PDA

View Full Version : Myst 4 Start-Up Problem & Temporary Fix



MystNomad
01-03-2005, 12:27 AM
Sorry of this post looks messed up. The message
windows are SO small & clip everything.

Have tried un-patched as well as 1.01 & 1.02. And tried the safedisk file listed on forums. And tried the No??? patch listed for a while on UBI's site. Wich we are not supposed to name. Full install http://forums.ubi.com/images/smilies/cry.gif .

Game will not start or even try starting for more than 4 seconds unless run with below program & 1 setting checked.


MS Application Verifier 2.50
------------------------------
(Part of Windows Application Compatibility Toolkit)
MS Application Compatibility Toolkit (http://www.microsoft.com/windows/appcompatibility/default.mspx)


setting = "DFWChecksAll - Checks system usage
for all application types (1.2)"

* Must be checked or game will not start. *

Other options are not needed to start game.
But when selected they do show application compatibility errors.

Otherwise game runs fine after start.
Although have not even played for more than 15 minutes. Got tired of trying to find the error. And I believe im getting a bit of Video distortion from running with debug on.

The Demo ran just FINE BTW.

Would love help in creating at least a temporary WinXP Compatibilty setting file untill a patch fixes this.


System: MPC Transport X3000
Win XP Pro (all up to date)
Pentium M 1.7 (newer version)
512MB Ram
Samsung CDRW/DVD SM308B Combo
(works with double layer fine)
ATI 9700 Mobile 128MB
(the so called 9600 Enhanced version)
(Latest ATI version & OEM & Omega do same thing)
External Logitech KeyBoard & Mouse
USB Sound Blaster Audigy 2 NX
DirectX 9C latest sdk update applied

http://forums.ubi.com/images/smilies/cry.gif

Next list is the Errors that show up if I select
most of the list of compatibility checks in Application Verifier

<UL TYPE=SQUARE>
# LOG_BEGIN 1/2/2005 22:24:01 'C:\games\Myst4\bin\Myst4.exe'

'C:\Documents and Settings\All

Users\Documents\AppVerifierLogs\Myst41.log'
# SHIM_BEGIN DFWChecksAll 2
# LOGENTRY DFWChecksAll 0 'Do not attempt to replace files

that are protected by Windows File Protection
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 2.1. The application

attempted to modify, rename, move, replace, or delete a file

which is protected by Windows. Changes to protected files can

cause version conflicts and operating system instability.

Protected files are the core of the operating system and it is

essential for operating system stability that the proper

versions be maintained. Before modifying a file not created by

the application, ensure that the SfcIsFileProtected API is

called.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/wfp/wfp_3fl0.asp
# LOGENTRY DFWChecksAll 1 'Perform Windows version checking

correctly
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 1.4. The application

called the GetVersion or GetVersionEx API to obtain the

version of Windows. The version reporting for this API is for

informational purposes only. If the application does not

install or function properly, investigate if it correctly

handles future versions of Windows. Also, check any areas in

the code where GetVersion or GetVersionEx is used.
# DESCRIPTION END
# SHIM_BEGIN DFWChecksNonSetup 4
# LOGENTRY DFWChecksNonSetup 0 'Application should write user

created data to My Documents.
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 3.1. The application

wrote user created data to a location other than the My

Documents folder. The My Documents folder has many benefits

which include all users (including those with restricted

account types) have write access to this location and users

have a familiar place to organize and store all their data.

Use the SHGetFolderPath API call to obtain a users My

Documents directory.
# DESCRIPTION END
# LOGENTRY DFWChecksNonSetup 1 'Application should write to

the appropriate locations in a user's profile.
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 3.2. The application

wrote user profile information to a location other than the

HKEY_CURRENT_USER Registry area. Configure the application to

write user profile information to the HKEY_CURRENT_USER

Registry area only.
# DESCRIPTION END
# LOGENTRY DFWChecksNonSetup 2 'Application should not write

file data to inappropriate places
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 3.2. The application

wrote application or user information to an unapproved file

location. Use the SHGetFolderPath API to obtain the My

Documents, Application Data, Local Application Data, or Common

Application Data directories. These directories are

appropriate locations for files created by an application.
# DESCRIPTION END
# LOGENTRY DFWChecksNonSetup 3 'Limited users should not write

to certain subsections of HKCU
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 3.4. Limited users

should not write to \Software\Policies or

\Software\Microsoft\Windows\CurrentVersion\Policie s. These

keys are for group policy objects that should be enabled or

disabled through the Group Policy Editor. During runtime, an

application should write data to the appropriate areas: HKCU,

My Documents directory, and the CSIDL_COMMON_APPDATA and

CSIDL_COMMON_DOCUMENTS folders. For directories, use the

SHGetFolderPath API to appropriately get the folder location.
# DESCRIPTION END
# SHIM_BEGIN DFWChecksSetup 5
# LOGENTRY DFWChecksSetup 0 'Application should install files

to Program Files directory
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 2.5 & 2.6. The

application wrote a file to an area other than the Program

Files directory. According to the Designed for Windows XP

Application Specification, any files not placed in the Program

Files directory must be documented. Use the SHGetFolderPath

API to obtain the Program Files directory, and then document

any files written outside of this directory.
# DESCRIPTION END
# LOGENTRY DFWChecksSetup 1 'Application binaries must have

valid file version information
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 2.3. The application

installed a binary file without valid file version

information. Correct file version information has several

benefits, including making it easier to meet the requirement

of not overwriting files with older versions. The Product

Name, Company Name, and File version of an executable should

be should be contained in its version resource. Edit and

recompile the resource file for this binary to include the

required information.
# DESCRIPTION END
# LOGENTRY DFWChecksSetup 2 'Application binaries should not

be replaced by an older version
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 2.3. The application

overwrote a newer binary file with an older version of that

file. An application should not regress any files that you do

not produce or that are shared by applications you do not

produce. Perform version checks on binary files using the

VerInstall API.
# DESCRIPTION END
# LOGENTRY DFWChecksSetup 3 'At installation time, an

application should not write to HKCU.
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 2.8. The application

wrote to the HKEY_CURRENT_USER area of the Registry. Writing

to this area of the Registry at installation time prevents the

information from being available to all users. Configure the

application to write to the HKEY_LOCAL_MACHINE area of the

Registry or an All Users data directory.
# DESCRIPTION END
# SHIM_BEGIN InteractiveServices 8
# LOGENTRY InteractiveServices 0 'Ran as an Interactive

Service under LocalSystem
# DESCRIPTION BEGIN
The application ran as an Interactive Service under the

LocalSystem account giving it system-level security rights.

This can be a serious security hazard, as Interactive Services

can be hi-jacked to give a user escalated security privileges.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 1 'Created an Interactive

Service
# DESCRIPTION BEGIN
The application created an Interactive Service using

CreateService. This can be a serious security hazard, as

Interactive Services can be hi-jacked to give a user escalated

security privileges.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 2 'Sent a UI to the interactive

desktop
# DESCRIPTION BEGIN
The application used messageBox to send a notification to the

interactive desktop. This could be a serious security hazard,

as GUI widgets from accounts with a hugh security level (such

as LocalSystem) can be manipulated to execute code at an

elevated security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 3 'Sent a UI to the interactive

desktop.
# DESCRIPTION BEGIN
The application used MessageBoxEx to send a notification to

the interactive desktop. This can be a serious security

hazard because GUI widgets from accounts with a high security

level (such as LocalSystem) can be manipulated to execute code

at an elevated security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 4 'Opened active desktop on the

interactive window station
# DESCRIPTION BEGIN
The application opened the interactive desktop (on the

interactive window station) in an attempt to send a UI to it.

This can be a serious security hazard, as GUI widgets from

accounts with a high security level (such as LocalSystem) can

be manipulated to execute code at an elevated security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 5 'Opened active desktop on the

interactive window station
# DESCRIPTION BEGIN
The application opened the interactive desktop (on the

interactive window station) in an attempt to send a UI to it.

This can be a serious security hazard, as GUI widgets from

accounts with a high security level (such as LocalSystem) can

be manipulated to execute code at an elevated security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 6 'Opened active desktop on the

interactive window station.
# DESCRIPTION BEGIN
The application opened the interactive desktop (on the

interactive window station) in an attempt to send a UI to it.

This can be a serious security hazard, as GUI widgets from

accounts with a high security level (such as LocalSystem) can

be manipulated to execute code at an elevated security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 7 'Accessed the address of

OpenDesktop
# DESCRIPTION BEGIN
The application used GetProcAddress to retreive the address of

OpenDesktop. This can be a serious security hazard, as GUI

widgets from accounts with a high security level (such as

LocalSystem) can be manipulated to execute code at an elevated

security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# SHIM_BEGIN MISCPROGRAMMINGERRORS 8
# LOGENTRY MISCPROGRAMMINGERRORS 0 'Used the Desktop as the

parent window when the CreateWindow(Ex) API was called.
# DESCRIPTION BEGIN
When calling the CreateWindow/Ex API, the application used the

Desktop as the parent window. This can cause Windows to become

unstable. Set the parent window to a valid window or a NULL

value.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 1 'Called the SetTimer API

without a parent window or callback function.
# DESCRIPTION BEGIN
The application called the SetTimer API without a parent

window or callback function. This creates a timer message

without the necessary parameters for starting and stopping,

which will consume operating system resources. Set the

SetTimer API with a parent window or callback function.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 2 'Called the

GetDiskFreeSpace API.
# DESCRIPTION BEGIN
To test if the application ignores the high 32 bits, the

return value from the GetDiskFreeSpace API has been changed so

that the lower 32 bits are zero. If the application displays

an error message indicating there is insufficient disk space,

there is a bug with the usage of this API. Check that the

application uses the full 64-bit number and does not truncate

the number to 32 bits.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 3 'Called the

GetDiskFreeSpaceEx API.
# DESCRIPTION BEGIN
To test if the application ignores the high 32 bits, the

return value from the GetDiskFreeSpace API has been changed so

that the lower 32 bits are zero. If the application displays

an error message indicating there is insufficient disk space,

there is a bug with the usage of this API. Check that the

application uses the full 64-bit number and does not truncate

the number to 32 bits.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 4 'Called the

GetDiskFreeSpace API.
# DESCRIPTION BEGIN
The GetDiskFreeSpace function cannot report volume sizes that

are greater than 2 GB. To ensure that your application works

with large capacity hard drives, use the GetDiskFreeSpaceEx

function.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 5 'Called an API to broadcast

a WM_COMMAND message.
# DESCRIPTION BEGIN
The application called an API to broadcast a WM_COMMAND

message to all top-level windows. This has the potential to

crash any application that is running that receives this

message.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 6 'Called the PulseEvent API.
# DESCRIPTION BEGIN
A thread waiting on a synchronization object can be removed

from the wait state momentarily due to a kernel-mode APC, and

then returned to the wait state after the APC is complete.

If

the call to PulseEvent occurs while the thread has been

momentarily taken out of the wait state and before it is

returned to the wait state, it will not be released by

PulseEvent because PulseEvent releases only threads that are

waiting at the moment it is called.

Since there is no way to

detect that this has occurred, PulseEvent is unreliable and

should not be used.

It exists solely for backwards

compatibility with older programs.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 7 'A window owned by the

closing module was still open when FreeLibrary was called.
# DESCRIPTION BEGIN
A window owned by the closing module was still open when

FreeLibrary was called. A module should not have any windows

open when it is unloaded. Make sure that you destroy any

windows owned by a module before you unload the module using

FreeLibrary.
# DESCRIPTION END
# SHIM_BEGIN SecurityChecks 29
# LOGENTRY SecurityChecks 0 'Called an API and passed

arguments that may lead to security issues.
# DESCRIPTION BEGIN
The lpApplicationName argument is NULL, lpCommandLine has

spaces, and the exe name is not in quotes.
# DESCRIPTION END
# LOGENTRY SecurityChecks 1 'Called an API that should not be

used due to potential security issues.
# DESCRIPTION BEGIN
The application called an API that should not be used due to

potential security issues. Use the more secure API,

CreateProcess or CreateProcessAsUser.
# DESCRIPTION END
# LOGENTRY SecurityChecks 2 'Set a dangerous security

descriptor.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

an excessively permissive security descriptor. Depending on

the permissions granted (detailed in the log entry), an

unauthorized user could perform illegitimate actions on the

object (for example, delete it). This could disrupt

application operation in different ways, depending on the

permissions granted and what they mean for the object in

question.
# DESCRIPTION END
# LOGENTRY SecurityChecks 3 'Set a questionable security

descriptor.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

a security descriptor that is potentially questionable for the

reasons detailed within the log entry. This is a notice that

security problems MAY exist with the object in question.
# DESCRIPTION END
# LOGENTRY SecurityChecks 4 'Unable to verify security.
# DESCRIPTION BEGIN
The verifier was unable to determine the security status of a

call to this API. The log entries detail the specific

reason(s).
# DESCRIPTION END
# LOGENTRY SecurityChecks 5 'Supplied a questionable SID.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security that included a SID (Security Identifier) that is

prone to abuse, misuse, or other programming errors. The

SID's usage in the security descriptor should be reviewed for

correctness. This message means that security problems MAY

exist with the object in question.
# DESCRIPTION END
# LOGENTRY SecurityChecks 6 'Supplied an unknown SID.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security that included a SID (Security Identifier) not known

to the verifier. If the SID is not well-known, then the

Verifier cannot judge its trustworthiness.
# DESCRIPTION END
# LOGENTRY SecurityChecks 7 'Supplied an invalid access mask.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security that included a descretionary access control list

(DACL) granting permission bits unknown to the verifier.

These bits (listed in the entry) should be reviewed to

determine if they are actually valid (e.g. newer than the

Verifier). If the bits are valid, the entry in the DACL

should be checked to see if it is safe to grant those bits to

the entity listed. If the bits are NOT currently valid, then

the object presents a possible security risk because future

implementations may render those bits valid, giving the listed

principal more power than the implementor intended.
# DESCRIPTION END
# LOGENTRY SecurityChecks 8 'Supplied a possibly-untrustworthy

owner for the object.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security descriptor specified an owner who may or may not be

fully trusted. Any object's owner is automatically granted

the ability to change the security permissions on that object

(WRITE_DAC). The owner (listed in the message) should be

reviewed to determine if this is safe. If this object is only

to be accessed by the owner, then this message can be ignored.

This message means that security problems MAY exist with the

object in question.
# DESCRIPTION END
# LOGENTRY SecurityChecks 9 'Supplied an unknown owner.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security that specified an owner whose SID could not be

resolved. The owner (listed in the message) should be

reviewed to determine why it cannot be resolved. This message

probably does not represent a security hole, but may be the

result of a programming error.
# DESCRIPTION END
# LOGENTRY SecurityChecks 10 'Supplied an untrustworthy owner

for the object.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security that specified an owner who is not trustworthy. Any

object's owner is automatically granted the ability to change

the security permissions on that object (WRITE_DAC). The

owner (listed in the message) should be changed.
# DESCRIPTION END
# LOGENTRY SecurityChecks 11 'Moved a file to a location where

it inherits dangerous access permissions.
# DESCRIPTION BEGIN
The application moved a file to a different volume and placed

it in a location where it inherits dangerous access

permissions. The application should explicitly set the

security attributes for the new file, since the MoveFile APIs

do not copy the security attributes of the original file when

called with the MOVEFILE_COPY_ALLOWED flag.
# DESCRIPTION END
# LOGENTRY SecurityChecks 12 'Copied a file to a location

where it inherits dangerous access permissions.
# DESCRIPTION BEGIN
The application copied a file to a different volume and placed

it in a location where it inherits dangerous access

permissions. The application should explicitly set the

security attributes for the new file, since the CopyFile APIs

do not copy the security attributes of the original file.
# DESCRIPTION END
# LOGENTRY SecurityChecks 13 'Called setsockopt with options

that are susceptible to hijacking.
# DESCRIPTION BEGIN
The application did not set the SO_EXCLUSIVEADDRUSE flag in

the setsockopt API. Doing so prevents unwanted hosts using

SO_REUSEADDR from binding onto a port and hijacking the host.
# DESCRIPTION END
# LOGENTRY SecurityChecks 14 'Called an API that should not be

used due to potential security issues.
# DESCRIPTION BEGIN
The application called the insecure API gets. Consider using

fgets or ReadConsole instead.
# DESCRIPTION END
# LOGENTRY SecurityChecks 15 'Called an API that should not be

used due to potential security issues.
# DESCRIPTION BEGIN
The application called the insecure API _getws. Consider using

fgetws or ReadConsole instead.
# DESCRIPTION END
# LOGENTRY SecurityChecks 16 'Attempted to impersonate without

the Impersonation privilege
# DESCRIPTION BEGIN
The application called an API that generatlly requires

SeImpersonatePrivilege, but the application does not possess

that privilege. Without this privilege, the application may

be unable to access many system objects, except in cases where

it impersonates itself. If you're seeing this message, then

the application may be (falsely) assuming it can perform

operations and access local objects on behalf of authenticated

callers. If the impersonation requests are being denied, the

application is likely to see ACCESS_DENIED errors.
# DESCRIPTION END
# LOGENTRY SecurityChecks 17 'Possessed a dangerous privilege

(server only)
# DESCRIPTION BEGIN
The application possessed one or more privileges that it may

not have actually needed. If the application can be subverted

(via other security holes), then these privileges could be

used by an attacker to gain additional footing within the

system. To determine whether this warning applies to your

application, check to see if any of the privileges can be

safely expunged from the process token (by calling

AdjustTokenPrivileges with the SE_PRIVILEGE_REMOVED bit on

WinXP+).
# DESCRIPTION END
# LOGENTRY SecurityChecks 18 'Accessed an object with a

dangerous security descriptor.
# DESCRIPTION BEGIN
The application accessed an object (file, registry key, etc.)

with an excessively permissive security descriptor. Depending

on the permissions granted (detailed in the log entry), an

unauthorized user could perform illegitimate actions on the

object (for example, delete it). This could disrupt

application operation in different ways, depending on the

permissions granted and what they mean for the object in

question. The object may have been created by another

application-- this message means that the infrastructure on

which this application is built probably has security issues.

The entity responsible for setting the security of the object

should be identified and informed of the problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 19 'Accessed an object with a

questionable security descriptor.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security descriptor is potentially questionable for the

reasons detailed within the log entry. The object may have

been created by another application-- this message means that

the infrastructure on which this application is built MAY have

security issues. The entity responsible for setting the

security of the object should be identified and informed of

the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 20 'Accessed an object granting

permission to a questionable SID.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security included a SID (Security Identifier) that is

prone to abuse, misuse, or other programming errors. The

SID's usage in the security descriptor should be reviewed for

correctness. The object may have been created by another

application-- this message means that the infrastructure on

which this application is built MAY have security issues. The

entity responsible for setting the security of the object

should be identified and informed of the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 21 'Accessed an object granting

permission to an unknown SID.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security included a SID (Security Identifier) not known

to the verifier. If the SID is not well-known, then the

Verifier cannot judge its trustworthiness. The object may have

been created by another application-- this message means that

the infrastructure on which this application is built MAY have

security issues. The entity responsible for setting the

security of the object should be identified and informed of

the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 22 'Accessed an object granting

invalid access.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security included a descretionary access control list

(DACL) granting permission bits unknown to the verifier.

These bits (listed in the entry) should be reviewed to

determine if they are actually valid (e.g. newer than the

Verifier). If the bits are valid, the entry in the DACL

should be checked to see if it is safe to grant those bits to

the entity listed. If the bits are NOT currently valid, then

the object presents a possible security risk because future

implementations may render those bits valid, giving the listed

principal more power than the implementor intended. The object

may have been created by another application-- this message

means that the infrastructure on which this application is

built probably will have security issues. The entity

responsible for setting the security of the object should be

identified and informed of the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 23 'Accessed an object whose owner

may be untrustworthy.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security descriptor specified an owner who may or may

not be fully trusted. Any object's owner is automatically

granted the ability to change the security permissions on that

object (WRITE_DAC). The owner (listed in the message) should

be reviewed to determine if this is safe. If this object is

only to be accessed by the owner, then this message can be

ignored. The object may have been created by another

application-- this message means that the infrastructure on

which this application is built MAY have security issues. The

entity responsible for setting the security of the object

should be identified and informed of the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 24 'Accessed an object whose owner

could not be validated.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security descriptor specified an owner whose SID could

not be resolved. The owner (listed in the message) should be

reviewed to determine why it cannot be resolved. The object

may have been created by another application. The entity

responsible for setting the security of the object should be

identified and informed of the potential problem. This

message probably does not represent a security hole, but may

be the result of a programming error.
# DESCRIPTION END
# LOGENTRY SecurityChecks 25 'Accessed an object whose owner

should not be trusted.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security descriptor specified an owner who is not

trustworthy. Any object's owner is automatically granted the

ability to change the security permissions on that object

(WRITE_DAC). The owner (listed in the message) should be

changed. The object may have been created by another

application-- this message means that the infrastructure on

which this application is built PROBABLY has security issues.

The entity responsible for setting the security of the object

should be identified and informed of the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 26 'Security Information for objects

that have been flagged by SecurityChecks
# DESCRIPTION BEGIN
Each entry in this log is for an object that SecurityChecks

flagged as dangerous or questionable. The individual messages

list the object name and its security descriptor in SDDL

format. These messages are provided to help track down errors

found elsewhere in the log.
# DESCRIPTION END
# LOGENTRY SecurityChecks 27 'Called an API that doesn't

support impersonation while impersonating
# DESCRIPTION BEGIN
The application called an API that does not support

impersonation while impersonating. Although the API may

succeed, the object created by the API may not have the

Security Descriptor that the programmer intended.
# DESCRIPTION END
# LOGENTRY SecurityChecks 28 'Opened an object for too much

access
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

for a suspicious set of access permissions-- usually all

possible access permissions. It is very unlikely that the

application actually intends to use all of these access bits.

Opening an object for too much access makes it difficult to

distinguish legitimate access (by auditing the Security Log)

from attack activity. Further, it makes it difficult to

restrict the security of the object in future implementations

of the given software without damaging application

compatibility. To fix this, determine what access the

application really needs on the object and change the given

API call to request only those permissions.
# DESCRIPTION END
# SHIM_BEGIN KernelModeDriverInstall 2
# LOGENTRY KernelModeDriverInstall 0 'Installed a kernel-mode

driver.
# DESCRIPTION BEGIN
The application installed a kernel-mode driver. To properly

install kernel-mode drivers, applications should use the

CreateService API.
# DESCRIPTION END
# LOGENTRY KernelModeDriverInstall 1 'Installed a file system

filter driver that executes in kernel-mode.
# DESCRIPTION BEGIN
The application installed a file system filter driver that

executes in kernel-mode. To properly install kernel-mode

drivers, applications should use the CreateService API.
# DESCRIPTION END
# SHIM_BEGIN ObsoleteAPICalls 1
# LOGENTRY ObsoleteAPICalls 0 'Called an obsolete API.
# DESCRIPTION BEGIN
The application called an obsolete API. Applications should

not call obsolete APIs. Find and use current APIs instead.
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink/?linkid=5610
# SHIM_BEGIN DXFileVersionInfo 1
# LOGENTRY DXFileVersionInfo 0 'Performed a version check on

DirectX files.
# DESCRIPTION BEGIN
The application attempted to get version information directly

from DirectX files. Applications should not try to detect

DirectX version information, but should instead attempt to

install the DirectX version with which the application is

compatible. For more information, see the DirectX SDK.
# DESCRIPTION END
# SHIM_BEGIN RegistryChecks 18
# LOGENTRY RegistryChecks 0 'Read from Current User Registry

Key: Console.
# DESCRIPTION BEGIN
The application read from Current User Registry Key: Console.

It should not read this area of the registry directly for

console information. Registry keys change with each version of

Windows. To guarantee compatibility, use the correct API

calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 1 'Read from Current User Registry

Key: ControlPanel.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

ControlPanel. It should not read this area of the registry

directly for Control Panel information. Registry keys change

with each version of Windows. To guarantee compatibility, use

the correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 2 'Read from Current User Registry

Key: Environment.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

Environment. It should not read from this area of the registry

directly for environment information. Registry keys change

with each version of Windows. To guarantee compatibility, use

the correct API call: getenv()
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink?linkid=392
# LOGENTRY RegistryChecks 3 'Read from Current User Registry

Key: Identities.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

Identities. It should not read from this area of the registry

directly for user information. Registry keys change with each

version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 4 'Read from Current User Registry

Key: KeyboardLayout.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

KeyboardLayout. It should not read from this area of the

registry directly for keyboard information. Registry keys

change with each version of Windows. To guarantee

compatibility, use the correct API call: GetKeyboardLayout()
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink?linkid=393
# LOGENTRY RegistryChecks 5 'Read from Current User Registry

Key: Printers.
# DESCRIPTION BEGIN
The application read from Current User Registry Key: Printers.

It should not read from this area of the registry directly for

system information. Registry keys change with each version of

Windows. To guarantee compatibility, use the correct API

calls: GetPrinter() and GetPrinterData()
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink?linkid=394
# LOGENTRY RegistryChecks 6 'Read from Current User Registry

Key: RemoteAccess.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

RemoteAccess. It should not read from this area of the

registry directly for remote access service information.

Registry keys change with each version of Windows. To

guarantee compatibility, use the correct API calls.
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink?linkid=395
# LOGENTRY RegistryChecks 7 'Read from Current User Registry

Key: SessionInformation.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

SessionInformation. It should not read this area of the

registry directly for session information. Registry keys

change with each version of Windows. To guarantee

compatibility, use the correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 8 'Read from Current User Registry

Key: UNICODEProgramGroups.
# DESCRIPTION BEGIN
The application from Current User Registry Key:

UNICODEProgramGroups. It should not read this area of the

registry directly for program group information. Registry keys

change with each version of Windows. To guarantee

compatibility, use the correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 9 'Read from Current User Registry

Key: VolatileEnvironment.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

VolatileEnvironment. It should not read this area of the

registry directly for information. Registry keys change with

each version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 10 'Read from Current User Registry

Key: Windows31MigrationStatus.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

Windows31MigrationStatus. It should not read this area of the

registry directly for information. Registry keys change with

each version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 11 'Read from Local Machine Registry

Key: Hardware.
# DESCRIPTION BEGIN
The application read from Local Machine Registry Key:

Hardware. It should not read this area of the registry

directly for hardware information. Registry keys change with

each version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 12 'Read from Local Machine Registry

Key: SAM.
# DESCRIPTION BEGIN
The application read from Local Machine Registry Key: SAM. It

should not read this area of the registry directly for

security-related information. Registry keys change with each

version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 13 'Read from Local Machine Registry

Key: Security.
# DESCRIPTION BEGIN
The application read from Local Machine Registry Key:

Security. It should not read this area of the registry

directly for security-related information. Registry keys

change with each version of Windows. To guarantee

compatibility, use the correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 14 'Read from Local Machine Registry

Key: System.
# DESCRIPTION BEGIN
The application read from Local Machine Registry Key: System.

It should not read this area of the registry directly for

system-related information. Registry keys change with each

version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 15 'Read from the

HKEY_CURRENT_CONFIG Registry Key.
# DESCRIPTION BEGIN
The application read from Current Configuration Registry Keys.

It should not read this area of the registry directly for

configuration information. Registry keys change with each

version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 16 'Read from Users Registry Keys.
# DESCRIPTION BEGIN
The application read from Users Registry Keys. It should not

read this area of the registry directly for user-related

information. Registry keys change with each version of

Windows. To guarantee compatibility, use the correct API

calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 17 'Wrote to a non-Current User

Registry Key.
# DESCRIPTION BEGIN
The application wrote to a non-Current User Registry Key.

Applications should store information to the Current User

section of the registry, which allows each user to have their

own saved preferences.
# DESCRIPTION END
# SHIM_BEGIN HighVersionLie 2
# LOGENTRY HighVersionLie 0 'Called the GetVersion API.
# DESCRIPTION BEGIN
The application called the GetVersion API. This is an

informational message; no action is required.
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink/?linkid=5644
# LOGENTRY HighVersionLie 1 'Called the GetVersionEx API.
# DESCRIPTION BEGIN
The application called the GetVersionEx API. This is an

informational message; no action is required.
# DESCRIPTION END
# SHIM_BEGIN FilePaths 9
# LOGENTRY FilePaths 0 'Used a Windows Temp path that was not

obtained using an approved method.
# DESCRIPTION BEGIN
The application used a Windows Temp path that was not obtained

using a method approved by the Designed for Windows Logo

Program. Use the GetTempPath API to locate appropriate storage

for temporary files.
# DESCRIPTION END
# LOGENTRY FilePaths 1 'Used a Windows directory path that was

not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a Windows directory path that was not

obtained using a method approved by the Designed for Windows

Logo Program. Use the correct API function when accessing the

Windows directory path: GetWindowsDirectory()
# DESCRIPTION END
# LOGENTRY FilePaths 2 'Used a System Windows directory path

that was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a System Windows directory path that was

not obtained using a method approved by the Designed for

Windows Logo Program. Use the correct API function when

accessing the Windows System directory path:

GetSystemWindowsDirectory()
# DESCRIPTION END
# LOGENTRY FilePaths 3 'Used a Windows System directory path

that was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a Windows System Directory path that was

not obtained using a method approved by the Designed for

Windows Logo Program. Use the correct API function when

accessing the Windows System directory path:

GetSystemDirectory()
# DESCRIPTION END
# LOGENTRY FilePaths 4 'Used a My Documents directory path

that was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a My Documents directory path that was

not obtained using a method approved by the Designed for

Windows Logo Program. Use the correct API function when

accessing a user's My Documents directory path:

SHGetFolderPath() with CSIDL=CSIDL_PERSONAL
# DESCRIPTION END
# LOGENTRY FilePaths 5 'Used a common programs directory path

that was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a common program directory path that was

not obtained using a method approved by the Designed for

Windows Logo Program. Use the correct API function when

accessing the common programs directory path:

SHGetFolderPath() with CSIDL=CSIDL_COMMON_PROGRAMS.
# DESCRIPTION END
# LOGENTRY FilePaths 6 'Used a common Start menu directory

path that was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a common Start menu directory path that

was not obtained using a method approved by the Designed for

Windows Logo Program. Use the correct API function when

accessing the common Start menu directory path:

SHGetFolderPath() with CSIDL=CSIDL_COMMON_STARTMENU.
# DESCRIPTION END
# LOGENTRY FilePaths 7 'Used a programs directory path that

was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a programs directory path that was not

obtained using a method approved by the Designed for Windows

Logo Program. Use the correct API function when accessing the

programs directory path: SHGetFolderPath() with

CSIDL=CSIDL_PROGRAMS
# DESCRIPTION END
# LOGENTRY FilePaths 8 'Used a Start menu directory path that

was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a Start menu directory path that was not

obtained using a method approved by the Designed for Windows

Logo Program. Use the correct API function when accessing the

start menu directory path: SHGetFolderPath() with

CSIDL=CSIDL_STARTMENU
# DESCRIPTION END
# SHIM_BEGIN LogStartAndStop 2
# LOGENTRY LogStartAndStop 0 'Started.
# DESCRIPTION BEGIN
The application star

MystNomad
01-03-2005, 12:27 AM
Sorry of this post looks messed up. The message
windows are SO small & clip everything.

Have tried un-patched as well as 1.01 & 1.02. And tried the safedisk file listed on forums. And tried the No??? patch listed for a while on UBI's site. Wich we are not supposed to name. Full install http://forums.ubi.com/images/smilies/cry.gif .

Game will not start or even try starting for more than 4 seconds unless run with below program & 1 setting checked.


MS Application Verifier 2.50
------------------------------
(Part of Windows Application Compatibility Toolkit)
MS Application Compatibility Toolkit (http://www.microsoft.com/windows/appcompatibility/default.mspx)


setting = "DFWChecksAll - Checks system usage
for all application types (1.2)"

* Must be checked or game will not start. *

Other options are not needed to start game.
But when selected they do show application compatibility errors.

Otherwise game runs fine after start.
Although have not even played for more than 15 minutes. Got tired of trying to find the error. And I believe im getting a bit of Video distortion from running with debug on.

The Demo ran just FINE BTW.

Would love help in creating at least a temporary WinXP Compatibilty setting file untill a patch fixes this.


System: MPC Transport X3000
Win XP Pro (all up to date)
Pentium M 1.7 (newer version)
512MB Ram
Samsung CDRW/DVD SM308B Combo
(works with double layer fine)
ATI 9700 Mobile 128MB
(the so called 9600 Enhanced version)
(Latest ATI version & OEM & Omega do same thing)
External Logitech KeyBoard & Mouse
USB Sound Blaster Audigy 2 NX
DirectX 9C latest sdk update applied

http://forums.ubi.com/images/smilies/cry.gif

Next list is the Errors that show up if I select
most of the list of compatibility checks in Application Verifier

<UL TYPE=SQUARE>
# LOG_BEGIN 1/2/2005 22:24:01 'C:\games\Myst4\bin\Myst4.exe'

'C:\Documents and Settings\All

Users\Documents\AppVerifierLogs\Myst41.log'
# SHIM_BEGIN DFWChecksAll 2
# LOGENTRY DFWChecksAll 0 'Do not attempt to replace files

that are protected by Windows File Protection
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 2.1. The application

attempted to modify, rename, move, replace, or delete a file

which is protected by Windows. Changes to protected files can

cause version conflicts and operating system instability.

Protected files are the core of the operating system and it is

essential for operating system stability that the proper

versions be maintained. Before modifying a file not created by

the application, ensure that the SfcIsFileProtected API is

called.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/wfp/wfp_3fl0.asp
# LOGENTRY DFWChecksAll 1 'Perform Windows version checking

correctly
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 1.4. The application

called the GetVersion or GetVersionEx API to obtain the

version of Windows. The version reporting for this API is for

informational purposes only. If the application does not

install or function properly, investigate if it correctly

handles future versions of Windows. Also, check any areas in

the code where GetVersion or GetVersionEx is used.
# DESCRIPTION END
# SHIM_BEGIN DFWChecksNonSetup 4
# LOGENTRY DFWChecksNonSetup 0 'Application should write user

created data to My Documents.
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 3.1. The application

wrote user created data to a location other than the My

Documents folder. The My Documents folder has many benefits

which include all users (including those with restricted

account types) have write access to this location and users

have a familiar place to organize and store all their data.

Use the SHGetFolderPath API call to obtain a users My

Documents directory.
# DESCRIPTION END
# LOGENTRY DFWChecksNonSetup 1 'Application should write to

the appropriate locations in a user's profile.
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 3.2. The application

wrote user profile information to a location other than the

HKEY_CURRENT_USER Registry area. Configure the application to

write user profile information to the HKEY_CURRENT_USER

Registry area only.
# DESCRIPTION END
# LOGENTRY DFWChecksNonSetup 2 'Application should not write

file data to inappropriate places
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 3.2. The application

wrote application or user information to an unapproved file

location. Use the SHGetFolderPath API to obtain the My

Documents, Application Data, Local Application Data, or Common

Application Data directories. These directories are

appropriate locations for files created by an application.
# DESCRIPTION END
# LOGENTRY DFWChecksNonSetup 3 'Limited users should not write

to certain subsections of HKCU
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 3.4. Limited users

should not write to \Software\Policies or

\Software\Microsoft\Windows\CurrentVersion\Policie s. These

keys are for group policy objects that should be enabled or

disabled through the Group Policy Editor. During runtime, an

application should write data to the appropriate areas: HKCU,

My Documents directory, and the CSIDL_COMMON_APPDATA and

CSIDL_COMMON_DOCUMENTS folders. For directories, use the

SHGetFolderPath API to appropriately get the folder location.
# DESCRIPTION END
# SHIM_BEGIN DFWChecksSetup 5
# LOGENTRY DFWChecksSetup 0 'Application should install files

to Program Files directory
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 2.5 & 2.6. The

application wrote a file to an area other than the Program

Files directory. According to the Designed for Windows XP

Application Specification, any files not placed in the Program

Files directory must be documented. Use the SHGetFolderPath

API to obtain the Program Files directory, and then document

any files written outside of this directory.
# DESCRIPTION END
# LOGENTRY DFWChecksSetup 1 'Application binaries must have

valid file version information
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 2.3. The application

installed a binary file without valid file version

information. Correct file version information has several

benefits, including making it easier to meet the requirement

of not overwriting files with older versions. The Product

Name, Company Name, and File version of an executable should

be should be contained in its version resource. Edit and

recompile the resource file for this binary to include the

required information.
# DESCRIPTION END
# LOGENTRY DFWChecksSetup 2 'Application binaries should not

be replaced by an older version
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 2.3. The application

overwrote a newer binary file with an older version of that

file. An application should not regress any files that you do

not produce or that are shared by applications you do not

produce. Perform version checks on binary files using the

VerInstall API.
# DESCRIPTION END
# LOGENTRY DFWChecksSetup 3 'At installation time, an

application should not write to HKCU.
# DESCRIPTION BEGIN
Designed for Windows Logo Requirement 2.8. The application

wrote to the HKEY_CURRENT_USER area of the Registry. Writing

to this area of the Registry at installation time prevents the

information from being available to all users. Configure the

application to write to the HKEY_LOCAL_MACHINE area of the

Registry or an All Users data directory.
# DESCRIPTION END
# SHIM_BEGIN InteractiveServices 8
# LOGENTRY InteractiveServices 0 'Ran as an Interactive

Service under LocalSystem
# DESCRIPTION BEGIN
The application ran as an Interactive Service under the

LocalSystem account giving it system-level security rights.

This can be a serious security hazard, as Interactive Services

can be hi-jacked to give a user escalated security privileges.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 1 'Created an Interactive

Service
# DESCRIPTION BEGIN
The application created an Interactive Service using

CreateService. This can be a serious security hazard, as

Interactive Services can be hi-jacked to give a user escalated

security privileges.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 2 'Sent a UI to the interactive

desktop
# DESCRIPTION BEGIN
The application used messageBox to send a notification to the

interactive desktop. This could be a serious security hazard,

as GUI widgets from accounts with a hugh security level (such

as LocalSystem) can be manipulated to execute code at an

elevated security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 3 'Sent a UI to the interactive

desktop.
# DESCRIPTION BEGIN
The application used MessageBoxEx to send a notification to

the interactive desktop. This can be a serious security

hazard because GUI widgets from accounts with a high security

level (such as LocalSystem) can be manipulated to execute code

at an elevated security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 4 'Opened active desktop on the

interactive window station
# DESCRIPTION BEGIN
The application opened the interactive desktop (on the

interactive window station) in an attempt to send a UI to it.

This can be a serious security hazard, as GUI widgets from

accounts with a high security level (such as LocalSystem) can

be manipulated to execute code at an elevated security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 5 'Opened active desktop on the

interactive window station
# DESCRIPTION BEGIN
The application opened the interactive desktop (on the

interactive window station) in an attempt to send a UI to it.

This can be a serious security hazard, as GUI widgets from

accounts with a high security level (such as LocalSystem) can

be manipulated to execute code at an elevated security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 6 'Opened active desktop on the

interactive window station.
# DESCRIPTION BEGIN
The application opened the interactive desktop (on the

interactive window station) in an attempt to send a UI to it.

This can be a serious security hazard, as GUI widgets from

accounts with a high security level (such as LocalSystem) can

be manipulated to execute code at an elevated security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# LOGENTRY InteractiveServices 7 'Accessed the address of

OpenDesktop
# DESCRIPTION BEGIN
The application used GetProcAddress to retreive the address of

OpenDesktop. This can be a serious security hazard, as GUI

widgets from accounts with a high security level (such as

LocalSystem) can be manipulated to execute code at an elevated

security level.
# DESCRIPTION END
# URL

'http://msdn.microsoft.com/library/default.asp?url=/library/en

-us/dncode/html/secure08192002.asp
# SHIM_BEGIN MISCPROGRAMMINGERRORS 8
# LOGENTRY MISCPROGRAMMINGERRORS 0 'Used the Desktop as the

parent window when the CreateWindow(Ex) API was called.
# DESCRIPTION BEGIN
When calling the CreateWindow/Ex API, the application used the

Desktop as the parent window. This can cause Windows to become

unstable. Set the parent window to a valid window or a NULL

value.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 1 'Called the SetTimer API

without a parent window or callback function.
# DESCRIPTION BEGIN
The application called the SetTimer API without a parent

window or callback function. This creates a timer message

without the necessary parameters for starting and stopping,

which will consume operating system resources. Set the

SetTimer API with a parent window or callback function.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 2 'Called the

GetDiskFreeSpace API.
# DESCRIPTION BEGIN
To test if the application ignores the high 32 bits, the

return value from the GetDiskFreeSpace API has been changed so

that the lower 32 bits are zero. If the application displays

an error message indicating there is insufficient disk space,

there is a bug with the usage of this API. Check that the

application uses the full 64-bit number and does not truncate

the number to 32 bits.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 3 'Called the

GetDiskFreeSpaceEx API.
# DESCRIPTION BEGIN
To test if the application ignores the high 32 bits, the

return value from the GetDiskFreeSpace API has been changed so

that the lower 32 bits are zero. If the application displays

an error message indicating there is insufficient disk space,

there is a bug with the usage of this API. Check that the

application uses the full 64-bit number and does not truncate

the number to 32 bits.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 4 'Called the

GetDiskFreeSpace API.
# DESCRIPTION BEGIN
The GetDiskFreeSpace function cannot report volume sizes that

are greater than 2 GB. To ensure that your application works

with large capacity hard drives, use the GetDiskFreeSpaceEx

function.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 5 'Called an API to broadcast

a WM_COMMAND message.
# DESCRIPTION BEGIN
The application called an API to broadcast a WM_COMMAND

message to all top-level windows. This has the potential to

crash any application that is running that receives this

message.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 6 'Called the PulseEvent API.
# DESCRIPTION BEGIN
A thread waiting on a synchronization object can be removed

from the wait state momentarily due to a kernel-mode APC, and

then returned to the wait state after the APC is complete.

If

the call to PulseEvent occurs while the thread has been

momentarily taken out of the wait state and before it is

returned to the wait state, it will not be released by

PulseEvent because PulseEvent releases only threads that are

waiting at the moment it is called.

Since there is no way to

detect that this has occurred, PulseEvent is unreliable and

should not be used.

It exists solely for backwards

compatibility with older programs.
# DESCRIPTION END
# LOGENTRY MISCPROGRAMMINGERRORS 7 'A window owned by the

closing module was still open when FreeLibrary was called.
# DESCRIPTION BEGIN
A window owned by the closing module was still open when

FreeLibrary was called. A module should not have any windows

open when it is unloaded. Make sure that you destroy any

windows owned by a module before you unload the module using

FreeLibrary.
# DESCRIPTION END
# SHIM_BEGIN SecurityChecks 29
# LOGENTRY SecurityChecks 0 'Called an API and passed

arguments that may lead to security issues.
# DESCRIPTION BEGIN
The lpApplicationName argument is NULL, lpCommandLine has

spaces, and the exe name is not in quotes.
# DESCRIPTION END
# LOGENTRY SecurityChecks 1 'Called an API that should not be

used due to potential security issues.
# DESCRIPTION BEGIN
The application called an API that should not be used due to

potential security issues. Use the more secure API,

CreateProcess or CreateProcessAsUser.
# DESCRIPTION END
# LOGENTRY SecurityChecks 2 'Set a dangerous security

descriptor.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

an excessively permissive security descriptor. Depending on

the permissions granted (detailed in the log entry), an

unauthorized user could perform illegitimate actions on the

object (for example, delete it). This could disrupt

application operation in different ways, depending on the

permissions granted and what they mean for the object in

question.
# DESCRIPTION END
# LOGENTRY SecurityChecks 3 'Set a questionable security

descriptor.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

a security descriptor that is potentially questionable for the

reasons detailed within the log entry. This is a notice that

security problems MAY exist with the object in question.
# DESCRIPTION END
# LOGENTRY SecurityChecks 4 'Unable to verify security.
# DESCRIPTION BEGIN
The verifier was unable to determine the security status of a

call to this API. The log entries detail the specific

reason(s).
# DESCRIPTION END
# LOGENTRY SecurityChecks 5 'Supplied a questionable SID.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security that included a SID (Security Identifier) that is

prone to abuse, misuse, or other programming errors. The

SID's usage in the security descriptor should be reviewed for

correctness. This message means that security problems MAY

exist with the object in question.
# DESCRIPTION END
# LOGENTRY SecurityChecks 6 'Supplied an unknown SID.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security that included a SID (Security Identifier) not known

to the verifier. If the SID is not well-known, then the

Verifier cannot judge its trustworthiness.
# DESCRIPTION END
# LOGENTRY SecurityChecks 7 'Supplied an invalid access mask.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security that included a descretionary access control list

(DACL) granting permission bits unknown to the verifier.

These bits (listed in the entry) should be reviewed to

determine if they are actually valid (e.g. newer than the

Verifier). If the bits are valid, the entry in the DACL

should be checked to see if it is safe to grant those bits to

the entity listed. If the bits are NOT currently valid, then

the object presents a possible security risk because future

implementations may render those bits valid, giving the listed

principal more power than the implementor intended.
# DESCRIPTION END
# LOGENTRY SecurityChecks 8 'Supplied a possibly-untrustworthy

owner for the object.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security descriptor specified an owner who may or may not be

fully trusted. Any object's owner is automatically granted

the ability to change the security permissions on that object

(WRITE_DAC). The owner (listed in the message) should be

reviewed to determine if this is safe. If this object is only

to be accessed by the owner, then this message can be ignored.

This message means that security problems MAY exist with the

object in question.
# DESCRIPTION END
# LOGENTRY SecurityChecks 9 'Supplied an unknown owner.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security that specified an owner whose SID could not be

resolved. The owner (listed in the message) should be

reviewed to determine why it cannot be resolved. This message

probably does not represent a security hole, but may be the

result of a programming error.
# DESCRIPTION END
# LOGENTRY SecurityChecks 10 'Supplied an untrustworthy owner

for the object.
# DESCRIPTION BEGIN
The application assigned an object (file, registry key, etc.)

security that specified an owner who is not trustworthy. Any

object's owner is automatically granted the ability to change

the security permissions on that object (WRITE_DAC). The

owner (listed in the message) should be changed.
# DESCRIPTION END
# LOGENTRY SecurityChecks 11 'Moved a file to a location where

it inherits dangerous access permissions.
# DESCRIPTION BEGIN
The application moved a file to a different volume and placed

it in a location where it inherits dangerous access

permissions. The application should explicitly set the

security attributes for the new file, since the MoveFile APIs

do not copy the security attributes of the original file when

called with the MOVEFILE_COPY_ALLOWED flag.
# DESCRIPTION END
# LOGENTRY SecurityChecks 12 'Copied a file to a location

where it inherits dangerous access permissions.
# DESCRIPTION BEGIN
The application copied a file to a different volume and placed

it in a location where it inherits dangerous access

permissions. The application should explicitly set the

security attributes for the new file, since the CopyFile APIs

do not copy the security attributes of the original file.
# DESCRIPTION END
# LOGENTRY SecurityChecks 13 'Called setsockopt with options

that are susceptible to hijacking.
# DESCRIPTION BEGIN
The application did not set the SO_EXCLUSIVEADDRUSE flag in

the setsockopt API. Doing so prevents unwanted hosts using

SO_REUSEADDR from binding onto a port and hijacking the host.
# DESCRIPTION END
# LOGENTRY SecurityChecks 14 'Called an API that should not be

used due to potential security issues.
# DESCRIPTION BEGIN
The application called the insecure API gets. Consider using

fgets or ReadConsole instead.
# DESCRIPTION END
# LOGENTRY SecurityChecks 15 'Called an API that should not be

used due to potential security issues.
# DESCRIPTION BEGIN
The application called the insecure API _getws. Consider using

fgetws or ReadConsole instead.
# DESCRIPTION END
# LOGENTRY SecurityChecks 16 'Attempted to impersonate without

the Impersonation privilege
# DESCRIPTION BEGIN
The application called an API that generatlly requires

SeImpersonatePrivilege, but the application does not possess

that privilege. Without this privilege, the application may

be unable to access many system objects, except in cases where

it impersonates itself. If you're seeing this message, then

the application may be (falsely) assuming it can perform

operations and access local objects on behalf of authenticated

callers. If the impersonation requests are being denied, the

application is likely to see ACCESS_DENIED errors.
# DESCRIPTION END
# LOGENTRY SecurityChecks 17 'Possessed a dangerous privilege

(server only)
# DESCRIPTION BEGIN
The application possessed one or more privileges that it may

not have actually needed. If the application can be subverted

(via other security holes), then these privileges could be

used by an attacker to gain additional footing within the

system. To determine whether this warning applies to your

application, check to see if any of the privileges can be

safely expunged from the process token (by calling

AdjustTokenPrivileges with the SE_PRIVILEGE_REMOVED bit on

WinXP+).
# DESCRIPTION END
# LOGENTRY SecurityChecks 18 'Accessed an object with a

dangerous security descriptor.
# DESCRIPTION BEGIN
The application accessed an object (file, registry key, etc.)

with an excessively permissive security descriptor. Depending

on the permissions granted (detailed in the log entry), an

unauthorized user could perform illegitimate actions on the

object (for example, delete it). This could disrupt

application operation in different ways, depending on the

permissions granted and what they mean for the object in

question. The object may have been created by another

application-- this message means that the infrastructure on

which this application is built probably has security issues.

The entity responsible for setting the security of the object

should be identified and informed of the problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 19 'Accessed an object with a

questionable security descriptor.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security descriptor is potentially questionable for the

reasons detailed within the log entry. The object may have

been created by another application-- this message means that

the infrastructure on which this application is built MAY have

security issues. The entity responsible for setting the

security of the object should be identified and informed of

the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 20 'Accessed an object granting

permission to a questionable SID.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security included a SID (Security Identifier) that is

prone to abuse, misuse, or other programming errors. The

SID's usage in the security descriptor should be reviewed for

correctness. The object may have been created by another

application-- this message means that the infrastructure on

which this application is built MAY have security issues. The

entity responsible for setting the security of the object

should be identified and informed of the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 21 'Accessed an object granting

permission to an unknown SID.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security included a SID (Security Identifier) not known

to the verifier. If the SID is not well-known, then the

Verifier cannot judge its trustworthiness. The object may have

been created by another application-- this message means that

the infrastructure on which this application is built MAY have

security issues. The entity responsible for setting the

security of the object should be identified and informed of

the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 22 'Accessed an object granting

invalid access.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security included a descretionary access control list

(DACL) granting permission bits unknown to the verifier.

These bits (listed in the entry) should be reviewed to

determine if they are actually valid (e.g. newer than the

Verifier). If the bits are valid, the entry in the DACL

should be checked to see if it is safe to grant those bits to

the entity listed. If the bits are NOT currently valid, then

the object presents a possible security risk because future

implementations may render those bits valid, giving the listed

principal more power than the implementor intended. The object

may have been created by another application-- this message

means that the infrastructure on which this application is

built probably will have security issues. The entity

responsible for setting the security of the object should be

identified and informed of the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 23 'Accessed an object whose owner

may be untrustworthy.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security descriptor specified an owner who may or may

not be fully trusted. Any object's owner is automatically

granted the ability to change the security permissions on that

object (WRITE_DAC). The owner (listed in the message) should

be reviewed to determine if this is safe. If this object is

only to be accessed by the owner, then this message can be

ignored. The object may have been created by another

application-- this message means that the infrastructure on

which this application is built MAY have security issues. The

entity responsible for setting the security of the object

should be identified and informed of the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 24 'Accessed an object whose owner

could not be validated.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security descriptor specified an owner whose SID could

not be resolved. The owner (listed in the message) should be

reviewed to determine why it cannot be resolved. The object

may have been created by another application. The entity

responsible for setting the security of the object should be

identified and informed of the potential problem. This

message probably does not represent a security hole, but may

be the result of a programming error.
# DESCRIPTION END
# LOGENTRY SecurityChecks 25 'Accessed an object whose owner

should not be trusted.
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

whose security descriptor specified an owner who is not

trustworthy. Any object's owner is automatically granted the

ability to change the security permissions on that object

(WRITE_DAC). The owner (listed in the message) should be

changed. The object may have been created by another

application-- this message means that the infrastructure on

which this application is built PROBABLY has security issues.

The entity responsible for setting the security of the object

should be identified and informed of the potential problem.
# DESCRIPTION END
# LOGENTRY SecurityChecks 26 'Security Information for objects

that have been flagged by SecurityChecks
# DESCRIPTION BEGIN
Each entry in this log is for an object that SecurityChecks

flagged as dangerous or questionable. The individual messages

list the object name and its security descriptor in SDDL

format. These messages are provided to help track down errors

found elsewhere in the log.
# DESCRIPTION END
# LOGENTRY SecurityChecks 27 'Called an API that doesn't

support impersonation while impersonating
# DESCRIPTION BEGIN
The application called an API that does not support

impersonation while impersonating. Although the API may

succeed, the object created by the API may not have the

Security Descriptor that the programmer intended.
# DESCRIPTION END
# LOGENTRY SecurityChecks 28 'Opened an object for too much

access
# DESCRIPTION BEGIN
The application opened an object (file, registry key, etc.)

for a suspicious set of access permissions-- usually all

possible access permissions. It is very unlikely that the

application actually intends to use all of these access bits.

Opening an object for too much access makes it difficult to

distinguish legitimate access (by auditing the Security Log)

from attack activity. Further, it makes it difficult to

restrict the security of the object in future implementations

of the given software without damaging application

compatibility. To fix this, determine what access the

application really needs on the object and change the given

API call to request only those permissions.
# DESCRIPTION END
# SHIM_BEGIN KernelModeDriverInstall 2
# LOGENTRY KernelModeDriverInstall 0 'Installed a kernel-mode

driver.
# DESCRIPTION BEGIN
The application installed a kernel-mode driver. To properly

install kernel-mode drivers, applications should use the

CreateService API.
# DESCRIPTION END
# LOGENTRY KernelModeDriverInstall 1 'Installed a file system

filter driver that executes in kernel-mode.
# DESCRIPTION BEGIN
The application installed a file system filter driver that

executes in kernel-mode. To properly install kernel-mode

drivers, applications should use the CreateService API.
# DESCRIPTION END
# SHIM_BEGIN ObsoleteAPICalls 1
# LOGENTRY ObsoleteAPICalls 0 'Called an obsolete API.
# DESCRIPTION BEGIN
The application called an obsolete API. Applications should

not call obsolete APIs. Find and use current APIs instead.
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink/?linkid=5610
# SHIM_BEGIN DXFileVersionInfo 1
# LOGENTRY DXFileVersionInfo 0 'Performed a version check on

DirectX files.
# DESCRIPTION BEGIN
The application attempted to get version information directly

from DirectX files. Applications should not try to detect

DirectX version information, but should instead attempt to

install the DirectX version with which the application is

compatible. For more information, see the DirectX SDK.
# DESCRIPTION END
# SHIM_BEGIN RegistryChecks 18
# LOGENTRY RegistryChecks 0 'Read from Current User Registry

Key: Console.
# DESCRIPTION BEGIN
The application read from Current User Registry Key: Console.

It should not read this area of the registry directly for

console information. Registry keys change with each version of

Windows. To guarantee compatibility, use the correct API

calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 1 'Read from Current User Registry

Key: ControlPanel.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

ControlPanel. It should not read this area of the registry

directly for Control Panel information. Registry keys change

with each version of Windows. To guarantee compatibility, use

the correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 2 'Read from Current User Registry

Key: Environment.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

Environment. It should not read from this area of the registry

directly for environment information. Registry keys change

with each version of Windows. To guarantee compatibility, use

the correct API call: getenv()
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink?linkid=392
# LOGENTRY RegistryChecks 3 'Read from Current User Registry

Key: Identities.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

Identities. It should not read from this area of the registry

directly for user information. Registry keys change with each

version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 4 'Read from Current User Registry

Key: KeyboardLayout.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

KeyboardLayout. It should not read from this area of the

registry directly for keyboard information. Registry keys

change with each version of Windows. To guarantee

compatibility, use the correct API call: GetKeyboardLayout()
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink?linkid=393
# LOGENTRY RegistryChecks 5 'Read from Current User Registry

Key: Printers.
# DESCRIPTION BEGIN
The application read from Current User Registry Key: Printers.

It should not read from this area of the registry directly for

system information. Registry keys change with each version of

Windows. To guarantee compatibility, use the correct API

calls: GetPrinter() and GetPrinterData()
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink?linkid=394
# LOGENTRY RegistryChecks 6 'Read from Current User Registry

Key: RemoteAccess.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

RemoteAccess. It should not read from this area of the

registry directly for remote access service information.

Registry keys change with each version of Windows. To

guarantee compatibility, use the correct API calls.
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink?linkid=395
# LOGENTRY RegistryChecks 7 'Read from Current User Registry

Key: SessionInformation.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

SessionInformation. It should not read this area of the

registry directly for session information. Registry keys

change with each version of Windows. To guarantee

compatibility, use the correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 8 'Read from Current User Registry

Key: UNICODEProgramGroups.
# DESCRIPTION BEGIN
The application from Current User Registry Key:

UNICODEProgramGroups. It should not read this area of the

registry directly for program group information. Registry keys

change with each version of Windows. To guarantee

compatibility, use the correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 9 'Read from Current User Registry

Key: VolatileEnvironment.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

VolatileEnvironment. It should not read this area of the

registry directly for information. Registry keys change with

each version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 10 'Read from Current User Registry

Key: Windows31MigrationStatus.
# DESCRIPTION BEGIN
The application read from Current User Registry Key:

Windows31MigrationStatus. It should not read this area of the

registry directly for information. Registry keys change with

each version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 11 'Read from Local Machine Registry

Key: Hardware.
# DESCRIPTION BEGIN
The application read from Local Machine Registry Key:

Hardware. It should not read this area of the registry

directly for hardware information. Registry keys change with

each version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 12 'Read from Local Machine Registry

Key: SAM.
# DESCRIPTION BEGIN
The application read from Local Machine Registry Key: SAM. It

should not read this area of the registry directly for

security-related information. Registry keys change with each

version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 13 'Read from Local Machine Registry

Key: Security.
# DESCRIPTION BEGIN
The application read from Local Machine Registry Key:

Security. It should not read this area of the registry

directly for security-related information. Registry keys

change with each version of Windows. To guarantee

compatibility, use the correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 14 'Read from Local Machine Registry

Key: System.
# DESCRIPTION BEGIN
The application read from Local Machine Registry Key: System.

It should not read this area of the registry directly for

system-related information. Registry keys change with each

version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 15 'Read from the

HKEY_CURRENT_CONFIG Registry Key.
# DESCRIPTION BEGIN
The application read from Current Configuration Registry Keys.

It should not read this area of the registry directly for

configuration information. Registry keys change with each

version of Windows. To guarantee compatibility, use the

correct API calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 16 'Read from Users Registry Keys.
# DESCRIPTION BEGIN
The application read from Users Registry Keys. It should not

read this area of the registry directly for user-related

information. Registry keys change with each version of

Windows. To guarantee compatibility, use the correct API

calls.
# DESCRIPTION END
# LOGENTRY RegistryChecks 17 'Wrote to a non-Current User

Registry Key.
# DESCRIPTION BEGIN
The application wrote to a non-Current User Registry Key.

Applications should store information to the Current User

section of the registry, which allows each user to have their

own saved preferences.
# DESCRIPTION END
# SHIM_BEGIN HighVersionLie 2
# LOGENTRY HighVersionLie 0 'Called the GetVersion API.
# DESCRIPTION BEGIN
The application called the GetVersion API. This is an

informational message; no action is required.
# DESCRIPTION END
# URL 'http://go.microsoft.com/fwlink/?linkid=5644
# LOGENTRY HighVersionLie 1 'Called the GetVersionEx API.
# DESCRIPTION BEGIN
The application called the GetVersionEx API. This is an

informational message; no action is required.
# DESCRIPTION END
# SHIM_BEGIN FilePaths 9
# LOGENTRY FilePaths 0 'Used a Windows Temp path that was not

obtained using an approved method.
# DESCRIPTION BEGIN
The application used a Windows Temp path that was not obtained

using a method approved by the Designed for Windows Logo

Program. Use the GetTempPath API to locate appropriate storage

for temporary files.
# DESCRIPTION END
# LOGENTRY FilePaths 1 'Used a Windows directory path that was

not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a Windows directory path that was not

obtained using a method approved by the Designed for Windows

Logo Program. Use the correct API function when accessing the

Windows directory path: GetWindowsDirectory()
# DESCRIPTION END
# LOGENTRY FilePaths 2 'Used a System Windows directory path

that was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a System Windows directory path that was

not obtained using a method approved by the Designed for

Windows Logo Program. Use the correct API function when

accessing the Windows System directory path:

GetSystemWindowsDirectory()
# DESCRIPTION END
# LOGENTRY FilePaths 3 'Used a Windows System directory path

that was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a Windows System Directory path that was

not obtained using a method approved by the Designed for

Windows Logo Program. Use the correct API function when

accessing the Windows System directory path:

GetSystemDirectory()
# DESCRIPTION END
# LOGENTRY FilePaths 4 'Used a My Documents directory path

that was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a My Documents directory path that was

not obtained using a method approved by the Designed for

Windows Logo Program. Use the correct API function when

accessing a user's My Documents directory path:

SHGetFolderPath() with CSIDL=CSIDL_PERSONAL
# DESCRIPTION END
# LOGENTRY FilePaths 5 'Used a common programs directory path

that was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a common program directory path that was

not obtained using a method approved by the Designed for

Windows Logo Program. Use the correct API function when

accessing the common programs directory path:

SHGetFolderPath() with CSIDL=CSIDL_COMMON_PROGRAMS.
# DESCRIPTION END
# LOGENTRY FilePaths 6 'Used a common Start menu directory

path that was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a common Start menu directory path that

was not obtained using a method approved by the Designed for

Windows Logo Program. Use the correct API function when

accessing the common Start menu directory path:

SHGetFolderPath() with CSIDL=CSIDL_COMMON_STARTMENU.
# DESCRIPTION END
# LOGENTRY FilePaths 7 'Used a programs directory path that

was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a programs directory path that was not

obtained using a method approved by the Designed for Windows

Logo Program. Use the correct API function when accessing the

programs directory path: SHGetFolderPath() with

CSIDL=CSIDL_PROGRAMS
# DESCRIPTION END
# LOGENTRY FilePaths 8 'Used a Start menu directory path that

was not obtained using an approved method.
# DESCRIPTION BEGIN
The application used a Start menu directory path that was not

obtained using a method approved by the Designed for Windows

Logo Program. Use the correct API function when accessing the

start menu directory path: SHGetFolderPath() with

CSIDL=CSIDL_STARTMENU
# DESCRIPTION END
# SHIM_BEGIN LogStartAndStop 2
# LOGENTRY LogStartAndStop 0 'Started.
# DESCRIPTION BEGIN
The application star

MystNomad
01-03-2005, 12:31 AM
Continuation: It got cut.

CSIDL=CSIDL_STARTMENU
# DESCRIPTION END
# SHIM_BEGIN LogStartAndStop 2
# LOGENTRY LogStartAndStop 0 'Started.
# DESCRIPTION BEGIN
The application started running. This is an informational message; no action is required.
# DESCRIPTION END
# LOGENTRY LogStartAndStop 1 'Stopped.
# DESCRIPTION BEGIN
The application stopped running. This is an informational message; no action is required.
# DESCRIPTION END
| HighVersionLie 1 | 0 MSVCR71.dll 1E17'Returned 7.2 build number: 4500.
| HighVersionLie 0 | 0 LTKRN13N.dll 502F3'Returned 7.2 build number 4500.
| HighVersionLie 0 | 0 LTKRN13N.dll 1E802'Returned 7.2 build number 4500.
| HighVersionLie 0 | 0 LTFIL13N.DLL 19F63'Returned 7.2 build number 4500.
| HighVersionLie 0 | 0 LTFIL13N.DLL 1340A'Returned 7.2 build number 4500.
| ObsoleteAPICalls 0 | 1 serwvdrv.dll 1528'API: RegOpenKeyW
| RegistryChecks 14 | 2 serwvdrv.dll 1546'EnumKey: Read from dangerous registry entry 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}'.
| ObsoleteAPICalls 0 | 1 serwvdrv.dll 1546'API: RegEnumKeyW
| ObsoleteAPICalls 0 | 1 serwvdrv.dll 1568'API: RegOpenKeyW
| RegistryChecks 14 | 2 serwvdrv.dll 18DC'EnumKey: Read from dangerous registry entry 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}'.
| ObsoleteAPICalls 0 | 1 serwvdrv.dll 18DC'API: RegEnumKeyW
| ObsoleteAPICalls 0 | 1 ADVAPI32.dll 6C78B'API: GetProfileIntA
| ObsoleteAPICalls 0 | 1 ADVAPI32.dll 6C7A8'API: GetProfileStringA
| HighVersionLie 1 | 0 binkw32.dll 5EC7'Returned 7.2 build number: 4500.
| RegistryChecks 14 | 2 ole32.dll 75249'QueryValue: Read from dangerous registry entry 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\Session Manager'.
| SecurityChecks 28 | 2 ole32.dll 74F3E'Called OpenEventA for EVENT_ALL_ACCESS (0x1f0003) on object HookSwitchHookEnabledEvent
| ObsoleteAPICalls 0 | 1 DSOUND.dll F457'API: RegOpenKeyW
| HighVersionLie 0 | 0 EAX.DLL EFF5'Returned 7.2 build number 4500.
| HighVersionLie 1 | 0 EAX.DLL 110B5'Returned 7.2 build number: 4500.
| HighVersionLie 1 | 0 dbghelp.dll 12AFE'Returned 7.2 build number: 4500.
| HighVersionLie 1 | 0 OLEAUT32.dll 1E77'Returned 7.2 build number: 4500.
| HighVersionLie 0 | 0 zlib.dll A7A3'Returned 7.2 build number 4500.
| HighVersionLie 1 | 0 CrashRpt.dll 8071'Returned 7.2 build number: 4500.
| HighVersionLie 1 | 0 CrashRpt.dll 662A'Returned 7.2 build number: 4500.
| HighVersionLie 1 | 0 SHELL32.dll 7AD43'Returned 7.2 build number: 4500, service pack: 0.0, suite mask: 0x00000000, product type: None.
| RegistryChecks 17 | 2 SHELL32.dll 7A1D9'SetValue: Write to non-HKCU registry entry ''.
| RegistryChecks 17 | 2 SHELL32.dll 7A1D9'SetValue: Write to non-HKCU registry entry ''.
| RegistryChecks 17 | 2 SHELL32.dll 7A1D9'SetValue: Write to non-HKCU registry entry ''.
| RegistryChecks 17 | 2 SHELL32.dll 7A1D9'SetValue: Write to non-HKCU registry entry ''.
| RegistryChecks 17 | 2 SHELL32.dll 7A1D9'SetValue: Write to non-HKCU registry entry ''.
| RegistryChecks 17 | 2 SHELL32.dll 7A1D9'SetValue: Write to non-HKCU registry entry ''.
| RegistryChecks 17 | 2 SHELL32.dll 7A1D9'SetValue: Write to non-HKCU registry entry ''.
| RegistryChecks 17 | 2 SHELL32.dll 7A1D9'SetValue: Write to non-HKCU registry entry ''.
| LogStartAndStop 0 | 0 ShimEng.dll 7F8C'The application started - 1/2/2005 22:24.
| ObsoleteAPICalls 0 | 1 m4_base_rd.dll D827'API: GetPrivateProfileSectionNamesA
| ObsoleteAPICalls 0 | 1 m4_base_rd.dll D859'API: GetPrivateProfileSectionA
| DFWChecksAll 1 | 0 m4_thor_rd.dll ECB29'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 m4_thor_rd.dll ECB29'Returned 7.2 build number: 4500.
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c025#7&1a1d51c5&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c025#7&1a1d51c5&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_00#8&c9f502&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_00#8&c9f502&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col01#8&188d8147&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col01#8&188d8147&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c025#7&1a1d51c5&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c025#7&1a1d51c5&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_00#8&c9f502&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_00#8&c9f502&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col01#8&188d8147&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col01#8&188d8147&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| ObsoleteAPICalls 0 | 1 DINPUT.dll F141'API: GetPrivateProfileStringW
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c025#7&1a1d51c5&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c025#7&1a1d51c5&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_00#8&c9f502&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_00#8&c9f502&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col01#8&188d8147&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col01#8&188d8147&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll DD1B'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c213#7&cc0ba2d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col02#8&188d8147&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col03#8&188d8147&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_046d&pid_c50b&mi_01&col04#8&188d8147&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksNonSetup 2 | 2 DINPUT.dll 119F8'Writing to an unapproved location: \\?\hid#vid_050d&pid_0980#7&29d99a15&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
| DFWChecksAll 1 | 0 DareDSound3D_bin_rd.dll 47975'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 DareDSound3D_bin_rd.dll 47975'Returned 7.2 build number: 4500.
| ObsoleteAPICalls 0 | 1 DareDSound3D_bin_rd.dll 4723F'API: GetPrivateProfileStringA
| ObsoleteAPICalls 0 | 1 DareDSound3D_bin_rd.dll 47262'API: GetPrivateProfileStringA
| ObsoleteAPICalls 0 | 1 DareDSound3D_bin_rd.dll 47375'API: GetPrivateProfileStringA
| ObsoleteAPICalls 0 | 1 DareDSound3D_bin_rd.dll 47375'API: GetPrivateProfileStringA
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 725A9'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 46C6A'API: RegQueryValueW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 501BC'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4F8BF'API: RegQueryValueW
| DFWChecksNonSetup 2 | 2 wdmaud.drv 3E1D'Writing to an unapproved location: \\?\root#system#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9b365890-165f-11d0-a195-0020afd156e4}
| DFWChecksNonSetup 2 | 2 wdmaud.drv 3E1D'Writing to an unapproved location: \\?\root#system#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9b365890-165f-11d0-a195-0020afd156e4}
| ObsoleteAPICalls 0 | 1 WINMM.dll 8EDB'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 WINMM.dll 8EDB'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 WINMM.dll 8EDB'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 WINMM.dll 8EDB'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 WINMM.dll 8EDB'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 WINMM.dll 8EDB'API: RegOpenKeyA
| DFWChecksNonSetup 2 | 2 DSOUND.dll 5213'Writing to an unapproved location: \\?\root#system#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9b365890-165f-11d0-a195-0020afd156e4}
| DFWChecksNonSetup 2 | 2 DSOUND.dll 5213'Writing to an unapproved location: \\?\root#system#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}\{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}&{9b365890-165f-11d0-a195-0020afd156e4}
| ObsoleteAPICalls 0 | 1 DareDSound3D_bin_rd.dll 47375'API: GetPrivateProfileStringA
| ObsoleteAPICalls 0 | 1 DareDSound3D_bin_rd.dll 47375'API: GetPrivateProfileStringA
| ObsoleteAPICalls 0 | 1 DareDSound3D_bin_rd.dll 47375'API: GetPrivateProfileStringA
| ObsoleteAPICalls 0 | 1 LTFIL13N.DLL D5A1'API: OpenFile
| HighVersionLie 0 | 0 LFFAX13N.DLL 8073'Returned 7.2 build number 4500.
| ObsoleteAPICalls 0 | 1 LTFIL13N.DLL D5A1'API: OpenFile
| HighVersionLie 0 | 0 LFCMP13N.DLL 390D3'Returned 7.2 build number 4500.
| ObsoleteAPICalls 0 | 1 LTFIL13N.DLL D5A1'API: OpenFile
| ObsoleteAPICalls 0 | 1 LTFIL13N.DLL D5A1'API: OpenFile
| HighVersionLie 0 | 0 LFJBG13N.DLL E023'Returned 7.2 build number 4500.
| ObsoleteAPICalls 0 | 1 LTFIL13N.DLL D5A1'API: OpenFile
| HighVersionLie 0 | 0 LFLMB13N.DLL 3063'Returned 7.2 build number 4500.
| ObsoleteAPICalls 0 | 1 LTFIL13N.DLL D5A1'API: OpenFile
| HighVersionLie 0 | 0 LFBMP13N.DLL 45E3'Returned 7.2 build number 4500.
| ObsoleteAPICalls 0 | 1 LTFIL13N.DLL D5A1'API: OpenFile
| HighVersionLie 0 | 0 LFPCX13N.DLL 3303'Returned 7.2 build number 4500.
| ObsoleteAPICalls 0 | 1 LTFIL13N.DLL D5A1'API: OpenFile
| HighVersionLie 0 | 0 LFPNG13N.DLL 13933'Returned 7.2 build number 4500.
| ObsoleteAPICalls 0 | 1 LTFIL13N.DLL D5A1'API: OpenFile
| HighVersionLie 0 | 0 LFTGA13N.DLL 2CF3'Returned 7.2 build number 4500.
| DFWChecksNonSetup 2 | 2 base_rd.dll 30B3A'Writing to an unapproved location: c:/games/myst4/save/default.m4s
| DFWChecksNonSetup 2 | 2 base_rd.dll 30B3A'Writing to an unapproved location: c:/games/myst4/save/default.m4s
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 d3d9.dll ECDAA'API: RegOpenKeyA
| ObsoleteAPICalls 0 | 1 aresdx_rd.dll C6927'API: RegOpenKeyA
| RegistryChecks 14 | 2 aresdx_rd.dll C6945'QueryValue: Read from dangerous registry entry 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}'.
| ObsoleteAPICalls 0 | 1 aresdx_rd.dll C6927'API: RegOpenKeyA
| DFWChecksNonSetup 2 | 2 base_rd.dll 30B3A'Writing to an unapproved location: c:/games/myst4/save/journal/page000.jpg
| DFWChecksNonSetup 2 | 2 base_rd.dll 30B3A'Writing to an unapproved location: c:/games/myst4/save/options.m4o
| DFWChecksNonSetup 2 | 2 base_rd.dll 30B3A'Writing to an unapproved location: c:/games/myst4/save/options.m4o
| DFWChecksNonSetup 2 | 2 base_rd.dll 30865'Writing to an unapproved location: c:/games/myst4/save/journal//page000.jpg
| FilePaths 0 | 1 CrashRpt.dll 5521'Possible hardcoded path 'C:\DOCUME~1\USER\LOCALS~1\Temp\Myst4.dmp' found in call to API: CreateFileA, PARAM: lpFileName
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 244C0'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 244C0'Returned 7.2 build number: 4500.
| DXFileVersionInfo 0 | 2 dbghelp.dll 2463A'GetFileVersionInfo called for C:\WINDOWS\system32\msvcrt.dll
| DXFileVersionInfo 0 | 2 dbghelp.dll 2463A'GetFileVersionInfo called for C:\WINDOWS\system32\DINPUT.dll
| DXFileVersionInfo 0 | 2 dbghelp.dll 2463A'GetFileVersionInfo called for C:\WINDOWS\system32\DSOUND.dll
| DFWChecksAll 1 | 0 dbghelp.dll 234B4'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 234B4'Returned 7.2 build number: 4500.
| DFWChecksAll 1 | 0 dbghelp.dll 233B8'GetVersionEx - Returned 7.3 build number 3600.
| HighVersionLie 1 | 0 dbghelp.dll 233B8'Returned 7.2 build number: 4500, service pack: 0.0, suite mask: 0x00000000, product type: None.
| ObsoleteAPICalls 0 | 1 ole32.dll 46C6A'API: RegQueryValueW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4731F'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 501BC'API: RegOpenKeyW
| ObsoleteAPICalls 0 | 1 ole32.dll 4F8BF'API: RegQueryValueW
| LogStartAndStop 1 | 0 ntdll.dll 11A7'The application stopped - 1/2/2005 22:24.

andrew.si
01-05-2005, 12:29 PM
Wow- bizarre but effective. I had been having exactly the same problem, and using App Verifier as described above finally lets me run the **** game. It happened on ALL of my machines (all have XPSP2 but different ATI video cards, I'm wondering whether SP2 is now the culprit in some fashion.)

Heimdall_G
01-16-2005, 03:47 PM
If you want to find out if SP2 is the culprit, see How to remove Windows XP Service Pack 2 from your computer (http://support.microsoft.com/default.aspx?scid=kb;en-us;875350&Product=winxp). Remove SP2 and reboot, then install SP1a, available here (http://www.microsoft.com/windowsxp/pro/downloads/servicepacks/sp1/default.asp). Reboot after SP1a installation.