Blue Screen of Death message

Topic

New Reply

When I started Win 7 yesterday I was called away just as I pressed the power button. When I returned I saw a message regarding a BSOD. The Blue Screen View file reads as follows, and if someone can interpret this for me and tell me what I can do about it I would be grateful:

Reply | Quote

Replies

Hi, Roy.

That txt file is of little use, better to zip and upload the minidump itself (C:WindowsMinidump, unhide files and folders to see them).

A much better plan would be to carefully read and follow the instructions here, attaching the resulting zipped folder will give us much more data to work from.

Reply | Quote

What I do is restore a previous registry (provided the BSOD doesn’t repeat immediately) and then see if the BSOD repeats or not. One needs one or more repeats of a BSOD to be sure it’s a problem.

Reply | Quote

satrow, thanks. The minidump file is attached, and if this is not sufficient I will follow the instructions in your link.

Please advise further.

Regards, Roy

Reply | Quote

As soon as you hit the power button start taping F8. It will take you the Andvanced Boot Options screen. Go to Safe mode with networking and hit Enter.
If you get to the desktop screen perform a Disk Cleanup and Go to Control Panel > System Properties > Advanced System Settings > Settings under Performance > Advanced > Change > Check Automatically manage page file for all the drive or you you don’t run any high end games or software you can disable the paging file.
If the system doesn’t boot up then shutdown the system and repeat the first step to go to the Advanced Screen Options screen and go to system repair which would be the first option and hit enter. Select he language and keyboard input and hit Next then select the username and enter the Password. Click Ok and you will be the recovery options wizard. Try to perform a system restore. If the system restore doesn’t work go to the Command Prompt in Recovery Options wizard and login as administrator. Use the following command : wmic computersystem where name=”” set AutomaticManagedPagefile=False.
Restart the computer. If you still get the BSOD try to repair the system using the Windows 7 installation DVD.

Reply | Quote

Roy, this feels like it might be a one-off, maybe some fluke of timing where a Windows standard post boot security check stumbles against a 3rd party scheduled scan/backup.

BugCheck 1000007E, {ffffffffc0000005, fffff8800928e161, fffff8800337e3f8, fffff8800337dc50}

STOP 0x0000007E:SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Usual causes: Insufficient disk space, Device driver, Video card, BIOS, Breakpoint with no debugger attached, Hardware incompatibility, Faulty system service, Memory, 3rd party remote control.

0xC0000005: STATUS_ACCESS_VIOLATION indicates a memory access violation occurred.

BSOD BUGCHECK SUMMARY[/COLOR]

Code:

[font=lucida console]
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Debug session time: Mon Jun 30 11:53:27.512 2014 (UTC + 1:00)
System Uptime: 0 days 0:00:13.355
BugCheck 1000007E, {ffffffffc0000005, fffff8800928e161, fffff8800337e3f8, fffff8800337dc50}
*** WARNING: Unable to verify timestamp for peauth.sys
*** ERROR: Module load completed but symbols could not be loaded for peauth.sys
[B]Probably caused by : peauth.sys[/B] ( peauth+18161 )
BUGCHECK_STR:  0x7E
PROCESS_NAME:  System[/font]

Probably caused by : peauth.sys <- this isn't very likely at all, the debug routine defaults to the last known driver to 'blame', in this case, it's a standard Windows driver that's been left holding the smoking gun, the real culprit having already left the building.

Run SFC /scannow and if it reports errors that it couldn't fix, reboot and run it again – and reboot and run it a third time if that one still reports errors.

If you can carefully follow the Sysnative topic (running the app. as Administrator is imperative for Autoruns to verify files) and upload the resulting zipped folder, I might be able to pinpoint a likely trigger for this; if so, there may be a method to simply delay that scan/backup/whatever, or to find a less intrusive/more controllable equivalent to use.

Reply | Quote

Probably caused by : peauth.sys <- this isn't very likely at all, the debug routine defaults to the last known driver to 'blame', in this case, it's a standard Windows driver that's been left holding the smoking gun, the real culprit having already left the building.[/quote]

I agree with satrow.

If the BSODs are in fact being caused by software, Driver Verifier should be able to help us ID a 3rd party problematic driver.

Please run – http://www.sysnative.com/forums/bsod-crashes-kernel-debugging/29-driver-verifier-blue-screen-of-death-related-windows-8-1-8-7-and-windows-vista.html

Regards. . .

jcgriff2
MS MVP

Reply | Quote

37319-Windows7_Vista_jcgriff2[satrow, thanks again. The 2 files mentioned in the Sysnative topic (Jims BSOD) are attached.

sfc /scannow did not report any errors, and I do not run any scheduled scans or backups.

Regarding the perfmon report saying no antivirus program was detected, I do have avast internet security running, and it is always on, but for some reason Windows doesn’t recognize it.

The BSOD has not recurred.

Please advise further.

Regards,
Roy

Reply | Quote

satrow, regarding my previous post, I tried 3 times to upload perfmon.zip, and did in fact do so, but as you will see when you try to open it it is said to be invalid, and i don’t know why.

Help!

Regards,
Roy

Reply | Quote

Hi, Roy.

I’m currently having some problems, I’ve asked for some help with your BSOD problem, hopefully you’ll get further instructions soon.

Reply | Quote

Would be a good move to test your RAM, but would be a good idea to clean the RAM contacts first (rub gently with a white pencil rubber until the gold contacts look nice and bright/shiny, brush off particles w/ a clean, dry toothbrush (or similar).

http://www.memtest86.com/

I am not saying that RAM errors are causing the BSODs, but this is something that is best done at least every 12months or so in any case.

Reply | Quote

jcgriff2, thanks. I followed the instructions given in your link and Driver Verifier has been running for about 9 hours now. When I enter the command verifier /query I am told no drivers are currently verified, but when I enter the command verifier /querysettings the settings are listed followed by a list of verified drivers. Is this normal?

Please advise.

Thanks and regards, ROY

Reply | Quote

jcgriff2, verifier has been running now for about 28 hours, with no change in the command prompt messages. Any comments?

Reply | Quote

Hi Roy, if verifier /querysettings lists the drivers, I think it should be working correctly, just keep using the PC as normal, maybe harder, throw in a few more reboots than you normally would.

DV will add some stress to Windows and the drivers, trying to force another crash and a verified BSOD dump (these are much more useful for troubleshooting); the harder you can work it, the higher the chances are that it will pick up a faulting driver early on.

There’s little point running it for longer than 48 hours, it will only increase the likelihood of a false positive and add unnecessary drag on the PC. If, after ~48 hours the PC hasn’t crashed, the chances are very high that the BSOD was unrelated to a driver – time to look elsewhere; some crashes are one-offs, others may only occur sporadically, maybe 6+ weeks apart, they can be tricky to pin down.

Reply | Quote

Hi satrow and thanks. If I reboot will DV still be running?

Reply | Quote

Yes, it’ll continue to grind away until you turn it off (verifier /reset and then reboot).

Reply | Quote

It seems like a hardware failure for me.

Use some free or shareware utility for copying your system image (such as Handy Backup), then check the hardware and re-install Windows from scratch, firstly using your backup copy and, if the error occurs again, using the installation media. This sequence may hellp you diagnose the flaw.

Reply | Quote

satrow, thanks again.

Reply | Quote

satrow, I followed your last instruction and rebooted, but when I entered the command verifier /querysettings all the settings I had previously enabled were disabled. I then ran verifier again, following the instructions in the sysnative link, and then when I entered verifier /query a list of drivers was shown. Does this mean DV has finished its task, and if so what else should I try, if anything?

Please advise.

Thanks and regards, Roy

Reply | Quote

So, DV was disabled and then re-enabled + rebooted? If so, just allow it one more session, if no crash, then you can turn it off and reboot to Windows normally.

Reply | Quote

37340-Minidump-070814-15163-01satrow, I just had another BSOD-the minidump zip file is attached and I await your further advice.

Thanks and regards, Roy

Reply | Quote

I thought the problem might have been related to a faulty driver for my usb attached external hard drive, which is divided into 2 partitions, so when I rebooted it was with that drive switched off. Things then seemed to be working normally, and I had to be away from my computer for 3 hours or so today, and when I returned everything still seemed normal. However, when I connected to the internet for the first time today I got an immediate BSOD.

The BSOD read as follows:

“A device driver attempting to corrupt the system has been caught. The faulty driver currently on the kernel stack must be replaced with a working version.

After various STOP codes the BSOD referred to aswSP.sys-Address FFFFF8800422854F-base at FFFFF88004200000. Date stamp 53b44384.”

I searched with the Everything app and deleted aswSP.sys files which were dated 4 July, but ignored others dating back to April and May. The files I deleted related to the Avast internet security self protection module, and to my knowledge no changes were made to the Avast program in July.

I ran sfc /scannow, and no integrity violations were found.

All actions referred to above were taken in Safe Mode with networking, and I am writing this post in that mode.

I could not start Windows Live Mail-is that normal in Safe Mode with networking?

Please advise further.

Thanks and regards, Roy

Reply | Quote

Thanks for the extra info, Roy.

The driver flagged this time was dated the 2nd of July: aswSP.sys Wed Jul 2 18:38:12 2014 (53B44384), your crash history pre-dates this so it’s not the only cause 🙁

Given that both BSODs strongly suggest some security problem, I’m not going to suggest any ‘fix’ until I’ve had someone else look these over – stay tuned.

Reply | Quote

Hi –

As satrow mentioned, the VERIFIER_ENABLED dump flagged Avast driver –

Code:

[FONT font=Lucida Console]aswSP.sys    Wed Jul 02 13:38:12 2014 (53B44384)[/FONT]

http://sysnative.com/drivers/driver.php?id=aswSP.SYS

Please remove Avast with Avast removal tool – http://kb.eset.com/esetkb/index?page=content&id=SOLN146

Install MSE for now – http://windows.microsoft.com/en-us/windows/security-essentials-download

Update your SUPERAntiSpyware program installation –

Code:

[FONT font=Lucida Console]SASDIFSV64.SYS Thu Jul 21 19:03:00 [COLOR="#FF0000"]2011[/COLOR] (4E28B024)
SASKUTIL64.SYS Tue Jul 12 17:00:01 [COLOR="#FF0000"]2011 [/COLOR](4E1CB5D1)[/FONT]

http://sysnative.com/drivers/driver.php?id=SASKUTIL64.SYS
http://sysnative.com/drivers/driver.php?id=SASDIFSV64.SYS

Remove Elby and any other virtual devices for now (you can reinstall after BSODs are solved) –

Code:

[FONT font=Lucida Console]ElbyCDIO.sys Mon Mar 04 04:21:51 2013 (513467AF)[/FONT]

http://sysnative.com/drivers/driver.php?id=ElbyCDIO.sys

Virtual drives are known to cause (or contribute) to BSODs in Vista, Windows 7, 8, 8.1.

Regards. . .

jcgriff2

Code:

[font=Lucida console]
Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:UsersPalmDesertSysnativeBSODApps70814-15163-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*c:symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`03050000 PsLoadedModuleList = 0xfffff800`03293890
Debug session time: Mon Jul  7 18:03:08.611 2014 (UTC - 4:00)
System Uptime: 0 days 1:06:33.470
Loading Kernel Symbols
.Processing initial command '!analyze -v;r;kv;lmtn;lmtsmn;.bugcheck'
..............................................................
................................................................
......................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {0, 0, 1, 0}

*** WARNING: Unable to verify timestamp for aswSP.sys
*** ERROR: Module load completed but symbols could not be loaded for aswSP.sys
Probably caused by : aswSP.sys ( aswSP+3501e )

Followup: MachineOwner
---------

0: kd> !analyze -v;r;kv;lmtn;lmtsmn;.bugcheck
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000000, caller is trying to allocate zero bytes
Arg2: 0000000000000000, current IRQL
Arg3: 0000000000000001, pool type
Arg4: 0000000000000000, number of bytes

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_0

CURRENT_IRQL:  0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  iexplore.exe

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

LAST_CONTROL_TRANSFER:  from fffff800035524ec to fffff800030c5bc0

STACK_TEXT:  
fffff880`0b11a408 fffff800`035524ec : 00000000`000000c4 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KeBugCheckEx
fffff880`0b11a410 fffff800`03552f2b : 0000007f`fffffff8 fffff880`0b11b341 00000000`00000000 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0b11a450 fffff800`03563ba8 : 00000000`6e557641 00000000`00000081 fffff880`0b11a4b8 fffff880`80000000 : nt!ExAllocatePoolSanityChecks+0xcb
fffff880`0b11a490 fffff800`0356401d : 00000000`00000000 00000000`00000000 00000000`6e557641 00000000`00000000 : nt!VeAllocatePoolWithTagPriority+0x88
fffff880`0b11a500 fffff880`0403501e : ffffffff`8000134c 00000000`00000010 00000000`00000000 00000000`00000000 : nt!VerifierExAllocatePoolEx+0x1d
fffff880`0b11a540 ffffffff`8000134c : 00000000`00000010 00000000`00000000 00000000`00000000 fffff880`0b11a5a0 : aswSP+0x3501e
fffff880`0b11a548 00000000`00000010 : 00000000`00000000 00000000`00000000 fffff880`0b11a5a0 fffff880`0b11a5b0 : 0xffffffff`8000134c
fffff880`0b11a550 00000000`00000000 : 00000000`00000000 fffff880`0b11a5a0 fffff880`0b11a5b0 fffffa80`00000010 : 0x10


STACK_COMMAND:  kb

FOLLOWUP_IP: 
aswSP+3501e
fffff880`0403501e ??              ???

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  aswSP+3501e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswSP

IMAGE_NAME:  aswSP.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  53b44384

FAILURE_BUCKET_ID:  X64_0xc4_0_VRF_aswSP+3501e

BUCKET_ID:  X64_0xc4_0_VRF_aswSP+3501e

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0xc4_0_vrf_aswsp+3501e

FAILURE_ID_HASH:  {e8d58a6d-653e-4c59-c32a-fa3f050ba644}

Followup: MachineOwner
---------

rax=0000000000000000 rbx=00000000000000c4 rcx=00000000000000c4
rdx=0000000000000000 rsi=00000000000000c4 rdi=0000000000000000
rip=fffff800030c5bc0 rsp=fffff8800b11a408 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000001 r10=fffff8000359fc58
r11=0000000000000006 r12=0000000000000000 r13=0000000000000020
r14=fffff8800403501e r15=0000000000000002
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
nt!KeBugCheckEx:
fffff800`030c5bc0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff880`0b11a410=00000000000000c4
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`0b11a408 fffff800`035524ec : 00000000`000000c4 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KeBugCheckEx
fffff880`0b11a410 fffff800`03552f2b : 0000007f`fffffff8 fffff880`0b11b341 00000000`00000000 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0b11a450 fffff800`03563ba8 : 00000000`6e557641 00000000`00000081 fffff880`0b11a4b8 fffff880`80000000 : nt!ExAllocatePoolSanityChecks+0xcb
fffff880`0b11a490 fffff800`0356401d : 00000000`00000000 00000000`00000000 00000000`6e557641 00000000`00000000 : nt!VeAllocatePoolWithTagPriority+0x88
fffff880`0b11a500 fffff880`0403501e : ffffffff`8000134c 00000000`00000010 00000000`00000000 00000000`00000000 : nt!VerifierExAllocatePoolEx+0x1d
fffff880`0b11a540 ffffffff`8000134c : 00000000`00000010 00000000`00000000 00000000`00000000 fffff880`0b11a5a0 : aswSP+0x3501e
fffff880`0b11a548 00000000`00000010 : 00000000`00000000 00000000`00000000 fffff880`0b11a5a0 fffff880`0b11a5b0 : 0xffffffff`8000134c
fffff880`0b11a550 00000000`00000000 : 00000000`00000000 fffff880`0b11a5a0 fffff880`0b11a5b0 fffffa80`00000010 : 0x10
start             end                 module name
fffff800`00bc6000 fffff800`00bd0000   kdcom    kdcom.dll    Sat Feb 05 11:52:49 2011 (4D4D8061)
fffff800`03007000 fffff800`03050000   hal      hal.dll      Sat Nov 20 08:00:25 2010 (4CE7C669)
fffff800`03050000 fffff800`03635000   nt       ntkrnlmp.exe Tue Mar 04 03:38:19 2014 (531590FB)
fffff880`00c00000 fffff880`00c39000   aswVmm   aswVmm.sys   Thu Jun 26 07:35:49 2014 (53AC0595)
fffff880`00c4a000 fffff880`00c99000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 08:03:51 2010 (4CE7C737)
fffff880`00c99000 fffff880`00cad000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`00cad000 fffff880`00d0b000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`00d0b000 fffff880`00dcb000   CI       CI.dll       Sat Nov 20 08:12:36 2010 (4CE7C944)
fffff880`00e00000 fffff880`00e57000   ACPI     ACPI.sys     Sat Nov 20 04:19:16 2010 (4CE79294)
fffff880`00e57000 fffff880`00e60000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`00e60000 fffff880`00e6a000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`00e6a000 fffff880`00e9d000   pci      pci.sys      Sat Nov 20 04:19:11 2010 (4CE7928F)
fffff880`00e9d000 fffff880`00eaa000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`00eaa000 fffff880`00ebf000   partmgr  partmgr.sys  Sat Mar 17 01:06:09 2012 (4F641BC1)
fffff880`00ebf000 fffff880`00ed4000   volmgr   volmgr.sys   Sat Nov 20 04:19:28 2010 (4CE792A0)
fffff880`00ed4000 fffff880`00ef6000   tdx      tdx.sys      Sat Nov 20 04:21:54 2010 (4CE79332)
fffff880`00efc000 fffff880`00fbe000   Wdf01000 Wdf01000.sys Fri Jun 21 23:13:05 2013 (51C51641)
fffff880`00fbe000 fffff880`00fce000   WDFLDR   WDFLDR.SYS   Wed Jul 25 22:29:04 2012 (5010AB70)
fffff880`00fce000 fffff880`00ff8000   cdrom    cdrom.sys    Sat Nov 20 04:19:20 2010 (4CE79298)
fffff880`01000000 fffff880`0105e000   msrpc    msrpc.sys    Sat Nov 20 04:21:56 2010 (4CE79334)
fffff880`0105e000 fffff880`0106d000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`01070000 fffff880`010cc000   volmgrx  volmgrx.sys  Sat Nov 20 04:20:43 2010 (4CE792EB)
fffff880`010cc000 fffff880`010d3000   pciide   pciide.sys   Mon Jul 13 19:19:49 2009 (4A5BC115)
fffff880`010d3000 fffff880`010e3000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`010e3000 fffff880`010fd000   mountmgr mountmgr.sys Sat Nov 20 04:19:21 2010 (4CE79299)
fffff880`010fd000 fffff880`01106000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`01106000 fffff880`01130000   ataport  ataport.SYS  Sun Aug 04 21:02:45 2013 (51FEF9B5)
fffff880`01130000 fffff880`0113b000   msahci   msahci.sys   Sat Nov 20 05:33:58 2010 (4CE7A416)
fffff880`0113b000 fffff880`01146000   amdxata  amdxata.sys  Fri Mar 19 12:18:18 2010 (4BA3A3CA)
fffff880`01146000 fffff880`01192000   fltmgr   fltmgr.sys   Sat Nov 20 04:19:24 2010 (4CE7929C)
fffff880`01192000 fffff880`011a6000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
fffff880`011a6000 fffff880`011d6000   CLASSPNP CLASSPNP.SYS Sat Nov 20 04:19:23 2010 (4CE7929B)
fffff880`011d6000 fffff880`011e9000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
fffff880`011e9000 fffff880`011fa000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`01200000 fffff880`0120c000   ElbyCDIO ElbyCDIO.sys Mon Mar 04 04:21:51 2013 (513467AF)
fffff880`0120d000 fffff880`013b6000   Ntfs     Ntfs.sys     Thu Jan 23 20:14:50 2014 (52E1BE8A)
fffff880`013b6000 fffff880`013d1000   ksecdd   ksecdd.sys   Fri Apr 11 21:08:30 2014 (5348920E)
fffff880`013d1000 fffff880`013e4000   aswRvrt  aswRvrt.sys  Thu Jun 26 07:35:39 2014 (53AC058B)
fffff880`013e4000 fffff880`013f0000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`01400000 fffff880`0144c000   volsnap  volsnap.sys  Sat Nov 20 04:20:08 2010 (4CE792C8)
fffff880`0144c000 fffff880`0145e000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`0145e000 fffff880`01498000   fvevol   fvevol.sys   Wed Jan 23 22:11:24 2013 (5100A65C)
fffff880`01499000 fffff880`0150b000   cng      cng.sys      Wed Aug 01 11:48:07 2012 (50194FB7)
fffff880`0150b000 fffff880`0151c000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`0151c000 fffff880`01526000   Fs_Rec   Fs_Rec.sys   Wed Feb 29 22:41:06 2012 (4F4EEFD2)
fffff880`01526000 fffff880`0156f000   fwpkclnt fwpkclnt.sys Fri Apr 04 21:23:21 2014 (533F5B09)
fffff880`0156f000 fffff880`015df000   aswNdisFlt aswNdisFlt.sys Thu Jun 26 07:36:26 2014 (53AC05BA)
fffff880`015df000 fffff880`015f5000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`01600000 fffff880`01660000   NETIO    NETIO.SYS    Tue Nov 26 05:21:01 2013 (5294760D)
fffff880`01660000 fffff880`0168c000   ksecpkg  ksecpkg.sys  Fri Apr 11 21:24:10 2014 (534895BA)
fffff880`0168c000 fffff880`0169c000   vmstorfl vmstorfl.sys Sat Nov 20 04:57:30 2010 (4CE79B8A)
fffff880`0169c000 fffff880`016a4000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`016a4000 fffff880`016ba000   NBVol    NBVol.sys    Mon Nov 21 20:22:00 2011 (4ECAF938)
fffff880`016ba000 fffff880`016c3000   NBVolUp  NBVolUp.sys  Mon Nov 21 20:25:20 2011 (4ECAFA00)
fffff880`016c3000 fffff880`016cc000   hwpolicy hwpolicy.sys Sat Nov 20 04:18:54 2010 (4CE7927E)
fffff880`016d3000 fffff880`017c5000   ndis     ndis.sys     Wed Aug 22 11:11:46 2012 (5034F6B2)
fffff880`017c5000 fffff880`017ff000   rdyboost rdyboost.sys Sat Nov 20 04:43:10 2010 (4CE7982E)
fffff880`01801000 fffff880`01a00000   tcpip    tcpip.sys    Fri Apr 04 21:26:44 2014 (533F5BD4)
fffff880`02400000 fffff880`02422000   aswMonFlt aswMonFlt.sys Thu Jun 26 07:32:51 2014 (53AC04E3)
fffff880`02422000 fffff880`0243b000   aswStm   aswStm.sys   Thu Jun 26 07:47:09 2014 (53AC083D)
fffff880`0243b000 fffff880`02450000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`02450000 fffff880`02468000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`02495000 fffff880`02936d00   lvuvc64  lvuvc64.sys  Wed Jan 18 01:41:08 2012 (4F166984)
fffff880`02937000 fffff880`02951d00   usbaudio usbaudio.sys Fri Jul 12 06:40:58 2013 (51DFDD3A)
fffff880`02952000 fffff880`029a5a80   lvrs64   lvrs64.sys   Wed Jan 18 01:40:36 2012 (4F166964)
fffff880`029a6000 fffff880`029b4000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
fffff880`029b4000 fffff880`029c5000   usbscan  usbscan.sys  Wed Jul 03 00:40:12 2013 (51D3AB2C)
fffff880`029c5000 fffff880`029d1000   usbprint usbprint.sys Mon Jul 13 20:38:18 2009 (4A5BD37A)
fffff880`029d1000 fffff880`029f4000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`04000000 fffff880`0406e000   aswSP    aswSP.sys    Wed Jul 02 13:38:12 2014 (53B44384)
fffff880`0406e000 fffff880`04077000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`04077000 fffff880`0407e000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
fffff880`0407e000 fffff880`04088000   aswKbd   aswKbd.sys   Thu Jun 26 07:34:01 2014 (53AC0529)
fffff880`04088000 fffff880`04096000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`04096000 fffff880`04198000   aswSnx   aswSnx.sys   Thu Jun 26 07:34:44 2014 (53AC0554)
fffff880`04198000 fffff880`041bd000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`041bd000 fffff880`041cd000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`041cd000 fffff880`041d6000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`041d6000 fffff880`041df000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`041df000 fffff880`041e8000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`041e8000 fffff880`041f3000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`041f3000 fffff880`04200000   TDI      TDI.SYS      Sat Nov 20 04:22:06 2010 (4CE7933E)
fffff880`04200000 fffff880`04224000   rasl2tp  rasl2tp.sys  Sat Nov 20 05:52:34 2010 (4CE7A872)
fffff880`04224000 fffff880`04230000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`04230000 fffff880`0425f000   ndiswan  ndiswan.sys  Sat Nov 20 05:52:32 2010 (4CE7A870)
fffff880`0425f000 fffff880`0427a000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`0427a000 fffff880`0429b000   raspptp  raspptp.sys  Sat Nov 20 05:52:31 2010 (4CE7A86F)
fffff880`0429b000 fffff880`042b5000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`042b5000 fffff880`042c0000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
fffff880`042c0000 fffff880`042cf000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`042cf000 fffff880`04339000   asmtxhci asmtxhci.sys Fri Aug 16 15:28:42 2013 (520E7D6A)
fffff880`04339000 fffff880`04377000   1394ohci 1394ohci.sys Sat Nov 20 05:44:56 2010 (4CE7A6A8)
fffff880`04377000 fffff880`04383000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`04383000 fffff880`043aa000   AnyDVD   AnyDVD.sys   Thu Apr 24 17:13:59 2014 (53597E97)
fffff880`043aa000 fffff880`043b3000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:31:02 2009 (4A5BC3B6)
fffff880`043b3000 fffff880`043c9000   intelppm intelppm.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`043c9000 fffff880`043d9000   CompositeBus CompositeBus.sys Sat Nov 20 05:33:17 2010 (4CE7A3ED)
fffff880`043d9000 fffff880`043ef000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`043ef000 fffff880`043fe000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`043fe000 fffff880`043ff480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`04400000 fffff880`04426000   pacer    pacer.sys    Sat Nov 20 05:52:18 2010 (4CE7A862)
fffff880`04426000 fffff880`04435000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`04435000 fffff880`04452000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`04452000 fffff880`0446d000   wanarp   wanarp.sys   Sat Nov 20 05:52:36 2010 (4CE7A874)
fffff880`0446d000 fffff880`04481000   termdd   termdd.sys   Sat Nov 20 06:03:40 2010 (4CE7AB0C)
fffff880`04481000 fffff880`0448b000   SASKUTIL64 SASKUTIL64.SYS Tue Jul 12 17:00:01 2011 (4E1CB5D1)
fffff880`0448b000 fffff880`04495000   SASDIFSV64 SASDIFSV64.SYS Thu Jul 21 19:03:00 2011 (4E28B024)
fffff880`04495000 fffff880`044e6000   rdbss    rdbss.sys    Sat Nov 20 04:27:51 2010 (4CE79497)
fffff880`044e6000 fffff880`044f2000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff880`044f9000 fffff880`04582000   afd      afd.sys      Fri Sep 27 21:09:07 2013 (52462C33)
fffff880`04582000 fffff880`0459c000   aswRdr2  aswRdr2.sys  Thu Jun 26 07:33:28 2014 (53AC0508)
fffff880`0459c000 fffff880`045e1000   netbt    netbt.sys    Sat Nov 20 04:23:18 2010 (4CE79386)
fffff880`045e1000 fffff880`045ea000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`045ea000 fffff880`045f5000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`045f5000 fffff880`04600000   dump_msahci dump_msahci.sys Sat Nov 20 05:33:58 2010 (4CE7A416)
fffff880`04803000 fffff880`04886000   csc      csc.sys      Sat Nov 20 04:27:12 2010 (4CE79470)
fffff880`04886000 fffff880`048a4000   dfsc     dfsc.sys     Sat Nov 20 04:26:31 2010 (4CE79447)
fffff880`048a4000 fffff880`048b5000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`048b5000 fffff880`048db000   tunnel   tunnel.sys   Sat Nov 20 05:51:50 2010 (4CE7A846)
fffff880`048db000 fffff880`04957000   e1c62x64 e1c62x64.sys Wed Aug 21 05:27:22 2013 (521487FA)
fffff880`04957000 fffff880`049ad000   USBPORT  USBPORT.SYS  Tue Nov 26 20:41:11 2013 (52954DB7)
fffff880`049ad000 fffff880`049f0000   ks       ks.sys       Sat Nov 20 05:33:23 2010 (4CE7A3F3)
fffff880`049f0000 fffff880`049fe000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`05000000 fffff880`0500c000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`0500c000 fffff880`05019000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff880`05021000 fffff880`0507b000   usbhub   usbhub.sys   Tue Nov 26 20:41:36 2013 (52954DD0)
fffff880`0507b000 fffff880`05090000   NDProxy  NDProxy.SYS  Sat Nov 20 05:52:20 2010 (4CE7A864)
fffff880`05090000 fffff880`050ec000   HdAudio  HdAudio.sys  Sat Nov 20 05:44:23 2010 (4CE7A687)
fffff880`050ec000 fffff880`05129000   portcls  portcls.sys  Thu Oct 03 21:36:02 2013 (524E1B82)
fffff880`05129000 fffff880`0514b000   drmk     drmk.sys     Thu Oct 03 22:16:30 2013 (524E24FE)
fffff880`0514b000 fffff880`05150200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
fffff880`05151000 fffff880`0516e000   usbccgp  usbccgp.sys  Tue Nov 26 20:41:15 2013 (52954DBB)
fffff880`0516e000 fffff880`0517c000   hidusb   hidusb.sys   Sat Nov 20 05:43:49 2010 (4CE7A665)
fffff880`0517c000 fffff880`05195000   HIDCLASS HIDCLASS.SYS Wed Jul 03 00:05:05 2013 (51D3A2F1)
fffff880`05195000 fffff880`051a3000   kbdhid   kbdhid.sys   Sat Nov 20 05:33:25 2010 (4CE7A3F5)
fffff880`051a3000 fffff880`051dc000   keyscrambler keyscrambler.sys Fri May 31 10:52:52 2013 (51A8B944)
fffff880`051dc000 fffff880`051f7000   USBSTOR  USBSTOR.SYS  Thu Mar 10 23:37:16 2011 (4D79A6FC)
fffff880`05600000 fffff880`05608080   HIDPARSE HIDPARSE.SYS Wed Jul 03 00:05:04 2013 (51D3A2F0)
fffff880`0560d000 fffff880`059d2900   RTKVHD64 RTKVHD64.sys Wed May 14 06:28:52 2014 (53734564)
fffff880`059d3000 fffff880`059f8000   asmthub3 asmthub3.sys Fri Aug 16 15:28:54 2013 (520E7D76)
fffff880`059f8000 fffff880`059f9e80   USBD     USBD.SYS     Tue Nov 26 20:41:03 2013 (52954DAF)
fffff880`06600000 fffff880`06624000   mrxsmb20 mrxsmb20.sys Tue Apr 26 22:39:37 2011 (4DB781E9)
fffff880`06624000 fffff880`0662e000   aswHwid  aswHwid.sys  Thu Jun 26 07:31:26 2014 (53AC048E)
fffff880`06683000 fffff880`0674c000   HTTP     HTTP.sys     Sat Nov 20 04:24:30 2010 (4CE793CE)
fffff880`0674c000 fffff880`0676a000   bowser   bowser.sys   Tue Feb 22 23:55:04 2011 (4D649328)
fffff880`0676a000 fffff880`06782000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`06782000 fffff880`067af000   mrxsmb   mrxsmb.sys   Tue Apr 26 22:40:38 2011 (4DB78226)
fffff880`067af000 fffff880`067fd000   mrxsmb10 mrxsmb10.sys Fri Jul 08 22:46:28 2011 (4E17C104)
fffff880`09600000 fffff880`09669000   srv2     srv2.sys     Thu Apr 28 23:05:46 2011 (4DBA2B0A)
fffff880`096b5000 fffff880`0975b000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`0975b000 fffff880`09766000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`09766000 fffff880`09797000   srvnet   srvnet.sys   Thu Apr 28 23:05:35 2011 (4DBA2AFF)
fffff880`09797000 fffff880`097a9000   tcpipreg tcpipreg.sys Wed Oct 03 12:07:26 2012 (506C62BE)
fffff880`09c81000 fffff880`09d19000   srv      srv.sys      Thu Apr 28 23:06:06 2011 (4DBA2B1E)
fffff880`0afea000 fffff880`0aff3000   psi_mf   psi_mf.sys   Wed Sep 01 03:53:14 2010 (4C7E066A)
fffff880`0aff3000 fffff880`0affe000   asyncmac asyncmac.sys Mon Jul 13 20:10:13 2009 (4A5BCCE5)
fffff880`0f000000 fffff880`0f046000   dxgmms1  dxgmms1.sys  Tue Apr 09 23:27:15 2013 (5164DC13)
fffff880`0f046000 fffff880`0f06a000   HDAudBus HDAudBus.sys Sat Nov 20 05:43:42 2010 (4CE7A65E)
fffff880`0f071000 fffff880`0fcd5000   nvlddmkm nvlddmkm.sys Mon May 19 19:08:44 2014 (537A8EFC)
fffff880`0fcd5000 fffff880`0fdc9000   dxgkrnl  dxgkrnl.sys  Thu Aug 01 03:58:53 2013 (51FA153D)
fffff880`0fdc9000 fffff880`0fdda000   HECIx64  HECIx64.sys  Tue Oct 19 19:33:43 2010 (4CBE2AD7)
fffff880`0fdda000 fffff880`0fdec000   usbehci  usbehci.sys  Tue Nov 26 20:41:11 2013 (52954DB7)
fffff880`0fdec000 fffff880`0fdfe000   umbus    umbus.sys    Sat Nov 20 05:44:37 2010 (4CE7A695)
fffff960`00070000 fffff960`00387000   win32k   win32k.sys   Thu Feb 06 20:23:07 2014 (52F4357B)
fffff960`004d0000 fffff960`004da000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff960`007a0000 fffff960`007c7000   cdd      cdd.dll      Thu Feb 03 06:25:25 2011 (4D4A90A5)

Unloaded modules:
fffff880`09d19000 fffff880`09d8a000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00071000
fffff880`0aa16000 fffff880`0afea000   iqvw64e.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  005D4000
fffff880`013e4000 fffff880`013f2000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`013f2000 fffff880`013fe000   dump_pciidex
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff880`015f5000 fffff880`01600000   dump_msahci.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
fffff880`011d6000 fffff880`011e9000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
start             end                 module name
fffff880`04339000 fffff880`04377000   1394ohci 1394ohci.sys Sat Nov 20 05:44:56 2010 (4CE7A6A8)
fffff880`00e00000 fffff880`00e57000   ACPI     ACPI.sys     Sat Nov 20 04:19:16 2010 (4CE79294)
fffff880`044f9000 fffff880`04582000   afd      afd.sys      Fri Sep 27 21:09:07 2013 (52462C33)
fffff880`043d9000 fffff880`043ef000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`0113b000 fffff880`01146000   amdxata  amdxata.sys  Fri Mar 19 12:18:18 2010 (4BA3A3CA)
fffff880`04383000 fffff880`043aa000   AnyDVD   AnyDVD.sys   Thu Apr 24 17:13:59 2014 (53597E97)
fffff880`059d3000 fffff880`059f8000   asmthub3 asmthub3.sys Fri Aug 16 15:28:54 2013 (520E7D76)
fffff880`042cf000 fffff880`04339000   asmtxhci asmtxhci.sys Fri Aug 16 15:28:42 2013 (520E7D6A)
fffff880`06624000 fffff880`0662e000   aswHwid  aswHwid.sys  Thu Jun 26 07:31:26 2014 (53AC048E)
fffff880`0407e000 fffff880`04088000   aswKbd   aswKbd.sys   Thu Jun 26 07:34:01 2014 (53AC0529)
fffff880`02400000 fffff880`02422000   aswMonFlt aswMonFlt.sys Thu Jun 26 07:32:51 2014 (53AC04E3)
fffff880`0156f000 fffff880`015df000   aswNdisFlt aswNdisFlt.sys Thu Jun 26 07:36:26 2014 (53AC05BA)
fffff880`04582000 fffff880`0459c000   aswRdr2  aswRdr2.sys  Thu Jun 26 07:33:28 2014 (53AC0508)
fffff880`013d1000 fffff880`013e4000   aswRvrt  aswRvrt.sys  Thu Jun 26 07:35:39 2014 (53AC058B)
fffff880`04096000 fffff880`04198000   aswSnx   aswSnx.sys   Thu Jun 26 07:34:44 2014 (53AC0554)
fffff880`04000000 fffff880`0406e000   aswSP    aswSP.sys    Wed Jul 02 13:38:12 2014 (53B44384)
fffff880`02422000 fffff880`0243b000   aswStm   aswStm.sys   Thu Jun 26 07:47:09 2014 (53AC083D)
fffff880`00c00000 fffff880`00c39000   aswVmm   aswVmm.sys   Thu Jun 26 07:35:49 2014 (53AC0595)
fffff880`0aff3000 fffff880`0affe000   asyncmac asyncmac.sys Mon Jul 13 20:10:13 2009 (4A5BCCE5)
fffff880`010fd000 fffff880`01106000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`01106000 fffff880`01130000   ataport  ataport.SYS  Sun Aug 04 21:02:45 2013 (51FEF9B5)
fffff880`04077000 fffff880`0407e000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
fffff880`048a4000 fffff880`048b5000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`0674c000 fffff880`0676a000   bowser   bowser.sys   Tue Feb 22 23:55:04 2011 (4D649328)
fffff960`007a0000 fffff960`007c7000   cdd      cdd.dll      Thu Feb 03 06:25:25 2011 (4D4A90A5)
fffff880`00fce000 fffff880`00ff8000   cdrom    cdrom.sys    Sat Nov 20 04:19:20 2010 (4CE79298)
fffff880`00d0b000 fffff880`00dcb000   CI       CI.dll       Sat Nov 20 08:12:36 2010 (4CE7C944)
fffff880`011a6000 fffff880`011d6000   CLASSPNP CLASSPNP.SYS Sat Nov 20 04:19:23 2010 (4CE7929B)
fffff880`00cad000 fffff880`00d0b000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`01499000 fffff880`0150b000   cng      cng.sys      Wed Aug 01 11:48:07 2012 (50194FB7)
fffff880`043c9000 fffff880`043d9000   CompositeBus CompositeBus.sys Sat Nov 20 05:33:17 2010 (4CE7A3ED)
fffff880`049f0000 fffff880`049fe000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`04803000 fffff880`04886000   csc      csc.sys      Sat Nov 20 04:27:12 2010 (4CE79470)
fffff880`04886000 fffff880`048a4000   dfsc     dfsc.sys     Sat Nov 20 04:26:31 2010 (4CE79447)
fffff880`0105e000 fffff880`0106d000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`015df000 fffff880`015f5000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`05129000 fffff880`0514b000   drmk     drmk.sys     Thu Oct 03 22:16:30 2013 (524E24FE)
fffff880`013e4000 fffff880`013f0000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`011d6000 fffff880`011e9000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
fffff880`045f5000 fffff880`04600000   dump_msahci dump_msahci.sys Sat Nov 20 05:33:58 2010 (4CE7A416)
fffff880`05000000 fffff880`0500c000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`0fcd5000 fffff880`0fdc9000   dxgkrnl  dxgkrnl.sys  Thu Aug 01 03:58:53 2013 (51FA153D)
fffff880`0f000000 fffff880`0f046000   dxgmms1  dxgmms1.sys  Tue Apr 09 23:27:15 2013 (5164DC13)
fffff880`048db000 fffff880`04957000   e1c62x64 e1c62x64.sys Wed Aug 21 05:27:22 2013 (521487FA)
fffff880`01200000 fffff880`0120c000   ElbyCDIO ElbyCDIO.sys Mon Mar 04 04:21:51 2013 (513467AF)
fffff880`01192000 fffff880`011a6000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
fffff880`01146000 fffff880`01192000   fltmgr   fltmgr.sys   Sat Nov 20 04:19:24 2010 (4CE7929C)
fffff880`0151c000 fffff880`01526000   Fs_Rec   Fs_Rec.sys   Wed Feb 29 22:41:06 2012 (4F4EEFD2)
fffff880`0145e000 fffff880`01498000   fvevol   fvevol.sys   Wed Jan 23 22:11:24 2013 (5100A65C)
fffff880`01526000 fffff880`0156f000   fwpkclnt fwpkclnt.sys Fri Apr 04 21:23:21 2014 (533F5B09)
fffff800`03007000 fffff800`03050000   hal      hal.dll      Sat Nov 20 08:00:25 2010 (4CE7C669)
fffff880`0f046000 fffff880`0f06a000   HDAudBus HDAudBus.sys Sat Nov 20 05:43:42 2010 (4CE7A65E)
fffff880`05090000 fffff880`050ec000   HdAudio  HdAudio.sys  Sat Nov 20 05:44:23 2010 (4CE7A687)
fffff880`0fdc9000 fffff880`0fdda000   HECIx64  HECIx64.sys  Tue Oct 19 19:33:43 2010 (4CBE2AD7)
fffff880`0517c000 fffff880`05195000   HIDCLASS HIDCLASS.SYS Wed Jul 03 00:05:05 2013 (51D3A2F1)
fffff880`05600000 fffff880`05608080   HIDPARSE HIDPARSE.SYS Wed Jul 03 00:05:04 2013 (51D3A2F0)
fffff880`0516e000 fffff880`0517c000   hidusb   hidusb.sys   Sat Nov 20 05:43:49 2010 (4CE7A665)
fffff880`06683000 fffff880`0674c000   HTTP     HTTP.sys     Sat Nov 20 04:24:30 2010 (4CE793CE)
fffff880`016c3000 fffff880`016cc000   hwpolicy hwpolicy.sys Sat Nov 20 04:18:54 2010 (4CE7927E)
fffff880`043b3000 fffff880`043c9000   intelppm intelppm.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`042c0000 fffff880`042cf000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`05195000 fffff880`051a3000   kbdhid   kbdhid.sys   Sat Nov 20 05:33:25 2010 (4CE7A3F5)
fffff800`00bc6000 fffff800`00bd0000   kdcom    kdcom.dll    Sat Feb 05 11:52:49 2011 (4D4D8061)
fffff880`051a3000 fffff880`051dc000   keyscrambler keyscrambler.sys Fri May 31 10:52:52 2013 (51A8B944)
fffff880`049ad000 fffff880`049f0000   ks       ks.sys       Sat Nov 20 05:33:23 2010 (4CE7A3F3)
fffff880`013b6000 fffff880`013d1000   ksecdd   ksecdd.sys   Fri Apr 11 21:08:30 2014 (5348920E)
fffff880`01660000 fffff880`0168c000   ksecpkg  ksecpkg.sys  Fri Apr 11 21:24:10 2014 (534895BA)
fffff880`0514b000 fffff880`05150200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
fffff880`0243b000 fffff880`02450000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`029d1000 fffff880`029f4000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`02952000 fffff880`029a5a80   lvrs64   lvrs64.sys   Wed Jan 18 01:40:36 2012 (4F166964)
fffff880`02495000 fffff880`02936d00   lvuvc64  lvuvc64.sys  Wed Jan 18 01:41:08 2012 (4F166984)
fffff880`00c4a000 fffff880`00c99000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 08:03:51 2010 (4CE7C737)
fffff880`029a6000 fffff880`029b4000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
fffff880`043ef000 fffff880`043fe000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`0500c000 fffff880`05019000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff880`010e3000 fffff880`010fd000   mountmgr mountmgr.sys Sat Nov 20 04:19:21 2010 (4CE79299)
fffff880`0676a000 fffff880`06782000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`06782000 fffff880`067af000   mrxsmb   mrxsmb.sys   Tue Apr 26 22:40:38 2011 (4DB78226)
fffff880`067af000 fffff880`067fd000   mrxsmb10 mrxsmb10.sys Fri Jul 08 22:46:28 2011 (4E17C104)
fffff880`06600000 fffff880`06624000   mrxsmb20 mrxsmb20.sys Tue Apr 26 22:39:37 2011 (4DB781E9)
fffff880`01130000 fffff880`0113b000   msahci   msahci.sys   Sat Nov 20 05:33:58 2010 (4CE7A416)
fffff880`041e8000 fffff880`041f3000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`00e60000 fffff880`00e6a000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`01000000 fffff880`0105e000   msrpc    msrpc.sys    Sat Nov 20 04:21:56 2010 (4CE79334)
fffff880`045ea000 fffff880`045f5000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`0144c000 fffff880`0145e000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`016a4000 fffff880`016ba000   NBVol    NBVol.sys    Mon Nov 21 20:22:00 2011 (4ECAF938)
fffff880`016ba000 fffff880`016c3000   NBVolUp  NBVolUp.sys  Mon Nov 21 20:25:20 2011 (4ECAFA00)
fffff880`016d3000 fffff880`017c5000   ndis     ndis.sys     Wed Aug 22 11:11:46 2012 (5034F6B2)
fffff880`04224000 fffff880`04230000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`04230000 fffff880`0425f000   ndiswan  ndiswan.sys  Sat Nov 20 05:52:32 2010 (4CE7A870)
fffff880`0507b000 fffff880`05090000   NDProxy  NDProxy.SYS  Sat Nov 20 05:52:20 2010 (4CE7A864)
fffff880`04426000 fffff880`04435000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`0459c000 fffff880`045e1000   netbt    netbt.sys    Sat Nov 20 04:23:18 2010 (4CE79386)
fffff880`01600000 fffff880`01660000   NETIO    NETIO.SYS    Tue Nov 26 05:21:01 2013 (5294760D)
fffff880`011e9000 fffff880`011fa000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`044e6000 fffff880`044f2000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff800`03050000 fffff800`03635000   nt       ntkrnlmp.exe Tue Mar 04 03:38:19 2014 (531590FB)
fffff880`0120d000 fffff880`013b6000   Ntfs     Ntfs.sys     Thu Jan 23 20:14:50 2014 (52E1BE8A)
fffff880`0406e000 fffff880`04077000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`0f071000 fffff880`0fcd5000   nvlddmkm nvlddmkm.sys Mon May 19 19:08:44 2014 (537A8EFC)
fffff880`04400000 fffff880`04426000   pacer    pacer.sys    Sat Nov 20 05:52:18 2010 (4CE7A862)
fffff880`00eaa000 fffff880`00ebf000   partmgr  partmgr.sys  Sat Mar 17 01:06:09 2012 (4F641BC1)
fffff880`00e6a000 fffff880`00e9d000   pci      pci.sys      Sat Nov 20 04:19:11 2010 (4CE7928F)
fffff880`010cc000 fffff880`010d3000   pciide   pciide.sys   Mon Jul 13 19:19:49 2009 (4A5BC115)
fffff880`010d3000 fffff880`010e3000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`0150b000 fffff880`0151c000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`096b5000 fffff880`0975b000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`050ec000 fffff880`05129000   portcls  portcls.sys  Thu Oct 03 21:36:02 2013 (524E1B82)
fffff880`00c99000 fffff880`00cad000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`0afea000 fffff880`0aff3000   psi_mf   psi_mf.sys   Wed Sep 01 03:53:14 2010 (4C7E066A)
fffff880`04200000 fffff880`04224000   rasl2tp  rasl2tp.sys  Sat Nov 20 05:52:34 2010 (4CE7A872)
fffff880`0425f000 fffff880`0427a000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`0427a000 fffff880`0429b000   raspptp  raspptp.sys  Sat Nov 20 05:52:31 2010 (4CE7A86F)
fffff880`0429b000 fffff880`042b5000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`04495000 fffff880`044e6000   rdbss    rdbss.sys    Sat Nov 20 04:27:51 2010 (4CE79497)
fffff880`042b5000 fffff880`042c0000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
fffff880`041cd000 fffff880`041d6000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`041d6000 fffff880`041df000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`041df000 fffff880`041e8000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`017c5000 fffff880`017ff000   rdyboost rdyboost.sys Sat Nov 20 04:43:10 2010 (4CE7982E)
fffff880`02450000 fffff880`02468000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`0560d000 fffff880`059d2900   RTKVHD64 RTKVHD64.sys Wed May 14 06:28:52 2014 (53734564)
fffff880`0448b000 fffff880`04495000   SASDIFSV64 SASDIFSV64.SYS Thu Jul 21 19:03:00 2011 (4E28B024)
fffff880`04481000 fffff880`0448b000   SASKUTIL64 SASKUTIL64.SYS Tue Jul 12 17:00:01 2011 (4E1CB5D1)
fffff880`0975b000 fffff880`09766000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`04377000 fffff880`04383000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`04435000 fffff880`04452000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`0169c000 fffff880`016a4000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`09c81000 fffff880`09d19000   srv      srv.sys      Thu Apr 28 23:06:06 2011 (4DBA2B1E)
fffff880`09600000 fffff880`09669000   srv2     srv2.sys     Thu Apr 28 23:05:46 2011 (4DBA2B0A)
fffff880`09766000 fffff880`09797000   srvnet   srvnet.sys   Thu Apr 28 23:05:35 2011 (4DBA2AFF)
fffff880`043fe000 fffff880`043ff480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`01801000 fffff880`01a00000   tcpip    tcpip.sys    Fri Apr 04 21:26:44 2014 (533F5BD4)
fffff880`09797000 fffff880`097a9000   tcpipreg tcpipreg.sys Wed Oct 03 12:07:26 2012 (506C62BE)
fffff880`041f3000 fffff880`04200000   TDI      TDI.SYS      Sat Nov 20 04:22:06 2010 (4CE7933E)
fffff880`00ed4000 fffff880`00ef6000   tdx      tdx.sys      Sat Nov 20 04:21:54 2010 (4CE79332)
fffff880`0446d000 fffff880`04481000   termdd   termdd.sys   Sat Nov 20 06:03:40 2010 (4CE7AB0C)
fffff960`004d0000 fffff960`004da000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff880`048b5000 fffff880`048db000   tunnel   tunnel.sys   Sat Nov 20 05:51:50 2010 (4CE7A846)
fffff880`0fdec000 fffff880`0fdfe000   umbus    umbus.sys    Sat Nov 20 05:44:37 2010 (4CE7A695)
fffff880`02937000 fffff880`02951d00   usbaudio usbaudio.sys Fri Jul 12 06:40:58 2013 (51DFDD3A)
fffff880`05151000 fffff880`0516e000   usbccgp  usbccgp.sys  Tue Nov 26 20:41:15 2013 (52954DBB)
fffff880`059f8000 fffff880`059f9e80   USBD     USBD.SYS     Tue Nov 26 20:41:03 2013 (52954DAF)
fffff880`0fdda000 fffff880`0fdec000   usbehci  usbehci.sys  Tue Nov 26 20:41:11 2013 (52954DB7)
fffff880`05021000 fffff880`0507b000   usbhub   usbhub.sys   Tue Nov 26 20:41:36 2013 (52954DD0)
fffff880`04957000 fffff880`049ad000   USBPORT  USBPORT.SYS  Tue Nov 26 20:41:11 2013 (52954DB7)
fffff880`029c5000 fffff880`029d1000   usbprint usbprint.sys Mon Jul 13 20:38:18 2009 (4A5BD37A)
fffff880`029b4000 fffff880`029c5000   usbscan  usbscan.sys  Wed Jul 03 00:40:12 2013 (51D3AB2C)
fffff880`051dc000 fffff880`051f7000   USBSTOR  USBSTOR.SYS  Thu Mar 10 23:37:16 2011 (4D79A6FC)
fffff880`00e9d000 fffff880`00eaa000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`04088000 fffff880`04096000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`04198000 fffff880`041bd000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`0168c000 fffff880`0169c000   vmstorfl vmstorfl.sys Sat Nov 20 04:57:30 2010 (4CE79B8A)
fffff880`00ebf000 fffff880`00ed4000   volmgr   volmgr.sys   Sat Nov 20 04:19:28 2010 (4CE792A0)
fffff880`01070000 fffff880`010cc000   volmgrx  volmgrx.sys  Sat Nov 20 04:20:43 2010 (4CE792EB)
fffff880`01400000 fffff880`0144c000   volsnap  volsnap.sys  Sat Nov 20 04:20:08 2010 (4CE792C8)
fffff880`04452000 fffff880`0446d000   wanarp   wanarp.sys   Sat Nov 20 05:52:36 2010 (4CE7A874)
fffff880`041bd000 fffff880`041cd000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`00efc000 fffff880`00fbe000   Wdf01000 Wdf01000.sys Fri Jun 21 23:13:05 2013 (51C51641)
fffff880`00fbe000 fffff880`00fce000   WDFLDR   WDFLDR.SYS   Wed Jul 25 22:29:04 2012 (5010AB70)
fffff880`045e1000 fffff880`045ea000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff960`00070000 fffff960`00387000   win32k   win32k.sys   Thu Feb 06 20:23:07 2014 (52F4357B)
fffff880`043aa000 fffff880`043b3000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:31:02 2009 (4A5BC3B6)
fffff880`00e57000 fffff880`00e60000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)

Unloaded modules:
fffff880`09d19000 fffff880`09d8a000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00071000
fffff880`0aa16000 fffff880`0afea000   iqvw64e.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  005D4000
fffff880`013e4000 fffff880`013f2000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`013f2000 fffff880`013fe000   dump_pciidex
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff880`015f5000 fffff880`01600000   dump_msahci.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
fffff880`011d6000 fffff880`011e9000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
Bugcheck code 000000C4
Arguments 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000[/font]

Reply | Quote

satrow and jcgriff22, thanks, sincerely, for all your help.

After my last post I deleted 2 files relating to aswSP.sys, and then checked the status of avast internet security, and it reported “Everything is good”. I then ran a scan with avast, followed by a boot time scan with that program, as a result of which I sent a couple of files to the avast virus chest.

With regard to SUPER AntiSpyware, the only updates offered by the program were language updates, and I declined those, having already deleted all language files for that program apart from the English one.

I ran scans with Malwarebytes and SUPER AntiSpyware, and the only items found were advertising cookies.

Apart from the above, there have been no BSODs for about 24 hours now, and I have rebooted a few times, including after the latest Microsoft updates.

In view of the above do you agree that I need take no further action?

Please advise.

Thanks and regards, Roy

Reply | Quote

We need full details of the quarantined files, Roy, they may only be the tip of the iceberg as well written malware can be exceptionally difficult to detect.

We can only advise you based on data collected, signs and symptoms described, together with our own accumulated data and experiences.

The suggestion of removing/updating multiple software/drivers is because each of them has previously been implicated in BSODs; once they’re removed/updated, we then have a clean baseline from which to proceed.

Installing MSE will also trigger a scan which might produce further malware signs/files.

Once the troubleshooting period is over, usually ~10 days or so free of BSODs, you can then undo any software changes and revert to your previous security setup, should you so wish.

Whatever you decide, it’s about time that Driver Verifier was turned off 🙂

Reply | Quote

satrow, thanks.

I will remove avast with their removal tool, in safe mode, and install MSE for now, and will scan with MSE. With regard to Elby, the only files I can find (the same files are on my Win 7 and Win 8 partitions) are ElbyCDIO.dll and ElbyCDIO.sys. I will remove them from Win 7, as it’s on that partition that the BSODs have occurred, but I am not sure whether that will have any effect on my Nero installation.

Regarding the avast quarantined files, the problem is that they do not have a file extension, but just have numbers and dates, for example 00000001, so how do I upload them?

Finally, Driver Verifier is off.

Please advise further.

Thanks and regards, Roy

Reply | Quote

Open Avast and click on Statistics > Component Status (Your Stats tab) > double click Items stored in Virus Chest, there you will see the Item name and Original location, both useful details; from there, right click the individual files and select Properties, a screenshot for each file should be enough to give us further clues.

Otherwise continue using it as normal, looking for any oddities; any scans that are run (MSE/MBAM?) please post the detailed results if they pick up anything.

Reply | Quote

satrow, thanks again.

Screenshots of the Avast Virus Chest properties page for each file are attached, and I await your comments.

I have deleted the 2 Elby files I mentioned previously from Win 7.

I will now remove Avast and install MSE, and will let you know the result of the MSE scan.

Reply | Quote

Hm, most of those files look like adware download wrappers, probably relatively innocuous; the 2nd and 3rd from the top may be a few steps above those in terms of potential danger – Flash is one of the most targeted software for installing really bad stuff via the back door. I’m not sure what the default MSE scan is post-install, see if you can change it to deep scan all drives.

Reply | Quote

satrow, I use uTorrent to download movie files, and I always watch out for files described as torrents, but which turn out to have a downloader.exe file extension. I never run a download, I always choose save as, and if the file does not have a .torrent extension I immediately cancel the download. I am surprised therefore that the Barefoot Contessa download.exe file got through the net, although I am pleased that Avast quarantined it.

The default MSE scan post-install is a quick scan, and that found nothing, nor did the full scan I ran immediately after the quick scan.

Do you think I can now uninstall MSE and reinstall Avast, and also restore the 2 Elby files?

One thing I am concerned about is that the driver for my usb connected external hard drive probably needs replacing. When I switch that drive on I normally get 2 options windows opening (the drive is split into 2 partitions), and I choose to open the drives to view files. Sometimes however the options windows do not open and clicking the desktop shortcuts to either partition does not open them. I then have to switch the external drive off and on again before the partitions are recognized. Also, there have been a couple of instances where a torrent download is in progress, and I get an error message from uTorrent saying the download cannot be saved to the default location, which is a folder on one of the external drive partitions. I then have to switch the external drive off and on again and then get uTorrent to “force recheck” the download. I have no idea what download site to visit to get an updated driver. (I tried using Device Manager to check for updates to each of the usb items, but as I expected no updates were found). Do you have any ideas about this, and could this driver problem be related to the BSODs?

Please advise further.

Thanks and regards, Roy

Reply | Quote

Roy, you might find using Magnet links instead of torrents (pretty sure Magnet links are opened by uTorrent as part of the default install, otherwise try the Add Torrent from URL option and paste the Magnet link in) to be a safer alternative if you can find them; as always, take extreme care with downloads that may have been modified or are not from the originators.

Clean scan results are always encouraging 🙂

As said previously, we prefer to have ~10 days or so free of BSODs before giving the ‘all clear’ but it’s your machine, your choice; if you want to return to your original security software sooner, it’s up to you.

A real USB external drive doesn’t need any special drivers to enable access to it; I assume you have a WD with that awful ‘Smartware’ installed? If so, anything goes wrong with it and the chances of file recovery from it are almost nil – or extremely costly.

Reply | Quote

satrow, I agree with your comments about the Magnet or URL options.

I will leave things as they are for another 10 days, and if there are no more BSODs then I will return to my original security software.

The external drive says NAS 901 on the outside, and I believe it was made by Raidsonic and described as an Icybox enclosure. Also I believe the drive was originally in the FAT 32 format and connected over my LAN, but that when it was replaced by a larger drive it had to be changed to NTFS and connected via USB, but I have asked my local computer technician, who replaced the drive, to confirm this. If I am right does that make any difference to your remarks about a driver?

Reply | Quote

So it’s an NAS box that’s been converted to USB? All bets are off, not sure what’s needed in the way of drivers to enable access to that. You do need to look into why it’s falling asleep/disappearing though, that’s not good at all.

Reply | Quote

I switched on the external drive after starting the computer this morning and got the “installing device driver” notification, but this was before the internet connection was established and installation failed. I switched the drive off, and when the internet was connected I changed the usb port for the drive and switched the drive on. The device driver was then installed correctly and the auto play windows opened for each of the 2 partitions on the drive and I was able to access the files on them.

Hopefully the problem has now been solved. (Famous last words).

Thanks for all the help.

Regards, Roy

Reply | Quote

I just had another BSOD. The mindumo.zip file is attached, and I would appreciate advice about this.

I don’t know whether this is relevant, but 2 days ago I got a message saying there was a problem with my Nvidia Graphic Card driver, and at the same time the cursor was moving erratically around the screen. I rolled back to the previous driver and have had no further problems with the display or cursor.

Thanks and regards, Roy

Reply | Quote

Further to my previous message, I extracted the .zip file but how do I open the resulting .dmp file?

Reply | Quote

Hi, Roy.

This looks an interesting dump, Driver Verifier has kicked in and flagged an Intel Ethernet driver as faulting during a period when an Intel program was running and an Intel networking diagnostics driver was also loaded. What makes that interesting is that I see a Norton/Symantec driver had recently been unloaded. I see no sign of any Symantec/Norton software installed and the list of *.sys files collected earlier doesn’t contain this SMR410.SYS driver.

Many ‘networking’ problems can easily be triggered by a remnant of a previously installed security software remaining active (have you ever had any Symantec/Norton software installed on the PC?).

Let’s see if running the Symantec/Norton removal tool will clear out this remnant: SYMNRT

Re. the nVidia driver issue (especially if it was of a TDR type): many of these are purely heat -related, they can also be triggered by a ‘bad’ driver elsewhere.

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {122, 2, fffff8800475c2e0, fffff8800a2d80a8}

*** WARNING: Unable to verify timestamp for [B]e1c62x64.sys[/B]
*** ERROR: Module load completed but symbols could not be loaded for e1c62x64.sys
Probably caused by : [B]e1c62x64.sys[/B] ( e1c62x64+249b0 )

Followup: MachineOwner
———

3: kd> !analyze -v; !sysinfo cpuspeed; !sysinfo SMBIOS; lmtsmn; q
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000122, Waiting at DISPATCH_LEVEL, with a timeout different than zero.
Arg2: 0000000000000002, IRQL value.
Arg3: fffff8800475c2e0, Object to wait on.
Arg4: fffff8800a2d80a8, Address of the time out value.

Debugging Details:
——————


BUGCHECK_STR:  0xc4_122

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  [B]ncs2prov.exe[/B]

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff800035044ec to fffff80003077bc0

STACK_TEXT:  
fffff880`0a2d7f78 fffff800`035044ec : 00000000`000000c4 00000000`00000122 00000000`00000002 fffff880`0475c2e0 : nt!KeBugCheckEx
fffff880`0a2d7f80 fffff800`03517604 : 00000580`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0a2d7fc0 fffff880`047119b0 : fffff880`0475c2e0 00000000`00000000 fffffa80`08ae9000 fffff780`00001488 : nt!VerifierKeWaitForSingleObject+0x94
fffff880`0a2d8040 fffff880`0475c2e0 : 00000000`00000000 fffffa80`08ae9000 fffff780`00001488 fffff880`0a2d80a8 : [B]e1c62x64[/B]+0x249b0
fffff880`0a2d8048 00000000`00000000 : fffffa80`08ae9000 fffff780`00001488 fffff880`0a2d80a8 00000000`00000002 : e1c62x64+0x6f2e0


STACK_COMMAND:  kb

FOLLOWUP_IP: 
e1c62x64+249b0
fffff880`047119b0 ??              ???

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  e1c62x64+249b0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: e1c62x64

IMAGE_NAME:  e1c62x64.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  521487fa

FAILURE_BUCKET_ID:  X64_0xc4_122_VRF_e1c62x64+249b0

BUCKET_ID:  X64_0xc4_122_VRF_e1c62x64+249b0

Followup: MachineOwner
———

sysinfo: could not find necessary interfaces.
sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
sysinfo: could not find necessary interfaces.
sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
start             end                 module name
fffff880`04aee000 fffff880`04b2c000   1394ohci 1394ohci.sys Sat Nov 20 10:44:56 2010 (4CE7A6A8)
fffff880`00e00000 fffff880`00e57000   ACPI     ACPI.sys     Sat Nov 20 09:19:16 2010 (4CE79294)
fffff880`01a00000 fffff880`01a89000   afd      afd.sys      Fri May 30 07:45:48 2014 (5388291C)
fffff880`04b8e000 fffff880`04ba4000   AgileVpn AgileVpn.sys Tue Jul 14 01:10:24 2009 (4A5BCCF0)
fffff880`0118a000 fffff880`01195000   amdxata  amdxata.sys  Fri Mar 19 16:18:18 2010 (4BA3A3CA)
fffff880`04b38000 fffff880`04b5f000   AnyDVD   AnyDVD.sys   Thu Apr 24 22:13:59 2014 (53597E97)
fffff880`05bd7000 fffff880`05bfc000   asmthub3 asmthub3.sys Fri Aug 16 20:28:54 2013 (520E7D76)
fffff880`04a84000 fffff880`04aee000   asmtxhci asmtxhci.sys Fri Aug 16 20:28:42 2013 (520E7D6A)
fffff880`04824000 fffff880`0482e000   aswHwid  aswHwid.sys  Thu Jun 26 12:31:26 2014 (53AC048E)
fffff880`03fcc000 fffff880`03fd6000   aswKbd   aswKbd.sys   Thu Jun 26 12:34:01 2014 (53AC0529)
fffff880`02000000 fffff880`02022000   aswMonFlt aswMonFlt.sys Thu Jun 26 12:32:51 2014 (53AC04E3)
fffff880`0189e000 fffff880`0190e000   aswNdisFlt aswNdisFlt.sys Thu Jun 26 12:36:26 2014 (53AC05BA)
fffff880`01a89000 fffff880`01aa3000   aswRdr2  aswRdr2.sys  Thu Jun 26 12:33:28 2014 (53AC0508)
fffff880`01b00000 fffff880`01b13000   aswRvrt  aswRvrt.sys  Thu Jun 26 12:35:39 2014 (53AC058B)
fffff880`03e4c000 fffff880`03f4e000   aswSnx   aswSnx.sys   Thu Jun 26 12:34:44 2014 (53AC0554)
fffff880`03f4e000 fffff880`03fbc000   aswSP    aswSP.sys    Wed Jul 02 18:38:12 2014 (53B44384)
fffff880`02022000 fffff880`0203b000   aswStm   aswStm.sys   Thu Jun 26 12:47:09 2014 (53AC083D)
fffff880`01ac7000 fffff880`01b00000   aswVmm   aswVmm.sys   Thu Jun 26 12:35:49 2014 (53AC0595)
fffff880`0a40a000 fffff880`0a415000   asyncmac asyncmac.sys Tue Jul 14 01:10:13 2009 (4A5BCCE5)
fffff880`0114c000 fffff880`01155000   atapi    atapi.sys    Tue Jul 14 00:19:47 2009 (4A5BC113)
fffff880`01155000 fffff880`0117f000   ataport  ataport.SYS  Mon Aug 05 02:02:45 2013 (51FEF9B5)
fffff880`03fc5000 fffff880`03fcc000   Beep     Beep.SYS     Tue Jul 14 01:00:13 2009 (4A5BCA8D)
fffff880`046b6000 fffff880`046c7000   blbdrive blbdrive.sys Tue Jul 14 00:35:59 2009 (4A5BC4DF)
fffff880`0497d000 fffff880`0499b000   bowser   bowser.sys   Wed Feb 23 04:55:04 2011 (4D649328)
fffff960`00600000 fffff960`00627000   cdd      cdd.dll      unavailable (00000000)
fffff880`01b4b000 fffff880`01b75000   cdrom    cdrom.sys    Sat Nov 20 09:19:20 2010 (4CE79298)
fffff880`00ced000 fffff880`00dad000   CI       CI.dll       Sat Nov 20 13:12:36 2010 (4CE7C944)
fffff880`01850000 fffff880`01880000   CLASSPNP CLASSPNP.SYS Sat Nov 20 09:19:23 2010 (4CE7929B)
fffff880`00c8f000 fffff880`00ced000   CLFS     CLFS.SYS     Tue Jul 14 00:19:57 2009 (4A5BC11D)
fffff880`01430000 fffff880`014a2000   cng      cng.sys      Wed Aug 01 16:48:07 2012 (50194FB7)
fffff880`04b7e000 fffff880`04b8e000   CompositeBus CompositeBus.sys Sat Nov 20 10:33:17 2010 (4CE7A3ED)
fffff880`04600000 fffff880`0460e000   crashdmp crashdmp.sys Tue Jul 14 01:01:01 2009 (4A5BCABD)
fffff880`04615000 fffff880`04698000   csc      csc.sys      Sat Nov 20 09:27:12 2010 (4CE79470)
fffff880`04698000 fffff880`046b6000   dfsc     dfsc.sys     Sat Nov 20 09:26:31 2010 (4CE79447)
fffff880`0120c000 fffff880`0121b000   discache discache.sys Tue Jul 14 00:37:18 2009 (4A5BC52E)
fffff880`0183a000 fffff880`01850000   disk     disk.sys     Tue Jul 14 00:19:57 2009 (4A5BC11D)
fffff880`05111000 fffff880`05133000   drmk     drmk.sys     Fri Oct 04 03:16:30 2013 (524E24FE)
fffff880`01b13000 fffff880`01b1f000   dump_dumpata dump_dumpata.sys Tue Jul 14 00:19:47 2009 (4A5BC113)
fffff880`01b1f000 fffff880`01b32000   dump_dumpfve dump_dumpfve.sys Tue Jul 14 00:21:51 2009 (4A5BC18F)
fffff880`051f5000 fffff880`05200000   dump_msahci dump_msahci.sys Sat Nov 20 10:33:58 2010 (4CE7A416)
fffff880`01b32000 fffff880`01b3e000   Dxapi    Dxapi.sys    Tue Jul 14 00:38:28 2009 (4A5BC574)
fffff880`0fe88000 fffff880`0ff7c000   dxgkrnl  dxgkrnl.sys  Thu Aug 01 08:58:53 2013 (51FA153D)
fffff880`0ff7c000 fffff880`0ffc2000   dxgmms1  dxgmms1.sys  Wed Apr 10 04:27:15 2013 (5164DC13)
fffff880`046ed000 fffff880`04769000   e1c62x64 e1c62x64.sys Wed Aug 21 10:27:22 2013 (521487FA)
fffff880`01200000 fffff880`0120c000   ElbyCDIO ElbyCDIO.sys Mon Mar 04 09:21:51 2013 (513467AF)
fffff880`01195000 fffff880`011a9000   fileinfo fileinfo.sys Tue Jul 14 00:34:25 2009 (4A5BC481)
fffff880`00ec3000 fffff880`00f0f000   FLTMGR   FLTMGR.SYS   Sat Nov 20 09:19:24 2010 (4CE7929C)
fffff880`014b3000 fffff880`014bd000   Fs_Rec   Fs_Rec.sys   Thu Mar 01 03:41:06 2012 (4F4EEFD2)
fffff880`01800000 fffff880`0183a000   fvevol   fvevol.sys   Thu Jan 24 03:11:24 2013 (5100A65C)
fffff880`011a9000 fffff880`011f2000   fwpkclnt fwpkclnt.sys Sat Apr 05 02:23:21 2014 (533F5B09)
fffff800`035e7000 fffff800`03630000   hal      hal.dll      Sat Nov 20 13:00:25 2010 (4CE7C669)
fffff880`0ffc2000 fffff880`0ffe6000   HDAudBus HDAudBus.sys Sat Nov 20 10:43:42 2010 (4CE7A65E)
fffff880`05000000 fffff880`0505c000   HdAudio  HdAudio.sys  Sat Nov 20 10:44:23 2010 (4CE7A687)
fffff880`0ffe6000 fffff880`0fff7000   HECIx64  HECIx64.sys  Wed Oct 20 00:33:43 2010 (4CBE2AD7)
fffff880`051c5000 fffff880`051de000   HIDCLASS HIDCLASS.SYS Wed Jul 03 05:05:05 2013 (51D3A2F1)
fffff880`051de000 fffff880`051e6080   HIDPARSE HIDPARSE.SYS Wed Jul 03 05:05:04 2013 (51D3A2F0)
fffff880`05800000 fffff880`0580e000   hidusb   hidusb.sys   Sat Nov 20 10:43:49 2010 (4CE7A665)
fffff880`048b4000 fffff880`0497d000   HTTP     HTTP.sys     Sat Nov 20 09:24:30 2010 (4CE793CE)
fffff880`019dd000 fffff880`019e6000   hwpolicy hwpolicy.sys Sat Nov 20 09:18:54 2010 (4CE7927E)
fffff880`04b68000 fffff880`04b7e000   intelppm intelppm.sys Tue Jul 14 00:19:25 2009 (4A5BC0FD)
fffff880`0a415000 fffff880`0a9e9000   iqvw64e  iqvw64e.sys  Thu Nov 14 15:22:43 2013 (5284EAC3)
fffff880`04a6b000 fffff880`04a7a000   kbdclass kbdclass.sys Tue Jul 14 00:19:50 2009 (4A5BC116)
fffff880`051e7000 fffff880`051f5000   kbdhid   kbdhid.sys   Sat Nov 20 10:33:25 2010 (4CE7A3F5)
fffff800`00bb4000 fffff800`00bbe000   kdcom    kdcom.dll    Sat Feb 05 16:52:49 2011 (4D4D8061)
fffff880`047bf000 fffff880`047f8000   keyscrambler keyscrambler.sys Fri May 31 15:52:52 2013 (51A8B944)
fffff880`05072000 fffff880`050b5000   ks       ks.sys       Sat Nov 20 10:33:23 2010 (4CE7A3F3)
fffff880`013ce000 fffff880`013e9000   ksecdd   ksecdd.sys   Sat Apr 12 02:08:30 2014 (5348920E)
fffff880`015af000 fffff880`015db000   ksecpkg  ksecpkg.sys  Sat Apr 12 02:24:10 2014 (534895BA)
fffff880`05133000 fffff880`05138200   ksthunk  ksthunk.sys  Tue Jul 14 01:00:19 2009 (4A5BCA93)
fffff880`0203b000 fffff880`02050000   lltdio   lltdio.sys   Tue Jul 14 01:08:50 2009 (4A5BCC92)
fffff880`025da000 fffff880`025fd000   luafv    luafv.sys    Tue Jul 14 00:26:13 2009 (4A5BC295)
fffff880`0255b000 fffff880`025aea80   lvrs64   lvrs64.sys   Wed Jan 18 06:40:36 2012 (4F166964)
fffff880`0209e000 fffff880`0253fd00   lvuvc64  lvuvc64.sys  Wed Jan 18 06:41:08 2012 (4F166984)
fffff880`00c2c000 fffff880`00c7b000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 13:03:51 2010 (4CE7C737)
fffff880`025af000 fffff880`025bd000   monitor  monitor.sys  Tue Jul 14 00:38:52 2009 (4A5BC58C)
fffff880`0f212000 fffff880`0f221000   mouclass mouclass.sys Tue Jul 14 00:19:50 2009 (4A5BC116)
fffff880`0505c000 fffff880`05069000   mouhid   mouhid.sys   Tue Jul 14 01:00:20 2009 (4A5BCA94)
fffff880`01132000 fffff880`0114c000   mountmgr mountmgr.sys Sat Nov 20 09:19:21 2010 (4CE79299)
fffff880`0499b000 fffff880`049b3000   mpsdrv   mpsdrv.sys   Tue Jul 14 01:08:25 2009 (4A5BCC79)
fffff880`049b3000 fffff880`049e0000   mrxsmb   mrxsmb.sys   Wed Apr 27 03:40:38 2011 (4DB78226)
fffff880`02050000 fffff880`0209e000   mrxsmb10 mrxsmb10.sys Sat Jul 09 03:46:28 2011 (4E17C104)
fffff880`04800000 fffff880`04824000   mrxsmb20 mrxsmb20.sys Wed Apr 27 03:39:37 2011 (4DB781E9)
fffff880`0117f000 fffff880`0118a000   msahci   msahci.sys   Sat Nov 20 10:33:58 2010 (4CE7A416)
fffff880`03fed000 fffff880`03ff8000   Msfs     Msfs.SYS     Tue Jul 14 00:19:47 2009 (4A5BC113)
fffff880`00e60000 fffff880`00e6a000   msisadrv msisadrv.sys Tue Jul 14 00:19:26 2009 (4A5BC0FE)
fffff880`01000000 fffff880`0105e000   msrpc    msrpc.sys    Sat Nov 20 09:21:56 2010 (4CE79334)
fffff880`013f5000 fffff880`01400000   mssmbios mssmbios.sys Tue Jul 14 00:31:10 2009 (4A5BC3BE)
fffff880`019cb000 fffff880`019dd000   mup      mup.sys      Tue Jul 14 00:23:45 2009 (4A5BC201)
fffff880`019ac000 fffff880`019c2000   NBVol    NBVol.sys    Tue Nov 22 01:22:00 2011 (4ECAF938)
fffff880`019c2000 fffff880`019cb000   NBVolUp  NBVolUp.sys  Tue Nov 22 01:25:20 2011 (4ECAFA00)
fffff880`014bd000 fffff880`015af000   ndis     ndis.sys     Wed Aug 22 16:11:46 2012 (5034F6B2)
fffff880`04bc8000 fffff880`04bd4000   ndistapi ndistapi.sys Tue Jul 14 01:10:00 2009 (4A5BCCD8)
fffff880`04889000 fffff880`0489c000   ndisuio  ndisuio.sys  Sat Nov 20 10:50:08 2010 (4CE7A7E0)
fffff880`04a00000 fffff880`04a2f000   ndiswan  ndiswan.sys  Sat Nov 20 10:52:32 2010 (4CE7A870)
fffff880`05193000 fffff880`051a8000   NDProxy  NDProxy.SYS  Sat Nov 20 10:52:20 2010 (4CE7A864)
fffff880`01aac000 fffff880`01abb000   netbios  netbios.sys  Tue Jul 14 01:09:26 2009 (4A5BCCB6)
fffff880`01bb5000 fffff880`01bfa000   netbt    netbt.sys    Sat Nov 20 09:23:18 2010 (4CE79386)
fffff880`0105e000 fffff880`010be000   NETIO    NETIO.SYS    Tue Nov 26 10:21:01 2013 (5294760D)
fffff880`01b75000 fffff880`01b86000   Npfs     Npfs.SYS     Tue Jul 14 00:19:48 2009 (4A5BC114)
fffff880`013e9000 fffff880`013f5000   nsiproxy nsiproxy.sys Tue Jul 14 00:21:02 2009 (4A5BC15E)
fffff800`03002000 fffff800`035e7000   nt       ntkrnlmp.exe Tue Mar 04 08:38:19 2014 (531590FB)
fffff880`01225000 fffff880`013ce000   Ntfs     Ntfs.sys     Fri Jan 24 01:14:50 2014 (52E1BE8A)
fffff880`03fbc000 fffff880`03fc5000   Null     Null.SYS     Tue Jul 14 00:19:37 2009 (4A5BC109)
fffff880`0f224000 fffff880`0fe88000   nvlddmkm nvlddmkm.sys Tue May 20 00:08:44 2014 (537A8EFC)
fffff880`0a400000 fffff880`0a40a000   NvStreamKms NvStreamKms.sys Thu May 22 17:43:14 2014 (537E2922)
fffff880`050c7000 fffff880`050d4000   nvvad64v nvvad64v.sys Fri Mar 28 13:32:06 2014 (533579D6)
fffff880`04836000 fffff880`04889000   nwifi    nwifi.sys    Tue Jul 14 01:07:23 2009 (4A5BCC3B)
fffff880`01400000 fffff880`01426000   pacer    pacer.sys    Sat Nov 20 10:52:18 2010 (4CE7A862)
fffff880`00eaa000 fffff880`00ebf000   partmgr  partmgr.sys  Sat Mar 17 05:06:09 2012 (4F641BC1)
fffff880`00e6a000 fffff880`00e9d000   pci      pci.sys      Sat Nov 20 09:19:11 2010 (4CE7928F)
fffff880`0111b000 fffff880`01122000   pciide   pciide.sys   Tue Jul 14 00:19:49 2009 (4A5BC115)
fffff880`01122000 fffff880`01132000   PCIIDEX  PCIIDEX.SYS  Tue Jul 14 00:19:48 2009 (4A5BC114)
fffff880`014a2000 fffff880`014b3000   pcw      pcw.sys      Tue Jul 14 00:19:27 2009 (4A5BC0FF)
fffff880`09678000 fffff880`0971e000   peauth   peauth.sys   Tue Jul 14 02:01:19 2009 (4A5BD8DF)
fffff880`050d4000 fffff880`05111000   portcls  portcls.sys  Fri Oct 04 02:36:02 2013 (524E1B82)
fffff880`00c7b000 fffff880`00c8f000   PSHED    PSHED.dll    Tue Jul 14 02:32:23 2009 (4A5BE027)
fffff880`04ba4000 fffff880`04bc8000   rasl2tp  rasl2tp.sys  Sat Nov 20 10:52:34 2010 (4CE7A872)
fffff880`04a2f000 fffff880`04a4a000   raspppoe raspppoe.sys Tue Jul 14 01:10:17 2009 (4A5BCCE9)
fffff880`04a4a000 fffff880`04a6b000   raspptp  raspptp.sys  Sat Nov 20 10:52:31 2010 (4CE7A86F)
fffff880`04bd4000 fffff880`04bee000   rassstp  rassstp.sys  Tue Jul 14 01:10:25 2009 (4A5BCCF1)
fffff880`00dad000 fffff880`00dfe000   rdbss    rdbss.sys    Sat Nov 20 09:27:51 2010 (4CE79497)
fffff880`04bee000 fffff880`04bf9000   rdpbus   rdpbus.sys   Tue Jul 14 01:17:46 2009 (4A5BCEAA)
fffff880`03e35000 fffff880`03e3e000   RDPCDD   RDPCDD.sys   Tue Jul 14 01:16:34 2009 (4A5BCE62)
fffff880`03e3e000 fffff880`03e47000   rdpencdd rdpencdd.sys Tue Jul 14 01:16:34 2009 (4A5BCE62)
fffff880`03fe4000 fffff880`03fed000   rdprefmp rdprefmp.sys Tue Jul 14 01:16:35 2009 (4A5BCE63)
fffff880`01972000 fffff880`019ac000   rdyboost rdyboost.sys Sat Nov 20 09:43:10 2010 (4CE7982E)
fffff880`0489c000 fffff880`048b4000   rspndr   rspndr.sys   Tue Jul 14 01:08:50 2009 (4A5BCC92)
fffff880`05811000 fffff880`05bd6900   RTKVHD64 RTKVHD64.sys Wed May 14 11:28:52 2014 (53734564)
fffff880`015f6000 fffff880`01600000   SASDIFSV64 SASDIFSV64.SYS Fri Jul 22 00:03:00 2011 (4E28B024)
fffff880`01abb000 fffff880`01ac5000   SASKUTIL64 SASKUTIL64.SYS Tue Jul 12 22:00:01 2011 (4E1CB5D1)
fffff880`0971e000 fffff880`09729000   secdrv   secdrv.SYS   Wed Sep 13 14:18:38 2006 (4508052E)
fffff880`04b2c000 fffff880`04b38000   serenum  serenum.sys  Tue Jul 14 01:00:33 2009 (4A5BCAA1)
fffff880`01880000 fffff880`0189d000   serial   serial.sys   Tue Jul 14 01:00:40 2009 (4A5BCAA8)
fffff880`0196a000 fffff880`01972000   spldr    spldr.sys    Mon May 11 17:56:27 2009 (4A0858BB)
fffff880`09a42000 fffff880`09ada000   srv      srv.sys      Fri Apr 29 04:06:06 2011 (4DBA2B1E)
fffff880`0976c000 fffff880`097d5000   srv2     srv2.sys     Fri Apr 29 04:05:46 2011 (4DBA2B0A)
fffff880`09729000 fffff880`0975a000   srvnet   srvnet.sys   Fri Apr 29 04:05:35 2011 (4DBA2AFF)
fffff880`04a7a000 fffff880`04a7b480   swenum   swenum.sys   Tue Jul 14 01:00:18 2009 (4A5BCA92)
fffff880`01601000 fffff880`01800000   tcpip    tcpip.sys    Sat Apr 05 02:26:44 2014 (533F5BD4)
fffff880`0975a000 fffff880`0976c000   tcpipreg tcpipreg.sys Wed Oct 03 17:07:26 2012 (506C62BE)
fffff880`01ba8000 fffff880`01bb5000   TDI      TDI.SYS      Sat Nov 20 09:22:06 2010 (4CE7933E)
fffff880`01b86000 fffff880`01ba8000   tdx      tdx.sys      Sat Nov 20 09:21:54 2010 (4CE79332)
fffff880`019e6000 fffff880`019fa000   termdd   termdd.sys   Sat Nov 20 11:03:40 2010 (4CE7AB0C)
fffff960`00540000 fffff960`0054a000   TSDDD    TSDDD.dll    Tue Jul 14 01:16:34 2009 (4A5BCE62)
fffff880`046c7000 fffff880`046ed000   tunnel   tunnel.sys   Sat Nov 20 10:51:50 2010 (4CE7A846)
fffff880`050b5000 fffff880`050c7000   umbus    umbus.sys    Sat Nov 20 10:44:37 2010 (4CE7A695)
fffff880`02540000 fffff880`0255ad00   usbaudio usbaudio.sys Fri Jul 12 11:40:58 2013 (51DFDD3A)
fffff880`051a8000 fffff880`051c5000   usbccgp  usbccgp.sys  Wed Nov 27 01:41:15 2013 (52954DBB)
fffff880`05bfc000 fffff880`05bfde80   USBD     USBD.SYS     Wed Nov 27 01:41:03 2013 (52954DAF)
fffff880`0f200000 fffff880`0f212000   usbehci  usbehci.sys  Wed Nov 27 01:41:11 2013 (52954DB7)
fffff880`05139000 fffff880`05193000   usbhub   usbhub.sys   Wed Nov 27 01:41:36 2013 (52954DD0)
fffff880`04769000 fffff880`047bf000   USBPORT  USBPORT.SYS  Wed Nov 27 01:41:11 2013 (52954DB7)
fffff880`025ce000 fffff880`025da000   usbprint usbprint.sys Tue Jul 14 01:38:18 2009 (4A5BD37A)
fffff880`025bd000 fffff880`025ce000   usbscan  usbscan.sys  Wed Jul 03 05:40:12 2013 (51D3AB2C)
fffff880`00e9d000 fffff880`00eaa000   vdrvroot vdrvroot.sys Tue Jul 14 01:01:31 2009 (4A5BCADB)
fffff880`03fd6000 fffff880`03fe4000   vga      vga.sys      Tue Jul 14 00:38:47 2009 (4A5BC587)
fffff880`03e00000 fffff880`03e25000   VIDEOPRT VIDEOPRT.SYS Tue Jul 14 00:38:51 2009 (4A5BC58B)
fffff880`0190e000 fffff880`0191e000   vmstorfl vmstorfl.sys Sat Nov 20 09:57:30 2010 (4CE79B8A)
fffff880`00fe1000 fffff880`00ff6000   volmgr   volmgr.sys   Sat Nov 20 09:19:28 2010 (4CE792A0)
fffff880`010bf000 fffff880`0111b000   volmgrx  volmgrx.sys  Sat Nov 20 09:20:43 2010 (4CE792EB)
fffff880`0191e000 fffff880`0196a000   volsnap  volsnap.sys  Sat Nov 20 09:20:08 2010 (4CE792C8)
fffff880`015db000 fffff880`015f6000   wanarp   wanarp.sys   Sat Nov 20 10:52:36 2010 (4CE7A874)
fffff880`03e25000 fffff880`03e35000   watchdog watchdog.sys Tue Jul 14 00:37:35 2009 (4A5BC53F)
fffff880`00f0f000 fffff880`00fd1000   Wdf01000 Wdf01000.sys Sat Jun 22 04:13:05 2013 (51C51641)
fffff880`00fd1000 fffff880`00fe1000   WDFLDR   WDFLDR.SYS   Thu Jul 26 03:29:04 2012 (5010AB70)
fffff880`01aa3000 fffff880`01aac000   wfplwf   wfplwf.sys   Tue Jul 14 01:09:26 2009 (4A5BCCB6)
fffff960`000e0000 fffff960`003f7000   win32k   win32k.sys   Wed Jun 18 02:10:15 2014 (53A0E6F7)
fffff880`04b5f000 fffff880`04b68000   wmiacpi  wmiacpi.sys  Tue Jul 14 00:31:02 2009 (4A5BC3B6)
fffff880`00e57000 fffff880`00e60000   WMILIB   WMILIB.SYS   Tue Jul 14 00:19:51 2009 (4A5BC117)

[B][COLOR=”#FF0000″]Unloaded modules:[/COLOR][/B]
fffff880`09ada000 fffff880`09b4b000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00071000
fffff880`0a42b000 fffff880`0a9ff000   iqvw64e.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  005D4000
fffff880`01b13000 fffff880`01b21000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`01b21000 fffff880`01b2d000   dump_pciidex
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff880`01b2d000 fffff880`01b38000   dump_msahci.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
fffff880`01b38000 fffff880`01b4b000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
fffff880`00dad000 fffff880`00dc8000   [B][COLOR=”#FF0000″]SMR410.SYS[/COLOR][/B]
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001B000
quit:
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨“



   — E O J —   2014 Jul 20 16:41:11 PM    _99-debug   Copyright 2012 Sysnative Forums

Reply | Quote

Hi satrow and thanks.

I recently tried a Norton anti malware program called Norton Power Eraser, the only Norton product I have used, and that found no problems. I ran the Norton Removal Tool and then searched for Norton with the Everything program, and nothing was found except for a couple of items in Favourites.

I have been having a lot of internet connection problems, and the following is a copy of the email I have sent to my local computer technician about this:

“I tried turning off the modem and turning it on again after 10 seconds or so, but that made no difference, nor did plugging the Ethernet cable into the modem and turning off the router.

Network diagnostics could not identify the problem.

Network and Sharing Centre showed the Network as Public, and I don’t know how that happened. I could not find out how to change the network type to Home Network. Can you tell me how to do this please? (I restarted the PC and found that the network type was then shown as Home Network, but that kept changing to no internet access and then back to Home Network).

When I restarted the PC I also got a message saying that another computer on this network has the same IP address as this computer. I have never seen this message before. Any ideas?”

Any ideas about this? (Since sending the above email the internet connection has been OK).

apart from the above, how do I open a .dmp file?

Further help would be appreciated.

Thanks and regards,
Roy

Reply | Quote

The internet problem turned out to be caused by a software fault in the modem. I took it back to my ISP and they tested it and found a fault in the software, which they allegedly fixed, but when I took it home and reconnected it I still had no internet connection. I will return it again and insist on a replacement, and in the meantime I have been using a borrowed modem with no problems at all.

Regarding the BSOD’S, I sent the minidump file to avast, as the last BSOD mentioned asw.sys, and they have just informed me that the cause is a problem with their current program version which will be fixed in their next release. Meantime I will continue to use Microsoft Security Essentials, which I installed as a stopgap.

All’s well that ends well, I hope.

Regards, Roy

Reply | Quote

deleted my comment after reading though this entire thread and seeing you have some functionality.

Reply | Quote

Avast recently released their beta version of Avast internet security 2015.I installed that on my Win 7 and Win 8 partitions, and no further BSOD’S have occurred. My external usb backup drive still disappears/goes to sleep from time to time, and that sometimes happens when I am making a Macrium Reflect backup image to one or the other of the 2 partitions on the external drive, which is worrying, but the drive is recognized again when I switch it off and on again. That is now the only problem I have with either my Win 7 or Win 8 systems.

Regards, Roy

Reply | Quote

Regarding my last post, I spoke too soon regarding the BSOD problem. I got another BSOD related to avast. I have sent the minidump file to avast and will let you know what they say.

Reply | Quote

Further to my last post, avast say that the BSOD was caused by ntoskrnl.exe, and not by avast. I attach the minidump file, and would appreciate advice about this.

Thanks and regards, Roy

Reply | Quote

Hi again, Roy.

Unfortunately, that BSOD type, 0x101, can’t be analysed fully from a minidump, a kernel or full dump is needed.

The cause is that a CPU core had waited too long, 19 cycles, for information to be delivered by another CPU core. For whatever reason, the info didn’t arrive = crash. It could be either hardware, BIOS or a driver behind the delay.

These types of error messages are relatively simple, from a certain viewpoint: as frequently happens during normal processing, one core (processor) attempted to get the attention of another core, in order to synchronise their activites with respect to an operation that requires processor coordination. Described using “official” terminology:

“CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.”

The trigger for the crash is the “sender/requestor” processor going “wtf? why is there still no response after almost half a second?!?” Those inter-processor interrupts (IPIs) are some of the most critical activity imaginable, and an unrequited IPI is absolutely lethal – hence the crash.

AMD procs had known issues which manifested themselves in this manner under Vista and Windows 7. There were/are many possible problem permutations, some solved through BIOS updates, and some necessitating fiddling with the “Translation Lookaside Buffer” (TLB), as per torrentg’s suggestion to look up 0x101 and AMD and TLB.

Your real aim is to give yourself the best possible chance of discovering a software cause for the target processor to go unresponsive, and thereby avoid the most obvious conclusion – that the processor is periodically unresponsive because of hardware-level defects

I can confidently tell you that the browsers, apps, and games cannot be the root cause of this problem, even though I don’t doubt your observation that the operation of certain software seems to more easily trigger the crash. What you’re looking for will be in one of the following categories:

a) BIOS bug
b) a driver whose activity is causing the target processor to lock up
c) a hardware defect (temperature, voltage, dust, RFI, outright borkedness…)
– H2SO4

Class 101 for 0x101 Bugchecks

Check for a BIOS update first, ‘play’ with 3rd party drivers next and then test your hardware in a known good PC would be my order of troubleshooting. As you have Avast’s security suite installed, I’d suggest completely removing all other security software/drivers in one fell swoop, MBAE, SAS and KeyScrambler, test until it BSOD’s.

intelppm.sys Tue Jul 14 00:19:25 2009 (4A5BC0FD)
Intel Processor driver
http://www.carrona.org/drivers/driver.php?id=intelppm.sys

amdxata.sys Fri Mar 19 16:18:18 2010 (4BA3A3CA)
AMD storage controller driver – usually from the Windows 7 DVD
http://www.carrona.org/drivers/driver.php?id=amdxata.sys

HECIx64.sys Wed Oct 20 00:33:43 2010 (4CBE2AD7)
Intel Management Engine Interface
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys

SASKUTIL64.SYS Tue Jul 12 22:00:01 2011 (4E1CB5D1)
SUPERAntiSpyware
http://www.carrona.org/drivers/driver.php?id=SASKUTIL64.SYS

SASDIFSV64.SYS Fri Jul 22 00:03:00 2011 (4E28B024)
SUPERAntiSpyware
http://www.carrona.org/drivers/driver.php?id=SASDIFSV64.SYS

NBVol.sys Tue Nov 22 01:22:00 2011 (4ECAF938)
Nero Backup Volume Filter Driver
http://www.carrona.org/drivers/driver.php?id=NBVol.sys

NBVolUp.sys Tue Nov 22 01:25:20 2011 (4ECAFA00)
Nero Backup Volume Upper Filter Driver
http://www.carrona.org/drivers/driver.php?id=NBVolUp.sys

lvrs64.sys Wed Jan 18 06:40:36 2012 (4F166964)
Logitech Camera driver
http://www.carrona.org/drivers/driver.php?id=lvrs64.sys

lvuvc64.sys Wed Jan 18 06:41:08 2012 (4F166984)
Logitech USB Video Class Driver (WebCam)
http://www.carrona.org/drivers/driver.php?id=lvuvc64.sys

ElbyCDIO.sys Mon Mar 4 09:21:51 2013 (513467AF)
CDRTools/ElbyCDIO/DVD Region Killer/VirtualCloneDrive (elby CloneDVD™ 2)/AnyDVD
http://www.carrona.org/drivers/driver.php?id=ElbyCDIO.sys

keyscrambler.sys Fri May 31 15:52:52 2013 (51A8B944)
KeyScrambler Keyboard Encryption Driver
http://www.carrona.org/drivers/driver.php?id=keyscrambler.sys

asmtxhci.sys Fri Aug 16 20:28:42 2013 (520E7D6A)
Asmedia USB 3.0 driver
http://www.carrona.org/drivers/driver.php?id=asmtxhci.sys

asmthub3.sys Fri Aug 16 20:28:54 2013 (520E7D76)
ASMedia USB 3.0 Hub driver
http://www.carrona.org/drivers/driver.php?id=asmthub3.sys

e1c62x64.sys Wed Aug 21 10:27:22 2013 (521487FA)
Intel(R) 82579V Gigabit Network Connection driver
http://www.carrona.org/drivers/driver.php?id=e1c62x64.sys

mbae64.sys Fri Oct 4 13:57:50 2013 (524EBB4E)

mbae64.sys – this driver hasn’t been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.[/color]

AnyDVD.sys Thu Apr 24 22:13:59 2014 (53597E97)
AnyDVD by SlySoft, Inc
http://www.carrona.org/drivers/driver.php?id=AnyDVD.sys

RTKVHD64.sys Wed May 14 11:28:52 2014 (53734564)
Realtek High Definition Audio Function Driver
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys

nvlddmkm.sys Wed Jul 2 18:42:02 2014 (53B4446A)
nVidia Video drivers
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys

aswHwid.sys Fri Aug 15 11:07:08 2014 (53EDDBCC)
avast! HWID driver
http://www.carrona.org/drivers/driver.php?id=aswHwid.sys

aswKbd.sys Fri Aug 15 11:08:39 2014 (53EDDC27)
avast! Keyboard Filter Driver
http://www.carrona.org/drivers/driver.php?id=aswKbd.sys

aswMonFlt.sys Fri Aug 15 11:08:52 2014 (53EDDC34)
avast! File System Minifilter Driver
http://www.carrona.org/drivers/driver.php?id=aswMonFlt.sys

aswVmm.sys Fri Aug 15 11:08:54 2014 (53EDDC36)
avast! VM Monitor driver
http://www.carrona.org/drivers/driver.php?id=aswVmm.sys

aswRdr2.sys Fri Aug 15 11:09:38 2014 (53EDDC62)
avast! TDI Redirect Driver
http://www.carrona.org/drivers/driver.php?id=aswRdr2.sys

aswNdisFlt.sys Fri Aug 15 11:10:43 2014 (53EDDCA3)
Avast! Firewall Driver
http://www.carrona.org/drivers/driver.php?id=aswNdisFlt.sys

aswSnx.sys Fri Aug 15 11:10:46 2014 (53EDDCA6)
avast! Virtualization Driver
http://www.carrona.org/drivers/driver.php?id=aswSnx.sys

aswSP.sys Fri Aug 15 11:20:06 2014 (53EDDED6)
avast! Self Protection Driver
http://www.carrona.org/drivers/driver.php?id=aswSP.sys

aswStm.sys Fri Aug 15 11:20:50 2014 (53EDDF02)
avast! Antivirus Stream Filter driver
http://www.carrona.org/drivers/driver.php?id=aswStm.sys

Reply | Quote

Hello satrow, and sincere thanks for your help. I have updated the wired networking driver, but have not yet made any other changes to my system.

I tried twice to attach the full dump file to this reply, but although the spinning upload circle finally stopped the file was not attached. The zip file size is 119,550KB-is that too large?

Please advise.

Thanks and regards, Roy

Reply | Quote

Yes, that’s way too big for most fora, zip it and upload it to somewhere like SkyDrive (or w/e the name is today), ensure it’s publicly accessible and then post the URL back here.

Reply | Quote

Hi satrow, this is the link from OneDrive to the dump file:

https://onedrive.live.com/?cid=4a4ab438e285ad34&id=4A4AB438E285AD34%212186

I hope that works-I had to install SkyDrive (when I ran the installer the program name became OneDrive) and I am not yet familiar with the program.

Please advise further.

Thanks and regards, Roy

Reply | Quote

I can’t access that, Roy.

Do you have a URL for your Avast topic as well?

Reply | Quote

Roy, you need to right click on the file in question and choose share. This enables you to email someone to invite them to share the file (with a URL similar to above). The problem now is how to share the file with others. If you email yourself, you should be able to copy the link into the thread – but I’m not 100% sure of this, suck it and see.

Had you used Dropbox you can create a link and give it to someone (even via the lounge). They don’t have to have Dropbox installed.

Googledrive doesn’t seem to have this facility.

Eliminate spare time: start programming PowerShell

Reply | Quote

access-mdb

I did as you suggested and here is a copy of the link:

http://http://windowssecrets.com/forums/showthread//162869-Blue-Screen-of-Death-message/page47893

Sorry-that didn’t work, but I hope this link will:

https://onedrive.live.com/redir?resid=4A4AB438E285AD34%212186

Reply | Quote

Roy, that link is for windowssecrets, not onedrive…..

Eliminate spare time: start programming PowerShell

Reply | Quote

access-mdb,

I am confused because when I click the second link in post #49 it does open the dmp file in OneDrive.

Reply | Quote

But you added that link after I posted my reply! And I can see the file fine (though I didn’t try and open it).

Just to clarify, when I looked at your post, it stopped after “sorry that didn’t work”

Eliminate spare time: start programming PowerShell

Reply | Quote

access-mdb,

I added the second link to post #49 when I edited it at 18.02 pm, which, as you say, was after your post #50. (I was able to create the link with OneDrive).

I’m glad you could access the link,and hope satrow can interpret the dump file for me.

Regards, Roy

Reply | Quote

Same dump file that was zipped and attached to #42.

Reply | Quote

Hello satrow,the kernel dump zip file is in my OneDrive documents folder, but it is 112 megabytes so it’s too large to upload. The file is shared, but how do I create a hyperlink to it in OneDrive?

Advice would be appreciated.

Thanks and regards, Roy

Reply | Quote

No, Roy, I can’t access it from that link.

Reply | Quote

I believe the following link will work:

https://onedrive.live.com/redir?resid=4A4AB438E285AD34%212188

I hope this isn’t just an expanded version of the minidump file I submitted previously.

Please advise.

Thanks and regards, Roy

Reply | Quote

Hi, Roy.

I called in the cavalry for this one as it’s out of my league. The resulting breakdown points back to the Avast! VM Monitor driver being involved in some kind of hold up and interfering with a nVidia driver request.

Uninstall Avast! as per #22 and install MSE. Check that Driver Verifier is turned off: to turn Driver Verifier off – verifier /reset then re-boot.

Thanks very much, Patrick :cheers:

Hi,

Code:

BugCheck 101, {[COLOR=Red]19[/COLOR], 0, [COLOR=Indigo]fffff88002f65180[/COLOR], 2}

19 clock ticks in regards to the timeout.

Code:

0: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff800`00b9c358 fffff800`0312ba4a : 00000000`00000101 00000000`00000019 00000000`00000000 fffff880`02f65180 : nt!KeBugCheckEx
fffff800`00b9c360 fffff800`030de6f7 : 00000000`00000000 fffff800`00000002 00000000`00002711 00000000`02020000 : nt! ?? ::FNODOBFM::`string'+0x4e3e
fffff800`00b9c3f0 fffff800`03020895 : fffff800`03046460 fffff800`00b9c5a0 fffff800`03046460 00000000`00000000 : nt!KeUpdateSystemTime+0x377
fffff800`00b9c4f0 fffff800`030d1113 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalpHpetClockInterrupt+0x8d
fffff800`00b9c520 fffff800`030e3a08 : fffff800`0324fe80 00000000`00000001 00000000`00000000 fffff980`15900fd0 : nt!KiInterruptDispatchNoLock+0x163 ([COLOR=Red][B]TrapFrame @ fffff800`00b9c520[/B][/COLOR])
fffff800`00b9c6b0 fffff800`03183c36 : 00000000`00000000 fffff800`0324fe80 fffff980`15900fd0 fffff880`0f2d185e : [COLOR=DarkGreen]nt!KiIpiSendRequestEx+0x98[/COLOR]
fffff800`00b9c6f0 fffff800`031dca79 : 00000000`00000001 fffff800`00b9c7b0 fffff6fc`c00ac800 fffff980`15900fd0 : [COLOR=Indigo]nt!KeFlushSingleTb+0x126[/COLOR]
fffff800`00b9c770 fffff800`0320793b : fffff800`0305f000 00000000`4d52564e 00000000`00219ac4 fffffa80`0840c000 : [COLOR=Blue]nt!MmFreeSpecialPool+0x349[/COLOR]
fffff800`00b9c8c0 fffff880`0f194b31 : fffff980`15900fe0 00000000`00000002 00000000`00000008 fffffa80`0671e000 : [COLOR=Blue]nt!ExDeferredFreePool+0xf33[/COLOR]
fffff800`00b9c970 fffff880`0f2e06de : 00000000`00000000 00000000`00000001 fffffa80`0840c000 fffffa80`0671e000 : [COLOR=Red]nvlddmkm+0xdab31[/COLOR]
fffff800`00b9c9a0 fffff880`0f36738e : fffff980`15900fe0 fffff880`00000014 fffff980`15900fd0 fffff980`08b40ec0 : nvlddmkm+0x2266de
fffff800`00b9c9d0 fffff880`0f367daa : 00000000`00000000 00000000`00000004 fffffa80`0671e000 fffffa80`0840c000 : nvlddmkm+0x2ad38e
fffff800`00b9ca10 fffff880`0f5849bf : fffffa80`0671e000 fffff800`00b9cb29 fffffa80`0840c000 00000000`00000100 : nvlddmkm+0x2addaa
fffff800`00b9ca50 fffff880`0f25c1c0 : fffffa80`0671e000 fffff800`00b9cb29 00000000`00000000 00000000`00000000 : nvlddmkm+0x4ca9bf
fffff800`00b9ca80 fffff800`030df30c : fffff800`0324fe80 0000000f`991893d2 fffff980`05350fc0 00000000`00000099 : nvlddmkm+0x1a21c0
fffff800`00b9cb90 fffff800`030cc8ca : fffff800`0324fe80 fffff800`0325dcc0 00000000`00000000 fffff880`0f25d1ec : nt!KiRetireDpcList+0x1bc
fffff800`00b9cc40 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cc00 00000000`00000000 : nt!KiIdleLoop+0x5a

Code:

0: kd> .trap fffff800`00b9c520
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=fffff98015900fd0
rdx=00000000000008e1 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800030e3a08 rsp=fffff80000b9c6b0 rbp=fffff98015900fd0
 r8=0000000000000000  r9=ffffffffffffff7f r10=0000000000000008
r11=fffff80003121520 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
nt!KiIpiSendRequestEx+0x98:
fffff800`030e3a08 8b8780200000    mov     eax,dword ptr [rdi+2080h] ds:00000000`00002080=????????
0: kd> u @rip
nt!KiIpiSendRequestEx+0x98:
fffff800`030e3a08 8b8780200000    mov     eax,dword ptr [rdi+2080h]
fffff800`030e3a0e 85c0            test    eax,eax
fffff800`030e3a10 749e            je      nt!KiIpiSendRequestEx+0x40 (fffff800`030e39b0)
fffff800`030e3a12 ffc3            inc     ebx
fffff800`030e3a14 851dae892200    test    dword ptr [nt!HvlLongSpinCountMask (fffff800`0330c3c8)],ebx
fffff800`030e3a1a 0f8455cffcff    je      nt! ?? ::FNODOBFM::`string'+0x5d50 (fffff800`030b0975)
fffff800`030e3a20 f390            pause
fffff800`030e3a22 ebe4            jmp     nt!KiIpiSendRequestEx+0x98 (fffff800`030e3a08)
0: kd> ub fffff800`030e39b0
nt!KiIpiSendRequestEx+0x26:
fffff800`030e3996 e891000000      call    [COLOR=Red]nt!KiAffinityContainsProcessorsOtherThanSelf (fffff800`030e3a2c)[/COLOR]
fffff800`030e399b 85c0            test    eax,eax
fffff800`030e399d 7531            [COLOR=Blue]jne     nt!KiIpiSendRequestEx+0x60 [/COLOR](fffff800`030e39d0)
fffff800`030e399f 488b442470      mov     rax,qword ptr [rsp+70h]
fffff800`030e39a4 4885c0          test    rax,rax
fffff800`030e39a7 7407            je      nt!KiIpiSendRequestEx+0x40 (fffff800`030e39b0)
fffff800`030e39a9 488b4c2478      mov     rcx,qword ptr [rsp+78h]
fffff800`030e39ae ffd0            call    rax

It looks like the nVidia video driver was doing some special pool stuff, which require a flush of the translation lookaside buffer. This of course requires attention/action from all processors, therefore it sent an inter-processor interrupt (nt!KiIpiSendRequestEx+0x98). If we disassemble we can see that we’re waiting for it to be responded to, but by whom?

Code:

7: kd> k
Child-SP          RetAddr           Call Site
fffff880`05dfdc20 fffff800`03135198 [COLOR=DarkOrange]nt!KeFlushMultipleRangeTb+0x266[/COLOR]
fffff880`05dfdcf0 fffff800`031dc5ea nt! ?? ::FNODOBFM::`string'+0x204ce
fffff880`05dfdee0 fffff800`031ddbe7 nt!MiEmptyWorkingSet+0x24a
fffff880`05dfdf90 fffff800`03578371 nt!MiTrimAllSystemPagableMemory+0x218
fffff880`05dfdff0 fffff800`035784cf [COLOR=DarkGreen]nt!MmVerifierTrimMemory+0xf1[/COLOR]
fffff880`05dfe020 fffff800`03578c24 [COLOR=Indigo]nt!ViKeRaiseIrqlSanityChecks+0xcf[/COLOR]
*** ERROR: Module load completed but symbols could not be loaded for [COLOR=Red]aswSnx.sys[/COLOR]
fffff880`05dfe060 fffff880`0412a728 [COLOR=Blue]nt!VerifierKeAcquireSpinLockRaiseToDpc+0x54[/COLOR]
fffff880`05dfe0c0 fffff880`0412a986 [COLOR=Red]aswSnx+0x30728[/COLOR]
fffff880`05dfe0f0 fffff880`0412abaf [COLOR=Red]aswSnx+0x30986[/COLOR]
fffff880`05dfe140 fffff880`041e66af [COLOR=Red]aswSnx+0x30baf[/COLOR]
fffff880`05dfe1a0 fffff880`040fd798 [COLOR=Red]aswSnx+0xec6af[/COLOR]
fffff880`05dfe820 fffff800`0357dd26 [COLOR=Red]aswSnx+0x3798[/COLOR]
fffff880`05dfe870 fffff800`033f1e67 nt!IovCallDriver+0x566
fffff880`05dfe8d0 fffff800`033f26c6 nt!IopXxxControlFile+0x607
fffff880`05dfea00 fffff800`030d3e53 nt!NtDeviceIoControlFile+0x56
fffff880`05dfea70 00000000`7713132a nt!KiSystemServiceCopyEnd+0x13
00000000`02dff558 00000000`00000000 0x7713132a

avast!’s virtualization driver was acquiring a spin lock so it could synchronize access to shared data in a multiprocessor-safe way by raising IRQL. We can see verifier does a sanity check (evidently verifier was enabled) — basically says “Hey, are we at the right IRQL right now?”, it trimmed memory (emptied working set), and then went to flush the TB.

Okay, so this looks sort of ordinary and nothing really bad happening. However:

Code:

2: kd> k
Child-SP          RetAddr           Call Site
fffff880`05f89088 fffff880`01813985 [COLOR=Red]aswVmm+0x1553e[/COLOR]
fffff880`05f89090 fffff800`0338ca96 aswVmm+0x13985
fffff880`05f89130 fffff800`033a9fd9 nt!PspExitProcess+0x156
fffff880`05f89190 fffff800`0338eb7d nt!PspExitThread+0x4e9
fffff880`05f89290 fffff800`030c76fa nt!PsExitSpecialApc+0x1d
fffff880`05f892c0 fffff800`030c7a40 nt!KiDeliverApc+0x2ca
fffff880`05f89340 fffff800`030d3ef7 nt!KiInitiateUserApc+0x70
fffff880`05f89480 00000000`771311d6 nt!KiSystemServiceExit+0x9c
00000000`00f9fa70 00000000`00000000 0x771311d6

On processor #2, we seem to go off the rails on the VM monitor driver.

If you ask me, avast! is up to no good and caused the IPI to go unattended (which caused the bug check).

Have the user remove and replace avast!.

A few other things…

1. The user has Nero backup dating from 2011. The date is one thing, but anything from Nero is a lot of red flags.

2. SuperAntiSpyware is installed, keep a close eye on it as there may be potential conflicts.

Patrick

Reply | Quote

Hello again satrow, I was editing post #55 and submitted it before seeing your post #56.

I would appreciate a reply to post #55.

Reply | Quote

Hi satrow, and firstly sincere thanks to you and Patrick for your help.

In view of the mention of Avast! VM Monitor driver I have sent a link to the kernel dump and to this thread to Avast! and will let you know what they come back with.

I ran the verifier /reset command and then rebooted, and since doing so my Win 7 partition boots faster than before, but I assume this is just a coincidence.

Does verifier run at startup by default, or is it started manually? If it starts by default can I stop it doing so, if that is wise, and if so how?

I had already changed the startup option for Nero backup (which I don’t use) and Super AntiSpyware to manual.

Regards, Roy

Reply | Quote

We enjoy a challenge, Roy 🙂

A link to your Avast topic(s) might be helpful.

Resetting Driver Verifier turns it off until it is manually re-enabled, it should be off by default, only turned on when there is a reasonable suspicion that a bad driver is causing problems, and then only to check a selection (normally 3rd party only) of drivers by stress testing for 24-48 hours. The PC no longer has those added checks and stresses, so it should boot up faster and feel more responsive during normal use.

Merely disabling software from auto-starting doesn’t prevent any drivers related to them from loading at each boot. There might also be cases of a .dll from ‘disabled’ software loading alongside some – or all – User processes. Security and other low-level software can also leave active other files or settings, for example, tied into the TCP/IP (networking) stack, leading to 3rd party software crashes or full blown BSODs – even when the software at fault was ‘uninstalled’ long before any problems began to surface!

I would uninstall Nero Backup and set the drivers for SAS to load manually: Run > services.msc and change the Startup type for both SAS drivers to Manual. That way, they shouldn’t load at Boot but should be able to start when you start the program manually. Be aware that some software will revert this setting once the program has been started, unless they have a manual option somewhere user configurable, you’ll need to reset the Startup type for these after you close the program each time 🙁

Driverview is useful for checking loaded drivers.

Autoruns is the best tool for managing Startups (MSConfig is for temporary/troubleshooting use). Using Autoruns to Deal with Startup Processes and Malware

Process Explorer can be used to track down remnant and suspect .dlls etc. Understanding Process Explorer

Reply | Quote

Hello satrow,

This is the link to the Avast topic:https://support.avast.com/Default/Tickets/Ticket/View/YNP-239-99578/0/0/QxgKqhmtnen0HsXEqAeL

SAS does not appear in services, nor does Nero Backup.

I will try uninstalling Nero Backup. (I did not choose to install it, but the Nero installer did so anyway. Typical Nero-I have taken this up with them more than once but they just ignore me, again typical Nero). My only concern is that in the past I have found that even deleting Nero help files, of which there a a great number, causes the whole of Nero to malfunction.

Regards, Roy

Reply | Quote

The Avast link must be to the equivalent of support via PM, not something I can access.

Do the SAS or Nero Backup drivers appear in DriverView or Autoruns?

Reply | Quote

satrow, SAS appeared in autoruns 5 times, but for 3 of them I was told the system cannot find the specified file. I unchecked the other 2, and also unchecked the 2 Nero Backup entries.

I will let you know when avast support reply.

Regards, Roy

Reply | Quote

Ok, Roy, looks like you’re doing fine.

Should it not start after the next reboot/shutdown/restart, keep tapping F8 during Boot and select the Advanced option > Last known good. I have to do that from time to time when I’m testing some of these driver-related fixes/workarounds out 🙂

Reply | Quote

satrow, I deleted a host of Nero Help files and a host of Nero language and Eula files, and some of the components I don’t want, and then had problems running some of the Nero programs that I want to keep. I then chose to modify the whole Nero installation and chose to install fewer components than before. As usual and as has been the case with all recent Nero versions the install options did not refer to Nero Backup, but it was installed regardless.

One of the Nero programs required the installation of Net Framework 4. and when the Nero installation completed I had to reboot. I was not surprised then to find Windows Update offering 15 Net 4 updates, which installed successfully. I had to reboot again, and then had problems restarting until I chose the Last known good option. Win 7 then started ok, but there was no reference to “Configuring Windows Updates”-what if anything should I do about this?

Please advise.

Thanks and regards, Roy

Reply | Quote

Unless you’re really stuck for drive space, it’s better to compress individual folders and their contents, rather than deleting files. You might find smaller, Freeware alternatives to the parts of Nero that you actually use.

Using Last known good will set your PC back to using the earlier Registry and driver version, undoing many changes made during the previous session. Run Windows/MS Update again and uncheck Nero Backup in Autoruns.

Reply | Quote

satrow, I had already run MS Update again (no updates were found) and had unchecked Nero Backup in Autoruns before seeing your last post.

Please reply to my question about the non configuration of Windows updates.

Thanks and regards, Roy

Reply | Quote

I know nothing of the internal workings of Windows/MS Updates in respect to how they might be affected by a roll back or a last known good scenario. I suggest that you uninstall the last group, reboot and then run WU again to be reasonably sure that they’re installed correctly.

Reply | Quote

satrow, I can’t uninstall the last group of updates because although they are shown in update history as successful they are not shown in installed updates. Is there any other way I can uninstall them? If not, since WU is not reoffering them I will download them from Microsoft’s Download Centre and reinstall them.

Please advise.

Thanks and regards, Roy

Reply | Quote

satrow, after post #70 and uninstalling Nero, whilst deleting Nero registry entries I got a BSOD and couldn’t restart, but the repair option came up and I used system restore from the repair options. I then restored a Macrium image of Win 7. That succeeded, but now the last updates from WU do not appear in update history or installed updates. They were all updates to Net Framework 4 which was required when I previously reinstalled Nero. I am now going to reinstall Nero, which will require Net Framework 4 for one of it’s programs to work, and I assume then the WU Net Framework 4 updates will be reoffered. I will let you know how it goes.

Regards, Roy

Reply | Quote

I reinstalled Nero, which as I said required Net Framework 4, and then the Net Framework 4 updates were reoffered and they installed successfully. I also uninstalled Nero Backup using Revo Uninstaller Pro, but had to be very selective in choosing which items found by Revo to delete. Revo seems to find it impossible to distinguish between the various Nero programs, which are so intertwined. Finally I did a manual search for Nero Backup in regedit, and deleted the remaining entries.

I haven’t had a BSOD for several days now, and hope the problem is finally solved.

Thanks to everyone who contributed to this thread.

Regards, Roy

Reply | Quote