BSOD 3 times tonight

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by snowballuk, Oct 16, 2010.

  1. snowballuk

    snowballuk New Member

    Joined:
    Oct 16, 2010
    Messages:
    4
    Likes Received:
    0
    #1 snowballuk, Oct 16, 2010
    Last edited: Oct 16, 2010
  2. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    Uninstall sptd.sys for now, later if you need it install its latest 2010 version:

    sptd.sys Sun Oct 11 23:55:14 2009
    Daemon/Alcohol/Duplex Secure
    DuplexSecure - FAQ



    Update drivers:

    athrxusb.sys Mon Jan 29 14:57:10 2007
    Atheros Extensible Wireless LAN device driver

    nvstor.sys Wed May 20 09:45:37 2009
    nvmf6264.sys Fri Jul 31 02:48:18 2009
    nvstor64.sys Wed Aug 05 03:31:07 2009
    NVIDIA nForce(TM) SATA Driver

    npf.sys Tue Oct 20 21:00:19 2009
    Politecnico di Torino




    If crashes persist, replace Avira with MSE:

    Knowledgebase for Free

    http://www.microsoft.com/security_essentials/



    Code:
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\a\Minidump\D M P\101610-26629-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
    Machine Name:
    Kernel base = 0xfffff800`03060000 PsLoadedModuleList = 0xfffff800`0329de50
    Debug session time: Sat Oct 16 04:07:15.560 2010 (UTC - 5:00)
    System Uptime: 0 days 0:02:29.012
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .............................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 3B, {c0000005, fffff80003182b1f, fffff88004b8ccb0, 0}
    
    Probably caused by : memory_corruption ( nt!MiIdentifyPfn+26f )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    SYSTEM_SERVICE_EXCEPTION (3b)
    An exception happened while executing a system service routine.
    Arguments:
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff80003182b1f, Address of the instruction which caused the bugcheck
    Arg3: fffff88004b8ccb0, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.
    
    Debugging Details:
    ------------------
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    FAULTING_IP: 
    nt!MiIdentifyPfn+26f
    fffff800`03182b1f f0410fba6e481f  lock bts dword ptr [r14+48h],1Fh
    
    CONTEXT:  fffff88004b8ccb0 -- (.cxr 0xfffff88004b8ccb0)
    rax=0000000000000001 rbx=020000000002e7d7 rcx=0a00000000000020
    rdx=000000000001e2b6 rsi=0000000000000000 rdi=fffffa8001b218c8
    rip=fffff80003182b1f rsp=fffff88004b8d680 rbp=fffffa80042a2a40
     r8=0000000000017417  r9=0000000000000001 r10=0000000000000042
    r11=0000058000000000 r12=fffff8000324ae80 r13=0000000000000000
    r14=d304c6e5a2e9d15d r15=0000000000000000
    iopl=0         nv up ei pl nz na po nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
    nt!MiIdentifyPfn+0x26f:
    fffff800`03182b1f f0410fba6e481f  lock bts dword ptr [r14+48h],1Fh ds:002b:d304c6e5`a2e9d1a5=????????
    Resetting default scope
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0x3B
    
    PROCESS_NAME:  svchost.exe
    
    CURRENT_IRQL:  2
    
    LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff80003182b1f
    
    STACK_TEXT:  
    fffff880`04b8d680 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiIdentifyPfn+0x26f
    
    
    FOLLOWUP_IP: 
    nt!MiIdentifyPfn+26f
    fffff800`03182b1f f0410fba6e481f  lock bts dword ptr [r14+48h],1Fh
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  nt!MiIdentifyPfn+26f
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9
    
    STACK_COMMAND:  .cxr 0xfffff88004b8ccb0 ; kb
    
    IMAGE_NAME:  memory_corruption
    
    FAILURE_BUCKET_ID:  X64_0x3B_nt!MiIdentifyPfn+26f
    
    BUCKET_ID:  X64_0x3B_nt!MiIdentifyPfn+26f
    
    Followup: MachineOwner
    ---------
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\a\Minidump\D M P\101610-26208-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
    Machine Name:
    Kernel base = 0xfffff800`03008000 PsLoadedModuleList = 0xfffff800`03245e50
    Debug session time: Sat Oct 16 13:26:18.452 2010 (UTC - 5:00)
    System Uptime: 0 days 0:07:26.903
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ............................
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1E, {ffffffffc0000005, fffff80003058524, 0, ffffffffffffffff}
    
    Probably caused by : fileinfo.sys ( fileinfo!FIStreamGet+52 )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KMODE_EXCEPTION_NOT_HANDLED (1e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffff80003058524, The address that the exception occurred at
    Arg3: 0000000000000000, Parameter 0 of the exception
    Arg4: ffffffffffffffff, Parameter 1 of the exception
    
    Debugging Details:
    ------------------
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    FAULTING_IP: 
    nt!FsRtlLookupPerStreamContextInternal+7c
    fffff800`03058524 48396810        cmp     qword ptr [rax+10h],rbp
    
    EXCEPTION_PARAMETER1:  0000000000000000
    
    EXCEPTION_PARAMETER2:  ffffffffffffffff
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032b00e0
     ffffffffffffffff 
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
    
    BUGCHECK_STR:  0x1E_c0000005
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    PROCESS_NAME:  svchost.exe
    
    CURRENT_IRQL:  0
    
    EXCEPTION_RECORD:  fffff88005c44828 -- (.exr 0xfffff88005c44828)
    ExceptionAddress: fffff80003058524 (nt!FsRtlLookupPerStreamContextInternal+0x000000000000007c)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000000
       Parameter[1]: ffffffffffffffff
    Attempt to read from address ffffffffffffffff
    
    TRAP_FRAME:  fffff88005c448d0 -- (.trap 0xfffff88005c448d0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=abfd5a5f6bdaeed0 rbx=0000000000000000 rcx=fffff8a0016c5178
    rdx=0000000000000011 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80003058524 rsp=fffff88005c44a60 rbp=fffffa8002d86010
     r8=0000000000000000  r9=fffff88005c44b30 r10=0000000000000000
    r11=fffff88005c44c28 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz ac pe cy
    nt!FsRtlLookupPerStreamContextInternal+0x7c:
    fffff800`03058524 48396810        cmp     qword ptr [rax+10h],rbp ds:abfd5a5f`6bdaeee0=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff800030b2a39 to fffff80003078740
    
    STACK_TEXT:  
    fffff880`05c44058 fffff800`030b2a39 : 00000000`0000001e ffffffff`c0000005 fffff800`03058524 00000000`00000000 : nt!KeBugCheckEx
    fffff880`05c44060 fffff800`03077d82 : fffff880`05c44828 fffff8a0`016c5140 fffff880`05c448d0 00000000`00000000 : nt!KiDispatchException+0x1b9
    fffff880`05c446f0 fffff800`0307668a : fffff880`05c448e8 00000000`00000000 fffff8a0`041ab010 fffff880`02170147 : nt!KiExceptionDispatch+0xc2
    fffff880`05c448d0 fffff800`03058524 : fffffa80`00000000 fffff800`0306ecc5 00000000`00000000 fffff6fc`40027b98 : nt!KiGeneralProtectionFault+0x10a
    fffff880`05c44a60 fffff880`0123132e : fffffa80`021dcf20 fffff880`05c44bc0 fffffa80`02d86010 fffff880`01455734 : nt!FsRtlLookupPerStreamContextInternal+0x7c
    fffff880`05c44aa0 fffff880`0123cd31 : fffffa80`02d86010 fffff880`0145af30 fffffa80`01e48520 00000000`00000001 : fltmgr!FltpGetStreamListCtrl+0x8e
    fffff880`05c44b00 fffff880`01282052 : 00000000`00000000 00000000`00000000 fffff880`05c44d40 fffff880`014f8bfb : fltmgr!FltGetStreamContext+0x21
    fffff880`05c44b30 fffff880`01280b07 : 00000000`00000000 fffff8a0`01a115c0 00000000`00000000 00000000`00000000 : fileinfo!FIStreamGet+0x52
    fffff880`05c44ba0 fffff880`01231242 : 00000000`00000000 00000000`00000000 fffffa80`01bd37b0 00000000`00000000 : fileinfo!FIPostCreateCallback+0xf3
    fffff880`05c44c30 fffff880`0123038b : fffffa80`02b77030 fffffa80`04434e00 fffffa80`02e48010 fffffa80`02e48230 : fltmgr!FltpPerformPostCallbacks+0x392
    fffff880`05c44d00 fffff880`0124f2b9 : fffffa80`01bd3410 fffffa80`02d86010 fffffa80`01bd3400 fffffa80`02b722c0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x39b
    fffff880`05c44d90 fffff800`0337b807 : 00000000`00000060 fffff800`0339af30 fffffa80`01e73348 fffff8a0`00084430 : fltmgr!FltpCreate+0x2a9
    fffff880`05c44e40 fffff800`03371c2f : fffffa80`02b722c0 00000000`00000000 fffffa80`024e8200 00000000`00040000 : nt!IopParseDevice+0x5a7
    fffff880`05c44fd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObpLookupObjectName+0x32f
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    fileinfo!FIStreamGet+52
    fffff880`01282052 8bd8            mov     ebx,eax
    
    SYMBOL_STACK_INDEX:  7
    
    SYMBOL_NAME:  fileinfo!FIStreamGet+52
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: fileinfo
    
    IMAGE_NAME:  fileinfo.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc481
    
    FAILURE_BUCKET_ID:  X64_0x1E_c0000005_fileinfo!FIStreamGet+52
    
    BUCKET_ID:  X64_0x1E_c0000005_fileinfo!FIStreamGet+52
    
    Followup: MachineOwner
    ---------
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\a\Minidump\D M P\101610-67564-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
    Machine Name:
    Kernel base = 0xfffff800`03063000 PsLoadedModuleList = 0xfffff800`032a0e50
    Debug session time: Sat Oct 16 13:17:57.016 2010 (UTC - 5:00)
    System Uptime: 0 days 4:03:03.468
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .............................
    Loading User Symbols
    Loading unloaded module list
    ........
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 20, {0, ffff, 0, 0}
    
    Probably caused by : ntkrnlmp.exe ( nt!PspExitThread+9a0 )
    
    Followup: MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_APC_PENDING_DURING_EXIT (20)
    The key data item is the thread's APC disable count.
    If this is non-zero, then this is the source of the problem.
    The APC disable count is decremented each time a driver calls
    KeEnterCriticalRegion, FsRtlEnterFileSystem, or acquires a mutex.  The APC
    disable count is incremented each time a driver calls KeLeaveCriticalRegion,
    FsRtlExitFileSystem, or KeReleaseMutex.  Since these calls should always be in
    pairs, this value should be zero when a thread exits.  A negative value
    indicates that a driver has disabled APC calls without re-enabling them.  A
    positive value indicates that the reverse is true.
    If you ever see this error, be very suspicious of all drivers installed on the
    machine -- especially unusual or non-standard drivers.  Third party file
    system redirectors are especially suspicious since they do not generally
    receive the heavy duty testing that NTFS, FAT, RDR, etc receive.
    This current IRQL should also be 0.  If it is not, that a driver's
    cancelation routine can cause this bugcheck by returning at an elevated
    IRQL.  Always attempt to note what you were doing/closing at the
    time of the crash, and note all of the installed drivers at the time of
    the crash.  This symptom is usually a severe bug in a third party
    driver.
    Arguments:
    Arg1: 0000000000000000, The address of the APC found pending during exit.
    Arg2: 000000000000ffff, The thread's APC disable count
    Arg3: 0000000000000000, The current IRQL
    Arg4: 0000000000000000
    
    Debugging Details:
    ------------------
    
    
    BUGCHECK_STR:  0x20_NULLAPC_KAPC_NEGATIVE
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    PROCESS_NAME:  sandra.exe
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from fffff800033b8e40 to fffff800030d3740
    
    STACK_TEXT:  
    fffff880`02841ad8 fffff800`033b8e40 : 00000000`00000020 00000000`00000000 00000000`0000ffff 00000000`00000000 : nt!KeBugCheckEx
    fffff880`02841ae0 fffff800`0339085b : 00000000`00000000 00000000`00000001 00000000`fffdb000 00000000`00000000 : nt!PspExitThread+0x9a0
    fffff880`02841ba0 fffff800`030d2993 : fffffa80`019659d0 00000000`00000000 00000000`fffdb001 fffffa80`01b1e860 : nt!NtTerminateProcess+0x25b
    fffff880`02841c20 00000000`7732001a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0012e028 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7732001a
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!PspExitThread+9a0
    fffff800`033b8e40 cc              int     3
    
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  nt!PspExitThread+9a0
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9
    
    FAILURE_BUCKET_ID:  X64_0x20_NULLAPC_KAPC_NEGATIVE_nt!PspExitThread+9a0
    
    BUCKET_ID:  X64_0x20_NULLAPC_KAPC_NEGATIVE_nt!PspExitThread+9a0
    fffff800`00bba000 fffff800`00bc4000   kdcom    kdcom.dll    Tue Jul 14 04:31:07 2009 (4A5BDFDB)
    fffff800`0301a000 fffff800`03063000   hal      hal.dll      Tue Jul 14 04:27:36 2009 (4A5BDF08)
    fffff800`03063000 fffff800`0363f000   nt       ntkrnlmp.exe Sat Jun 19 07:16:41 2010 (4C1C44A9)
    fffff880`00c00000 fffff880`00cc0000   CI       CI.dll       Tue Jul 14 04:32:13 2009 (4A5BE01D)
    fffff880`00cc0000 fffff880`00ccf000   WDFLDR   WDFLDR.SYS   Tue Jul 14 02:19:54 2009 (4A5BC11A)
    fffff880`00cdb000 fffff880`00ce8000   mcupdate_AuthenticAMD mcupdate_AuthenticAMD.dll Tue Jul 14 04:29:09 2009 (4A5BDF65)
    fffff880`00ce8000 fffff880`00cfc000   PSHED    PSHED.dll    Tue Jul 14 04:32:23 2009 (4A5BE027)
    fffff880`00cfc000 fffff880`00d5a000   CLFS     CLFS.SYS     Tue Jul 14 02:19:57 2009 (4A5BC11D)
    fffff880`00d5a000 fffff880`00dfe000   Wdf01000 Wdf01000.sys Tue Jul 14 02:22:07 2009 (4A5BC19F)
    fffff880`00e12000 fffff880`00f38000   sptd     sptd.sys     Sun Oct 11 23:55:14 2009 (4AD24632)
    fffff880`00f38000 fffff880`00f41000   WMILIB   WMILIB.SYS   Tue Jul 14 02:19:51 2009 (4A5BC117)
    fffff880`00f41000 fffff880`00f70000   SCSIPORT SCSIPORT.SYS Tue Jul 14 03:01:04 2009 (4A5BCAC0)
    fffff880`00f70000 fffff880`00fc7000   ACPI     ACPI.sys     Tue Jul 14 02:19:34 2009 (4A5BC106)
    fffff880`00fc7000 fffff880`00fd1000   msisadrv msisadrv.sys Tue Jul 14 02:19:26 2009 (4A5BC0FE)
    fffff880`00fd1000 fffff880`00fde000   vdrvroot vdrvroot.sys Tue Jul 14 03:01:31 2009 (4A5BCADB)
    fffff880`01000000 fffff880`0103f000   nvstor64 nvstor64.sys Wed Aug 05 03:31:07 2009 (4A78D2CB)
    fffff880`0103f000 fffff880`0104a000   amdxata  amdxata.sys  Tue May 19 20:56:59 2009 (4A12F2EB)
    fffff880`01050000 fffff880`01083000   pci      pci.sys      Tue Jul 14 02:19:51 2009 (4A5BC117)
    fffff880`01083000 fffff880`01098000   partmgr  partmgr.sys  Tue Jul 14 02:19:58 2009 (4A5BC11E)
    fffff880`01098000 fffff880`010ad000   volmgr   volmgr.sys   Tue Jul 14 02:19:57 2009 (4A5BC11D)
    fffff880`010ad000 fffff880`01109000   volmgrx  volmgrx.sys  unavailable (00000000)
    fffff880`01109000 fffff880`01110000   pciide   pciide.sys   Tue Jul 14 02:19:49 2009 (4A5BC115)
    fffff880`01110000 fffff880`01120000   PCIIDEX  PCIIDEX.SYS  Tue Jul 14 02:19:48 2009 (4A5BC114)
    fffff880`01120000 fffff880`0113a000   mountmgr mountmgr.sys Tue Jul 14 02:19:54 2009 (4A5BC11A)
    fffff880`0113a000 fffff880`01143000   atapi    atapi.sys    Tue Jul 14 02:19:47 2009 (4A5BC113)
    fffff880`01143000 fffff880`0116d000   ataport  ataport.SYS  Tue Jul 14 02:19:52 2009 (4A5BC118)
    fffff880`0116d000 fffff880`01198000   nvstor   nvstor.sys   Wed May 20 09:45:37 2009 (4A13A711)
    fffff880`01198000 fffff880`011fa000   storport storport.sys Tue Jul 14 03:01:18 2009 (4A5BCACE)
    fffff880`01200000 fffff880`0124c000   volsnap  volsnap.sys  Tue Jul 14 02:20:08 2009 (4A5BC128)
    fffff880`0124c000 fffff880`01286000   rdyboost rdyboost.sys Tue Jul 14 02:34:34 2009 (4A5BC48A)
    fffff880`0129b000 fffff880`012e7000   fltmgr   fltmgr.sys   Tue Jul 14 02:19:59 2009 (4A5BC11F)
    fffff880`012e7000 fffff880`012fb000   fileinfo fileinfo.sys Tue Jul 14 02:34:25 2009 (4A5BC481)
    fffff880`012fb000 fffff880`01359000   msrpc    msrpc.sys    unavailable (00000000)
    fffff880`01359000 fffff880`013cc000   cng      cng.sys      Tue Jul 14 02:49:40 2009 (4A5BC814)
    fffff880`01413000 fffff880`015b6000   Ntfs     Ntfs.sys     Tue Jul 14 02:20:47 2009 (4A5BC14F)
    fffff880`015b6000 fffff880`015d0000   ksecdd   ksecdd.sys   Tue Jul 14 02:20:54 2009 (4A5BC156)
    fffff880`015d0000 fffff880`015e1000   pcw      pcw.sys      Tue Jul 14 02:19:27 2009 (4A5BC0FF)
    fffff880`015e1000 fffff880`015eb000   Fs_Rec   Fs_Rec.sys   unavailable (00000000)
    fffff880`01600000 fffff880`0164a000   fwpkclnt fwpkclnt.sys Tue Jul 14 02:21:08 2009 (4A5BC164)
    fffff880`0164a000 fffff880`0165a000   vmstorfl vmstorfl.sys unavailable (00000000)
    fffff880`0165a000 fffff880`01662000   spldr    spldr.sys    Mon May 11 19:56:27 2009 (4A0858BB)
    fffff880`01662000 fffff880`0166b000   hwpolicy hwpolicy.sys Tue Jul 14 02:19:22 2009 (4A5BC0FA)
    fffff880`0166b000 fffff880`0175d000   ndis     ndis.sys     Tue Jul 14 02:21:40 2009 (4A5BC184)
    fffff880`0175d000 fffff880`017bd000   NETIO    NETIO.SYS    Tue Jul 14 02:21:46 2009 (4A5BC18A)
    fffff880`017bd000 fffff880`017e8000   ksecpkg  ksecpkg.sys  Fri Dec 11 08:03:32 2009 (4B21E0B4)
    fffff880`017e8000 fffff880`017fa000   mup      mup.sys      Tue Jul 14 02:23:45 2009 (4A5BC201)
    fffff880`01802000 fffff880`019ff000   tcpip    tcpip.sys    Mon Jun 14 06:39:04 2010 (4C15A458)
    fffff880`01a00000 fffff880`01a09000   Null     Null.SYS     unavailable (00000000)
    fffff880`01a09000 fffff880`01a10000   Beep     Beep.SYS     Tue Jul 14 03:00:13 2009 (4A5BCA8D)
    fffff880`01a10000 fffff880`01a1e000   vga      vga.sys      Tue Jul 14 02:38:47 2009 (4A5BC587)
    fffff880`01a1e000 fffff880`01a43000   VIDEOPRT VIDEOPRT.SYS Tue Jul 14 02:38:51 2009 (4A5BC58B)
    fffff880`01a43000 fffff880`01a53000   watchdog watchdog.sys Tue Jul 14 02:37:35 2009 (4A5BC53F)
    fffff880`01a53000 fffff880`01a5c000   RDPCDD   RDPCDD.sys   Tue Jul 14 03:16:34 2009 (4A5BCE62)
    fffff880`01a5c000 fffff880`01a65000   rdpencdd rdpencdd.sys Tue Jul 14 03:16:34 2009 (4A5BCE62)
    fffff880`01a65000 fffff880`01a6e000   rdprefmp rdprefmp.sys Tue Jul 14 03:16:35 2009 (4A5BCE63)
    fffff880`01a6e000 fffff880`01a79000   Msfs     Msfs.SYS     Tue Jul 14 02:19:47 2009 (4A5BC113)
    fffff880`01a79000 fffff880`01a8a000   Npfs     Npfs.SYS     Tue Jul 14 02:19:48 2009 (4A5BC114)
    fffff880`01a8a000 fffff880`01aa8000   tdx      tdx.sys      Tue Jul 14 02:21:15 2009 (4A5BC16B)
    fffff880`01aa8000 fffff880`01ab5000   TDI      TDI.SYS      Tue Jul 14 02:21:18 2009 (4A5BC16E)
    fffff880`01ae5000 fffff880`01b1f000   fvevol   fvevol.sys   Sat Sep 26 05:34:26 2009 (4ABD7DB2)
    fffff880`01b1f000 fffff880`01b35000   disk     disk.sys     Tue Jul 14 02:19:57 2009 (4A5BC11D)
    fffff880`01b35000 fffff880`01b65000   CLASSPNP CLASSPNP.SYS Tue Jul 14 02:19:58 2009 (4A5BC11E)
    fffff880`01b65000 fffff880`01bb3000   mrxsmb10 mrxsmb10.sys Sat Feb 27 09:52:28 2010 (4B88CF3C)
    fffff880`01bcf000 fffff880`01bf9000   cdrom    cdrom.sys    Tue Jul 14 02:19:54 2009 (4A5BC11A)
    fffff880`02000000 fffff880`0201b000   avgntflt avgntflt.sys Tue Mar 24 16:00:46 2009 (49C8E78E)
    fffff880`0201b000 fffff880`0203c000   WudfPf   WudfPf.sys   Tue Jul 14 03:05:37 2009 (4A5BCBD1)
    fffff880`0203c000 fffff880`02051000   lltdio   lltdio.sys   Tue Jul 14 03:08:50 2009 (4A5BCC92)
    fffff880`02051000 fffff880`020a4000   nwifi    nwifi.sys    Tue Jul 14 03:07:23 2009 (4A5BCC3B)
    fffff880`020a4000 fffff880`020b7000   ndisuio  ndisuio.sys  Tue Jul 14 03:09:25 2009 (4A5BCCB5)
    fffff880`020b7000 fffff880`020cf000   rspndr   rspndr.sys   Tue Jul 14 03:08:50 2009 (4A5BCC92)
    fffff880`020cf000 fffff880`020ed000   bowser   bowser.sys   Tue Jul 14 02:23:50 2009 (4A5BC206)
    fffff880`020ef000 fffff880`02181000   athrxusb athrxusb.sys Mon Jan 29 14:57:10 2007 (45BDEF26)
    fffff880`02181000 fffff880`0218f000   monitor  monitor.sys  Tue Jul 14 02:38:52 2009 (4A5BC58C)
    fffff880`0218f000 fffff880`0219c000   mouhid   mouhid.sys   Tue Jul 14 03:00:20 2009 (4A5BCA94)
    fffff880`0219c000 fffff880`021d2000   fastfat  fastfat.SYS  Tue Jul 14 02:23:28 2009 (4A5BC1F0)
    fffff880`021d2000 fffff880`021f5000   luafv    luafv.sys    Tue Jul 14 02:26:13 2009 (4A5BC295)
    fffff880`03c00000 fffff880`03c51000   rdbss    rdbss.sys    Tue Jul 14 02:24:09 2009 (4A5BC219)
    fffff880`03c51000 fffff880`03c5d000   nsiproxy nsiproxy.sys Tue Jul 14 02:21:02 2009 (4A5BC15E)
    fffff880`03c5d000 fffff880`03c68000   mssmbios mssmbios.sys Tue Jul 14 02:31:10 2009 (4A5BC3BE)
    fffff880`03c68000 fffff880`03c77000   discache discache.sys Tue Jul 14 02:37:18 2009 (4A5BC52E)
    fffff880`03c88000 fffff880`03d12000   afd      afd.sys      Tue Jul 14 02:21:40 2009 (4A5BC184)
    fffff880`03d12000 fffff880`03d57000   netbt    netbt.sys    Tue Jul 14 02:21:28 2009 (4A5BC178)
    fffff880`03d57000 fffff880`03d60000   wfplwf   wfplwf.sys   Tue Jul 14 03:09:26 2009 (4A5BCCB6)
    fffff880`03d60000 fffff880`03d86000   pacer    pacer.sys    Tue Jul 14 03:09:41 2009 (4A5BCCC5)
    fffff880`03d86000 fffff880`03d95000   netbios  netbios.sys  Tue Jul 14 03:09:26 2009 (4A5BCCB6)
    fffff880`03d95000 fffff880`03db2000   serial   serial.sys   Tue Jul 14 03:00:40 2009 (4A5BCAA8)
    fffff880`03db2000 fffff880`03dcd000   wanarp   wanarp.sys   Tue Jul 14 03:10:21 2009 (4A5BCCED)
    fffff880`03dcd000 fffff880`03de1000   termdd   termdd.sys   Tue Jul 14 03:16:36 2009 (4A5BCE64)
    fffff880`03e00000 fffff880`03e56000   USBPORT  USBPORT.SYS  Tue Jul 14 03:06:31 2009 (4A5BCC07)
    fffff880`03e56000 fffff880`03e67000   usbehci  usbehci.sys  Sat Oct 24 07:27:33 2009 (4AE28235)
    fffff880`03e67000 fffff880`03e8b000   HDAudBus HDAudBus.sys Tue Jul 14 03:06:13 2009 (4A5BCBF5)
    fffff880`03ec0000 fffff880`03f43000   csc      csc.sys      Tue Jul 14 02:24:26 2009 (4A5BC22A)
    fffff880`03f43000 fffff880`03f61000   dfsc     dfsc.sys     Tue Jul 14 02:23:44 2009 (4A5BC200)
    fffff880`03f61000 fffff880`03f72000   blbdrive blbdrive.sys Tue Jul 14 02:35:59 2009 (4A5BC4DF)
    fffff880`03f72000 fffff880`03f98000   tunnel   tunnel.sys   Tue Jul 14 03:09:37 2009 (4A5BCCC1)
    fffff880`03f98000 fffff880`03fad000   amdppm   amdppm.sys   Tue Jul 14 02:19:25 2009 (4A5BC0FD)
    fffff880`03fad000 fffff880`03fb5000   ASACPI   ASACPI.sys   Thu May 14 04:25:17 2009 (4A0B72FD)
    fffff880`03fb5000 fffff880`03fd3000   i8042prt i8042prt.sys Tue Jul 14 02:19:57 2009 (4A5BC11D)
    fffff880`03fd3000 fffff880`03fe2000   kbdclass kbdclass.sys Tue Jul 14 02:19:50 2009 (4A5BC116)
    fffff880`03fe2000 fffff880`03fee000   serenum  serenum.sys  Tue Jul 14 03:00:33 2009 (4A5BCAA1)
    fffff880`03fee000 fffff880`03ff9000   usbohci  usbohci.sys  Tue Jul 14 03:06:30 2009 (4A5BCC06)
    fffff880`04000000 fffff880`04043000   ks       ks.sys       Thu Mar 04 06:32:25 2010 (4B8F37D9)
    fffff880`04043000 fffff880`04055000   umbus    umbus.sys    Tue Jul 14 03:06:56 2009 (4A5BCC20)
    fffff880`04055000 fffff880`04078000   mrxsmb20 mrxsmb20.sys Sat Feb 27 09:52:26 2010 (4B88CF3A)
    fffff880`04079000 fffff880`040ca500   nvmf6264 nvmf6264.sys Fri Jul 31 02:48:18 2009 (4A723142)
    fffff880`040cb000 fffff880`041bf000   dxgkrnl  dxgkrnl.sys  Fri Oct 02 04:00:14 2009 (4AC5509E)
    fffff880`041cb000 fffff880`041d6000   rdpbus   rdpbus.sys   Tue Jul 14 03:17:46 2009 (4A5BCEAA)
    fffff880`041d6000 fffff880`041e5000   mouclass mouclass.sys Tue Jul 14 02:19:50 2009 (4A5BC116)
    fffff880`04213000 fffff880`0426d000   usbhub   usbhub.sys   Sat Oct 24 07:28:24 2009 (4AE28268)
    fffff880`0426d000 fffff880`04282000   NDProxy  NDProxy.SYS  Tue Jul 14 03:10:05 2009 (4A5BCCDD)
    fffff880`04282000 fffff880`042bf000   portcls  portcls.sys  Tue Jul 14 03:06:27 2009 (4A5BCC03)
    fffff880`042bf000 fffff880`042e1000   drmk     drmk.sys     Tue Jul 14 04:01:25 2009 (4A5BD8E5)
    fffff880`042e1000 fffff880`04304000   nvhda64v nvhda64v.sys Tue Jun 22 01:07:25 2010 (4C1FE29D)
    fffff880`04304000 fffff880`04312000   crashdmp crashdmp.sys Tue Jul 14 03:01:01 2009 (4A5BCABD)
    fffff880`04312000 fffff880`04351000   dump_nvstor64 dump_nvstor64.sys Wed Aug 05 03:31:07 2009 (4A78D2CB)
    fffff880`04351000 fffff880`04364000   dump_dumpfve dump_dumpfve.sys Tue Jul 14 02:21:51 2009 (4A5BC18F)
    fffff880`04364000 fffff880`0437f000   USBSTOR  USBSTOR.SYS  Tue Jul 14 03:06:34 2009 (4A5BCC0A)
    fffff880`0437f000 fffff880`04380f00   USBD     USBD.SYS     Tue Jul 14 03:06:23 2009 (4A5BCBFF)
    fffff880`04381000 fffff880`0438f000   hidusb   hidusb.sys   Tue Jul 14 03:06:22 2009 (4A5BCBFE)
    fffff880`0438f000 fffff880`043a8000   HIDCLASS HIDCLASS.SYS Tue Jul 14 03:06:21 2009 (4A5BCBFD)
    fffff880`043a8000 fffff880`043b0080   HIDPARSE HIDPARSE.SYS Tue Jul 14 03:06:17 2009 (4A5BCBF9)
    fffff880`043b1000 fffff880`043de000   mrxsmb   mrxsmb.sys   Sat Feb 27 09:52:19 2010 (4B88CF33)
    fffff880`043de000 fffff880`043ed000   npf      npf.sys      Tue Oct 20 21:00:19 2009 (4ADDFAB3)
    fffff880`04600000 fffff880`04605200   ksthunk  ksthunk.sys  Tue Jul 14 03:00:19 2009 (4A5BCA93)
    fffff880`04606000 fffff880`04612000   Dxapi    Dxapi.sys    Tue Jul 14 02:38:28 2009 (4A5BC574)
    fffff880`04612000 fffff880`0461c000   dump_diskdump dump_diskdump.sys Tue Jul 14 03:01:00 2009 (4A5BCABC)
    fffff880`0461d000 fffff880`047ff900   RTKVHD64 RTKVHD64.sys Tue Aug 18 12:29:10 2009 (4A8A7466)
    fffff880`04871000 fffff880`04883000   tcpipreg tcpipreg.sys Tue Jul 14 03:09:49 2009 (4A5BCCCD)
    fffff880`048e1000 fffff880`04987000   peauth   peauth.sys   Tue Jul 14 04:01:19 2009 (4A5BD8DF)
    fffff880`04987000 fffff880`04992000   secdrv   secdrv.SYS   Wed Sep 13 16:18:38 2006 (4508052E)
    fffff880`04992000 fffff880`049bf000   srvnet   srvnet.sys   Tue Jun 22 06:20:32 2010 (4C202C00)
    fffff880`04c00000 fffff880`04c38000   RDPWD    RDPWD.SYS    Tue Jul 14 03:16:47 2009 (4A5BCE6F)
    fffff880`04c52000 fffff880`04cba000   srv2     srv2.sys     Tue Jun 22 06:20:47 2010 (4C202C0F)
    fffff880`04cba000 fffff880`04d50000   srv      srv.sys      Tue Jun 22 06:21:11 2010 (4C202C27)
    fffff880`04d5c000 fffff880`04d8d000   AODDriver2 AODDriver2.sys Thu Apr 22 13:28:05 2010 (4BD024B5)
    fffff880`04d8d000 fffff880`04dbb000   rdpdr    rdpdr.sys    Tue Jul 14 03:18:02 2009 (4A5BCEBA)
    fffff880`04dbb000 fffff880`04dc6000   tdtcp    tdtcp.sys    Tue Jul 14 03:16:32 2009 (4A5BCE60)
    fffff880`04dc6000 fffff880`04dd5000   tssecsrv tssecsrv.sys Tue Jul 14 03:16:41 2009 (4A5BCE69)
    fffff880`0541a000 fffff880`054e2000   HTTP     HTTP.sys     Tue Jul 14 02:22:16 2009 (4A5BC1A8)
    fffff880`054e2000 fffff880`054eb000   Sandra   Sandra.sys   Sat Aug 08 01:44:51 2009 (4A7CAE63)
    fffff880`054f7000 fffff880`05503000   nrtap    nrtap.sys    Tue Sep 01 22:10:01 2009 (4A9D7189)
    fffff880`0f200000 fffff880`0f245000   aoig0wxr aoig0wxr.SYS Wed Jul 15 00:12:55 2009 (4A5CF4D7)
    fffff880`0f245000 fffff880`0f255000   CompositeBus CompositeBus.sys Tue Jul 14 03:00:33 2009 (4A5BCAA1)
    fffff880`0f255000 fffff880`0f26b000   AgileVpn AgileVpn.sys Tue Jul 14 03:10:24 2009 (4A5BCCF0)
    fffff880`0f26b000 fffff880`0f28f000   rasl2tp  rasl2tp.sys  Tue Jul 14 03:10:11 2009 (4A5BCCE3)
    fffff880`0f28f000 fffff880`0f29b000   ndistapi ndistapi.sys Tue Jul 14 03:10:00 2009 (4A5BCCD8)
    fffff880`0f29b000 fffff880`0f2ca000   ndiswan  ndiswan.sys  Tue Jul 14 03:10:11 2009 (4A5BCCE3)
    fffff880`0f2ca000 fffff880`0f2e5000   raspppoe raspppoe.sys Tue Jul 14 03:10:17 2009 (4A5BCCE9)
    fffff880`0f2e5000 fffff880`0ff76e00   nvlddmkm nvlddmkm.sys Sat Jul 10 00:15:58 2010 (4C37918E)
    fffff880`0ff77000 fffff880`0ff78180   nvBridge nvBridge.kmd Sat Jul 10 00:07:54 2010 (4C378FAA)
    fffff880`0ff79000 fffff880`0ffbf000   dxgmms1  dxgmms1.sys  Tue Jul 14 02:38:32 2009 (4A5BC578)
    fffff880`0ffbf000 fffff880`0ffe0000   raspptp  raspptp.sys  Tue Jul 14 03:10:18 2009 (4A5BCCEA)
    fffff880`0ffe0000 fffff880`0fffa000   rassstp  rassstp.sys  Tue Jul 14 03:10:25 2009 (4A5BCCF1)
    fffff880`0fffa000 fffff880`0fffb480   swenum   swenum.sys   Tue Jul 14 03:00:18 2009 (4A5BCA92)
    fffff960`000c0000 fffff960`003cf000   win32k   win32k.sys   Sat Jun 19 07:31:59 2010 (4C1C483F)
    fffff960`00560000 fffff960`0056a000   TSDDD    TSDDD.dll    unavailable (00000000)
    fffff960`006c0000 fffff960`006e7000   cdd      cdd.dll      unavailable (00000000)
    
    Unloaded modules:
    fffff880`054eb000 fffff880`054f7000   nrtap.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000C000
    fffff880`04d50000 fffff880`04d5c000   nrtap.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000C000
    fffff880`04800000 fffff880`04871000   spsys.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00071000
    fffff880`041bf000 fffff880`041cb000   nrtap.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000C000
    fffff880`01b65000 fffff880`01b73000   crashdmp.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000E000
    fffff880`01b73000 fffff880`01b7d000   dump_storpor
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000A000
    fffff880`01b7d000 fffff880`01bbc000   dump_nvstor6
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0003F000
    fffff880`01bbc000 fffff880`01bcf000   dump_dumpfve
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00013000
    
    
    
     
    #2 cybercore, Oct 16, 2010
    Last edited: Oct 16, 2010

Share This Page

Loading...