System Crash

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by Bobcoop103, Apr 15, 2011.

  1. Bobcoop103

    Bobcoop103 New Member

    Joined:
    Jul 21, 2010
    Messages:
    70
    Likes Received:
    0
    Recently after downloading some apps my system won't bootup properly it does go through the normal process but when it gets to the desktop and is loading it will crash and do the blue screen thing with a system dump, so I thought I would do a restore but it wouldn't allow that because there is no System Protection Icon showing in the System Window. I checked the system 32 folder and the file is there. Any idea of how I can restore the System Protection Icon?

    Thanks, Bob
     
  2. Bobcoop103

    Bobcoop103 New Member

    Joined:
    Jul 21, 2010
    Messages:
    70
    Likes Received:
    0
    I neglected to add that I can boot into safe mode ok.
     
  3. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Please, for future reference, do not post threads that ask for support in the Discussion forum as that is not a help and support forum. Since your post involves a crash plus blue screen, I have moved it here in hopes of getting your request more appropriate attention.
    Please read and do your best to comply with the following three sticky threads in the root of the BSOD forum.
    http://windows7forums.com/blue-screen-death-bsod/54459-important-every-thread-starter-please-see.html
    http://windows7forums.com/blue-screen-death-bsod/55603-sf-diagnostic-tool.html (be sure and right click the executeable and choose run as administrator)
    http://windows7forums.com/blue-screen-death-bsod/38837-how-ask-help-bsod-problem.html
    accumulate the requisite information in a folder of your choice on your computer, zip up the folder and attach it to your next post.
    As far as a system restore goes, you might have some luck booting from the install media and choosing the Repair option from there. But if you do not have any restore points accumulated then you will need to resolve the current issue before repairing the missing System Restore Utility will help.
     
  4. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    @Bobcoop103, in case you're still out of clue or perhaps can't get the SF tool to work, copy out your crash dumps from C:\Windows\Minidump, zip them and attach. You can do this in safe mode.
     
  5. Bobcoop103

    Bobcoop103 New Member

    Joined:
    Jul 21, 2010
    Messages:
    70
    Likes Received:
    0
    I installed win 7 on another HDD and I still have access to the one with the problems and that is how I am able to post on this forum.
    I did enter safe mode with command prompt and typed rstrui.exe but all that did was to get me in system restore which I had no problem entering before the problem is that System protection is turned off and when I go into the system screen there is no icon for system protection the only icons are device manager, remote settings and advanced system settings, so before I can do a system restore I need to get system protection enabled so how do I do that?
     
  6. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    Are you getting blue screens in safe mode too? In case you do that means hardware.

    If safe mode is Ok, in the command prompt type:

    chkdsk /f

    sfc /scannow


    Attach the crash files from Windows/Minidump.
     
  7. Bobcoop103

    Bobcoop103 New Member

    Joined:
    Jul 21, 2010
    Messages:
    70
    Likes Received:
    0
    I have uploaded the minidump files
     

    Attached Files:

  8. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    Man you're kidding??

    You were supposed to attach the crash files with the .dmp extensions.

    Good luck.
     
  9. Bobcoop103

    Bobcoop103 New Member

    Joined:
    Jul 21, 2010
    Messages:
    70
    Likes Received:
    0
    Hope this works, the attaching process is a little confusing to me.
     

    Attached Files:

  10. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    1. Update drivers:

    nForce
    nvm62x32.sys Fri Oct 17 17:00:39 2008

    Creative
    P17.sys Thu Oct 15 22:11:53 2009

    ASUS ATK0110 ACPI Utility
    ASACPI.sys Thu Aug 12 22:52:52 2004




    2. Uninstall SUPERAntiSpyware



    3. If crashes resume after following the above steps 1-2, attach:

    a) latest crash dumps
    b) CPU-Z screenshot of memory and CPU tabs
    c) Passmark Rammon HTML report



    CRASH DUMPS

    Code:
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\DMP\041411-24148-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0x82c4c000 PsLoadedModuleList = 0x82d96850
    Debug session time: Thu Apr 14 16:43:04.445 2011 (UTC - 4:00)
    System Uptime: 0 days 0:01:48.162
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ............................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1000008E, {c0000005, 82e79f3e, 8cd1b864, 0}
    
    Probably caused by : ntkrpamp.exe ( nt!ExpAllocateHandleTableEntry+1f )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 82e79f3e, The address that the exception occurred at
    Arg3: 8cd1b864, Trap Frame
    Arg4: 00000000
    
    Debugging Details:
    ------------------
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    FAULTING_IP: 
    nt!ExpAllocateHandleTableEntry+1f
    82e79f3e f00fba2800      lock bts dword ptr [eax],0
    
    TRAP_FRAME:  8cd1b864 -- (.trap 0xffffffff8cd1b864)
    ErrCode = 00000002
    eax=0000000c ebx=00000000 ecx=0000000c edx=000f001f esi=00000000 edi=856f7020
    eip=82e79f3e esp=8cd1b8d8 ebp=8cd1b8e8 iopl=0         nv up ei ng nz ac pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010296
    nt!ExpAllocateHandleTableEntry+0x1f:
    82e79f3e f00fba2800      lock bts dword ptr [eax],0   ds:0023:0000000c=????????
    Resetting default scope
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0x8E
    
    PROCESS_NAME:  iPodService.ex
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from 82e8ddf3 to 82e79f3e
    
    STACK_TEXT:  
    8cd1b8e8 82e8ddf3 8cd1b908 8cd1b950 a322b988 nt!ExpAllocateHandleTableEntry+0x1f
    8cd1b900 82e70c28 00000000 8cd1b950 a322b9a0 nt!ExCreateHandle+0x1a
    8cd1b958 82e7123e 00000000 a322b9a0 000f001f nt!ObpCreateHandle+0x2a8
    8cd1bafc 82e71165 00000000 000f001f 00000000 nt!ObInsertObjectEx+0xd0
    8cd1bb18 82e7110a a322b9a0 00000000 000f001f nt!ObInsertObject+0x1e
    8cd1bb84 82c8a1ea 8cd1bc98 000f001f 00000000 nt!NtCreateSection+0x1df
    8cd1bb84 82c87df5 8cd1bc98 000f001f 00000000 nt!KiFastCallEntry+0x12a
    8cd1bd00 82cc9aab 800004f8 00000000 856f7020 nt!ZwCreateSection+0x11
    8cd1bd50 82e55f5e 00000001 a640c7f1 00000000 nt!ExpWorkerThread+0x10d
    8cd1bd90 82cfd219 82cc999e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!ExpAllocateHandleTableEntry+1f
    82e79f3e f00fba2800      lock bts dword ptr [eax],0
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  nt!ExpAllocateHandleTableEntry+1f
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrpamp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09
    
    FAILURE_BUCKET_ID:  0x8E_nt!ExpAllocateHandleTableEntry+1f
    
    BUCKET_ID:  0x8E_nt!ExpAllocateHandleTableEntry+1f
    
    Followup: MachineOwner
    ---------
    
    
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\DMP\041411-24180-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0x82c14000 PsLoadedModuleList = 0x82d5e850
    Debug session time: Thu Apr 14 15:46:08.894 2011 (UTC - 4:00)
    System Uptime: 0 days 0:02:08.736
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ............................
    Loading User Symbols
    Loading unloaded module list
    ......
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1000007F, {d, 0, 0, 0}
    
    Probably caused by : ntkrpamp.exe ( nt!KiSwapProcess+7a )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
    This means a trap occurred in kernel mode, and it's a trap of a kind
    that the kernel isn't allowed to have/catch (bound trap) or that
    is always instant death (double fault).  The first number in the
    bugcheck params is the number of the trap (8 = double fault, etc)
    Consult an Intel x86 family manual to learn more about what these
    traps are. Here is a *portion* of those codes:
    If kv shows a taskGate
            use .tss on the part before the colon, then kv.
    Else if kv shows a trapframe
            use .trap on that value
    Else
            .trap on the appropriate frame will show where the trap was taken
            (on x86, this will be the ebp that goes with the procedure KiTrap)
    Endif
    kb will then show the corrected stack.
    Arguments:
    Arg1: 0000000d, EXCEPTION_GP_FAULT
    Arg2: 00000000
    Arg3: 00000000
    Arg4: 00000000
    
    Debugging Details:
    ------------------
    
    
    BUGCHECK_STR:  0x7f_d
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    CURRENT_IRQL:  2
    
    LAST_CONTROL_TRANSFER:  from 82c979a4 to 82c8bdee
    
    STACK_TEXT:  
    8cd1bbf0 82c979a4 87fae018 85661b98 856f7080 nt!KiSwapProcess+0x7a
    8cd1bc0c 82cafe70 00000000 00000000 856f7190 nt!KiAttachProcess+0xd1
    8cd1bc50 82c5063d badb0d00 8cd1bcc8 8c00bc88 nt!KeStackAttachProcess+0xbe
    8cd1bd00 82c91aab 80000760 00000000 856f7020 nt!ZwOpenProcess+0x11
    8cd1bd50 82e1df5e 00000001 a642d304 00000000 nt!ExpWorkerThread+0x10d
    8cd1bd90 82cc5219 82c9199e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!KiSwapProcess+7a
    82c8bdee 0f00d0          lldt    ax
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  nt!KiSwapProcess+7a
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrpamp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09
    
    FAILURE_BUCKET_ID:  0x7f_d_nt!KiSwapProcess+7a
    
    BUCKET_ID:  0x7f_d_nt!KiSwapProcess+7a
    
    Followup: MachineOwner
    ---------
    
    
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\DMP\041411-24164-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0x82c07000 PsLoadedModuleList = 0x82d51850
    Debug session time: Thu Apr 14 16:36:58.809 2011 (UTC - 4:00)
    System Uptime: 0 days 0:01:26.526
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ............................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1000008E, {c0000005, 82e34f3e, 8cd13864, 0}
    
    Probably caused by : ntkrpamp.exe ( nt!ExpAllocateHandleTableEntry+1f )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 82e34f3e, The address that the exception occurred at
    Arg3: 8cd13864, Trap Frame
    Arg4: 00000000
    
    Debugging Details:
    ------------------
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    FAULTING_IP: 
    nt!ExpAllocateHandleTableEntry+1f
    82e34f3e f00fba2800      lock bts dword ptr [eax],0
    
    TRAP_FRAME:  8cd13864 -- (.trap 0xffffffff8cd13864)
    ErrCode = 00000002
    eax=0000000c ebx=00000000 ecx=0000000c edx=000f001f esi=00000000 edi=856f8798
    eip=82e34f3e esp=8cd138d8 ebp=8cd138e8 iopl=0         nv up ei ng nz ac pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010296
    nt!ExpAllocateHandleTableEntry+0x1f:
    82e34f3e f00fba2800      lock bts dword ptr [eax],0   ds:0023:0000000c=????????
    Resetting default scope
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0x8E
    
    PROCESS_NAME:  msseces.exe
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from 82e48df3 to 82e34f3e
    
    STACK_TEXT:  
    8cd138e8 82e48df3 8cd13908 8cd13950 a804a268 nt!ExpAllocateHandleTableEntry+0x1f
    8cd13900 82e2bc28 00000000 8cd13950 a804a280 nt!ExCreateHandle+0x1a
    8cd13958 82e2c23e 00000000 a804a280 000f001f nt!ObpCreateHandle+0x2a8
    8cd13afc 82e2c165 00000000 000f001f 00000000 nt!ObInsertObjectEx+0xd0
    8cd13b18 82e2c10a a804a280 00000000 000f001f nt!ObInsertObject+0x1e
    8cd13b84 82c451ea 8cd13c98 000f001f 00000000 nt!NtCreateSection+0x1df
    8cd13b84 82c42df5 8cd13c98 000f001f 00000000 nt!KiFastCallEntry+0x12a
    8cd13d00 82c84aab 800008a4 00000000 856f8798 nt!ZwCreateSection+0x11
    8cd13d50 82e10f5e 00000001 a6492c12 00000000 nt!ExpWorkerThread+0x10d
    8cd13d90 82cb8219 82c8499e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!ExpAllocateHandleTableEntry+1f
    82e34f3e f00fba2800      lock bts dword ptr [eax],0
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  nt!ExpAllocateHandleTableEntry+1f
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrpamp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09
    
    FAILURE_BUCKET_ID:  0x8E_nt!ExpAllocateHandleTableEntry+1f
    
    BUCKET_ID:  0x8E_nt!ExpAllocateHandleTableEntry+1f
    
    Followup: MachineOwner
    ---------
    
    
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\DMP\041411-24273-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0x82c00000 PsLoadedModuleList = 0x82d4a850
    Debug session time: Thu Apr 14 15:52:17.043 2011 (UTC - 4:00)
    System Uptime: 0 days 0:01:36.760
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ............................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 1000007E, {c0000005, 82ca1cbd, 8cd17b50, 8cd17730}
    
    Probably caused by : ntkrpamp.exe ( nt!RtlImageNtHeaderEx+4a )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 82ca1cbd, The address that the exception occurred at
    Arg3: 8cd17b50, Exception Record Address
    Arg4: 8cd17730, Context Record Address
    
    Debugging Details:
    ------------------
    
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    FAULTING_IP: 
    nt!RtlImageNtHeaderEx+4a
    82ca1cbd 663902          cmp     word ptr [edx],ax
    
    EXCEPTION_RECORD:  8cd17b50 -- (.exr 0xffffffff8cd17b50)
    ExceptionAddress: 82ca1cbd (nt!RtlImageNtHeaderEx+0x0000004a)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000000
       Parameter[1]: 7ffa0000
    Attempt to read from address 7ffa0000
    
    CONTEXT:  8cd17730 -- (.cxr 0xffffffff8cd17730)
    eax=00005a4d ebx=87f209dc ecx=00000000 edx=7ffa0000 esi=00000000 edi=8cd17c2c
    eip=82ca1cbd esp=8cd17c18 ebp=8cd17c18 iopl=0         nv up ei pl zr na pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
    nt!RtlImageNtHeaderEx+0x4a:
    82ca1cbd 663902          cmp     word ptr [edx],ax        ds:0023:7ffa0000=????
    Resetting default scope
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    PROCESS_NAME:  msseces.exe
    
    CURRENT_IRQL:  0
    
    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
    
    EXCEPTION_PARAMETER1:  00000000
    
    EXCEPTION_PARAMETER2:  7ffa0000
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from 82d6a718
    Unable to read MiSystemVaType memory at 82d4a1a0
     7ffa0000 
    
    FOLLOWUP_IP: 
    nt!RtlImageNtHeaderEx+4a
    82ca1cbd 663902          cmp     word ptr [edx],ax
    
    BUGCHECK_STR:  0x7E
    
    LAST_CONTROL_TRANSFER:  from 82ca8a54 to 82ca1cbd
    
    STACK_TEXT:  
    8cd17c18 82ca8a54 00000000 00000000 87f209a8 nt!RtlImageNtHeaderEx+0x4a
    8cd17c50 82c3c63d 00000000 8cd17cc8 00000018 nt!RtlImageNtHeader+0x1a
    8cd17d00 82c7daab 80000890 00000000 856f84c0 nt!ZwOpenProcess+0x11
    8cd17d50 82e09f5e 00000001 a64eb7e2 00000000 nt!ExpWorkerThread+0x10d
    8cd17d90 82cb1219 82c7d99e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
    
    
    SYMBOL_STACK_INDEX:  0
    
    SYMBOL_NAME:  nt!RtlImageNtHeaderEx+4a
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrpamp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce78a09
    
    STACK_COMMAND:  .cxr 0xffffffff8cd17730 ; kb
    
    FAILURE_BUCKET_ID:  0x7E_nt!RtlImageNtHeaderEx+4a
    
    BUCKET_ID:  0x7E_nt!RtlImageNtHeaderEx+4a
    
    Followup: MachineOwner
    ---------
    
    
    
    




    DRIVERS

    Code:
    start    end        module name
    83422000 8346a000   ACPI     ACPI.sys     Sat Nov 20 03:37:52 2010 (4CE788E0)
    910f4000 9114e000   afd      afd.sys      Sat Nov 20 03:40:00 2010 (4CE78960)
    835e9000 835f5e80   AFS      AFS.sys      Thu Apr 17 12:23:07 2003 (3E9ED4EB)
    997e6000 997f8000   AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
    9136f000 91381000   amdk8    amdk8.sys    Mon Jul 13 19:11:03 2009 (4A5BBF07)
    835e0000 835e9000   amdxata  amdxata.sys  Fri Mar 19 12:19:01 2010 (4BA3A3F5)
    913a4000 913a5420   ASACPI   ASACPI.sys   Thu Aug 12 22:52:52 2004 (411C2D04)
    83547000 83550000   atapi    atapi.sys    Mon Jul 13 19:11:15 2009 (4A5BBF13)
    83550000 83573000   ataport  ataport.SYS  Sat Nov 20 03:38:00 2010 (4CE788E8)
    82660000 826ad000   ATMFD    ATMFD.DLL    Fri Jan 07 00:43:36 2011 (4D26A808)
    9105f000 91066000   Beep     Beep.SYS     Mon Jul 13 19:45:00 2009 (4A5BC6FC)
    9127c000 9128a000   blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
    83247000 8324f000   BOOTVID  BOOTVID.dll  Mon Jul 13 21:04:34 2009 (4A5BD9A2)
    a088d000 a08a6000   bowser   bowser.sys   Tue Feb 22 23:47:32 2011 (4D649164)
    82640000 8265e000   cdd      cdd.dll      Sat Nov 20 06:56:35 2010 (4CE7B773)
    83291000 8333c000   CI       CI.dll       Sat Nov 20 07:05:17 2010 (4CE7B97D)
    8afa0000 8afc5000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
    8324f000 83291000   CLFS     CLFS.SYS     Mon Jul 13 19:11:10 2009 (4A5BBF0E)
    8379a000 837f7000   cng      cng.sys      Mon Jul 13 19:32:55 2009 (4A5BC427)
    997c4000 997d1000   CompositeBus CompositeBus.sys Sat Nov 20 04:50:21 2010 (4CE799DD)
    82088000 82095000   crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
    91264000 9127c000   dfsc     dfsc.sys     Sat Nov 20 03:42:32 2010 (4CE789F8)
    91258000 91264000   discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
    8af8f000 8afa0000   disk     disk.sys     Mon Jul 13 19:11:28 2009 (4A5BBF20)
    91304000 9131d000   drmk     drmk.sys     Mon Jul 13 20:36:05 2009 (4A5BD2F5)
    820c4000 820d5000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
    8209f000 820c4000   dump_nvstor dump_nvstor.sys Fri Mar 19 16:51:52 2010 (4BA3E3E8)
    82095000 8209f000   dump_storport dump_storport.sys Sat Nov 20 04:50:47 2010 (4CE799F7)
    820d5000 820df000   Dxapi    Dxapi.sys    Mon Jul 13 19:25:25 2009 (4A5BC265)
    9806b000 98122000   dxgkrnl  dxgkrnl.sys  Sat Nov 20 04:08:14 2010 (4CE78FFE)
    9978b000 997c4000   dxgmms1  dxgmms1.sys  Wed Feb 02 22:45:05 2011 (4D4A24C1)
    82163000 8218d000   fastfat  fastfat.SYS  Mon Jul 13 19:14:01 2009 (4A5BBFB9)
    91381000 9138c000   fdc      fdc.sys      Mon Jul 13 19:45:45 2009 (4A5BC729)
    83400000 83411000   fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
    981ac000 981b6000   flpydisk flpydisk.sys Mon Jul 13 19:45:45 2009 (4A5BC729)
    833bb000 833ef000   fltmgr   fltmgr.sys   Mon Jul 13 19:11:13 2009 (4A5BBF11)
    8360e000 83617000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:11:14 2009 (4A5BBF12)
    8af5d000 8af8f000   fvevol   fvevol.sys   Sat Nov 20 03:40:22 2010 (4CE78976)
    8b159000 8b18a000   fwpkclnt fwpkclnt.sys Sat Nov 20 03:39:08 2010 (4CE7892C)
    9301f000 93024280   GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:16:53 2009 (4A1151B5)
    83012000 83049000   hal      halmacpi.dll Sat Nov 20 03:37:38 2010 (4CE788D2)
    93000000 9301f000   HDAudBus HDAudBus.sys Sat Nov 20 04:59:28 2010 (4CE79C00)
    82027000 82077000   HdAudio  HdAudio.sys  Sat Nov 20 05:00:19 2010 (4CE79C33)
    82133000 82146000   HIDCLASS HIDCLASS.SYS Sat Nov 20 04:59:37 2010 (4CE79C09)
    82146000 8214c480   HIDPARSE HIDPARSE.SYS Mon Jul 13 19:50:59 2009 (4A5BC863)
    82128000 82133000   hidusb   hidusb.sys   Sat Nov 20 04:59:38 2010 (4CE79C0A)
    a0808000 a088d000   HTTP     HTTP.sys     Sat Nov 20 03:40:17 2010 (4CE78971)
    8b000000 8b008000   hwpolicy hwpolicy.sys Sat Nov 20 03:37:35 2010 (4CE788CF)
    913a6000 913be000   i8042prt i8042prt.sys Mon Jul 13 19:11:23 2009 (4A5BBF1B)
    913be000 913cb000   kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
    868e9000 868ec000   kdcom    kdcom.dll    Mon Mar 14 07:04:18 2011 (4D7DF632)
    9131d000 91351000   ks       ks.sys       Sat Nov 20 04:50:17 2010 (4CE799D9)
    83787000 8379a000   ksecdd   ksecdd.sys   Sat Nov 20 03:38:54 2010 (4CE7891E)
    8af28000 8af4d000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:34:00 2009 (4A5BC468)
    821c2000 821d2000   lltdio   lltdio.sys   Mon Jul 13 19:53:18 2009 (4A5BC8EE)
    8218d000 821a8000   luafv    luafv.sys    Mon Jul 13 19:15:44 2009 (4A5BC020)
    8322b000 83236000   mcupdate mcupdate.dll Mon Jul 13 19:13:13 2009 (4A5BBF89)
    997d9000 997e6000   modem    modem.sys    Mon Jul 13 19:55:24 2009 (4A5BC96C)
    82158000 82163000   monitor  monitor.sys  Mon Jul 13 19:25:58 2009 (4A5BC286)
    98191000 9819e000   mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
    8214d000 82158000   mouhid   mouhid.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
    83531000 83547000   mountmgr mountmgr.sys Sat Nov 20 03:38:09 2010 (4CE788F1)
    91031000 91057680   MpFilter MpFilter.sys Tue Sep 14 17:23:59 2010 (4C8FE7EF)
    a08a6000 a08b8000   mpsdrv   mpsdrv.sys   Mon Jul 13 19:52:52 2009 (4A5BC8D4)
    a08b8000 a08db000   mrxsmb   mrxsmb.sys   Tue Feb 22 23:47:34 2011 (4D649166)
    a08db000 a0916000   mrxsmb10 mrxsmb10.sys Tue Feb 22 23:47:43 2011 (4D64916F)
    a0916000 a0931000   mrxsmb20 mrxsmb20.sys Tue Feb 22 23:47:39 2011 (4D64916B)
    910b8000 910c3000   Msfs     Msfs.SYS     Mon Jul 13 19:11:26 2009 (4A5BBF1E)
    83473000 8347b000   msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
    8375c000 83787000   msrpc    msrpc.sys    Mon Jul 13 19:11:59 2009 (4A5BBF3F)
    9124e000 91258000   mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
    8af4d000 8af5d000   mup      mup.sys      Mon Jul 13 19:14:14 2009 (4A5BBFC6)
    8ae33000 8aeea000   ndis     ndis.sys     Sat Nov 20 03:39:19 2010 (4CE78937)
    98e18000 98e23000   ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
    98122000 98144000   ndiswan  ndiswan.sys  Sat Nov 20 05:07:48 2010 (4CE79DF4)
    82077000 82088000   NDProxy  NDProxy.SYS  Sat Nov 20 05:07:39 2010 (4CE79DEB)
    911a6000 911b4000   netbios  netbios.sys  Mon Jul 13 19:53:54 2009 (4A5BC912)
    9114e000 91180000   netbt    netbt.sys    Sat Nov 20 03:39:22 2010 (4CE7893A)
    8aeea000 8af28000   NETIO    NETIO.SYS    Sat Nov 20 03:40:03 2010 (4CE78963)
    910c3000 910d1000   Npfs     Npfs.SYS     Mon Jul 13 19:11:31 2009 (4A5BBF23)
    91244000 9124e000   nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
    82c00000 83012000   nt       ntkrpamp.exe Sat Nov 20 03:42:49 2010 (4CE78A09)
    8362d000 8375c000   Ntfs     Ntfs.sys     Sat Nov 20 03:39:08 2010 (4CE7892C)
    91058000 9105f000   Null     Null.SYS     Mon Jul 13 19:11:12 2009 (4A5BBF10)
    98e25000 9978a940   nvlddmkm nvlddmkm.sys Thu May 14 16:32:27 2009 (4A0C7FDB)
    98016000 9806ac80   nvm62x32 nvm62x32.sys Fri Oct 17 17:00:39 2008 (48F8FCF7)
    83573000 83598000   nvstor   nvstor.sys   Fri Mar 19 16:51:52 2010 (4BA3E3E8)
    93095000 931f2000   P17      P17.sys      Thu Oct 15 22:11:53 2009 (4AD7D669)
    91187000 911a6000   pacer    pacer.sys    Mon Jul 13 19:53:58 2009 (4A5BC916)
    9138c000 913a4000   parport  parport.sys  Mon Jul 13 19:45:34 2009 (4A5BC71E)
    834b0000 834c1000   partmgr  partmgr.sys  Sat Nov 20 03:38:14 2010 (4CE788F6)
    a0931000 a0938000   parvdm   parvdm.sys   Mon Jul 13 19:45:29 2009 (4A5BC719)
    8347b000 834a5000   pci      pci.sys      Sat Nov 20 03:37:57 2010 (4CE788E5)
    8351c000 83523000   pciide   pciide.sys   Mon Jul 13 19:11:19 2009 (4A5BBF17)
    83523000 83531000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:11:15 2009 (4A5BBF13)
    83600000 8360e000   pcw      pcw.sys      Mon Jul 13 19:11:10 2009 (4A5BBF0E)
    a0938000 a09cf000   peauth   peauth.sys   Mon Jul 13 20:35:44 2009 (4A5BD2E0)
    912d5000 91304000   portcls  portcls.sys  Mon Jul 13 19:51:00 2009 (4A5BC864)
    83236000 83247000   PSHED    PSHED.dll    Mon Jul 13 21:09:36 2009 (4A5BDAD0)
    98e00000 98e18000   rasl2tp  rasl2tp.sys  Mon Jul 13 19:54:33 2009 (4A5BC939)
    98144000 9815c000   raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
    9815c000 98173000   raspptp  raspptp.sys  Mon Jul 13 19:54:47 2009 (4A5BC947)
    98173000 9818a000   rassstp  rassstp.sys  Mon Jul 13 19:54:57 2009 (4A5BC951)
    91203000 91244000   rdbss    rdbss.sys    Sat Nov 20 03:42:44 2010 (4CE78A04)
    910a0000 910a8000   RDPCDD   RDPCDD.sys   Sat Nov 20 05:22:19 2010 (4CE7A15B)
    910a8000 910b0000   rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
    910b0000 910b8000   rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
    8b1d1000 8b1fe000   rdyboost rdyboost.sys Sat Nov 20 04:00:07 2010 (4CE78E17)
    9818a000 98190a00   RimSerial RimSerial.sys Mon Nov 24 12:02:13 2008 (492ADE15)
    997d1000 997d9000   RootMdm  RootMdm.sys  Mon Jul 13 19:55:21 2009 (4A5BC969)
    821d2000 821e5000   rspndr   rspndr.sys   Mon Jul 13 19:53:20 2009 (4A5BC8F0)
    91022000 91028000   SASDIFSV SASDIFSV.SYS Wed Feb 17 13:19:19 2010 (4B7C3327)
    91000000 91022000   SASKUTIL SASKUTIL.SYS Mon May 10 13:15:22 2010 (4BE83F2A)
    a09cf000 a09d9000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
    913cb000 913d5000   serenum  serenum.sys  Mon Jul 13 19:45:27 2009 (4A5BC717)
    911b4000 911ce000   serial   serial.sys   Mon Jul 13 19:45:33 2009 (4A5BC71D)
    8b1c9000 8b1d1000   spldr    spldr.sys    Mon May 11 12:13:47 2009 (4A084EBB)
    a7e64000 a7eb5000   srv      srv.sys      Sat Nov 20 03:45:29 2010 (4CE78AA9)
    a7e15000 a7e64000   srv2     srv2.sys     Sat Nov 20 03:44:35 2010 (4CE78A73)
    a09d9000 a09fa000   srvnet   srvnet.sys   Sat Nov 20 03:44:27 2010 (4CE78A6B)
    83598000 835e0000   storport storport.sys Sat Nov 20 04:50:58 2010 (4CE79A02)
    997fe000 997ff380   swenum   swenum.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
    8b00f000 8b159000   tcpip    tcpip.sys    Sat Nov 20 03:41:36 2010 (4CE789C0)
    821e5000 821f2000   tcpipreg tcpipreg.sys Sat Nov 20 05:07:13 2010 (4CE79DD1)
    910e8000 910f4000   TDI      TDI.SYS      Sat Nov 20 03:39:18 2010 (4CE78936)
    910d1000 910e8000   tdx      tdx.sys      Sat Nov 20 03:39:17 2010 (4CE78935)
    911e1000 911f2000   termdd   termdd.sys   Sat Nov 20 05:21:10 2010 (4CE7A116)
    912ab000 912d5000   TotRec7  TotRec7.sys  Mon Apr 12 08:15:42 2010 (4BC30EEE)
    91351000 9136f000   TotRec8  TotRec8.sys  Mon Apr 12 08:17:18 2010 (4BC30F4E)
    82610000 82619000   TSDDD    TSDDD.dll    Mon Jul 13 20:01:40 2009 (4A5BCAE4)
    9128a000 912ab000   tunnel   tunnel.sys   Sat Nov 20 05:06:40 2010 (4CE79DB0)
    9819e000 981ac000   umbus    umbus.sys    Sat Nov 20 05:00:23 2010 (4CE79C37)
    820df000 820f6000   usbccgp  usbccgp.sys  Sat Nov 20 05:00:08 2010 (4CE79C28)
    820f6000 820f7700   USBD     USBD.SYS     Mon Jul 13 19:51:05 2009 (4A5BC869)
    93086000 93095000   usbehci  usbehci.sys  Fri Oct 23 23:58:55 2009 (4AE27B7F)
    981b6000 981fa000   usbhub   usbhub.sys   Sat Nov 20 05:00:34 2010 (4CE79C42)
    913d5000 913df000   usbohci  usbohci.sys  Mon Jul 13 19:51:14 2009 (4A5BC872)
    9303b000 93086000   USBPORT  USBPORT.SYS  Mon Jul 13 19:51:13 2009 (4A5BC871)
    82106000 82111000   usbprint usbprint.sys Mon Jul 13 20:17:06 2009 (4A5BCE82)
    820f8000 82106000   usbscan  usbscan.sys  Mon Jul 13 20:14:44 2009 (4A5BCDF4)
    82111000 82128000   USBSTOR  USBSTOR.SYS  Sat Nov 20 04:59:48 2010 (4CE79C14)
    834a5000 834b0000   vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
    91066000 91072000   vga      vga.sys      Mon Jul 13 19:25:50 2009 (4A5BC27E)
    91072000 91093000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
    834c1000 834d1000   volmgr   volmgr.sys   Sat Nov 20 03:38:06 2010 (4CE788EE)
    834d1000 8351c000   volmgrx  volmgrx.sys  Mon Jul 13 19:11:41 2009 (4A5BBF2D)
    8b18a000 8b1c9000   volsnap  volsnap.sys  Sat Nov 20 03:38:13 2010 (4CE788F5)
    911ce000 911e1000   wanarp   wanarp.sys   Sat Nov 20 05:07:45 2010 (4CE79DF1)
    997f8000 997fd020   wanatw4  wanatw4.sys  Tue Jul 16 11:23:14 2002 (3D343A62)
    91093000 910a0000   watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
    8333c000 833ad000   Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)
    833ad000 833bb000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:11:25 2009 (4A5BBF1D)
    91180000 91187000   wfplwf   wfplwf.sys   Mon Jul 13 19:53:51 2009 (4A5BC90F)
    827b0000 829fd000   win32k   win32k.sys   Tue Jan 04 22:50:40 2011 (4D23EA90)
    8346a000 83473000   WMILIB   WMILIB.SYS   Mon Jul 13 19:11:22 2009 (4A5BBF1A)
    821a8000 821c2000   WudfPf   WudfPf.sys   Sat Nov 20 04:58:55 2010 (4CE79BDF)
    
    Unloaded modules:
    8afc5000 8afd2000   crashdmp.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000D000
    8afd2000 8afdc000   dump_storpor
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0000A000
    8ae00000 8ae25000   dump_nvstor.
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00025000
    8afdc000 8afed000   dump_dumpfve
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  00011000
    83200000 8321f000   cdrom.sys
        Timestamp: unavailable (00000000)
        Checksum:  00000000
        ImageSize:  0001F000
    
    
     

Share This Page

Loading...