Windows 7 Random BSOD nowadays.

--> Both crash dumps were caused by Kaspersky driver. Uninstall Kaspersky, uninstall SUPERAntiSpyware, and replace them with MSE:

Removal tool for Kaspersky Lab products

Link Removed due to 404 Error



--> Uninstall Daemon Tools
sptd.sys Sun Oct 11 16:54:02 2009
DuplexSecure - FAQ



--> Update drivers:

Universal Shield/Lock Folder
US4Vista.sys Thu Sep 24 17:03:03 2009

Realtek 10/100 NIC
Rtnicxp.sys Thu Jul 23 10:02:57 2009

Raxco PerfectDisk
DefragFS.SYS Tue Dec 15 05:18:05 2009





Crash Dumps:

Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\a\Minidump\D M P\DMP\031611-40076-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0x8301a000 PsLoadedModuleList = 0x83164850
Debug session time: Tue Mar 15 15:32:50.241 2011 (UTC - 4:00)
System Uptime: 0 days 0:10:12.364
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
......
Unable to load image \SystemRoot\System32\Drivers\US4Vista.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for US4Vista.sys
*** ERROR: Module load completed but symbols could not be loaded for US4Vista.sys
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8dc015ee, a2d87ad0, 0}

*** WARNING: Unable to verify timestamp for klif.sys
*** ERROR: Module load completed but symbols could not be loaded for klif.sys
Probably caused by : US4Vista.sys ( US4Vista+15ee )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8dc015ee, The address that the exception occurred at
Arg3: a2d87ad0, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
US4Vista+15ee
8dc015ee 8b490c          mov     ecx,dword ptr [ecx+0Ch]

TRAP_FRAME:  a2d87ad0 -- (.trap 0xffffffffa2d87ad0)
ErrCode = 00000000
eax=88a4ffb8 ebx=88a4ff00 ecx=00000010 edx=88a4ff00 esi=882bfb98 edi=00000000
eip=8dc015ee esp=a2d87b44 ebp=a2d87b68 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
US4Vista+0x15ee:
8dc015ee 8b490c          mov     ecx,dword ptr [ecx+0Ch] ds:0023:0000001c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  PDEngine.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 8dc0394c to 8dc015ee

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
a2d87b68 8dc0394c 882bfb98 00000000 a2d87b90 US4Vista+0x15ee
a2d87b78 83051593 882bfae0 88a4ff00 88a4ff00 US4Vista+0x394c
a2d87b90 8324599f 8674c518 88a4ff00 88a4ffb8 nt!IofCallDriver+0x63
a2d87bb0 83248b71 882bfae0 8674c518 00000000 nt!IopSynchronousServiceTail+0x1f8
a2d87c4c 8328f3f4 882bfae0 88a4ff00 00000000 nt!IopXxxControlFile+0x6aa
a2d87c80 9283c1d0 00000210 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
a2d87d04 830581ea 00000210 00000000 00000000 klif+0x2e1d0
a2d87d04 774070b4 00000210 00000000 00000000 nt!KiFastCallEntry+0x12a
00ceeb00 00000000 00000000 00000000 00000000 0x774070b4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
US4Vista+15ee
8dc015ee 8b490c          mov     ecx,dword ptr [ecx+0Ch]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  US4Vista+15ee

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: US4Vista

IMAGE_NAME:  US4Vista.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4abbde87

FAILURE_BUCKET_ID:  0x8E_US4Vista+15ee

BUCKET_ID:  0x8E_US4Vista+15ee

Followup: MachineOwner
---------




















Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\a\Minidump\D M P\DMP\031611-40154-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0x83002000 PsLoadedModuleList = 0x8314c850
Debug session time: Tue Mar 15 15:44:16.106 2011 (UTC - 4:00)
System Uptime: 0 days 0:10:14.104
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
......
Unable to load image \SystemRoot\System32\Drivers\US4Vista.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for US4Vista.sys
*** ERROR: Module load completed but symbols could not be loaded for US4Vista.sys
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8ddc35ee, a382bad0, 0}

*** WARNING: Unable to verify timestamp for klif.sys
*** ERROR: Module load completed but symbols could not be loaded for klif.sys
Probably caused by : US4Vista.sys ( US4Vista+15ee )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8ddc35ee, The address that the exception occurred at
Arg3: a382bad0, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
US4Vista+15ee
8ddc35ee 8b490c          mov     ecx,dword ptr [ecx+0Ch]

TRAP_FRAME:  a382bad0 -- (.trap 0xffffffffa382bad0)
ErrCode = 00000000
eax=883cdaf8 ebx=883cda40 ecx=00000010 edx=883cda40 esi=8848cb58 edi=00000000
eip=8ddc35ee esp=a382bb44 ebp=a382bb68 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
US4Vista+0x15ee:
8ddc35ee 8b490c          mov     ecx,dword ptr [ecx+0Ch] ds:0023:0000001c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  PDEngine.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 8ddc594c to 8ddc35ee

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
a382bb68 8ddc594c 8848cb58 00000000 a382bb90 US4Vista+0x15ee
a382bb78 83039593 8848caa0 883cda40 883cda40 US4Vista+0x394c
a382bb90 8322d99f 86c67610 883cda40 883cdaf8 nt!IofCallDriver+0x63
a382bbb0 83230b71 8848caa0 86c67610 00000000 nt!IopSynchronousServiceTail+0x1f8
a382bc4c 832773f4 8848caa0 883cda40 00000000 nt!IopXxxControlFile+0x6aa
a382bc80 8d79e1d0 00000220 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
a382bd04 830401ea 00000220 00000000 00000000 klif+0x2e1d0
a382bd04 777270b4 00000220 00000000 00000000 nt!KiFastCallEntry+0x12a
0083eb00 00000000 00000000 00000000 00000000 0x777270b4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
US4Vista+15ee
8ddc35ee 8b490c          mov     ecx,dword ptr [ecx+0Ch]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  US4Vista+15ee

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: US4Vista

IMAGE_NAME:  US4Vista.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4abbde87

FAILURE_BUCKET_ID:  0x8E_US4Vista+15ee

BUCKET_ID:  0x8E_US4Vista+15ee

Followup: MachineOwner
---------




Drivers:

Code:
start    end        module name
95fb4000 95feb000   aa9zh2ki aa9zh2ki.SYS Fri Aug 07 09:29:49 2009 (4A7C2C4D)
84360000 843a8000   ACPI     ACPI.sys     Sat Nov 20 03:37:52 2010 (4CE788E0)
94c1d000 94c77000   afd      afd.sys      Sat Nov 20 03:40:00 2010 (4CE78960)
95feb000 95ffd000   AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
8d6fe000 8d707000   amdxata  amdxata.sys  Fri Mar 19 12:19:01 2010 (4BA3A3F5)
8d6d2000 8d6db000   atapi    atapi.sys    Mon Jul 13 19:11:15 2009 (4A5BBF13)
8d6db000 8d6fe000   ataport  ataport.SYS  Sat Nov 20 03:38:00 2010 (4CE788E8)
9548d000 954a9000   AtihdW73 AtihdW73.sys Wed Nov 17 07:00:47 2010 (4CE3C3EF)
95816000 95f9c000   atikmdag atikmdag.sys Wed Jan 26 17:42:31 2011 (4D40A357)
94b4e000 94b8d000   atikmpag atikmpag.sys Wed Jan 26 17:13:11 2011 (4D409C77)
9cb70000 9cbbd000   ATMFD    ATMFD.DLL    Fri Jan 07 00:43:36 2011 (4D26A808)
8da18000 8da1f000   Beep     Beep.SYS     Mon Jul 13 19:45:00 2009 (4A5BC6FC)
94b0d000 94b1b000   blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
836ce000 836d6000   BOOTVID  BOOTVID.dll  Mon Jul 13 21:04:34 2009 (4A5BD9A2)
9a793000 9a7ac000   bowser   bowser.sys   Mon Jul 13 19:14:21 2009 (4A5BBFCD)
9cb50000 9cb6e000   cdd      cdd.dll      unavailable (00000000)
8d751000 8d770000   cdrom    cdrom.sys    Sat Nov 20 03:38:09 2010 (4CE788F1)
94ce0000 94dd6000   cfosspeed6 cfosspeed6.sys Thu Dec 02 09:41:59 2010 (4CF7B037)
83718000 837c3000   CI       CI.dll       Sat Nov 20 07:05:17 2010 (4CE7B97D)
8dbba000 8dbdf000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
836d6000 83718000   CLFS     CLFS.SYS     Mon Jul 13 19:11:10 2009 (4A5BBF0E)
8d97d000 8d9da000   cng      cng.sys      Mon Jul 13 19:32:55 2009 (4A5BC427)
953f2000 953ff000   CompositeBus CompositeBus.sys Sat Nov 20 04:50:21 2010 (4CE799DD)
9a683000 9a690000   crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
94a91000 94af5000   csc      csc.sys      Sat Nov 20 03:44:32 2010 (4CE78A70)
9a6f5000 9a71a000   DefragFS DefragFS.SYS Tue Dec 15 05:18:05 2009 (4B27625D)
94af5000 94b0d000   dfsc     dfsc.sys     Sat Nov 20 03:42:32 2010 (4CE789F8)
94a85000 94a91000   discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
8ddea000 8ddfb000   disk     disk.sys     Mon Jul 13 19:11:28 2009 (4A5BBF20)
954d8000 954f1000   drmk     drmk.sys     Mon Jul 13 20:36:05 2009 (4A5BD2F5)
9a69b000 9a6a4000   dump_atapi dump_atapi.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
9a690000 9a69b000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:11:16 2009 (4A5BBF14)
9a6a4000 9a6b5000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
9a679000 9a683000   Dxapi    Dxapi.sys    Mon Jul 13 19:25:25 2009 (4A5BC265)
95202000 952b9000   dxgkrnl  dxgkrnl.sys  Sat Nov 20 04:08:14 2010 (4CE78FFE)
952b9000 952f2000   dxgmms1  dxgmms1.sys  Wed Feb 02 22:45:05 2011 (4D4A24C1)
953d7000 953e2000   fdc      fdc.sys      Mon Jul 13 19:45:45 2009 (4A5BC729)
8d707000 8d718000   fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
95472000 9547c000   flpydisk flpydisk.sys Mon Jul 13 19:45:45 2009 (4A5BC729)
843a8000 843dc000   fltmgr   fltmgr.sys   Mon Jul 13 19:11:13 2009 (4A5BBF11)
8d9e8000 8d9f1000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:11:14 2009 (4A5BBF12)
8db88000 8dbba000   fvevol   fvevol.sys   Sat Nov 20 03:40:22 2010 (4CE78976)
8dd88000 8ddb9000   fwpkclnt fwpkclnt.sys Sat Nov 20 03:39:08 2010 (4CE7892C)
953ec000 953f1280   GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:16:53 2009 (4A1151B5)
83414000 8344b000   hal      halmacpi.dll Sat Nov 20 03:37:38 2010 (4CE788D2)
952f2000 95311000   HDAudBus HDAudBus.sys Sat Nov 20 04:59:28 2010 (4CE79C00)
96371000 96384000   HIDCLASS HIDCLASS.SYS Sat Nov 20 04:59:37 2010 (4CE79C09)
96384000 9638a480   HIDPARSE HIDPARSE.SYS Mon Jul 13 19:50:59 2009 (4A5BC863)
96366000 96371000   hidusb   hidusb.sys   Sat Nov 20 04:59:38 2010 (4CE79C0A)
954f1000 95576000   HTTP     HTTP.sys     Sat Nov 20 03:40:17 2010 (4CE78971)
8dde2000 8ddea000   hwpolicy hwpolicy.sys Sat Nov 20 03:37:35 2010 (4CE788CF)
8d664000 8d66b000   intelide intelide.sys Mon Jul 13 19:11:19 2009 (4A5BBF17)
94b3c000 94b4e000   intelppm intelppm.sys Mon Jul 13 19:11:03 2009 (4A5BBF07)
94a17000 94a24000   kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
9639f000 963ab000   kbdhid   kbdhid.sys   Sat Nov 20 04:50:10 2010 (4CE799D2)
80b9e000 80ba6000   kdcom    kdcom.dll    Mon Jul 13 21:08:58 2009 (4A5BDAAA)
8d01f000 8d541000   kl1      kl1.sys      Wed Jun 09 09:24:39 2010 (4C0F9617)
8d00c000 8d012000   kl2      kl2.sys      Wed Jun 09 09:24:35 2010 (4C0F9613)
8d770000 8d7f3000   klif     klif.sys     Fri Aug 06 13:16:02 2010 (4C5C4352)
96396000 9639f000   klmouflt klmouflt.sys Mon Nov 02 11:26:08 2009 (4AEF0820)
83600000 83634000   ks       ks.sys       Sat Nov 20 04:50:17 2010 (4CE799D9)
8d96a000 8d97d000   ksecdd   ksecdd.sys   Sat Nov 20 03:38:54 2010 (4CE7891E)
8db24000 8db49000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:34:00 2009 (4A5BC468)
9a71a000 9a72a000   lltdio   lltdio.sys   Mon Jul 13 19:53:18 2009 (4A5BC8EE)
9a6c0000 9a6db000   luafv    luafv.sys    Mon Jul 13 19:15:44 2009 (4A5BC020)
a33ed000 a33f1a80   LVPr2Mon LVPr2Mon.sys Fri May 07 21:36:25 2010 (4BE4C019)
9a635000 9a678a00   lvrs     lvrs.sys     Tue Nov 09 21:38:10 2010 (4CDA0592)
9a203000 9a620c80   lvuvc    lvuvc.sys    Tue Nov 09 21:38:23 2010 (4CDA059F)
83638000 836bd000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 07:00:54 2010 (4CE7B876)
9a6b5000 9a6c0000   monitor  monitor.sys  Mon Jul 13 19:25:58 2009 (4A5BC286)
8d012000 8d01f000   mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
9638b000 96396000   mouhid   mouhid.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
8d680000 8d696000   mountmgr mountmgr.sys Sat Nov 20 03:38:09 2010 (4CE788F1)
9a7ac000 9a7be000   mpsdrv   mpsdrv.sys   Mon Jul 13 19:52:52 2009 (4A5BC8D4)
9a7be000 9a7e1000   mrxsmb   mrxsmb.sys   Sat Nov 20 03:42:40 2010 (4CE78A00)
963ab000 963e6000   mrxsmb10 mrxsmb10.sys Sat Nov 20 03:44:15 2010 (4CE78A5F)
9a7e1000 9a7fc000   mrxsmb20 mrxsmb20.sys Sat Nov 20 03:42:47 2010 (4CE78A07)
8d600000 8d60b000   Msfs     Msfs.SYS     Mon Jul 13 19:11:26 2009 (4A5BBF1E)
843dc000 843e4000   msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
8d93f000 8d96a000   msrpc    msrpc.sys    Mon Jul 13 19:11:59 2009 (4A5BBF3F)
94a7b000 94a85000   mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
8dc2d000 8dc3d000   mup      mup.sys      Mon Jul 13 19:14:14 2009 (4A5BBFC6)
8da2f000 8dae6000   ndis     ndis.sys     Sat Nov 20 03:39:19 2010 (4CE78937)
95800000 9580b000   ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
9a770000 9a780000   ndisuio  ndisuio.sys  Sat Nov 20 05:06:36 2010 (4CE79DAC)
94ba5000 94bc7000   ndiswan  ndiswan.sys  Sat Nov 20 05:07:48 2010 (4CE79DF4)
9547c000 9548d000   NDProxy  NDProxy.SYS  Sat Nov 20 05:07:39 2010 (4CE79DEB)
94dd6000 94de4000   netbios  netbios.sys  Mon Jul 13 19:53:54 2009 (4A5BC912)
94c77000 94ca9000   netbt    netbt.sys    Sat Nov 20 03:39:22 2010 (4CE7893A)
8dae6000 8db24000   NETIO    NETIO.SYS    Sat Nov 20 03:40:03 2010 (4CE78963)
8d60b000 8d619000   Npfs     Npfs.SYS     Mon Jul 13 19:11:31 2009 (4A5BBF23)
94a71000 94a7b000   nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
83002000 83414000   nt       ntkrpamp.exe Sat Nov 20 03:42:49 2010 (4CE78A09)
8d810000 8d93f000   Ntfs     Ntfs.sys     Sat Nov 20 03:39:08 2010 (4CE7892C)
8da11000 8da18000   Null     Null.SYS     Mon Jul 13 19:11:12 2009 (4A5BBF10)
9a72a000 9a770000   nwifi    nwifi.sys    Mon Jul 13 19:51:59 2009 (4A5BC89F)
94cb9000 94cd8000   pacer    pacer.sys    Mon Jul 13 19:53:58 2009 (4A5BC916)
95f9c000 95fb4000   parport  parport.sys  Mon Jul 13 19:45:34 2009 (4A5BC71E)
8422a000 8423b000   partmgr  partmgr.sys  Sat Nov 20 03:38:14 2010 (4CE788F6)
963e6000 963ed000   parvdm   parvdm.sys   Mon Jul 13 19:45:29 2009 (4A5BC719)
84200000 8422a000   pci      pci.sys      Sat Nov 20 03:37:57 2010 (4CE788E5)
8d679000 8d680000   pciide   pciide.sys   Mon Jul 13 19:11:19 2009 (4A5BBF17)
8d66b000 8d679000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:11:15 2009 (4A5BBF13)
8d718000 8d751000   PCTCore  PCTCore.sys  Sun Mar 28 18:47:11 2010 (4BAFDC6F)
8d9da000 8d9e8000   pcw      pcw.sys      Mon Jul 13 19:11:10 2009 (4A5BBF0E)
a3214000 a32ab000   peauth   peauth.sys   Mon Jul 13 20:35:44 2009 (4A5BD2E0)
954a9000 954d8000   portcls  portcls.sys  Mon Jul 13 19:51:00 2009 (4A5BC864)
836bd000 836ce000   PSHED    PSHED.dll    Mon Jul 13 21:09:36 2009 (4A5BDAD0)
94b8d000 94ba5000   rasl2tp  rasl2tp.sys  Mon Jul 13 19:54:33 2009 (4A5BC939)
94bc7000 94bdf000   raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
94bdf000 94bf6000   raspptp  raspptp.sys  Mon Jul 13 19:54:47 2009 (4A5BC947)
94a00000 94a17000   rassstp  rassstp.sys  Mon Jul 13 19:54:57 2009 (4A5BC951)
94a30000 94a71000   rdbss    rdbss.sys    Sat Nov 20 03:42:44 2010 (4CE78A04)
9580b000 95815000   rdpbus   rdpbus.sys   Mon Jul 13 20:02:40 2009 (4A5BCB20)
8d800000 8d808000   RDPCDD   RDPCDD.sys   Sat Nov 20 05:22:19 2010 (4CE7A15B)
8d808000 8d810000   rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
8d7f3000 8d7fb000   rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
8dc00000 8dc2d000   rdyboost rdyboost.sys Sat Nov 20 04:00:07 2010 (4CE78E17)
9a780000 9a793000   rspndr   rspndr.sys   Mon Jul 13 19:53:20 2009 (4A5BC8F0)
95376000 953c8000   Rt86win7 Rt86win7.sys Thu Jan 13 06:56:25 2011 (4D2EE869)
9600e000 9634c940   RTKVHDA  RTKVHDA.sys  Thu Feb 24 05:17:00 2011 (4D66301C)
953c8000 953d7000   Rtnicxp  Rtnicxp.sys  Thu Jul 23 10:02:57 2009 (4A686D91)
94c13000 94c19000   SASDIFSV SASDIFSV.SYS Wed Feb 17 13:19:19 2010 (4B7C3327)
837d4000 837f6000   SASKUTIL SASKUTIL.SYS Mon May 10 13:15:22 2010 (4BE83F2A)
8433a000 84360000   SCSIPORT SCSIPORT.SYS Sat Nov 20 04:50:55 2010 (4CE799FF)
a32ab000 a32b5000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
953e2000 953ec000   serenum  serenum.sys  Mon Jul 13 19:45:27 2009 (4A5BC717)
94de4000 94dfe000   serial   serial.sys   Mon Jul 13 19:45:33 2009 (4A5BC71D)
8ddda000 8dde2000   spldr    spldr.sys    Mon May 11 12:13:47 2009 (4A084EBB)
8423e000 84331000   sptd     sptd.sys     Sun Oct 11 16:54:02 2009 (4AD245EA)
a339c000 a33ed000   srv      srv.sys      Sat Nov 20 03:45:29 2010 (4CE78AA9)
a334d000 a339c000   srv2     srv2.sys     Sat Nov 20 03:44:35 2010 (4CE78A73)
a331f000 a3340000   srvnet   srvnet.sys   Sat Nov 20 03:44:27 2010 (4CE78A6B)
95200000 95201380   swenum   swenum.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
8dc3e000 8dd88000   tcpip    tcpip.sys    Sat Nov 20 03:41:36 2010 (4CE789C0)
a3340000 a334d000   tcpipreg tcpipreg.sys Sat Nov 20 05:07:13 2010 (4CE79DD1)
8d000000 8d00c000   TDI      TDI.SYS      Sat Nov 20 03:39:18 2010 (4CE78936)
8d5e1000 8d5f8000   tdx      tdx.sys      Sat Nov 20 03:39:17 2010 (4CE78935)
837c3000 837d4000   termdd   termdd.sys   Sat Nov 20 05:21:10 2010 (4CE7A116)
9cb20000 9cb29000   TSDDD    TSDDD.dll    Mon Jul 13 20:01:40 2009 (4A5BCAE4)
94b1b000 94b3c000   tunnel   tunnel.sys   Sat Nov 20 05:06:40 2010 (4CE79DB0)
95420000 9542e000   umbus    umbus.sys    Sat Nov 20 05:00:23 2010 (4CE79C37)
8ddc2000 8ddda000   US4Vista US4Vista.sys Thu Sep 24 17:03:03 2009 (4ABBDE87)
9a621000 9a634b80   usbaudio usbaudio.sys Sat Nov 20 04:59:43 2010 (4CE79C0F)
9634d000 96364000   usbccgp  usbccgp.sys  Sat Nov 20 05:00:08 2010 (4CE79C28)
96364000 96365700   USBD     USBD.SYS     Mon Jul 13 19:51:05 2009 (4A5BC869)
95367000 95376000   usbehci  usbehci.sys  Sat Nov 20 04:59:43 2010 (4CE79C0F)
9542e000 95472000   usbhub   usbhub.sys   Sat Nov 20 05:00:34 2010 (4CE79C42)
9531c000 95367000   USBPORT  USBPORT.SYS  Sat Nov 20 04:59:49 2010 (4CE79C15)
95311000 9531c000   usbuhci  usbuhci.sys  Mon Jul 13 19:51:10 2009 (4A5BC86E)
843e4000 843ef000   vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
8da1f000 8da2b000   vga      vga.sys      Mon Jul 13 19:25:50 2009 (4A5BC27E)
8d5c0000 8d5e1000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
8d696000 8d6bf180   vmbus    vmbus.sys    Sat Nov 20 04:14:58 2010 (4CE79192)
8ddb9000 8ddc1380   vmstorfl vmstorfl.sys Sat Nov 20 04:14:37 2010 (4CE7917D)
843ef000 843ff000   volmgr   volmgr.sys   Sat Nov 20 03:38:06 2010 (4CE788EE)
8d619000 8d664000   volmgrx  volmgrx.sys  Mon Jul 13 19:11:41 2009 (4A5BBF2D)
8db49000 8db88000   volsnap  volsnap.sys  Sat Nov 20 03:38:13 2010 (4CE788F5)
94c00000 94c13000   wanarp   wanarp.sys   Sat Nov 20 05:07:45 2010 (4CE79DF1)
8d9f1000 8d9fe000   watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
8d541000 8d5b2000   Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)
8d5b2000 8d5c0000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:11:25 2009 (4A5BBF1D)
94cb2000 94cb9000   wfplwf   wfplwf.sys   Mon Jul 13 19:53:51 2009 (4A5BC90F)
9c8c0000 9cb0d000   win32k   win32k.sys   Tue Jan 04 22:50:40 2011 (4D23EA90)
8d6c0000 8d6d2000   winhv    winhv.sys    Sat Nov 20 03:38:15 2010 (4CE788F7)
84331000 8433a000   WMILIB   WMILIB.SYS   Mon Jul 13 19:11:22 2009 (4A5BBF1A)
94ca9000 94cb2000   ws2ifsl  ws2ifsl.sys  Mon Jul 13 19:55:01 2009 (4A5BC955)
9a6db000 9a6f5000   WudfPf   WudfPf.sys   Sat Nov 20 04:58:55 2010 (4CE79BDF)

Unloaded modules:
a32b5000 a331f000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0006A000
8dbdf000 8dbec000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
8dbec000 8dbf7000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
8dbf7000 8dc00000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00009000
8da00000 8da11000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
94cd8000 94ce0000   klim6.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00008000
 
Alright, But, i've been using kaspersky all along,and my computer it didnt crash before, just lately. any ideas ? :confused: besides , i never crashed while using, just when i left it on and went to bed, next thing i woke up and i find my computer has been restarted, and window's error report thingy poped out. fyi, my computer does not hibernate automatically, i set it only turn off the display after 15 minutes. any other cause might be the one, please guide and assist. looking forward.
 
Last edited:
Both of those dump files identify a driver called
US4Vista.sys (Universal Shield Filter Driver) a product of software produce by EverStrike Software.
I would start there by either updating the software, uninstalling the software or as a last resort renaming the two associated files with a .OLD extension.
US4Vista.sys
and
US30Kbd2K.sys
you have several other older drivers that may also be causing some issues but start there.
Code:
NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 001904fb
Arg2: 8d8dc6fc
Arg3: 8d8dc2e0
Arg4: 8bc01e32
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for [U][B][COLOR=#B22222]US4Vista.sys
[/COLOR][/B][/U]*** ERROR: Module load completed but symbols could not be loaded for US4Vista.sys
*** WARNING: Unable to verify timestamp for eamon.sys
*** ERROR: Module load completed but symbols could not be loaded for eamon.sys
EXCEPTION_RECORD:  8d8dc6fc -- (.exr 0xffffffff8d8dc6fc)
ExceptionAddress: 8bc01e32 (US[U][B][COLOR=#B22222]4Vista+0[/COLOR][/B][/U]x00001e32)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 6a708621
Attempt to read from address 6a708621
CONTEXT:  8d8dc2e0 -- (.cxr 0xffffffff8d8dc2e0)
eax=6a708621 ebx=8824eec8 ecx=8621c398 edx=8824ef00 esi=8824eec8 edi=83166005
eip=8bc01e32 esp=8d8dc7c4 ebp=8d8dc81c iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
US4Vista+0x1e32:
8bc01e32 8b00            mov     eax,dword ptr [eax]  ds:0023:6a708621=????????
Resetting default scope
CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
PROCESS_NAME:  explorer.exe
CURRENT_IRQL:  0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1:  00000000
EXCEPTION_PARAMETER2:  6a708621
READ_ADDRESS: GetPointerFromAddress: unable to read from 831af718
Unable to read MiSystemVaType memory at 8318f160
 6a708621 
FOLLOWUP_IP: 
[U][B][COLOR=#B22222]US4Vista[/COLOR][/B][/U]+1e32
8bc01e32 8b00            mov     eax,dword ptr [eax]
FAULTING_IP: 
[U][B][COLOR=#B22222]US4Vista[/COLOR][/B][/U]+1e32
8bc01e32 8b00            mov     eax,dword ptr [eax]
BUGCHECK_STR:  0x24
LAST_CONTROL_TRANSFER:  from 8bc0243a to 8bc01e32
STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
8d8dc81c 8bc0243a 8824ef00 0000003c 00000800 US[U][B][COLOR=#B22222]4Vista+0[/COLOR][/B][/U]x1e32
8d8dc85c 830afb33 885475c0 8621c398 00000000 [COLOR=#B22222][U][B]US4Vista[/B][/U][/COLOR]+0x243a
8d8dc8a0 8b827a7b 00000000 9cc780f8 8ab62638 nt!IopfCompleteRequest+0x128
8d8dc8b8 8b8a8c0c 8ab62638 8621c398 00000000 Ntfs!NtfsExtendedCompleteRequestInternal+0x107
8d8dcab4 8b8c6783 8ab62638 8621c398 882fe0d8 Ntfs!NtfsQueryDirectory+0xfb4
8d8dcae8 8b8c64fa 8ab62638 9cc78298 0608506a Ntfs!NtfsCommonDirectoryControl+0x21d
8d8dcb50 830834bc 882fe020 8621c398 8621c398 Ntfs!NtfsFsdDirectoryControl+0xf7
8d8dcb68 8b40620c 882f5ed8 8621c398 00000000 nt!IofCallDriver+0x63
8d8dcb8c 8b4063cb 8d8dcbac 882f5ed8 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa
8d8dcbc4 830834bc 882f5ed8 8621c398 8621c5f8 fltmgr!FltpDispatch+0xc5
8d8dcbdc 8bc02697 00000000 885475c0 8a7a7aa8 nt!IofCallDriver+0x63
8d8dcbf8 8bc0378a 85aa47c8 88547678 8d8dcc20 [COLOR=#B22222][U][B]US4Vista[/B][/U][/COLOR]+0x2697
8d8dcc08 830834bc 885475c0 8621c398 8621c398 US[U][B][COLOR=#B22222]4Vista+0[/COLOR][/B][/U]x378a
8d8dcc20 8b40620c 8a5baed8 8621c398 00000000 nt!IofCallDriver+0x63
8d8dcc44 8b4063cb 8d8dcc64 8a5baed8 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x2aa
8d8dcc7c 830834bc 8a5baed8 8621c398 8621c5dc fltmgr!FltpDispatch+0xc5
8d8dcc94 984e2253 8a164b40 8a5e72e8 00000000 nt!IofCallDriver+0x63
8d8dcca8 830834bc 8a5e72e8 8621c398 8621c398 eamon+0x5253
8d8dccc0 83284f6e 00000df0 02a3d5b8 832c16bf nt!IofCallDriver+0x63
8d8dcce0 832c171a 8a5e72e8 8a164b40 00000001 nt!IopSynchronousServiceTail+0x1f8
8d8dcd00 8308a44a 00000df0 00000000 00000000 nt!NtQueryDirectoryFile+0x5b
8d8dcd00 77c464f4 00000df0 00000000 00000000 nt!KiFastCallEntry+0x12a
02a3d7e4 00000000 00000000 00000000 00000000 0x77c464f4

SYMBOL_STACK_INDEX:  0
SYMBOL_NAME:  [COLOR=#B22222][U][B]US4Vista[/B][/U][/COLOR]+1e32
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: US4Vista
IMAGE_NAME:  [U][B][COLOR=#B22222]US4Vista.sys[/COLOR][/B][/U]
DEBUG_FLR_IMAGE_TIMESTAMP:  49f1fd7f
STACK_COMMAND:  .cxr 0xffffffff8d8dc2e0 ; kb
FAILURE_BUCKET_ID:  0x24_US4Vista+1e32
BUCKET_ID:  0x24_[U][B][COLOR=#B22222]US4Vista[/COLOR][/B][/U]+1e32
Followup: MachineOwner
 
Thanks for the quick response.

However, I realized that the dump file I attached were way to old - dating back to January. I am attaching the most recent ones. Please let me know if the issue is still the same.

Also, if you could, please tell me what I should do, and how can I identify old drivers and update them so as to prevent this problem forever and ever.

Thanks again for all your help.
Gagan
 

Attachments

  • 081611-27908-01.dmp
    138.9 KB · Views: 239
  • 082011-26239-01.dmp
    138.9 KB · Views: 267
Last edited:
Yep, 082011-26239-01.dmp reporting same driver issue.
As far as the other question, while having the most current up to date drivers on your system is generally considered a good thing, you should also understand that an old driver is not in every case necessarily a bad thing and that such things should be addressed on a case by case basis and adjustments made accordingly. Most often the actual drivers you need to focus on are associated with your installed hardware (MoBo Chipset and BIOS, Video Card, Sound Card, NIC, etc.,) however some software products install drivers as well and in those instances you're better off after having identified them, either checking the software vendors support areas for updates or newer versions or their respective community forums for other users having similar issues or forums such as this where members may have specific experience with a particular software product (like Daemon Tools / sptd.sys).
Now you could use a product like DriverView from Nirsoft to get a look at those installed on your system but you need some experience and a frame of reference in really associating a particular driver with a particular problem.
 
Thanks yet again. What about the other dump file? What caused that error? And can you list down the names of my drivers that I shuld update? Also, you mentioned adding .old at the end of the file helps. can u plz explain that.
Thanks.
 
You're welcome.
I only recommended changing the file extension to .OLD as a last resort after I recommended updating the associated software if the vendor has interim updates, or upgrading the associated software if the vendor does not have any updated drivers and requires that a new version be obtained in order to be compatable with Windows 7 or uninstalling the software all together to advance the diagnostic process. Renaming the file extension to .OLD or .BAK if you prefer will theoretically prevent the driver from being loaded at startup and hopefully prevent the associated BSOD.
If we can address this problem one step at a time it would perhaps be better for everyone concerned and then you could post a new .dmp file if Blue Screens persist.
You have many old drivers as I've mentioned earlier they may or may not be contributing to the current issue for instance you appear to have a very old version of Eset Nod installed on your system and its' associated drivers
eamon.sys
ehdrv.sys
epfwwfpr.sys
are all from September of 2009, that's way too old. Would I suggest addressing that issue, yes, by updating, upgrading or uninstalling by using these recommendations from the vendor. And then as per the instructions manually confirming that the folders and files are not longer on your computer.
You can use the utility from Nirsoft that I linked to earlier to see the drivers that are loaded on your system, their dates, version number and names and then use google to see more information regarding their associated software or in some cases hardware and check with the vendor to see if updates are available. But as I have already indicated all old drivers are not necessarily bad I have an older Linksys USB network dongle and the associated driver is 4.1.20.0 11/30/2006, never been a problem.
 
Back
Top