Random BSOD nowadays.

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by alshzz, Mar 15, 2011.

  1. alshzz

    alshzz New Member

    Joined:
    Mar 15, 2011
    Messages:
    4
    Likes Received:
    0
  2. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    --> Both crash dumps were caused by Kaspersky driver. Uninstall Kaspersky, uninstall SUPERAntiSpyware, and replace them with MSE:

    Removal tool for Kaspersky Lab products

    https://www.microsoft.com/security_essentials/



    --> Uninstall Daemon Tools
    sptd.sys Sun Oct 11 16:54:02 2009
    DuplexSecure - FAQ



    --> Update drivers:

    Universal Shield/Lock Folder
    US4Vista.sys Thu Sep 24 17:03:03 2009

    Realtek 10/100 NIC
    Rtnicxp.sys Thu Jul 23 10:02:57 2009

    Raxco PerfectDisk
    DefragFS.SYS Tue Dec 15 05:18:05 2009





    Crash Dumps:

    Code:
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\a\Minidump\D M P\DMP\031611-40076-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0x8301a000 PsLoadedModuleList = 0x83164850
    Debug session time: Tue Mar 15 15:32:50.241 2011 (UTC - 4:00)
    System Uptime: 0 days 0:10:12.364
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ........................................
    Loading User Symbols
    Loading unloaded module list
    ......
    Unable to load image \SystemRoot\System32\Drivers\US4Vista.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for US4Vista.sys
    *** ERROR: Module load completed but symbols could not be loaded for US4Vista.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1000008E, {c0000005, 8dc015ee, a2d87ad0, 0}
    
    *** WARNING: Unable to verify timestamp for klif.sys
    *** ERROR: Module load completed but symbols could not be loaded for klif.sys
    Probably caused by : US4Vista.sys ( US4Vista+15ee )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 8dc015ee, The address that the exception occurred at
    Arg3: a2d87ad0, Trap Frame
    Arg4: 00000000
    
    Debugging Details:
    ------------------
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    FAULTING_IP: 
    US4Vista+15ee
    8dc015ee 8b490c          mov     ecx,dword ptr [ecx+0Ch]
    
    TRAP_FRAME:  a2d87ad0 -- (.trap 0xffffffffa2d87ad0)
    ErrCode = 00000000
    eax=88a4ffb8 ebx=88a4ff00 ecx=00000010 edx=88a4ff00 esi=882bfb98 edi=00000000
    eip=8dc015ee esp=a2d87b44 ebp=a2d87b68 iopl=0         nv up ei pl nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
    US4Vista+0x15ee:
    8dc015ee 8b490c          mov     ecx,dword ptr [ecx+0Ch] ds:0023:0000001c=????????
    Resetting default scope
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0x8E
    
    PROCESS_NAME:  PDEngine.exe
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from 8dc0394c to 8dc015ee
    
    STACK_TEXT:  
    WARNING: Stack unwind information not available. Following frames may be wrong.
    a2d87b68 8dc0394c 882bfb98 00000000 a2d87b90 US4Vista+0x15ee
    a2d87b78 83051593 882bfae0 88a4ff00 88a4ff00 US4Vista+0x394c
    a2d87b90 8324599f 8674c518 88a4ff00 88a4ffb8 nt!IofCallDriver+0x63
    a2d87bb0 83248b71 882bfae0 8674c518 00000000 nt!IopSynchronousServiceTail+0x1f8
    a2d87c4c 8328f3f4 882bfae0 88a4ff00 00000000 nt!IopXxxControlFile+0x6aa
    a2d87c80 9283c1d0 00000210 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
    a2d87d04 830581ea 00000210 00000000 00000000 klif+0x2e1d0
    a2d87d04 774070b4 00000210 00000000 00000000 nt!KiFastCallEntry+0x12a
    00ceeb00 00000000 00000000 00000000 00000000 0x774070b4
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    US4Vista+15ee
    8dc015ee 8b490c          mov     ecx,dword ptr [ecx+0Ch]
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  US4Vista+15ee
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: US4Vista
    
    IMAGE_NAME:  US4Vista.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4abbde87
    
    FAILURE_BUCKET_ID:  0x8E_US4Vista+15ee
    
    BUCKET_ID:  0x8E_US4Vista+15ee
    
    Followup: MachineOwner
    ---------
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\a\Minidump\D M P\DMP\031611-40154-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0x83002000 PsLoadedModuleList = 0x8314c850
    Debug session time: Tue Mar 15 15:44:16.106 2011 (UTC - 4:00)
    System Uptime: 0 days 0:10:14.104
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ........................................
    Loading User Symbols
    Loading unloaded module list
    ......
    Unable to load image \SystemRoot\System32\Drivers\US4Vista.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for US4Vista.sys
    *** ERROR: Module load completed but symbols could not be loaded for US4Vista.sys
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1000008E, {c0000005, 8ddc35ee, a382bad0, 0}
    
    *** WARNING: Unable to verify timestamp for klif.sys
    *** ERROR: Module load completed but symbols could not be loaded for klif.sys
    Probably caused by : US4Vista.sys ( US4Vista+15ee )
    
    Followup: MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 8ddc35ee, The address that the exception occurred at
    Arg3: a382bad0, Trap Frame
    Arg4: 00000000
    
    Debugging Details:
    ------------------
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    FAULTING_IP: 
    US4Vista+15ee
    8ddc35ee 8b490c          mov     ecx,dword ptr [ecx+0Ch]
    
    TRAP_FRAME:  a382bad0 -- (.trap 0xffffffffa382bad0)
    ErrCode = 00000000
    eax=883cdaf8 ebx=883cda40 ecx=00000010 edx=883cda40 esi=8848cb58 edi=00000000
    eip=8ddc35ee esp=a382bb44 ebp=a382bb68 iopl=0         nv up ei pl nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
    US4Vista+0x15ee:
    8ddc35ee 8b490c          mov     ecx,dword ptr [ecx+0Ch] ds:0023:0000001c=????????
    Resetting default scope
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0x8E
    
    PROCESS_NAME:  PDEngine.exe
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from 8ddc594c to 8ddc35ee
    
    STACK_TEXT:  
    WARNING: Stack unwind information not available. Following frames may be wrong.
    a382bb68 8ddc594c 8848cb58 00000000 a382bb90 US4Vista+0x15ee
    a382bb78 83039593 8848caa0 883cda40 883cda40 US4Vista+0x394c
    a382bb90 8322d99f 86c67610 883cda40 883cdaf8 nt!IofCallDriver+0x63
    a382bbb0 83230b71 8848caa0 86c67610 00000000 nt!IopSynchronousServiceTail+0x1f8
    a382bc4c 832773f4 8848caa0 883cda40 00000000 nt!IopXxxControlFile+0x6aa
    a382bc80 8d79e1d0 00000220 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
    a382bd04 830401ea 00000220 00000000 00000000 klif+0x2e1d0
    a382bd04 777270b4 00000220 00000000 00000000 nt!KiFastCallEntry+0x12a
    0083eb00 00000000 00000000 00000000 00000000 0x777270b4
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    US4Vista+15ee
    8ddc35ee 8b490c          mov     ecx,dword ptr [ecx+0Ch]
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  US4Vista+15ee
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: US4Vista
    
    IMAGE_NAME:  US4Vista.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4abbde87
    
    FAILURE_BUCKET_ID:  0x8E_US4Vista+15ee
    
    BUCKET_ID:  0x8E_US4Vista+15ee
    
    Followup: MachineOwner
    ---------
    
    
    



    Drivers:

    Code:
    
    
    start    end        module name
    95fb4000 95feb000   aa9zh2ki aa9zh2ki.SYS Fri Aug 07 09:29:49 2009 (4A7C2C4D)
    84360000 843a8000   ACPI     ACPI.sys     Sat Nov 20 03:37:52 2010 (4CE788E0)
    94c1d000 94c77000   afd      afd.sys      Sat Nov 20 03:40:00 2010 (4CE78960)
    95feb000 95ffd000   AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
    8d6fe000 8d707000   amdxata  amdxata.sys  Fri Mar 19 12:19:01 2010 (4BA3A3F5)
    8d6d2000 8d6db000   atapi    atapi.sys    Mon Jul 13 19:11:15 2009 (4A5BBF13)
    8d6db000 8d6fe000   ataport  ataport.SYS  Sat Nov 20 03:38:00 2010 (4CE788E8)
    9548d000 954a9000   AtihdW73 AtihdW73.sys Wed Nov 17 07:00:47 2010 (4CE3C3EF)
    95816000 95f9c000   atikmdag atikmdag.sys Wed Jan 26 17:42:31 2011 (4D40A357)
    94b4e000 94b8d000   atikmpag atikmpag.sys Wed Jan 26 17:13:11 2011 (4D409C77)
    9cb70000 9cbbd000   ATMFD    ATMFD.DLL    Fri Jan 07 00:43:36 2011 (4D26A808)
    8da18000 8da1f000   Beep     Beep.SYS     Mon Jul 13 19:45:00 2009 (4A5BC6FC)
    94b0d000 94b1b000   blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
    836ce000 836d6000   BOOTVID  BOOTVID.dll  Mon Jul 13 21:04:34 2009 (4A5BD9A2)
    9a793000 9a7ac000   bowser   bowser.sys   Mon Jul 13 19:14:21 2009 (4A5BBFCD)
    9cb50000 9cb6e000   cdd      cdd.dll      unavailable (00000000)
    8d751000 8d770000   cdrom    cdrom.sys    Sat Nov 20 03:38:09 2010 (4CE788F1)
    94ce0000 94dd6000   cfosspeed6 cfosspeed6.sys Thu Dec 02 09:41:59 2010 (4CF7B037)
    83718000 837c3000   CI       CI.dll       Sat Nov 20 07:05:17 2010 (4CE7B97D)
    8dbba000 8dbdf000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
    836d6000 83718000   CLFS     CLFS.SYS     Mon Jul 13 19:11:10 2009 (4A5BBF0E)
    8d97d000 8d9da000   cng      cng.sys      Mon Jul 13 19:32:55 2009 (4A5BC427)
    953f2000 953ff000   CompositeBus CompositeBus.sys Sat Nov 20 04:50:21 2010 (4CE799DD)
    9a683000 9a690000   crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
    94a91000 94af5000   csc      csc.sys      Sat Nov 20 03:44:32 2010 (4CE78A70)
    9a6f5000 9a71a000   DefragFS DefragFS.SYS Tue Dec 15 05:18:05 2009 (4B27625D)
    94af5000 94b0d000   dfsc     dfsc.sys     Sat Nov 20 03:42:32 2010 (4CE789F8)
    94a85000 94a91000   discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
    8ddea000 8ddfb000   disk     disk.sys     Mon Jul 13 19:11:28 2009 (4A5BBF20)
    954d8000 954f1000   drmk     drmk.sys     Mon Jul 13 20:36:05 2009 (4A5BD2F5)
    9a69b000 9a6a4000   dump_atapi dump_atapi.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
    9a690000 9a69b000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:11:16 2009 (4A5BBF14)
    9a6a4000 9a6b5000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
    9a679000 9a683000   Dxapi    Dxapi.sys    Mon Jul 13 19:25:25 2009 (4A5BC265)
    95202000 952b9000   dxgkrnl  dxgkrnl.sys  Sat Nov 20 04:08:14 2010 (4CE78FFE)
    952b9000 952f2000   dxgmms1  dxgmms1.sys  Wed Feb 02 22:45:05 2011 (4D4A24C1)
    953d7000 953e2000   fdc      fdc.sys      Mon Jul 13 19:45:45 2009 (4A5BC729)
    8d707000 8d718000   fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
    95472000 9547c000   flpydisk flpydisk.sys Mon Jul 13 19:45:45 2009 (4A5BC729)
    843a8000 843dc000   fltmgr   fltmgr.sys   Mon Jul 13 19:11:13 2009 (4A5BBF11)
    8d9e8000 8d9f1000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:11:14 2009 (4A5BBF12)
    8db88000 8dbba000   fvevol   fvevol.sys   Sat Nov 20 03:40:22 2010 (4CE78976)
    8dd88000 8ddb9000   fwpkclnt fwpkclnt.sys Sat Nov 20 03:39:08 2010 (4CE7892C)
    953ec000 953f1280   GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:16:53 2009 (4A1151B5)
    83414000 8344b000   hal      halmacpi.dll Sat Nov 20 03:37:38 2010 (4CE788D2)
    952f2000 95311000   HDAudBus HDAudBus.sys Sat Nov 20 04:59:28 2010 (4CE79C00)
    96371000 96384000   HIDCLASS HIDCLASS.SYS Sat Nov 20 04:59:37 2010 (4CE79C09)
    96384000 9638a480   HIDPARSE HIDPARSE.SYS Mon Jul 13 19:50:59 2009 (4A5BC863)
    96366000 96371000   hidusb   hidusb.sys   Sat Nov 20 04:59:38 2010 (4CE79C0A)
    954f1000 95576000   HTTP     HTTP.sys     Sat Nov 20 03:40:17 2010 (4CE78971)
    8dde2000 8ddea000   hwpolicy hwpolicy.sys Sat Nov 20 03:37:35 2010 (4CE788CF)
    8d664000 8d66b000   intelide intelide.sys Mon Jul 13 19:11:19 2009 (4A5BBF17)
    94b3c000 94b4e000   intelppm intelppm.sys Mon Jul 13 19:11:03 2009 (4A5BBF07)
    94a17000 94a24000   kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
    9639f000 963ab000   kbdhid   kbdhid.sys   Sat Nov 20 04:50:10 2010 (4CE799D2)
    80b9e000 80ba6000   kdcom    kdcom.dll    Mon Jul 13 21:08:58 2009 (4A5BDAAA)
    8d01f000 8d541000   kl1      kl1.sys      Wed Jun 09 09:24:39 2010 (4C0F9617)
    8d00c000 8d012000   kl2      kl2.sys      Wed Jun 09 09:24:35 2010 (4C0F9613)
    8d770000 8d7f3000   klif     klif.sys     Fri Aug 06 13:16:02 2010 (4C5C4352)
    96396000 9639f000   klmouflt klmouflt.sys Mon Nov 02 11:26:08 2009 (4AEF0820)
    83600000 83634000   ks       ks.sys       Sat Nov 20 04:50:17 2010 (4CE799D9)
    8d96a000 8d97d000   ksecdd   ksecdd.sys   Sat Nov 20 03:38:54 2010 (4CE7891E)
    8db24000 8db49000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:34:00 2009 (4A5BC468)
    9a71a000 9a72a000   lltdio   lltdio.sys   Mon Jul 13 19:53:18 2009 (4A5BC8EE)
    9a6c0000 9a6db000   luafv    luafv.sys    Mon Jul 13 19:15:44 2009 (4A5BC020)
    a33ed000 a33f1a80   LVPr2Mon LVPr2Mon.sys Fri May 07 21:36:25 2010 (4BE4C019)
    9a635000 9a678a00   lvrs     lvrs.sys     Tue Nov 09 21:38:10 2010 (4CDA0592)
    9a203000 9a620c80   lvuvc    lvuvc.sys    Tue Nov 09 21:38:23 2010 (4CDA059F)
    83638000 836bd000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 07:00:54 2010 (4CE7B876)
    9a6b5000 9a6c0000   monitor  monitor.sys  Mon Jul 13 19:25:58 2009 (4A5BC286)
    8d012000 8d01f000   mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
    9638b000 96396000   mouhid   mouhid.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
    8d680000 8d696000   mountmgr mountmgr.sys Sat Nov 20 03:38:09 2010 (4CE788F1)
    9a7ac000 9a7be000   mpsdrv   mpsdrv.sys   Mon Jul 13 19:52:52 2009 (4A5BC8D4)
    9a7be000 9a7e1000   mrxsmb   mrxsmb.sys   Sat Nov 20 03:42:40 2010 (4CE78A00)
    963ab000 963e6000   mrxsmb10 mrxsmb10.sys Sat Nov 20 03:44:15 2010 (4CE78A5F)
    9a7e1000 9a7fc000   mrxsmb20 mrxsmb20.sys Sat Nov 20 03:42:47 2010 (4CE78A07)
    8d600000 8d60b000   Msfs     Msfs.SYS     Mon Jul 13 19:11:26 2009 (4A5BBF1E)
    843dc000 843e4000   msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
    8d93f000 8d96a000   msrpc    msrpc.sys    Mon Jul 13 19:11:59 2009 (4A5BBF3F)
    94a7b000 94a85000   mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
    8dc2d000 8dc3d000   mup      mup.sys      Mon Jul 13 19:14:14 2009 (4A5BBFC6)
    8da2f000 8dae6000   ndis     ndis.sys     Sat Nov 20 03:39:19 2010 (4CE78937)
    95800000 9580b000   ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
    9a770000 9a780000   ndisuio  ndisuio.sys  Sat Nov 20 05:06:36 2010 (4CE79DAC)
    94ba5000 94bc7000   ndiswan  ndiswan.sys  Sat Nov 20 05:07:48 2010 (4CE79DF4)
    9547c000 9548d000   NDProxy  NDProxy.SYS  Sat Nov 20 05:07:39 2010 (4CE79DEB)
    94dd6000 94de4000   netbios  netbios.sys  Mon Jul 13 19:53:54 2009 (4A5BC912)
    94c77000 94ca9000   netbt    netbt.sys    Sat Nov 20 03:39:22 2010 (4CE7893A)
    8dae6000 8db24000   NETIO    NETIO.SYS    Sat Nov 20 03:40:03 2010 (4CE78963)
    8d60b000 8d619000   Npfs     Npfs.SYS     Mon Jul 13 19:11:31 2009 (4A5BBF23)
    94a71000 94a7b000   nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
    83002000 83414000   nt       ntkrpamp.exe Sat Nov 20 03:42:49 2010 (4CE78A09)
    8d810000 8d93f000   Ntfs     Ntfs.sys     Sat Nov 20 03:39:08 2010 (4CE7892C)
    8da11000 8da18000   Null     Null.SYS     Mon Jul 13 19:11:12 2009 (4A5BBF10)
    9a72a000 9a770000   nwifi    nwifi.sys    Mon Jul 13 19:51:59 2009 (4A5BC89F)
    94cb9000 94cd8000   pacer    pacer.sys    Mon Jul 13 19:53:58 2009 (4A5BC916)
    95f9c000 95fb4000   parport  parport.sys  Mon Jul 13 19:45:34 2009 (4A5BC71E)
    8422a000 8423b000   partmgr  partmgr.sys  Sat Nov 20 03:38:14 2010 (4CE788F6)
    963e6000 963ed000   parvdm   parvdm.sys   Mon Jul 13 19:45:29 2009 (4A5BC719)
    84200000 8422a000   pci      pci.sys      Sat Nov 20 03:37:57 2010 (4CE788E5)
    8d679000 8d680000   pciide   pciide.sys   Mon Jul 13 19:11:19 2009 (4A5BBF17)
    8d66b000 8d679000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:11:15 2009 (4A5BBF13)
    8d718000 8d751000   PCTCore  PCTCore.sys  Sun Mar 28 18:47:11 2010 (4BAFDC6F)
    8d9da000 8d9e8000   pcw      pcw.sys      Mon Jul 13 19:11:10 2009 (4A5BBF0E)
    a3214000 a32ab000   peauth   peauth.sys   Mon Jul 13 20:35:44 2009 (4A5BD2E0)
    954a9000 954d8000   portcls  portcls.sys  Mon Jul 13 19:51:00 2009 (4A5BC864)
    836bd000 836ce000   PSHED    PSHED.dll    Mon Jul 13 21:09:36 2009 (4A5BDAD0)
    94b8d000 94ba5000   rasl2tp  rasl2tp.sys  Mon Jul 13 19:54:33 2009 (4A5BC939)
    94bc7000 94bdf000   raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
    94bdf000 94bf6000   raspptp  raspptp.sys  Mon Jul 13 19:54:47 2009 (4A5BC947)
    94a00000 94a17000   rassstp  rassstp.sys  Mon Jul 13 19:54:57 2009 (4A5BC951)
    94a30000 94a71000   rdbss    rdbss.sys    Sat Nov 20 03:42:44 2010 (4CE78A04)
    9580b000 95815000   rdpbus   rdpbus.sys   Mon Jul 13 20:02:40 2009 (4A5BCB20)
    8d800000 8d808000   RDPCDD   RDPCDD.sys   Sat Nov 20 05:22:19 2010 (4CE7A15B)
    8d808000 8d810000   rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
    8d7f3000 8d7fb000   rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
    8dc00000 8dc2d000   rdyboost rdyboost.sys Sat Nov 20 04:00:07 2010 (4CE78E17)
    9a780000 9a793000   rspndr   rspndr.sys   Mon Jul 13 19:53:20 2009 (4A5BC8F0)
    95376000 953c8000   Rt86win7 Rt86win7.sys Thu Jan 13 06:56:25 2011 (4D2EE869)
    9600e000 9634c940   RTKVHDA  RTKVHDA.sys  Thu Feb 24 05:17:00 2011 (4D66301C)
    953c8000 953d7000   Rtnicxp  Rtnicxp.sys  Thu Jul 23 10:02:57 2009 (4A686D91)
    94c13000 94c19000   SASDIFSV SASDIFSV.SYS Wed Feb 17 13:19:19 2010 (4B7C3327)
    837d4000 837f6000   SASKUTIL SASKUTIL.SYS Mon May 10 13:15:22 2010 (4BE83F2A)
    8433a000 84360000   SCSIPORT SCSIPORT.SYS Sat Nov 20 04:50:55 2010 (4CE799FF)
    a32ab000 a32b5000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
    953e2000 953ec000   serenum  serenum.sys  Mon Jul 13 19:45:27 2009 (4A5BC717)
    94de4000 94dfe000   serial   serial.sys   Mon Jul 13 19:45:33 2009 (4A5BC71D)
    8ddda000 8dde2000   spldr    spldr.sys    Mon May 11 12:13:47 2009 (4A084EBB)
    8423e000 84331000   sptd     sptd.sys     Sun Oct 11 16:54:02 2009 (4AD245EA)
    a339c000 a33ed000   srv      srv.sys      Sat Nov 20 03:45:29 2010 (4CE78AA9)
    a334d000 a339c000   srv2     srv2.sys     Sat Nov 20 03:44:35 2010 (4CE78A73)
    a331f000 a3340000   srvnet   srvnet.sys   Sat Nov 20 03:44:27 2010 (4CE78A6B)
    95200000 95201380   swenum   swenum.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
    8dc3e000 8dd88000   tcpip    tcpip.sys    Sat Nov 20 03:41:36 2010 (4CE789C0)
    a3340000 a334d000   tcpipreg tcpipreg.sys Sat Nov 20 05:07:13 2010 (4CE79DD1)
    8d000000 8d00c000   TDI      TDI.SYS      Sat Nov 20 03:39:18 2010 (4CE78936)
    8d5e1000 8d5f8000   tdx      tdx.sys      Sat Nov 20 03:39:17 2010 (4CE78935)
    837c3000 837d4000   termdd   termdd.sys   Sat Nov 20 05:21:10 2010 (4CE7A116)
    9cb20000 9cb29000   TSDDD    TSDDD.dll    Mon Jul 13 20:01:40 2009 (4A5BCAE4)
    94b1b000 94b3c000   tunnel   tunnel.sys   Sat Nov 20 05:06:40 2010 (4CE79DB0)
    95420000 9542e000   umbus    umbus.sys    Sat Nov 20 05:00:23 2010 (4CE79C37)
    8ddc2000 8ddda000   US4Vista US4Vista.sys Thu Sep 24 17:03:03 2009 (4ABBDE87)
    9a621000 9a634b80   usbaudio usbaudio.sys Sat Nov 20 04:59:43 2010 (4CE79C0F)
    9634d000 96364000   usbccgp  usbccgp.sys  Sat Nov 20 05:00:08 2010 (4CE79C28)
    96364000 96365700   USBD     USBD.SYS     Mon Jul 13 19:51:05 2009 (4A5BC869)
    95367000 95376000   usbehci  usbehci.sys  Sat Nov 20 04:59:43 2010 (4CE79C0F)
    9542e000 95472000   usbhub   usbhub.sys   Sat Nov 20 05:00:34 2010 (4CE79C42)
    9531c000 95367000   USBPORT  USBPORT.SYS  Sat Nov 20 04:59:49 2010 (4CE79C15)
    95311000 9531c000   usbuhci  usbuhci.sys  Mon Jul 13 19:51:10 2009 (4A5BC86E)
    843e4000 843ef000   vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
    8da1f000 8da2b000   vga      vga.sys      Mon Jul 13 19:25:50 2009 (4A5BC27E)
    8d5c0000 8d5e1000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
    8d696000 8d6bf180   vmbus    vmbus.sys    Sat Nov 20 04:14:58 2010 (4CE79192)
    8ddb9000 8ddc1380   vmstorfl vmstorfl.sys Sat Nov 20 04:14:37 2010 (4CE7917D)
    843ef000 843ff000   volmgr   volmgr.sys   Sat Nov 20 03:38:06 2010 (4CE788EE)
    8d619000 8d664000   volmgrx  volmgrx.sys  Mon Jul 13 19:11:41 2009 (4A5BBF2D)
    8db49000 8db88000   volsnap  volsnap.sys  Sat Nov 20 03:38:13 2010 (4CE788F5)
    94c00000 94c13000   wanarp   wanarp.sys   Sat Nov 20 05:07:45 2010 (4CE79DF1)
    8d9f1000 8d9fe000   watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
    8d541000 8d5b2000   Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)
    8d5b2000 8d5c0000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:11:25 2009 (4A5BBF1D)
    94cb2000 94cb9000   wfplwf   wfplwf.sys   Mon Jul 13 19:53:51 2009 (4A5BC90F)
    9c8c0000 9cb0d000   win32k   win32k.sys   Tue Jan 04 22:50:40 2011 (4D23EA90)
    8d6c0000 8d6d2000   winhv    winhv.sys    Sat Nov 20 03:38:15 2010 (4CE788F7)
    84331000 8433a000   WMILIB   WMILIB.SYS   Mon Jul 13 19:11:22 2009 (4A5BBF1A)
    94ca9000 94cb2000   ws2ifsl  ws2ifsl.sys  Mon Jul 13 19:55:01 2009 (4A5BC955)
    9a6db000 9a6f5000   WudfPf   WudfPf.sys   Sat Nov 20 04:58:55 2010 (4CE79BDF)
    
    Unloaded modules:
    a32b5000 a331f000   spsys.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0006A000
    8dbdf000 8dbec000   crashdmp.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000D000
    8dbec000 8dbf7000   dump_ataport
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000B000
    8dbf7000 8dc00000   dump_atapi.s
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00009000
    8da00000 8da11000   dump_dumpfve
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00011000
    94cd8000 94ce0000   klim6.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00008000
    
    
     
  3. alshzz

    alshzz New Member

    Joined:
    Mar 15, 2011
    Messages:
    4
    Likes Received:
    0
    Alright, But, i've been using kaspersky all along,and my computer it didnt crash before, just lately. any ideas ? :confused: besides , i never crashed while using, just when i left it on and went to bed, next thing i woke up and i find my computer has been restarted, and window's error report thingy poped out. fyi, my computer does not hibernate automatically, i set it only turn off the display after 15 minutes. any other cause might be the one, please guide and assist. looking forward.
     
    #3 alshzz, Mar 16, 2011
    Last edited: Mar 16, 2011
  4. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    Kaspersky + SuperAntispyware + bunch of old drivers = that's what causes your blue screens.
     
  5. gdswalia

    gdswalia New Member

    Joined:
    Aug 22, 2011
    Messages:
    6
    Likes Received:
    0
  6. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Both of those dump files identify a driver called
    US4Vista.sys (Universal Shield Filter Driver) a product of software produce by EverStrike Software.
    I would start there by either updating the software, uninstalling the software or as a last resort renaming the two associated files with a .OLD extension.
    US4Vista.sys
    and
    US30Kbd2K.sys
    you have several other older drivers that may also be causing some issues but start there.
    Code:
    NTFS_FILE_SYSTEM (24)
        If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
        parameters are the exception record and context record. Do a .cxr
        on the 3rd parameter and then kb to obtain a more informative stack
        trace.
    Arguments:
    Arg1: 001904fb
    Arg2: 8d8dc6fc
    Arg3: 8d8dc2e0
    Arg4: 8bc01e32
    Debugging Details:
    ------------------
    *** WARNING: Unable to verify timestamp for [U][B][COLOR=#B22222]US4Vista.sys
    [/COLOR][/B][/U]*** ERROR: Module load completed but symbols could not be loaded for US4Vista.sys
    *** WARNING: Unable to verify timestamp for eamon.sys
    *** ERROR: Module load completed but symbols could not be loaded for eamon.sys
    EXCEPTION_RECORD:  8d8dc6fc -- (.exr 0xffffffff8d8dc6fc)
    ExceptionAddress: 8bc01e32 (US[U][B][COLOR=#B22222]4Vista+0[/COLOR][/B][/U]x00001e32)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000000
       Parameter[1]: 6a708621
    Attempt to read from address 6a708621
    CONTEXT:  8d8dc2e0 -- (.cxr 0xffffffff8d8dc2e0)
    eax=6a708621 ebx=8824eec8 ecx=8621c398 edx=8824ef00 esi=8824eec8 edi=83166005
    eip=8bc01e32 esp=8d8dc7c4 ebp=8d8dc81c iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    US4Vista+0x1e32:
    8bc01e32 8b00            mov     eax,dword ptr [eax]  ds:0023:6a708621=????????
    Resetting default scope
    CUSTOMER_CRASH_COUNT:  1
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    PROCESS_NAME:  explorer.exe
    CURRENT_IRQL:  0
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    EXCEPTION_PARAMETER1:  00000000
    EXCEPTION_PARAMETER2:  6a708621
    READ_ADDRESS: GetPointerFromAddress: unable to read from 831af718
    Unable to read MiSystemVaType memory at 8318f160
     6a708621 
    FOLLOWUP_IP: 
    [U][B][COLOR=#B22222]US4Vista[/COLOR][/B][/U]+1e32
    8bc01e32 8b00            mov     eax,dword ptr [eax]
    FAULTING_IP: 
    [U][B][COLOR=#B22222]US4Vista[/COLOR][/B][/U]+1e32
    8bc01e32 8b00            mov     eax,dword ptr [eax]
    BUGCHECK_STR:  0x24
    LAST_CONTROL_TRANSFER:  from 8bc0243a to 8bc01e32
    STACK_TEXT:  
    WARNING: Stack unwind information not available. Following frames may be wrong.
    8d8dc81c 8bc0243a 8824ef00 0000003c 00000800 US[U][B][COLOR=#B22222]4Vista+0[/COLOR][/B][/U]x1e32
    8d8dc85c 830afb33 885475c0 8621c398 00000000 [COLOR=#B22222][U][B]US4Vista[/B][/U][/COLOR]+0x243a
    8d8dc8a0 8b827a7b 00000000 9cc780f8 8ab62638 nt!IopfCompleteRequest+0x128
    8d8dc8b8 8b8a8c0c 8ab62638 8621c398 00000000 Ntfs!NtfsExtendedCompleteRequestInternal+0x107
    8d8dcab4 8b8c6783 8ab62638 8621c398 882fe0d8 Ntfs!NtfsQueryDirectory+0xfb4
    8d8dcae8 8b8c64fa 8ab62638 9cc78298 0608506a Ntfs!NtfsCommonDirectoryControl+0x21d
    8d8dcb50 830834bc 882fe020 8621c398 8621c398 Ntfs!NtfsFsdDirectoryControl+0xf7
    8d8dcb68 8b40620c 882f5ed8 8621c398 00000000 nt!IofCallDriver+0x63
    8d8dcb8c 8b4063cb 8d8dcbac 882f5ed8 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa
    8d8dcbc4 830834bc 882f5ed8 8621c398 8621c5f8 fltmgr!FltpDispatch+0xc5
    8d8dcbdc 8bc02697 00000000 885475c0 8a7a7aa8 nt!IofCallDriver+0x63
    8d8dcbf8 8bc0378a 85aa47c8 88547678 8d8dcc20 [COLOR=#B22222][U][B]US4Vista[/B][/U][/COLOR]+0x2697
    8d8dcc08 830834bc 885475c0 8621c398 8621c398 US[U][B][COLOR=#B22222]4Vista+0[/COLOR][/B][/U]x378a
    8d8dcc20 8b40620c 8a5baed8 8621c398 00000000 nt!IofCallDriver+0x63
    8d8dcc44 8b4063cb 8d8dcc64 8a5baed8 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa
    8d8dcc7c 830834bc 8a5baed8 8621c398 8621c5dc fltmgr!FltpDispatch+0xc5
    8d8dcc94 984e2253 8a164b40 8a5e72e8 00000000 nt!IofCallDriver+0x63
    8d8dcca8 830834bc 8a5e72e8 8621c398 8621c398 eamon+0x5253
    8d8dccc0 83284f6e 00000df0 02a3d5b8 832c16bf nt!IofCallDriver+0x63
    8d8dcce0 832c171a 8a5e72e8 8a164b40 00000001 nt!IopSynchronousServiceTail+0x1f8
    8d8dcd00 8308a44a 00000df0 00000000 00000000 nt!NtQueryDirectoryFile+0x5b
    8d8dcd00 77c464f4 00000df0 00000000 00000000 nt!KiFastCallEntry+0x12a
    02a3d7e4 00000000 00000000 00000000 00000000 0x77c464f4
    
    SYMBOL_STACK_INDEX:  0
    SYMBOL_NAME:  [COLOR=#B22222][U][B]US4Vista[/B][/U][/COLOR]+1e32
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: US4Vista
    IMAGE_NAME:  [U][B][COLOR=#B22222]US4Vista.sys[/COLOR][/B][/U]
    DEBUG_FLR_IMAGE_TIMESTAMP:  49f1fd7f
    STACK_COMMAND:  .cxr 0xffffffff8d8dc2e0 ; kb
    FAILURE_BUCKET_ID:  0x24_US4Vista+1e32
    BUCKET_ID:  0x24_[U][B][COLOR=#B22222]US4Vista[/COLOR][/B][/U]+1e32
    Followup: MachineOwner
    
    
     
  7. gdswalia

    gdswalia New Member

    Joined:
    Aug 22, 2011
    Messages:
    6
    Likes Received:
    0
    Thanks for the quick response.

    However, I realized that the dump file I attached were way to old - dating back to January. I am attaching the most recent ones. Please let me know if the issue is still the same.

    Also, if you could, please tell me what I should do, and how can I identify old drivers and update them so as to prevent this problem forever and ever.

    Thanks again for all your help.
    Gagan
     

    Attached Files:

    #7 gdswalia, Aug 22, 2011
    Last edited: Aug 22, 2011
  8. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Yep, 082011-26239-01.dmp reporting same driver issue.
    As far as the other question, while having the most current up to date drivers on your system is generally considered a good thing, you should also understand that an old driver is not in every case necessarily a bad thing and that such things should be addressed on a case by case basis and adjustments made accordingly. Most often the actual drivers you need to focus on are associated with your installed hardware (MoBo Chipset and BIOS, Video Card, Sound Card, NIC, etc.,) however some software products install drivers as well and in those instances you're better off after having identified them, either checking the software vendors support areas for updates or newer versions or their respective community forums for other users having similar issues or forums such as this where members may have specific experience with a particular software product (like Daemon Tools / sptd.sys).
    Now you could use a product like DriverView from Nirsoft to get a look at those installed on your system but you need some experience and a frame of reference in really associating a particular driver with a particular problem.
     
    2 people like this.
  9. gdswalia

    gdswalia New Member

    Joined:
    Aug 22, 2011
    Messages:
    6
    Likes Received:
    0
    Thanks yet again. What about the other dump file? What caused that error? And can you list down the names of my drivers that I shuld update? Also, you mentioned adding .old at the end of the file helps. can u plz explain that.
    Thanks.
     
  10. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    You're welcome.
    I only recommended changing the file extension to .OLD as a last resort after I recommended updating the associated software if the vendor has interim updates, or upgrading the associated software if the vendor does not have any updated drivers and requires that a new version be obtained in order to be compatable with Windows 7 or uninstalling the software all together to advance the diagnostic process. Renaming the file extension to .OLD or .BAK if you prefer will theoretically prevent the driver from being loaded at startup and hopefully prevent the associated BSOD.
    If we can address this problem one step at a time it would perhaps be better for everyone concerned and then you could post a new .dmp file if Blue Screens persist.
    You have many old drivers as I've mentioned earlier they may or may not be contributing to the current issue for instance you appear to have a very old version of Eset Nod installed on your system and its' associated drivers
    eamon.sys
    ehdrv.sys
    epfwwfpr.sys
    are all from September of 2009, that's way too old. Would I suggest addressing that issue, yes, by updating, upgrading or uninstalling by using these recommendations from the vendor. And then as per the instructions manually confirming that the folders and files are not longer on your computer.
    You can use the utility from Nirsoft that I linked to earlier to see the drivers that are loaded on your system, their dates, version number and names and then use google to see more information regarding their associated software or in some cases hardware and check with the vendor to see if updates are available. But as I have already indicated all old drivers are not necessarily bad I have an older Linksys USB network dongle and the associated driver is 4.1.20.0 11/30/2006, never been a problem.
     

Share This Page

Loading...