Help Hijacked and getting blue screen of death

Hi Misticl

Did it say which drivers?

Going through your start up list there are a few drivers that come up with BSOD errors, most have to do with NVIDIA.

Let me know if you were told which drivers.
I also have someone else looking at these logs, I'm waiting for her report.

In the mean time lets get rid of that file in your msconfig.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

• regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Now copy and paste everything in the code box below to "Note Padâ€.
Name it "fix.reg" and under file type select "All Filesâ€
Save it to your desk Top.
Once saved, double click "fix.reg file" and let it merge with the registry.

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsHive]

Reboot your computer and check your msconfig to see if that file is gone.

Geri

 

Ok first the good news. The rpcc is gone from msconfig!!!.
The bad news. The errors when i had them report to MS it would just open a generic page about make sure you have the proper drivers installed and so forth. Now this is an entirely new machine as of liike about 4 months ago. Should i post a DXDiag of my system specs?

 

Ok. I dont mean any disrespect here but i am about 2 crashes away from a reformat. I am getting bluescreens left and right now and last was just a complete and total lockup. Last time all this was happening on my old system 2 things happened. 1. 500 GB hd wasted. 2. Mother board southbridge wasted. So yes the rpcc is gone but since the registry things you had me do seems to have elevated the system crashs and now complete lockups.

 

Hi Misticl
I haven't been avoiding this, I have others looking in here to see if they can see what the problem is.

Neither one of those tools would be causing this problem.

So in the mean time lets do this.
Please follow the instructions exactly as given.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
6. Under "Reports "
   • Select "Automatically generate report after every scan "
   • Un-Select "Only if threats were found "

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions "
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Please post the log.

Also, Do you have your windowsXP CD?

Geri

 

OK sorry it has been a little bit crazy lately in RL. So i did this scanand it produces 3 BSOD errors. So i left the comp of for a bit and it finally rebooted after selecting "last known good configuration ". The 3 errors were in order: Bad pool header, Bad pool caller, PFN list corrupt.

here is the log you requested and yes i have my xp cd

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:19:56 PM 5/23/2007

+ Scan result:



C:\System Volume Information\_restore{F46F8A40-2F20-402E-A479-870131CBA70D}\RP86\A0021914.exe -> Proxy.Dlena.nam : Cleaned.
C:\Documents and Settings\Main\Cookies\main@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Main\Cookies\main@2.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Main\Cookies\main@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Main\Cookies\main@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Main\Cookies\main@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Main\Cookies\main@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Main\Cookies\main@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Main\Cookies\main@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Main\Cookies\main@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Main\Cookies\main@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Main\Cookies\main@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Main\Cookies\main@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Main\Cookies\main@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Main\Cookies\main@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Main\Cookies\main@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Main\Cookies\main@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Main\Cookies\main@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Main\Cookies\main@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Main\Cookies\main@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Main\Cookies\main@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Main\Cookies\main@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Main\Cookies\main@ehg-cskautocorporation.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Main\Cookies\main@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Main\Cookies\main@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Main\Cookies\main@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Main\Cookies\main@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Main\Cookies\main@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Main\Cookies\main@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Main\Cookies\main@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Main\Cookies\main@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Main\Cookies\main@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Main\Cookies\main@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Main\Cookies\main@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Main\Cookies\main@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Main\Cookies\main@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Main\Cookies\main@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Main\Cookies\main@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Main\Cookies\main@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Main\Cookies\main@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Main\Cookies\main@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Main\Cookies\main@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{F46F8A40-2F20-402E-A479-870131CBA70D}\RP87\A0025929.exe -> Trojan.Zapchast.ca : Cleaned.


::Report end

 

Hi Misticl

OK I'm going to ask for some help here. I believe this is not malware created, because nothing is really showing up in your logs.

I am going to ask noahdfear to take a look here, please follow any instructions he may have.

Geri

 

Hi Misticl

It's likely that the errors are caused by a driver. Despite having a relatively new system, please check with the component manufacturers for possible driver updates. Please list all system components, including any USB devices attached. I would also like for you to follow the instructions in the following link, then post data dump logs. If you can possibly identify the ones related to the 3 mentioned above (Bad Pool Header, Bad Pool Caller and PFN list corrupt) by date and time, I'd like to see those in particularly.

Crash Dump Data Collection

I would also like you to uninstall the NVidia Network Access Manager software and see if there's any change in the blue screens after a couple of reboots.

On any subsequent blue screens, please take down the entire stop error message and provide that information, eg; STOP: 0x000000C2 (0xParameter_1, 0xParameter_2, 0xParameter_3, 0xParameter_4)
BAD_POOL_CALLER or similar.

 

Ok here is the debuglog i am looking for the Blue screens dump.

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Comment: 'Dr. Watson generated MiniDump'
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Thu May 24 00:00:34.000 2007 (GMT-4)
System Uptime: not available
Process Uptime: 0 days 7:18:22.000
......................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(aec.540): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=00000000 ecx=00163f60 edx=46c5f1b0 esi=00000000 edi=00215c8c
eip=77e7660a esp=46c5f18c ebp=46c5f190 iopl=0 nv up ei ng nz na pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000287
rpcrt4!SIMPLE_DICT::Next+0xf:
77e7660a 833c8600 cmp dword ptr [esi+eax*4],0 ds:0023:00000000=????????
0:014> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*** ERROR: Module load completed but symbols could not be loaded for WoW.exe
*** WARNING: Unable to verify checksum for nview.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for nview.dll -
*** WARNING: Unable to verify checksum for fmod.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for fmod.dll -

FAULTING_IP:
rpcrt4!SIMPLE_DICT::Next+f
77e7660a 833c8600 cmp dword ptr [esi+eax*4],0

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 77e7660a (rpcrt4!SIMPLE_DICT::Next+0x0000000f)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000

DEFAULT_BUCKET_ID: NULL_DEREFERENCE

PROCESS_NAME: WoW.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx ". The memory could not be "%s ".

READ_ADDRESS: 00000000

LAST_CONTROL_TRANSFER: from 7c90e9c0 to 7c90eb94

FOLLOWUP_IP:
WoW+220ddd
00620ddd 56 push esi

SYMBOL_STACK_INDEX: 4

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: WoW

IMAGE_NAME: WoW.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 464a592d

FAULTING_THREAD: 00000ae8

STACK_TEXT:
0012de50 7c90e9c0 7c8025cb 00002948 00000000 ntdll!KiFastSystemCallRet
0012de54 7c8025cb 00002948 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
0012deb8 7c802532 00002948 ffffffff 00000000 kernel32!WaitForSingleObjectEx+0xa8
0012decc 00620ddd 00002948 ffffffff 0012f750 kernel32!WaitForSingleObject+0x12
WARNING: Stack unwind information not available. Following frames may be wrong.
0012df00 00612372 000028dc 0012f640 00000001 WoW+0x220ddd
0012ec98 00612879 85100084 0012eed0 fffffffb WoW+0x212372
0012ef64 030a2e93 0012f640 0012f640 01b2e970 WoW+0x212879
0012f618 7c8436da 0012f640 7c839b09 0012f648 nview!NVQueryDesktopContextMenu+0x2af13
0012f620 7c839b09 0012f648 00000000 0012f648 kernel32!BaseProcessStart+0x39
0012f648 7c9037bf 0012f734 0012ffe0 0012f750 kernel32!_except_handler3+0x61
0012f66c 7c90378b 0012f734 0012ffe0 0012f750 ntdll!ExecuteHandler2+0x26
0012f71c 7c90eafa 00000000 0012f750 0012f734 ntdll!ExecuteHandler+0x24
0012f71c 4fe1e8e0 00000000 0012f750 0012f734 ntdll!KiUserExceptionDispatcher+0xe
0012fa38 4fe1ec03 0000015d 1440fae0 00167940 d3d9!CRMHeap::heapify+0x20
0012fa58 4fe1f4a4 0af47060 00000000 00000000 d3d9!CRMHeap::update+0xc3
0012fa74 4fe59dff 0af47060 00173020 001d1be0 d3d9!CResourceManager::TimeStamp+0x34
0012fae8 4fe76d94 00009f8a 00173020 00173024 d3d9!CD3DBase::UpdateTextures+0x14f
0012fb10 4fe58910 00173020 00000004 00009f8a d3d9!CD3DDDIDX8_DrawIndexedPrimitive+0x24
0012fb58 0057a80f 00173020 00000004 00009f8a d3d9!CD3DBase:rawIndexedPrimitive+0xe0
0012fb8c 00423165 00000001 00009f8a 00000001 WoW+0x17a80f
0012fd64 0042a0b7 07e7f624 07da2cf8 00000005 WoW+0x23165
0012fd80 0042a5cc 024de588 08b53720 08b53708 WoW+0x2a0b7
0012fd9c 00438e1a 00000000 08b53710 08b53720 WoW+0x2a5cc
0012fe68 0041ea8b 00000000 00000000 01f41c08 WoW+0x38e1a
0012fe98 0041bf79 01f41c08 00000011 00000000 WoW+0x1ea8b
0012ff0c 0041d3d1 00000001 004056b3 00000001 WoW+0x1bf79
0012ff24 004056ee 00409239 00400000 00000000 WoW+0x1d3d1
0012ffc0 7c816fd7 0012e890 7c910945 7ffd7000 WoW+0x56ee
0012fff0 00000000 00401000 00000000 00000000 kernel32!BaseProcessStart+0x23


PRIMARY_PROBLEM_CLASS: NULL_DEREFERENCE

BUGCHECK_STR: APPLICATION_FAULT_NULL_DEREFERENCE

SYMBOL_NAME: WoW+220ddd

STACK_COMMAND: ~0s ; kb

FAILURE_BUCKET_ID: APPLICATION_FAULT_NULL_DEREFERENCE_WoW+220ddd

BUCKET_ID: APPLICATION_FAULT_NULL_DEREFERENCE_WoW+220ddd

Followup: MachineOwner
---------

eax=000000c0 ebx=0012e2bb ecx=00000007 edx=0012de30 esi=00002948 edi=00000000
eip=7c90eb94 esp=0012de54 ebp=0012deb8 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
7c90eb94 c3 ret
ChildEBP RetAddr Args to Child
0012de50 7c90e9c0 7c8025cb 00002948 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
0012de54 7c8025cb 00002948 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
0012deb8 7c802532 00002948 ffffffff 00000000 kernel32!WaitForSingleObjectEx+0xa8 (FPO: [Non-Fpo])
0012decc 00620ddd 00002948 ffffffff 0012f750 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
0012df00 00612372 000028dc 0012f640 00000001 WoW+0x220ddd
0012ec98 00612879 85100084 0012eed0 fffffffb WoW+0x212372
0012ef64 030a2e93 0012f640 0012f640 01b2e970 WoW+0x212879
0012f618 7c8436da 0012f640 7c839b09 0012f648 nview!NVQueryDesktopContextMenu+0x2af13
0012f620 7c839b09 0012f648 00000000 0012f648 kernel32!BaseProcessStart+0x39 (FPO: [Non-Fpo])
0012f648 7c9037bf 0012f734 0012ffe0 0012f750 kernel32!_except_handler3+0x61 (FPO: [Uses EBP] [3,0,7])
0012f66c 7c90378b 0012f734 0012ffe0 0012f750 ntdll!ExecuteHandler2+0x26
0012f71c 7c90eafa 00000000 0012f750 0012f734 ntdll!ExecuteHandler+0x24
0012f71c 4fe1e8e0 00000000 0012f750 0012f734 ntdll!KiUserExceptionDispatcher+0xe (FPO: [2,0,0]) (CONTEXT @ 0012f750)
0012fa38 4fe1ec03 0000015d 1440fae0 00167940 d3d9!CRMHeap::heapify+0x20 (FPO: [Non-Fpo])
0012fa58 4fe1f4a4 0af47060 00000000 00000000 d3d9!CRMHeap::update+0xc3 (FPO: [Non-Fpo])
0012fa74 4fe59dff 0af47060 00173020 001d1be0 d3d9!CResourceManager::TimeStamp+0x34 (FPO: [Non-Fpo])
0012fae8 4fe76d94 00009f8a 00173020 00173024 d3d9!CD3DBase::UpdateTextures+0x14f (FPO: [Non-Fpo])
0012fb10 4fe58910 00173020 00000004 00009f8a d3d9!CD3DDDIDX8_DrawIndexedPrimitive+0x24 (FPO: [Non-Fpo])
0012fb58 0057a80f 00173020 00000004 00009f8a d3d9!CD3DBase:rawIndexedPrimitive+0xe0 (FPO: [Non-Fpo])
0012fb8c 00423165 00000001 00009f8a 00000001 WoW+0x17a80f
start end module name
00330000 00339000 normaliz normaliz.dll Thu Jun 29 11:05:42 2006 (44A3EC46)
00340000 003a9000 DivxDecoder DivxDecoder.dll Tue Feb 10 21:25:04 2004 (40299280)
00400000 00ceb000 WoW WoW.exe Tue May 15 21:06:53 2007 (464A592D)
01b20000 01b43000 nvappfilter nvappfilter.dll Thu Mar 30 18:58:32 2006 (442C6298)
03000000 03170000 nview nview.dll Thu Nov 16 01:37:50 2006 (455C073E)
03230000 03237000 LgWndHk LgWndHk.dll Thu Dec 18 18:24:22 2003 (3FE23726)
03290000 03296000 CTAGENT CTAGENT.DLL Fri Aug 11 02:56:02 2006 (44DC2A02)
0a400000 0a407000 LgKbdhk LgKbdhk.dll Thu Dec 18 18:24:24 2003 (3FE23728)
0a970000 0a97b000 LGMSGHK LGMSGHK.DLL Thu Dec 18 18:24:20 2003 (3FE23724)
0ffd0000 0fff8000 rsaenh rsaenh.dll Tue Jul 06 22:17:12 2004 (40EB5D28)
10000000 10090000 fmod fmod.dll Tue Dec 27 23:44:30 2005 (43B2182E)
19d50000 19d58000 powrprof powrprof.dll Wed Aug 04 03:56:53 2004 (411096C5)
20000000 202c5000 xpsp2res xpsp2res.dll Wed Aug 04 03:56:41 2004 (411096B9)
3b490000 3b5a8000 dbghelp dbghelp.dll Tue Jun 21 22:52:04 2005 (42B8D254)
42990000 429d5000 iertutil iertutil.dll Wed Mar 07 12:45:20 2007 (45EEFA30)
42c10000 42cdf000 wininet wininet.dll Wed Mar 07 12:45:18 2007 (45EEFA2E)
42cf0000 42e14000 urlmon urlmon.dll Wed Mar 07 12:45:17 2007 (45EEFA2D)
4fdd0000 4ff76000 d3d9 d3d9.dll Wed Aug 04 03:56:03 2004 (41109693)
5ad70000 5ada8000 uxtheme uxtheme.dll Wed Aug 04 03:56:43 2004 (411096BB)
5b860000 5b8b4000 netapi32 netapi32.dll Thu Aug 17 08:28:27 2006 (44E460EB)
5d090000 5d12a000 comctl32_5d090000 comctl32.dll Fri Aug 25 11:45:58 2006 (44EF1B36)
5ed00000 5edcc000 opengl32 opengl32.dll Wed Aug 04 03:57:44 2004 (411096F8)
662b0000 66308000 hnetcfg hnetcfg.dll Wed Aug 04 03:56:16 2004 (411096A0)
68b20000 68b40000 glu32 glu32.dll Wed Aug 04 03:56:07 2004 (41109697)
6d990000 6d996000 d3d8thk d3d8thk.dll Wed Aug 04 03:56:02 2004 (41109692)
71a50000 71a8f000 mswsock mswsock.dll Wed Aug 04 03:59:20 2004 (41109758)
71a90000 71a98000 wshtcpip wshtcpip.dll Wed Aug 04 03:57:49 2004 (411096FD)
71aa0000 71aa8000 ws2help ws2help.dll Wed Aug 04 03:57:39 2004 (411096F3)
71ab0000 71ac7000 ws2_32 ws2_32.dll Wed Aug 04 03:57:38 2004 (411096F2)
71ad0000 71ad9000 wsock32 wsock32.dll Wed Aug 04 03:57:51 2004 (411096FF)
71bf0000 71c03000 samlib samlib.dll Wed Aug 04 03:56:29 2004 (411096AD)
722b0000 722b5000 sensapi sensapi.dll Wed Aug 04 03:56:28 2004 (411096AC)
72d10000 72d18000 msacm32_72d10000 msacm32.drv Sat Aug 18 01:33:30 2001 (3B7DFE2A)
72d20000 72d29000 wdmaud wdmaud.drv Wed Aug 04 03:56:54 2004 (411096C6)
73760000 737a9000 ddraw ddraw.dll Wed Aug 04 03:56:16 2004 (411096A0)
73bc0000 73bc6000 dciman32 dciman32.dll Wed Aug 04 03:56:15 2004 (4110969F)
73ee0000 73ee4000 ksuser ksuser.dll Wed Aug 04 03:56:29 2004 (411096AD)
73f10000 73f6c000 dsound dsound.dll Wed Aug 04 03:57:08 2004 (411096D4)
74720000 7476b000 MSCTF MSCTF.dll Wed Aug 04 03:57:30 2004 (411096EA)
74810000 7497c000 quartz quartz.dll Mon Aug 29 23:54:26 2005 (4313D872)
755c0000 755ee000 MSCTFIME MSCTFIME.IME Wed Aug 04 03:57:31 2004 (411096EB)
75e90000 75f40000 sxs sxs.dll Thu Oct 19 09:56:28 2006 (4537840C)
76080000 760e5000 msvcp60 msvcp60.dll Wed Aug 04 03:59:13 2004 (41109751)
76390000 763ad000 imm32 imm32.dll Wed Aug 04 03:56:30 2004 (411096AE)
769c0000 76a73000 userenv userenv.dll Wed Aug 04 03:56:41 2004 (411096B9)
76b20000 76b31000 atl atl.dll Wed Aug 04 03:56:55 2004 (411096C7)
76b40000 76b6d000 winmm winmm.dll Wed Aug 04 03:57:10 2004 (411096D6)
76bf0000 76bfb000 psapi psapi.dll Wed Aug 04 03:56:58 2004 (411096CA)
76c30000 76c5e000 wintrust wintrust.dll Wed Aug 04 03:56:41 2004 (411096B9)
76c90000 76cb8000 imagehlp imagehlp.dll Wed Aug 04 03:56:25 2004 (411096A9)
76d40000 76d58000 mprapi mprapi.dll Wed Aug 04 03:56:47 2004 (411096BF)
76d60000 76d79000 iphlpapi iphlpapi.dll Fri May 19 08:59:41 2006 (446DC13D)
76e10000 76e35000 adsldpc adsldpc.dll Wed Aug 04 03:56:13 2004 (4110969D)
76e80000 76e8e000 rtutils rtutils.dll Wed Aug 04 03:56:36 2004 (411096B4)
76e90000 76ea2000 rasman rasman.dll Wed Aug 04 03:56:29 2004 (411096AD)
76eb0000 76edf000 tapi32 tapi32.dll Wed Aug 04 03:56:38 2004 (411096B6)
76ee0000 76f1c000 rasapi32 rasapi32.dll Wed Aug 04 03:56:25 2004 (411096A9)
76f20000 76f47000 dnsapi dnsapi.dll Mon Jun 26 13:37:10 2006 (44A01B46)
76f60000 76f8c000 wldap32 wldap32.dll Wed Aug 04 03:56:43 2004 (411096BB)
76fb0000 76fb8000 winrnr winrnr.dll Wed Aug 04 03:56:35 2004 (411096B3)
76fc0000 76fc6000 rasadhlp rasadhlp.dll Mon Jun 26 13:37:10 2006 (44A01B46)
76fd0000 7704f000 clbcatq clbcatq.dll Tue Jul 26 00:39:44 2005 (42E5BE90)
77050000 77115000 comres comres.dll Wed Aug 04 03:56:36 2004 (411096B4)
77120000 771ac000 oleaut32 oleaut32.dll Wed Aug 04 03:57:39 2004 (411096F3)
773d0000 774d3000 comctl32 comctl32.dll Fri Aug 25 11:45:55 2006 (44EF1B33)
774e0000 7761d000 ole32 ole32.dll Tue Jul 26 00:39:47 2005 (42E5BE93)
77690000 776b1000 ntmarta ntmarta.dll Wed Aug 04 03:57:02 2004 (411096CE)
77920000 77a13000 setupapi setupapi.dll Wed Aug 04 03:56:32 2004 (411096B0)
77a80000 77b14000 crypt32 crypt32.dll Wed Aug 04 03:56:01 2004 (41109691)
77b20000 77b32000 msasn1 msasn1.dll Wed Aug 04 03:57:23 2004 (411096E3)
77b40000 77b62000 apphelp apphelp.dll Wed Aug 04 03:56:36 2004 (411096B4)
77bd0000 77bd7000 midimap midimap.dll Wed Aug 04 03:56:25 2004 (411096A9)
77be0000 77bf5000 msacm32 msacm32.dll Wed Aug 04 03:57:03 2004 (411096CF)
77c00000 77c08000 version version.dll Wed Aug 04 03:56:39 2004 (411096B7)
77c10000 77c68000 msvcrt msvcrt.dll Wed Aug 04 03:59:14 2004 (41109752)
77c70000 77c93000 msv1_0 msv1_0.dll Wed Aug 04 03:59:11 2004 (4110974F)
77cc0000 77cf2000 activeds activeds.dll Wed Aug 04 03:56:03 2004 (41109693)
77dd0000 77e6b000 advapi32 advapi32.dll Wed Aug 04 03:56:23 2004 (411096A7)
77e70000 77f01000 rpcrt4 rpcrt4.dll Wed Aug 04 03:56:30 2004 (411096AE)
77f10000 77f57000 gdi32 gdi32.dll Thu Mar 08 10:36:28 2007 (45F02D7C)
77f60000 77fd6000 shlwapi shlwapi.dll Mon Oct 23 11:34:21 2006 (453CE0FD)
77fe0000 77ff1000 secur32 secur32.dll Wed Aug 04 03:56:49 2004 (411096C1)
7c800000 7c8f4000 kernel32 kernel32.dll Wed Jul 05 06:55:00 2006 (44AB9A84)
7c900000 7c9b0000 ntdll ntdll.dll Wed Aug 04 03:56:36 2004 (411096B4)
7c9c0000 7d1d5000 shell32 shell32.dll Tue Dec 19 16:52:11 2006 (45885F0B)
7e410000 7e4a0000 user32 user32.dll Thu Mar 08 10:36:28 2007 (45F02D7C)
Closing open log file c:\debuglog.txt

 

i am not able to find the blue screen dumps. also when i go to change the dumps to complete memory dump it asks me " If the page file on volume C: has an initial size less than 2046 megabytes, the system may not be able to create a debugging information file if a STOP error occurs. Continue anyway? "

Where do i check to see if i meet this requirement?

Ok i have located the minidump folder. Would you like me to use the debug wiz to post all of them? There are 22 of them lol.

OK system specs here we go.

EVGA 768-P2-N831-AR GeForce 8800GTX 768MB 384-bit GDDR3 PCI Express x16 HDCP Video Card

AMD Athlon 64 FX-62 Windsor 2.8GHz 2 x 1MB L2 Cache Socket AM2 Dual Core Processor

ASUS CROSSHAIR Socket AM2 NVIDIA nForce 590 SLI MCP ATX AMD Motherboard

COOLMAX CUG-700B ATX 12V( V.2.2) 700W Power Supply 115/230 V

CORSAIR Dominator 2GB (2 x 1GB) 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400) Dual Channel Kit Desktop Memory

Western Digital Raptor WD740ADFD 74GB 10,000 RPM 16MB Cache Serial ATA150 Hard Drive

2 Plextor PX-716A IDE DVD/CD Player/Burner

Audigy 2 ZS Platinum Pro

Epson Stylus Photo RX620

 

Hope no one minds my 2 cents!

First we want to use the below 2 programs to end all extraneous bacground processes. This will give us a better chance to not get a BSOD

Download and install
EndItAll http://www.compu-docs.com/Downloads/enditall.exe

Run Enditall click enditall bottom left corner
close enditall

Download and install KillProcess 241
http://orangelampsoftware.com/products.shtml

Then on the download page is a "Download Kill lists" select the ones that says "Clean Windows XP" and Clean Windows 2000 and download 1 at a time.

You may have to rt click this and do Save As.
When you have these and have installed KillProcess move these files to inside the KillProcess folder. Which should be C:\Program Files\Killprocess.

Instructions for use.
Run KillProcess then click File-Load Kill List, browse to the KillProcess folder and choose "Clean XP.lst ".

Then back to File, then Execute Kill list.

Answer yes to all.

Then again click File-Load Kill List, browse to the KillProcess folder and choose "Clean Windows 2000.lst ".

Then back to File, then Execute Kill list.

Answer yes to all.

Exit Kill process

Now we will deep clean the system

Download and run
ATF-Cleaner
http://www.atribune.org/content/view/25/2/
when run check select all run twice or more until nothing else found

Download install and run
DCleaner http://www.majorgeeks.com/DCleaner_d4790.html
Check all boxes delete all found, this will get what ATF-Cleaner misses

then

CCleaner
get the slim version
http://www.ccleaner.com/download/builds.aspx
Click bottom right Run Cleaner twice then in left panel click "Issues" then below "Scan for issues" run twice or until no more found

Download and install but do not run
EasyCleaner http://personal.inet.fi/business/ton...s/EClea2_0.exe

Drag mouse and hilight the next line including the quote at the beginning.
Once highlighted rt click and chose copy

"C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe" -delreg -delunn -ccache -chistory -ccookies -cmru -exit

then

Start-Run
type
CMD
hit enter or click ok
in the command window that opens

rt click an chose paste
hit enter


Download install and run
http://www.xblock.com/download/xclean_micro.exe
Delete all it finds and report back if it found Malware
It will offer to reboot after it finds most items, do not reboot untill it finishes.

Then reboot

D/L Directx 90c and reinstall
http://www.microsoft.com/downloads/...20-BFBB-4799-9908-D418CDEAC197&displaylang=en

Post another HiJackThis log

Now retest for problem.

Bob

 

Almost forgot!

Please don't reformat or reinstall untill you run it by us. There are other options.

Reinstalling wwindows is not much untill you add email, Data, updates and all the programs you have installed to date. It then can easily become a 10 or 12 hour intensive job.

Bob

 

Misticl,

No need for a full dump. Post a few of the dumps that concur with the date and time of the Bad Pool errors, if you can. Also post one for any new BSODs you get starting now, along with the stop error message. Did you uninstall Network Monitor? All drivers up-to-date? What USB devices are attached?

Bob,

While I certainly don't mind you adding your 2 cents, I do feel it's a bit premature to throw an arsenal of tasks at this machine. I'd prefer to take it one step at a time, finish the tasks already given, and see if there's any change first, then do additional tasks, again one at a time, to see if we can pinpoint the problem. However, it's not my machine and Misticl is free to proceed at whatever pace he/she wishes.

 

ok this happened like 5 mins ago.

here is what i was doing.

playing WoW. Full screen of course. I had ie open then started another tab to look something up and as soon as i closed that tab and alt tabed back into the game bam there it was another driver BSOD.

Ok here is what i think you are looking for i will pull the minidump cause thats all i can find

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini052407-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Thu May 24 20:20:01.968 2007 (GMT-4)
System Uptime: 0 days 11:40:24.922
Loading Kernel Symbols
...............................................................................................................................
Loading User Symbols
Loading unloaded module list
............................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {2bf6f890, 2, 0, ab9e0547}

Probably caused by : tcpip.sys ( tcpip!TCBTimeout+14b )

Followup: MachineOwner
---------

0: kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 2bf6f890, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: ab9e0547, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 2bf6f890

CURRENT_IRQL: 2

FAULTING_IP:
tcpip!TCBTimeout+14b
ab9e0547 8b3dc0f5a1ab mov edi,dword ptr [tcpip!NumTcbTablePartitions (aba1f5c0)]

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from ab9e03ec to ab9e0547

STACK_TEXT:
805502d0 ab9e03ec aba28ae0 00000000 805503fc tcpip!TCBTimeout+0x14b
805502e0 805016f7 aba28af0 aba28ae0 6f99e04c tcpip!TCBTimeoutdpc+0xf
805503fc 80501813 8055b0a0 ffdff9c0 ffdff000 nt!KiTimerListExpire+0x14b
80550428 805450bf 8055b4a0 00000000 00290a3a nt!KiTimerExpiration+0xb1
80550440 8055ae40 ffdffc50 00000000 8055ae40 nt!KiRetireDpcList+0x61
80550450 80544fa4 00000000 0000000e 00000000 nt!KiIdleThread0
80550454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28


STACK_COMMAND: kb

FOLLOWUP_IP:
tcpip!TCBTimeout+14b
ab9e0547 8b3dc0f5a1ab mov edi,dword ptr [tcpip!NumTcbTablePartitions (aba1f5c0)]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: tcpip!TCBTimeout+14b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME: tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 444775d3

FAILURE_BUCKET_ID: 0xD1_tcpip!TCBTimeout+14b

BUCKET_ID: 0xD1_tcpip!TCBTimeout+14b

Followup: MachineOwner
---------

eax=8052b68c ebx=00000001 ecx=ffffff8b edx=aba1fbc0 esi=d8ce54e4 edi=00000061
eip=ab9e0547 esp=80550264 ebp=805502d0 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
tcpip!TCBTimeout+0x14b:
ab9e0547 8b3dc0f5a1ab mov edi,dword ptr [tcpip!NumTcbTablePartitions (aba1f5c0)] ds:0023:aba1f5c0=00000004
ChildEBP RetAddr Args to Child
805502d0 ab9e03ec aba28ae0 00000000 805503fc tcpip!TCBTimeout+0x14b (FPO: [Non-Fpo])
805502e0 805016f7 aba28af0 aba28ae0 6f99e04c tcpip!TCBTimeoutdpc+0xf (FPO: [Non-Fpo])
805503fc 80501813 8055b0a0 ffdff9c0 ffdff000 nt!KiTimerListExpire+0x14b (FPO: [Non-Fpo])
80550428 805450bf 8055b4a0 00000000 00290a3a nt!KiTimerExpiration+0xb1 (FPO: [Non-Fpo])
80550440 8055ae40 ffdffc50 00000000 8055ae40 nt!KiRetireDpcList+0x61 (FPO: [0,1,0])
80550450 80544fa4 00000000 0000000e 00000000 nt!KiIdleThread0
80550454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28 (FPO: [0,0,0])
start end module name
804d7000 806e2000 nt ntkrpamp.exe Wed Feb 28 03:38:53 2007 (45E53F9D)
806e2000 80702d00 hal halmacpi.dll Wed Aug 04 01:59:09 2004 (41107B2D)
9247a000 924a4180 kmixer kmixer.sys Wed Jun 14 04:47:45 2006 (448FCD31)
a5531000 a5549980 dump_nvata dump_nvata.sys Mon Apr 24 20:52:25 2006 (444D72C9)
a63c1000 a6401280 HTTP HTTP.sys Thu Mar 16 20:33:09 2006 (441A03C5)
a656a000 a65bb480 srv srv.sys Mon Aug 14 06:34:39 2006 (44E051BF)
a6634000 a6660400 mrxdav mrxdav.sys Wed Aug 04 02:00:49 2004 (41107B91)
a67f7000 a680b400 wdmaud wdmaud.sys Wed Jun 14 05:00:44 2006 (448FD03C)
a7307000 a7307d00 dxgthk dxgthk.sys Fri Aug 17 16:53:12 2001 (3B7D8438)
a7d40000 a7d4f900 Cdfs Cdfs.SYS Wed Aug 04 02:14:09 2004 (41107EB1)
a7f3a000 a7f3e500 watchdog watchdog.sys Wed Aug 04 02:07:32 2004 (41107D24)
ab81d000 ab8daf00 avg7core avg7core.sys Mon Apr 23 11:31:26 2007 (462CD14E)
ab8db000 ab949a00 mrxsmb mrxsmb.sys Fri May 05 05:41:42 2006 (445B1DD6)
ab94a000 ab974a00 rdbss rdbss.sys Fri May 05 05:47:55 2006 (445B1F4B)
ab975000 ab996d00 afd afd.sys Wed Aug 04 02:14:13 2004 (41107EB5)
ab997000 ab9b7f00 ipnat ipnat.sys Wed Sep 29 18:28:36 2004 (415B3714)
ab9b8000 ab9dfc00 netbt netbt.sys Wed Aug 04 02:14:36 2004 (41107ECC)
ab9e0000 aba37d80 tcpip tcpip.sys Thu Apr 20 07:51:47 2006 (444775D3)
aba38000 aba4a400 ipsec ipsec.sys Wed Aug 04 02:14:27 2004 (41107EC3)
ac621000 ac621f80 avgclean avgclean.sys Mon Aug 21 18:55:15 2006 (44EA39D3)
ac622000 ac622f80 AvgAsCln AvgAsCln.sys Tue Sep 05 12:03:16 2006 (44FD9FC4)
ac623000 ac623b80 Null Null.SYS Fri Aug 17 16:47:39 2001 (3B7D82EB)
ac873000 ac879c80 avg7rsxp avg7rsxp.sys Tue Jan 30 10:08:42 2007 (45BF5F7A)
ac87b000 ac882880 Npfs Npfs.SYS Wed Aug 04 02:00:38 2004 (41107B86)
ac883000 ac887a80 Msfs Msfs.SYS Wed Aug 04 02:00:37 2004 (41107B85)
ac88b000 ac890200 vga vga.sys Wed Aug 04 02:07:06 2004 (41107D0A)
aceab000 aceb3880 Fips Fips.SYS Fri Aug 17 21:31:49 2001 (3B7DC585)
acebb000 acec9d80 arp1394 arp1394.sys Wed Aug 04 01:58:28 2004 (41107B04)
acedb000 acee3700 netbios netbios.sys Wed Aug 04 02:03:19 2004 (41107C27)
ad57e000 ad586700 wanarp wanarp.sys Wed Aug 04 02:04:57 2004 (41107C89)
ad58e000 ad59ae00 NVENETFD NVENETFD.sys Wed Mar 22 17:23:58 2006 (4421C06E)
adbd4000 adbd6280 rasacd rasacd.sys Fri Aug 17 16:55:39 2001 (3B7D84CB)
adbd8000 adbda900 Dxapi Dxapi.sys Fri Aug 17 16:53:19 2001 (3B7D843F)
adc20000 adc21900 splitter splitter.sys Wed Jun 14 04:47:46 2006 (448FCD32)
af073000 af074080 RDPCDD RDPCDD.sys Fri Aug 17 16:46:56 2001 (3B7D82C0)
af115000 af116080 mnmdd mnmdd.SYS Fri Aug 17 16:57:28 2001 (3B7D8538)
af117000 af118080 Beep Beep.SYS Fri Aug 17 16:47:33 2001 (3B7D82E5)
af119000 af11af00 Fs_Rec Fs_Rec.SYS Fri Aug 17 16:49:37 2001 (3B7D8361)
af161000 af162b00 nvoclock nvoclock.sys Wed Apr 04 17:20:58 2007 (461416BA)
af369000 af36a360 avgtdi avgtdi.sys Thu Aug 25 05:59:58 2005 (430D969E)
af7d3000 af86f000 ctac32k ctac32k.sys Fri Aug 11 02:45:14 2006 (44DC277A)
af86f000 af896000 ctsfm2k ctsfm2k.sys Fri Aug 11 02:45:18 2006 (44DC277E)
af896000 af8c3000 emupia2k emupia2k.sys Fri Aug 11 02:45:17 2006 (44DC277D)
af8c3000 af9c7000 ha10kx2k ha10kx2k.sys Fri Aug 11 02:45:24 2006 (44DC2784)
af9c7000 af9f1000 hap16v2k hap16v2k.sys Fri Aug 11 02:45:26 2006 (44DC2786)
b0c67000 b0c75100 usbhub usbhub.sys Wed Aug 04 02:08:40 2004 (41107D68)
b3a41000 b3a44280 ndisuio ndisuio.sys Wed Aug 04 02:03:10 2004 (41107C1E)
b3b3f000 b3b4dd80 sysaudio sysaudio.sys Wed Aug 04 02:15:54 2004 (41107F1A)
b7b01000 b7b34200 update update.sys Wed Aug 04 01:58:32 2004 (41107B08)
b7b35000 b7b65100 rdpdr rdpdr.sys Wed Aug 04 02:01:10 2004 (41107BA6)
b7b66000 b7b76e00 psched psched.sys Wed Aug 04 02:04:16 2004 (41107C60)
b7b77000 b7b8d680 ndiswan ndiswan.sys Wed Aug 04 02:14:30 2004 (41107EC6)
b7b8e000 b7be1000 NVSNPU NVSNPU.SYS Wed Mar 22 17:23:16 2006 (4421C044)
b7be1000 b7ce5f00 NVNRM NVNRM.SYS Wed Mar 22 17:23:39 2006 (4421C05B)
b7f08000 b7f3b000 ctoss2k ctoss2k.sys Fri Aug 11 02:45:23 2006 (44DC2783)
b7f3b000 b7f5e980 portcls portcls.sys Wed Aug 04 02:15:47 2004 (41107F13)
b7f5f000 b7fd8f80 ctaud2k ctaud2k.sys Fri Aug 11 02:45:37 2006 (44DC2791)
b7fd9000 b7ffb680 ks ks.sys Wed Aug 04 02:15:20 2004 (41107EF8)
b918c000 b9195480 NDProxy NDProxy.SYS Fri Aug 17 16:55:30 2001 (3B7D84C2)
b9604000 b960df00 termdd termdd.sys Wed Aug 04 01:58:52 2004 (41107B1C)
b9614000 b961c900 msgpc msgpc.sys Wed Aug 04 02:04:11 2004 (41107C5B)
b9624000 b962fd00 raspptp raspptp.sys Wed Aug 04 02:14:26 2004 (41107EC2)
b9634000 b963e200 raspppoe raspppoe.sys Wed Aug 04 02:05:06 2004 (41107C92)
b9644000 b9650880 rasl2tp rasl2tp.sys Wed Aug 04 02:14:21 2004 (41107EBD)
b9654000 b96637c0 LMouFlt2 LMouFlt2.Sys Thu Dec 11 19:25:14 2003 (3FD90AEA)
b9664000 b966f7e0 L8042pr2 L8042pr2.Sys Thu Dec 11 19:24:57 2003 (3FD90AD9)
b9674000 b9680e00 i8042prt i8042prt.sys Wed Aug 04 02:14:36 2004 (41107ECC)
b9684000 b968d000 nvnetbus nvnetbus.sys Wed Mar 22 17:24:01 2006 (4421C071)
b9e6c000 b9e8ee80 USBPORT USBPORT.SYS Wed Aug 04 02:08:34 2004 (41107D62)
b9e8f000 b9ea2780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 02:07:04 2004 (41107D08)
b9ea3000 ba420800 nv4_mini nv4_mini.sys Fri Nov 17 03:17:02 2006 (455D6FFE)
ba425000 ba427980 gameenum gameenum.sys Wed Aug 04 02:08:20 2004 (41107D54)
ba5ab000 ba5c5580 Mup Mup.sys Wed Aug 04 02:15:20 2004 (41107EF8)
ba5c6000 ba5f2a80 NDIS NDIS.sys Wed Aug 04 02:14:27 2004 (41107EC3)
ba5f3000 ba67f400 Ntfs Ntfs.sys Fri Feb 09 06:10:31 2007 (45CC56A7)
ba680000 ba696780 KSecDD KSecDD.sys Wed Aug 04 01:59:45 2004 (41107B51)
ba697000 ba6a8f00 sr sr.sys Wed Aug 04 02:06:22 2004 (41107CDE)
ba6a9000 ba6c8780 fltMgr fltMgr.sys Mon Aug 21 05:14:57 2006 (44E97991)
ba6c9000 ba6e0800 SCSIPORT SCSIPORT.SYS Wed Aug 04 01:59:39 2004 (41107B4B)
ba6e1000 ba6f1680 SI3132 SI3132.sys Wed Jan 19 17:30:51 2005 (41EEDF9B)
ba6f2000 ba70a980 nvata nvata.sys Mon Apr 24 20:52:25 2006 (444D72C9)
ba70b000 ba722480 atapi atapi.sys Wed Aug 04 01:59:41 2004 (41107B4D)
ba723000 ba748700 dmio dmio.sys Wed Aug 04 02:07:13 2004 (41107D11)
ba749000 ba767880 ftdisk ftdisk.sys Fri Aug 17 16:52:41 2001 (3B7D8419)
ba768000 ba778a80 pci pci.sys Wed Aug 04 02:07:45 2004 (41107D31)
ba779000 ba7a6d80 ACPI ACPI.sys Wed Aug 04 02:07:35 2004 (41107D27)
ba8a8000 ba8b0c00 isapnp isapnp.sys Fri Aug 17 16:58:01 2001 (3B7D8559)
ba8b8000 ba8c6e80 ohci1394 ohci1394.sys Wed Aug 04 02:10:05 2004 (41107DBD)
ba8c8000 ba8d5000 1394BUS 1394BUS.SYS Wed Aug 04 02:10:03 2004 (41107DBB)
ba8d8000 ba8e2500 MountMgr MountMgr.sys Wed Aug 04 01:58:29 2004 (41107B05)
ba8e8000 ba8f4c80 VolSnap VolSnap.sys Wed Aug 04 02:00:14 2004 (41107B6E)
ba8f8000 ba900e00 disk disk.sys Wed Aug 04 01:59:53 2004 (41107B59)
ba908000 ba914200 CLASSPNP CLASSPNP.SYS Wed Aug 04 02:14:26 2004 (41107EC2)
ba968000 ba977180 nic1394 nic1394.sys Wed Aug 04 01:58:28 2004 (41107B04)
ba978000 ba986b80 drmk drmk.sys Wed Aug 04 02:07:54 2004 (41107D3A)
ba9a8000 ba9b6000 AmdK8 AmdK8.sys Wed May 10 14:26:59 2006 (44623073)
ba9b8000 ba9c2380 imapi imapi.sys Wed Aug 04 02:00:12 2004 (41107B6C)
ba9c8000 ba9d4180 cdrom cdrom.sys Wed Aug 04 01:59:52 2004 (41107B58)
ba9d8000 ba9e6080 redbook redbook.sys Wed Aug 04 01:59:34 2004 (41107B46)
bab28000 bab2e200 PCIIDEX PCIIDEX.SYS Wed Aug 04 01:59:40 2004 (41107B4C)
bab30000 bab34900 PartMgr PartMgr.sys Fri Aug 17 21:32:23 2001 (3B7DC5A7)
bab78000 bab7e800 usbehci usbehci.sys Wed Aug 04 02:08:34 2004 (41107D62)
bac70000 bac78000 ctprxy2k ctprxy2k.sys Fri Aug 11 02:45:39 2006 (44DC2793)
bac78000 bac7da00 mouclass mouclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
bac80000 bac86000 kbdclass kbdclass.sys Wed Aug 04 01:58:32 2004 (41107B08)
bac88000 bac8c880 TDI TDI.SYS Wed Aug 04 02:07:47 2004 (41107D33)
bac90000 bac94580 ptilink ptilink.sys Fri Aug 17 16:49:53 2001 (3B7D8371)
bac98000 bac9c080 raspti raspti.sys Fri Aug 17 16:55:32 2001 (3B7D84C4)
baca8000 bacac280 usbohci usbohci.sys Wed Aug 04 02:08:34 2004 (41107D62)
bacb8000 bacbb000 BOOTVID BOOTVID.dll Fri Aug 17 16:49:09 2001 (3B7D8345)
bacbc000 bacbe880 SiWinAcc SiWinAcc.sys Mon Nov 01 15:21:31 2004 (41868CBB)
bad50000 bad52580 ndistapi ndistapi.sys Fri Aug 17 16:55:29 2001 (3B7D84C1)
bad68000 bad6bc80 mssmbios mssmbios.sys Wed Aug 04 02:07:47 2004 (41107D33)
bada8000 bada9b80 kdcom kdcom.dll Fri Aug 17 16:49:10 2001 (3B7D8346)
badaa000 badab100 WMILIB WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
badac000 badad700 dmload dmload.sys Fri Aug 17 16:58:15 2001 (3B7D8567)
badb4000 badb5280 USBD USBD.SYS Fri Aug 17 17:02:58 2001 (3B7D8682)
badf4000 badf5420 ASACPI ASACPI.sys Thu Aug 12 22:52:52 2004 (411C2D04)
badf6000 badf7100 swenum swenum.sys Wed Aug 04 01:58:41 2004 (41107B11)
bae4a000 bae4b080 avg7rsw avg7rsw.sys Tue Jul 26 08:10:51 2005 (42E6284B)
bae4c000 bae4d440 AsIO AsIO.sys Wed Dec 21 03:55:21 2005 (43A91879)
bae52000 bae53100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 17:07:23 2001 (3B7D878B)
bae70000 bae70d00 pciide pciide.sys Fri Aug 17 16:51:49 2001 (3B7D83E5)
baf4d000 baf4dc00 audstub audstub.sys Fri Aug 17 16:59:40 2001 (3B7D85BC)
bf800000 bf9c2180 win32k win32k.sys Thu Mar 08 08:47:34 2007 (45F013F6)
bf9c3000 bf9d4580 dxg dxg.sys Wed Aug 04 02:00:51 2004 (41107B93)
bf9d5000 bff4d900 nv4_disp nv4_disp.dll Fri Nov 17 03:10:02 2006 (455D6E5A)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Wed Aug 04 03:56:56 2004 (411096C8)

Unloaded modules:
9247a000 924a5000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b1309000 b130b000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a44ad000 a44d8000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
adc14000 adc16000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a5418000 a5443000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a5506000 a5531000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a54e3000 a5506000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a6199000 a61a6000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a5506000 a5531000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a554a000 a5575000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a5531000 a554a000 dump_nvata.s
Timestamp: unavailable (00000000)
Checksum: 00000000
a6a0c000 a6a25000 dump_nvata.s
Timestamp: unavailable (00000000)
Checksum: 00000000
a554a000 a5575000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a554a000 a5575000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a554a000 a5575000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a67a9000 a67d4000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
bafc8000 bafc9000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a67d4000 a67f7000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b3b0f000 b3b1c000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
b3b1f000 b3b2d000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
badba000 badbc000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
baaa8000 baab8000 Serial.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
a65f8000 a660c000 Parport.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
acecb000 aced4000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ac893000 ac898000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
adbd8000 adbdb000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
adc87000 adc8c000 Flpydisk.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
adc8f000 adc96000 Fdc.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

Also to reply to your 2 questions and a statement of my own

1 I did uninstall the network monitor

2 2 usb devices are 1 the printer which i power down when not in use like now, 2 my mouse but i have that plugged into a converter so i goes into the mouse port.

my statement. I have as of yesturday cleaned all fans and took the cover off the Gfx card and cleaned that out though there wasnt much there i have been alt tabbing out of WoW to watch the temp of the card and it is at a stable 80c

i will try to find the other bsod that happened after going into safe mode and running the AVG scans

Also i have not updated my video driver as i was on nvidia's site with intentions on doing so but after reading some of the open issues still i didnt think that would help this situation i kinda wanted to get thru this without changing things unless discussed with you. Here is a link to the PDF for the new driver updates for my card. http://us.download.nvidia.com/Windows/158.22/158.22_ForceWare_Release_Notes.pdf Please refer to pages 7-10 for my card. not sure of the stability of this yet.


Also looking back at the mini logs it seem that there arent log for those 3 crashes. Let me know i could post the 5 logs prior to the post i made about the pool problems

Also seeing as the only time i have these problems is when i am running IE and alt tabbing out of wow or running 2 at the same time in windowed mode. I went to thier website to see what they had to say and there is a post about the IRQL and thier response is that they seem to believe it is due to out of date drivers. http://forums.worldofwarcraft.com/t...4B2171D74447A415A42CDC?topicId=10021039&sid=1 It is a little way down the lost rioght after they get thru the actual game crashes which btw i do not get.

So on that note should i proceed with updating ALL drivers

 

Post 3 dumps prior to the bad pool errors, and any since then. BTW, you can check the Advanced box on the Debugwiz and change the output log name (c:\debuglog.txt, c:\debuglog1.txt, c:\debuglog2.txt, etc), so that you can debug all dumps without overwriting any.

I still say yes, update all hardware drivers. If you do one at a time, then check for issues before moving on to another, you should be able to rollback to the previous driver if there's a problem. Using that method, you may find that only one device driver update solves your bsod problems as well.

I'm guessing that you've probably done a bit of tweaking as well, re:memory timing, cpu clocking, etc. What's your current setup?

 

At some point, I would also like you to run an extended memtest86, just to be sure we can rule out faulty RAM module(s).

 

No i havent done any modding of any kind or over clocking everything was installed "plug and play ". I spent the money on this system to run good and not have to do all that. I like things to run great as is and not live on the ragged edge, especially for the money if you overheat.

ok so just had 3 crashes in a row here so here is the senario.

logging out of wow and relogging back in on another account. while i am loading into game bam BSOD i will post that mini below.

so i hit reset button on front of case. Windows wants to know how to load. I choose start normally. Bam another BSOD no mem dump so here is that info

It is only a IRQL NOT LESS OR EQUAL

STOP 0x0000000A (0x000000E8, 0x00000002, 0x00000001, 0x806E4A16)

so i hit the reset button again after wright this info down. This stime when it asks me i choose Last known good config. Bam another BSOD.

this time it is Driver IRLQ NOT LESS OR EQUAL

STOP 0x000000D1 (0x00000000, 0x00000002, 0x00000000, 0xBA5F84f9)

ntfs.sys address BA5f84f9 base at BA5F3000, datestamp 45cc56a7

now this time i hit the main power button on the front of the case and it asked me how to start up i choose last know good config and here i am typing to you.

A question i have is that all this crashing cannot be healthy for things here like hardware. What damage is this causing?

ok now the log from the first crash. Well my bad guys i didnt wright this one down and well it didnt make a log i guess cause of the 3 after words so my bad here.

i am going to start with updating the video driver and see where we get from there

 

Recommend you also check the RAM settings in the BIOS. I've read that often times it is not automatically recognized/set properly (your particular RAM modules). DRAM timings should read 4-4-4-12 at 2.1 volts.

 

ok checked the bios on them memory and it was all set to auto. they were at 5-5-5-18-2T. Actualy you can get really crazy on memory configs in there but im not that savvy to get into all that

 

Well I'm certainly no expert in the timing settings either, but I would definitely try it at 4-4-4-12 1.95v and/or 2.1v . I've read of many others having bsods and lockups running at any other speeds.