nicolasprieur
New Member
- Joined
- Feb 28, 2011
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\022811-22542-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
BugCheck F7, {2b9906a3f610, 2b992ddfa232, ffffd466d2205dcd, 0}
Probably caused by : msrpc.sys ( msrpc!_report_gsfailure+26 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00002b9906a3f610, Actual security check cookie from the stack
Arg2: 00002b992ddfa232, Expected security check cookie
Arg3: ffffd466d2205dcd, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME
SECURITY_COOKIE: Expected 00002b992ddfa232 found 00002b9906a3f610
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0xF7
PROCESS_NAME: conhost.exe
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff88006a3f0e8 -- (.exr 0xfffff88006a3f0e8)
ExceptionAddress: fffff80002aaac18 (nt!IopCompleteRequest+0x0000000000000c85)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff88006a3f190 -- (.trap 0xfffff88006a3f190)
Unable to read trap frame at fffff880`06a3f190
LAST_CONTROL_TRANSFER: from fffff88001079616 to fffff80002a8af00
STACK_TEXT:
fffff880`06a3e188 fffff880`01079616 : 00000000`000000f7 00002b99`06a3f610 00002b99`2ddfa232 ffffd466`d2205dcd : nt!KeBugCheckEx
fffff880`06a3e190 fffff880`010796b7 : fffff800`02c978b8 fffff800`02a9206c fffff800`02bd47dc fffff880`06a3f0e8 : msrpc!_report_gsfailure+0x26
fffff880`06a3e1d0 fffff800`02ab0bed : fffff880`0108ce34 fffff880`01085dc0 fffff880`01078000 fffff880`06a3f0e8 : msrpc!_GSHandlerCheck+0x13
fffff880`06a3e200 fffff800`02ab8250 : fffff880`01085e6c fffff880`06a3e278 fffff880`06a3f0e8 fffff880`01078000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`06a3e230 fffff800`02ac51b5 : fffff880`06a3f0e8 fffff880`06a3e940 fffff880`00000000 00000000`00000000 : nt!RtlDispatchException+0x410
fffff880`06a3e910 fffff800`02a8a542 : fffff880`06a3f0e8 fffffa80`05ff97c0 fffff880`06a3f190 00000000`00000000 : nt!KiDispatchException+0x135
fffff880`06a3efb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
STACK_COMMAND: kb
FOLLOWUP_IP:
msrpc!_report_gsfailure+26
fffff880`01079616 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: msrpc!_report_gsfailure+26
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msrpc
IMAGE_NAME: msrpc.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc17c
FAILURE_BUCKET_ID: X64_0xF7_MISSING_GSFRAME_msrpc!_report_gsfailure+26
BUCKET_ID: X64_0xF7_MISSING_GSFRAME_msrpc!_report_gsfailure+26
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\022811-20966-01.dmp]
BugCheck A, {0, 2, 0, fffff80002ae6a83}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002ae6a83, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cfd0e0
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopCompleteRequest+ae3
fffff800`02ae6a83 488b09 mov rcx,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: BCSSync.exe
IRP_ADDRESS: 0000000100000009
TRAP_FRAME: fffff88007f90190 -- (.trap 0xfffff88007f90190)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff88007f903f8 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ae6a83 rsp=fffff88007f90320 rbp=0000000000000000
r8=fffffa8005ee4680 r9=fffff88007f90420 r10=0000000000000002
r11=fffffa8005d6e390 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
nt!IopCompleteRequest+0xae3:
fffff800`02ae6a83 488b09 mov rcx,qword ptr [rcx] ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ac6469 to fffff80002ac6f00
STACK_TEXT:
fffff880`07f90048 fffff800`02ac6469 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`07f90050 fffff800`02ac50e0 : fffffa80`0594d060 fffffa80`06104de0 fffffa80`05e7c890 00000000`00000002 : nt!KiBugCheckDispatch+0x69
fffff880`07f90190 fffff800`02ae6a83 : fffffa80`05e7c890 fffff800`02accdda 00000000`00000200 fffff880`07f903d1 : nt!KiPageFault+0x260
fffff880`07f90320 00000000`00000200 : 00000001`00000081 fffff880`07f903f8 fffff880`07f903f8 0050e0c2`00000000 : nt!IopCompleteRequest+0xae3
fffff880`07f903f0 00000001`00000081 : fffff880`07f903f8 fffff880`07f903f8 0050e0c2`00000000 fffff880`07f90488 : 0x200
fffff880`07f903f8 fffff880`07f903f8 : fffff880`07f903f8 0050e0c2`00000000 fffff880`07f90488 fffff800`02bf0000 : 0x1`00000081
fffff880`07f90400 fffff880`07f903f8 : 0050e0c2`00000000 fffff880`07f90488 fffff800`02bf0000 00000000`00000000 : 0xfffff880`07f903f8
fffff880`07f90408 0050e0c2`00000000 : fffff880`07f90488 fffff800`02bf0000 00000000`00000000 00000000`00000000 : 0xfffff880`07f903f8
fffff880`07f90410 fffff880`07f90488 : fffff800`02bf0000 00000000`00000000 00000000`00000000 00000000`000000e2 : 0x50e0c2`00000000
fffff880`07f90418 fffff800`02bf0000 : 00000000`00000000 00000000`00000000 00000000`000000e2 fffff880`009ef380 : 0xfffff880`07f90488
fffff880`07f90420 00000000`00000000 : fffffa80`036592a0 fffff880`009ed180 fffff880`07f90d00 00000000`00000000 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageInsert+0x130
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`02ac50e0 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600
FAILURE_BUCKET_ID: X64_0xA_nt!KiPageFault+260
BUCKET_ID: X64_0xA_nt!KiPageFault+260
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\022811-21278-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002ad94d8, fffff880059a2a20, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiTryUnwaitThread+28 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002ad94d8, Address of the instruction which caused the bugcheck
Arg3: fffff880059a2a20, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>
FAULTING_IP:
nt!KiTryUnwaitThread+28
fffff800`02ad94d8 f0480fba6b4000 lock bts qword ptr [rbx+40h],0
CONTEXT: fffff880059a2a20 -- (.cxr 0xfffff880059a2a20)
rax=fffff880059a33f8 rbx=01000000003cfa00 rcx=fffff880009ed180
rdx=fffffa8003669601 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ad94d8 rsp=fffff880059a3400 rbp=fffff880059a35b0
r8=0000000000000100 r9=0000000000000000 r10=0000000000000002
r11=fffffa8005ab4140 r12=0000000000000000 r13=0000000000000000
r14=fffffa8006191060 r15=fffff880009ed180
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!KiTryUnwaitThread+0x28:
fffff800`02ad94d8 f0480fba6b4000 lock bts qword ptr [rbx+40h],0 ds:002b:01000000`003cfa40=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: rundll32.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002ad94d8
STACK_TEXT:
fffff880`059a3400 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiTryUnwaitThread+0x28
FOLLOWUP_IP:
nt!KiTryUnwaitThread+28
fffff800`02ad94d8 f0480fba6b4000 lock bts qword ptr [rbx+40h],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiTryUnwaitThread+28
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc600
STACK_COMMAND: .cxr 0xfffff880059a2a20 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!KiTryUnwaitThread+28
BUCKET_ID: X64_0x3B_nt!KiTryUnwaitThread+28
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\022811-28813-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
BugCheck D1, {fffff88006947740, 2, 0, fffff88000dd6c50}
Probably caused by : ataport.SYS ( ataport!IdeLogCrbActive+bc )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff88006947740, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88000dd6c50, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cbd0e0
fffff88006947740
CURRENT_IRQL: 2
FAULTING_IP:
ataport!IdeLogCrbActive+bc
fffff880`00dd6c50 f30f6f4148 movdqu xmm0,xmmword ptr [rcx+48h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff88002f1b4b0 -- (.trap 0xfffff88002f1b4b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80061544b0 rbx=0000000000000000 rcx=fffff880069476f0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88000dd6c50 rsp=fffff88002f1b640 rbp=0000000000000001
r8=0000000000000000 r9=0000000000000000 r10=fffffa800417cee0
r11=fffff88002f1b770 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
ataport!IdeLogCrbActive+0xbc:
fffff880`00dd6c50 f30f6f4148 movdqu xmm0,xmmword ptr [rcx+48h] ds:13f0:fffff880`06947738=????????????????????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a86469 to fffff80002a86f00
STACK_TEXT:
fffff880`02f1b368 fffff800`02a86469 : 00000000`0000000a fffff880`06947740 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`02f1b370 fffff800`02a850e0 : 00000000`00000001 fffffa80`0417f8e8 fffffa80`040071a0 fffff880`00deb1a0 : nt!KiBugCheckDispatch+0x69
fffff880`02f1b4b0 fffff880`00dd6c50 : fffffa80`0366adc0 00000000`00000000 fffffa80`0417e1b0 00000000`00000001 : nt!KiPageFault+0x260
fffff880`02f1b640 fffff880`00de0c71 : fffffa80`038740f8 fffffa80`040071a0 fffffa80`03874010 fffffa80`040071a0 : ataport!IdeLogCrbActive+0xbc
fffff880`02f1b670 fffff800`02ff69ce : fffffa80`038740f8 00000000`00000018 00000000`00000000 00000000`00000001 : ataport!IdeStartIoCallBack+0xc9
fffff880`02f1b7e0 fffff800`02ff713d : fffffa80`0414bd40 fffffa80`04150ea0 fffffa80`04150e00 00000000`00000000 : hal!HalpAllocateAdapterCallback+0x146
fffff880`02f1b880 fffff800`02ff671f : fffffa80`038740b0 00000000`00000200 fffffa80`04150ea0 fffffa80`05b0e450 : hal!HalAllocateAdapterChannel+0x101
fffff880`02f1b8c0 fffff880`00c5d0d3 : fffffa80`03874010 fffff880`00c5d12c fffffa80`000000a0 fffffa80`04150ea0 : hal!HalBuildScatterGatherList+0x2f3
fffff880`02f1b930 fffff880`00de0b3b : fffffa80`03874010 fffffa80`0417e1b0 fffffa80`040071a0 fffffa80`03874010 : PCIIDEX!BmSetup+0x6b
fffff880`02f1b990 fffff880`00ddf7eb : fffffa80`04008500 fffffa80`0417e1b0 fffffa80`04008500 fffffa80`040071a0 : ataport!IdeDispatchChannelRequest+0xef
fffff880`02f1b9c0 fffff880`00ddf31e : 00000000`00000001 fffffa80`03874010 00000000`00000001 fffffa80`03874010 : ataport!IdeStartChannelRequest+0x113
fffff880`02f1ba40 fffff880`00de1582 : fffffa80`036e2c01 00000000`00000000 fffffa80`0417e1b0 fffffa80`03869680 : ataport!IdeStartNextDeviceRequest+0x18e
fffff880`02f1bae0 fffff880`00de10ec : fffffa80`040071a0 00000000`00000000 fffffa80`040071a0 fffffa80`03869680 : ataport!IdeProcessCompletedRequests+0x26a
fffff880`02f1bc10 fffff800`02a925dc : fffff880`009ed180 00000000`0fd31f0c fffffa80`04007050 fffffa80`04007118 : ataport!IdePortCompletionDpc+0x1a8
fffff880`02f1bcd0 fffff800`02a8f6fa : fffff880`009ed180 fffff880`009f7f40 00000000`00000000 fffff880`00de0f44 : nt!KiRetireDpcList+0x1bc
fffff880`02f1bd80 00000000`00000000 : fffff880`02f1c000 fffff880`02f16000 fffff880`02f1bd40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
ataport!IdeLogCrbActive+bc
fffff880`00dd6c50 f30f6f4148 movdqu xmm0,xmmword ptr [rcx+48h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: ataport!IdeLogCrbActive+bc
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ataport
IMAGE_NAME: ataport.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc118
FAILURE_BUCKET_ID: X64_0xD1_ataport!IdeLogCrbActive+bc
BUCKET_ID: X64_0xD1_ataport!IdeLogCrbActive+bc
Followup: MachineOwner
---------
start end module name
fffff880`03b69000 fffff880`03ba7000 1394ohci 1394ohci.sys Tue Jul 14 04:07:12 2009 (4A5BCC30)
fffff880`00e00000 fffff880`00e57000 ACPI ACPI.sys Tue Jul 14 03:19:34 2009 (4A5BC106)
fffff880`01951000 fffff880`019db000 afd afd.sys Tue Jul 14 03:21:40 2009 (4A5BC184)
fffff880`0402b000 fffff880`04041000 AgileVpn AgileVpn.sys Tue Jul 14 04:10:24 2009 (4A5BCCF0)
fffff880`00c8f000 fffff880`00c9a000 amdxata amdxata.sys Tue May 19 21:56:59 2009 (4A12F2EB)
fffff880`00c86000 fffff880`00c8f000 atapi atapi.sys Tue Jul 14 03:19:47 2009 (4A5BC113)
fffff880`00dd5000 fffff880`00dff000 ataport ataport.SYS Tue Jul 14 03:19:52 2009 (4A5BC118)
fffff960`00880000 fffff960`008e1000 ATMFD ATMFD.DLL unavailable (00000000)
fffff880`03d89000 fffff880`03dd1000 b57nd60a b57nd60a.sys Sun Apr 26 15:14:55 2009 (49F4422F)
fffff880`00db4000 fffff880`00dc0000 BATTC BATTC.SYS Tue Jul 14 03:31:01 2009 (4A5BC3B5)
fffff880`03c38000 fffff880`03d7c000 bcmwl664 bcmwl664.sys Fri Mar 27 04:06:57 2009 (49CC26B1)
fffff880`018a5000 fffff880`018ac000 Beep Beep.SYS Tue Jul 14 04:00:13 2009 (4A5BCA8D)
fffff880`02cb0000 fffff880`02cc1000 blbdrive blbdrive.sys Tue Jul 14 03:35:59 2009 (4A5BC4DF)
fffff880`0657f000 fffff880`0659d000 bowser bowser.sys Tue Jul 14 03:23:50 2009 (4A5BC206)
fffff880`03908000 fffff880`03918000 BthEnum BthEnum.sys Tue Jul 14 04:06:52 2009 (4A5BCC1C)
fffff880`03918000 fffff880`03938000 bthpan bthpan.sys Tue Jul 14 04:07:00 2009 (4A5BCC24)
fffff880`03850000 fffff880`038dc000 bthport bthport.sys Tue Jul 14 04:06:56 2009 (4A5BCC20)
fffff880`00c9a000 fffff880`00cb2000 BTHUSB BTHUSB.sys Tue Jul 14 04:06:52 2009 (4A5BCC1C)
fffff960`00640000 fffff960`00667000 cdd cdd.dll unavailable (00000000)
fffff880`01872000 fffff880`0189c000 cdrom cdrom.sys Tue Jul 14 03:19:54 2009 (4A5BC11A)
fffff880`00e7a000 fffff880`00f3a000 CI CI.dll Tue Jul 14 05:32:13 2009 (4A5BE01D)
fffff880`0180c000 fffff880`0183c000 CLASSPNP CLASSPNP.SYS Tue Jul 14 03:19:58 2009 (4A5BC11E)
fffff880`00d0e000 fffff880`00d6c000 CLFS CLFS.SYS Tue Jul 14 03:19:57 2009 (4A5BC11D)
fffff880`0400d000 fffff880`04011500 CmBatt CmBatt.sys Tue Jul 14 03:31:03 2009 (4A5BC3B7)
fffff880`0114c000 fffff880`011bf000 cng cng.sys Tue Jul 14 03:49:40 2009 (4A5BC814)
fffff880`00fed000 fffff880`00ff6000 compbatt compbatt.sys Tue Jul 14 03:31:02 2009 (4A5BC3B6)
fffff880`0401b000 fffff880`0402b000 CompositeBus CompositeBus.sys Tue Jul 14 04:00:33 2009 (4A5BCAA1)
fffff880`04265000 fffff880`04273000 crashdmp crashdmp.sys Tue Jul 14 04:01:01 2009 (4A5BCABD)
fffff880`02c0f000 fffff880`02c92000 csc csc.sys Tue Jul 14 03:24:26 2009 (4A5BC22A)
fffff880`02c92000 fffff880`02cb0000 dfsc dfsc.sys Tue Jul 14 03:23:44 2009 (4A5BC200)
fffff880`02c00000 fffff880`02c0f000 discache discache.sys Tue Jul 14 03:37:18 2009 (4A5BC52E)
fffff880`0121b000 fffff880`01231000 disk disk.sys Tue Jul 14 03:19:57 2009 (4A5BC11D)
fffff880`0423d000 fffff880`0425f000 drmk drmk.sys Tue Jul 14 05:01:25 2009 (4A5BD8E5)
fffff880`0427f000 fffff880`04288000 dump_atapi dump_atapi.sys Tue Jul 14 03:19:47 2009 (4A5BC113)
fffff880`04273000 fffff880`0427f000 dump_dumpata dump_dumpata.sys Tue Jul 14 03:19:47 2009 (4A5BC113)
fffff880`04288000 fffff880`0429b000 dump_dumpfve dump_dumpfve.sys Tue Jul 14 03:21:51 2009 (4A5BC18F)
fffff880`0429b000 fffff880`042a7000 Dxapi Dxapi.sys Tue Jul 14 03:38:28 2009 (4A5BC574)
fffff880`03a51000 fffff880`03b45000 dxgkrnl dxgkrnl.sys Tue Jul 14 03:38:56 2009 (4A5BC590)
fffff880`0fe00000 fffff880`0fe46000 dxgmms1 dxgmms1.sys Tue Jul 14 03:38:32 2009 (4A5BC578)
fffff880`010da000 fffff880`010ee000 fileinfo fileinfo.sys Tue Jul 14 03:34:25 2009 (4A5BC481)
fffff880`0108e000 fffff880`010da000 fltmgr fltmgr.sys Tue Jul 14 03:19:59 2009 (4A5BC11F)
fffff880`01211000 fffff880`0121b000 Fs_Rec Fs_Rec.sys Tue Jul 14 03:19:45 2009 (4A5BC111)
fffff880`011bf000 fffff880`011f9000 fvevol fvevol.sys Tue Jul 14 03:22:15 2009 (4A5BC1A7)
fffff880`0142b000 fffff880`01475000 fwpkclnt fwpkclnt.sys Tue Jul 14 03:21:08 2009 (4A5BC164)
fffff880`04000000 fffff880`0400d000 GEARAspiWDM GEARAspiWDM.sys Mon May 18 16:17:04 2009 (4A1151C0)
fffff800`02ff2000 fffff800`0303b000 hal hal.dll Tue Jul 14 05:27:36 2009 (4A5BDF08)
fffff880`03b45000 fffff880`03b69000 HDAudBus HDAudBus.sys Tue Jul 14 04:06:13 2009 (4A5BCBF5)
fffff880`04389000 fffff880`043e5000 HdAudio HdAudio.sys Tue Jul 14 04:06:59 2009 (4A5BCC23)
fffff880`03946000 fffff880`0395f000 HIDCLASS HIDCLASS.SYS Tue Jul 14 04:06:21 2009 (4A5BCBFD)
fffff880`0395f000 fffff880`03967080 HIDPARSE HIDPARSE.SYS Tue Jul 14 04:06:17 2009 (4A5BCBF9)
fffff880`03938000 fffff880`03946000 hidusb hidusb.sys Tue Jul 14 04:06:22 2009 (4A5BCBFE)
fffff880`064b7000 fffff880`0657f000 HTTP HTTP.sys Tue Jul 14 03:22:16 2009 (4A5BC1A8)
fffff880`0148d000 fffff880`01496000 hwpolicy hwpolicy.sys Tue Jul 14 03:19:22 2009 (4A5BC0FA)
fffff880`03c00000 fffff880`03c1e000 i8042prt i8042prt.sys Tue Jul 14 03:19:57 2009 (4A5BC11D)
fffff880`00ff6000 fffff880`00ffe000 intelide intelide.sys Tue Jul 14 03:19:48 2009 (4A5BC114)
fffff880`03a3b000 fffff880`03a51000 intelppm intelppm.sys Tue Jul 14 03:19:25 2009 (4A5BC0FD)
fffff880`041eb000 fffff880`041fa000 kbdclass kbdclass.sys Tue Jul 14 03:19:50 2009 (4A5BC116)
fffff880`03968000 fffff880`03976000 kbdhid kbdhid.sys Tue Jul 14 04:00:20 2009 (4A5BCA94)
fffff800`00bb2000 fffff800`00bb5000 kdcom kdcom.dll Thu Feb 17 14:33:32 2011 (4D5D078C)
fffff880`042c5000 fffff880`04308000 ks ks.sys Tue Jul 14 04:00:31 2009 (4A5BCA9F)
fffff880`013e3000 fffff880`013fd000 ksecdd ksecdd.sys Tue Jul 14 03:20:54 2009 (4A5BC156)
fffff880`01400000 fffff880`0142b000 ksecpkg ksecpkg.sys Tue Jul 14 03:50:34 2009 (4A5BC84A)
fffff880`0425f000 fffff880`04264200 ksthunk ksthunk.sys Tue Jul 14 04:00:19 2009 (4A5BCA93)
fffff880`039c7000 fffff880`039dc000 lltdio lltdio.sys Tue Jul 14 04:08:50 2009 (4A5BCC92)
fffff880`03983000 fffff880`039a6000 luafv luafv.sys Tue Jul 14 03:26:13 2009 (4A5BC295)
fffff880`00cb6000 fffff880`00cfa000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Tue Jul 14 05:29:10 2009 (4A5BDF66)
fffff880`043e5000 fffff880`043f3000 monitor monitor.sys Tue Jul 14 03:38:52 2009 (4A5BC58C)
fffff880`041dc000 fffff880`041eb000 mouclass mouclass.sys Tue Jul 14 03:19:50 2009 (4A5BC116)
fffff880`03976000 fffff880`03983000 mouhid mouhid.sys Tue Jul 14 04:00:20 2009 (4A5BCA94)
fffff880`00c6c000 fffff880`00c86000 mountmgr mountmgr.sys Tue Jul 14 03:19:54 2009 (4A5BC11A)
fffff880`0659d000 fffff880`065b5000 mpsdrv mpsdrv.sys Tue Jul 14 04:08:25 2009 (4A5BCC79)
fffff880`065b5000 fffff880`065e1000 mrxsmb mrxsmb.sys Tue Jul 14 03:23:59 2009 (4A5BC20F)
fffff880`03800000 fffff880`0384d000 mrxsmb10 mrxsmb10.sys Tue Jul 14 03:24:08 2009 (4A5BC218)
fffff880`06400000 fffff880`06423000 mrxsmb20 mrxsmb20.sys Tue Jul 14 03:24:05 2009 (4A5BC215)
fffff880`0190a000 fffff880`01915000 Msfs Msfs.SYS Tue Jul 14 03:19:47 2009 (4A5BC113)
fffff880`00e60000 fffff880`00e6a000 msisadrv msisadrv.sys Tue Jul 14 03:19:26 2009 (4A5BC0FE)
fffff880`010ee000 fffff880`0114c000 msrpc msrpc.sys Tue Jul 14 03:21:32 2009 (4A5BC17C)
fffff880`02deb000 fffff880`02df6000 mssmbios mssmbios.sys Tue Jul 14 03:31:10 2009 (4A5BC3BE)
fffff880`015ed000 fffff880`015ff000 mup mup.sys Tue Jul 14 03:23:45 2009 (4A5BC201)
fffff880`0149b000 fffff880`0158d000 ndis ndis.sys Tue Jul 14 03:21:40 2009 (4A5BC184)
fffff880`04065000 fffff880`04071000 ndistapi ndistapi.sys Tue Jul 14 04:10:00 2009 (4A5BCCD8)
fffff880`0648c000 fffff880`0649f000 ndisuio ndisuio.sys Tue Jul 14 04:09:25 2009 (4A5BCCB5)
fffff880`03ba7000 fffff880`03bd6000 ndiswan ndiswan.sys Tue Jul 14 04:10:11 2009 (4A5BCCE3)
fffff880`04374000 fffff880`04389000 NDProxy NDProxy.SYS Tue Jul 14 04:10:05 2009 (4A5BCCDD)
fffff880`02d50000 fffff880`02d5f000 netbios netbios.sys Tue Jul 14 04:09:26 2009 (4A5BCCB6)
fffff880`02cc6000 fffff880`02d0b000 netbt netbt.sys Tue Jul 14 03:21:28 2009 (4A5BC178)
fffff880`0158d000 fffff880`015ed000 NETIO NETIO.SYS Tue Jul 14 03:21:46 2009 (4A5BC18A)
fffff880`01915000 fffff880`01926000 Npfs Npfs.SYS Tue Jul 14 03:19:48 2009 (4A5BC114)
fffff880`02ddf000 fffff880`02deb000 nsiproxy nsiproxy.sys Tue Jul 14 03:21:02 2009 (4A5BC15E)
fffff800`02a15000 fffff800`02ff2000 nt ntkrnlmp.exe Tue Jul 14 03:40:48 2009 (4A5BC600)
fffff880`01240000 fffff880`013e3000 Ntfs Ntfs.sys Tue Jul 14 03:20:47 2009 (4A5BC14F)
fffff880`0189c000 fffff880`018a5000 Null Null.SYS Tue Jul 14 03:19:37 2009 (4A5BC109)
fffff880`10bf7000 fffff880`10bf8180 nvBridge nvBridge.kmd Thu May 13 01:43:42 2010 (4BEB210E)
fffff880`0fec7000 fffff880`10bf6600 nvlddmkm nvlddmkm.sys Thu May 13 02:24:24 2010 (4BEB2A98)
fffff880`06439000 fffff880`0648c000 nwifi nwifi.sys Tue Jul 14 04:07:23 2009 (4A5BCC3B)
fffff880`02d14000 fffff880`02d3a000 pacer pacer.sys Tue Jul 14 04:09:41 2009 (4A5BCCC5)
fffff880`00d9f000 fffff880`00db4000 partmgr partmgr.sys Tue Jul 14 03:19:58 2009 (4A5BC11E)
fffff880`00d6c000 fffff880`00d9f000 pci pci.sys Tue Jul 14 03:19:51 2009 (4A5BC117)
fffff880`00c5c000 fffff880`00c6c000 PCIIDEX PCIIDEX.SYS Tue Jul 14 03:19:48 2009 (4A5BC114)
fffff880`01200000 fffff880`01211000 pcw pcw.sys Tue Jul 14 03:19:27 2009 (4A5BC0FF)
fffff880`06e8c000 fffff880`06f32000 peauth peauth.sys Tue Jul 14 05:01:19 2009 (4A5BD8DF)
fffff880`04200000 fffff880`0423d000 portcls portcls.sys Tue Jul 14 04:06:27 2009 (4A5BCC03)
fffff880`00cfa000 fffff880`00d0e000 PSHED PSHED.dll Tue Jul 14 05:32:23 2009 (4A5BE027)
fffff880`04041000 fffff880`04065000 rasl2tp rasl2tp.sys Tue Jul 14 04:10:11 2009 (4A5BCCE3)
fffff880`03bd6000 fffff880`03bf1000 raspppoe raspppoe.sys Tue Jul 14 04:10:17 2009 (4A5BCCE9)
fffff880`019db000 fffff880`019fc000 raspptp raspptp.sys Tue Jul 14 04:10:18 2009 (4A5BCCEA)
fffff880`03c1e000 fffff880`03c38000 rassstp rassstp.sys Tue Jul 14 04:10:25 2009 (4A5BCCF1)
fffff880`02d8e000 fffff880`02ddf000 rdbss rdbss.sys Tue Jul 14 03:24:09 2009 (4A5BC219)
fffff880`04071000 fffff880`0407c000 rdpbus rdpbus.sys Tue Jul 14 04:17:46 2009 (4A5BCEAA)
fffff880`018ef000 fffff880`018f8000 RDPCDD RDPCDD.sys Tue Jul 14 04:16:34 2009 (4A5BCE62)
fffff880`018f8000 fffff880`01901000 rdpencdd rdpencdd.sys Tue Jul 14 04:16:34 2009 (4A5BCE62)
fffff880`01901000 fffff880`0190a000 rdprefmp rdprefmp.sys Tue Jul 14 04:16:35 2009 (4A5BCE63)
fffff880`0104c000 fffff880`01086000 rdyboost rdyboost.sys Tue Jul 14 03:34:34 2009 (4A5BC48A)
fffff880`038dc000 fffff880`03908000 rfcomm rfcomm.sys Tue Jul 14 04:06:56 2009 (4A5BCC20)
fffff880`0649f000 fffff880`064b7000 rspndr rspndr.sys Tue Jul 14 04:08:50 2009 (4A5BCC92)
fffff880`03dd1000 fffff880`03df1000 sdbus sdbus.sys Tue Jul 14 03:31:10 2009 (4A5BC3BE)
fffff880`06f32000 fffff880`06f3d000 secdrv secdrv.SYS Wed Sep 13 17:18:38 2006 (4508052E)
fffff880`01485000 fffff880`0148d000 spldr spldr.sys Mon May 11 20:56:27 2009 (4A0858BB)
fffff880`06e00000 fffff880`06e71000 spsys spsys.sys Mon May 11 21:20:58 2009 (4A085E7A)
fffff880`07203000 fffff880`0729b000 srv srv.sys Tue Jul 14 03:25:11 2009 (4A5BC257)
fffff880`06f7c000 fffff880`06fe5000 srv2 srv2.sys Tue Jul 14 03:25:02 2009 (4A5BC24E)
fffff880`06f3d000 fffff880`06f6a000 srvnet srvnet.sys Tue Jul 14 03:24:58 2009 (4A5BC24A)
fffff880`041fa000 fffff880`041fb480 swenum swenum.sys Tue Jul 14 04:00:18 2009 (4A5BCA92)
fffff880`0407d000 fffff880`041da000 SynTP SynTP.sys Thu Dec 23 06:20:47 2010 (4D12C00F)
fffff880`01602000 fffff880`017ff000 tcpip tcpip.sys Tue Jul 14 03:25:34 2009 (4A5BC26E)
fffff880`06f6a000 fffff880`06f7c000 tcpipreg tcpipreg.sys Tue Jul 14 04:09:49 2009 (4A5BCCCD)
fffff880`01944000 fffff880`01951000 TDI TDI.SYS Tue Jul 14 03:21:18 2009 (4A5BC16E)
fffff880`01926000 fffff880`01944000 tdx tdx.sys Tue Jul 14 03:21:15 2009 (4A5BC16B)
fffff880`02d7a000 fffff880`02d8e000 termdd termdd.sys Tue Jul 14 04:16:36 2009 (4A5BCE64)
fffff960`005b0000 fffff960`005ba000 TSDDD TSDDD.dll unavailable (00000000)
fffff880`03a15000 fffff880`03a3b000 tunnel tunnel.sys Tue Jul 14 04:09:37 2009 (4A5BCCC1)
fffff880`04308000 fffff880`0431a000 umbus umbus.sys Tue Jul 14 04:06:56 2009 (4A5BCC20)
fffff880`042a7000 fffff880`042c4000 usbccgp usbccgp.sys Tue Jul 14 04:06:45 2009 (4A5BCC15)
fffff880`041da000 fffff880`041dbf00 USBD USBD.SYS Tue Jul 14 04:06:23 2009 (4A5BCBFF)
fffff880`0fea9000 fffff880`0feba000 usbehci usbehci.sys Tue Jul 14 04:06:30 2009 (4A5BCC06)
fffff880`0431a000 fffff880`04374000 usbhub usbhub.sys Tue Jul 14 04:07:09 2009 (4A5BCC2D)
fffff880`0fe53000 fffff880`0fea9000 USBPORT USBPORT.SYS Tue Jul 14 04:06:31 2009 (4A5BCC07)
fffff880`0fe46000 fffff880`0fe53000 usbuhci usbuhci.sys Tue Jul 14 04:06:27 2009 (4A5BCC03)
fffff880`0183c000 fffff880`01869100 usbvideo usbvideo.sys Tue Jul 14 04:07:00 2009 (4A5BCC24)
fffff880`00e6a000 fffff880`00e77000 vdrvroot vdrvroot.sys Tue Jul 14 04:01:31 2009 (4A5BCADB)
fffff880`018ac000 fffff880`018ba000 vga vga.sys Tue Jul 14 03:38:47 2009 (4A5BC587)
fffff880`018ba000 fffff880`018df000 VIDEOPRT VIDEOPRT.SYS Tue Jul 14 03:38:51 2009 (4A5BC58B)
fffff880`01475000 fffff880`01485000 vmstorfl vmstorfl.sys Tue Jul 14 03:42:54 2009 (4A5BC67E)
fffff880`00dc0000 fffff880`00dd5000 volmgr volmgr.sys Tue Jul 14 03:19:57 2009 (4A5BC11D)
fffff880`00c00000 fffff880`00c5c000 volmgrx volmgrx.sys Tue Jul 14 03:20:33 2009 (4A5BC141)
fffff880`01000000 fffff880`0104c000 volsnap volsnap.sys Tue Jul 14 03:20:08 2009 (4A5BC128)
fffff880`03d7c000 fffff880`03d89000 vwifibus vwifibus.sys Tue Jul 14 04:07:21 2009 (4A5BCC39)
fffff880`02d3a000 fffff880`02d50000 vwififlt vwififlt.sys Tue Jul 14 04:07:22 2009 (4A5BCC3A)
fffff880`02d5f000 fffff880`02d7a000 wanarp wanarp.sys Tue Jul 14 04:10:21 2009 (4A5BCCED)
fffff880`018df000 fffff880`018ef000 watchdog watchdog.sys Tue Jul 14 03:37:35 2009 (4A5BC53F)
fffff880`00f3a000 fffff880`00fde000 Wdf01000 Wdf01000.sys Tue Jul 14 03:22:07 2009 (4A5BC19F)
fffff880`00fde000 fffff880`00fed000 WDFLDR WDFLDR.SYS Tue Jul 14 03:19:54 2009 (4A5BC11A)
fffff880`02d0b000 fffff880`02d14000 wfplwf wfplwf.sys Tue Jul 14 04:09:26 2009 (4A5BCCB6)
fffff960`00030000 fffff960`0033f000 win32k win32k.sys unavailable (00000000)
fffff880`04012000 fffff880`0401b000 wmiacpi wmiacpi.sys Tue Jul 14 03:31:02 2009 (4A5BC3B6)
fffff880`00e57000 fffff880`00e60000 WMILIB WMILIB.SYS Tue Jul 14 03:19:51 2009 (4A5BC117)
fffff880`039a6000 fffff880`039c7000 WudfPf WudfPf.sys Tue Jul 14 04:05:37 2009 (4A5BCBD1)
Unloaded modules:
fffff880`0183c000 fffff880`0184a000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`0184a000 fffff880`01856000 dump_ataport
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
fffff880`01856000 fffff880`0185f000 dump_atapi.s
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00009000
fffff880`0185f000 fffff880`01872000 dump_dumpfve
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00013000