Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Bsod, Memory Corruption Crash Dump


  • This topic is locked This topic is locked
6 replies to this topic

#1 IBrokeIt

IBrokeIt

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 15 May 2007 - 10:04 PM

Hey there, I'm having random BSoD's, anywhere from a couple hours to a day or so. Not exactly sure when they started happening, since the computer used to reboot itself (I changed that so I could see the stop error). Here's a small history of some problems I'd been having prior to the BSoD's:

I had been using Nintendo's WiFi USB Connector (by Buffalo), and had many problems with it, mostly with not connecting to the internet (using the Nintendo Wii and DS), but my computer also randomly froze completely (no reset, no blue screen, nothing), with no indication of why. Usually it was just sitting on the desktop with nothing running but my Firewall and basic utilities (see under Software). This happened at random times, usually at night, and had happened while I was at the computer as well. I talked to Nintendo, and they told me not to use Spy-bot, Ad-aware, or AVG. I took them off (although I really didn't want to), and I still had the problems. So I am in the process of sending that back, and have completely uninstalled all of the software included with the USB WiFi connector. I had the exact same problem with a 3rd-party WiFi USB connector (WiFiMAX) before this. BTW the Nintendo tech Representative I spoke to was kind of a prick (you just don't whisper F**k! on a customer call!) and didn't seem to know what he was talking about (sounded like he was reading off of a screen).

Here's the next piece of history:

I upgraded the RAM from 256MB to 2GB (maximum allowed on the motherboard) and also to the maximum speed allowed (PC-3200), when it was previously PC-2700. I think I started having the blue screens at this time. So I took the new RAM out, replaced it with the old ram again (I'm very careful about static discharge, although I do not have a wrist strap). But I still had blue screen problems (at this time the computer was resetting). So I replaced the RAM again with the new RAM, since I didn't think it was a RAM problem.

Now since then, and I'm not sure if I had the BlueScreens during the time I had the WiFi connector (sorry), I've been having nothing but problems with random blue screens. The computer usually runs very well (DOOM3 Ultramode with no Antialiasing is surprisingly smooth), and I also ran MEMTEST just to be sure I wasn't having problems with the RAM (3 passes, no errors).

I had been using Avira Antivir, as was a friend of mine. He was having very strange computer problems, so he uninstalled Antivir and his computer is fine. I tried the same thing, but it didn't help. Avast! seems ok, though, so I kept it on the computer.

Anything you can do to help will be more than appreciated, since I've been tearing my hair out for several weeks on this... It has gone days without BSoDing before, but they always come back.

Below is my computer description, HijackThis log, Crash dump, and CPUz Registers dump.




Software:
Windows XP Professional SP2

Avast!
Ad-Aware Personal (no resident)
Spy-Bot Search and Destroy (with Tea Timer)
Comodo Firewall

SiSoftware Sandra
HijackThis
Debugging Tools for Windows
CPUz


Computer: (Custom Built)

CPU: 2.6 GHz Pentium 4 Northwood Socket 478 mPGA
MB: BioStar P4VTB (http://www.biostar-usa.com/mbdetails.asp?model=p4vtb), Phoenix BIOS 6.00
RAM: 2GB (1GB sticks) G.Skill DDR 400 PC-3200
HDD: 2 75GB Hard drives

Soundcard: Creative Audigy 2 EX (With external box)
Video Card: 256MB XFX NVidia GeForce 6800GT AGP 8X
Printer: Brother HL-2040 Black Laser Printer
Webcam: Logitech QuickCam Messenger
Speakers: Crappy, old

Internet: Cable, 5-7 Mbps, BendBroadband.com
Modem: Motorola SB5101 Surfboard Cable Modem

DVD +-RW
DVD (not connected)


One more thing: The crash dump is usually very inconsistent, but lately it's been mostly "memory corruption" and ntoskrnl.exe Not sure what to make of it.

THANK YOU in advance!

p.s. sorry about the monstrous post


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

HijackThis log:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Logfile of HijackThis v1.99.1
Scan saved at 6:49:41 PM, on 5/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/...b?1175969067359
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-

8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\Sandra Lite\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\Sandra Lite\RpcSandraSrv.exe


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Here is the Crash Dump:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\Program Files\Debugging Tools for Windows\Symbol Path*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Tue May 15 14:28:01.687 2007 (GMT-7)
System Uptime: 0 days 7:30:54.271
Loading Kernel Symbols
.................................................................................................................................................
Loading User Symbols

Loading unloaded module list
........................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {80f02ff4, 2, 0, 804e65de}

Probably caused by : memory_corruption ( nt!MiRemovePageByColor+19 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 80f02ff4, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804e65de, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 80f02ff4

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiRemovePageByColor+19
804e65de 8b7e0c mov edi,dword ptr [esi+0Ch]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: System

TRAP_FRAME: f789e788 -- (.trap 0xfffffffff789e788)
ErrCode = 00000000
eax=ffe7fffd ebx=00000003 ecx=fff7ffff edx=81b03000 esi=80f02fe8 edi=806ee2d0
eip=804e65de esp=f789e7fc ebp=f789e818 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210282
nt!MiRemovePageByColor+0x19:
804e65de 8b7e0c mov edi,dword ptr [esi+0Ch] ds:0023:80f02ff4=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 804e65de to 804e187f

STACK_TEXT:
f789e788 804e65de badb0d00 81b03000 ffdff980 nt!KiTrap0E+0x233
f789e818 804e7cf4 00000000 00008000 00000000 nt!MiRemovePageByColor+0x19
f789e844 8069debd 8a6c03e8 00000000 00000044 nt!MmZeroPageThread+0x9a
f789edac 8057d0f1 80087000 00000000 00000000 nt!Phase1Initialization+0x1144
f789eddc 804f827a 8069f38a 80087000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiRemovePageByColor+19
804e65de 8b7e0c mov edi,dword ptr [esi+0Ch]

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 45e54711

SYMBOL_NAME: nt!MiRemovePageByColor+19

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xA_nt!MiRemovePageByColor+19

BUCKET_ID: 0xA_nt!MiRemovePageByColor+19

Followup: MachineOwner
---------

kd> lmvm nt
start end module name
804d7000 806eb500 nt (pdb symbols) c:\Program Files\Debugging Tools for Windows\Symbol

Path\ntoskrnl.pdb\A3930799CDF74A3CA818CCF481C59BAB2\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Wed Feb 28 01:10:41 2007 (45E54711)
CheckSum: 0021EF64
ImageSize: 00214500
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntoskrnl.exe
OriginalFilename: ntoskrnl.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
kd> lmv
start end module name
804d7000 806eb500 nt (pdb symbols) c:\Program Files\Debugging Tools for Windows\Symbol

Path\ntoskrnl.pdb\A3930799CDF74A3CA818CCF481C59BAB2\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Wed Feb 28 01:10:41 2007 (45E54711)
CheckSum: 0021EF64
ImageSize: 00214500
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntoskrnl.exe
OriginalFilename: ntoskrnl.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
806ec000 8070c380 hal (deferred)
Image path: halaacpi.dll
Image name: halaacpi.dll
Timestamp: Tue Aug 03 22:59:05 2004 (41107B29)
CheckSum: 0002CFD1
ImageSize: 00020380
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b46ab000 b46eb280 HTTP (deferred)
Image path: \SystemRoot\System32\Drivers\HTTP.sys
Image name: HTTP.sys
Timestamp: Thu Mar 16 17:33:09 2006 (441A03C5)
CheckSum: 00047848
ImageSize: 00040280
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b47f4000 b47f7b20 aswRdr (deferred)
Image path: \SystemRoot\System32\Drivers\aswRdr.SYS
Image name: aswRdr.SYS
Timestamp: Mon Apr 30 08:39:37 2007 (46360DB9)
CheckSum: 00014FC8
ImageSize: 00003B20
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b4da5000 b4df6480 srv (deferred)
Image path: \SystemRoot\system32\DRIVERS\srv.sys
Image name: srv.sys
Timestamp: Mon Aug 14 03:34:39 2006 (44E051BF)
CheckSum: 00059B2B
ImageSize: 00051480
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b58c7000 b58f3400 mrxdav (deferred)
Image path: \SystemRoot\system32\DRIVERS\mrxdav.sys
Image name: mrxdav.sys
Timestamp: Tue Aug 03 23:00:49 2004 (41107B91)
CheckSum: 000398F1
ImageSize: 0002C400
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b5ada000 b5aee400 wdmaud (deferred)
Image path: \SystemRoot\system32\drivers\wdmaud.sys
Image name: wdmaud.sys
Timestamp: Wed Jun 14 02:00:44 2006 (448FD03C)
CheckSum: 000171EC
ImageSize: 00014400
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b5bd7000 b5bd9b80 secdrv (deferred)
Image path: \SystemRoot\system32\DRIVERS\secdrv.sys
Image name: secdrv.sys
Timestamp: Thu Nov 14 03:52:30 2002 (3DD38E7E)
CheckSum: 00009E88
ImageSize: 00002B80
File version: 3.18.0.0
Product version: 3.18.0.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04e4
CompanyName: Macrovision Europe Ltd
ProductName: Security Windows NT
InternalName: SECDRV
OriginalFilename: SECDRV.SYS
ProductVersion: 3.18.000 Windows NT 2002/11/14
FileVersion: 3.18.000
FileDescription: Macrovision SECURITY Driver
LegalCopyright: Copyright © 1998-2002 Macrovision Corp.
Comments: StringFileInfo: U.S. English
b651f000 b6534600 aswMon2 (deferred)
Image path: \SystemRoot\System32\Drivers\aswMon2.SYS
Image name: aswMon2.SYS
Timestamp: Fri Apr 27 14:28:55 2007 (46326B17)
CheckSum: 000208F8
ImageSize: 00015600
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b65d5000 b65e2a80 nwlnkspx (deferred)
Image path: \SystemRoot\system32\DRIVERS\nwlnkspx.sys
Image name: nwlnkspx.sys
Timestamp: Fri Aug 17 13:54:16 2001 (3B7D8478)
CheckSum: 00019D4A
ImageSize: 0000DA80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b6625000 b663a980 nwlnkipx (deferred)
Image path: \SystemRoot\system32\DRIVERS\nwlnkipx.sys
Image name: nwlnkipx.sys
Timestamp: Tue Aug 03 23:03:29 2004 (41107C31)
CheckSum: 00020CF8
ImageSize: 00015980
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b6f53000 b6f61d80 sysaudio (deferred)
Image path: \SystemRoot\system32\drivers\sysaudio.sys
Image name: sysaudio.sys
Timestamp: Tue Aug 03 23:15:54 2004 (41107F1A)
CheckSum: 00013320
ImageSize: 0000ED80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b6fc3000 b6fc6280 ndisuio (deferred)
Image path: \SystemRoot\system32\DRIVERS\ndisuio.sys
Image name: ndisuio.sys
Timestamp: Tue Aug 03 23:03:10 2004 (41107C1E)
CheckSum: 00003A23
ImageSize: 00003280
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: NDISUIO.SYS
OriginalFilename: NDISUIO.SYS
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: NDIS User mode I/O Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
b77a8000 b77ac900 LVPr2Mon (deferred)
Image path: \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
Image name: LVPr2Mon.sys
Timestamp: Tue Feb 06 16:41:29 2007 (45C92039)
CheckSum: 0000824E
ImageSize: 00004900
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b781b000 b7832480 dump_atapi (deferred)
Image path: \SystemRoot\System32\Drivers\dump_atapi.sys
Image name: dump_atapi.sys
Timestamp: Tue Aug 03 22:59:41 2004 (41107B4D)
CheckSum: 00020950
ImageSize: 00017480
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: atapi.sys
OriginalFilename: atapi.sys
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: IDE/ATAPI Port Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
b791e000 b7ab9580 LVcKap (deferred)
Image path: \SystemRoot\system32\DRIVERS\LVcKap.sys
Image name: LVcKap.sys
Timestamp: Tue Feb 06 16:43:40 2007 (45C920BC)
CheckSum: 0019DE08
ImageSize: 0019B580
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b7aba000 b7b9d600 LV302V32 (deferred)
Image path: \SystemRoot\system32\DRIVERS\LV302V32.SYS
Image name: LV302V32.SYS
Timestamp: Sat Feb 03 09:58:26 2007 (45C4CD42)
CheckSum: 000F0918
ImageSize: 000E3600
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b7d7c000 b7deaa00 mrxsmb (deferred)
Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys
Image name: mrxsmb.sys
Timestamp: Fri May 05 02:41:42 2006 (445B1DD6)
CheckSum: 0007CA79
ImageSize: 0006EA00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b7deb000 b7e15a00 rdbss (deferred)
Image path: \SystemRoot\system32\DRIVERS\rdbss.sys
Image name: rdbss.sys
Timestamp: Fri May 05 02:47:55 2006 (445B1F4B)
CheckSum: 000345EF
ImageSize: 0002AA00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b7e16000 b7e37d00 afd (deferred)
Image path: \SystemRoot\System32\drivers\afd.sys
Image name: afd.sys
Timestamp: Tue Aug 03 23:14:13 2004 (41107EB5)
CheckSum: 0002DC47
ImageSize: 00021D00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b7e38000 b7e5fc00 netbt (deferred)
Image path: \SystemRoot\system32\DRIVERS\netbt.sys
Image name: netbt.sys
Timestamp: Tue Aug 03 23:14:36 2004 (41107ECC)
CheckSum: 00033EE9
ImageSize: 00027C00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b7e60000 b7e72700 cmdmon (deferred)
Image path: \SystemRoot\System32\DRIVERS\cmdmon.sys
Image name: cmdmon.sys
Timestamp: Sun Jan 28 04:03:29 2007 (45BC9111)
CheckSum: 0001B41B
ImageSize: 00012700
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b7e73000 b7e93f00 ipnat (deferred)
Image path: \SystemRoot\system32\DRIVERS\ipnat.sys
Image name: ipnat.sys
Timestamp: Wed Sep 29 15:28:36 2004 (415B3714)
CheckSum: 00024074
ImageSize: 00020F00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b7ebc000 b7f13d80 tcpip (deferred)
Image path: \SystemRoot\system32\DRIVERS\tcpip.sys
Image name: tcpip.sys
Timestamp: Thu Apr 20 04:51:47 2006 (444775D3)
CheckSum: 0005F865
ImageSize: 00057D80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b7f14000 b7f26400 ipsec (deferred)
Image path: \SystemRoot\system32\DRIVERS\ipsec.sys
Image name: ipsec.sys
Timestamp: Tue Aug 03 23:14:27 2004 (41107EC3)
CheckSum: 0001A264
ImageSize: 00012400
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b7f9f000 b7fae700 nwlnknb (deferred)
Image path: \SystemRoot\system32\DRIVERS\nwlnknb.sys
Image name: nwlnknb.sys
Timestamp: Fri Aug 17 13:54:16 2001 (3B7D8478)
CheckSum: 0001C115
ImageSize: 0000F700
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b800f000 b80ab000 ctac32k (deferred)
Image path: \SystemRoot\system32\drivers\ctac32k.sys
Image name: ctac32k.sys
Timestamp: Thu Aug 10 23:45:14 2006 (44DC277A)
CheckSum: 00081570
ImageSize: 0009C000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b80ab000 b80d2000 ctsfm2k (deferred)
Image path: \SystemRoot\system32\drivers\ctsfm2k.sys
Image name: ctsfm2k.sys
Timestamp: Thu Aug 10 23:45:18 2006 (44DC277E)
CheckSum: 000275C8
ImageSize: 00027000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b80d2000 b80ff000 emupia2k (deferred)
Image path: \SystemRoot\system32\drivers\emupia2k.sys
Image name: emupia2k.sys
Timestamp: Thu Aug 10 23:45:17 2006 (44DC277D)
CheckSum: 00013B96
ImageSize: 0002D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b80ff000 b8203000 ha10kx2k (deferred)
Image path: \SystemRoot\system32\drivers\ha10kx2k.sys
Image name: ha10kx2k.sys
Timestamp: Thu Aug 10 23:45:24 2006 (44DC2784)
CheckSum: 000BD2C0
ImageSize: 00104000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
b8203000 b822d000 hap16v2k (deferred)
Image path: \SystemRoot\system32\drivers\hap16v2k.sys
Image name: hap16v2k.sys
Timestamp: Thu Aug 10 23:45:26 2006 (44DC2786)
CheckSum: 0002D547
ImageSize: 0002A000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba355000 ba388200 update (deferred)
Image path: \SystemRoot\system32\DRIVERS\update.sys
Image name: update.sys
Timestamp: Tue Aug 03 22:58:32 2004 (41107B08)
CheckSum: 0003A526
ImageSize: 00033200
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba389000 ba3b9100 rdpdr (deferred)
Image path: \SystemRoot\system32\DRIVERS\rdpdr.sys
Image name: rdpdr.sys
Timestamp: Tue Aug 03 23:01:10 2004 (41107BA6)
CheckSum: 000336EE
ImageSize: 00030100
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba3fa000 ba3fe500 watchdog (deferred)
Image path: \SystemRoot\System32\watchdog.sys
Image name: watchdog.sys
Timestamp: Tue Aug 03 23:07:32 2004 (41107D24)
CheckSum: 0000FEBA
ImageSize: 00004500
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: watchdog.sys
OriginalFilename: watchdog.sys
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: Watchdog Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
ba40a000 ba41ae00 psched (deferred)
Image path: \SystemRoot\system32\DRIVERS\psched.sys
Image name: psched.sys
Timestamp: Tue Aug 03 23:04:16 2004 (41107C60)
CheckSum: 0001B55A
ImageSize: 00010E00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba41b000 ba431680 ndiswan (deferred)
Image path: \SystemRoot\system32\DRIVERS\ndiswan.sys
Image name: ndiswan.sys
Timestamp: Tue Aug 03 23:14:30 2004 (41107EC6)
CheckSum: 00016813
ImageSize: 00016680
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba432000 ba443900 LMouKE (deferred)
Image path: \SystemRoot\system32\DRIVERS\LMouKE.Sys
Image name: LMouKE.Sys
Timestamp: Tue Jan 23 15:41:35 2007 (45B69D2F)
CheckSum: 0001C7D8
ImageSize: 00011900
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba444000 ba457900 parport (deferred)
Image path: \SystemRoot\system32\DRIVERS\parport.sys
Image name: parport.sys
Timestamp: Tue Aug 03 22:59:04 2004 (41107B28)
CheckSum: 00016E51
ImageSize: 00013900
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba458000 ba4be000 ak0vx4w5 (deferred)
Image path: \SystemRoot\System32\Drivers\ak0vx4w5.SYS
Image name: ak0vx4w5.SYS
Timestamp: Wed Apr 11 10:59:50 2007 (461D2216)
CheckSum: 00054280
ImageSize: 00066000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba4be000 ba4e0e80 USBPORT (deferred)
Image path: \SystemRoot\system32\DRIVERS\USBPORT.SYS
Image name: USBPORT.SYS
Timestamp: Tue Aug 03 23:08:34 2004 (41107D62)
CheckSum: 0002F594
ImageSize: 00022E80
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: usbport.sys
OriginalFilename: usbport.sys
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: USB 1.1 & 2.0 Port Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
ba501000 ba50f780 usbaudio (deferred)
Image path: \SystemRoot\system32\drivers\usbaudio.sys
Image name: usbaudio.sys
Timestamp: Tue Aug 03 23:07:52 2004 (41107D38)
CheckSum: 0001E4DD
ImageSize: 0000E780
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: usbaudio.sys
OriginalFilename: usbaudio.sys
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: USB Audio Class Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
ba511000 ba519700 LVUSBSta (deferred)
Image path: \SystemRoot\system32\drivers\LVUSBSta.sys
Image name: LVUSBSta.sys
Timestamp: Sat Feb 03 09:46:13 2007 (45C4CA65)
CheckSum: 0000CB1D
ImageSize: 00008700
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba521000 ba530900 Cdfs (deferred)
Image path: \SystemRoot\System32\Drivers\Cdfs.SYS
Image name: Cdfs.SYS
Timestamp: Tue Aug 03 23:14:09 2004 (41107EB1)
CheckSum: 0000FB67
ImageSize: 0000F900
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba541000 ba54fd80 arp1394 (deferred)
Image path: \SystemRoot\system32\DRIVERS\arp1394.sys
Image name: arp1394.sys
Timestamp: Tue Aug 03 22:58:28 2004 (41107B04)
CheckSum: 000167BE
ImageSize: 0000ED80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba551000 ba559880 Fips (deferred)
Image path: \SystemRoot\System32\Drivers\Fips.SYS
Image name: Fips.SYS
Timestamp: Fri Aug 17 18:31:49 2001 (3B7DC585)
CheckSum: 0000AB1E
ImageSize: 00008880
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba561000 ba569700 netbios (deferred)
Image path: \SystemRoot\system32\DRIVERS\netbios.sys
Image name: netbios.sys
Timestamp: Tue Aug 03 23:03:19 2004 (41107C27)
CheckSum: 0000E953
ImageSize: 00008700
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: NETBIOS.SYS
OriginalFilename: NETBIOS.SYS
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: NetBIOS interface driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
ba571000 ba579700 wanarp (deferred)
Image path: \SystemRoot\system32\DRIVERS\wanarp.sys
Image name: wanarp.sys
Timestamp: Tue Aug 03 23:04:57 2004 (41107C89)
CheckSum: 0000EFA7
ImageSize: 00008700
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba581000 ba5b4000 ctoss2k (deferred)
Image path: \SystemRoot\system32\drivers\ctoss2k.sys
Image name: ctoss2k.sys
Timestamp: Thu Aug 10 23:45:23 2006 (44DC2783)
CheckSum: 000299B7
ImageSize: 00033000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba5b4000 ba5d6680 ks (deferred)
Image path: \SystemRoot\system32\drivers\ks.sys
Image name: ks.sys
Timestamp: Tue Aug 03 23:15:20 2004 (41107EF8)
CheckSum: 0002E05C
ImageSize: 00022680
File version: 5.3.2600.2180
Product version: 5.3.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.0 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ks.sys
OriginalFilename: ks.sys
ProductVersion: 5.3.2600.2180
FileVersion: 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: Kernel CSA Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
ba5d7000 ba5fa980 portcls (deferred)
Image path: \SystemRoot\system32\drivers\portcls.sys
Image name: portcls.sys
Timestamp: Tue Aug 03 23:15:47 2004 (41107F13)
CheckSum: 0002E05C
ImageSize: 00023980
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.9 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: portcls.sys
OriginalFilename: portcls.sys
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: Port Class (Class Driver for Port/Miniport Devices)
LegalCopyright: © Microsoft Corporation. All rights reserved.
ba5fb000 ba674f80 ctaud2k (deferred)
Image path: \SystemRoot\system32\drivers\ctaud2k.sys
Image name: ctaud2k.sys
Timestamp: Thu Aug 10 23:45:37 2006 (44DC2791)
CheckSum: 00084619
ImageSize: 00079F80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
ba675000 ba688780 VIDEOPRT (deferred)
Image path: \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
Image name: VIDEOPRT.SYS
Timestamp: Tue Aug 03 23:07:04 2004 (41107D08)
CheckSum: 0001B84C
ImageSize: 00013780
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.4 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: videoprt.sys
OriginalFilename: videoprt.sys
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: Video Port Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
ba689000 baa58400 nv4_mini (deferred)
Image path: \SystemRoot\system32\DRIVERS\nv4_mini.sys
Image name: nv4_mini.sys
Timestamp: Sun Oct 22 14:08:02 2006 (453BDDB2)
CheckSum: 003D1E30
ImageSize: 003CF400
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
baddc000 baddfc80 mssmbios (deferred)
Image path: \SystemRoot\system32\DRIVERS\mssmbios.sys
Image name: mssmbios.sys
Timestamp: Tue Aug 03 23:07:47 2004 (41107D33)
CheckSum: 0001304A
ImageSize: 00003C80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
badf4000 badf6580 ndistapi (deferred)
Image path: \SystemRoot\system32\DRIVERS\ndistapi.sys
Image name: ndistapi.sys
Timestamp: Fri Aug 17 13:55:29 2001 (3B7D84C1)
CheckSum: 0000554A
ImageSize: 00002580
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
badf8000 badfa980 gameenum (deferred)
Image path: \SystemRoot\system32\DRIVERS\gameenum.sys
Image name: gameenum.sys
Timestamp: Tue Aug 03 23:08:20 2004 (41107D54)
CheckSum: 00007708
ImageSize: 00002980
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
badfc000 badff500 L8042Kbd (deferred)
Image path: \SystemRoot\system32\DRIVERS\L8042Kbd.sys
Image name: L8042Kbd.sys
Timestamp: Tue Jan 23 15:41:44 2007 (45B69D38)
CheckSum: 0000ECC9
ImageSize: 00003500
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
bae00000 bae03c80 serenum (deferred)
Image path: \SystemRoot\system32\DRIVERS\serenum.sys
Image name: serenum.sys
Timestamp: Tue Aug 03 22:59:06 2004 (41107B2A)
CheckSum: 00009584
ImageSize: 00003C80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
bae20000 bae22280 rasacd (deferred)
Image path: \SystemRoot\system32\DRIVERS\rasacd.sys
Image name: rasacd.sys
Timestamp: Fri Aug 17 13:55:39 2001 (3B7D84CB)
CheckSum: 0000B2E7
ImageSize: 00002280
File version: 5.1.2600.0
Product version: 5.1.2600.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: rasacd.sys
OriginalFilename: rasacd.sys
ProductVersion: 5.1.2600.0
FileVersion: 5.1.2600.0 (xpclient.010817-1148)
FileDescription: RAS Automatic Connection Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
bae34000 bae36f80 ctgame (deferred)
Image path: \SystemRoot\system32\DRIVERS\ctgame.sys
Image name: ctgame.sys
Timestamp: Sun Dec 29 17:06:29 2002 (3E0F9C15)
CheckSum: 0001223D
ImageSize: 00002F80
File version: 5.12.2.100
Product version: 5.12.2.100
File flags: 8 (Mask 3F) Private
File OS: 40004 NT Win32
File type: 3.0 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Creative Technology Ltd.
ProductName: Creative Audio Product
InternalName: ctgame.sys
OriginalFilename: ctgame.sys
ProductVersion: 5.12.02.100
FileVersion: 5.12.02.100
FileDescription: Creative Game Port Enumerator
LegalCopyright: Copyright © Creative Technology Ltd.1997-2002
bae3c000 bae3e900 Dxapi (deferred)
Image path: \SystemRoot\System32\drivers\Dxapi.sys
Image name: Dxapi.sys
Timestamp: Fri Aug 17 13:53:19 2001 (3B7D843F)
CheckSum: 0000ACC2
ImageSize: 00002900
File version: 5.1.2600.0
Product version: 5.1.2600.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: dxapi.sys
OriginalFilename: dxapi.sys
ProductVersion: 5.1.2600.0
FileVersion: 5.1.2600.0 (xpclient.010817-1148)
FileDescription: DirectX API Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
bae74000 bae8e580 Mup (deferred)
Image path: Mup.sys
Image name: Mup.sys
Timestamp: Tue Aug 03 23:15:20 2004 (41107EF8)
CheckSum: 0001F5BD
ImageSize: 0001A580
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
bae8f000 baebba80 NDIS (deferred)
Image path: \WINDOWS\System32\DRIVERS\NDIS.SYS
Image name: NDIS.SYS
Timestamp: Tue Aug 03 23:14:27 2004 (41107EC3)
CheckSum: 0003996E
ImageSize: 0002CA80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
baebc000 baec7d00 raspptp (deferred)
Image path: \SystemRoot\system32\DRIVERS\raspptp.sys
Image name: raspptp.sys
Timestamp: Tue Aug 03 23:14:26 2004 (41107EC2)
CheckSum: 00016284
ImageSize: 0000BD00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
baecc000 baed6200 raspppoe (deferred)
Image path: \SystemRoot\system32\DRIVERS\raspppoe.sys
Image name: raspppoe.sys
Timestamp: Tue Aug 03 23:05:06 2004 (41107C92)
CheckSum: 00017254
ImageSize: 0000A200
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: raspppoe.sys
OriginalFilename: raspppoe.sys
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: RAS PPPoE mini-port/call-manager driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
baedc000 baee8880 rasl2tp (deferred)
Image path: \SystemRoot\system32\DRIVERS\rasl2tp.sys
Image name: rasl2tp.sys
Timestamp: Tue Aug 03 23:14:21 2004 (41107EBD)
CheckSum: 00011D37
ImageSize: 0000C880
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
baf5c000 bafe8400 Ntfs (deferred)
Image path: Ntfs.sys
Image name: Ntfs.sys
Timestamp: Fri Feb 09 03:10:31 2007 (45CC56A7)
CheckSum: 00096DF9
ImageSize: 0008C400
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
bafe9000 bafff780 KSecDD (deferred)
Image path: KSecDD.sys
Image name: KSecDD.sys
Timestamp: Tue Aug 03 22:59:45 2004 (41107B51)
CheckSum: 00025EE6
ImageSize: 00016780
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
bf800000 bf9c2180 win32k (deferred)
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Timestamp: Thu Mar 08 05:47:34 2007 (45F013F6)
CheckSum: 001C4886
ImageSize: 001C2180
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
bf9c3000 bf9d4580 dxg (deferred)
Image path: \SystemRoot\System32\drivers\dxg.sys
Image name: dxg.sys
Timestamp: Tue Aug 03 23:00:51 2004 (41107B93)
CheckSum: 0001D181
ImageSize: 00011580
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
bf9d5000 bfe26580 nv4_disp (deferred)
Image path: \SystemRoot\System32\nv4_disp.dll
Image name: nv4_disp.dll
Timestamp: Sun Oct 22 14:02:50 2006 (453BDC7A)
CheckSum: 00453FB0
ImageSize: 00451580
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
bffa0000 bffe5c00 ATMFD (deferred)
Image path: \SystemRoot\System32\ATMFD.DLL
Image name: ATMFD.DLL
Timestamp: Wed Aug 04 00:56:56 2004 (411096C8)
CheckSum: 00049B67
ImageSize: 00045C00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f7407000 f7413e00 i8042prt (deferred)
Image path: \SystemRoot\system32\DRIVERS\i8042prt.sys
Image name: i8042prt.sys
Timestamp: Tue Aug 03 23:14:36 2004 (41107ECC)
CheckSum: 0001CDB6
ImageSize: 0000CE00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f7417000 f7426d80 serial (deferred)
Image path: \SystemRoot\system32\DRIVERS\serial.sys
Image name: serial.sys
Timestamp: Tue Aug 03 23:15:51 2004 (41107F17)
CheckSum: 00011088
ImageSize: 0000FD80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f7427000 f7435080 redbook (deferred)
Image path: \SystemRoot\system32\DRIVERS\redbook.sys
Image name: redbook.sys
Timestamp: Tue Aug 03 22:59:34 2004 (41107B46)
CheckSum: 00010495
ImageSize: 0000E080
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f7437000 f7443180 cdrom (deferred)
Image path: \SystemRoot\system32\DRIVERS\cdrom.sys
Image name: cdrom.sys
Timestamp: Tue Aug 03 22:59:52 2004 (41107B58)
CheckSum: 0000E599
ImageSize: 0000C180
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f7447000 f7451380 imapi (deferred)
Image path: \SystemRoot\system32\DRIVERS\imapi.sys
Image name: imapi.sys
Timestamp: Tue Aug 03 23:00:12 2004 (41107B6C)
CheckSum: 00012AFC
ImageSize: 0000A380
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f7457000 f7466180 nic1394 (deferred)
Image path: \SystemRoot\system32\DRIVERS\nic1394.sys
Image name: nic1394.sys
Timestamp: Tue Aug 03 22:58:28 2004 (41107B04)
CheckSum: 0001E2EA
ImageSize: 0000F180
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f7467000 f746f360 aswTdi (deferred)
Image path: \SystemRoot\System32\Drivers\aswTdi.SYS
Image name: aswTdi.SYS
Timestamp: Mon Apr 30 08:38:46 2007 (46360D86)
CheckSum: 0001A841
ImageSize: 00008360
File version: 4.7.997.0
Product version: 4.7.0.0
File flags: 8 (Mask 3F) Private
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: ALWIL Software
ProductName: avast! Antivirus System
InternalName: aswTdi.sys
OriginalFilename: aswTdi.sys
ProductVersion: 4.7
FileVersion: 4.7.997.0
FileDescription: avast! TDI Filter Driver
LegalCopyright: Copyright © 1996-2007 ALWIL Software
f7477000 f7485b80 drmk (deferred)
Image path: \SystemRoot\system32\drivers\drmk.sys
Image name: drmk.sys
Timestamp: Tue Aug 03 23:07:54 2004 (41107D3A)
CheckSum: 000157DE
ImageSize: 0000EB80
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: drmk.sys
OriginalFilename: drmk.sys
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: Microsoft Kernel DRM Descrambler Filter
LegalCopyright: © Microsoft Corporation. All rights reserved.
f7497000 f74a7a80 pci (deferred)
Image path: pci.sys
Image name: pci.sys
Timestamp: Tue Aug 03 23:07:45 2004 (41107D31)
CheckSum: 0001D791
ImageSize: 00010A80
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pci.sys
OriginalFilename: pci.sys
ProductVersion: 5.1.2600.2180
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileDescription: NT Plug and Play PCI Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
f74a8000 f74d5d80 ACPI (deferred)
Image path: ACPI.sys
Image name: ACPI.sys
Timestamp: Tue Aug 03 23:07:35 2004 (41107D27)
CheckSum: 00033106
ImageSize: 0002DD80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f74d6000 f74ed800 SCSIPORT (deferred)
Image path: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Image name: SCSIPORT.SYS
Timestamp: Tue Aug 03 22:59:39 2004 (41107B4B)
CheckSum: 0001CC02
ImageSize: 00017800
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f74ee000 f75d6000 sptd (deferred)
Image path: sptd.sys
Image name: sptd.sys
Timestamp: Tue Apr 03 05:12:11 2007 (4612449B)
CheckSum: 000AF536
ImageSize: 000E8000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f75f7000 f7605e80 ohci1394 (deferred)
Image path: ohci1394.sys
Image name: ohci1394.sys
Timestamp: Tue Aug 03 23:10:05 2004 (41107DBD)
CheckSum: 0001C45C
ImageSize: 0000EE80
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f7607000 f7614000 1394BUS (deferred)
Image path: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Image name: 1394BUS.SYS
Timestamp: Tue Aug 03 23:10:03 2004 (41107DBB)
CheckSum: 00017E0F
ImageSize: 0000D000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
f7617000 f761fc00 isapnp (deferred)
Image path: isapnp.sys
Image name: isapnp.sys
Timestamp: Fri Aug 17 13:58:01 2001 (3B7D8559)
CheckSum: 0000BB35
ImageSize: 00008C00
File version: 5.1.2600.0
Product version: 5.1.2600.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation

Edited by IBrokeIt, 15 May 2007 - 10:45 PM.


BC AdBot (Login to Remove)

 


#2 IBrokeIt

IBrokeIt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 16 May 2007 - 12:03 PM

I'm not sure why someone moved my post to the "Hijack this Logs and Analysis" area, since it's only for posting HijackThis logs. I'm having STOP errors, and my post concerns the Crash dump more than anything else. If someone could please move it back to a more appropriate area, I would appreciate it. Also it would be nice if I was notified that my post was moved, not sure how this works though (or who even moved it?)



Here is a Crash Dump from today. The STOP error occurred while playing Diablo II (barely even 1 minute), and stated that LVMVDrv.sys was at fault. During the blue screen the music was going crazy and making strange grinding noises and repeating.
__________________________________________________________________



Microsoft ® Windows Debugger Version 6.7.0005.0
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\Program Files\Debugging Tools for Windows\Symbol Path*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Wed May 16 09:43:00.468 2007 (GMT-7)
System Uptime: 0 days 4:19:24.072
Loading Kernel Symbols
...................................................................................................................................................
Loading User Symbols

Loading unloaded module list
.........................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D4, {b7d74ff0, 2, 1, 804f7ec3}

Probably caused by : rdbss.sys ( rdbss!RxpWorkerThreadDispatcher+18a )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD (d4)
A driver unloaded without cancelling lookaside lists, DPCs, worker threads, etc.
The broken driver's name is displayed on the screen.
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
An attempt was made to access the driver at raised IRQL after it unloaded.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: b7d74ff0, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 804f7ec3, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: b7d74ff0

CURRENT_IRQL: 2

FAULTING_IP:
nt!KeTerminateThread+6a
804f7ec3 894204 mov dword ptr [edx+4],eax

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD4

PROCESS_NAME: System

TRAP_FRAME: b4cf0c0c -- (.trap 0xffffffffb4cf0c0c)
ErrCode = 00000002
eax=b7df4fec ebx=00000000 ecx=b7df4fcc edx=b7d74fec esi=886583c0 edi=8a6c0660
eip=804f7ec3 esp=b4cf0c80 ebp=b4cf0c98 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
nt!KeTerminateThread+0x6a:
804f7ec3 894204 mov dword ptr [edx+4],eax ds:0023:b7d74ff0=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 804f7ec3 to 804e187f

STACK_TEXT:
b4cf0c0c 804f7ec3 badb0d00 b7d74fec 00000030 nt!KiTrap0E+0x233
b4cf0c98 8057b629 00000000 886583c0 88658608 nt!KeTerminateThread+0x6a
b4cf0d40 8057b746 00000000 00000000 b7df4f5c nt!PspExitThread+0x6c1
b4cf0d60 8057d24e 886583c0 00000000 b4cf0d9c nt!PspTerminateThreadByPointer+0x52
b4cf0d70 b7deb54a 00000000 886583c0 00000000 nt!PsTerminateSystemThread+0x24
b4cf0d9c b7df5845 01df4f5c b7df5148 b4cf0ddc rdbss!RxpWorkerThreadDispatcher+0x18a
b4cf0dac 8057d0f1 b7df4f5c 00000000 00000000 rdbss!RxWorkerThreadDispatcher+0x1a
b4cf0ddc 804f827a b7df582b b7df4f5c 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
rdbss!RxpWorkerThreadDispatcher+18a
b7deb54a 5e pop esi

SYMBOL_STACK_INDEX: 5

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: rdbss

IMAGE_NAME: rdbss.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 445b1f4b

SYMBOL_NAME: rdbss!RxpWorkerThreadDispatcher+18a

FAILURE_BUCKET_ID: 0xD4_W_rdbss!RxpWorkerThreadDispatcher+18a

BUCKET_ID: 0xD4_W_rdbss!RxpWorkerThreadDispatcher+18a

Followup: MachineOwner
---------

kd> lmvm rdbss
start end module name
b7deb000 b7e15a00 rdbss (pdb symbols) c:\Program Files\Debugging Tools for Windows\Symbol Path\rdbss.pdb\841B86559D834030A09A8292A9BA02C32\rdbss.pdb
Loaded symbol image file: rdbss.sys
Image path: \SystemRoot\system32\DRIVERS\rdbss.sys
Image name: rdbss.sys
Timestamp: Fri May 05 02:47:55 2006 (445B1F4B)
CheckSum: 000345EF
ImageSize: 0002AA00
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

#3 IBrokeIt

IBrokeIt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 17 May 2007 - 09:24 PM

My computer hasn't had a STOP error in since yesterday, even under heavy use. Here's what happened:

After my last post, I had two more stop errors, referencing a driver for COMODO firewall. On a hunch, I removed COMODO and just used plain old Windows Firewall (I have TeaTimer and Avast! running, so I'm not completely unsafe). Since then, no STOP errors. I was able to play Diablo II while running Azureus3, which tended to be the time when the computer would BSoD. It almost always had BSoD'd overnight, so I'm hopeful. Also I ran Memtest, 9 passes, with no errors, so I think it's safe to say that it wasn't a memory problem. More things I noticed:

Using COMODO, in the logs I noticed that I kept getting the Violation UDP something or other Unreachable (sorry for the lack of details). It would occur 3-5 times within one second, pause, then happen again. That made me think that COMODO was giving me more problems. I read something about a Port scan attack, but I didn't understand it, but it made me wary. I also read something about the integrity of the computer being compromised by an attack on computers using COMODO, which would cause it to BSoD, supposedly it had been fixed, but I was still wary. In any case, COMODO is gone, and my computer is running fine. I'll update again in a day or so, and if my computer makes it past a week with no Blue Screen, I'll consider it problem solved.

P.S. Anybody know a good, free, firewall I could use? I used to use ZoneAlarm, but their free version has gone to crap now. Thanks.

#4 IBrokeIt

IBrokeIt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 18 May 2007 - 07:21 PM

Hey, guess what? KABOOM!!! Here you go:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Microsoft ® Windows Debugger Version 6.7.0005.0
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: SRV*c:\Program Files\Debugging Tools for Windows\Symbol Path*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620
Debug session time: Fri May 18 14:02:05.250 2007 (GMT-7)
System Uptime: 1 days 8:03:33.853
Loading Kernel Symbols
................................................................................................................................................
Loading User Symbols

Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {80f02ff4, 2, 0, 804e65de}

Probably caused by : memory_corruption ( nt!MiRemovePageByColor+19 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 80f02ff4, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804e65de, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 80f02ff4

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiRemovePageByColor+19
804e65de 8b7e0c mov edi,dword ptr [esi+0Ch]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: System

TRAP_FRAME: f789e788 -- (.trap 0xfffffffff789e788)
ErrCode = 00000000
eax=ffe7fffd ebx=0000000b ecx=fff7ffff edx=81b03000 esi=80f02fe8 edi=806ee2d0
eip=804e65de esp=f789e7fc ebp=f789e818 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210282
nt!MiRemovePageByColor+0x19:
804e65de 8b7e0c mov edi,dword ptr [esi+0Ch] ds:0023:80f02ff4=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 804e65de to 804e187f

STACK_TEXT:
f789e788 804e65de badb0d00 81b03000 8a63a11c nt!KiTrap0E+0x233
f789e818 804e7cf4 00000000 00008000 00000000 nt!MiRemovePageByColor+0x19
f789e844 8069debd 8a6c03e8 00000000 00000044 nt!MmZeroPageThread+0x9a
f789edac 8057d0f1 80087000 00000000 00000000 nt!Phase1Initialization+0x1144
f789eddc 804f827a 8069f38a 80087000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiRemovePageByColor+19
804e65de 8b7e0c mov edi,dword ptr [esi+0Ch]

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 45e54711

SYMBOL_NAME: nt!MiRemovePageByColor+19

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: 0xA_nt!MiRemovePageByColor+19

BUCKET_ID: 0xA_nt!MiRemovePageByColor+19

Followup: MachineOwner
---------

kd> lmvm nt
start end module name
804d7000 806eb500 nt (pdb symbols) c:\Program Files\Debugging Tools for Windows\Symbol Path\ntoskrnl.pdb\A3930799CDF74A3CA818CCF481C59BAB2\ntoskrnl.pdb
Loaded symbol image file: ntoskrnl.exe
Image path: ntoskrnl.exe
Image name: ntoskrnl.exe
Timestamp: Wed Feb 28 01:10:41 2007 (45E54711)
CheckSum: 0021EF64
ImageSize: 00214500
File version: 5.1.2600.3093
Product version: 5.1.2600.3093
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntoskrnl.exe
OriginalFilename: ntoskrnl.exe
ProductVersion: 5.1.2600.3093
FileVersion: 5.1.2600.3093 (xpsp_sp2_gdr.070227-2254)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@


Still says memory corruption. Is my motherboard messed up? Should I re-seat my ram? I'll try it anyways, but MAN this is frustrating.

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:49 AM

Posted 20 May 2007 - 10:30 AM

Hello IBrokeIt and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

The reason why the topic was moved to this forum is because it contained a HijackThis log. HijackThis logs can only be reviewed here.

BSOD's are typically caused by hardware issues. Either a bad piece of hardware or a bad driver for hardware. My first guess would be memory. If there are 2 sticks then try removing one and running with just that. If there are no issues the swap it out for the other one and try that. If no problems show up when either one is running singly then I would guess a motherboard issue and the timing between the 2 sticks. If one or the other has issues by itself then it would point to a bad stick.

The HijackThis forum deals exclusively with virus and malware issues. HijackThis cannot analyze performance, hardware or application issues. If the issues continue then I would suggest posting the dumps to the The techs in that forum specialize in matters pertaining to hardware issues. When posting to any other forum, do not post a HijackThis log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis is used for and that is what we specialize in here in this forum.

When posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 IBrokeIt

IBrokeIt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 28 June 2007 - 05:28 PM

The reason why the topic was moved to this forum is because it contained a HijackThis log. HijackThis logs can only be reviewed here.


I was just making sure that someone had all the information possible when I posted my problem (next time I won't post a HijackThis log).

Sorry for not updating:

It was the motherboard. I knew it couldn't be the RAM because the stop errors started after I installed the new RAM, so I put the old RAM back in, and I was having the same errors as I had with the new RAM. I think it would be too rare for all 3 sticks to burn out (especially brand new ones). I also ran about 6 different kinds of memory tests (burn-in, Windows software tests, boot-time memory tests) and all of them returned no errors, even overnight.

I used a PCI LED POST reader, and that showed that the motherboard started properly, so it was really just a guess that the motherboard was the problem. I thought it might have been the processor, also. So I went on a hunch and got a replacement motherboard (mini-atx this time), slightly updated and a different brand. I haven't had a single BSoD since. Runs perfectly (well, as perfectly as the OS will let it).

A friend of mine said that it was possible that I damaged the motherboard when I used an air compressor to blow out the dust. I probably won't do that again, but is that possible? I hate buying the stupidly expensive air cartridges and cans... I never read about not using air compressors in the A+ cert. manuals...



Anyways, problem fixed.

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:49 AM

Posted 30 June 2007 - 07:51 AM

Hi IBrokeIt. That would all make sense. As far as compressed air, I have never heard of that causing any issues (and I use it all the time). I suppose anything is possible but I would highly doubt it. It would be more likely that either the board just went bad or when replacing the memory, if you were not grounded properly, the board was shorted out by static electricity. Hard to say.

Anyway, glad to hear things are running normally now. I will now close this topic. If you have any future malware related questions or issues please start a new topic.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users