BSOD from another computer dump file

I am trying to help my brother figure out what a problem is causing his laptop to come up with bsod. I have the dump file he sent me and was wondering if I could get some help on it. I used the blue screen review and it showed it as file "NTKRNLPA.EXE". Unfortunately this hasn't led me to where else to look or what else to do.

Is it possible that someone could check this dump file for me and let me know if they find what the cause could be. I would be grateful if I could get some help.

This is on a Dell laptop and running win 7.

Thanks
Gary

heasma02 said:

I am trying to help my brother figure out what a problem is causing his laptop to come up with bsod. I have the dump file he sent me and was wondering if I could get some help on it. I used the blue screen review and it showed it as file "NTKRNLPA.EXE". Unfortunately this hasn't led me to where else to look or what else to do.

Is it possible that someone could check this dump file for me and let me know if they find what the cause could be. I would be grateful if I could get some help.

This is on a Dell laptop and running win 7.

Thanks
Gary

Gary Hi and welcome
This Dump has me a bit concerned. because the probable cause is either a vlid system file that I am unaware of or a virus of some sort. I have not beena ble to find any reference to the file but on av sites.
There is more than just one problem however. this drivers listed below confirm that this was not a c lean install but rather an upgrade. Drivers this old will cause crashes all the time

I would
First run a complete antivirus scan with a good app and current definitions.
then I would update all the drivers.
Sinally I would run a system file check to verify and fix your system files
It is run by typing cmd in search>right click and run as admin>
SFC /SCANNOW

let us know the results



Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\K\Desktop\111709-34164-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*d:\symbols*Symbol information
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.x86fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0x82e38000 PsLoadedModuleList = 0x82f80810
Debug session time: Tue Nov 17 12:19:23.178 2009 (GMT-5)
System Uptime: 0 days 18:56:08.472
Loading Kernel Symbols
...............................................................
................................................................
................................................
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {8, ff, 0, 82ec221a}

Unable to load image \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for RapportKELL.sys
*** ERROR: Module load completed but symbols could not be loaded for RapportKELL.sys
Probably caused by : RapportKELL.sys ( RapportKELL+52ec )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000008, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 82ec221a, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 82fa0718
Unable to read MiSystemVaType memory at 82f80160
00000008

CURRENT_IRQL: 2

FAULTING_IP:
nt!KiCheckForThreadDispatch+153
82ec221a 837e0800 cmp dword ptr [esi+8],0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: svchost.exe

TRAP_FRAME: af453c14 -- (.trap 0xffffffffaf453c14)
ErrCode = 00000000
eax=88a6fd2c ebx=88a6fcf8 ecx=00000002 edx=88a6fe5b esi=00000000 edi=af453cd4
eip=82ec221a esp=af453c88 ebp=af453cb8 iopl=0 nv dn di pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0023 efl=00010406
nt!KiCheckForThreadDispatch+0x153:
82ec221a 837e0800 cmp dword ptr [esi+8],0 ds:0023:00000008=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 82ec221a to 82e7e7eb

STACK_TEXT:
af453c14 82ec221a badb0d00 88a6fe5b c0600178 nt!KiTrap0E+0x2cf
af453cb8 82ec38ba 05db14dc 05db14da 00000000 nt!KiCheckForThreadDispatch+0x153
af453cf0 82e0e033 af453d20 af453d14 05db14dc nt!KeSetSystemGroupAffinityThread+0x115
af453d30 8e7e62ec 000003e8 16453d50 00000000 hal!HalpTscStallExecutionProcessor+0x5f
WARNING: Stack unwind information not available. Following frames may be wrong.
af453d48 8e7e6793 05db14dc 05db14da 77bc9730 RapportKELL+0x52ec
af453d64 8e7e682b 0000003b 00000000 00000023 RapportKELL+0x5793
af453d68 00000000 00000000 00000023 05e30023 RapportKELL+0x582b


STACK_COMMAND: kb

FOLLOWUP_IP:
RapportKELL+52ec
8e7e62ec ?? ???

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: RapportKELL+52ec

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: RapportKELL

IMAGE_NAME: RapportKELL.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4afbb7a7

FAILURE_BUCKET_ID: 0xA_RapportKELL+52ec

BUCKET_ID: 0xA_RapportKELL+52ec

Followup: MachineOwner
---------




mdmxsdk.sys 0x9614a000 0x9614d180 0x00003180 0x449716a3 6/19/2006 4:26:59 PM
PxHelp20.sys 0x8913c000 0x89144b40 0x00008b40 0x44c5634d 7/24/2006 7:18:21 PM
xaudio.sys 0x8a1e8000 0x8a1f0000 0x00008000 0x44d3e8ad 8/4/2006 7:39:09 PM
secdrv.SYS 0x96130000 0x9613a000 0x0000a000 0x45080528 9/13/2006 8:18:32 AM
HSX_CNXT.sys 0x82905000 0x829b9000 0x000b4000 0x454aac7d 11/2/2006 9:42:05 PM
HSXHWAZL.sys 0x9030e000 0x9034b000 0x0003d000 0x454aac88 11/2/2006 9:42:16 PM
HSX_DPV.sys 0x82802000 0x82905000 0x00103000 0x454aacce 11/2/2006 9:43:26 PM
rixdptsk.sys 0x952f0000 0x95341000 0x00051000 0x455a6ed7 11/14/2006 8:35:19 PM
rimsptsk.sys 0x952dc000 0x952f0000 0x00014000 0x455a8cb5 11/14/2006 10:42:45 PM
rimmptsk.sys 0x952ce000 0x952dc000 0x0000e000 0x455accd7 11/15/2006 3:16:23 AM
bcm4sbxp.sys 0x95278000 0x95289000 0x00011000 0x4562f047 11/21/2006 7:25:43 AM
iaStor.sys 0x89004000 0x890c2000 0x000be000 0x45d0d237 2/12/2007 3:46:47 PM
dump_iaStor.sys 0x8950c000 0x895ca000 0x000be000 0x45d0d237 2/12/2007 3:46:47 PM
elaunidr.sys 0x96148000 0x96149500 0x00001500 0x45d89b66 2/18/2007 1:31:02 PM
elagopro.sys 0x8a147000 0x8a14e000 0x00007000 0x45ebdad3 3/5/2007 3:54:43 AM
OEM02Vfx.sys 0x829ee000 0x829efd00 0x00001d00 0x45ebf4af 3/5/2007 5:45:03 AM
SynTP.sys 0x95359000 0x95383d80 0x0002ad80 0x46327b78 4/27/2007 5:38:48 PM
stwrt.sys 0x90271000 0x902c6000 0x00055000 0x46e0b5e1 9/6/2007 9:22:25 PM
nvlddmkm.sys 0x9480a000 0x94f50740 0x00746740 0x4705660c 10/4/2007 5:15:40 PM
OEM02Dev.sys 0x90362000 0x9039b880 0x00039880 0x470d8a71 10/10/2007 9:29:05 PM

Hope this helps and let us know if you need anything

Ken J++

Hi.

This one is simple.

Remove RapportKELL.sys and any software associate with it from the system by uninstalling.

Also for good system health, Google these and get them updated to new 2009 versions:

elaunidr elaunidr.sys Sun Feb 18 13:31:02 2007
SynTP SynTP.sys Fri Apr 27 18:38:48 2007
bcm4sbxp bcm4sbxp.sys Tue Nov 21 07:25:43 2006
rimmptsk rimmptsk.sys Wed Nov 15 03:16:23 2006
rimsptsk rimsptsk.sys Tue Nov 14 22:42:45 2006
rixdptsk rixdptsk.sys Tue Nov 14 20:35:19 2006
nvlddmkm nvlddmkm.sys Thu Oct 04 18:15:40 2007 << for video card, go to NVIDIA's site
OEM02Dev OEM02Dev.sys Wed Oct 10 22:29:05 2007
OEM02Vfx OEM02Vfx.sys Mon Mar 05 05:45:03 2007
HSXHWAZL HSXHWAZL.sys Thu Nov 02 22:42:16 2006
stwrt stwrt.sys Thu Sep 06 22:22:25 2007
xaudio xaudio.sys Fri Aug 04 20:39:09 2006
elagopro elagopro.sys Mon Mar 05 03:54:43 2007
PxHelp20 PxHelp20.sys Mon Jul 24 20:18:21 2006
HSX_CNXT HSX_CNXT.sys Thu Nov 02 22:42:05 2006
HSX_DPV HSX_DPV.sys Thu Nov 02 22:43:26 2006
iaStor iaStor.sys Mon Feb 12 15:46:47 2007