Thread: win32k.sys BSOD
View Single Post
23 Dec 2010  
cybercore

Windows 7 x64
 
 

Uninstall Kaspersky with this tool:

Removal tool for Kaspersky Lab products


Uninstall SUPERAntiSpyware.


Install MSE as the replacement:

https://www.microsoft.com/security_essentials/




Update drivers:

RICOH XD SM R5C852
rixdptsk.sys Tue Nov 14 20:35:19 2006

Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x
k57nd60x.sys Sun Apr 26 07:23:19 2009

PerfectDisk Raxco Software
DefragFS.SYS Wed Aug 19 13:31:36 2009

Broadcom 802.11 Network Adapter wireless
bcmwl6.sys Tue Jul 07 20:44:47 2009






Crash Dumps:

Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\a\Minidump\D M P\122310-25802-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82a39000 PsLoadedModuleList = 0x82b81810
Debug session time: Thu Dec 23 00:49:26.915 2010 (UTC - 5:00)
System Uptime: 0 days 0:01:13.881
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.....
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 001904fb
Arg2: 9d992af8
Arg3: 9d9926d0
Arg4: 8c228773

Debugging Details:
------------------


EXCEPTION_RECORD:  9d992af8 -- (.exr 0xffffffff9d992af8)
ExceptionAddress: 8c228773 (Ntfs!NtfsFindRollbackStructByType+0x00000023)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 0003fff8
Attempt to read from address 0003fff8

CONTEXT:  9d9926d0 -- (.cxr 0xffffffff9d9926d0)
eax=00000000 ebx=8873bd5c ecx=00040000 edx=0003fff8 esi=8873bd5c edi=00000000
eip=8c228773 esp=9d992bc0 ebp=9d992bc8 iopl=0         nv up ei pl nz ac po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010213
Ntfs!NtfsFindRollbackStructByType+0x23:
8c228773 0fb73a          movzx   edi,word ptr [edx]       ds:0023:0003fff8=????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  0003fff8

READ_ADDRESS: GetPointerFromAddress: unable to read from 82ba1718
Unable to read MiSystemVaType memory at 82b81160
 0003fff8 

FOLLOWUP_IP: 
Ntfs!NtfsFindRollbackStructByType+23
8c228773 0fb73a          movzx   edi,word ptr [edx]

FAULTING_IP: 
Ntfs!NtfsFindRollbackStructByType+23
8c228773 0fb73a          movzx   edi,word ptr [edx]

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from 8c227d53 to 8c228773

STACK_TEXT:  
9d992bc8 8c227d53 8873bd5c 00000727 00000000 Ntfs!NtfsFindRollbackStructByType+0x23
9d992bec 8c2286d9 8873bcf0 a458a820 a458a820 Ntfs!NtfsFreeSnapshotsForFcb+0x25
9d992c04 8c22ec22 8873bcf0 a458a820 9d992cd0 Ntfs!NtfsReleaseFcb+0x35
9d992c1c 8c2ae5d7 8873bcf0 a458a820 8c2ae57c Ntfs!NtfsReleaseFcbWithPaging+0x2a
9d992c28 8c2ae57c 11bc871e 9d992ca4 8873bcf0 Ntfs!NtfsCommonClose+0x569
9d992c6c 8c2cd4c3 8873bcf0 a458a910 a458a820 Ntfs!NtfsCommonClose+0x513
9d992d00 82aa6f3b 00000000 00000000 886fd380 Ntfs!NtfsFspClose+0x118
9d992d50 82c476d3 80000000 b0ff03dc 00000000 nt!ExpWorkerThread+0x10d
9d992d90 82af90f9 82aa6e2e 80000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsFindRollbackStructByType+23

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bbf45

STACK_COMMAND:  .cxr 0xffffffff9d9926d0 ; kb

FAILURE_BUCKET_ID:  0x24_Ntfs!NtfsFindRollbackStructByType+23

BUCKET_ID:  0x24_Ntfs!NtfsFindRollbackStructByType+23

Followup: MachineOwner
---------






















Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\a\Minidump\D M P\122310-25459-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82a37000 PsLoadedModuleList = 0x82b7f810
Debug session time: Thu Dec 23 00:45:41.117 2010 (UTC - 5:00)
System Uptime: 0 days 0:01:26.099
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.....
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 00001236, The subtype of the bugcheck.
Arg2: 8877ea60
Arg3: 8877ead4
Arg4: 00156792

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_1236

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 82ab7ff4 to 82b13d10

STACK_TEXT:  
977b9a9c 82ab7ff4 0000001a 00001236 8877ea60 nt!KeBugCheckEx+0x1e
977b9ad4 8c609c55 000002ad 00000f94 85382268 nt!MmFreePagesFromMdl+0x39
977b9ae8 8c60ae42 85382220 00000f94 8610cf28 rdyboost!SMKM_STORE<SMD_TRAITS>::SmStReleaseRegion+0x1f
977b9b00 8c60ea24 85382268 00000f94 8c6240b0 rdyboost!ST_STORE<SMD_TRAITS>::StReleaseRegion+0x24
977b9b20 8c60eae8 85382268 00000000 85382220 rdyboost!ST_STORE<SMD_TRAITS>::StDmCleanup+0xb4
977b9b34 8c60ebe9 85382220 85382220 85382220 rdyboost!ST_STORE<SMD_TRAITS>::StCleanup+0x14
977b9b48 8c60ec92 85382220 00000001 8c6240f8 rdyboost!SMKM_STORE<SMD_TRAITS>::SmStCleanup+0x57
977b9b64 8c62bc45 8c6240b0 85382220 00000001 rdyboost!SMKM_STORE_MGR<SMD_TRAITS>::SmStoreMgrCallback+0x2a
977b9b84 8c60b9cd 00000008 8c6240b0 977b9bb4 rdyboost!SmKmCleanup+0x79
977b9b94 8c626ab3 8c6240b0 00000000 87d2c0d0 rdyboost!SMKM_STORE_MGR<SMD_TRAITS>::SmCleanup+0xf
977b9bb4 8c6178f5 8c6240b0 00000000 1b19ab01 rdyboost!SmdRBContextShutdown+0x83
977b9bfc 82a734bc 85382120 87d2c0d0 87d2c0d0 rdyboost!SmdDispatchDeviceControl+0x273
977b9c14 82c74f6e 889c5918 87d2c0d0 87d2c140 nt!IofCallDriver+0x63
977b9c34 82c91d5f 85382120 889c5918 00000000 nt!IopSynchronousServiceTail+0x1f8
977b9cd0 82c9453a 85382120 87d2c0d0 00000000 nt!IopXxxControlFile+0x6aa
977b9d04 82a7a44a 000005cc 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
977b9d04 776964f4 000005cc 00000000 00000000 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
0162ee40 00000000 00000000 00000000 00000000 0x776964f4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
rdyboost!SMKM_STORE<SMD_TRAITS>::SmStReleaseRegion+1f
8c609c55 6a00            push    0

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  rdyboost!SMKM_STORE<SMD_TRAITS>::SmStReleaseRegion+1f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: rdyboost

IMAGE_NAME:  rdyboost.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc19a

FAILURE_BUCKET_ID:  0x1a_1236_rdyboost!SMKM_STORE_SMD_TRAITS_::SmStReleaseRegion+1f

BUCKET_ID:  0x1a_1236_rdyboost!SMKM_STORE_SMD_TRAITS_::SmStReleaseRegion+1f

Followup: MachineOwner
---------























Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\a\Minidump\D M P\122210-40061-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82a46000 PsLoadedModuleList = 0x82b8e810
Debug session time: Thu Dec 16 00:13:29.229 2010 (UTC - 5:00)
System Uptime: 0 days 1:14:43.211
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 82c5eaf7, 99d36b30, 0}

Probably caused by : ntkrpamp.exe ( nt!CmpRemoveKeyHash+17 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 82c5eaf7, The address that the exception occurred at
Arg3: 99d36b30, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

FAULTING_IP: 
nt!CmpRemoveKeyHash+17
82c5eaf7 f7b12c030000    div     eax,dword ptr [ecx+32Ch]

TRAP_FRAME:  99d36b30 -- (.trap 0xffffffff99d36b30)
ErrCode = 00000000
eax=0b8caca4 ebx=982339d0 ecx=00000000 edx=00000000 esi=a0d6b5b4 edi=a0d6b5a8
eip=82c5eaf7 esp=99d36ba4 ebp=99d36bbc iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!CmpRemoveKeyHash+0x17:
82c5eaf7 f7b12c030000    div     eax,dword ptr [ecx+32Ch] ds:0023:0000032c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 82c5eab3 to 82c5eaf7

STACK_TEXT:  
99d36ba8 82c5eab3 a0d6b5c8 a0d6b5a8 86b2daa8 nt!CmpRemoveKeyHash+0x17
99d36bbc 82cdb66f 00000001 8d0f2968 9823c000 nt!CmpCleanUpKcbCacheWithLock+0x53
99d36bf0 82cdbc76 982339d0 00000000 00000001 nt!CmpCleanUpKCBCacheTable+0x16f
99d36c24 82cd3e15 00000000 00000000 b4a60bea nt!CmpSearchForOpenSubKeys+0x29
99d36d14 82cd2381 00000000 00000000 86b2daa8 nt!NtUnloadKey2+0x330
99d36d28 82a8944a 00e2f89c 00e2fadc 775064f4 nt!NtUnloadKey+0x10
99d36d28 775064f4 00e2f89c 00e2fadc 775064f4 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
00e2fadc 00000000 00000000 00000000 00000000 0x775064f4


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!CmpRemoveKeyHash+17
82c5eaf7 f7b12c030000    div     eax,dword ptr [ecx+32Ch]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!CmpRemoveKeyHash+17

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c3fac

FAILURE_BUCKET_ID:  0x8E_nt!CmpRemoveKeyHash+17

BUCKET_ID:  0x8E_nt!CmpRemoveKeyHash+17

Followup: MachineOwner
---------











Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [F:\a\Minidump\D M P\122310-21746-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.x86fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0x82a3c000 PsLoadedModuleList = 0x82b84810
Debug session time: Thu Dec 23 00:47:40.501 2010 (UTC - 5:00)
System Uptime: 0 days 0:01:24.342
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
.....
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 001904fb
Arg2: 8e30ba40
Arg3: 8e30b620
Arg4: 8c2dae78

Debugging Details:
------------------


EXCEPTION_RECORD:  8e30ba40 -- (.exr 0xffffffff8e30ba40)
ExceptionAddress: 8c2dae78 (Ntfs!NtfsRemoveFcbFromSharedResourceList+0x0000002c)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00033000
Attempt to read from address 00033000

CONTEXT:  8e30b620 -- (.cxr 0xffffffff8e30b620)
eax=00000000 ebx=82aa67a3 ecx=00000000 edx=00000000 esi=00033000 edi=887ed180
eip=8c2dae78 esp=8e30bb08 ebp=8e30bb14 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
Ntfs!NtfsRemoveFcbFromSharedResourceList+0x2c:
8c2dae78 8b06            mov     eax,dword ptr [esi]  ds:0023:00033000=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - <Unable to get error code text>

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00033000

READ_ADDRESS: GetPointerFromAddress: unable to read from 82ba4718
Unable to read MiSystemVaType memory at 82b84160
 00033000 

FOLLOWUP_IP: 
Ntfs!NtfsRemoveFcbFromSharedResourceList+2c
8c2dae78 8b06            mov     eax,dword ptr [esi]

FAULTING_IP: 
Ntfs!NtfsRemoveFcbFromSharedResourceList+2c
8c2dae78 8b06            mov     eax,dword ptr [esi]

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from 8c2d7b5f to 8c2dae78

STACK_TEXT:  
8e30bb14 8c2d7b5f ffff7400 a5f69008 00000000 Ntfs!NtfsRemoveFcbFromSharedResourceList+0x2c
8e30bb40 8c243174 887ed180 8e30bb70 8e30bb7a Ntfs!NtfsDeleteFcb+0x6c
8e30bb94 8c2bf15d 887ed180 861780d8 a5f69008 Ntfs!NtfsTeardownFromLcb+0x24f
8e30bbe4 8c23bbec 887ed180 a5f690f8 01f692a0 Ntfs!NtfsTeardownStructures+0xf3
8e30bc0c 8c2bb55b 887ed180 a5f690f8 a5f692a0 Ntfs!NtfsDecrementCloseCounts+0xaf
8e30bc6c 8c2da4c3 887ed180 a5f690f8 a5f69008 Ntfs!NtfsCommonClose+0x4f2
8e30bd00 82aa9f3b 00000000 00000000 85367a70 Ntfs!NtfsFspClose+0x118
8e30bd50 82c4a6d3 00000000 a287e760 00000000 nt!ExpWorkerThread+0x10d
8e30bd90 82afc0f9 82aa9e2e 00000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsRemoveFcbFromSharedResourceList+2c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bbf45

STACK_COMMAND:  .cxr 0xffffffff8e30b620 ; kb

FAILURE_BUCKET_ID:  0x24_Ntfs!NtfsRemoveFcbFromSharedResourceList+2c

BUCKET_ID:  0x24_Ntfs!NtfsRemoveFcbFromSharedResourceList+2c

Followup: MachineOwner
---------


Drivers:

Code:
start    end        module name
930bb000 930e7000   1394ohci 1394ohci.sys Mon Jul 13 19:51:59 2009 (4A5BC89F)
8c0a2000 8c0ea000   ACPI     ACPI.sys     Mon Jul 13 19:11:11 2009 (4A5BBF0F)
91f44000 91f9e000   afd      afd.sys      Mon Jul 13 19:12:34 2009 (4A5BBF62)
92612000 92624000   AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
8c00e000 8c017000   amdxata  amdxata.sys  Tue May 19 13:57:35 2009 (4A12F30F)
8c1c5000 8c1ce000   atapi    atapi.sys    Mon Jul 13 19:11:15 2009 (4A5BBF13)
8c1ce000 8c1f1000   ataport  ataport.SYS  Mon Jul 13 19:11:18 2009 (4A5BBF16)
92634000 92cc7000   atikmdag atikmdag.sys Tue Oct 26 22:26:21 2010 (4CC78DCD)
920df000 9211c000   atikmpag atikmpag.sys Tue Oct 26 22:14:03 2010 (4CC78AEB)
82620000 826bd000   ATSwpWDF ATSwpWDF.sys Tue Nov 24 09:01:43 2009 (4B0BE747)
8c149000 8c154000   BATTC    BATTC.SYS    Mon Jul 13 19:19:15 2009 (4A5BC0F3)
92e0e000 93075000   bcmwl6   bcmwl6.sys   Tue Jul 07 20:44:47 2009 (4A53EBFF)
91897000 9189e000   Beep     Beep.SYS     Mon Jul 13 19:45:00 2009 (4A5BC6FC)
920b0000 920be000   blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
8beb7000 8bebf000   BOOTVID  BOOTVID.dll  Mon Jul 13 21:04:34 2009 (4A5BD9A2)
99090000 990a9000   bowser   bowser.sys   Mon Jul 13 19:14:21 2009 (4A5BBFCD)
98520000 9853e000   cdd      cdd.dll      unavailable (00000000)
8c411000 8c430000   cdrom    cdrom.sys    Mon Jul 13 19:11:24 2009 (4A5BBF1C)
8bf01000 8bfac000   CI       CI.dll       Mon Jul 13 21:09:28 2009 (4A5BDAC8)
921e7000 921f5000   circlass circlass.sys Mon Jul 13 19:51:17 2009 (4A5BC875)
8c5b0000 8c5d5000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
8bebf000 8bf01000   CLFS     CLFS.SYS     Mon Jul 13 19:11:10 2009 (4A5BBF0E)
931eb000 931ee700   CmBatt   CmBatt.sys   Mon Jul 13 19:19:18 2009 (4A5BC0F6)
8c396000 8c3f3000   cng      cng.sys      Mon Jul 13 19:32:55 2009 (4A5BC427)
8c141000 8c149000   compbatt compbatt.sys Mon Jul 13 19:19:18 2009 (4A5BC0F6)
92e00000 92e0d000   CompositeBus CompositeBus.sys Mon Jul 13 19:45:26 2009 (4A5BC716)
96d53000 96d60000   crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
92034000 92098000   csc      csc.sys      Mon Jul 13 19:15:08 2009 (4A5BBFFC)
826fd000 82712000   DefragFS DefragFS.SYS Wed Aug 19 13:31:36 2009 (4A8C36F8)
92098000 920b0000   dfsc     dfsc.sys     Mon Jul 13 19:14:16 2009 (4A5BBFC8)
919c9000 919d5000   discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
8c59f000 8c5b0000   disk     disk.sys     Mon Jul 13 19:11:28 2009 (4A5BBF20)
96cf0000 96d09000   drmk     drmk.sys     Mon Jul 13 20:36:05 2009 (4A5BD2F5)
96d60000 96d6b000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:11:16 2009 (4A5BBF14)
96d75000 96d86000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
96d6b000 96d75000   dump_msahci dump_msahci.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
96d49000 96d53000   Dxapi    Dxapi.sys    Mon Jul 13 19:25:25 2009 (4A5BC265)
92cc7000 92d7e000   dxgkrnl  dxgkrnl.sys  Thu Oct 01 20:48:33 2009 (4AC54DE1)
92d7e000 92db7000   dxgmms1  dxgmms1.sys  Mon Jul 13 19:25:25 2009 (4A5BC265)
8bfe0000 8bff1000   fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
8bfac000 8bfe0000   fltmgr   fltmgr.sys   Mon Jul 13 19:11:13 2009 (4A5BBF11)
8c20e000 8c217000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:11:14 2009 (4A5BBF12)
8c56d000 8c59f000   fvevol   fvevol.sys   Fri Sep 25 22:24:21 2009 (4ABD7B55)
8c786000 8c7b7000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:12:03 2009 (4A5BBF43)
82a05000 82a3c000   hal      halmacpi.dll Mon Jul 13 19:11:03 2009 (4A5BBF07)
92db7000 92dd6000   HDAudBus HDAudBus.sys Mon Jul 13 19:50:55 2009 (4A5BC85F)
96c71000 96cc1000   HdAudio  HdAudio.sys  Mon Jul 13 19:51:46 2009 (4A5BC892)
96d18000 96d2b000   HIDCLASS HIDCLASS.SYS Mon Jul 13 19:51:01 2009 (4A5BC865)
96d09000 96d18000   hidir    hidir.sys    Mon Jul 13 19:51:04 2009 (4A5BC868)
96d2b000 96d31480   HIDPARSE HIDPARSE.SYS Mon Jul 13 19:50:59 2009 (4A5BC863)
826bd000 826c8000   hidusb   hidusb.sys   Mon Jul 13 19:51:04 2009 (4A5BC868)
9900b000 99090000   HTTP     HTTP.sys     Mon Jul 13 19:12:53 2009 (4A5BBF75)
8c635000 8c63d000   hwpolicy hwpolicy.sys Mon Jul 13 19:11:01 2009 (4A5BBF05)
93151000 93169000   i8042prt i8042prt.sys Mon Jul 13 19:11:23 2009 (4A5BBF1B)
92600000 92612000   intelppm intelppm.sys Mon Jul 13 19:11:03 2009 (4A5BBF07)
9317f000 931de000   itecir   itecir.sys   Tue Jul 13 05:17:04 2010 (4C3C2F10)
9307f000 930bb000   k57nd60x k57nd60x.sys Sun Apr 26 07:23:19 2009 (49F44427)
931de000 931eb000   kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
96d32000 96d3e000   kbdhid   kbdhid.sys   Mon Jul 13 19:45:09 2009 (4A5BC705)
80bb6000 80bbe000   kdcom    kdcom.dll    Mon Jul 13 21:08:58 2009 (4A5BDAAA)
91a24000 91f44000   kl1      kl1.sys      Tue Sep 01 07:29:07 2009 (4A9D0583)
8c560000 8c56d000   klbg     klbg.sys     Wed Oct 14 13:18:07 2009 (4AD607CF)
9183f000 91890000   klif     klif.sys     Wed Nov 11 08:32:39 2009 (4AFABCF7)
91a11000 91a18000   klim6    klim6.sys    Mon Sep 14 06:46:22 2009 (4AAE1EFE)
93169000 93172000   klmouflt klmouflt.sys Fri Oct 02 11:38:31 2009 (4AC61E77)
92000000 92034000   ks       ks.sys       Wed Mar 03 22:57:52 2010 (4B8F2FC0)
8c383000 8c396000   ksecdd   ksecdd.sys   Mon Jul 13 19:11:56 2009 (4A5BBF3C)
8c52b000 8c550000   ksecpkg  ksecpkg.sys  Thu Dec 10 23:04:22 2009 (4B21C4C6)
82712000 82722000   lltdio   lltdio.sys   Mon Jul 13 19:53:18 2009 (4A5BC8EE)
826c8000 826e3000   luafv    luafv.sys    Mon Jul 13 19:15:44 2009 (4A5BC020)
8be2e000 8bea6000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon Jul 13 21:06:41 2009 (4A5BDA21)
96dc3000 96dce000   monitor  monitor.sys  Mon Jul 13 19:25:58 2009 (4A5BC286)
93172000 9317f000   mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
96d3e000 96d49000   mouhid   mouhid.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
8c1af000 8c1c5000   mountmgr mountmgr.sys Mon Jul 13 19:11:27 2009 (4A5BBF1F)
990a9000 990bb000   mpsdrv   mpsdrv.sys   Mon Jul 13 19:52:52 2009 (4A5BC8D4)
990bb000 990de000   mrxsmb   mrxsmb.sys   Sat Feb 27 02:32:02 2010 (4B88CA72)
990de000 99119000   mrxsmb10 mrxsmb10.sys Sat Feb 27 02:32:21 2010 (4B88CA85)
99119000 99134000   mrxsmb20 mrxsmb20.sys Sat Feb 27 02:32:11 2010 (4B88CA7B)
8c1f1000 8c1fb000   msahci   msahci.sys   Mon Jul 13 19:45:50 2009 (4A5BC72E)
918f0000 918fb000   Msfs     Msfs.SYS     Mon Jul 13 19:11:26 2009 (4A5BBF1E)
8c0f3000 8c0fb000   msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
8c358000 8c383000   msrpc    msrpc.sys    Mon Jul 13 19:11:59 2009 (4A5BBF3F)
919bf000 919c9000   mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
8c550000 8c560000   mup      mup.sys      Mon Jul 13 19:14:14 2009 (4A5BBFC6)
8c436000 8c4ed000   ndis     ndis.sys     Mon Jul 13 19:12:24 2009 (4A5BBF58)
92624000 9262f000   ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
82768000 82778000   ndisuio  ndisuio.sys  Mon Jul 13 19:53:51 2009 (4A5BC90F)
9217f000 921a1000   ndiswan  ndiswan.sys  Mon Jul 13 19:54:34 2009 (4A5BC93A)
96c60000 96c71000   NDProxy  NDProxy.SYS  Mon Jul 13 19:54:27 2009 (4A5BC933)
9192b000 91939000   netbios  netbios.sys  Mon Jul 13 19:53:54 2009 (4A5BC912)
91f9e000 91fd0000   netbt    netbt.sys    Mon Jul 13 19:12:18 2009 (4A5BBF52)
8c4ed000 8c52b000   NETIO    NETIO.SYS    Mon Jul 13 19:12:35 2009 (4A5BBF63)
918fb000 91909000   Npfs     Npfs.SYS     Mon Jul 13 19:11:31 2009 (4A5BBF23)
91ff6000 92000000   nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
82a3c000 82e4c000   nt       ntkrpamp.exe Fri Jun 18 23:55:24 2010 (4C1C3FAC)
8c229000 8c358000   Ntfs     Ntfs.sys     Mon Jul 13 19:12:05 2009 (4A5BBF45)
91890000 91897000   Null     Null.SYS     Mon Jul 13 19:11:12 2009 (4A5BBF10)
82722000 82768000   nwifi    nwifi.sys    Mon Jul 13 19:51:59 2009 (4A5BC89F)
91fd7000 91ff6000   pacer    pacer.sys    Mon Jul 13 19:53:58 2009 (4A5BC916)
8c130000 8c141000   partmgr  partmgr.sys  Mon Jul 13 19:11:35 2009 (4A5BBF27)
8c0fb000 8c125000   pci      pci.sys      Mon Jul 13 19:11:16 2009 (4A5BBF14)
8c000000 8c00e000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:11:15 2009 (4A5BBF13)
8c200000 8c20e000   pcw      pcw.sys      Mon Jul 13 19:11:10 2009 (4A5BBF0E)
9914c000 991e3000   peauth   peauth.sys   Mon Jul 13 20:35:44 2009 (4A5BD2E0)
96cc1000 96cf0000   portcls  portcls.sys  Mon Jul 13 19:51:00 2009 (4A5BC864)
8bea6000 8beb7000   PSHED    PSHED.dll    Mon Jul 13 21:09:36 2009 (4A5BDAD0)
92167000 9217f000   rasl2tp  rasl2tp.sys  Mon Jul 13 19:54:33 2009 (4A5BC939)
921a1000 921b9000   raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
921b9000 921d0000   raspptp  raspptp.sys  Mon Jul 13 19:54:47 2009 (4A5BC947)
921d0000 921e7000   rassstp  rassstp.sys  Mon Jul 13 19:54:57 2009 (4A5BC951)
9197e000 919bf000   rdbss    rdbss.sys    Mon Jul 13 19:14:26 2009 (4A5BBFD2)
92df0000 92dfa000   rdpbus   rdpbus.sys   Mon Jul 13 20:02:40 2009 (4A5BCB20)
918d8000 918e0000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:01:40 2009 (4A5BCAE4)
918e0000 918e8000   rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
918e8000 918f0000   rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
8c608000 8c635000   rdyboost rdyboost.sys Mon Jul 13 19:22:02 2009 (4A5BC19A)
93100000 93151000   rixdptsk rixdptsk.sys Tue Nov 14 20:35:19 2006 (455A6ED7)
82778000 8278b000   rspndr   rspndr.sys   Mon Jul 13 19:53:20 2009 (4A5BC8F0)
91a18000 91a1e000   SASDIFSV SASDIFSV.SYS Wed Feb 17 13:19:19 2010 (4B7C3327)
9195c000 9197e000   SASKUTIL SASKUTIL.SYS Mon May 10 13:15:22 2010 (4BE83F2A)
930e7000 93100000   sdbus    sdbus.sys    Fri Oct 09 22:31:24 2009 (4ACFF1FC)
991e3000 991ed000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
8c600000 8c608000   spldr    spldr.sys    Mon May 11 12:13:47 2009 (4A084EBB)
9a411000 9a462000   srv      srv.sys      Thu Aug 26 23:31:26 2010 (4C77318E)
827ac000 827fb000   srv2     srv2.sys     Thu Aug 26 23:30:45 2010 (4C773165)
8278b000 827ac000   srvnet   srvnet.sys   Thu Aug 26 23:30:39 2010 (4C77315F)
931f8000 931f9380   swenum   swenum.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
8c63d000 8c786000   tcpip    tcpip.sys    Sun Jun 13 23:36:59 2010 (4C15A3DB)
991ed000 991fa000   tcpipreg tcpipreg.sys Mon Jul 13 19:54:14 2009 (4A5BC926)
91920000 9192b000   TDI      TDI.SYS      Mon Jul 13 19:12:12 2009 (4A5BBF4C)
91909000 91920000   tdx      tdx.sys      Mon Jul 13 19:12:10 2009 (4A5BBF4A)
9194c000 9195c000   termdd   termdd.sys   Mon Jul 13 20:01:35 2009 (4A5BCADF)
984f0000 984f9000   TSDDD    TSDDD.dll    unavailable (00000000)
920be000 920df000   tunnel   tunnel.sys   Mon Jul 13 19:54:03 2009 (4A5BC91B)
919d5000 919e3000   umbus    umbus.sys    Mon Jul 13 19:51:38 2009 (4A5BC88A)
96d86000 96d9d000   usbccgp  usbccgp.sys  Mon Jul 13 19:51:31 2009 (4A5BC883)
96d9d000 96d9e700   USBD     USBD.SYS     Mon Jul 13 19:51:05 2009 (4A5BC869)
92de1000 92df0000   usbehci  usbehci.sys  Mon Jul 13 19:51:14 2009 (4A5BC872)
96c1c000 96c60000   usbhub   usbhub.sys   Mon Jul 13 19:52:06 2009 (4A5BC8A6)
9211c000 92167000   USBPORT  USBPORT.SYS  Mon Jul 13 19:51:13 2009 (4A5BC871)
92dd6000 92de1000   usbuhci  usbuhci.sys  Mon Jul 13 19:51:10 2009 (4A5BC86E)
96d9f000 96dc2b80   usbvideo usbvideo.sys Wed Mar 03 23:04:40 2010 (4B8F3158)
8c125000 8c130000   vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
9189e000 918aa000   vga      vga.sys      Mon Jul 13 19:25:50 2009 (4A5BC27E)
918aa000 918cb000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
8c7b7000 8c7bf380   vmstorfl vmstorfl.sys Mon Jul 13 19:28:44 2009 (4A5BC32C)
8c154000 8c164000   volmgr   volmgr.sys   Mon Jul 13 19:11:25 2009 (4A5BBF1D)
8c164000 8c1af000   volmgrx  volmgrx.sys  Mon Jul 13 19:11:41 2009 (4A5BBF2D)
8c7c0000 8c7ff000   volsnap  volsnap.sys  Mon Jul 13 19:11:34 2009 (4A5BBF26)
93075000 9307f000   vwifibus vwifibus.sys Mon Jul 13 19:52:02 2009 (4A5BC8A2)
91a00000 91a11000   vwififlt vwififlt.sys Mon Jul 13 19:52:03 2009 (4A5BC8A3)
91939000 9194c000   wanarp   wanarp.sys   Mon Jul 13 19:55:02 2009 (4A5BC956)
918cb000 918d8000   watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
8c023000 8c094000   Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)
8c094000 8c0a2000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:11:25 2009 (4A5BBF1D)
91fd0000 91fd7000   wfplwf   wfplwf.sys   Mon Jul 13 19:53:51 2009 (4A5BC90F)
98290000 984db000   win32k   win32k.sys   unavailable (00000000)
931ef000 931f8000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:19:16 2009 (4A5BC0F4)
8c0ea000 8c0f3000   WMILIB   WMILIB.SYS   Mon Jul 13 19:11:22 2009 (4A5BBF1A)
826e3000 826fd000   WudfPf   WudfPf.sys   Mon Jul 13 19:50:13 2009 (4A5BC835)

Unloaded modules:
99134000 9914c000   parport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00018000
8c5d5000 8c5e2000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
8c5e2000 8c5ed000   dump_pciidex
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
8c5ed000 8c5f7000   dump_msahci.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
8c400000 8c411000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
My System SpecsSystem Spec