Security Software (this is just to check it is installed and working properly; nothing needs to be done with this information at this time):
Code:
fsav32.exe c:\program files (x86)\f-secure\anti-virus\fsav32.exe 3932 8 200 1380 15.4.2012 19:41 10.20.17170.93 476,69 kt (488*128 tavua) 12.4.2012 20:13
fsgk32.exe c:\program files (x86)\f-secure\anti-virus\fsgk32.exe 1692 8 200 1380 15.4.2012 19:40 10.60.17500.39 535,66 kt (548*520 tavua) 12.4.2012 20:13
fsgk32st.exe c:\program files (x86)\f-secure\anti-virus\fsgk32st.exe 1532 8 200 1380 15.4.2012 19:40 8.91.15380.7 216,69 kt (221*888 tavua) 12.4.2012 20:13
fssm32.exe c:\program files (x86)\f-secure\anti-virus\fssm32.exe 2928 8 200 1380 15.4.2012 19:41 10.60.17500.39 991,66 kt (1*015*464 tavua) 12.4.2012 20:13
fih32.exe c:\program files (x86)\f-secure\common\fih32.exe 3036 8 200 1380 15.4.2012 19:41 8.21.119.0 128,69 kt (131*776 tavua) 12.4.2012 20:13
fnrb32.exe c:\program files (x86)\f-secure\common\fnrb32.exe 2888 8 200 1380 15.4.2012 19:41 8.21.119.0 184,69 kt (189*120 tavua) 12.4.2012 20:13
fshdll32.exe c:\program files (x86)\f-secure\common\fshdll32.exe 1924 6 200 1380 15.4.2012 19:40 8.21.119.0 88,69 kt (90*816 tavua) 12.4.2012 20:13
fshdll64.exe c:\program files (x86)\f-secure\common\fshdll64.exe 2492 8 200 1380 15.4.2012 19:41 8.21.119.0 104,19 kt (106*688 tavua) 12.4.2012 20:13
fsm32.exe c:\program files (x86)\f-secure\common\fsm32.exe 4708 8 200 1380 15.4.2012 19:41 8.21.119.0 296,69 kt (303*808 tavua) 12.4.2012 20:13
fsma32.exe c:\program files (x86)\f-secure\common\fsma32.exe 1684 8 200 1380 15.4.2012 19:40 8.21.119.0 184,69 kt (189*120 tavua) 12.4.2012 20:13
fsdevcon64.exe c:\program files (x86)\f-secure\device control\fsdevcon64.exe 1652 8 200 1380 15.4.2012 19:40 1.0.17436.0 505,69 kt (517*824 tavua) 12.4.2012 20:17
fsdfwd.exe c:\program files (x86)\f-secure\fwes\program\fsdfwd.exe 2860 8 200 1380 15.4.2012 19:41 6.29.114.0 835,19 kt (855*232 tavua) 12.4.2012 20:17
fsorsp.exe c:\program files (x86)\f-secure\orsp client\fsorsp.exe 2788 8 200 1380 15.4.2012 19:41 1.0.24.1035 60,69 kt (62*144 tavua) 12.4.2012 20:13
Problem Software:
Code:
dsmonitor.exe c:\program files (x86)\uniblue\driverscanner\dsmonitor.exe 1560 8 200 1380 15.4.2012 19:40 4.0.3.4 24,87 kt (25*464 tavua) 13.4.2012 12:55
Automated driver updating software often installed updated drivers for devices that are similar to those installed on the system being updated. This can cause conflicts and system crashes. If you want to continue using the software, make sure to create system restore points regularly before updating drivers. Also, make sure you have enough space available for the restore points. 20 GB is recommended if you continue to use the software: System Protection - Change Disk Space Usage
Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\xanterr\Windows_NT6_BSOD_jcgriff2\041512-14929-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17790.amd64fre.win7sp1_gdr.120305-1505
Machine Name:
Kernel base = 0xfffff800`03264000 PsLoadedModuleList = 0xfffff800`034a8650
Debug session time: Sun Apr 15 10:39:50.946 2012 (UTC - 6:00)
System Uptime: 0 days 0:37:11.243
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {18, 2, 1, fffff88008450d16}
Unable to load image \SystemRoot\system32\DRIVERS\athrx.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for athrx.sys
*** ERROR: Module load completed but symbols could not be loaded for athrx.sys
Probably caused by : athrx.sys ( athrx+18d16 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000018, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff88008450d16, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003512100
0000000000000018
CURRENT_IRQL: 2
FAULTING_IP:
athrx+18d16
fffff880`08450d16 c7401800000000 mov dword ptr [rax+18h],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff8800e2396b0 -- (.trap 0xfffff8800e2396b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8008679030
rdx=fffffa8008a16440 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88008450d16 rsp=fffff8800e239840 rbp=0000000000000000
r8=0000000000000001 r9=fffffa800998f360 r10=0000000000015c12
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
athrx+0x18d16:
fffff880`08450d16 c7401800000000 mov dword ptr [rax+18h],0 ds:7110:00000000`00000018=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800032e0229 to fffff800032e0c80
STACK_TEXT:
fffff880`0e239568 fffff800`032e0229 : 00000000`0000000a 00000000`00000018 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0e239570 fffff800`032deea0 : fffffa80`055bceb0 fffff880`0167c8d0 fffff880`08c525c0 fffffa80`0823f1a0 : nt!KiBugCheckDispatch+0x69
fffff880`0e2396b0 fffff880`08450d16 : fffffa80`0823f1a0 fffffa80`08a16300 fffffa80`08a16300 00000000`00000001 : nt!KiPageFault+0x260
fffff880`0e239840 fffffa80`0823f1a0 : fffffa80`08a16300 fffffa80`08a16300 00000000`00000001 00000000`00000000 : athrx+0x18d16
fffff880`0e239848 fffffa80`08a16300 : fffffa80`08a16300 00000000`00000001 00000000`00000000 fffffa80`08a16478 : 0xfffffa80`0823f1a0
fffff880`0e239850 fffffa80`08a16300 : 00000000`00000001 00000000`00000000 fffffa80`08a16478 00000000`00000000 : 0xfffffa80`08a16300
fffff880`0e239858 00000000`00000001 : 00000000`00000000 fffffa80`08a16478 00000000`00000000 fffffa80`08a5ba78 : 0xfffffa80`08a16300
fffff880`0e239860 00000000`00000000 : fffffa80`08a16478 00000000`00000000 fffffa80`08a5ba78 fffffa80`08a5ba50 : 0x1
STACK_COMMAND: kb
FOLLOWUP_IP:
athrx+18d16
fffff880`08450d16 c7401800000000 mov dword ptr [rax+18h],0
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: athrx+18d16
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: athrx
IMAGE_NAME: athrx.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4c9fdcaa
FAILURE_BUCKET_ID: X64_0xD1_athrx+18d16
BUCKET_ID: X64_0xD1_athrx+18d16
Followup: MachineOwner
---------
It appears your Atheros wireless network adapter driver is corrupted. Did you update it with the automated software, by chance? This may be an example of what I was saying before...
Download the latest driver for your wireless card from ATHEROS Wireless drivers for Windows by selecting the blue check mark furthest to the right for AR9285. Then click the Click for Download button. The download should start automatically on the next page. Do not click any of the links on that page as they will take you to unsecure sites.
Now, I will give some information that most do not know because they have not had an Atheros driver on their systems themselves or maybe they were just lucky not to have the problem that many have updating these drivers. The Atheros drivers for some reason cause problems in Windows. When you install them to overwrite the current drivers via the install package that vendors provide, they don't stick. I do not know why. Also, if a user tries to update them through device manager, for some reason, Windows informs the user that the system already has the most up to date drivers. Again, I do not know why. There is a special procedure that must be followed for these devices to update them properly.
Now that you have downloaded the latest Atheros package, here are the steps to install it so it sticks and actually updates the drivers for the device.
- Click Start Menu
- Right Click My Computer/Computer
- Click Manage
- Click Device Manager from the list on the left
- Expand Network adapters
- Right click the Atheros network device
- Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)
- Put a tick in Delete driver software for this device and hit OK
- Do not restart your computer
- Install the downloaded driver for the Atheros network device.
Alternatively:
- Login as an adminstrative user.
- First, download the latest driver. Then do the next steps.
- Click Start Menu
- Click Control Panel
- Click Hardware and Sound
- Click Device Manager (the last link under Devices and Printers)
- Expand Network adapters
- Right click the Atheros network device
- Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)
- Put a tick in Delete driver software for this device and hit OK
- Do not restart your computer
- Install the downloaded driver for the Atheros network device.
To install the downloaded driver, follow the steps in Driver Install - Add Hardware Wizard ; follow steps 1-6 exactly, then browse for where you saved the Atheros drivers and install as in steps 7-14 but for the Atheros drivers instead of the NETOEM driver.
Quote