Hi I have just registered after coming across this fantastic site while searching for solutions to the major problem I am having with my PC. I hope I have posted under the correct topic but am not sure what my problem is.

A week ago, the day after installing update drivers for my Audigy 4 soundcard the PC started slowing down, grinding to almost a standstill. After searching on the internet for a possible cause I downloaded a Registry Cleaner (jv16 Power Tools), which seemed to do the trick. After another 3 or 4 days, I then noticed that when I attempted to logon the PC would just reboot - this always occurs after entering my password and pressing enter.

I have 2 hard drives on my PC, which are partitioned into separate active (XP OS) and logical partitions (docs, photos, etc). I also have Norton Ghost 10 on my PC and can go back to a previous restore point and completely overight the active partition. This restores the PC which then works absolutely fine for days until I allow updates that require a reboot of the PC. Following reboot I get the same logon problem. It has just happened again tonight and I am now at my wits end - I have spent hours trying to sort this out. The IT guys at work have told me not to bother and to reinstall everything, but this seems extreme to me when everything works OK until something is updated!!

Anyway I have Norton Internet Security 2007 on the PC, and so far have never had a problem with it, I also have Spybot S&D, Ad-aware SE personal and Spyware Blaster - I do not seem to have any viruses or spyware on the PC so don't think it is this. When it happened tonight, after updating Creative Media Source 5 Player/Organiser and rebooting, I got the error message,
STOP: 0x0000008E (0xC0000005, 0x8062C26B, 0xB9F5099C, 0x00000000). When I tried again I got this error message,
STOP: 0x0000008E (0xC0000005, 0x8062C26B, 0xF4F1D99C, 0x00000000).
I then booted into safe mode and looked up Event Viewer, which told me that the error was due to an Audit Failure (MsAuditE.dll; file 5.1.2600.0) at Account Logon. I saved the .dmp file to a flash drive and then recovered the drive using Ghost again. At the end of the recovery a message came up stating Registry (hive) file was corrupted and has been replaced. I then used debugwiz to make sense of the .dmp file, which is as follows:

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [N:\Mini052407-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32 \drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Thu May 24 21:04:04.671 2007 (GMT+1)
System Uptime: 0 days 0:00:58.250
Loading Kernel Symbols
.................................................. .................................................. .................................................. .......
Loading User Symbols
Loading unloaded module list
...
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8062c26b, b9f5099c, 0}

Probably caused by : ntkrnlpa.exe ( nt!HvpGetCellMapped+5f )

Followup: MachineOwner
---------

kd> !analyze -v;r;kv;lmtn;.logclose;q
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8062c26b, The address that the exception occurred at
Arg3: b9f5099c, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!HvpGetCellMapped+5f
8062c26b 8b4304 mov eax,dword ptr [ebx+4]

TRAP_FRAME: b9f5099c -- (.trap ffffffffb9f5099c)
.trap ffffffffb9f5099c
ErrCode = 00000000
eax=00000170 ebx=00000170 ecx=86fbf848 edx=00000393 esi=e1036008 edi=00000453
eip=8062c26b esp=b9f50a10 ebp=b9f50a58 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!HvpGetCellMapped+0x5f:
8062c26b 8b4304 mov eax,dword ptr [ebx+4] ds:0023:00000174=????????
.trap
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: services.exe

LAST_CONTROL_TRANSFER: from 80624c87 to 8062c26b

STACK_TEXT:
b9f50a58 80624c87 e1036008 72617453 e1036008 nt!HvpGetCellMapped+0x5f
b9f50a74 8062dac8 e1036008 cd1a0d9c e1036008 nt!CmpMarkValueDataDirty+0x5f
b9f50a90 8062dd6d e1036008 0036f870 cd1a2c8c nt!CmpMarkKeyValuesDirty+0xcc
b9f50aac 8062de0a e1036008 0036f870 cd1b0874 nt!CmpFreeKeyValues+0x17
b9f50ae8 8062e648 e1036008 00363f10 cd1a4f14 nt!CmpSyncKeyValues+0x26
b9f50b2c 8062e7bb e3fe5000 00000400 00000003 nt!CmpCopySyncTree2+0x1f4
b9f50b5c 8061b26b e1036008 00000188 e1036008 nt!CmpCopySyncTree+0x4f
b9f50ccc 80616ebc 00010002 b9f50d64 b9f50ce8 nt!CmpSaveBootControlSet+0x2a7
b9f50cdc 8053ca28 00000004 b9f50d64 804fdb81 nt!NtInitializeRegistry+0x5e
b9f50cdc 804fdb81 00000004 b9f50d64 804fdb81 nt!KiFastCallEntry+0xf8
b9f50d58 8053ca28 00000004 00e2f8b4 7c90eb94 nt!ZwInitializeRegistry+0x11
b9f50d58 7c90eb94 00000004 00e2f8b4 7c90eb94 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00e2f8b4 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!HvpGetCellMapped+5f
8062c26b 8b4304 mov eax,dword ptr [ebx+4]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!HvpGetCellMapped+5f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 45e53f9c

FAILURE_BUCKET_ID: 0x8E_nt!HvpGetCellMapped+5f

BUCKET_ID: 0x8E_nt!HvpGetCellMapped+5f

Followup: MachineOwner
---------

eax=00000170 ebx=00000170 ecx=86fbf848 edx=00000393 esi=e1036008 edi=00000453
eip=8062c26b esp=b9f50a10 ebp=b9f50a58 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!HvpGetCellMapped+0x5f:
8062c26b 8b4304 mov eax,dword ptr [ebx+4] ds:0023:00000174=????????
ChildEBP RetAddr Args to Child
b9f50a58 80624c87 e1036008 72617453 e1036008 nt!HvpGetCellMapped+0x5f (FPO: [Non-Fpo])
b9f50a74 8062dac8 e1036008 cd1a0d9c e1036008 nt!CmpMarkValueDataDirty+0x5f (FPO: [Non-Fpo])
b9f50a90 8062dd6d e1036008 0036f870 cd1a2c8c nt!CmpMarkKeyValuesDirty+0xcc (FPO: [Non-Fpo])
b9f50aac 8062de0a e1036008 0036f870 cd1b0874 nt!CmpFreeKeyValues+0x17 (FPO: [Non-Fpo])
b9f50ae8 8062e648 e1036008 00363f10 cd1a4f14 nt!CmpSyncKeyValues+0x26 (FPO: [Non-Fpo])
b9f50b2c 8062e7bb e3fe5000 00000400 00000003 nt!CmpCopySyncTree2+0x1f4 (FPO: [Non-Fpo])
b9f50b5c 8061b26b e1036008 00000188 e1036008 nt!CmpCopySyncTree+0x4f (FPO: [Non-Fpo])
b9f50ccc 80616ebc 00010002 b9f50d64 b9f50ce8 nt!CmpSaveBootControlSet+0x2a7 (FPO: [Non-Fpo])
b9f50cdc 8053ca28 00000004 b9f50d64 804fdb81 nt!NtInitializeRegistry+0x5e (FPO: [Non-Fpo])
b9f50cdc 804fdb81 00000004 b9f50d64 804fdb81 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ b9f50ce8)
b9f50d58 8053ca28 00000004 00e2f8b4 7c90eb94 nt!ZwInitializeRegistry+0x11 (FPO: [1,0,0])
b9f50d58 7c90eb94 00000004 00e2f8b4 7c90eb94 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ b9f50d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
00e2f8b4 00000000 00000000 00000000 00000000 0x7c90eb94
start end module name
804d7000 806cd580 nt ntkrnlpa.exe Wed Feb 28 08:38:52 2007 (45E53F9C)
806ce000 806ee380 hal halaacpi.dll Wed Aug 04 06:59:05 2004 (41107B29)
b9add000 b9b1d280 HTTP HTTP.sys Fri Mar 17 00:33:09 2006 (441A03C5)
b9cae000 b9cbf440 NAVENG NAVENG.SYS Fri Mar 16 04:34:29 2007 (45FA1E55)
b9cc0000 b9d8e820 NAVEX15 NAVEX15.SYS Fri Mar 16 05:14:23 2007 (45FA27AF)
b9d8f000 b9dd9000 SRTSP SRTSP.SYS Fri Jan 12 02:11:05 2007 (45A6EE39)
b9ef1000 b9f18f00 secdrv secdrv.sys Tue Aug 31 14:42:55 2004 (4134805F)
b9f69000 b9fba480 srv srv.sys Mon Aug 14 11:34:39 2006 (44E051BF)
ba0ab000 ba0d7400 mrxdav mrxdav.sys Wed Aug 04 07:00:49 2004 (41107B91)
badac000 badaf280 ndisuio ndisuio.sys Wed Aug 04 07:03:10 2004 (41107C1E)
bf800000 bf9c2180 win32k win32k.sys Thu Mar 08 13:47:34 2007 (45F013F6)
bf9c3000 bf9d4580 dxg dxg.sys Wed Aug 04 07:00:51 2004 (41107B93)
bf9d5000 bf9e8000 wpfb_nv4_disp wpfb_nv4_disp.dll Wed Jan 26 22:55:18 2005 (41F81FD6)
bf9e8000 bfe39d00 nv4_disp nv4_disp.dll Fri Jun 02 02:06:00 2006 (447F8EF8)
efe14000 efe2aa80 dump_nvata dump_nvata.sys Wed May 18 01:45:07 2005 (428A9013)
efe2b000 efe4e000 Fastfat Fastfat.SYS Wed Aug 04 07:14:15 2004 (41107EB7)
efe4e000 efec9000 Wdf01000 Wdf01000.sys Thu Nov 02 08:54:18 2006 (4549B23A)
efee9000 efeeca00 kbdhid kbdhid.sys Wed Aug 04 06:58:33 2004 (41107B09)
efef1000 eff0e000 EraserUtilRebootDrv EraserUtilRebootDrv.sys Thu Mar 29 00:51:40 2007 (460AFF8C)
eff0e000 eff70000 eeCtrl eeCtrl.sys Thu Mar 29 00:51:40 2007 (460AFF8C)
eff70000 effdea00 mrxsmb mrxsmb.sys Fri May 05 10:41:42 2006 (445B1DD6)
effdf000 f0009a00 rdbss rdbss.sys Fri May 05 10:47:55 2006 (445B1F4B)
f000a000 f0073000 SPBBCDrv SPBBCDrv.sys Thu Feb 01 09:58:41 2007 (45C1B9D1)
f0073000 f0084000 SRTSPX SRTSPX.SYS Fri Jan 12 02:11:05 2007 (45A6EE39)
f0084000 f00a5d00 afd afd.sys Wed Aug 04 07:14:13 2004 (41107EB5)
f00a6000 f00cdc00 netbt netbt.sys Wed Aug 04 07:14:36 2004 (41107ECC)
f00ce000 f00ff000 SymIDSCo SymIDSCo.sys Fri Jan 12 23:29:35 2007 (45A819DF)
f00ff000 f0120f00 SYMFW SYMFW.SYS Sat Sep 02 20:16:54 2006 (44F9D8A6)
f0121000 f0144000 SYMEVENT SYMEVENT.SYS Sat Dec 16 00:30:34 2006 (45833E2A)
f0144000 f0164f00 ipnat ipnat.sys Wed Sep 29 23:28:36 2004 (415B3714)
f0165000 f0191000 SYMTDI SYMTDI.SYS Sat Sep 02 20:16:52 2006 (44F9D8A4)
f0191000 f01e8d80 tcpip tcpip.sys Thu Apr 20 12:51:47 2006 (444775D3)
f01e9000 f01fb400 ipsec ipsec.sys Wed Aug 04 07:14:27 2004 (41107EC3)
f231c000 f23b8000 ctac32k ctac32k.sys Fri Aug 11 07:45:14 2006 (44DC277A)
f23b8000 f23df000 ctsfm2k ctsfm2k.sys Fri Aug 11 07:45:18 2006 (44DC277E)
f23df000 f240c000 emupia2k emupia2k.sys Fri Aug 11 07:45:17 2006 (44DC277D)
f240c000 f2510000 ha10kx2k ha10kx2k.sys Fri Aug 11 07:45:24 2006 (44DC2784)
f2510000 f2542000 hap17v2k hap17v2k.sys Fri Aug 11 07:45:26 2006 (44DC2786)
f2542000 f2575200 update update.sys Wed Aug 04 06:58:32 2004 (41107B08)
f2576000 f2590660 vna vna.sys Thu May 27 08:10:33 2004 (40B59469)
f2591000 f25a1e00 psched psched.sys Wed Aug 04 07:04:16 2004 (41107C60)
f25a2000 f25b8680 ndiswan ndiswan.sys Wed Aug 04 07:14:30 2004 (41107EC6)
f25b9000 f25cc900 parport parport.sys Wed Aug 04 06:59:04 2004 (41107B28)
f25cd000 f25e0780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 07:07:04 2004 (41107D08)
f25e1000 f299f7a0 nv4_mini nv4_mini.sys Fri Jun 02 02:11:09 2006 (447F902D)
f4b7c000 f4baed80 NVSNPU NVSNPU.SYS Wed Apr 06 11:22:01 2005 (4253B849)
f4baf000 f4beef00 NVNRM NVNRM.SYS Wed Apr 06 11:22:11 2005 (4253B853)
f4c44000 f4c4bb80 usbccgp usbccgp.sys Wed Aug 04 07:08:45 2004 (41107D6D)
f4c54000 f4c5a000 symlcbrd symlcbrd.sys Tue Feb 01 06:13:32 2005 (41FF1E0C)
f4c5c000 f4c60500 watchdog watchdog.sys Wed Aug 04 07:07:32 2004 (41107D24)
f4d34000 f4d34d00 dxgthk dxgthk.sys Fri Aug 17 21:53:12 2001 (3B7D8438)
f4fd1000 f4fd3280 rasacd rasacd.sys Fri Aug 17 21:55:39 2001 (3B7D84CB)
f4fd5000 f4fd7f80 mouhid mouhid.sys Fri Aug 17 21:47:57 2001 (3B7D82FD)
f5133000 f5139b00 SYMNDIS SYMNDIS.SYS Sat Sep 02 20:16:54 2006 (44F9D8A6)
f5306000 f530e200 SYMIDS SYMIDS.SYS Sat Sep 02 20:16:55 2006 (44F9D8A7)
f5e2a000 f5e38d80 arp1394 arp1394.sys Wed Aug 04 06:58:28 2004 (41107B04)
f5e3a000 f5e42700 wanarp wanarp.sys Wed Aug 04 07:04:57 2004 (41107C89)
f5e5a000 f5e62300 NVENETFD NVENETFD.sys Wed Apr 06 11:22:26 2005 (4253B862)
f5e7a000 f5e83480 NDProxy NDProxy.SYS Fri Aug 17 21:55:30 2001 (3B7D84C2)
f5e9a000 f5ea8100 usbhub usbhub.sys Wed Aug 04 07:08:40 2004 (41107D68)
f5eaa000 f5eb3f00 termdd termdd.sys Wed Aug 04 06:58:52 2004 (41107B1C)
f5eba000 f5ec2900 msgpc msgpc.sys Wed Aug 04 07:04:11 2004 (41107C5B)
f66eb000 f671e000 ctoss2k ctoss2k.sys Fri Aug 11 07:45:23 2006 (44DC2783)
f671e000 f6797f80 ctaud2k ctaud2k.sys Fri Aug 11 07:45:37 2006 (44DC2791)
f6798000 f6898180 VMHybrid VMHybrid.sys Wed Mar 15 07:10:01 2006 (4417BDC9)
f6899000 f68bb680 ks ks.sys Wed Aug 04 07:15:20 2004 (41107EF8)
f68bc000 f68df980 portcls portcls.sys Wed Aug 04 07:15:47 2004 (41107F13)
f68e0000 f6b10f40 ALCXWDM ALCXWDM.SYS Wed Nov 17 11:05:29 2004 (419B3079)
f6b11000 f6b33e80 USBPORT USBPORT.SYS Wed Aug 04 07:08:34 2004 (41107D62)
f6b34000 f6b41000 WDFLDR WDFLDR.SYS Thu Nov 02 08:54:05 2006 (4549B22D)
f6b44000 f6b4cd80 HIDCLASS HIDCLASS.SYS Wed Aug 04 07:08:18 2004 (41107D52)
f6b64000 f6b6c880 Fips Fips.SYS Sat Aug 18 02:31:49 2001 (3B7DC585)
f6ba4000 f6bada20 V2IMount V2IMount.SYS Sat Sep 10 01:43:27 2005 (43222C2F)
f6bc4000 f6bcc700 netbios netbios.sys Wed Aug 04 07:03:19 2004 (41107C27)
f7247000 f724ac80 mssmbios mssmbios.sys Wed Aug 04 07:07:47 2004 (41107D33)
f725f000 f7261580 ndistapi ndistapi.sys Fri Aug 17 21:55:29 2001 (3B7D84C1)
f7263000 f7265980 gameenum gameenum.sys Wed Aug 04 07:08:20 2004 (41107D54)
f7287000 f72a1580 Mup Mup.sys Wed Aug 04 07:15:20 2004 (41107EF8)
f72a2000 f72cea80 NDIS NDIS.sys Wed Aug 04 07:14:27 2004 (41107EC3)
f72cf000 f735b400 Ntfs Ntfs.sys Fri Feb 09 11:10:31 2007 (45CC56A7)
f735c000 f736ef00 WudfPf WudfPf.sys Fri Sep 29 02:55:43 2006 (451C7D1F)
f736f000 f7385780 KSecDD KSecDD.sys Wed Aug 04 06:59:45 2004 (41107B51)
f7386000 f739b460 SymSnap SymSnap.sys Fri Aug 05 19:44:18 2005 (42F3B382)
f739c000 f73adf00 sr sr.sys Wed Aug 04 07:06:22 2004 (41107CDE)
f73ae000 f73cd780 fltMgr fltMgr.sys Mon Aug 21 10:14:57 2006 (44E97991)
f73ce000 f73e4a80 nvata nvata.sys Wed May 18 01:45:07 2005 (428A9013)
f73e5000 f73fc480 atapi atapi.sys Wed Aug 04 06:59:41 2004 (41107B4D)
f73fd000 f741b880 ftdisk ftdisk.sys Fri Aug 17 21:52:41 2001 (3B7D8419)
f741c000 f742ca80 pci pci.sys Wed Aug 04 07:07:45 2004 (41107D31)
f742d000 f745ad80 ACPI ACPI.sys Wed Aug 04 07:07:35 2004 (41107D27)
f755c000 f7564c00 isapnp isapnp.sys Fri Aug 17 21:58:01 2001 (3B7D8559)
f756c000 f757ae80 ohci1394 ohci1394.sys Wed Aug 04 07:10:05 2004 (41107DBD)
f757c000 f7589000 1394BUS 1394BUS.SYS Wed Aug 04 07:10:03 2004 (41107DBB)
f758c000 f7596500 MountMgr MountMgr.sys Wed Aug 04 06:58:29 2004 (41107B05)
f759c000 f75a8c80 VolSnap VolSnap.sys Wed Aug 04 07:00:14 2004 (41107B6E)
f75ac000 f75b4e00 disk disk.sys Wed Aug 04 06:59:53 2004 (41107B59)
f75bc000 f75c8200 CLASSPNP CLASSPNP.SYS Wed Aug 04 07:14:26 2004 (41107EC2)
f75fc000 f7606000 pivot pivot.sys Wed Jan 26 22:55:21 2005 (41F81FD9)
f760c000 f761bd80 serial serial.sys Wed Aug 04 07:15:51 2004 (41107F17)
f761c000 f7628880 rasl2tp rasl2tp.sys Wed Aug 04 07:14:21 2004 (41107EBD)
f762c000 f7636200 raspppoe raspppoe.sys Wed Aug 04 07:05:06 2004 (41107C92)
f763c000 f7647d00 raspptp raspptp.sys Wed Aug 04 07:14:26 2004 (41107EC2)
f764c000 f765a000 AmdK8 AmdK8.sys Mon Mar 07 21:58:10 2005 (422CCE72)
f765c000 f766ab80 drmk drmk.sys Wed Aug 04 07:07:54 2004 (41107D3A)
f766c000 f7678180 cdrom cdrom.sys Wed Aug 04 06:59:52 2004 (41107B58)
f767c000 f768a080 redbook redbook.sys Wed Aug 04 06:59:34 2004 (41107B46)
f768c000 f7696380 imapi imapi.sys Wed Aug 04 07:00:12 2004 (41107B6C)
f76ec000 f76fb180 nic1394 nic1394.sys Wed Aug 04 06:58:28 2004 (41107B04)
f76fc000 f770b900 Cdfs Cdfs.SYS Wed Aug 04 07:14:09 2004 (41107EB1)
f77dc000 f77e2200 PCIIDEX PCIIDEX.SYS Wed Aug 04 06:59:40 2004 (41107B4C)
f77e4000 f77e8900 PartMgr PartMgr.sys Sat Aug 18 02:32:23 2001 (3B7DC5A7)
f77ec000 f77f0de0 PxHelp20 PxHelp20.sys Fri Sep 24 01:24:24 2004 (41536938)
f77fc000 f7800880 TDI TDI.SYS Wed Aug 04 07:07:47 2004 (41107D33)
f7804000 f780aa60 ULCDRHlp ULCDRHlp.sys Fri Jun 04 03:02:39 2004 (40BFD83F)
f780c000 f7810580 ptilink ptilink.sys Fri Aug 17 21:49:53 2001 (3B7D8371)
f7814000 f7819300 pfc pfc.sys Sat Sep 20 00:45:46 2003 (3F6B952A)
f781c000 f7823000 GearAspiWDM GearAspiWDM.SYS Wed Feb 02 05:19:49 2005 (420062F5)
f7824000 f7828080 raspti raspti.sys Fri Aug 17 21:55:32 2001 (3B7D84C4)
f7844000 f784a000 kbdclass kbdclass.sys Wed Aug 04 06:58:32 2004 (41107B08)
f784c000 f7851a00 mouclass mouclass.sys Wed Aug 04 06:58:32 2004 (41107B08)
f785c000 f7862700 LMouFilt LMouFilt.Sys Tue Jan 23 23:40:57 2007 (45B69D09)
f78a4000 f78aa780 USBSTOR USBSTOR.SYS Wed Aug 04 07:08:44 2004 (41107D6C)
f78b4000 f78b9080 SYMREDRV SYMREDRV.SYS Sat Sep 02 20:16:55 2006 (44F9D8A7)
f78bc000 f78c2c00 LHidFilt LHidFilt.Sys Tue Jan 23 23:40:54 2007 (45B69D06)
f78f4000 f78fc000 ctprxy2k ctprxy2k.sys Fri Aug 11 07:45:39 2006 (44DC2793)
f7914000 f7919000 flpydisk flpydisk.sys Wed Aug 04 06:59:24 2004 (41107B3C)
f7924000 f792a180 HIDPARSE HIDPARSE.SYS Wed Aug 04 07:08:15 2004 (41107D4F)
f792c000 f7931200 vga vga.sys Wed Aug 04 07:07:06 2004 (41107D0A)
f7934000 f7938a80 Msfs Msfs.SYS Wed Aug 04 07:00:37 2004 (41107B85)
f793c000 f7943880 Npfs Npfs.SYS Wed Aug 04 07:00:38 2004 (41107B86)
f7954000 f7955000 fdc fdc.sys unavailable (00000000)
f795c000 f7960280 usbohci usbohci.sys Wed Aug 04 07:08:34 2004 (41107D62)
f7964000 f796a800 usbehci usbehci.sys Wed Aug 04 07:08:34 2004 (41107D62)
f796c000 f796f000 BOOTVID BOOTVID.dll Fri Aug 17 21:49:09 2001 (3B7D8345)
f79f8000 f79fb280 nvnetbus nvnetbus.sys Wed Apr 06 11:22:28 2005 (4253B864)
f7a00000 f7a02900 Dxapi Dxapi.sys Fri Aug 17 21:53:19 2001 (3B7D843F)
f7a08000 f7a0a580 hidusb hidusb.sys Fri Aug 17 22:02:16 2001 (3B7D8658)
f7a34000 f7a36e00 BdaSup BdaSup.SYS Wed Aug 04 07:10:11 2004 (41107DC3)
f7a58000 f7a5bc80 serenum serenum.sys Wed Aug 04 06:59:06 2004 (41107B2A)
f7a5c000 f7a5db80 kdcom kdcom.dll Fri Aug 17 21:49:10 2001 (3B7D8346)
f7a5e000 f7a5f100 WMILIB WMILIB.SYS Fri Aug 17 22:07:23 2001 (3B7D878B)
f7a68000 f7a69f00 Fs_Rec Fs_Rec.SYS Fri Aug 17 21:49:37 2001 (3B7D8361)
f7a6a000 f7a6b080 Beep Beep.SYS Fri Aug 17 21:47:33 2001 (3B7D82E5)
f7a6c000 f7a6d080 mnmdd mnmdd.SYS Fri Aug 17 21:57:28 2001 (3B7D8538)
f7a6e000 f7a6f080 RDPCDD RDPCDD.sys Fri Aug 17 21:46:56 2001 (3B7D82C0)
f7a76000 f7a77800 SYMDNS SYMDNS.SYS Sat Sep 02 20:16:53 2006 (44F9D8A5)
f7a86000 f7a87440 AsIO AsIO.sys Wed Dec 21 08:55:21 2005 (43A91879)
f7a96000 f7a97100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 22:07:23 2001 (3B7D878B)
f7aee000 f7aefa80 ParVdm ParVdm.SYS Fri Aug 17 21:49:49 2001 (3B7D836D)
f7b02000 f7b03420 ASACPI ASACPI.sys Fri Aug 13 03:52:52 2004 (411C2D04)
f7b04000 f7b05100 swenum swenum.sys Wed Aug 04 06:58:41 2004 (41107B11)
f7b06000 f7b07280 USBD USBD.SYS Fri Aug 17 22:02:58 2001 (3B7D8682)
f7b24000 f7b24d00 pciide pciide.sys Fri Aug 17 21:51:49 2001 (3B7D83E5)
f7b98000 f7b98b80 msmpu401 msmpu401.sys Fri Aug 17 21:59:59 2001 (3B7D85CF)
f7b99000 f7b99c00 audstub audstub.sys Fri Aug 17 21:59:40 2001 (3B7D85BC)
f7b9a000 f7b9ae80 LBeepKE LBeepKE.sys Fri Jun 30 08:53:42 2006 (44A4D886)
f7c19000 f7c19b80 Null Null.SYS Fri Aug 17 21:47:39 2001 (3B7D82EB)
f7cac000 f7caca80 PQNTDrv PQNTDrv.SYS Thu May 06 04:48:39 2004 (4099B597)

Unloaded modules:
f6bb4000 f6bbd000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f4fd5000 f4fd9000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f791c000 f7921000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

Can anyone help sort this out or am I going to have to wipe the drive and reinstall everything. Any thoughts will be gratefully received. Thanks,

Dave

Your hard drive is indicating Dirty Bits. From start/Run... type: cmd

Then type:

fsutil dirty query C:

If that comes back dirty then type:

chkdsk /f

You will be told the volume is in use do you want to run chkdsk on next boot? Type Y and reboot.

Thanks for the response. I am at work at the moment but will try as soon as I get home this evening.

Hi I went home early! I have tried what you suggested and it came came back as drive not dirty. Therefore I didn't run chkdsk.

Dave

I'd suggest running it anyway. Can't hurt: might help.

That dump's caused by registry corruption. Check the event viewer for event id 1517 for software hive corruption, otherwise you're looking at a hardware problem.

BugCheck 1000008E, {c0000005, 8062c26b, b9f5099c, 0}
Probably caused by : ntkrnlpa.exe ( nt!HvpGetCellMapped+5f ) <-- registry corruption.

I have run chkdsk /f and it came up with problems which it states it fixed. Under verifying files it said "deleting corrupt attribute record (128, " ") from file record segment 60462. Under verifying record it went to quickly for me to write anything down but remember that it said "recovering lost files" and saw about 3 files. But then it just booted up normally.

Now when I go into the event viewer, under Application, I get a warning with Source: userenv.dll and Event ID 1517. The message reads,

Windows saved user STUDY-PC\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Under security in event viewer I am still getting Failure Audit, with category account logon and event ID 680

Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: David
Source Workstation: STUDY-PC
Error Code: 0xC000006A


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and also with category logon/logoff and event ID 529

Logon Failure:
Reason: Unknown user name or bad password
User Name: David
Domain: STUDY-PC
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: STUDY-PC

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp..

Under System in Event Viewer I get an error with Source: Service Control Manager and Event ID 7000,

The Ulead Burning Helper service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I am not sure what if any of these are significant, but certainly when I checked the microsoft website it states to ignore the Event ID 1517 as it is normal. I do not understand why I am getting the logon error, as I seem to get into my account OK just now. Any further thoughts gratefully received.

Download and install the hive cleanup service from the link below. If it continues to crash from registry corruption then it could be the HDD failing.

http://www.microsoft.com/downloads/d...displaylang=en

OK thanks for all your help. I have downloaded the file. I did wonder if it was my hard drive failing. I will see how the PC behaves over the next few days, although the updates I have done today seem to have gone OK. Once again thanks for the help.