Random restarts and drivers at fault

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by Justin4758, Jan 1, 2011.

  1. Justin4758

    Justin4758 New Member

    Joined:
    Jan 1, 2011
    Messages:
    14
    Likes Received:
    0
    HI

    I have been having a lot of random restarts (bluescreen) about 2 days ago, i tried system restore which didnt work and doesnt crash in safe mode but using bluescreen view it seems that the a4sodqz9.sys and ntoskrnl.exe are at most of the fault with win32k.sys and ataport.sys causing some of the crashes.

    Do i have to replace these drivers or what. This is so annoying, and Crossfire has also stopped working as well which was partially due to system restore i think.

    HELP MUCH APPRECIAtED
     
  2. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
  3. Justin4758

    Justin4758 New Member

    Joined:
    Jan 1, 2011
    Messages:
    14
    Likes Received:
    0
  4. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    [​IMG]




    Memory is set right.

    Attach the .dmp's from C:\Windows\Minidump.
     
  5. Justin4758

    Justin4758 New Member

    Joined:
    Jan 1, 2011
    Messages:
    14
    Likes Received:
    0
    Here are the minidump files
     

    Attached Files:

  6. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    [​IMG]



    1. Uninstall AVG and replace it with MSE:

    AVG - Download tools

    http://www.microsoft.com/security_essentials/



    2. Update drivers:


    dvmio.sys Tue Nov 10 23:38:32 2009
    devicevm/splashtop software

    vstor2-ws60.sys Mon Oct 12 17:06:26 2009
    VMware




    3. If it keeps crashing after you uninstall AVG and update drivers, run memtest 10 passes overnight:

    Memtest86+ - Advanced Memory Diagnostic Tool





    Crash Dumps:

    Code:
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\a\Minidump\D M P\DMP\010111-27222-01-dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
    Machine Name:
    Kernel base = 0xfffff800`02c56000 PsLoadedModuleList = 0xfffff800`02e93e50
    Debug session time: Sat Jan  1 11:24:14.770 2011 (UTC - 5:00)
    System Uptime: 0 days 0:03:52.440
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .......................................................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck A, {0, 2, 0, fffff80002ce62b3}
    
    Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
    
    Followup: MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 0000000000000000, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, bitfield :
    	bit 0 : value 0 = read operation, 1 = write operation
    	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff80002ce62b3, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efe0e0
     0000000000000000 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    nt!IopCompleteRequest+ae3
    fffff800`02ce62b3 488b09          mov     rcx,qword ptr [rcx]
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xA
    
    PROCESS_NAME:  mscorsvw.exe
    
    IRP_ADDRESS:  ffffffffffffff89
    
    TRAP_FRAME:  fffff8800b1f5410 -- (.trap 0xfffff8800b1f5410)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff8800b1f5728 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80002ce62b3 rsp=fffff8800b1f55a0 rbp=fffff8800b1f56f0
     r8=fffffa8004e54720  r9=fffff8800b1f56a0 r10=0000000000000002
    r11=fffffa8004ca23d0 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz ac po cy
    nt!IopCompleteRequest+0xae3:
    fffff800`02ce62b3 488b09          mov     rcx,qword ptr [rcx] ds:0001:00000000`00000000=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80002cc5ca9 to fffff80002cc6740
    
    STACK_TEXT:  
    fffff880`0b1f52c8 fffff800`02cc5ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0b1f52d0 fffff800`02cc4920 : fffffa80`045e38e0 fffffa80`0373fee0 fffff880`00e161a0 00000000`00000002 : nt!KiBugCheckDispatch+0x69
    fffff880`0b1f5410 fffff800`02ce62b3 : fffff880`009e8180 fffffa80`055fcb60 00000000`00000001 00000000`00000017 : nt!KiPageFault+0x260
    fffff880`0b1f55a0 fffff800`02ca30c7 : 00000000`00000001 fffff880`0b1f5770 fffffa80`0448ee00 00000000`00000000 : nt!IopCompleteRequest+0xae3
    fffff880`0b1f5670 fffff800`02ca3487 : fffff6fc`400311f8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
    fffff880`0b1f56f0 fffff800`02ce7fe7 : 00000000`00000000 00000000`00000000 fffffa80`05b8ca70 fffffa80`05b8c9a0 : nt!KiApcInterrupt+0xd7
    fffff880`0b1f5880 fffff800`02cc8ae8 : 00000000`0000008b 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmUnlockPages+0x107
    fffff880`0b1f5910 fffffa80`046e58fc : 00000000`00000000 00000000`00000000 fffffa80`05b8ca70 00000000`00000000 : nt!IopfCompleteRequest+0x168
    fffff880`0b1f59f0 00000000`00000000 : 00000000`00000000 fffffa80`05b8ca70 00000000`00000000 fffff6fb`7dbed000 : 0xfffffa80`046e58fc
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!KiPageFault+260
    fffff800`02cc4920 440f20c0        mov     rax,cr8
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!KiPageFault+260
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9
    
    FAILURE_BUCKET_ID:  X64_0xA_nt!KiPageFault+260
    
    BUCKET_ID:  X64_0xA_nt!KiPageFault+260
    
    Followup: MachineOwner
    ---------
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\a\Minidump\D M P\DMP\010111-31949-01-dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Mini Kernel Dump does not have process information
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
    Machine Name:
    Kernel base = 0xfffff800`02c58000 PsLoadedModuleList = 0xfffff800`02e95e50
    Debug session time: Fri Dec 31 19:41:49.846 2010 (UTC - 5:00)
    System Uptime: 0 days 0:01:46.516
    Loading Kernel Symbols
    ....................................................
    Loading User Symbols
    Missing image name, possible paged-out or corrupt data.
    Loading unloaded module list
    .
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 7F, {8, 80050033, 6f8, fffff80002ca50d2}
    
    Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
    
    Followup: MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    UNEXPECTED_KERNEL_MODE_TRAP (7f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
    Arg2: 0000000080050033
    Arg3: 00000000000006f8
    Arg4: fffff80002ca50d2
    
    Debugging Details:
    ------------------
    
    
    BUGCHECK_STR:  0x7f_8
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    CURRENT_IRQL:  1
    
    LAST_CONTROL_TRANSFER:  from fffff80002cc7ca9 to fffff80002cc8740
    
    STACK_TEXT:  
    fffff880`009eec68 fffff800`02cc7ca9 : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
    fffff880`009eec70 fffff800`02cc6172 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
    fffff880`009eedb0 fffff800`02ca50d2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
    fffff87f`fffffff0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1e2
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!KiDoubleFaultAbort+b2
    fffff800`02cc6172 90              nop
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!KiDoubleFaultAbort+b2
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9
    
    FAILURE_BUCKET_ID:  X64_0x7f_8_nt!KiDoubleFaultAbort+b2
    
    BUCKET_ID:  X64_0x7f_8_nt!KiDoubleFaultAbort+b2
    
    Followup: MachineOwner
    ---------
    
    
    
    
    
    
    
    
    
    
    
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\a\Minidump\D M P\DMP\010111-37643-01-dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
    Machine Name:
    Kernel base = 0xfffff800`02c15000 PsLoadedModuleList = 0xfffff800`02e52e50
    Debug session time: Sat Jan  1 11:01:54.082 2011 (UTC - 5:00)
    System Uptime: 0 days 0:06:23.643
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ........................................................
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D1, {fffff8800aaf7738, 2, 1, fffff8800118b074}
    
    Unable to load image \SystemRoot\System32\Drivers\sptd.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for sptd.sys
    *** ERROR: Module load completed but symbols could not be loaded for sptd.sys
    Probably caused by : ataport.SYS ( ataport!memmove+64 )
    
    Followup: MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: fffff8800aaf7738, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
    Arg4: fffff8800118b074, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ebd0e0
     fffff8800aaf7738 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    ataport!memmove+64
    fffff880`0118b074 488901          mov     qword ptr [rcx],rax
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xD1
    
    PROCESS_NAME:  System
    
    TRAP_FRAME:  fffff88002f22ad0 -- (.trap 0xfffff88002f22ad0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffff8800aaf7738
    rdx=000001fff9bca988 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8800118b074 rsp=fffff88002f22c68 rbp=fffffa80046c37d0
     r8=0000000000000012  r9=0000000000000002 r10=fffffa800469b610
    r11=fffff8800aaf7738 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz ac pe nc
    ataport!memmove+0x64:
    fffff880`0118b074 488901          mov     qword ptr [rcx],rax ds:18d0:fffff880`0aaf7738=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80002c84ca9 to fffff80002c85740
    
    STACK_TEXT:  
    fffff880`02f22988 fffff800`02c84ca9 : 00000000`0000000a fffff880`0aaf7738 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`02f22990 fffff800`02c83920 : fffffa80`05ed18d0 00000000`00000002 fffffa80`0469a1a0 00000000`00000001 : nt!KiBugCheckDispatch+0x69
    fffff880`02f22ad0 fffff880`0118b074 : fffff880`011844a5 00000000`00000001 fffff880`03d231c6 fffff880`02f22cb4 : nt!KiPageFault+0x260
    fffff880`02f22c68 fffff880`011844a5 : 00000000`00000001 fffff880`03d231c6 fffff880`02f22cb4 fffffa80`05eae3d0 : ataport!memmove+0x64
    fffff880`02f22c70 fffff880`011840ec : fffffa80`0469a1a0 00000000`00000000 fffffa80`0469a1a0 fffffa80`04281980 : ataport!IdeProcessCompletedRequests+0x18d
    fffff880`02f22da0 fffff880`00ef54ce : fffffa80`043c7000 fffff880`02f22e88 fffffa80`0469a050 fffffa80`043c7750 : ataport!IdePortCompletionDpc+0x1a8
    fffff880`02f22e60 fffffa80`043c7000 : fffff880`02f22e88 fffffa80`0469a050 fffffa80`043c7750 fffffa80`036a8d00 : sptd+0x424ce
    fffff880`02f22e68 fffff880`02f22e88 : fffffa80`0469a050 fffffa80`043c7750 fffffa80`036a8d00 01cba9cd`357ae2b2 : 0xfffffa80`043c7000
    fffff880`02f22e70 fffffa80`0469a050 : fffffa80`043c7750 fffffa80`036a8d00 01cba9cd`357ae2b2 00000000`00002cea : 0xfffff880`02f22e88
    fffff880`02f22e78 fffffa80`043c7750 : fffffa80`036a8d00 01cba9cd`357ae2b2 00000000`00002cea 00000000`00000022 : 0xfffffa80`0469a050
    fffff880`02f22e80 fffffa80`036a8d00 : 01cba9cd`357ae2b2 00000000`00002cea 00000000`00000022 00000000`00000000 : 0xfffffa80`043c7750
    fffff880`02f22e88 01cba9cd`357ae2b2 : 00000000`00002cea 00000000`00000022 00000000`00000000 00000000`00000000 : 0xfffffa80`036a8d00
    fffff880`02f22e90 00000000`00002cea : 00000000`00000022 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1cba9cd`357ae2b2
    fffff880`02f22e98 00000000`00000022 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0469a118 : 0x2cea
    fffff880`02f22ea0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`0469a118 fffffa80`0469a050 : 0x22
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    ataport!memmove+64
    fffff880`0118b074 488901          mov     qword ptr [rcx],rax
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  ataport!memmove+64
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: ataport
    
    IMAGE_NAME:  ataport.SYS
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc118
    
    FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64
    
    BUCKET_ID:  X64_0xD1_ataport!memmove+64
    
    Followup: MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: fffff8800aaf7738, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
    Arg4: fffff8800118b074, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WRITE_ADDRESS:  fffff8800aaf7738 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    ataport!memmove+64
    fffff880`0118b074 488901          mov     qword ptr [rcx],rax
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xD1
    
    PROCESS_NAME:  System
    
    TRAP_FRAME:  fffff88002f22ad0 -- (.trap 0xfffff88002f22ad0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffff8800aaf7738
    rdx=000001fff9bca988 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8800118b074 rsp=fffff88002f22c68 rbp=fffffa80046c37d0
     r8=0000000000000012  r9=0000000000000002 r10=fffffa800469b610
    r11=fffff8800aaf7738 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz ac pe nc
    ataport!memmove+0x64:
    fffff880`0118b074 488901          mov     qword ptr [rcx],rax ds:18d0:fffff880`0aaf7738=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80002c84ca9 to fffff80002c85740
    
    STACK_TEXT:  
    fffff880`02f22988 fffff800`02c84ca9 : 00000000`0000000a fffff880`0aaf7738 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`02f22990 fffff800`02c83920 : fffffa80`05ed18d0 00000000`00000002 fffffa80`0469a1a0 00000000`00000001 : nt!KiBugCheckDispatch+0x69
    fffff880`02f22ad0 fffff880`0118b074 : fffff880`011844a5 00000000`00000001 fffff880`03d231c6 fffff880`02f22cb4 : nt!KiPageFault+0x260
    fffff880`02f22c68 fffff880`011844a5 : 00000000`00000001 fffff880`03d231c6 fffff880`02f22cb4 fffffa80`05eae3d0 : ataport!memmove+0x64
    fffff880`02f22c70 fffff880`011840ec : fffffa80`0469a1a0 00000000`00000000 fffffa80`0469a1a0 fffffa80`04281980 : ataport!IdeProcessCompletedRequests+0x18d
    fffff880`02f22da0 fffff880`00ef54ce : fffffa80`043c7000 fffff880`02f22e88 fffffa80`0469a050 fffffa80`043c7750 : ataport!IdePortCompletionDpc+0x1a8
    fffff880`02f22e60 fffffa80`043c7000 : fffff880`02f22e88 fffffa80`0469a050 fffffa80`043c7750 fffffa80`036a8d00 : sptd+0x424ce
    fffff880`02f22e68 fffff880`02f22e88 : fffffa80`0469a050 fffffa80`043c7750 fffffa80`036a8d00 01cba9cd`357ae2b2 : 0xfffffa80`043c7000
    fffff880`02f22e70 fffffa80`0469a050 : fffffa80`043c7750 fffffa80`036a8d00 01cba9cd`357ae2b2 00000000`00002cea : 0xfffff880`02f22e88
    fffff880`02f22e78 fffffa80`043c7750 : fffffa80`036a8d00 01cba9cd`357ae2b2 00000000`00002cea 00000000`00000022 : 0xfffffa80`0469a050
    fffff880`02f22e80 fffffa80`036a8d00 : 01cba9cd`357ae2b2 00000000`00002cea 00000000`00000022 00000000`00000000 : 0xfffffa80`043c7750
    fffff880`02f22e88 01cba9cd`357ae2b2 : 00000000`00002cea 00000000`00000022 00000000`00000000 00000000`00000000 : 0xfffffa80`036a8d00
    fffff880`02f22e90 00000000`00002cea : 00000000`00000022 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1cba9cd`357ae2b2
    fffff880`02f22e98 00000000`00000022 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0469a118 : 0x2cea
    fffff880`02f22ea0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`0469a118 fffffa80`0469a050 : 0x22
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    ataport!memmove+64
    fffff880`0118b074 488901          mov     qword ptr [rcx],rax
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  ataport!memmove+64
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: ataport
    
    IMAGE_NAME:  ataport.SYS
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc118
    
    FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64
    
    BUCKET_ID:  X64_0xD1_ataport!memmove+64
    
    Followup: MachineOwner
    ---------
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\a\Minidump\D M P\DMP\123110-40544-01-dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
    Machine Name:
    Kernel base = 0xfffff800`02c11000 PsLoadedModuleList = 0xfffff800`02e4ee50
    Debug session time: Fri Dec 31 18:49:15.138 2010 (UTC - 5:00)
    System Uptime: 0 days 0:01:20.683
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ....................................................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1E, {ffffffffc0000005, fffff80002c85cd8, 0, ffffffffffffffff}
    
    Probably caused by : msrpc.sys ( msrpc!RpcpDuplicateTokenEx+6b )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KMODE_EXCEPTION_NOT_HANDLED (1e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Arguments:
    Arg1: ffffffffc0000005, The exception code that was not handled
    Arg2: fffff80002c85cd8, The address that the exception occurred at
    Arg3: 0000000000000000, Parameter 0 of the exception
    Arg4: ffffffffffffffff, Parameter 1 of the exception
    
    Debugging Details:
    ------------------
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    FAULTING_IP: 
    nt!KiTryUnwaitThread+28
    fffff800`02c85cd8 f0480fba6b4000  lock bts qword ptr [rbx+40h],0
    
    EXCEPTION_PARAMETER1:  0000000000000000
    
    EXCEPTION_PARAMETER2:  ffffffffffffffff
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb90e0
     ffffffffffffffff 
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    BUGCHECK_STR:  0x1E_c0000005
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    PROCESS_NAME:  WerFault.exe
    
    CURRENT_IRQL:  2
    
    EXCEPTION_RECORD:  fffff8800a5aaa28 -- (.exr 0xfffff8800a5aaa28)
    ExceptionAddress: fffff80002c85cd8 (nt!KiTryUnwaitThread+0x0000000000000028)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 0000000000000000
       Parameter[1]: ffffffffffffffff
    Attempt to read from address ffffffffffffffff
    
    TRAP_FRAME:  fffff8800a5aaad0 -- (.trap 0xfffff8800a5aaad0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff8800a5ab428 rbx=0000000000000000 rcx=fffff80002dfbe80
    rdx=fffff80002db5401 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80002c85cd8 rsp=fffff8800a5aac60 rbp=fffff8800a5aae10
     r8=0000000000000100  r9=0000000000000000 r10=0000000000000002
    r11=fffffa8006072810 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    nt!KiTryUnwaitThread+0x28:
    fffff800`02c85cd8 f0480fba6b4000  lock bts qword ptr [rbx+40h],0 ds:adc0:00000000`00000040=????????????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80002cbba39 to fffff80002c81740
    
    STACK_TEXT:  
    fffff880`0a5aa258 fffff800`02cbba39 : 00000000`0000001e ffffffff`c0000005 fffff800`02c85cd8 00000000`00000000 : nt!KeBugCheckEx
    fffff880`0a5aa260 fffff800`02c80d82 : fffff880`0a5aaa28 0000c824`ac894800 fffff880`0a5aaad0 00000000`00000000 : nt!KiDispatchException+0x1b9
    fffff880`0a5aa8f0 fffff800`02c7f68a : 00000000`00000000 fffff8a0`042e72a8 fffff880`0a5aaf88 00000000`00000000 : nt!KiExceptionDispatch+0xc2
    fffff880`0a5aaad0 fffff800`02c85cd8 : fffff8a0`042e6e3c fffff8a0`042e6e58 fffff8a0`042e6e68 fffff8a0`042d5000 : nt!KiGeneralProtectionFault+0x10a
    fffff880`0a5aac60 fffff800`02cfcf74 : fffffa80`06cfd960 fffff880`0a5aae10 00000000`00000000 00000000`00000000 : nt!KiTryUnwaitThread+0x28
    fffff880`0a5aacc0 fffff800`02c5e0c7 : 00103cb2`3d830000 fffff8a0`040d6ed0 00000000`00000000 fffff800`00000000 : nt! ?? ::FNODOBFM::`string'+0x3ca30
    fffff880`0a5aad90 fffff800`02c5e487 : fffff880`0a5ab110 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
    fffff880`0a5aae10 fffff800`02f79541 : fffff8a0`040d6f80 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiApcInterrupt+0xd7
    fffff880`0a5aafa0 fffff800`02f723d1 : fffff8a0`00000000 fffff8a0`042d5060 00000000`00000000 00000000`00000000 : nt!ObpCreateHandle+0xb1
    fffff880`0a5ab0b0 fffff800`02f28db3 : 00000000`0000000e fffff880`0a5ab6c0 00000000`ffffff00 fffff800`02dfbe00 : nt!ObInsertObjectEx+0x291
    fffff880`0a5ab2f0 fffff800`02c80993 : fffffa80`06dc7600 fffff880`0a5ab5b8 fffff880`0a5ab3a8 fffff8a0`042ea8f0 : nt!NtDuplicateToken+0x17b
    fffff880`0a5ab390 fffff800`02c7cf30 : fffff880`010aa8cb 00000000`00000001 fffff880`010ac1f6 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    fffff880`0a5ab598 fffff880`010aa8cb : 00000000`00000001 fffff880`010ac1f6 00000000`00000000 fffff8a0`00000000 : nt!KiServiceLinkage
    fffff880`0a5ab5a0 fffff880`010ab0bf : fffffa80`06dc7600 fffff8a0`03e0d300 00000000`00000001 fffffa80`cd637052 : msrpc!RpcpDuplicateTokenEx+0x6b
    fffff880`0a5ab620 fffff880`010ab37b : fffff8a0`042ea8f0 00000000`00000000 fffff8a0`042ea8f0 fffff8a0`03e0d300 : msrpc!LRPC_BASE_BINDING_HANDLE::BaseBindingCopy+0x1bf
    fffff880`0a5ab760 fffff880`010ae9d2 : fffff8a0`03e0d300 fffff8a0`03e0d300 00000000`00000001 00000000`00000058 : msrpc!LRPC_FAST_BINDING_HANDLE::BindingCopy+0x8b
    fffff880`0a5ab790 fffff960`003b54f3 : fffff8a0`0416ef00 fffff900`c2920900 00000000`00000001 00000000`000007ff : msrpc!RpcBindingCopy+0x42
    fffff880`0a5ab7c0 fffff960`001324b1 : fffff900`c2920900 00000000`00000000 fffffa80`06dc3b30 00000000`00000000 : win32k!PlaySoundPostMessage+0x77
    fffff880`0a5ab820 fffff960`0018d081 : fffff900`c2920900 fffff880`0a5abc20 00000000`00000000 fffff900`c2920900 : win32k!PostPlaySoundMessage+0x25
    fffff880`0a5ab850 fffff960`0018421f : fffff900`c2920900 fffff880`0a5abc20 00000000`ffffffff fffffa80`06dc3b30 : win32k!DestroyProcessInfo+0x125
    fffff880`0a5ab880 fffff960`0018431a : fffffa80`0541ce00 fffff900`c2920900 00000000`00000000 fffff880`0a5abc20 : win32k!xxxUserProcessCallout+0x15f
    fffff880`0a5ab8d0 fffff800`02f66a01 : fffffa80`0541ce60 00000000`00000000 00000000`00000000 fffffa80`06dc7600 : win32k!W32pProcessCallout+0x4e
    fffff880`0a5ab900 fffff800`02f3f635 : 00000000`00000000 fffff800`02f80101 fffffa80`78457300 00000000`00000000 : nt!PspExitThread+0x561
    fffff880`0a5ab9c0 fffff800`02c5e1db : fffffa80`06c3d001 fffffa80`06cbf010 00000000`00000000 00000000`00000000 : nt!PsExitSpecialApc+0x1d
    fffff880`0a5ab9f0 fffff800`02c5e620 : 00000000`00386d10 fffff880`0a5aba70 fffff800`02f3f74c 00000000`00000001 : nt!KiDeliverApc+0x2eb
    fffff880`0a5aba70 fffff800`02c80a37 : 00000000`00000000 00000000`76fa72a0 00000000`00001f80 fffff880`0a5abc20 : nt!KiInitiateUserApc+0x70
    fffff880`0a5abbb0 00000000`76ee008a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
    00000000`01e5f418 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76ee008a
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    msrpc!RpcpDuplicateTokenEx+6b
    fffff880`010aa8cb 85c0            test    eax,eax
    
    SYMBOL_STACK_INDEX:  d
    
    SYMBOL_NAME:  msrpc!RpcpDuplicateTokenEx+6b
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: msrpc
    
    IMAGE_NAME:  msrpc.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc17c
    
    FAILURE_BUCKET_ID:  X64_0x1E_c0000005_msrpc!RpcpDuplicateTokenEx+6b
    
    BUCKET_ID:  X64_0x1E_c0000005_msrpc!RpcpDuplicateTokenEx+6b
    
    Followup: MachineOwner
    ---------
    
    
    
    



    Drivers:

    Code:
    start             end                 module name
    fffff880`04d79000 fffff880`04dbe000   a4sodqz9 a4sodqz9.SYS Tue Jul 14 17:12:55 2009 (4A5CF4D7)
    fffff880`04dbe000 fffff880`04dcb000   Accelerometer Accelerometer.sys Fri Jul 16 11:02:38 2010 (4C40748E)
    fffff880`00d96000 fffff880`00ded000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
    fffff880`03a03000 fffff880`03a8d000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
    fffff880`04de9000 fffff880`04dff000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
    fffff880`02dcc000 fffff880`02de1000   amdppm   amdppm.sys   Mon Jul 13 19:19:25 2009 (4A5BC0FD)
    fffff880`0101b000 fffff880`01026000   amdxata  amdxata.sys  Tue May 19 13:56:59 2009 (4A12F2EB)
    fffff880`011cc000 fffff880`011d5000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`011d5000 fffff880`011ff000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
    fffff880`04f26000 fffff880`04f48000   AtiHdmi  AtiHdmi.sys  Thu Jan 28 20:03:36 2010 (4B6233E8)
    fffff880`03c33000 fffff880`043ef000   atikmdag atikmdag.sys Sun Sep 19 21:47:42 2010 (4C96BD3E)
    fffff880`02c00000 fffff880`02c4a000   atikmpag atikmpag.sys Sun Sep 19 21:21:01 2010 (4C96B6FD)
    fffff880`01447000 fffff880`0144f000   AtiPcie  AtiPcie.sys  Mon Aug 24 04:25:26 2009 (4A924E76)
    fffff960`008f0000 fffff960`00951000   ATMFD    ATMFD.DLL    Tue Oct 19 23:05:45 2010 (4CBE5C89)
    fffff880`02cb9000 fffff880`02cc4000   avgfwd6a avgfwd6a.sys Tue Oct 06 18:04:57 2009 (4ACBBF09)
    fffff880`027cd000 fffff880`027fa000   AVGIDSDriver AVGIDSDriver.sys Tue May 11 20:49:44 2010 (4BE9FB28)
    fffff880`0267e000 fffff880`0268a000   AVGIDSFilter AVGIDSFilter.sys Tue May 11 20:48:52 2010 (4BE9FAF4)
    fffff880`0143d000 fffff880`01447000   AVGIDSwa AVGIDSwa.sys Tue May 11 20:50:03 2010 (4BE9FB3B)
    fffff880`02d85000 fffff880`02dcc000   avgldx64 avgldx64.sys Thu Jun 03 17:06:48 2010 (4C081968)
    fffff880`03bc9000 fffff880`03bd0080   avgmfx64 avgmfx64.sys Sun Apr 25 17:06:15 2010 (4BD4AEC7)
    fffff880`01430000 fffff880`0143c0c0   avgrkx64 avgrkx64.sys Wed Feb 10 22:52:44 2010 (4B737F0C)
    fffff880`02cef000 fffff880`02d40000   avgtdia  avgtdia.sys  Thu Jun 03 17:09:57 2010 (4C081A25)
    fffff880`01135000 fffff880`01141000   BATTC    BATTC.SYS    Mon Jul 13 19:31:01 2009 (4A5BC3B5)
    fffff880`04817000 fffff880`04b06000   bcmwl664 bcmwl664.sys Mon Mar 22 23:08:39 2010 (4BA830B7)
    fffff880`01490000 fffff880`01497000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
    fffff880`03bb8000 fffff880`03bc9000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
    fffff880`07b7b000 fffff880`07b99000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
    fffff880`05dd9000 fffff880`05de9000   BthEnum  BthEnum.sys  Mon Jul 13 20:06:52 2009 (4A5BCC1C)
    fffff880`05bb6000 fffff880`05bd6000   bthpan   bthpan.sys   Mon Jul 13 20:07:00 2009 (4A5BCC24)
    fffff880`05d15000 fffff880`05da1000   bthport  bthport.sys  Mon Jul 13 20:06:56 2009 (4A5BCC20)
    fffff880`05cfd000 fffff880`05d15000   BTHUSB   BTHUSB.sys   Mon Jul 13 20:06:52 2009 (4A5BCC1C)
    fffff880`05c02000 fffff880`05cfd000   btwampfl btwampfl.sys Wed Jan 20 15:55:10 2010 (4B576DAE)
    fffff880`02691000 fffff880`02718000   btwaudio btwaudio.sys Wed Jan 20 15:53:46 2010 (4B576D5A)
    fffff880`05a00000 fffff880`05a7d000   btwavdt  btwavdt.sys  Wed Jan 13 19:03:59 2010 (4B4E5F6F)
    fffff880`02718000 fffff880`02726000   btwl2cap btwl2cap.sys Mon Dec 14 20:11:45 2009 (4B26E251)
    fffff880`02726000 fffff880`02729a00   btwrchid btwrchid.sys Wed Jan 13 19:05:35 2010 (4B4E5FCF)
    fffff960`007d0000 fffff960`007f7000   cdd      cdd.dll      Wed May 19 15:48:26 2010 (4BF4408A)
    fffff880`01200000 fffff880`0122a000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`00c00000 fffff880`00cc0000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
    fffff880`04e5d000 fffff880`04e6f000   circlass circlass.sys Mon Jul 13 20:06:34 2009 (4A5BCC0A)
    fffff880`01400000 fffff880`01430000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
    fffff880`00d09000 fffff880`00d67000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`04dcb000 fffff880`04dcf500   CmBatt   CmBatt.sys   Mon Jul 13 19:31:03 2009 (4A5BC3B7)
    fffff880`014a0000 fffff880`01513000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
    fffff880`0112c000 fffff880`01135000   compbatt compbatt.sys Mon Jul 13 19:31:02 2009 (4A5BC3B6)
    fffff880`04dd9000 fffff880`04de9000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
    fffff880`05da1000 fffff880`05daf000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
    fffff880`03b9a000 fffff880`03bb8000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
    fffff880`03b8b000 fffff880`03b9a000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
    fffff880`01625000 fffff880`0163b000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`04f85000 fffff880`04fa7000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
    fffff880`05dc6000 fffff880`05dd9000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
    fffff880`05dbb000 fffff880`05dc6000   dump_msahci dump_msahci.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
    fffff880`05daf000 fffff880`05dbb000   dump_pciidex dump_pciidex.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`03b83000 fffff880`03b8b000   dvmio    dvmio.sys    Tue Nov 10 23:38:32 2009 (4AFA3FC8)
    fffff880`05b50000 fffff880`05b5c000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
    fffff880`04460000 fffff880`04554000   dxgkrnl  dxgkrnl.sys  Thu Oct 01 21:00:14 2009 (4AC5509E)
    fffff880`04554000 fffff880`0459a000   dxgmms1  dxgmms1.sys  Mon Jul 13 19:38:32 2009 (4A5BC578)
    fffff880`04e81000 fffff880`04eb7000   fastfat  fastfat.SYS  Mon Jul 13 19:23:28 2009 (4A5BC1F0)
    fffff880`01072000 fffff880`01086000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
    fffff880`01026000 fffff880`01072000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
    fffff880`01524000 fffff880`0152e000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
    fffff880`015c4000 fffff880`015fe000   fvevol   fvevol.sys   Fri Sep 25 22:34:26 2009 (4ABD7DB2)
    fffff880`0152e000 fffff880`01578000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
    fffff880`04b5f000 fffff880`04b6c000   GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:17:04 2009 (4A1151C0)
    fffff800`031ed000 fffff800`03236000   hal      hal.dll      Mon Jul 13 21:27:36 2009 (4A5BDF08)
    fffff880`07a71000 fffff880`07a7d000   hcmon    hcmon.sys    Fri Jan 22 23:08:59 2010 (4B5A765B)
    fffff880`0459a000 fffff880`045be000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
    fffff880`0272a000 fffff880`02743000   HIDCLASS HIDCLASS.SYS Mon Jul 13 20:06:21 2009 (4A5BCBFD)
    fffff880`02743000 fffff880`0274b080   HIDPARSE HIDPARSE.SYS Mon Jul 13 20:06:17 2009 (4A5BCBF9)
    fffff880`0161b000 fffff880`01625000   hpdskflt hpdskflt.sys Fri Jul 16 11:02:38 2010 (4C40748E)
    fffff880`07ab3000 fffff880`07b7b000   HTTP     HTTP.sys     Mon Jul 13 19:22:16 2009 (4A5BC1A8)
    fffff880`01612000 fffff880`0161b000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
    fffff880`045be000 fffff880`045dc000   i8042prt i8042prt.sys Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`04beb000 fffff880`04bfa000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
    fffff800`00b96000 fffff800`00b99000   kdcom    kdcom.dll    Tue Nov 30 09:40:39 2010 (4CF50CE7)
    fffff880`04e1a000 fffff880`04e5d000   ks       ks.sys       Wed Mar 03 23:32:25 2010 (4B8F37D9)
    fffff880`013da000 fffff880`013f4000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
    fffff880`0178d000 fffff880`017b8000   ksecpkg  ksecpkg.sys  Fri Dec 11 01:03:32 2009 (4B21E0B4)
    fffff880`04fa7000 fffff880`04fac200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
    fffff880`027b8000 fffff880`027cd000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
    fffff880`0275a000 fffff880`0277d000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
    fffff880`00ce8000 fffff880`00cf5000   mcupdate mcupdate.dll Mon Jul 13 21:29:09 2009 (4A5BDF65)
    fffff880`0274c000 fffff880`0275a000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
    fffff880`04d6a000 fffff880`04d79000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
    fffff880`011b2000 fffff880`011cc000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`07b99000 fffff880`07bb1000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
    fffff880`07bb1000 fffff880`07bde000   mrxsmb   mrxsmb.sys   Sat Feb 27 02:52:19 2010 (4B88CF33)
    fffff880`07a00000 fffff880`07a4e000   mrxsmb10 mrxsmb10.sys Sat Feb 27 02:52:28 2010 (4B88CF3C)
    fffff880`07a4e000 fffff880`07a71000   mrxsmb20 mrxsmb20.sys Sat Feb 27 02:52:26 2010 (4B88CF3A)
    fffff880`01000000 fffff880`0100b000   msahci   msahci.sys   Mon Jul 13 20:01:01 2009 (4A5BCABD)
    fffff880`02c9d000 fffff880`02ca8000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
    fffff880`00fee000 fffff880`00ff8000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
    fffff880`01086000 fffff880`010e4000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
    fffff880`03b78000 fffff880`03b83000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
    fffff880`01600000 fffff880`01612000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
    fffff880`0163b000 fffff880`0172d000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
    fffff880`04c00000 fffff880`04c0c000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
    fffff880`02653000 fffff880`02666000   ndisuio  ndisuio.sys  Mon Jul 13 20:09:25 2009 (4A5BCCB5)
    fffff880`04400000 fffff880`0442f000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
    fffff880`04f11000 fffff880`04f26000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
    fffff880`03add000 fffff880`03aec000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
    fffff880`02d40000 fffff880`02d85000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
    fffff880`0172d000 fffff880`0178d000   NETIO    NETIO.SYS    Mon Jul 13 19:21:46 2009 (4A5BC18A)
    fffff880`02ca8000 fffff880`02cb9000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
    fffff880`03b6c000 fffff880`03b78000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
    fffff800`02c11000 fffff800`031ed000   nt       ntkrnlmp.exe Sat Jun 19 00:16:41 2010 (4C1C44A9)
    fffff880`01237000 fffff880`013da000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
    fffff880`01487000 fffff880`01490000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
    fffff880`02600000 fffff880`02653000   nwifi    nwifi.sys    Mon Jul 13 20:07:23 2009 (4A5BCC3B)
    fffff880`03aa1000 fffff880`03ac7000   pacer    pacer.sys    Mon Jul 13 20:09:41 2009 (4A5BCCC5)
    fffff880`01117000 fffff880`0112c000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
    fffff880`010e4000 fffff880`01117000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
    fffff880`0100b000 fffff880`0101b000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
    fffff880`01513000 fffff880`01524000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
    fffff880`07eea000 fffff880`07f90000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
    fffff880`04f48000 fffff880`04f85000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
    fffff880`00cf5000 fffff880`00d09000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
    fffff880`045dc000 fffff880`04600000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
    fffff880`0442f000 fffff880`0444a000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
    fffff880`03c00000 fffff880`03c21000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
    fffff880`02de1000 fffff880`02dfb000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
    fffff880`03b1b000 fffff880`03b6c000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
    fffff880`02c82000 fffff880`02c8b000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
    fffff880`02c8b000 fffff880`02c94000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
    fffff880`02c94000 fffff880`02c9d000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
    fffff880`017c0000 fffff880`017fa000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
    fffff880`05b8a000 fffff880`05bb6000   rfcomm   rfcomm.sys   Mon Jul 13 20:06:56 2009 (4A5BCC20)
    fffff880`02666000 fffff880`0267e000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
    fffff880`00d67000 fffff880`00d96000   SCSIPORT SCSIPORT.SYS Mon Jul 13 20:01:04 2009 (4A5BCAC0)
    fffff880`07f90000 fffff880`07f9b000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
    fffff880`017b8000 fffff880`017c0000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
    fffff880`00ebf000 fffff880`00fe5000   spnj     spnj.sys     Sun Oct 11 16:55:14 2009 (4AD24632)
    fffff880`0a0a6000 fffff880`0a13c000   srv      srv.sys      Thu Aug 26 23:38:00 2010 (4C773318)
    fffff880`0a03f000 fffff880`0a0a6000   srv2     srv2.sys     Thu Aug 26 23:37:46 2010 (4C77330A)
    fffff880`07f9b000 fffff880`07fc8000   srvnet   srvnet.sys   Thu Aug 26 23:37:24 2010 (4C7732F4)
    fffff880`05ab1000 fffff880`05b33000   stwrt64  stwrt64.sys  Wed Jun 09 02:12:06 2010 (4C0F30B6)
    fffff880`0480b000 fffff880`0480c480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
    fffff880`04c0d000 fffff880`04d68000   SynTP    SynTP.sys    Fri Sep 10 21:09:32 2010 (4C8AD6CC)
    fffff880`01800000 fffff880`019fd000   tcpip    tcpip.sys    Sun Jun 13 23:39:04 2010 (4C15A458)
    fffff880`07fc8000 fffff880`07fda000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
    fffff880`02ce2000 fffff880`02cef000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
    fffff880`02cc4000 fffff880`02ce2000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
    fffff880`03b07000 fffff880`03b1b000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
    fffff960`00530000 fffff960`0053a000   TSDDD    TSDDD.dll    Mon Jul 13 20:16:34 2009 (4A5BCE62)
    fffff880`03bd1000 fffff880`03bf7000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
    fffff880`04e6f000 fffff880`04e81000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
    fffff880`05b33000 fffff880`05b50000   usbccgp  usbccgp.sys  Mon Jul 13 20:06:45 2009 (4A5BCC15)
    fffff880`04d68000 fffff880`04d69f00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
    fffff880`04bda000 fffff880`04beb000   usbehci  usbehci.sys  Fri Dec 04 02:26:02 2009 (4B18B98A)
    fffff880`04bcd000 fffff880`04bda000   usbfilter usbfilter.sys Tue Dec 22 03:26:22 2009 (4B3082AE)
    fffff880`04eb7000 fffff880`04f11000   usbhub   usbhub.sys   Fri Dec 04 02:26:39 2009 (4B18B9AF)
    fffff880`04b6c000 fffff880`04b77000   usbohci  usbohci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
    fffff880`04b77000 fffff880`04bcd000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
    fffff880`05b5c000 fffff880`05b89200   usbvideo usbvideo.sys Wed Mar 03 23:40:57 2010 (4B8F39D9)
    fffff880`00ded000 fffff880`00dfa000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
    fffff880`00cc0000 fffff880`00cce000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
    fffff880`02c4d000 fffff880`02c72000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
    fffff880`07a7d000 fffff880`07a95000   vmci     vmci.sys     Fri Jan 22 22:33:23 2010 (4B5A6E03)
    fffff880`04800000 fffff880`0480b000   VMkbd    VMkbd.sys    Sat Jan 23 00:04:47 2010 (4B5A836F)
    fffff880`027ae000 fffff880`027b8000   VMNET    VMNET.SYS    Mon Aug 10 08:04:50 2009 (4A800CE2)
    fffff880`0279e000 fffff880`027ae000   vmnetbridge vmnetbridge.sys Mon Aug 10 08:05:58 2009 (4A800D26)
    fffff880`07fda000 fffff880`07fe4000   vmnetuserif vmnetuserif.sys Fri Jan 22 23:26:19 2010 (4B5A7A6B)
    fffff880`07e14000 fffff880`07eea000   vmx86    vmx86.sys    Sat Jan 23 00:50:05 2010 (4B5A8E0D)
    fffff880`01141000 fffff880`01156000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
    fffff880`01156000 fffff880`011b2000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
    fffff880`01578000 fffff880`015c4000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
    fffff880`07fe4000 fffff880`07ff0000   vstor2_ws60 vstor2-ws60.sys Mon Oct 12 17:06:26 2009 (4AD39A52)
    fffff880`04b06000 fffff880`04b13000   vwifibus vwifibus.sys Mon Jul 13 20:07:21 2009 (4A5BCC39)
    fffff880`03ac7000 fffff880`03add000   vwififlt vwififlt.sys Mon Jul 13 20:07:22 2009 (4A5BCC3A)
    fffff880`03aec000 fffff880`03b07000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
    fffff880`02c72000 fffff880`02c82000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
    fffff880`00e0c000 fffff880`00eb0000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
    fffff880`00eb0000 fffff880`00ebf000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
    fffff880`03a98000 fffff880`03aa1000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
    fffff960`000c0000 fffff960`003d0000   win32k   win32k.sys   Tue Oct 19 23:08:46 2010 (4CBE5D3E)
    fffff880`04dd0000 fffff880`04dd9000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:31:02 2009 (4A5BC3B6)
    fffff880`00fe5000 fffff880`00fee000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
    fffff880`03a8d000 fffff880`03a98000   ws2ifsl  ws2ifsl.sys  Mon Jul 13 20:10:33 2009 (4A5BCCF9)
    fffff880`0277d000 fffff880`0279e000   WudfPf   WudfPf.sys   Mon Jul 13 20:05:37 2009 (4A5BCBD1)
    
    Unloaded modules:
    fffff880`0144f000 fffff880`0145d000   crashdmp.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000E000
    fffff880`0145d000 fffff880`01469000   dump_pciidex
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000C000
    fffff880`01469000 fffff880`01474000   dump_msahci.
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000B000
    fffff880`01474000 fffff880`01487000   dump_dumpfve
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00013000
    fffff880`04b13000 fffff880`04b5f000   Rt64win7.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0004C000
    
    
     
  7. Justin4758

    Justin4758 New Member

    Joined:
    Jan 1, 2011
    Messages:
    14
    Likes Received:
    0
    Do you know what causes ntoskrnl.exe cos i tried fixing it if it is corrupt but it doesn't work.
     
  8. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    You can't fix or update ntoskrnl.exe. It's MS kernel file.
     
  9. Justin4758

    Justin4758 New Member

    Joined:
    Jan 1, 2011
    Messages:
    14
    Likes Received:
    0
    Will reinstalling or repairing it fix this error and have u seen what programs cause these crashes
     
  10. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    Uninstall AVG.
    Uninstall Daemon Tools. DT was spotted as the causer in 1 of your crash dumps.
    Update drivers.

    Enjoy.
     
  11. Justin4758

    Justin4758 New Member

    Joined:
    Jan 1, 2011
    Messages:
    14
    Likes Received:
    0
    Yeah i did uninstall AVG and installed MSE and some updates for MSE, but a few hours later when i tried turning it on it said windows could not start and i had to do a system restore back to when i uninstalled AVG...
     
  12. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    Remove DT and update the drivers as in my post on pagr 1 of this thread. Then install MSE again and scan the entire hard drive.
     
  13. Justin4758

    Justin4758 New Member

    Joined:
    Jan 1, 2011
    Messages:
    14
    Likes Received:
    0
    i have but it dont work will reinstalling windows fix the ntoskrnl.exe error? Cos right now i am well annoyed with it and need to ask someone to remotely fix it
     
  14. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    Reinstalling the system may help but not necessarily. Ntoskrnl.exe error pops up because of bad drivers or because of faulty hardware.

    1. Attach your newest crash dumps, I need to see how you're doing.
    2. Uninstall Daemon Tools if you haven't
     

Share This Page

Loading...