Virus/Adware can only start in safe mode, registry errors?

I canot start windows xp normally, can only get into safe mode after a hitting esc key a few times when safe mode starts and is just full of text. I originally get some blue screen with an error about something can't see it long enough to pick anything out other than the 0x0000050 code. I have downloaded spyware doctor and it found stuff and deleted it, I downloaded spyeraser, registryBooster2 and they supposidly deleted stuff but on reboot it is the same ole story. Avast does not come up with anything. In reading some threads here I did download hijack and results are below if someone can make heads or tails out of it, note it is done from safe mode in my laptop as that is the only thing I can get into.

Logfile of HijackThis v1.99.1
Scan saved at 10:58:57 PM, on 05/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe "
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: PayPal Plug-In for Outlook Express.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PUFLITE - http://kevinshort.point2homes.biz/Office/ColpaControls/Photo/Control/PUFLITE.CAB
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.microsoft.com/controls/mcsi/mcsimenu.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LXBUCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUserv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

 

Welcome to WindowsBBS knshort

Let's start with a tool to give us a better look at things.

Note: You must be logged onto an account with administrator privileges to complete the following.

Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

It's late, so it may be tomorrow evening before I get back to you.

What exacly happens when you try to logon normally? Reboot on it's own?

 

hi, thanks for whatever you can help with.
firstly when I reboot the laptop it gives me screen to enter setup(f2) and then goes directly to option on how to start.
Normal option and last known config option gives me blue screen
a problem has been detected and shutdown done to protect damage...etc.etc..etc. cant see it long enough to read it but did manage to get "pagefault_in_nonpaged_area" and the error code at bottom 0x0000050.

If I choose safe mode or safe with networking I get a screen full of text listing various .sys files
muli(0) disk(0) Partion(2) windows\system32\drivers\ "various ".sys
this just fills the screen and I try and hit esc and other keys and then sometimes it lets me into the window screen to enter the administrator or my account.

I did receive blue screen this morning trying to reboot that said
STOP: c000021a fatal system error
the system manager initialization system procedd terminated unexpectedly with a status of 0xc000026c (0x00000000, 0x00000000).
The system has been shut down.

First time I saw that one. reboot and got into the safe mode as above by hitting alt and esc key a few times after text page loaded.

Here is the file you asked for I hope it helps...Thanks again!

Deckard's System Scanner v20070804.61
Run by Administrator on 2007-08-06 at 09:36:25
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; computer is in safe mode.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:38:22 AM, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe "
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: PayPal Plug-In for Outlook Express.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PUFLITE - http://kevinshort.point2homes.biz/Office/ColpaControls/Photo/Control/PUFLITE.CAB
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.microsoft.com/controls/mcsi/mcsimenu.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LXBUCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUserv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
S2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
S2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
S2 MBICFNCK - c:\windows\system32\mbicfnck.xor (file missing)
S2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
S2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
S2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
S3 BrScnUsb (Brother USB Still Image driver) - c:\windows\system32\drivers\brscnusb.sys <Not Verified; Brother Industries Ltd.; Brother MFC Scanner>
S3 int15.sys - c:\program files\acer\erecovery\int15.sys
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; Politecnico di Torino; NPF Driver>
S3 pcwe - f:\pcwizard\pcw86-32.sys (file missing)
S4 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsXP)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
S2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
S2 Speed Disk service - c:\program files\speed disk\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E977-E325-11CE-BFC1-08002BE10318}
Description: Intel PCIC compatible PCMCIA controller
Device ID: ROOT\PCMCIA\0000
Manufacturer: Intel
Name: Intel PCIC compatible PCMCIA controller
PNP Device ID: ROOT\PCMCIA\0000
Service: pcmcia


-- Scheduled Tasks -------------------------------------------------------------

2007-08-05 19:25:38 354 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2007-08-03 20:17:06 434 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{77AB0C9A-DBE2-472D-94AD-538F9F6E3284}.job
2007-08-03 01:49:04 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-07-06 and 2007-08-06 -----------------------------

2007-08-05 17:31:59 0 d-------- C:\Program Files\Spyware Doctor
2007-08-05 17:31:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2007-08-05 14:28:44 0 dr------- C:\Documents and Settings\Kevin Short\Favorites
2007-08-04 15:18:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\System Tweaker
2007-08-04 15:05:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-08-04 14:12:12 0 d--hs---- C:\FOUND.002


-- Find3M Report ---------------------------------------------------------------

2007-08-04 14:39:28 235 --a------ C:\WINDOWS\FlashSaver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [07/02/2005 07:36 PM]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00 AM]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 05:00 AM]
"EPM-DM "= "c:\acer\epm\epm-dm.exe" [28/03/2005 06:04 PM]
"LXBUCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [02/11/2004 03:03 PM]
"Motive SmartBridge "= "C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MotiveSB.exe" [07/03/2006 01:01 AM]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [27/07/2007 07:03 PM]
"CookiePatrol "= "c:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [10/01/2005 09:35 AM]
"ePowerManagement "= "C:\Acer\ePM\ePM.exe" [24/03/2005 09:13 AM]
"eRecoveryService "= "C:\Windows\System32\Check.exe" [23/03/2005 10:01 AM]
"LManager "= "C:\Program Files\Launch Manager\QtZgAcer.EXE" [28/03/2005 12:20 PM]
"PCMService "= "C:\Program Files\Arcade\PCMService.exe" [09/03/2005 06:59 PM]
"PestPatrol Control Center "= "c:\PROGRA~1\PESTPA~1\PPControl.exe" [15/11/2004 11:49 AM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/10/2004 11:43 PM]
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/10/2004 11:44 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [22/07/2006 11:51 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [15/12/2005 11:18 AM]
"KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []
"SDTray "= "C:\Program Files\Spyware Doctor\SDTrayApp.exe" [27/06/2007 01:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00 AM]
"Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [24/07/2007 01:57 PM]
"Uniblue SpyEraser "= "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [24/07/2007 01:21 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Net Assistant.lnk - C:\Program Files\Aliant\Net Assistant\bin\matcli.exe [07/03/2006 12:59:18 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 4:15:54 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [15/12/2005 11:40:44 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [15/12/2005 1:00:54 PM]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [09/06/2004 2:16:08 PM]
PayPal Plug-In for Outlook Express.lnk - C:\Program Files\PayPal\Payment Wizard\Outlook Express\OEHook.exe [22/04/2007 5:21:50 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "




-- Hosts -----------------------------------------------------------------------

192.168.0.150 NPIC14873


-- End of Deckard's System Scanner: finished at 2007-08-06 at 09:39:35 ---------

 

Not much going on there from what I see. Scan again with HijackThis, place a check next to the following entries, close all open programs and windows, then click Fix Checked.

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Close HijackThis.
Reboot.

Upon startup, begin tapping the F8 key. This will enable the Advanced startup menu. Select Disable Automatic Restart. The computer will continue to boot normally and should at some point Blue Screen. This time it should remain displayed, and contain information about the error. Please make note of it and post the information here. You will need to hold the power button in until the computer shuts down. You can then boot again to safe mode. It's quite normal when booting into safe mode, for it to display a list of drivers. Those are the drivers being loaded for safe mode operation. No need to push escape or anything else, just be patient. Once the last of the drivers is loaded, it will go on to the login screen.

 

Don't know if I like the not much going on as you see? I think now I would have felt better at this point if you did see something.

did the HijackThis and rebooted:

Blue Screen message is as follows:
A problem has been detected and windows has been shut down to prevent damage to your computer.
PAGE_FAULT_IN_NONPAGED_AREA
If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select advanced startup options, and then select safe mode.

Technical information:
***STOP: 0x00000050 (0xF7120000,0x00000001,0x80575E80,0x00000000)
END BLUE SCREEN

I have not installed any new software or hardware in I do not know how long, except as in original message I have downloaded the few virus programs to see what was going on since I have had this problem.

When going into safe mode....if I don't hit the esc key numerous times the computer just sits on the driver list screen....seems to freeze there, but as you said I am again patiently waiting for log in screen as I am sending this.

 

Well shucks, that's a pretty generic error message. Below are a couple of MS articles that offer possible cause and solutions. Truckload of hits on Google too.

http://support.microsoft.com/kb/329293
http://support.microsoft.com/kb/894278

What I would suggest at this point is;

1. Lets check for rootkit.
Download GMER and transfer it to the PC.

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "˜Show All’.
Click on Scan.
When the scan has completed, click Copy and Save it to notepad, then post the results (if any) into this topic.

2. Have a look at this topic about Data Dumps. The debugger needs an internet connection to properly debug the log, so it means transferring the minidump file to another computer to debug it. You can post the debugged log here.


Odd that it's hanging at the list of drivers too. Do whatever it is you've been doing to get around that and boot. BTW, you did try a Last Known Good boot? You should also try selecting Enable VGA mode.

 

All kinds of hits on google, I have tried searching for help on this stuff when finally I came across this site....Hopefully now with your help and more knowledge we can find out what is going on with this laptop, before it becomes a skipping rock in the Atlantic Ocean ! ! !

Part 1 of your instructions: (hope it helps) Part 2 not so good!

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-06 21:09:28
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[260] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 23, 92, C3, 83 ]

---- Devices - GMER 1.0.13 ----

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F87A32C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA [F7FFCE00] SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F87A32C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F87A38E6] aswTdi.SYS

Device \Device\00000076 IRP_MJ_CREATE [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_CREATE_NAMED_PIPE [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_CLOSE [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_READ [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_WRITE [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_QUERY_INFORMATION [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_SET_INFORMATION [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_QUERY_EA [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_SET_EA [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_FLUSH_BUFFERS [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_QUERY_VOLUME_INFORMATION [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_SET_VOLUME_INFORMATION [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_DIRECTORY_CONTROL [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_FILE_SYSTEM_CONTROL [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_DEVICE_CONTROL [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_INTERNAL_DEVICE_CONTROL [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_SHUTDOWN [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_LOCK_CONTROL [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_CLEANUP [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_CREATE_MAILSLOT [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_QUERY_SECURITY [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_SET_SECURITY [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_POWER [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_SYSTEM_CONTROL [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_DEVICE_CHANGE [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_QUERY_QUOTA [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_SET_QUOTA [F84FACB8] ACPI.sys
Device \Device\00000076 IRP_MJ_PNP [F84FACB8] ACPI.sys
Device \Device\00000076 FastIoDetachDevice [F84FB0D4] ACPI.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F87A32C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F87A32C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F87A38E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F87A38E6] aswTdi.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F8683BC0] ikfileflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F8683BC0] ikfileflt.sys

---- EOF - GMER 1.0.13 ----

PART 2 of your instructions:
I downloaded the debugging tool from windows, transferred it to the laptop, but it will not install...While unzipping get the message
the system administrator has set policies to prevent this installation.

BTW: Last know good config just gave me blue screen as the start windows normal.
PS: I sat on the driver screen all along while I was awaiting for your last reply.....It just gets hung up on that screen and won't pass unless I keep hitting the esc key. I waited two hours the other night when my patience finally got the better of me!
How do I enable the VGA mode? Where do I go? I need specifics my friend.

 

Enable VGA mode is another option on the Advanced Startup menu (F8).

Load the debugging tools and debudwiz on your computer, then get the minidumps from the laptop and debug them on yours.

When it hangs at the driver list, what is the last line displayed?

 

Sorry, vga mode gives me the blue screen as well.

And ignorant me.....I get the minidumps from the laptop where?

Last line of drivers
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\Mup.sys

 

Thanks.

C:\Windows\minidumps
They are named by date. Get the latest 2 or 3.

Did you try a system restore?

 

Found two minidump files here is result of
MINIDUMP File # 1

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Mini041107-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: H:\WINDOWS;H:\WINDOWS\system32;H:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.061219-0316
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Wed Apr 11 13:13:39.281 2007 (GMT-3)
System Uptime: 1 days 20:29:06.872
Loading Kernel Symbols
...................................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 0, f86c420c, 0}

Probably caused by : usbhub.sys ( usbhub!USBH_ResetDevice+c7 )

Followup: MachineOwner
---------

kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00000000, The address that the exception occurred at
Arg3: f86c420c, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx ". The memory could not be "%s ".

FAULTING_IP:
+0
00000000 ?? ???

TRAP_FRAME: f86c420c -- (.trap 0xfffffffff86c420c)
.trap 0xfffffffff86c420c
ErrCode = 00000010
eax=00000000 ebx=81edb698 ecx=81f24018 edx=e215001d esi=820e79e8 edi=00000000
eip=00000000 esp=f86c4280 ebp=00040000 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
00000000 ?? ???
.trap
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: WINLOGON.EXE

LAST_CONTROL_TRANSFER: from 00000000 to 00000000

SYMBOL_ON_RAW_STACK: 1

STACK_ADDR_RAW_STACK_SYMBOL: fffffffff86c4290

STACK_COMMAND: dds F86C4290-0x20 ; kb

STACK_TEXT:
f86c4270 00000010
f86c4274 00000000
f86c4278 00000008
f86c427c 00010246
f86c4280 00000000
f86c4284 00000000
f86c4288 f86c42b4
f86c428c f85e9013 usbhub!USBH_ResetDevice+0xc7
f86c4290 00000501
f86c4294 00000004
f86c4298 00000000
f86c429c 820e79e8
f86c42a0 00000000
f86c42a4 820e7930
f86c42a8 00000501
f86c42ac 82024284
f86c42b0 82086f68
f86c42b4 f86c42dc
f86c42b8 f85e919c usbhub!USBH_RestoreDevice+0x5a
f86c42bc 820e79f8
f86c42c0 00000004
f86c42c4 00000001
f86c42c8 00000000
f86c42cc 82024284
f86c42d0 820e79e8
f86c42d4 81edb698
f86c42d8 00000000
f86c42dc f86c4304
f86c42e0 f85f134e usbhub!USBH_SetPowerD0+0xb0
f86c42e4 820e79e8
f86c42e8 00000001
f86c42ec f8f3d008


FOLLOWUP_IP:
usbhub!USBH_ResetDevice+c7
f85e9013 8bd8 mov ebx,eax

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: usbhub

IMAGE_NAME: usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 41107d68

SYMBOL_NAME: usbhub!USBH_ResetDevice+c7

FAILURE_BUCKET_ID: 0x8E_usbhub!USBH_ResetDevice+c7

BUCKET_ID: 0x8E_usbhub!USBH_ResetDevice+c7

Followup: MachineOwner
---------

eax=00000000 ebx=81edb698 ecx=81f24018 edx=e215001d esi=820e79e8 edi=00000000
eip=00000000 esp=f86c4280 ebp=00040000 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
00000000 ?? ???
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
f86c427c 00000000 00000000 f86c42b4 f85e9013 0x0
start end module name
804d7000 806cd580 nt ntkrnlpa.exe Tue Dec 19 08:55:36 2006 (4587E148)
806ce000 806ee380 hal halaacpi.dll Wed Aug 04 02:59:05 2004 (41107B29)
a8b45000 a8b6f180 kmixer kmixer.sys Wed Jun 14 05:47:45 2006 (448FCD31)
a9c5c000 a9c9c280 HTTP HTTP.sys Thu Mar 16 21:33:09 2006 (441A03C5)
a9c9d000 a9cae000 int15 int15.sys Wed Oct 01 02:29:49 2003 (3F7A664D)
a9d62000 a9d65ae0 aswRdr aswRdr.SYS Mon Jan 15 13:26:05 2007 (45ABB92D)
aa1c6000 aa1d2480 SYMEVENT SYMEVENT.SYS Fri Jun 22 15:51:36 2001 (3B3393B8)
aa4ea000 aa4ece40 mdmxsdk mdmxsdk.sys Wed Mar 17 16:04:10 2004 (4058A12A)
aa65e000 aa6af480 srv srv.sys Mon Aug 14 07:34:39 2006 (44E051BF)
aa6b0000 aa6c3180 epm_shd epm-shd.sys Thu Mar 24 05:54:06 2005 (4242802E)
aa714000 aa729580 aswMon2 aswMon2.SYS Wed Nov 01 11:54:26 2006 (4548B522)
aa72a000 aa756400 mrxdav mrxdav.sys Wed Aug 04 03:00:49 2004 (41107B91)
aa89d000 aa8b1400 wdmaud wdmaud.sys Wed Jun 14 06:00:44 2006 (448FD03C)
aaa32000 aaa40d80 sysaudio sysaudio.sys Wed Aug 04 03:15:54 2004 (41107F1A)
aabaa000 aabbf580 irda irda.sys Wed Aug 04 03:00:50 2004 (41107B92)
aac04000 aac07280 ndisuio ndisuio.sys Wed Aug 04 03:03:10 2004 (41107C1E)
aac40000 aac428c0 s24trans s24trans.sys Fri Oct 15 15:20:02 2004 (417014D2)
aac44000 aac47be0 AegisP AegisP.sys Fri Sep 24 17:15:30 2004 (41548062)
aad50000 aad67480 dump_atapi dump_atapi.sys Wed Aug 04 02:59:41 2004 (41107B4D)
aae30000 aae50f00 ipnat ipnat.sys Wed Sep 29 19:28:36 2004 (415B3714)
aae51000 aaebfa00 mrxsmb mrxsmb.sys Fri May 05 06:41:42 2006 (445B1DD6)
aaec0000 aaeeaa00 rdbss rdbss.sys Fri May 05 06:47:55 2006 (445B1F4B)
aaeeb000 aaf0cd00 afd afd.sys Wed Aug 04 03:14:13 2004 (41107EB5)
aaf0d000 aaf34c00 netbt netbt.sys Wed Aug 04 03:14:36 2004 (41107ECC)
aaf35000 aaf8cd80 tcpip tcpip.sys Thu Apr 20 08:51:47 2006 (444775D3)
aaf8d000 aaf9f400 ipsec ipsec.sys Wed Aug 04 03:14:27 2004 (41107EC3)
bf800000 bf9c2180 win32k win32k.sys Thu Mar 08 09:47:34 2007 (45F013F6)
bf9c3000 bf9d4580 dxg dxg.sys Wed Aug 04 03:00:51 2004 (41107B93)
bf9d5000 bf9e3000 ialmrnt5 ialmrnt5.dll Tue Feb 08 14:52:30 2005 (42090A6E)
bf9e3000 bfa02000 ialmdnt5 ialmdnt5.dll Tue Feb 08 14:52:24 2005 (42090A68)
bfa02000 bfa2da20 ialmdev5 ialmdev5.DLL Tue Feb 08 14:52:14 2005 (42090A5E)
bfa2e000 bfb0b000 ialmdd5 ialmdd5.DLL Tue Feb 08 14:59:27 2005 (42090C0F)
bffa0000 bffe5c00 ATMFD ATMFD.DLL Wed Aug 04 04:56:56 2004 (411096C8)
f7685000 f76b8200 update update.sys Wed Aug 04 02:58:32 2004 (41107B08)
f76d9000 f76e1600 NPDRIVER NPDRIVER.SYS Sat Jul 28 11:58:25 2001 (3B62D311)
f7759000 f7769e00 psched psched.sys Wed Aug 04 03:04:16 2004 (41107C60)
f776a000 f7780680 ndiswan ndiswan.sys Wed Aug 04 03:14:30 2004 (41107EC6)
f7795000 f7797900 Dxapi Dxapi.sys Fri Aug 17 17:53:19 2001 (3B7D843F)
f77a9000 f77d65e0 SynTP SynTP.sys Fri Oct 08 18:33:45 2004 (416707B9)
f77d7000 f7882c80 HSF_CNXT HSF_CNXT.sys Tue Jan 25 18:26:27 2005 (41F6C793)
f7883000 f7980780 HSF_DPV HSF_DPV.sys Tue Jan 25 18:27:10 2005 (41F6C7BE)
f7981000 f79b3b00 HSFHWICH HSFHWICH.sys Tue Jan 25 18:26:34 2005 (41F6C79A)
f79b4000 f79d6680 ks ks.sys Wed Aug 04 03:15:20 2004 (41107EF8)
f79d7000 f79fa980 portcls portcls.sys Wed Aug 04 03:15:47 2004 (41107F13)
f79fb000 f7a3e800 camchal camchal.sys Fri Jun 25 19:31:05 2004 (40DCA7A9)
f7a3f000 f7a69d00 b57xp32 b57xp32.sys Wed May 21 22:47:11 2003 (3ECC2C1F)
f7a6a000 f7d7cd00 w29n51 w29n51.sys Fri Oct 29 23:48:07 2004 (418300E7)
f7d7d000 f7da3580 tifm21 tifm21.sys Fri Feb 11 02:52:35 2005 (420C5633)
f7da4000 f7dc6e80 USBPORT USBPORT.SYS Wed Aug 04 03:08:34 2004 (41107D62)
f7dc7000 f7dda780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 03:07:04 2004 (41107D08)
f7ddb000 f7e9f660 ialmnt5 ialmnt5.sys Tue Feb 08 15:00:10 2005 (42090C3A)
f7ed1000 f7ed2000 Null Null.SYS unavailable (00000000)
f7f06000 f7f06c00 audstub audstub.sys Fri Aug 17 17:59:40 2001 (3B7D85BC)
f81e9000 f81ecf60 HPZipr12 HPZipr12.sys Fri Dec 24 01:39:10 2004 (41CBAB7E)
f81ed000 f81f0b00 usbscan usbscan.sys Wed Aug 04 02:58:44 2004 (41107B14)
f823e000 f8258580 Mup Mup.sys Wed Aug 04 03:15:20 2004 (41107EF8)
f8259000 f8285a80 NDIS NDIS.sys Wed Aug 04 03:14:27 2004 (41107EC3)
f8286000 f829c780 KSecDD KSecDD.sys Wed Aug 04 02:59:45 2004 (41107B51)
f829d000 f82c0000 Fastfat Fastfat.sys Wed Aug 04 03:14:15 2004 (41107EB7)
f82c0000 f82c1000 fltMgr fltMgr.sys unavailable (00000000)
f82e0000 f82f7480 atapi atapi.sys Wed Aug 04 02:59:41 2004 (41107B4D)
f82f8000 f8316880 ftdisk ftdisk.sys Fri Aug 17 17:52:41 2001 (3B7D8419)
f8317000 f8334480 pcmcia pcmcia.sys Wed Aug 04 03:07:45 2004 (41107D31)
f8335000 f8345a80 pci pci.sys Wed Aug 04 03:07:45 2004 (41107D31)
f8346000 f8373d80 ACPI ACPI.sys Wed Aug 04 03:07:35 2004 (41107D27)
f8475000 f847dc00 isapnp isapnp.sys Fri Aug 17 17:58:01 2001 (3B7D8559)
f8485000 f8493e80 ohci1394 ohci1394.sys Wed Aug 04 03:10:05 2004 (41107DBD)
f8495000 f84a2000 1394BUS 1394BUS.SYS Wed Aug 04 03:10:03 2004 (41107DBB)
f84a5000 f84af500 MountMgr MountMgr.sys Wed Aug 04 02:58:29 2004 (41107B05)
f84b5000 f84c1c80 VolSnap VolSnap.sys Wed Aug 04 03:00:14 2004 (41107B6E)
f84c5000 f84cde00 disk disk.sys Wed Aug 04 02:59:53 2004 (41107B59)
f84d5000 f84e1200 CLASSPNP CLASSPNP.SYS Wed Aug 04 03:14:26 2004 (41107EC2)
f84f5000 f8504180 nic1394 nic1394.sys Wed Aug 04 02:58:28 2004 (41107B04)
f8505000 f850dd00 intelppm intelppm.sys Wed Aug 04 02:59:19 2004 (41107B37)
f8515000 f851d500 camcaud camcaud.sys Fri Jun 25 19:29:57 2004 (40DCA765)
f8525000 f8533b80 drmk drmk.sys Wed Aug 04 03:07:54 2004 (41107D3A)
f8535000 f8541e00 i8042prt i8042prt.sys Wed Aug 04 03:14:36 2004 (41107ECC)
f8545000 f854f380 imapi imapi.sys Wed Aug 04 03:00:12 2004 (41107B6C)
f8555000 f8561180 cdrom cdrom.sys Wed Aug 04 02:59:52 2004 (41107B58)
f8565000 f8573080 redbook redbook.sys Wed Aug 04 02:59:34 2004 (41107B46)
f8575000 f8581880 rasl2tp rasl2tp.sys Wed Aug 04 03:14:21 2004 (41107EBD)
f8585000 f858f200 raspppoe raspppoe.sys Wed Aug 04 03:05:06 2004 (41107C92)
f8595000 f85a0d00 raspptp raspptp.sys Wed Aug 04 03:14:26 2004 (41107EC2)
f85a5000 f85ad900 msgpc msgpc.sys Wed Aug 04 03:04:11 2004 (41107C5B)
f85b5000 f85bef00 termdd termdd.sys Wed Aug 04 02:58:52 2004 (41107B1C)
f85c5000 f85ce480 NDProxy NDProxy.SYS Fri Aug 17 17:55:30 2001 (3B7D84C2)
f85e5000 f85f3100 usbhub usbhub.sys Wed Aug 04 03:08:40 2004 (41107D68)
f8615000 f861d360 aswTdi aswTdi.SYS Mon Jan 15 13:25:22 2007 (45ABB902)
f8625000 f862d700 netbios netbios.sys Wed Aug 04 03:03:19 2004 (41107C27)
f8635000 f863d880 Fips Fips.SYS Fri Aug 17 22:31:49 2001 (3B7DC585)
f8645000 f864d700 wanarp wanarp.sys Wed Aug 04 03:04:57 2004 (41107C89)
f8655000 f8663d80 arp1394 arp1394.sys Wed Aug 04 02:58:28 2004 (41107B04)
f8675000 f8681200 HPZid412 HPZid412.sys Mon Jan 17 00:51:53 2005 (41EB4469)
f8685000 f8694900 Cdfs Cdfs.SYS Wed Aug 04 03:14:09 2004 (41107EB1)
f86f5000 f86fb200 PCIIDEX PCIIDEX.SYS Wed Aug 04 02:59:40 2004 (41107B4C)
f86fd000 f8701900 PartMgr PartMgr.sys Fri Aug 17 22:32:23 2001 (3B7DC5A7)
f8705000 f8709de0 PxHelp20 PxHelp20.sys Wed Jan 26 21:32:51 2005 (41F844C3)
f871d000 f8722000 usbuhci usbuhci.sys Wed Aug 04 03:08:34 2004 (41107D62)
f8725000 f872b800 usbehci usbehci.sys Wed Aug 04 03:08:34 2004 (41107D62)
f872d000 f8734580 Modem Modem.SYS Wed Aug 04 03:08:04 2004 (41107D44)
f8735000 f873c000 nscirda nscirda.sys Wed Aug 04 03:00:49 2004 (41107B91)
f873d000 f8741200 DKbFltr DKbFltr.sys Wed Dec 08 02:09:58 2004 (41B69AB6)
f8745000 f874b000 kbdclass kbdclass.sys Wed Aug 04 02:58:32 2004 (41107B08)
f874d000 f8752a00 mouclass mouclass.sys Wed Aug 04 02:58:32 2004 (41107B08)
f8755000 f8759c80 rasirda rasirda.sys Fri Aug 17 17:51:29 2001 (3B7D83D1)
f875d000 f8761880 TDI TDI.SYS Wed Aug 04 03:07:47 2004 (41107D33)
f8765000 f8769580 ptilink ptilink.sys Fri Aug 17 17:49:53 2001 (3B7D8371)
f876d000 f8771080 raspti raspti.sys Fri Aug 17 17:55:32 2001 (3B7D84C4)
f8795000 f879a200 vga vga.sys Wed Aug 04 03:07:06 2004 (41107D0A)
f879d000 f87a1a80 Msfs Msfs.SYS Wed Aug 04 03:00:37 2004 (41107B85)
f87a5000 f87ac880 Npfs Npfs.SYS Wed Aug 04 03:00:38 2004 (41107B86)
f87ad000 f87b4b80 usbccgp usbccgp.sys Wed Aug 04 03:08:45 2004 (41107D6D)
f87b5000 f87bab00 Aavmker4 Aavmker4.SYS Wed Dec 20 19:51:55 2006 (4589CC9B)
f87bd000 f87c3500 usbprint usbprint.sys Wed Aug 04 03:01:23 2004 (41107BB3)
f87c5000 f87ca440 HPZius12 HPZius12.sys Fri Dec 24 01:37:44 2004 (41CBAB28)
f87cd000 f87d3780 USBSTOR USBSTOR.SYS Wed Aug 04 03:08:44 2004 (41107D6C)
f87d5000 f87d9500 watchdog watchdog.sys Wed Aug 04 03:07:32 2004 (41107D24)
f8885000 f8888000 BOOTVID BOOTVID.dll Fri Aug 17 17:49:09 2001 (3B7D8345)
f8889000 f888b480 compbatt compbatt.sys Fri Aug 17 17:57:58 2001 (3B7D8556)
f888d000 f8890700 BATTC BATTC.SYS Fri Aug 17 17:57:52 2001 (3B7D8550)
f8891000 f8893d80 ACPIEC ACPIEC.sys Fri Aug 17 17:57:55 2001 (3B7D8553)
f8895000 f8897480 bsstor bsstor.sys Thu Jun 06 03:41:41 2002 (3CFF0425)
f8915000 f8917c00 irenum irenum.sys Wed Aug 04 03:00:45 2004 (41107B8D)
f891d000 f8920680 UBHelper UBHelper.SYS Fri Dec 17 05:00:25 2004 (41C2A029)
f8921000 f8923880 pfc pfc.sys Fri Sep 19 20:47:22 2003 (3F6B958A)
f8929000 f892c700 CmBatt CmBatt.sys Wed Aug 04 03:07:39 2004 (41107D2B)
f8931000 f8933580 ndistapi ndistapi.sys Fri Aug 17 17:55:29 2001 (3B7D84C1)
f893d000 f8940c80 mssmbios mssmbios.sys Wed Aug 04 03:07:47 2004 (41107D33)
f896d000 f896f280 rasacd rasacd.sys Fri Aug 17 17:55:39 2001 (3B7D84CB)
f8971000 f8973f00 ws2ifsl ws2ifsl.sys Fri Aug 17 17:55:58 2001 (3B7D84DE)
f8975000 f8976b80 kdcom kdcom.dll Fri Aug 17 17:49:10 2001 (3B7D8346)
f8977000 f8978100 WMILIB WMILIB.SYS Fri Aug 17 18:07:23 2001 (3B7D878B)
f8979000 f897a580 intelide intelide.sys Wed Aug 04 02:59:40 2004 (41107B4C)
f8983000 f8984280 USBD USBD.SYS Fri Aug 17 18:02:58 2001 (3B7D8682)
f8985000 f8986800 NTIDrvr NTIDrvr.sys Tue Dec 21 16:33:14 2004 (41C8888A)
f8987000 f8988a80 serscan serscan.sys Fri Aug 17 17:53:28 2001 (3B7D8448)
f8989000 f898a100 swenum swenum.sys Wed Aug 04 02:58:41 2004 (41107B11)
f8993000 f8994f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 17:49:37 2001 (3B7D8361)
f8995000 f8996080 Beep Beep.SYS Fri Aug 17 17:47:33 2001 (3B7D82E5)
f8997000 f8998080 mnmdd mnmdd.SYS Fri Aug 17 17:57:28 2001 (3B7D8538)
f8999000 f899a080 RDPCDD RDPCDD.sys Fri Aug 17 17:46:56 2001 (3B7D82C0)
f899b000 f899c100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 18:07:23 2001 (3B7D878B)
f89c5000 f89c6c80 osaio osaio.sys Thu Jun 30 03:50:30 2005 (42C39636)
f8a3d000 f8a3dd00 pciide pciide.sys Fri Aug 17 17:51:49 2001 (3B7D83E5)
f8a3e000 f8a3ed80 OPRGHDLR OPRGHDLR.SYS Fri Aug 17 17:57:55 2001 (3B7D8553)
f8b39000 f8b39d00 dxgthk dxgthk.sys Fri Aug 17 17:53:12 2001 (3B7D8438)
f8bc1000 f8bc2000 epm_psd epm-psd.sys Mon Jul 19 17:10:49 2004 (40FC2AC9)
f8bc4000 f8bc4dc0 osanbm osanbm.sys Fri Jan 14 02:07:12 2005 (41E76190)

Unloaded modules:
a8b45000 a8b70000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a8f30000 a8f5b000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a8f30000 a8f5b000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a8f30000 a8f5b000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a8f30000 a8f5b000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a8f30000 a8f5b000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a8f30000 a8f5b000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a8f30000 a8f5b000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a8f30000 a8f5b000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a91db000 a9206000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a91db000 a9206000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a91db000 a9206000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a91db000 a9206000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a91db000 a9206000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a91db000 a9206000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a91db000 a9206000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a91db000 a9206000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9486000 a94b1000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9911000 a993c000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9911000 a993c000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aa84f000 aa87a000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aa87a000 aa89d000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8b8f000 f8b90000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aaa02000 aaa0f000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aaa12000 aaa20000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f89d1000 f89d3000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aacc8000 aacd8000 Serial.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f878d000 f8792000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f8969000 f896c000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f8785000 f878a000 Flpydisk.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f877d000 f8784000 Fdc.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

DEBUG File # 2

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.7.0005.1
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Mini041107-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: H:\WINDOWS;H:\WINDOWS\system32;H:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.061219-0316
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Wed Apr 11 14:15:39.062 2007 (GMT-3)
System Uptime: 0 days 1:01:47.640
Loading Kernel Symbols
..........................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
Unable to load image ialmnt5.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ialmnt5.sys
*** ERROR: Module load completed but symbols could not be loaded for ialmnt5.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {8, 80042000, 0, 0}

Probably caused by : ialmnt5.sys ( ialmnt5+1bd50 )

Followup: MachineOwner
---------

kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_8

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

PROCESS_NAME: EXPLORER.EXE

LAST_CONTROL_TRANSFER: from f7e79754 to f7e0ad50

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
aa70e008 f7e79754 81d33910 00000000 00000001 ialmnt5+0x1bd50
aa70e00c 81d33910 00000000 00000001 00000064 ialmnt5+0x8a754
aa70e010 00000000 00000001 00000064 81cb85a8 0x81d33910


STACK_COMMAND: kb

FOLLOWUP_IP:
ialmnt5+1bd50
f7e0ad50 6a01 push 1

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ialmnt5

IMAGE_NAME: ialmnt5.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 42090c3a

SYMBOL_NAME: ialmnt5+1bd50

FAILURE_BUCKET_ID: 0x7f_8_ialmnt5+1bd50

BUCKET_ID: 0x7f_8_ialmnt5+1bd50

Followup: MachineOwner
---------

eax=81f9a778 ebx=82060480 ecx=81f9a778 edx=81f9a778 esi=81cb85a8 edi=00000064
eip=f7e0ad50 esp=aa70e000 ebp=aa70e008 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
ialmnt5+0x1bd50:
f7e0ad50 6a01 push 1
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
aa70e008 f7e79754 81d33910 00000000 00000001 ialmnt5+0x1bd50
aa70e00c 81d33910 00000000 00000001 00000064 ialmnt5+0x8a754
aa70e010 00000000 00000001 00000064 81cb85a8 0x81d33910
start end module name
804d7000 806cd580 nt ntkrnlpa.exe Tue Dec 19 08:55:36 2006 (4587E148)
806ce000 806ee380 hal halaacpi.dll Wed Aug 04 02:59:05 2004 (41107B29)
aa4fe000 aa500e40 mdmxsdk mdmxsdk.sys Wed Mar 17 16:04:10 2004 (4058A12A)
aa754000 aa768400 wdmaud wdmaud.sys Wed Jun 14 06:00:44 2006 (448FD03C)
aa7b9000 aa80a480 srv srv.sys Mon Aug 14 07:34:39 2006 (44E051BF)
aa80b000 aa81e180 epm_shd epm-shd.sys Thu Mar 24 05:54:06 2005 (4242802E)
aa86f000 aa884580 aswMon2 aswMon2.SYS Wed Nov 01 11:54:26 2006 (4548B522)
aa8ad000 aa8d9400 mrxdav mrxdav.sys Wed Aug 04 03:00:49 2004 (41107B91)
aab72000 aab80d80 sysaudio sysaudio.sys Wed Aug 04 03:15:54 2004 (41107F1A)
aabaa000 aabbf580 irda irda.sys Wed Aug 04 03:00:50 2004 (41107B92)
aac04000 aac07280 ndisuio ndisuio.sys Wed Aug 04 03:03:10 2004 (41107C1E)
aac3c000 aac3e8c0 s24trans s24trans.sys Fri Oct 15 15:20:02 2004 (417014D2)
aac44000 aac47be0 AegisP AegisP.sys Fri Sep 24 17:15:30 2004 (41548062)
aad50000 aad67480 dump_atapi dump_atapi.sys Wed Aug 04 02:59:41 2004 (41107B4D)
aae30000 aae50f00 ipnat ipnat.sys Wed Sep 29 19:28:36 2004 (415B3714)
aae51000 aaebfa00 mrxsmb mrxsmb.sys Fri May 05 06:41:42 2006 (445B1DD6)
aaec0000 aaeeaa00 rdbss rdbss.sys Fri May 05 06:47:55 2006 (445B1F4B)
aaeeb000 aaf0cd00 afd afd.sys Wed Aug 04 03:14:13 2004 (41107EB5)
aaf0d000 aaf34c00 netbt netbt.sys Wed Aug 04 03:14:36 2004 (41107ECC)
aaf35000 aaf8cd80 tcpip tcpip.sys Thu Apr 20 08:51:47 2006 (444775D3)
aaf8d000 aaf9f400 ipsec ipsec.sys Wed Aug 04 03:14:27 2004 (41107EC3)
bf800000 bf9c2180 win32k win32k.sys Thu Mar 08 09:47:34 2007 (45F013F6)
bf9c3000 bf9d4580 dxg dxg.sys Wed Aug 04 03:00:51 2004 (41107B93)
bf9d5000 bf9e3000 ialmrnt5 ialmrnt5.dll Tue Feb 08 14:52:30 2005 (42090A6E)
bf9e3000 bfa02000 ialmdnt5 ialmdnt5.dll Tue Feb 08 14:52:24 2005 (42090A68)
bfa02000 bfa2da20 ialmdev5 ialmdev5.DLL Tue Feb 08 14:52:14 2005 (42090A5E)
bfa2e000 bfb0b000 ialmdd5 ialmdd5.DLL Tue Feb 08 14:59:27 2005 (42090C0F)
f768f000 f76c2200 update update.sys Wed Aug 04 02:58:32 2004 (41107B08)
f776d000 f777de00 psched psched.sys Wed Aug 04 03:04:16 2004 (41107C60)
f777e000 f7794680 ndiswan ndiswan.sys Wed Aug 04 03:14:30 2004 (41107EC6)
f77ad000 f77af900 Dxapi Dxapi.sys Fri Aug 17 17:53:19 2001 (3B7D843F)
f77bd000 f77ea5e0 SynTP SynTP.sys Fri Oct 08 18:33:45 2004 (416707B9)
f77eb000 f7896c80 HSF_CNXT HSF_CNXT.sys Tue Jan 25 18:26:27 2005 (41F6C793)
f7897000 f7994780 HSF_DPV HSF_DPV.sys Tue Jan 25 18:27:10 2005 (41F6C7BE)
f7995000 f79c7b00 HSFHWICH HSFHWICH.sys Tue Jan 25 18:26:34 2005 (41F6C79A)
f79c8000 f79ea680 ks ks.sys Wed Aug 04 03:15:20 2004 (41107EF8)
f79eb000 f7a0e980 portcls portcls.sys Wed Aug 04 03:15:47 2004 (41107F13)
f7a0f000 f7a52800 camchal camchal.sys Fri Jun 25 19:31:05 2004 (40DCA7A9)
f7a53000 f7a7dd00 b57xp32 b57xp32.sys Wed May 21 22:47:11 2003 (3ECC2C1F)
f7a7e000 f7d90d00 w29n51 w29n51.sys Fri Oct 29 23:48:07 2004 (418300E7)
f7d91000 f7db7580 tifm21 tifm21.sys Fri Feb 11 02:52:35 2005 (420C5633)
f7db8000 f7ddae80 USBPORT USBPORT.SYS Wed Aug 04 03:08:34 2004 (41107D62)
f7ddb000 f7dee780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 03:07:04 2004 (41107D08)
f7def000 f7eb3660 ialmnt5 ialmnt5.sys Tue Feb 08 15:00:10 2005 (42090C3A)
f7edc000 f7edcb80 Null Null.SYS Fri Aug 17 17:47:39 2001 (3B7D82EB)
f7f0e000 f7f0ec00 audstub audstub.sys Fri Aug 17 17:59:40 2001 (3B7D85BC)
f81e9000 f81ecf60 HPZipr12 HPZipr12.sys Fri Dec 24 01:39:10 2004 (41CBAB7E)
f81f1000 f81f4b00 usbscan usbscan.sys Wed Aug 04 02:58:44 2004 (41107B14)
f823e000 f8258580 Mup Mup.sys Wed Aug 04 03:15:20 2004 (41107EF8)
f8259000 f8285a80 NDIS NDIS.sys Wed Aug 04 03:14:27 2004 (41107EC3)
f8286000 f829c780 KSecDD KSecDD.sys Wed Aug 04 02:59:45 2004 (41107B51)
f829d000 f82c0000 Fastfat Fastfat.sys Wed Aug 04 03:14:15 2004 (41107EB7)
f82c0000 f82df780 fltMgr fltMgr.sys Mon Aug 21 06:14:57 2006 (44E97991)
f82e0000 f82f7480 atapi atapi.sys Wed Aug 04 02:59:41 2004 (41107B4D)
f82f8000 f8316880 ftdisk ftdisk.sys Fri Aug 17 17:52:41 2001 (3B7D8419)
f8317000 f8334480 pcmcia pcmcia.sys Wed Aug 04 03:07:45 2004 (41107D31)
f8335000 f8345a80 pci pci.sys Wed Aug 04 03:07:45 2004 (41107D31)
f8346000 f8373d80 ACPI ACPI.sys Wed Aug 04 03:07:35 2004 (41107D27)
f8475000 f847dc00 isapnp isapnp.sys Fri Aug 17 17:58:01 2001 (3B7D8559)
f8485000 f8493e80 ohci1394 ohci1394.sys Wed Aug 04 03:10:05 2004 (41107DBD)
f8495000 f84a2000 1394BUS 1394BUS.SYS Wed Aug 04 03:10:03 2004 (41107DBB)
f84a5000 f84af500 MountMgr MountMgr.sys Wed Aug 04 02:58:29 2004 (41107B05)
f84b5000 f84c1c80 VolSnap VolSnap.sys Wed Aug 04 03:00:14 2004 (41107B6E)
f84c5000 f84cde00 disk disk.sys Wed Aug 04 02:59:53 2004 (41107B59)
f84d5000 f84e1200 CLASSPNP CLASSPNP.SYS Wed Aug 04 03:14:26 2004 (41107EC2)
f84f5000 f8504180 nic1394 nic1394.sys Wed Aug 04 02:58:28 2004 (41107B04)
f8505000 f850dd00 intelppm intelppm.sys Wed Aug 04 02:59:19 2004 (41107B37)
f8515000 f851d500 camcaud camcaud.sys Fri Jun 25 19:29:57 2004 (40DCA765)
f8525000 f8533b80 drmk drmk.sys Wed Aug 04 03:07:54 2004 (41107D3A)
f8535000 f8541e00 i8042prt i8042prt.sys Wed Aug 04 03:14:36 2004 (41107ECC)
f8545000 f854f380 imapi imapi.sys Wed Aug 04 03:00:12 2004 (41107B6C)
f8555000 f8561180 cdrom cdrom.sys Wed Aug 04 02:59:52 2004 (41107B58)
f8565000 f8573080 redbook redbook.sys Wed Aug 04 02:59:34 2004 (41107B46)
f8575000 f8581880 rasl2tp rasl2tp.sys Wed Aug 04 03:14:21 2004 (41107EBD)
f8585000 f858f200 raspppoe raspppoe.sys Wed Aug 04 03:05:06 2004 (41107C92)
f8595000 f85a0d00 raspptp raspptp.sys Wed Aug 04 03:14:26 2004 (41107EC2)
f85a5000 f85ad900 msgpc msgpc.sys Wed Aug 04 03:04:11 2004 (41107C5B)
f85b5000 f85bef00 termdd termdd.sys Wed Aug 04 02:58:52 2004 (41107B1C)
f85c5000 f85ce480 NDProxy NDProxy.SYS Fri Aug 17 17:55:30 2001 (3B7D84C2)
f85e5000 f85f3100 usbhub usbhub.sys Wed Aug 04 03:08:40 2004 (41107D68)
f8615000 f861d360 aswTdi aswTdi.SYS Mon Jan 15 13:25:22 2007 (45ABB902)
f8625000 f862d700 netbios netbios.sys Wed Aug 04 03:03:19 2004 (41107C27)
f8635000 f863d880 Fips Fips.SYS Fri Aug 17 22:31:49 2001 (3B7DC585)
f8645000 f864d700 wanarp wanarp.sys Wed Aug 04 03:04:57 2004 (41107C89)
f8655000 f8663d80 arp1394 arp1394.sys Wed Aug 04 02:58:28 2004 (41107B04)
f8675000 f8681200 HPZid412 HPZid412.sys Mon Jan 17 00:51:53 2005 (41EB4469)
f8685000 f8694900 Cdfs Cdfs.SYS Wed Aug 04 03:14:09 2004 (41107EB1)
f86f5000 f86fb200 PCIIDEX PCIIDEX.SYS Wed Aug 04 02:59:40 2004 (41107B4C)
f86fd000 f8701900 PartMgr PartMgr.sys Fri Aug 17 22:32:23 2001 (3B7DC5A7)
f8705000 f8709de0 PxHelp20 PxHelp20.sys Wed Jan 26 21:32:51 2005 (41F844C3)
f871d000 f8722000 usbuhci usbuhci.sys Wed Aug 04 03:08:34 2004 (41107D62)
f8725000 f872b800 usbehci usbehci.sys Wed Aug 04 03:08:34 2004 (41107D62)
f872d000 f8734580 Modem Modem.SYS Wed Aug 04 03:08:04 2004 (41107D44)
f8735000 f873c000 nscirda nscirda.sys Wed Aug 04 03:00:49 2004 (41107B91)
f873d000 f8741200 DKbFltr DKbFltr.sys Wed Dec 08 02:09:58 2004 (41B69AB6)
f8745000 f874b000 kbdclass kbdclass.sys Wed Aug 04 02:58:32 2004 (41107B08)
f874d000 f8752a00 mouclass mouclass.sys Wed Aug 04 02:58:32 2004 (41107B08)
f8755000 f8759c80 rasirda rasirda.sys Fri Aug 17 17:51:29 2001 (3B7D83D1)
f875d000 f8761880 TDI TDI.SYS Wed Aug 04 03:07:47 2004 (41107D33)
f8765000 f8769580 ptilink ptilink.sys Fri Aug 17 17:49:53 2001 (3B7D8371)
f876d000 f8771080 raspti raspti.sys Fri Aug 17 17:55:32 2001 (3B7D84C4)
f8795000 f879a200 vga vga.sys Wed Aug 04 03:07:06 2004 (41107D0A)
f879d000 f87a1a80 Msfs Msfs.SYS Wed Aug 04 03:00:37 2004 (41107B85)
f87a5000 f87ac880 Npfs Npfs.SYS Wed Aug 04 03:00:38 2004 (41107B86)
f87ad000 f87b4b80 usbccgp usbccgp.sys Wed Aug 04 03:08:45 2004 (41107D6D)
f87b5000 f87bab00 Aavmker4 Aavmker4.SYS Wed Dec 20 19:51:55 2006 (4589CC9B)
f87bd000 f87c3500 usbprint usbprint.sys Wed Aug 04 03:01:23 2004 (41107BB3)
f87c5000 f87ca440 HPZius12 HPZius12.sys Fri Dec 24 01:37:44 2004 (41CBAB28)
f87cd000 f87d3780 USBSTOR USBSTOR.SYS Wed Aug 04 03:08:44 2004 (41107D6C)
f87d5000 f87d9500 watchdog watchdog.sys Wed Aug 04 03:07:32 2004 (41107D24)
f8885000 f8888000 BOOTVID BOOTVID.dll Fri Aug 17 17:49:09 2001 (3B7D8345)
f8889000 f888b480 compbatt compbatt.sys Fri Aug 17 17:57:58 2001 (3B7D8556)
f888d000 f8890700 BATTC BATTC.SYS Fri Aug 17 17:57:52 2001 (3B7D8550)
f8891000 f8893d80 ACPIEC ACPIEC.sys Fri Aug 17 17:57:55 2001 (3B7D8553)
f8895000 f8897480 bsstor bsstor.sys Thu Jun 06 03:41:41 2002 (3CFF0425)
f8915000 f8917c00 irenum irenum.sys Wed Aug 04 03:00:45 2004 (41107B8D)
f891d000 f8920680 UBHelper UBHelper.SYS Fri Dec 17 05:00:25 2004 (41C2A029)
f8921000 f8923880 pfc pfc.sys Fri Sep 19 20:47:22 2003 (3F6B958A)
f8929000 f892c700 CmBatt CmBatt.sys Wed Aug 04 03:07:39 2004 (41107D2B)
f8931000 f8933580 ndistapi ndistapi.sys Fri Aug 17 17:55:29 2001 (3B7D84C1)
f893d000 f8940c80 mssmbios mssmbios.sys Wed Aug 04 03:07:47 2004 (41107D33)
f896d000 f896f280 rasacd rasacd.sys Fri Aug 17 17:55:39 2001 (3B7D84CB)
f8971000 f8973f00 ws2ifsl ws2ifsl.sys Fri Aug 17 17:55:58 2001 (3B7D84DE)
f8975000 f8976b80 kdcom kdcom.dll Fri Aug 17 17:49:10 2001 (3B7D8346)
f8977000 f8978100 WMILIB WMILIB.SYS Fri Aug 17 18:07:23 2001 (3B7D878B)
f8979000 f897a580 intelide intelide.sys Wed Aug 04 02:59:40 2004 (41107B4C)
f8983000 f8984280 USBD USBD.SYS Fri Aug 17 18:02:58 2001 (3B7D8682)
f8985000 f8986800 NTIDrvr NTIDrvr.sys Tue Dec 21 16:33:14 2004 (41C8888A)
f8987000 f8988a80 serscan serscan.sys Fri Aug 17 17:53:28 2001 (3B7D8448)
f8989000 f898a100 swenum swenum.sys Wed Aug 04 02:58:41 2004 (41107B11)
f8993000 f8994f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 17:49:37 2001 (3B7D8361)
f8995000 f8996080 Beep Beep.SYS Fri Aug 17 17:47:33 2001 (3B7D82E5)
f8997000 f8998080 mnmdd mnmdd.SYS Fri Aug 17 17:57:28 2001 (3B7D8538)
f8999000 f899a080 RDPCDD RDPCDD.sys Fri Aug 17 17:46:56 2001 (3B7D82C0)
f899b000 f899c100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 18:07:23 2001 (3B7D878B)
f8a3d000 f8a3dd00 pciide pciide.sys Fri Aug 17 17:51:49 2001 (3B7D83E5)
f8a3e000 f8a3ed80 OPRGHDLR OPRGHDLR.SYS Fri Aug 17 17:57:55 2001 (3B7D8553)
f8a7a000 f8a7b000 epm_psd epm-psd.sys Mon Jul 19 17:10:49 2004 (40FC2AC9)
f8b30000 f8b30d00 dxgthk dxgthk.sys Fri Aug 17 17:53:12 2001 (3B7D8438)

Unloaded modules:
aa63e000 aa669000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8bba000 f8bbb000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aa669000 aa68c000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aace8000 aacf5000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aaaf2000 aab00000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f89df000 f89e1000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aaa22000 aaa32000 Serial.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f878d000 f8792000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f8969000 f896c000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f8785000 f878a000 Flpydisk.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f877d000 f8784000 Fdc.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

Relatively old dumps. 1 video driver, 1 USB. Not much help there.

Open a command window (click Start>Run then type cmd and hit enter) and type the following command, then hit enter.

Chkdsk c: /f /r

You should get a message that the volume is in use, and an offer to perform the disk check upon next startup. Answer Y and hit enter. Reboot.

Let me know if there's any change.

 

I was hoping like you wouldn't believe.....
However i still get the same blue screen and options how to start...
Nothing has changed I am smelling the salt water for this thing!

 

Check the device manager for any errors. Let me know if you find any before continuing with the following.

Click Start>Run, type services.msc and hit enter. Locate each of these in the list and double click the entry. Click Stop if available. Set the startup type to disabled, click Apply and OK. They might not all be listed.

Remote Packet Capture Protocol
Speed Disk service
Spyware Doctor Auxiliary Service
Spyware Doctor Service
Norton Unerase Protection
lxbu_device - Lexmark International
LXBUCustomerConnect
avast! Web Scanner
avast! Mail Scanner
avast! Antivirus

Click Start>Run and type msconfig then hit enter. Uncheck everything on the Startup tab except for the Synaptics entries. Click OK and allow restart.

 

System Restore is turned off in the system properties.
It will not allow me too unchecked the turn off system restore on all drive
in safe mode.

 

Try Safe Mode with Command Prompt boot from the Advanced Startup menu, logon to the Admin account, then type the following command from a command window and hit enter.

C:\Windows\system32\restore\rstrui.exe

 

Again I am sorry, Device manager is where? I know I have seen this somewhere but where

 

Usually, you can press the Windows key (between left Ctrl and Alt keys) and Pause/Break keys at the same time to open the system properties dialog. Hardware tab. Another method is right click My Computer and select Properties.

 

Yes thank you ! !

The only thing in there that has an exclamation on it is under the PCMIA adapters
has two choices Intel PCIC compatible PCMIA controller - Has Exclamation
and
Texas Instruments PCIxx21/x515 Cardbus Controller which is OK