System Crash

#1
Recently after downloading some apps my system won't bootup properly it does go through the normal process but when it gets to the desktop and is loading it will crash and do the blue screen thing with a system dump, so I thought I would do a restore but it wouldn't allow that because there is no System Protection Icon showing in the System Window. I checked the system 32 folder and the file is there. Any idea of how I can restore the System Protection Icon?

Thanks, Bob
 


#2
I neglected to add that I can boot into safe mode ok.
 


Trouble

Noob Whisperer
#3
Please, for future reference, do not post threads that ask for support in the Discussion forum as that is not a help and support forum. Since your post involves a crash plus blue screen, I have moved it here in hopes of getting your request more appropriate attention.
Please read and do your best to comply with the following three sticky threads in the root of the BSOD forum.
http://windows7forums.com/blue-scre...mportant-every-thread-starter-please-see.html
http://windows7forums.com/blue-screen-death-bsod/55603-sf-diagnostic-tool.html (be sure and right click the executeable and choose run as administrator)
http://windows7forums.com/blue-screen-death-bsod/38837-how-ask-help-bsod-problem.html
accumulate the requisite information in a folder of your choice on your computer, zip up the folder and attach it to your next post.
As far as a system restore goes, you might have some luck booting from the install media and choosing the Repair option from there. But if you do not have any restore points accumulated then you will need to resolve the current issue before repairing the missing System Restore Utility will help.
 


#4
@Bobcoop103, in case you're still out of clue or perhaps can't get the SF tool to work, copy out your crash dumps from C:\Windows\Minidump, zip them and attach. You can do this in safe mode.
 


#5
I installed win 7 on another HDD and I still have access to the one with the problems and that is how I am able to post on this forum.
I did enter safe mode with command prompt and typed rstrui.exe but all that did was to get me in system restore which I had no problem entering before the problem is that System protection is turned off and when I go into the system screen there is no icon for system protection the only icons are device manager, remote settings and advanced system settings, so before I can do a system restore I need to get system protection enabled so how do I do that?
 


#6
Are you getting blue screens in safe mode too? In case you do that means hardware.

If safe mode is Ok, in the command prompt type:

chkdsk /f

sfc /scannow


Attach the crash files from Windows/Minidump.
 


#7
I have uploaded the minidump files
 


Attachments

#8
Man you're kidding??

@Bobcoop103, in case you're still out of clue or perhaps can't get the SF tool to work, copy out your crash dumps from C:\Windows\Minidump, zip them and attach. You can do this in safe mode.
You were supposed to attach the crash files with the .dmp extensions.

Good luck.
 


#9
Hope this works, the attaching process is a little confusing to me.
 


Attachments

#10
1. Update drivers:

nForce
nvm62x32.sys Fri Oct 17 17:00:39 2008

Creative
P17.sys Thu Oct 15 22:11:53 2009

ASUS ATK0110 ACPI Utility
ASACPI.sys Thu Aug 12 22:52:52 2004




2. Uninstall SUPERAntiSpyware



3. If crashes resume after following the above steps 1-2, attach:

a) latest crash dumps
b) CPU-Z screenshot of memory and CPU tabs
c) Passmark Rammon HTML report



CRASH DUMPS

Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\DMP\041411-24148-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0x82c4c000 PsLoadedModuleList = 0x82d96850
Debug session time: Thu Apr 14 16:43:04.445 2011 (UTC - 4:00)
System Uptime: 0 days 0:01:48.162
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 82e79f3e, 8cd1b864, 0}

Probably caused by : ntkrpamp.exe ( nt!ExpAllocateHandleTableEntry+1f )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 82e79f3e, The address that the exception occurred at
Arg3: 8cd1b864, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!ExpAllocateHandleTableEntry+1f
82e79f3e f00fba2800      lock bts dword ptr [eax],0

TRAP_FRAME:  8cd1b864 -- (.trap 0xffffffff8cd1b864)
ErrCode = 00000002
eax=0000000c ebx=00000000 ecx=0000000c edx=000f001f esi=00000000 edi=856f7020
eip=82e79f3e esp=8cd1b8d8 ebp=8cd1b8e8 iopl=0         nv up ei ng nz ac pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010296
nt!ExpAllocateHandleTableEntry+0x1f:
82e79f3e f00fba2800      lock bts dword ptr [eax],0   ds:0023:0000000c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  iPodService.ex

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 82e8ddf3 to 82e79f3e

STACK_TEXT:  
8cd1b8e8 82e8ddf3 8cd1b908 8cd1b950 a322b988 nt!ExpAllocateHandleTableEntry+0x1f
8cd1b900 82e70c28 00000000 8cd1b950 a322b9a0 nt!ExCreateHandle+0x1a
8cd1b958 82e7123e 00000000 a322b9a0 000f001f nt!ObpCreateHandle+0x2a8
8cd1bafc 82e71165 00000000 000f001f 00000000 nt!ObInsertObjectEx+0xd0
8cd1bb18 82e7110a a322b9a0 00000000 000f001f nt!ObInsertObject+0x1e
8cd1bb84 82c8a1ea 8cd1bc98 000f001f 00000000 nt!NtCreateSection+0x1df
8cd1bb84 82c87df5 8cd1bc98 000f001f 00000000 nt!KiFastCallEntry+0x12a
8cd1bd00 82cc9aab 800004f8 00000000 856f7020 nt!ZwCreateSection+0x11
8cd1bd50 82e55f5e 00000001 a640c7f1 00000000 nt!ExpWorkerThread+0x10d
8cd1bd90 82cfd219 82cc999e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExpAllocateHandleTableEntry+1f
82e79f3e f00fba2800      lock bts dword ptr [eax],0

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!ExpAllocateHandleTableEntry+1f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09

FAILURE_BUCKET_ID:  0x8E_nt!ExpAllocateHandleTableEntry+1f

BUCKET_ID:  0x8E_nt!ExpAllocateHandleTableEntry+1f

Followup: MachineOwner
---------



Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\DMP\041411-24180-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0x82c14000 PsLoadedModuleList = 0x82d5e850
Debug session time: Thu Apr 14 15:46:08.894 2011 (UTC - 4:00)
System Uptime: 0 days 0:02:08.736
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {d, 0, 0, 0}

Probably caused by : ntkrpamp.exe ( nt!KiSwapProcess+7a )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR:  0x7f_d

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from 82c979a4 to 82c8bdee

STACK_TEXT:  
8cd1bbf0 82c979a4 87fae018 85661b98 856f7080 nt!KiSwapProcess+0x7a
8cd1bc0c 82cafe70 00000000 00000000 856f7190 nt!KiAttachProcess+0xd1
8cd1bc50 82c5063d badb0d00 8cd1bcc8 8c00bc88 nt!KeStackAttachProcess+0xbe
8cd1bd00 82c91aab 80000760 00000000 856f7020 nt!ZwOpenProcess+0x11
8cd1bd50 82e1df5e 00000001 a642d304 00000000 nt!ExpWorkerThread+0x10d
8cd1bd90 82cc5219 82c9199e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSwapProcess+7a
82c8bdee 0f00d0          lldt    ax

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!KiSwapProcess+7a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09

FAILURE_BUCKET_ID:  0x7f_d_nt!KiSwapProcess+7a

BUCKET_ID:  0x7f_d_nt!KiSwapProcess+7a

Followup: MachineOwner
---------



Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\DMP\041411-24164-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0x82c07000 PsLoadedModuleList = 0x82d51850
Debug session time: Thu Apr 14 16:36:58.809 2011 (UTC - 4:00)
System Uptime: 0 days 0:01:26.526
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 82e34f3e, 8cd13864, 0}

Probably caused by : ntkrpamp.exe ( nt!ExpAllocateHandleTableEntry+1f )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 82e34f3e, The address that the exception occurred at
Arg3: 8cd13864, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!ExpAllocateHandleTableEntry+1f
82e34f3e f00fba2800      lock bts dword ptr [eax],0

TRAP_FRAME:  8cd13864 -- (.trap 0xffffffff8cd13864)
ErrCode = 00000002
eax=0000000c ebx=00000000 ecx=0000000c edx=000f001f esi=00000000 edi=856f8798
eip=82e34f3e esp=8cd138d8 ebp=8cd138e8 iopl=0         nv up ei ng nz ac pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010296
nt!ExpAllocateHandleTableEntry+0x1f:
82e34f3e f00fba2800      lock bts dword ptr [eax],0   ds:0023:0000000c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  msseces.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 82e48df3 to 82e34f3e

STACK_TEXT:  
8cd138e8 82e48df3 8cd13908 8cd13950 a804a268 nt!ExpAllocateHandleTableEntry+0x1f
8cd13900 82e2bc28 00000000 8cd13950 a804a280 nt!ExCreateHandle+0x1a
8cd13958 82e2c23e 00000000 a804a280 000f001f nt!ObpCreateHandle+0x2a8
8cd13afc 82e2c165 00000000 000f001f 00000000 nt!ObInsertObjectEx+0xd0
8cd13b18 82e2c10a a804a280 00000000 000f001f nt!ObInsertObject+0x1e
8cd13b84 82c451ea 8cd13c98 000f001f 00000000 nt!NtCreateSection+0x1df
8cd13b84 82c42df5 8cd13c98 000f001f 00000000 nt!KiFastCallEntry+0x12a
8cd13d00 82c84aab 800008a4 00000000 856f8798 nt!ZwCreateSection+0x11
8cd13d50 82e10f5e 00000001 a6492c12 00000000 nt!ExpWorkerThread+0x10d
8cd13d90 82cb8219 82c8499e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExpAllocateHandleTableEntry+1f
82e34f3e f00fba2800      lock bts dword ptr [eax],0

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!ExpAllocateHandleTableEntry+1f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09

FAILURE_BUCKET_ID:  0x8E_nt!ExpAllocateHandleTableEntry+1f

BUCKET_ID:  0x8E_nt!ExpAllocateHandleTableEntry+1f

Followup: MachineOwner
---------



Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\DMP\041411-24273-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0x82c00000 PsLoadedModuleList = 0x82d4a850
Debug session time: Thu Apr 14 15:52:17.043 2011 (UTC - 4:00)
System Uptime: 0 days 0:01:36.760
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {c0000005, 82ca1cbd, 8cd17b50, 8cd17730}

Probably caused by : ntkrpamp.exe ( nt!RtlImageNtHeaderEx+4a )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 82ca1cbd, The address that the exception occurred at
Arg3: 8cd17b50, Exception Record Address
Arg4: 8cd17730, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!RtlImageNtHeaderEx+4a
82ca1cbd 663902          cmp     word ptr [edx],ax

EXCEPTION_RECORD:  8cd17b50 -- (.exr 0xffffffff8cd17b50)
ExceptionAddress: 82ca1cbd (nt!RtlImageNtHeaderEx+0x0000004a)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 7ffa0000
Attempt to read from address 7ffa0000

CONTEXT:  8cd17730 -- (.cxr 0xffffffff8cd17730)
eax=00005a4d ebx=87f209dc ecx=00000000 edx=7ffa0000 esi=00000000 edi=8cd17c2c
eip=82ca1cbd esp=8cd17c18 ebp=8cd17c18 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!RtlImageNtHeaderEx+0x4a:
82ca1cbd 663902          cmp     word ptr [edx],ax        ds:0023:7ffa0000=????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  msseces.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  7ffa0000

READ_ADDRESS: GetPointerFromAddress: unable to read from 82d6a718
Unable to read MiSystemVaType memory at 82d4a1a0
 7ffa0000 

FOLLOWUP_IP: 
nt!RtlImageNtHeaderEx+4a
82ca1cbd 663902          cmp     word ptr [edx],ax

BUGCHECK_STR:  0x7E

LAST_CONTROL_TRANSFER:  from 82ca8a54 to 82ca1cbd

STACK_TEXT:  
8cd17c18 82ca8a54 00000000 00000000 87f209a8 nt!RtlImageNtHeaderEx+0x4a
8cd17c50 82c3c63d 00000000 8cd17cc8 00000018 nt!RtlImageNtHeader+0x1a
8cd17d00 82c7daab 80000890 00000000 856f84c0 nt!ZwOpenProcess+0x11
8cd17d50 82e09f5e 00000001 a64eb7e2 00000000 nt!ExpWorkerThread+0x10d
8cd17d90 82cb1219 82c7d99e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!RtlImageNtHeaderEx+4a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09

STACK_COMMAND:  .cxr 0xffffffff8cd17730 ; kb

FAILURE_BUCKET_ID:  0x7E_nt!RtlImageNtHeaderEx+4a

BUCKET_ID:  0x7E_nt!RtlImageNtHeaderEx+4a

Followup: MachineOwner
---------




DRIVERS

Code:
start    end        module name
83422000 8346a000   ACPI     ACPI.sys     Sat Nov 20 03:37:52 2010 (4CE788E0)
910f4000 9114e000   afd      afd.sys      Sat Nov 20 03:40:00 2010 (4CE78960)
835e9000 835f5e80   AFS      AFS.sys      Thu Apr 17 12:23:07 2003 (3E9ED4EB)
997e6000 997f8000   AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
9136f000 91381000   amdk8    amdk8.sys    Mon Jul 13 19:11:03 2009 (4A5BBF07)
835e0000 835e9000   amdxata  amdxata.sys  Fri Mar 19 12:19:01 2010 (4BA3A3F5)
913a4000 913a5420   ASACPI   ASACPI.sys   Thu Aug 12 22:52:52 2004 (411C2D04)
83547000 83550000   atapi    atapi.sys    Mon Jul 13 19:11:15 2009 (4A5BBF13)
83550000 83573000   ataport  ataport.SYS  Sat Nov 20 03:38:00 2010 (4CE788E8)
82660000 826ad000   ATMFD    ATMFD.DLL    Fri Jan 07 00:43:36 2011 (4D26A808)
9105f000 91066000   Beep     Beep.SYS     Mon Jul 13 19:45:00 2009 (4A5BC6FC)
9127c000 9128a000   blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
83247000 8324f000   BOOTVID  BOOTVID.dll  Mon Jul 13 21:04:34 2009 (4A5BD9A2)
a088d000 a08a6000   bowser   bowser.sys   Tue Feb 22 23:47:32 2011 (4D649164)
82640000 8265e000   cdd      cdd.dll      Sat Nov 20 06:56:35 2010 (4CE7B773)
83291000 8333c000   CI       CI.dll       Sat Nov 20 07:05:17 2010 (4CE7B97D)
8afa0000 8afc5000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
8324f000 83291000   CLFS     CLFS.SYS     Mon Jul 13 19:11:10 2009 (4A5BBF0E)
8379a000 837f7000   cng      cng.sys      Mon Jul 13 19:32:55 2009 (4A5BC427)
997c4000 997d1000   CompositeBus CompositeBus.sys Sat Nov 20 04:50:21 2010 (4CE799DD)
82088000 82095000   crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
91264000 9127c000   dfsc     dfsc.sys     Sat Nov 20 03:42:32 2010 (4CE789F8)
91258000 91264000   discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
8af8f000 8afa0000   disk     disk.sys     Mon Jul 13 19:11:28 2009 (4A5BBF20)
91304000 9131d000   drmk     drmk.sys     Mon Jul 13 20:36:05 2009 (4A5BD2F5)
820c4000 820d5000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
8209f000 820c4000   dump_nvstor dump_nvstor.sys Fri Mar 19 16:51:52 2010 (4BA3E3E8)
82095000 8209f000   dump_storport dump_storport.sys Sat Nov 20 04:50:47 2010 (4CE799F7)
820d5000 820df000   Dxapi    Dxapi.sys    Mon Jul 13 19:25:25 2009 (4A5BC265)
9806b000 98122000   dxgkrnl  dxgkrnl.sys  Sat Nov 20 04:08:14 2010 (4CE78FFE)
9978b000 997c4000   dxgmms1  dxgmms1.sys  Wed Feb 02 22:45:05 2011 (4D4A24C1)
82163000 8218d000   fastfat  fastfat.SYS  Mon Jul 13 19:14:01 2009 (4A5BBFB9)
91381000 9138c000   fdc      fdc.sys      Mon Jul 13 19:45:45 2009 (4A5BC729)
83400000 83411000   fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
981ac000 981b6000   flpydisk flpydisk.sys Mon Jul 13 19:45:45 2009 (4A5BC729)
833bb000 833ef000   fltmgr   fltmgr.sys   Mon Jul 13 19:11:13 2009 (4A5BBF11)
8360e000 83617000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:11:14 2009 (4A5BBF12)
8af5d000 8af8f000   fvevol   fvevol.sys   Sat Nov 20 03:40:22 2010 (4CE78976)
8b159000 8b18a000   fwpkclnt fwpkclnt.sys Sat Nov 20 03:39:08 2010 (4CE7892C)
9301f000 93024280   GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:16:53 2009 (4A1151B5)
83012000 83049000   hal      halmacpi.dll Sat Nov 20 03:37:38 2010 (4CE788D2)
93000000 9301f000   HDAudBus HDAudBus.sys Sat Nov 20 04:59:28 2010 (4CE79C00)
82027000 82077000   HdAudio  HdAudio.sys  Sat Nov 20 05:00:19 2010 (4CE79C33)
82133000 82146000   HIDCLASS HIDCLASS.SYS Sat Nov 20 04:59:37 2010 (4CE79C09)
82146000 8214c480   HIDPARSE HIDPARSE.SYS Mon Jul 13 19:50:59 2009 (4A5BC863)
82128000 82133000   hidusb   hidusb.sys   Sat Nov 20 04:59:38 2010 (4CE79C0A)
a0808000 a088d000   HTTP     HTTP.sys     Sat Nov 20 03:40:17 2010 (4CE78971)
8b000000 8b008000   hwpolicy hwpolicy.sys Sat Nov 20 03:37:35 2010 (4CE788CF)
913a6000 913be000   i8042prt i8042prt.sys Mon Jul 13 19:11:23 2009 (4A5BBF1B)
913be000 913cb000   kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
868e9000 868ec000   kdcom    kdcom.dll    Mon Mar 14 07:04:18 2011 (4D7DF632)
9131d000 91351000   ks       ks.sys       Sat Nov 20 04:50:17 2010 (4CE799D9)
83787000 8379a000   ksecdd   ksecdd.sys   Sat Nov 20 03:38:54 2010 (4CE7891E)
8af28000 8af4d000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:34:00 2009 (4A5BC468)
821c2000 821d2000   lltdio   lltdio.sys   Mon Jul 13 19:53:18 2009 (4A5BC8EE)
8218d000 821a8000   luafv    luafv.sys    Mon Jul 13 19:15:44 2009 (4A5BC020)
8322b000 83236000   mcupdate mcupdate.dll Mon Jul 13 19:13:13 2009 (4A5BBF89)
997d9000 997e6000   modem    modem.sys    Mon Jul 13 19:55:24 2009 (4A5BC96C)
82158000 82163000   monitor  monitor.sys  Mon Jul 13 19:25:58 2009 (4A5BC286)
98191000 9819e000   mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
8214d000 82158000   mouhid   mouhid.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
83531000 83547000   mountmgr mountmgr.sys Sat Nov 20 03:38:09 2010 (4CE788F1)
91031000 91057680   MpFilter MpFilter.sys Tue Sep 14 17:23:59 2010 (4C8FE7EF)
a08a6000 a08b8000   mpsdrv   mpsdrv.sys   Mon Jul 13 19:52:52 2009 (4A5BC8D4)
a08b8000 a08db000   mrxsmb   mrxsmb.sys   Tue Feb 22 23:47:34 2011 (4D649166)
a08db000 a0916000   mrxsmb10 mrxsmb10.sys Tue Feb 22 23:47:43 2011 (4D64916F)
a0916000 a0931000   mrxsmb20 mrxsmb20.sys Tue Feb 22 23:47:39 2011 (4D64916B)
910b8000 910c3000   Msfs     Msfs.SYS     Mon Jul 13 19:11:26 2009 (4A5BBF1E)
83473000 8347b000   msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
8375c000 83787000   msrpc    msrpc.sys    Mon Jul 13 19:11:59 2009 (4A5BBF3F)
9124e000 91258000   mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
8af4d000 8af5d000   mup      mup.sys      Mon Jul 13 19:14:14 2009 (4A5BBFC6)
8ae33000 8aeea000   ndis     ndis.sys     Sat Nov 20 03:39:19 2010 (4CE78937)
98e18000 98e23000   ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
98122000 98144000   ndiswan  ndiswan.sys  Sat Nov 20 05:07:48 2010 (4CE79DF4)
82077000 82088000   NDProxy  NDProxy.SYS  Sat Nov 20 05:07:39 2010 (4CE79DEB)
911a6000 911b4000   netbios  netbios.sys  Mon Jul 13 19:53:54 2009 (4A5BC912)
9114e000 91180000   netbt    netbt.sys    Sat Nov 20 03:39:22 2010 (4CE7893A)
8aeea000 8af28000   NETIO    NETIO.SYS    Sat Nov 20 03:40:03 2010 (4CE78963)
910c3000 910d1000   Npfs     Npfs.SYS     Mon Jul 13 19:11:31 2009 (4A5BBF23)
91244000 9124e000   nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
82c00000 83012000   nt       ntkrpamp.exe Sat Nov 20 03:42:49 2010 (4CE78A09)
8362d000 8375c000   Ntfs     Ntfs.sys     Sat Nov 20 03:39:08 2010 (4CE7892C)
91058000 9105f000   Null     Null.SYS     Mon Jul 13 19:11:12 2009 (4A5BBF10)
98e25000 9978a940   nvlddmkm nvlddmkm.sys Thu May 14 16:32:27 2009 (4A0C7FDB)
98016000 9806ac80   nvm62x32 nvm62x32.sys Fri Oct 17 17:00:39 2008 (48F8FCF7)
83573000 83598000   nvstor   nvstor.sys   Fri Mar 19 16:51:52 2010 (4BA3E3E8)
93095000 931f2000   P17      P17.sys      Thu Oct 15 22:11:53 2009 (4AD7D669)
91187000 911a6000   pacer    pacer.sys    Mon Jul 13 19:53:58 2009 (4A5BC916)
9138c000 913a4000   parport  parport.sys  Mon Jul 13 19:45:34 2009 (4A5BC71E)
834b0000 834c1000   partmgr  partmgr.sys  Sat Nov 20 03:38:14 2010 (4CE788F6)
a0931000 a0938000   parvdm   parvdm.sys   Mon Jul 13 19:45:29 2009 (4A5BC719)
8347b000 834a5000   pci      pci.sys      Sat Nov 20 03:37:57 2010 (4CE788E5)
8351c000 83523000   pciide   pciide.sys   Mon Jul 13 19:11:19 2009 (4A5BBF17)
83523000 83531000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:11:15 2009 (4A5BBF13)
83600000 8360e000   pcw      pcw.sys      Mon Jul 13 19:11:10 2009 (4A5BBF0E)
a0938000 a09cf000   peauth   peauth.sys   Mon Jul 13 20:35:44 2009 (4A5BD2E0)
912d5000 91304000   portcls  portcls.sys  Mon Jul 13 19:51:00 2009 (4A5BC864)
83236000 83247000   PSHED    PSHED.dll    Mon Jul 13 21:09:36 2009 (4A5BDAD0)
98e00000 98e18000   rasl2tp  rasl2tp.sys  Mon Jul 13 19:54:33 2009 (4A5BC939)
98144000 9815c000   raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
9815c000 98173000   raspptp  raspptp.sys  Mon Jul 13 19:54:47 2009 (4A5BC947)
98173000 9818a000   rassstp  rassstp.sys  Mon Jul 13 19:54:57 2009 (4A5BC951)
91203000 91244000   rdbss    rdbss.sys    Sat Nov 20 03:42:44 2010 (4CE78A04)
910a0000 910a8000   RDPCDD   RDPCDD.sys   Sat Nov 20 05:22:19 2010 (4CE7A15B)
910a8000 910b0000   rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
910b0000 910b8000   rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
8b1d1000 8b1fe000   rdyboost rdyboost.sys Sat Nov 20 04:00:07 2010 (4CE78E17)
9818a000 98190a00   RimSerial RimSerial.sys Mon Nov 24 12:02:13 2008 (492ADE15)
997d1000 997d9000   RootMdm  RootMdm.sys  Mon Jul 13 19:55:21 2009 (4A5BC969)
821d2000 821e5000   rspndr   rspndr.sys   Mon Jul 13 19:53:20 2009 (4A5BC8F0)
91022000 91028000   SASDIFSV SASDIFSV.SYS Wed Feb 17 13:19:19 2010 (4B7C3327)
91000000 91022000   SASKUTIL SASKUTIL.SYS Mon May 10 13:15:22 2010 (4BE83F2A)
a09cf000 a09d9000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
913cb000 913d5000   serenum  serenum.sys  Mon Jul 13 19:45:27 2009 (4A5BC717)
911b4000 911ce000   serial   serial.sys   Mon Jul 13 19:45:33 2009 (4A5BC71D)
8b1c9000 8b1d1000   spldr    spldr.sys    Mon May 11 12:13:47 2009 (4A084EBB)
a7e64000 a7eb5000   srv      srv.sys      Sat Nov 20 03:45:29 2010 (4CE78AA9)
a7e15000 a7e64000   srv2     srv2.sys     Sat Nov 20 03:44:35 2010 (4CE78A73)
a09d9000 a09fa000   srvnet   srvnet.sys   Sat Nov 20 03:44:27 2010 (4CE78A6B)
83598000 835e0000   storport storport.sys Sat Nov 20 04:50:58 2010 (4CE79A02)
997fe000 997ff380   swenum   swenum.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
8b00f000 8b159000   tcpip    tcpip.sys    Sat Nov 20 03:41:36 2010 (4CE789C0)
821e5000 821f2000   tcpipreg tcpipreg.sys Sat Nov 20 05:07:13 2010 (4CE79DD1)
910e8000 910f4000   TDI      TDI.SYS      Sat Nov 20 03:39:18 2010 (4CE78936)
910d1000 910e8000   tdx      tdx.sys      Sat Nov 20 03:39:17 2010 (4CE78935)
911e1000 911f2000   termdd   termdd.sys   Sat Nov 20 05:21:10 2010 (4CE7A116)
912ab000 912d5000   TotRec7  TotRec7.sys  Mon Apr 12 08:15:42 2010 (4BC30EEE)
91351000 9136f000   TotRec8  TotRec8.sys  Mon Apr 12 08:17:18 2010 (4BC30F4E)
82610000 82619000   TSDDD    TSDDD.dll    Mon Jul 13 20:01:40 2009 (4A5BCAE4)
9128a000 912ab000   tunnel   tunnel.sys   Sat Nov 20 05:06:40 2010 (4CE79DB0)
9819e000 981ac000   umbus    umbus.sys    Sat Nov 20 05:00:23 2010 (4CE79C37)
820df000 820f6000   usbccgp  usbccgp.sys  Sat Nov 20 05:00:08 2010 (4CE79C28)
820f6000 820f7700   USBD     USBD.SYS     Mon Jul 13 19:51:05 2009 (4A5BC869)
93086000 93095000   usbehci  usbehci.sys  Fri Oct 23 23:58:55 2009 (4AE27B7F)
981b6000 981fa000   usbhub   usbhub.sys   Sat Nov 20 05:00:34 2010 (4CE79C42)
913d5000 913df000   usbohci  usbohci.sys  Mon Jul 13 19:51:14 2009 (4A5BC872)
9303b000 93086000   USBPORT  USBPORT.SYS  Mon Jul 13 19:51:13 2009 (4A5BC871)
82106000 82111000   usbprint usbprint.sys Mon Jul 13 20:17:06 2009 (4A5BCE82)
820f8000 82106000   usbscan  usbscan.sys  Mon Jul 13 20:14:44 2009 (4A5BCDF4)
82111000 82128000   USBSTOR  USBSTOR.SYS  Sat Nov 20 04:59:48 2010 (4CE79C14)
834a5000 834b0000   vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
91066000 91072000   vga      vga.sys      Mon Jul 13 19:25:50 2009 (4A5BC27E)
91072000 91093000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
834c1000 834d1000   volmgr   volmgr.sys   Sat Nov 20 03:38:06 2010 (4CE788EE)
834d1000 8351c000   volmgrx  volmgrx.sys  Mon Jul 13 19:11:41 2009 (4A5BBF2D)
8b18a000 8b1c9000   volsnap  volsnap.sys  Sat Nov 20 03:38:13 2010 (4CE788F5)
911ce000 911e1000   wanarp   wanarp.sys   Sat Nov 20 05:07:45 2010 (4CE79DF1)
997f8000 997fd020   wanatw4  wanatw4.sys  Tue Jul 16 11:23:14 2002 (3D343A62)
91093000 910a0000   watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
8333c000 833ad000   Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)
833ad000 833bb000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:11:25 2009 (4A5BBF1D)
91180000 91187000   wfplwf   wfplwf.sys   Mon Jul 13 19:53:51 2009 (4A5BC90F)
827b0000 829fd000   win32k   win32k.sys   Tue Jan 04 22:50:40 2011 (4D23EA90)
8346a000 83473000   WMILIB   WMILIB.SYS   Mon Jul 13 19:11:22 2009 (4A5BBF1A)
821a8000 821c2000   WudfPf   WudfPf.sys   Sat Nov 20 04:58:55 2010 (4CE79BDF)

Unloaded modules:
8afc5000 8afd2000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
8afd2000 8afdc000   dump_storpor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
8ae00000 8ae25000   dump_nvstor.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00025000
8afdc000 8afed000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
83200000 8321f000   cdrom.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001F000
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.