Random restarts and drivers at fault

#1
HI

I have been having a lot of random restarts (bluescreen) about 2 days ago, i tried system restore which didnt work and doesnt crash in safe mode but using bluescreen view it seems that the a4sodqz9.sys and ntoskrnl.exe are at most of the fault with win32k.sys and ataport.sys causing some of the crashes.

Do i have to replace these drivers or what. This is so annoying, and Crossfire has also stopped working as well which was partially due to system restore i think.

HELP MUCH APPRECIAtED
 


#3
CPUZ1.png CPUZ2.png
 


#4





Memory is set right.

Attach the .dmp's from C:\Windows\Minidump.
 


#5
Here are the minidump files
 


Attachments

#6




1. Uninstall AVG and replace it with MSE:

AVG - Download tools

http://www.microsoft.com/security_essentials/



2. Update drivers:


dvmio.sys Tue Nov 10 23:38:32 2009
devicevm/splashtop software

vstor2-ws60.sys Mon Oct 12 17:06:26 2009
VMware




3. If it keeps crashing after you uninstall AVG and update drivers, run memtest 10 passes overnight:

Memtest86+ - Advanced Memory Diagnostic Tool





Crash Dumps:

Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\a\Minidump\D M P\DMP\010111-27222-01-dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c56000 PsLoadedModuleList = 0xfffff800`02e93e50
Debug session time: Sat Jan  1 11:24:14.770 2011 (UTC - 5:00)
System Uptime: 0 days 0:03:52.440
Loading Kernel Symbols
...............................................................
................................................................
.......................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 0, fffff80002ce62b3}

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002ce62b3, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efe0e0
 0000000000000000 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!IopCompleteRequest+ae3
fffff800`02ce62b3 488b09          mov     rcx,qword ptr [rcx]

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  mscorsvw.exe

IRP_ADDRESS:  ffffffffffffff89

TRAP_FRAME:  fffff8800b1f5410 -- (.trap 0xfffff8800b1f5410)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800b1f5728 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ce62b3 rsp=fffff8800b1f55a0 rbp=fffff8800b1f56f0
 r8=fffffa8004e54720  r9=fffff8800b1f56a0 r10=0000000000000002
r11=fffffa8004ca23d0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac po cy
nt!IopCompleteRequest+0xae3:
fffff800`02ce62b3 488b09          mov     rcx,qword ptr [rcx] ds:0001:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002cc5ca9 to fffff80002cc6740

STACK_TEXT:  
fffff880`0b1f52c8 fffff800`02cc5ca9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0b1f52d0 fffff800`02cc4920 : fffffa80`045e38e0 fffffa80`0373fee0 fffff880`00e161a0 00000000`00000002 : nt!KiBugCheckDispatch+0x69
fffff880`0b1f5410 fffff800`02ce62b3 : fffff880`009e8180 fffffa80`055fcb60 00000000`00000001 00000000`00000017 : nt!KiPageFault+0x260
fffff880`0b1f55a0 fffff800`02ca30c7 : 00000000`00000001 fffff880`0b1f5770 fffffa80`0448ee00 00000000`00000000 : nt!IopCompleteRequest+0xae3
fffff880`0b1f5670 fffff800`02ca3487 : fffff6fc`400311f8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`0b1f56f0 fffff800`02ce7fe7 : 00000000`00000000 00000000`00000000 fffffa80`05b8ca70 fffffa80`05b8c9a0 : nt!KiApcInterrupt+0xd7
fffff880`0b1f5880 fffff800`02cc8ae8 : 00000000`0000008b 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmUnlockPages+0x107
fffff880`0b1f5910 fffffa80`046e58fc : 00000000`00000000 00000000`00000000 fffffa80`05b8ca70 00000000`00000000 : nt!IopfCompleteRequest+0x168
fffff880`0b1f59f0 00000000`00000000 : 00000000`00000000 fffffa80`05b8ca70 00000000`00000000 fffff6fb`7dbed000 : 0xfffffa80`046e58fc


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiPageFault+260
fffff800`02cc4920 440f20c0        mov     rax,cr8

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiPageFault+260

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9

FAILURE_BUCKET_ID:  X64_0xA_nt!KiPageFault+260

BUCKET_ID:  X64_0xA_nt!KiPageFault+260

Followup: MachineOwner
---------


















Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\a\Minidump\D M P\DMP\010111-31949-01-dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Mini Kernel Dump does not have process information
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c58000 PsLoadedModuleList = 0xfffff800`02e95e50
Debug session time: Fri Dec 31 19:41:49.846 2010 (UTC - 5:00)
System Uptime: 0 days 0:01:46.516
Loading Kernel Symbols
....................................................
Loading User Symbols
Missing image name, possible paged-out or corrupt data.
Loading unloaded module list
.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 7F, {8, 80050033, 6f8, fffff80002ca50d2}

Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050033
Arg3: 00000000000006f8
Arg4: fffff80002ca50d2

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_8

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  1

LAST_CONTROL_TRANSFER:  from fffff80002cc7ca9 to fffff80002cc8740

STACK_TEXT:  
fffff880`009eec68 fffff800`02cc7ca9 : 00000000`0000007f 00000000`00000008 00000000`80050033 00000000`000006f8 : nt!KeBugCheckEx
fffff880`009eec70 fffff800`02cc6172 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009eedb0 fffff800`02ca50d2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff87f`fffffff0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1e2


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiDoubleFaultAbort+b2
fffff800`02cc6172 90              nop

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiDoubleFaultAbort+b2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9

FAILURE_BUCKET_ID:  X64_0x7f_8_nt!KiDoubleFaultAbort+b2

BUCKET_ID:  X64_0x7f_8_nt!KiDoubleFaultAbort+b2

Followup: MachineOwner
---------












Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\a\Minidump\D M P\DMP\010111-37643-01-dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c15000 PsLoadedModuleList = 0xfffff800`02e52e50
Debug session time: Sat Jan  1 11:01:54.082 2011 (UTC - 5:00)
System Uptime: 0 days 0:06:23.643
Loading Kernel Symbols
...............................................................
................................................................
........................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {fffff8800aaf7738, 2, 1, fffff8800118b074}

Unable to load image \SystemRoot\System32\Drivers\sptd.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
Probably caused by : ataport.SYS ( ataport!memmove+64 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff8800aaf7738, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8800118b074, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ebd0e0
 fffff8800aaf7738 

CURRENT_IRQL:  2

FAULTING_IP: 
ataport!memmove+64
fffff880`0118b074 488901          mov     qword ptr [rcx],rax

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff88002f22ad0 -- (.trap 0xfffff88002f22ad0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8800aaf7738
rdx=000001fff9bca988 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800118b074 rsp=fffff88002f22c68 rbp=fffffa80046c37d0
 r8=0000000000000012  r9=0000000000000002 r10=fffffa800469b610
r11=fffff8800aaf7738 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac pe nc
ataport!memmove+0x64:
fffff880`0118b074 488901          mov     qword ptr [rcx],rax ds:18d0:fffff880`0aaf7738=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002c84ca9 to fffff80002c85740

STACK_TEXT:  
fffff880`02f22988 fffff800`02c84ca9 : 00000000`0000000a fffff880`0aaf7738 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`02f22990 fffff800`02c83920 : fffffa80`05ed18d0 00000000`00000002 fffffa80`0469a1a0 00000000`00000001 : nt!KiBugCheckDispatch+0x69
fffff880`02f22ad0 fffff880`0118b074 : fffff880`011844a5 00000000`00000001 fffff880`03d231c6 fffff880`02f22cb4 : nt!KiPageFault+0x260
fffff880`02f22c68 fffff880`011844a5 : 00000000`00000001 fffff880`03d231c6 fffff880`02f22cb4 fffffa80`05eae3d0 : ataport!memmove+0x64
fffff880`02f22c70 fffff880`011840ec : fffffa80`0469a1a0 00000000`00000000 fffffa80`0469a1a0 fffffa80`04281980 : ataport!IdeProcessCompletedRequests+0x18d
fffff880`02f22da0 fffff880`00ef54ce : fffffa80`043c7000 fffff880`02f22e88 fffffa80`0469a050 fffffa80`043c7750 : ataport!IdePortCompletionDpc+0x1a8
fffff880`02f22e60 fffffa80`043c7000 : fffff880`02f22e88 fffffa80`0469a050 fffffa80`043c7750 fffffa80`036a8d00 : sptd+0x424ce
fffff880`02f22e68 fffff880`02f22e88 : fffffa80`0469a050 fffffa80`043c7750 fffffa80`036a8d00 01cba9cd`357ae2b2 : 0xfffffa80`043c7000
fffff880`02f22e70 fffffa80`0469a050 : fffffa80`043c7750 fffffa80`036a8d00 01cba9cd`357ae2b2 00000000`00002cea : 0xfffff880`02f22e88
fffff880`02f22e78 fffffa80`043c7750 : fffffa80`036a8d00 01cba9cd`357ae2b2 00000000`00002cea 00000000`00000022 : 0xfffffa80`0469a050
fffff880`02f22e80 fffffa80`036a8d00 : 01cba9cd`357ae2b2 00000000`00002cea 00000000`00000022 00000000`00000000 : 0xfffffa80`043c7750
fffff880`02f22e88 01cba9cd`357ae2b2 : 00000000`00002cea 00000000`00000022 00000000`00000000 00000000`00000000 : 0xfffffa80`036a8d00
fffff880`02f22e90 00000000`00002cea : 00000000`00000022 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1cba9cd`357ae2b2
fffff880`02f22e98 00000000`00000022 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0469a118 : 0x2cea
fffff880`02f22ea0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`0469a118 fffffa80`0469a050 : 0x22


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ataport!memmove+64
fffff880`0118b074 488901          mov     qword ptr [rcx],rax

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  ataport!memmove+64

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ataport

IMAGE_NAME:  ataport.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc118

FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64

BUCKET_ID:  X64_0xD1_ataport!memmove+64

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff8800aaf7738, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8800118b074, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS:  fffff8800aaf7738 

CURRENT_IRQL:  2

FAULTING_IP: 
ataport!memmove+64
fffff880`0118b074 488901          mov     qword ptr [rcx],rax

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff88002f22ad0 -- (.trap 0xfffff88002f22ad0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8800aaf7738
rdx=000001fff9bca988 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800118b074 rsp=fffff88002f22c68 rbp=fffffa80046c37d0
 r8=0000000000000012  r9=0000000000000002 r10=fffffa800469b610
r11=fffff8800aaf7738 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac pe nc
ataport!memmove+0x64:
fffff880`0118b074 488901          mov     qword ptr [rcx],rax ds:18d0:fffff880`0aaf7738=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002c84ca9 to fffff80002c85740

STACK_TEXT:  
fffff880`02f22988 fffff800`02c84ca9 : 00000000`0000000a fffff880`0aaf7738 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`02f22990 fffff800`02c83920 : fffffa80`05ed18d0 00000000`00000002 fffffa80`0469a1a0 00000000`00000001 : nt!KiBugCheckDispatch+0x69
fffff880`02f22ad0 fffff880`0118b074 : fffff880`011844a5 00000000`00000001 fffff880`03d231c6 fffff880`02f22cb4 : nt!KiPageFault+0x260
fffff880`02f22c68 fffff880`011844a5 : 00000000`00000001 fffff880`03d231c6 fffff880`02f22cb4 fffffa80`05eae3d0 : ataport!memmove+0x64
fffff880`02f22c70 fffff880`011840ec : fffffa80`0469a1a0 00000000`00000000 fffffa80`0469a1a0 fffffa80`04281980 : ataport!IdeProcessCompletedRequests+0x18d
fffff880`02f22da0 fffff880`00ef54ce : fffffa80`043c7000 fffff880`02f22e88 fffffa80`0469a050 fffffa80`043c7750 : ataport!IdePortCompletionDpc+0x1a8
fffff880`02f22e60 fffffa80`043c7000 : fffff880`02f22e88 fffffa80`0469a050 fffffa80`043c7750 fffffa80`036a8d00 : sptd+0x424ce
fffff880`02f22e68 fffff880`02f22e88 : fffffa80`0469a050 fffffa80`043c7750 fffffa80`036a8d00 01cba9cd`357ae2b2 : 0xfffffa80`043c7000
fffff880`02f22e70 fffffa80`0469a050 : fffffa80`043c7750 fffffa80`036a8d00 01cba9cd`357ae2b2 00000000`00002cea : 0xfffff880`02f22e88
fffff880`02f22e78 fffffa80`043c7750 : fffffa80`036a8d00 01cba9cd`357ae2b2 00000000`00002cea 00000000`00000022 : 0xfffffa80`0469a050
fffff880`02f22e80 fffffa80`036a8d00 : 01cba9cd`357ae2b2 00000000`00002cea 00000000`00000022 00000000`00000000 : 0xfffffa80`043c7750
fffff880`02f22e88 01cba9cd`357ae2b2 : 00000000`00002cea 00000000`00000022 00000000`00000000 00000000`00000000 : 0xfffffa80`036a8d00
fffff880`02f22e90 00000000`00002cea : 00000000`00000022 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1cba9cd`357ae2b2
fffff880`02f22e98 00000000`00000022 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0469a118 : 0x2cea
fffff880`02f22ea0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`0469a118 fffffa80`0469a050 : 0x22


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ataport!memmove+64
fffff880`0118b074 488901          mov     qword ptr [rcx],rax

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  ataport!memmove+64

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ataport

IMAGE_NAME:  ataport.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc118

FAILURE_BUCKET_ID:  X64_0xD1_ataport!memmove+64

BUCKET_ID:  X64_0xD1_ataport!memmove+64

Followup: MachineOwner
---------
































Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\a\Minidump\D M P\DMP\123110-40544-01-dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c11000 PsLoadedModuleList = 0xfffff800`02e4ee50
Debug session time: Fri Dec 31 18:49:15.138 2010 (UTC - 5:00)
System Uptime: 0 days 0:01:20.683
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff80002c85cd8, 0, ffffffffffffffff}

Probably caused by : msrpc.sys ( msrpc!RpcpDuplicateTokenEx+6b )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002c85cd8, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!KiTryUnwaitThread+28
fffff800`02c85cd8 f0480fba6b4000  lock bts qword ptr [rbx+40h],0

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb90e0
 ffffffffffffffff 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

BUGCHECK_STR:  0x1E_c0000005

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  WerFault.exe

CURRENT_IRQL:  2

EXCEPTION_RECORD:  fffff8800a5aaa28 -- (.exr 0xfffff8800a5aaa28)
ExceptionAddress: fffff80002c85cd8 (nt!KiTryUnwaitThread+0x0000000000000028)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

TRAP_FRAME:  fffff8800a5aaad0 -- (.trap 0xfffff8800a5aaad0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800a5ab428 rbx=0000000000000000 rcx=fffff80002dfbe80
rdx=fffff80002db5401 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c85cd8 rsp=fffff8800a5aac60 rbp=fffff8800a5aae10
 r8=0000000000000100  r9=0000000000000000 r10=0000000000000002
r11=fffffa8006072810 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!KiTryUnwaitThread+0x28:
fffff800`02c85cd8 f0480fba6b4000  lock bts qword ptr [rbx+40h],0 ds:adc0:00000000`00000040=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002cbba39 to fffff80002c81740

STACK_TEXT:  
fffff880`0a5aa258 fffff800`02cbba39 : 00000000`0000001e ffffffff`c0000005 fffff800`02c85cd8 00000000`00000000 : nt!KeBugCheckEx
fffff880`0a5aa260 fffff800`02c80d82 : fffff880`0a5aaa28 0000c824`ac894800 fffff880`0a5aaad0 00000000`00000000 : nt!KiDispatchException+0x1b9
fffff880`0a5aa8f0 fffff800`02c7f68a : 00000000`00000000 fffff8a0`042e72a8 fffff880`0a5aaf88 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`0a5aaad0 fffff800`02c85cd8 : fffff8a0`042e6e3c fffff8a0`042e6e58 fffff8a0`042e6e68 fffff8a0`042d5000 : nt!KiGeneralProtectionFault+0x10a
fffff880`0a5aac60 fffff800`02cfcf74 : fffffa80`06cfd960 fffff880`0a5aae10 00000000`00000000 00000000`00000000 : nt!KiTryUnwaitThread+0x28
fffff880`0a5aacc0 fffff800`02c5e0c7 : 00103cb2`3d830000 fffff8a0`040d6ed0 00000000`00000000 fffff800`00000000 : nt! ?? ::FNODOBFM::`string'+0x3ca30
fffff880`0a5aad90 fffff800`02c5e487 : fffff880`0a5ab110 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`0a5aae10 fffff800`02f79541 : fffff8a0`040d6f80 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiApcInterrupt+0xd7
fffff880`0a5aafa0 fffff800`02f723d1 : fffff8a0`00000000 fffff8a0`042d5060 00000000`00000000 00000000`00000000 : nt!ObpCreateHandle+0xb1
fffff880`0a5ab0b0 fffff800`02f28db3 : 00000000`0000000e fffff880`0a5ab6c0 00000000`ffffff00 fffff800`02dfbe00 : nt!ObInsertObjectEx+0x291
fffff880`0a5ab2f0 fffff800`02c80993 : fffffa80`06dc7600 fffff880`0a5ab5b8 fffff880`0a5ab3a8 fffff8a0`042ea8f0 : nt!NtDuplicateToken+0x17b
fffff880`0a5ab390 fffff800`02c7cf30 : fffff880`010aa8cb 00000000`00000001 fffff880`010ac1f6 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
fffff880`0a5ab598 fffff880`010aa8cb : 00000000`00000001 fffff880`010ac1f6 00000000`00000000 fffff8a0`00000000 : nt!KiServiceLinkage
fffff880`0a5ab5a0 fffff880`010ab0bf : fffffa80`06dc7600 fffff8a0`03e0d300 00000000`00000001 fffffa80`cd637052 : msrpc!RpcpDuplicateTokenEx+0x6b
fffff880`0a5ab620 fffff880`010ab37b : fffff8a0`042ea8f0 00000000`00000000 fffff8a0`042ea8f0 fffff8a0`03e0d300 : msrpc!LRPC_BASE_BINDING_HANDLE::BaseBindingCopy+0x1bf
fffff880`0a5ab760 fffff880`010ae9d2 : fffff8a0`03e0d300 fffff8a0`03e0d300 00000000`00000001 00000000`00000058 : msrpc!LRPC_FAST_BINDING_HANDLE::BindingCopy+0x8b
fffff880`0a5ab790 fffff960`003b54f3 : fffff8a0`0416ef00 fffff900`c2920900 00000000`00000001 00000000`000007ff : msrpc!RpcBindingCopy+0x42
fffff880`0a5ab7c0 fffff960`001324b1 : fffff900`c2920900 00000000`00000000 fffffa80`06dc3b30 00000000`00000000 : win32k!PlaySoundPostMessage+0x77
fffff880`0a5ab820 fffff960`0018d081 : fffff900`c2920900 fffff880`0a5abc20 00000000`00000000 fffff900`c2920900 : win32k!PostPlaySoundMessage+0x25
fffff880`0a5ab850 fffff960`0018421f : fffff900`c2920900 fffff880`0a5abc20 00000000`ffffffff fffffa80`06dc3b30 : win32k!DestroyProcessInfo+0x125
fffff880`0a5ab880 fffff960`0018431a : fffffa80`0541ce00 fffff900`c2920900 00000000`00000000 fffff880`0a5abc20 : win32k!xxxUserProcessCallout+0x15f
fffff880`0a5ab8d0 fffff800`02f66a01 : fffffa80`0541ce60 00000000`00000000 00000000`00000000 fffffa80`06dc7600 : win32k!W32pProcessCallout+0x4e
fffff880`0a5ab900 fffff800`02f3f635 : 00000000`00000000 fffff800`02f80101 fffffa80`78457300 00000000`00000000 : nt!PspExitThread+0x561
fffff880`0a5ab9c0 fffff800`02c5e1db : fffffa80`06c3d001 fffffa80`06cbf010 00000000`00000000 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffff880`0a5ab9f0 fffff800`02c5e620 : 00000000`00386d10 fffff880`0a5aba70 fffff800`02f3f74c 00000000`00000001 : nt!KiDeliverApc+0x2eb
fffff880`0a5aba70 fffff800`02c80a37 : 00000000`00000000 00000000`76fa72a0 00000000`00001f80 fffff880`0a5abc20 : nt!KiInitiateUserApc+0x70
fffff880`0a5abbb0 00000000`76ee008a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`01e5f418 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76ee008a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
msrpc!RpcpDuplicateTokenEx+6b
fffff880`010aa8cb 85c0            test    eax,eax

SYMBOL_STACK_INDEX:  d

SYMBOL_NAME:  msrpc!RpcpDuplicateTokenEx+6b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: msrpc

IMAGE_NAME:  msrpc.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc17c

FAILURE_BUCKET_ID:  X64_0x1E_c0000005_msrpc!RpcpDuplicateTokenEx+6b

BUCKET_ID:  X64_0x1E_c0000005_msrpc!RpcpDuplicateTokenEx+6b

Followup: MachineOwner
---------



Drivers:

Code:
start             end                 module name
fffff880`04d79000 fffff880`04dbe000   a4sodqz9 a4sodqz9.SYS Tue Jul 14 17:12:55 2009 (4A5CF4D7)
fffff880`04dbe000 fffff880`04dcb000   Accelerometer Accelerometer.sys Fri Jul 16 11:02:38 2010 (4C40748E)
fffff880`00d96000 fffff880`00ded000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
fffff880`03a03000 fffff880`03a8d000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`04de9000 fffff880`04dff000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`02dcc000 fffff880`02de1000   amdppm   amdppm.sys   Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`0101b000 fffff880`01026000   amdxata  amdxata.sys  Tue May 19 13:56:59 2009 (4A12F2EB)
fffff880`011cc000 fffff880`011d5000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`011d5000 fffff880`011ff000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
fffff880`04f26000 fffff880`04f48000   AtiHdmi  AtiHdmi.sys  Thu Jan 28 20:03:36 2010 (4B6233E8)
fffff880`03c33000 fffff880`043ef000   atikmdag atikmdag.sys Sun Sep 19 21:47:42 2010 (4C96BD3E)
fffff880`02c00000 fffff880`02c4a000   atikmpag atikmpag.sys Sun Sep 19 21:21:01 2010 (4C96B6FD)
fffff880`01447000 fffff880`0144f000   AtiPcie  AtiPcie.sys  Mon Aug 24 04:25:26 2009 (4A924E76)
fffff960`008f0000 fffff960`00951000   ATMFD    ATMFD.DLL    Tue Oct 19 23:05:45 2010 (4CBE5C89)
fffff880`02cb9000 fffff880`02cc4000   avgfwd6a avgfwd6a.sys Tue Oct 06 18:04:57 2009 (4ACBBF09)
fffff880`027cd000 fffff880`027fa000   AVGIDSDriver AVGIDSDriver.sys Tue May 11 20:49:44 2010 (4BE9FB28)
fffff880`0267e000 fffff880`0268a000   AVGIDSFilter AVGIDSFilter.sys Tue May 11 20:48:52 2010 (4BE9FAF4)
fffff880`0143d000 fffff880`01447000   AVGIDSwa AVGIDSwa.sys Tue May 11 20:50:03 2010 (4BE9FB3B)
fffff880`02d85000 fffff880`02dcc000   avgldx64 avgldx64.sys Thu Jun 03 17:06:48 2010 (4C081968)
fffff880`03bc9000 fffff880`03bd0080   avgmfx64 avgmfx64.sys Sun Apr 25 17:06:15 2010 (4BD4AEC7)
fffff880`01430000 fffff880`0143c0c0   avgrkx64 avgrkx64.sys Wed Feb 10 22:52:44 2010 (4B737F0C)
fffff880`02cef000 fffff880`02d40000   avgtdia  avgtdia.sys  Thu Jun 03 17:09:57 2010 (4C081A25)
fffff880`01135000 fffff880`01141000   BATTC    BATTC.SYS    Mon Jul 13 19:31:01 2009 (4A5BC3B5)
fffff880`04817000 fffff880`04b06000   bcmwl664 bcmwl664.sys Mon Mar 22 23:08:39 2010 (4BA830B7)
fffff880`01490000 fffff880`01497000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
fffff880`03bb8000 fffff880`03bc9000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`07b7b000 fffff880`07b99000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
fffff880`05dd9000 fffff880`05de9000   BthEnum  BthEnum.sys  Mon Jul 13 20:06:52 2009 (4A5BCC1C)
fffff880`05bb6000 fffff880`05bd6000   bthpan   bthpan.sys   Mon Jul 13 20:07:00 2009 (4A5BCC24)
fffff880`05d15000 fffff880`05da1000   bthport  bthport.sys  Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`05cfd000 fffff880`05d15000   BTHUSB   BTHUSB.sys   Mon Jul 13 20:06:52 2009 (4A5BCC1C)
fffff880`05c02000 fffff880`05cfd000   btwampfl btwampfl.sys Wed Jan 20 15:55:10 2010 (4B576DAE)
fffff880`02691000 fffff880`02718000   btwaudio btwaudio.sys Wed Jan 20 15:53:46 2010 (4B576D5A)
fffff880`05a00000 fffff880`05a7d000   btwavdt  btwavdt.sys  Wed Jan 13 19:03:59 2010 (4B4E5F6F)
fffff880`02718000 fffff880`02726000   btwl2cap btwl2cap.sys Mon Dec 14 20:11:45 2009 (4B26E251)
fffff880`02726000 fffff880`02729a00   btwrchid btwrchid.sys Wed Jan 13 19:05:35 2010 (4B4E5FCF)
fffff960`007d0000 fffff960`007f7000   cdd      cdd.dll      Wed May 19 15:48:26 2010 (4BF4408A)
fffff880`01200000 fffff880`0122a000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`00c00000 fffff880`00cc0000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
fffff880`04e5d000 fffff880`04e6f000   circlass circlass.sys Mon Jul 13 20:06:34 2009 (4A5BCC0A)
fffff880`01400000 fffff880`01430000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00d09000 fffff880`00d67000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`04dcb000 fffff880`04dcf500   CmBatt   CmBatt.sys   Mon Jul 13 19:31:03 2009 (4A5BC3B7)
fffff880`014a0000 fffff880`01513000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
fffff880`0112c000 fffff880`01135000   compbatt compbatt.sys Mon Jul 13 19:31:02 2009 (4A5BC3B6)
fffff880`04dd9000 fffff880`04de9000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`05da1000 fffff880`05daf000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`03b9a000 fffff880`03bb8000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
fffff880`03b8b000 fffff880`03b9a000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`01625000 fffff880`0163b000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`04f85000 fffff880`04fa7000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
fffff880`05dc6000 fffff880`05dd9000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
fffff880`05dbb000 fffff880`05dc6000   dump_msahci dump_msahci.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`05daf000 fffff880`05dbb000   dump_pciidex dump_pciidex.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`03b83000 fffff880`03b8b000   dvmio    dvmio.sys    Tue Nov 10 23:38:32 2009 (4AFA3FC8)
fffff880`05b50000 fffff880`05b5c000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`04460000 fffff880`04554000   dxgkrnl  dxgkrnl.sys  Thu Oct 01 21:00:14 2009 (4AC5509E)
fffff880`04554000 fffff880`0459a000   dxgmms1  dxgmms1.sys  Mon Jul 13 19:38:32 2009 (4A5BC578)
fffff880`04e81000 fffff880`04eb7000   fastfat  fastfat.SYS  Mon Jul 13 19:23:28 2009 (4A5BC1F0)
fffff880`01072000 fffff880`01086000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
fffff880`01026000 fffff880`01072000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
fffff880`01524000 fffff880`0152e000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
fffff880`015c4000 fffff880`015fe000   fvevol   fvevol.sys   Fri Sep 25 22:34:26 2009 (4ABD7DB2)
fffff880`0152e000 fffff880`01578000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
fffff880`04b5f000 fffff880`04b6c000   GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:17:04 2009 (4A1151C0)
fffff800`031ed000 fffff800`03236000   hal      hal.dll      Mon Jul 13 21:27:36 2009 (4A5BDF08)
fffff880`07a71000 fffff880`07a7d000   hcmon    hcmon.sys    Fri Jan 22 23:08:59 2010 (4B5A765B)
fffff880`0459a000 fffff880`045be000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
fffff880`0272a000 fffff880`02743000   HIDCLASS HIDCLASS.SYS Mon Jul 13 20:06:21 2009 (4A5BCBFD)
fffff880`02743000 fffff880`0274b080   HIDPARSE HIDPARSE.SYS Mon Jul 13 20:06:17 2009 (4A5BCBF9)
fffff880`0161b000 fffff880`01625000   hpdskflt hpdskflt.sys Fri Jul 16 11:02:38 2010 (4C40748E)
fffff880`07ab3000 fffff880`07b7b000   HTTP     HTTP.sys     Mon Jul 13 19:22:16 2009 (4A5BC1A8)
fffff880`01612000 fffff880`0161b000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
fffff880`045be000 fffff880`045dc000   i8042prt i8042prt.sys Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`04beb000 fffff880`04bfa000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff800`00b96000 fffff800`00b99000   kdcom    kdcom.dll    Tue Nov 30 09:40:39 2010 (4CF50CE7)
fffff880`04e1a000 fffff880`04e5d000   ks       ks.sys       Wed Mar 03 23:32:25 2010 (4B8F37D9)
fffff880`013da000 fffff880`013f4000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
fffff880`0178d000 fffff880`017b8000   ksecpkg  ksecpkg.sys  Fri Dec 11 01:03:32 2009 (4B21E0B4)
fffff880`04fa7000 fffff880`04fac200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
fffff880`027b8000 fffff880`027cd000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`0275a000 fffff880`0277d000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`00ce8000 fffff880`00cf5000   mcupdate mcupdate.dll Mon Jul 13 21:29:09 2009 (4A5BDF65)
fffff880`0274c000 fffff880`0275a000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
fffff880`04d6a000 fffff880`04d79000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`011b2000 fffff880`011cc000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`07b99000 fffff880`07bb1000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`07bb1000 fffff880`07bde000   mrxsmb   mrxsmb.sys   Sat Feb 27 02:52:19 2010 (4B88CF33)
fffff880`07a00000 fffff880`07a4e000   mrxsmb10 mrxsmb10.sys Sat Feb 27 02:52:28 2010 (4B88CF3C)
fffff880`07a4e000 fffff880`07a71000   mrxsmb20 mrxsmb20.sys Sat Feb 27 02:52:26 2010 (4B88CF3A)
fffff880`01000000 fffff880`0100b000   msahci   msahci.sys   Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`02c9d000 fffff880`02ca8000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`00fee000 fffff880`00ff8000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`01086000 fffff880`010e4000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
fffff880`03b78000 fffff880`03b83000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`01600000 fffff880`01612000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`0163b000 fffff880`0172d000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`04c00000 fffff880`04c0c000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`02653000 fffff880`02666000   ndisuio  ndisuio.sys  Mon Jul 13 20:09:25 2009 (4A5BCCB5)
fffff880`04400000 fffff880`0442f000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`04f11000 fffff880`04f26000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
fffff880`03add000 fffff880`03aec000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`02d40000 fffff880`02d85000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
fffff880`0172d000 fffff880`0178d000   NETIO    NETIO.SYS    Mon Jul 13 19:21:46 2009 (4A5BC18A)
fffff880`02ca8000 fffff880`02cb9000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`03b6c000 fffff880`03b78000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff800`02c11000 fffff800`031ed000   nt       ntkrnlmp.exe Sat Jun 19 00:16:41 2010 (4C1C44A9)
fffff880`01237000 fffff880`013da000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
fffff880`01487000 fffff880`01490000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`02600000 fffff880`02653000   nwifi    nwifi.sys    Mon Jul 13 20:07:23 2009 (4A5BCC3B)
fffff880`03aa1000 fffff880`03ac7000   pacer    pacer.sys    Mon Jul 13 20:09:41 2009 (4A5BCCC5)
fffff880`01117000 fffff880`0112c000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`010e4000 fffff880`01117000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`0100b000 fffff880`0101b000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`01513000 fffff880`01524000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`07eea000 fffff880`07f90000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`04f48000 fffff880`04f85000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
fffff880`00cf5000 fffff880`00d09000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`045dc000 fffff880`04600000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`0442f000 fffff880`0444a000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`03c00000 fffff880`03c21000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
fffff880`02de1000 fffff880`02dfb000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`03b1b000 fffff880`03b6c000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
fffff880`02c82000 fffff880`02c8b000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`02c8b000 fffff880`02c94000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`02c94000 fffff880`02c9d000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`017c0000 fffff880`017fa000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
fffff880`05b8a000 fffff880`05bb6000   rfcomm   rfcomm.sys   Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`02666000 fffff880`0267e000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`00d67000 fffff880`00d96000   SCSIPORT SCSIPORT.SYS Mon Jul 13 20:01:04 2009 (4A5BCAC0)
fffff880`07f90000 fffff880`07f9b000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`017b8000 fffff880`017c0000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`00ebf000 fffff880`00fe5000   spnj     spnj.sys     Sun Oct 11 16:55:14 2009 (4AD24632)
fffff880`0a0a6000 fffff880`0a13c000   srv      srv.sys      Thu Aug 26 23:38:00 2010 (4C773318)
fffff880`0a03f000 fffff880`0a0a6000   srv2     srv2.sys     Thu Aug 26 23:37:46 2010 (4C77330A)
fffff880`07f9b000 fffff880`07fc8000   srvnet   srvnet.sys   Thu Aug 26 23:37:24 2010 (4C7732F4)
fffff880`05ab1000 fffff880`05b33000   stwrt64  stwrt64.sys  Wed Jun 09 02:12:06 2010 (4C0F30B6)
fffff880`0480b000 fffff880`0480c480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`04c0d000 fffff880`04d68000   SynTP    SynTP.sys    Fri Sep 10 21:09:32 2010 (4C8AD6CC)
fffff880`01800000 fffff880`019fd000   tcpip    tcpip.sys    Sun Jun 13 23:39:04 2010 (4C15A458)
fffff880`07fc8000 fffff880`07fda000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
fffff880`02ce2000 fffff880`02cef000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
fffff880`02cc4000 fffff880`02ce2000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
fffff880`03b07000 fffff880`03b1b000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
fffff960`00530000 fffff960`0053a000   TSDDD    TSDDD.dll    Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`03bd1000 fffff880`03bf7000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
fffff880`04e6f000 fffff880`04e81000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`05b33000 fffff880`05b50000   usbccgp  usbccgp.sys  Mon Jul 13 20:06:45 2009 (4A5BCC15)
fffff880`04d68000 fffff880`04d69f00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
fffff880`04bda000 fffff880`04beb000   usbehci  usbehci.sys  Fri Dec 04 02:26:02 2009 (4B18B98A)
fffff880`04bcd000 fffff880`04bda000   usbfilter usbfilter.sys Tue Dec 22 03:26:22 2009 (4B3082AE)
fffff880`04eb7000 fffff880`04f11000   usbhub   usbhub.sys   Fri Dec 04 02:26:39 2009 (4B18B9AF)
fffff880`04b6c000 fffff880`04b77000   usbohci  usbohci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`04b77000 fffff880`04bcd000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
fffff880`05b5c000 fffff880`05b89200   usbvideo usbvideo.sys Wed Mar 03 23:40:57 2010 (4B8F39D9)
fffff880`00ded000 fffff880`00dfa000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`00cc0000 fffff880`00cce000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`02c4d000 fffff880`02c72000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`07a7d000 fffff880`07a95000   vmci     vmci.sys     Fri Jan 22 22:33:23 2010 (4B5A6E03)
fffff880`04800000 fffff880`0480b000   VMkbd    VMkbd.sys    Sat Jan 23 00:04:47 2010 (4B5A836F)
fffff880`027ae000 fffff880`027b8000   VMNET    VMNET.SYS    Mon Aug 10 08:04:50 2009 (4A800CE2)
fffff880`0279e000 fffff880`027ae000   vmnetbridge vmnetbridge.sys Mon Aug 10 08:05:58 2009 (4A800D26)
fffff880`07fda000 fffff880`07fe4000   vmnetuserif vmnetuserif.sys Fri Jan 22 23:26:19 2010 (4B5A7A6B)
fffff880`07e14000 fffff880`07eea000   vmx86    vmx86.sys    Sat Jan 23 00:50:05 2010 (4B5A8E0D)
fffff880`01141000 fffff880`01156000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`01156000 fffff880`011b2000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
fffff880`01578000 fffff880`015c4000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
fffff880`07fe4000 fffff880`07ff0000   vstor2_ws60 vstor2-ws60.sys Mon Oct 12 17:06:26 2009 (4AD39A52)
fffff880`04b06000 fffff880`04b13000   vwifibus vwifibus.sys Mon Jul 13 20:07:21 2009 (4A5BCC39)
fffff880`03ac7000 fffff880`03add000   vwififlt vwififlt.sys Mon Jul 13 20:07:22 2009 (4A5BCC3A)
fffff880`03aec000 fffff880`03b07000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
fffff880`02c72000 fffff880`02c82000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`00e0c000 fffff880`00eb0000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
fffff880`00eb0000 fffff880`00ebf000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`03a98000 fffff880`03aa1000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff960`000c0000 fffff960`003d0000   win32k   win32k.sys   Tue Oct 19 23:08:46 2010 (4CBE5D3E)
fffff880`04dd0000 fffff880`04dd9000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:31:02 2009 (4A5BC3B6)
fffff880`00fe5000 fffff880`00fee000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`03a8d000 fffff880`03a98000   ws2ifsl  ws2ifsl.sys  Mon Jul 13 20:10:33 2009 (4A5BCCF9)
fffff880`0277d000 fffff880`0279e000   WudfPf   WudfPf.sys   Mon Jul 13 20:05:37 2009 (4A5BCBD1)

Unloaded modules:
fffff880`0144f000 fffff880`0145d000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`0145d000 fffff880`01469000   dump_pciidex
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff880`01469000 fffff880`01474000   dump_msahci.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
fffff880`01474000 fffff880`01487000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
fffff880`04b13000 fffff880`04b5f000   Rt64win7.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0004C000
 


#7
Do you know what causes ntoskrnl.exe cos i tried fixing it if it is corrupt but it doesn't work.
 


#8
You can't fix or update ntoskrnl.exe. It's MS kernel file.
 


#9
Will reinstalling or repairing it fix this error and have u seen what programs cause these crashes
 


#10
Uninstall AVG.
Uninstall Daemon Tools. DT was spotted as the causer in 1 of your crash dumps.
Update drivers.

Enjoy.
 


#11
Yeah i did uninstall AVG and installed MSE and some updates for MSE, but a few hours later when i tried turning it on it said windows could not start and i had to do a system restore back to when i uninstalled AVG...
 


#12
Remove DT and update the drivers as in my post on pagr 1 of this thread. Then install MSE again and scan the entire hard drive.
 


#13
i have but it dont work will reinstalling windows fix the ntoskrnl.exe error? Cos right now i am well annoyed with it and need to ask someone to remotely fix it
 


#14
Reinstalling the system may help but not necessarily. Ntoskrnl.exe error pops up because of bad drivers or because of faulty hardware.

1. Attach your newest crash dumps, I need to see how you're doing.
2. Uninstall Daemon Tools if you haven't
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top