03.2600.2180
Microsoft Kernel DRM Audio Descrambler,0x00200000,1,1,,5.03.2600.2180

Video Compressors:
WMVideo8 Encoder DMO,0x00600800,1,1,,
MSScreen encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
WMVideo Advanced Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.2180
Indeo® video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.0015.0055
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.3497
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.2180
Fraps Video Decompressor,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel Indeo® Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel Indeo® Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel Indeo® Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.2180
Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft Windows Media Video 9,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel Indeo® Video Raw R1.2,0x00200000,1,1,qcap.dll,6.05.2600.2180

Audio Compressors:
WMA Voice Encoder DMO,0x00600800,1,1,,
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053
IAC2,0x00200000,1,1,quartz.dll,6.05.2600.3497
IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.3497
PCM,0x00200000,1,1,quartz.dll,6.05.2600.3497
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.3497
ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.3497
DSP Group TrueSpeech™,0x00200000,1,1,quartz.dll,6.05.2600.3497
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.3497
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.3497
GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.3497
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.3497
CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.3497
CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.3497
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.3497

Audio Capture Sources:
SB Audigy 2 ZS Audio [A800],0x00200000,0,0,qcap.dll,6.05.2600.2180
C-Media USB Headphone Set ,0x00200000,0,0,qcap.dll,6.05.2600.2180
Modem #0 Line Record,0x00200000,0,0,qcap.dll,6.05.2600.2180

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.3497
Microsoft GS Wavetable SW Synth,0x00200000,1,0,quartz.dll,6.05.2600.3497
SB Audigy 2 ZS MIDI IO [A800],0x00200000,1,0,quartz.dll,6.05.2600.3497
SB Audigy 2 ZS Sw Synth [A800],0x00200000,1,0,quartz.dll,6.05.2600.3497
SB Audigy 2 ZS Synth A [A800],0x00200000,1,0,quartz.dll,6.05.2600.3497
SB Audigy 2 ZS Synth B [A800],0x00200000,1,0,quartz.dll,6.05.2600.3497

WDM Streaming Capture Devices:
SB Audigy 2 ZS MIDI IO [A800],0x00200000,2,2,,5.03.2600.2180
SB Audigy 2 ZS Audio [A800],0x00200000,3,2,,5.03.2600.2180
USB Audio Device,0x00200000,2,2,,5.03.2600.2180

WDM Streaming Rendering Devices:
SB Audigy 2 ZS DirectMusic Synthesizer [A800],0x00200000,1,1,,5.03.2600.2180
SB Audigy 2 ZS Sw Synth [A800],0x00200000,1,1,,5.03.2600.2180
SB Audigy 2 ZS Synth A [A800],0x00200000,1,1,,5.03.2600.2180
SB Audigy 2 ZS Synth B [A800],0x00200000,1,1,,5.03.2600.2180
SB Audigy 2 ZS MIDI IO [A800],0x00200000,2,2,,5.03.2600.2180
SB Audigy 2 ZS Audio [A800],0x00200000,3,2,,5.03.2600.2180
USB Audio Device,0x00200000,2,2,,5.03.2600.2180

WDM Streaming Mixer Devices:
Microsoft Kernel Wave Audio Mixer,0x00000000,0,0,,

BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2600.2180
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2600.2180
XDS Codec,0x00200000,0,0,encdec.dll,6.05.2600.2180

Audio Renderers:
SB Audigy 2 ZS Audio [A800],0x00200000,1,0,quartz.dll,6.05.2600.3497
C-Media USB Headphone Set ,0x00200000,1,0,quartz.dll,6.05.2600.3497
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.3497
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.3497
DirectSound: C-Media USB Headphone Set ,0x00200000,1,0,quartz.dll,6.05.2600.3497
DirectSound: Modem #0 Line Playback (emulated),0x00200000,1,0,quartz.dll,6.05.2600.3497
DirectSound: SB Audigy 2 ZS Audio [A800],0x00200000,1,0,quartz.dll,6.05.2600.3497
Modem #0 Line Playback,0x00200000,1,0,quartz.dll,6.05.2600.3497

WDM Streaming System Devices:
SB Audigy 2 ZS DirectMusic Synthesizer [A800],0x00200000,1,1,,5.03.2600.2180
SB Audigy 2 ZS Sw Synth [A800],0x00200000,1,1,,5.03.2600.2180
SB Audigy 2 ZS Synth A [A800],0x00200000,11,2,,5.03.2600.2180
SB Audigy 2 ZS Synth B [A800],0x00200000,1,1,,5.03.2600.2180
SB Audigy 2 ZS MIDI IO [A800],0x00200000,2,2,,5.03.2600.2180
SB Audigy 2 ZS Audio [A800],0x00200000,13,2,,5.03.2600.2180
USB Audio Device,0x00200000,4,2,,5.03.2600.2180

Edited by CrisGer, 21 August 2009 - 12:44 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

BC AdBot (Login to Remove)

 


#2 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:05:07 AM

Posted 21 August 2009 - 05:40 PM

New debug report, another BSOD, just leaving computer running with a few windows open with IE (verision 6) made it crash.

report no. 6: i dont mean to repost, but was afraid of running over the character count for the post limit, wont post any more as this seems to be a repeat...


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini121508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Tue Dec 16 00:54:00.218 2008 (GMT-6)
System Uptime: 1 days 11:39:19.870
Loading Kernel Symbols
...................................................................................................................................................
Loading User Symbols
Loading unloaded module list
......................................
Unable to load image AVHook.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for AVHook.sys
*** ERROR: Module load completed but symbols could not be loaded for AVHook.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {b0, 2, 0, 804ee24b}

Probably caused by : AVHook.sys ( AVHook+1e4e )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000b0, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804ee24b, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 000000b0

CURRENT_IRQL: 2

FAULTING_IP:
nt!IoDetachDevice+27
804ee24b 8b80b0000000 mov eax,dword ptr [eax+0B0h]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: PCTAV.exe

LAST_CONTROL_TRANSFER: from f12e1e4e to 804ee24b

STACK_TEXT:
b6791008 f12e1e4e 885846d0 8a65bad0 8a2f7bb8 nt!IoDetachDevice+0x27
WARNING: Stack unwind information not available. Following frames may be wrong.
b6791090 804edfe3 88800690 8a65bac0 8a65bac0 AVHook+0x1e4e
b67910a0 80577672 8a638320 8a275e44 b6791248 nt!IopfCallDriver+0x31
b6791180 805b390a 8a638338 00000000 8a275da0 nt!IopParseDevice+0xa12
b6791208 805afdeb 00000000 b6791248 00000040 nt!ObpLookupObjectName+0x56a
b679125c 8056a3b1 00000000 00000000 00000001 nt!ObOpenObjectByName+0xeb
b67912d8 8056ad28 0012cb9c 00100001 0012cb40 nt!IopCreateFile+0x407
b6791334 8056e50f 0012cb9c 00100001 0012cb40 nt!IoCreateFile+0x8e
b6791374 8053ca28 0012cb9c 00100001 0012cb40 nt!NtOpenFile+0x27
b6791374 7c90eb94 0012cb9c 00100001 0012cb40 nt!KiFastCallEntry+0xf8
0012ce0c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
AVHook+1e4e
f12e1e4e ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: AVHook+1e4e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: AVHook

IMAGE_NAME: AVHook.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 452c4918

FAILURE_BUCKET_ID: 0xA_AVHook+1e4e

BUCKET_ID: 0xA_AVHook+1e4e

Followup: MachineOwner
---------

kd> lmvm AVHook
start end module name
f12e0000 f12ea000 AVHook T (no symbols)
Loaded symbol image file: AVHook.sys
Image path: AVHook.sys
Image name: AVHook.sys
Timestamp: Tue Oct 10 19:30:00 2006 (452C4918)
CheckSum: 0001482D
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

Edited by CrisGer, 21 August 2009 - 05:41 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:07 AM

Posted 21 August 2009 - 07:09 PM

Appears that your Outpost firewall and PC Tools AV are having problems. Filtnt.sys is your firewall driver, while pctav.sys is AV.

I suggest uninstalling each...you have your choice of reinstalling each or looking for other options.

The fact that myr two primary defense applications are having problems...would worry me a great deal about possible infection.

But you seem to have hardware problems, see following notes:

0x0000009C: MACHINE_CHECK_EXCEPTION
(This is a hardware issue: an unrecoverable hardware error has occurred. The parameters have different meanings depending on what type of CPU you have but, while diagnostic, rarely lead to a clear solution. Most commonly it results from overheating, from failed hardware (RAM, CPU, hardware bus, power supply, etc.), or from pushing hardware beyond its capabilities (e.g., overclocking a CPU).

Louis

#4 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:05:07 AM

Posted 21 August 2009 - 09:11 PM

thanks Louis,
i dont have either Outpost or PC tools running on this machine anymore. is there any way to be sure the old drivers are gone? I tried several old restore points when i may have had them but neither of those restores said they were successful so i dont know why those are showing up.

Also i dont have anything overclocked, i have always been very decidely against doing that. I do run the comptuer a lot and have left it runnng for days at a time maybe that is putting stress on the system. I saw that hardware error report and that scared me. thnaks so much for your reply....

so how do i be sure outpost and pc tools remnants are gone? i will do a system search for those two files you mention and see if i can delete them.

Edited by CrisGer, 21 August 2009 - 09:14 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:07 AM

Posted 22 August 2009 - 10:14 AM

To be sure that any file or program has been removed entirely...a user must make a check of both the regular files and the registry files.

To be honest, this is quite hard to do, since many files do not reflect the name of the mother/father program.

In your case, I would do three things:

a. Download/install AutoRuns for Windows - http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx and check the startup items on the Logon tab for any startup entries involving programs which you know are not properly installed. Either disable or remove such, following the directions for using Autoruns.

b. Do a search of the files (Start/Search...) for files/folders relative to both programs. Use the full name (Outpost, PC Tools) as the search string.

c. Do a search of the registry, using the same strings to search. Warning: Editiing the registry can lead to unanticipated problems, so take normal precautions when doing so. Normal precautions include backing up the registry before beginning any search/edits. An excellent tool for doing such is ERUNT Registry Backup Tool - http://www.snapfiles.com/get/erunt.html

One other thing you can (carefully) do...review the Drivers tab of Autoruns. It will reflect all drivers (hardware/software) and should include any AV/firewall drivers which are installed. I normally don't suggest this, but since you are looking for two specific files, it should not be a problem. If you see them by this method, I suggest initially disabling them, rather than deleting, allowing for a possible error in interpretation/selection.

Louis

#6 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:05:07 AM

Posted 22 August 2009 - 11:29 AM

OK, ran Autoruns and did not see either of those drivers you mentioned...

Filtnt.sys

pctav.sys

i will try looking in the WINDOWS driver folder but am doing a search now

I DID find three Starforce drivers tho, used the removal tool to get rid of them as they are known prolbem causers, i guess i loaded up a game that was protected by Starforce by mistake, i NEVER use any intentionally.

i found a number of entried in Autorun that were "file not found" so i disabled any that were not already unchecked. will keep looking.

How do i do a search for the Registry?

Edited by CrisGer, 22 August 2009 - 12:00 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#7 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:05:07 AM

Posted 22 August 2009 - 12:10 PM

I found this useful list of tips for using Autoruns for checking and adjusting things:

Basic advice on enabling/disabling items using Autoruns in advance:

If you change an item, write down the item that you change. This is particularly useful if you are changing more than one item at a time.

If you disable an item, just untick (=disable) it. Do not delete it. If you just disable it and you need to re-enable it you simply need to tick it again. If you deleted it, it's gone for good.

I will suppose that you are using Autoruns v8.5 and go through the different tabs that Autoruns shows.

Tab "Everything":
will be skipped, because it is the summary of all the other tabs.

Tab "Logon":
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: Never ever touch it, unless you are told to do so by an expert and unless you have to set it back to its default value, because some rogue software maliciously modified it. Never untick it or delete it. You will not be able to logon ever again.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Never touch, unless you are told to do so by an expert and unless you have to set it back to its default value, because some rogue software maliciously modified it. Never untick it or delete it. You will not see your desktop if you do..
In general, be careful with entries starting with HKLM\...., because changing them will affect all users.
Unticking items under
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run,
+ C:\Documents and Settings\All Users\Start Menu\Programs\Startup,
+ C:\Documents and Settings\<yourloginname>\Start Menu\Programs\Startup
may or may not negatively affect some of your applications, but it will not render your system unbootable and it can be undone easily.

Tab "Explorer":
Simply leave the items as they are, unless you are told by an expert to untick a particular entry.

Tab "Internet Explorer":
You may try to disable some Browser Helper Objects by unticking them in case you suspect the have been put in by some kind og malware.
If your I.E. does not function properly after such changes, simply tick the disabled items again and relaunch I.e.

Tab "Scheduled Tasks":
I would rather use Control Panel => Scheduled Tasks to administer my tasks than Autoruns. Unticking tasks should not do permanent damage to your system.

Tab "Services":
Basically, do not untick any service, if you are not absolutely sure your system does not need it.
Never simply delete a service from the list, unless told to do so by an expert.
Inside Autoruns you can only enable (ticking) or disable (unticking) a service.
If you need to reconfigure the way a service is launched (automatically, manually, never) user services.msc instead of Autoruns.
With a lot of services your will only learn during the next reboot if disabling it was a good idea or not.
Some services are more vital than others.

Tab "Drivers":
Never ever simply untick any driver!
Drivers have to be maintained (installed, updated, deactivated, removed) using devmgmt.msc.

Tab "Boot Execute":
simply do not touch, unless told to do so by an expert.

Tab "Image Hijack":
simply do not touch, unless told to do so by an expert.

Tab "LSA Providers":
simply do not touch, unless told to do so by an expert.

Tab "Print monitors":
simply do not touch. Printer configuration should be done using Control Panel => Printers.

Tab "Winsock Providers":
simply do not touch, unless told to do so by an expert.

Tab "Winlogon":
simply do not touch, unless told to do so by an expert.

Tab "KnownDLLs":
simply do not touch, unless told to do so by an expert.

Tab "AppInit":
simply do not touch, unless told to do so by an expert.
Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:07 AM

Posted 22 August 2009 - 12:31 PM

To search for entries in the registry, this is the procedure I employ:

Note: I do not backup my registry, a bit of egotism on my part...if I make a mess of my system, I am not unwilling to repair install or clean install as penance for my attitude. But...I suggest that you DO backup your registry and not follow my poor example :thumbsup:.

Start/Run...type regedit and hit Enter or OK.

Place the mouse at the top of the left column, on My Computer.

Edit/Find...type in search string (e.g., outpost) and hit Enter or Find button. Make sure that there are checkmarks in each of the 3 boxes (keys, values, data).

When entry is found, take a look to left screen to see what folder it is. If it looks as if it's the item of the type I am looking for, I delete the folder or the value reflected as highlighted.

I then go back to Edit/Find Next...and so until screen tells me no more items can be found.

Close regedit.

Louis

Autoruns is nothing to be afraid of, but it should not be taken lightly, since it does reflect ALL startup items, including those which are essential to proper functioning of the system. At times (normally, malware issues) a user may need to review other tabs which are suggested by the tipster as "do not touch", but a user should never take it upon herself/himself to play with items on any tab.

Edited by hamluis, 22 August 2009 - 12:34 PM.


#9 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:05:07 AM

Posted 22 August 2009 - 03:00 PM

ok, i am checking the registry and i found one entry for Outpost....

it says:

Name: ab Default Type: Reg_SZ Outpost.LogSnapInAbout

and it is in a folder with a long strings of letters and numbers name, and the folder says VersionIndependent ProgID

does that mean that my registry still thinks it is in my system? and should i delete the folder or just leave it? it does not show up as on the start up menu at all, i dont think, i will copy down the full folder name and see if that shows up


and i keep getting the same BSOD now, with the AVHook: being caused by the PC tools driver PCTAV

i cant find PCTAV.exe on the computer anywhere but there IS a registry entry for it, ...if i delete that registry entry will that turn it off? for some reason the actual exe. is proving very hard to find

is there a RUN command that will delete it? i seem to recall a comand you can enter in the run box and it will delete a program and get rid of it when you reboot...


Microsoft ® Windows Debugger Version 6.9.0003.113 X86
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini121508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Tue Dec 16 00:54:00.218 2008 (GMT-6)
System Uptime: 1 days 11:39:19.870
Loading Kernel Symbols
...................................................................................................................................................
Loading User Symbols
Loading unloaded module list
......................................
Unable to load image AVHook.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for AVHook.sys
*** ERROR: Module load completed but symbols could not be loaded for AVHook.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {b0, 2, 0, 804ee24b}

Probably caused by : AVHook.sys ( AVHook+1e4e )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000b0, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804ee24b, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 000000b0

CURRENT_IRQL: 2

FAULTING_IP:
nt!IoDetachDevice+27
804ee24b 8b80b0000000 mov eax,dword ptr [eax+0B0h]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: PCTAV.exe

LAST_CONTROL_TRANSFER: from f12e1e4e to 804ee24b

STACK_TEXT:
b6791008 f12e1e4e 885846d0 8a65bad0 8a2f7bb8 nt!IoDetachDevice+0x27
WARNING: Stack unwind information not available. Following frames may be wrong.
b6791090 804edfe3 88800690 8a65bac0 8a65bac0 AVHook+0x1e4e
b67910a0 80577672 8a638320 8a275e44 b6791248 nt!IopfCallDriver+0x31
b6791180 805b390a 8a638338 00000000 8a275da0 nt!IopParseDevice+0xa12
b6791208 805afdeb 00000000 b6791248 00000040 nt!ObpLookupObjectName+0x56a
b679125c 8056a3b1 00000000 00000000 00000001 nt!ObOpenObjectByName+0xeb
b67912d8 8056ad28 0012cb9c 00100001 0012cb40 nt!IopCreateFile+0x407
b6791334 8056e50f 0012cb9c 00100001 0012cb40 nt!IoCreateFile+0x8e
b6791374 8053ca28 0012cb9c 00100001 0012cb40 nt!NtOpenFile+0x27
b6791374 7c90eb94 0012cb9c 00100001 0012cb40 nt!KiFastCallEntry+0xf8
0012ce0c 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
AVHook+1e4e
f12e1e4e ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: AVHook+1e4e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: AVHook

IMAGE_NAME: AVHook.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 452c4918

FAILURE_BUCKET_ID: 0xA_AVHook+1e4e

BUCKET_ID: 0xA_AVHook+1e4e

Followup: MachineOwner
---------

kd> lmvm AVHook
start end module name
f12e0000 f12ea000 AVHook T (no symbols)
Loaded symbol image file: AVHook.sys
Image path: AVHook.sys
Image name: AVHook.sys
Timestamp: Tue Oct 10 19:30:00 2006 (452C4918)
CheckSum: 0001482D
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

Edited by CrisGer, 22 August 2009 - 03:29 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users