# Vista Stop 0x0000008E



## Onitheris (Oct 23, 2008)

About 2 weeks ago I built the computer specified below, mainly for gaming, but for other regular functions. After everything got set up it seemed like it was all fine except I get Blue Screen of Deaths every so often that really have me worried something more could be wrong. So far though they haven't happened regularly. There isn't one particular thing I do that causes them. The last time it happened it was when restarting my computer, however there may have been a time where it did it without it being restarted.

I've run all sorts of scans, AVG, Ad-Aware, Spy-Bot and they havne't really found anything. I've also run a MemTest 86 because I read that this problem sometimes signifies problems in memory but it didn't come up with any errors.

As I said this doesn't happen lie every time I restart or start the comp up, or when I open a certain program so I'm not sure what the cause of it is. Since they've happened sporadically I don't even remember the conditions of all the times it's happened because it seemed so random. If I had to make a stab in the dark I'd say that at least two of them happened after I finished playing games like Call of Duty 4 and then restarted my computer, but I can't swear by that being hte only time it happens.

Since I just built this thing 2 maybe 3 weeks ago, the drivers are pretty much up to date as I installed them all after I finished building. Any idea on what the hell is up with my computer? The next string after 0x0000008E I THINK (only wrote down the first one) is 0xC000005 but I won't swear to that. Please, help, this is just eating away at me until I find out what the problem is, but more importantly how to fix the problem.

My Machine:

Video Card: Nvidia GeForce 9800 GTX+
CPU: Intell Core 2 Duo
PSU: Corsair TX 650W
Motherboard: Gigabyte EP45-DS3L
RAM: OCZ Reaper 2x 2GB
OS: Vista Ultimate


----------



## Sparky09 (Sep 17, 2008)

Well unfortunatly that error message is difficult to decifer. I've had that error message with anything from a corrupt windows to bad hardware and everything in between. My advice.. the next time it happens open eventviewer if you haven't tried that already. (start-run-eventvwr.msc). It may give you some error messages to help narrow it down. 

If it does you may have to use debugging tools for windows which can be found here: http://www.microsoft.com/whdc/devtools/debugging/default.mspx to open your .dmp files. I'm not sure where these are saved in windows vista so you may have to do a search for .dmp. You will have to load symbols in the program which can be found under file menu and I can't remember the exact name for the menu item to choose but it has something to do with symbols. If you need more info I can download it and let you know. 

Enter SRV*c:\symbols*http://msdl.microsoft.com/download/symbols into the symbol path and then open the latest dump file. If you can get through this post it and we can take a look to see if it helps us narrow it down to a particular file or driver causing the crash. 

I'm being quite vague because details may end up in a very long boring post but if you need more direction let me know and Ill walk you through it step by step.


----------



## Onitheris (Oct 23, 2008)

Well I got the screen again just now, and I wasn't just coming off using a game or anything, in fact I hadn't been using the computer for several hours, decided to restart it and boom, blue screen, same error message: 0x0000008E (0xC0000005, 0x820222CB, 0x9EA4BB74, 0x00000000)

However I'm not sure where in eventviwer it tells me if it recorded that error. I haven't really used the computer for much today, and the viewer says there are about 10 errors

This is really frustrating me as I can't even imagine what woudl be causing this, any more help?


----------



## dai (Jul 2, 2004)

Nvidia GeForce 9800 GTX+ you need 750w min
8e error usually relates to ram or video drivers being the cause
run memtest on the ram 1 stick at a time
http://www.memtest.org/


----------



## jenae (Jun 17, 2008)

Hi, the tests on that video card were run with 1000w psu's should tell you something. I have often found the "E" in the error relates back to memory the voltage is rated at 2.1 for this memory, maybe try with different sticks to see if one is faulty this is the OCZ forum tools page:-
http://www.ocztechnologyforum.com/forum/be_pagegen.php?id=tools
BTW thats a nice rig you have built yourself :normal:


----------



## Onitheris (Oct 23, 2008)

Well I ran Memtest for each stick individually and I still didn't get any errors. Could the Blue Screen be caused by lack of power to Video Card or is that just something that I should eventually fix and upgrade for better usage out of it?

If it is the RAM, even though the Memtest found nothing, what else could be done? Any settings for the RAM that might fix it? And does the fact it does it on restarts point to anything?

Or, is there a way to find out if it is indeed the RAM or if it is the video driver like some theorized?


----------



## jcgriff2 (Sep 30, 2007)

0x8e bugcheck = Kernel mode exception not handled.

Gather mini kernel dumps - c:\windows\minidump - all files - you may have to copy them out to another folder prior to zipping them.

Also run msinfo32 -
START | type msinfo32 & hit enter - save it as an NFO file (file extension default - you'll see it when you go to save it). Zip all up and I'll take a look at dumps.

As dai said - a 0x8e does list video as suspect.

jcgriff2

.


----------



## Onitheris (Oct 23, 2008)

Well, there was only one minidump in that directory, and I got the INF file. They are both in a folder, zipped, here.


----------



## jcgriff2 (Sep 30, 2007)

Hi. . .

Usually, I like multiple kernel dumps to help rule in or out a cause. But this one pointed straight at Avira GmbH.

Bugcheck 0x1000008e (0xc0000005 0x820222cb 0x9ea4bb74 0x0), probable cause = Avira GmbH driver *avipbb.sys*, timestamp _Thu Feb 28 09:57:54 2008 (47C6CBF2)_.

Get rid of this software or see if update available and see if BSODs cease.

Dbug log below.

Regards. . .

jcgriff2

.

```
Loading Dump File [A:\D\#Dumps\Onitheris_Vista_10-26-08\Mini102508-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*a:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Kernel base = 0x81e05000 PsLoadedModuleList = 0x81f1cc70
Debug session time: Sat Oct 25 20:51:18.030 2008 (GMT-4)
System Uptime: 1 days 4:38:06.458
Loading Kernel Symbols
..................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 820222cb, 9ea4bb74, 0}

*** WARNING: Unable to verify timestamp for avipbb.sys
*** ERROR: Module load completed but symbols could not be loaded for avipbb.sys
GetPointerFromAddress: unable to read from 81f3c868
Unable to read MiSystemVaType memory at 81f1c420
GetPointerFromAddress: unable to read from 81f3c868
Unable to read MiSystemVaType memory at 81f1c420
GetPointerFromAddress: unable to read from 81f3c868
Unable to read MiSystemVaType memory at 81f1c420
Probably caused by : avipbb.sys ( avipbb+6533 )

Followup: MachineOwner
---------

0: kd> !analyze -v;r;kv;lmtn
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 820222cb, The address that the exception occurred at
Arg3: 9ea4bb74, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

GetPointerFromAddress: unable to read from 81f3c868
Unable to read MiSystemVaType memory at 81f1c420
GetPointerFromAddress: unable to read from 81f3c868
Unable to read MiSystemVaType memory at 81f1c420
GetPointerFromAddress: unable to read from 81f3c868
Unable to read MiSystemVaType memory at 81f1c420

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!ObpCloseHandleTableEntry+20
820222cb 83787400        cmp     dword ptr [eax+74h],0

TRAP_FRAME:  9ea4bb74 -- (.trap 0xffffffff9ea4bb74)
ErrCode = 00000000
eax=00000005 ebx=b0c37520 ecx=879eb670 edx=b13d7018 esi=b13d7018 edi=879eb670
eip=820222cb esp=9ea4bbe8 ebp=9ea4bc20 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
nt!ObpCloseHandleTableEntry+0x20:
820222cb 83787400        cmp     dword ptr [eax+74h],0 ds:0023:00000079=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  GSvr.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 81fe88fb to 820222cb

STACK_TEXT:  
9ea4bc20 81fe88fb 94a73d78 b0c37520 87c7d678 nt!ObpCloseHandleTableEntry+0x20
9ea4bc50 81fe887f 94a73d78 9ea4bc64 87c7d678 nt!ExSweepHandleTable+0x5f
9ea4bc70 82013fe3 2de7cbe5 879eb8d0 879eb670 nt!ObKillProcess+0x54
9ea4bcd4 820143fb 00000000 00000000 879eb670 nt!PspExitThread+0x5b6
9ea4bcf4 81fe8160 879eb670 00000000 00000001 nt!PspTerminateThreadByPointer+0x5b
9ea4bd24 8f882533 ffffffff 00000000 ffffffff nt!NtTerminateProcess+0x1e0
WARNING: Stack unwind information not available. Following frames may be wrong.
9ea4bd54 81e5ca1a 00000000 00000000 0012ff20 avipbb+0x6533
9ea4bd54 77b99a94 00000000 00000000 0012ff20 nt!KiFastCallEntry+0x12a
0012ff20 00000000 00000000 00000000 00000000 0x77b99a94


STACK_COMMAND:  kb

FOLLOWUP_IP: 
avipbb+6533
8f882533 ??              ???

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  avipbb+6533

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: avipbb

IMAGE_NAME:  avipbb.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  47c6cbf2

FAILURE_BUCKET_ID:  0x8E_avipbb+6533

BUCKET_ID:  0x8E_avipbb+6533

Followup: MachineOwner
---------

eax=00000005 ebx=b0c37520 ecx=879eb670 edx=b13d7018 esi=b13d7018 edi=879eb670
eip=820222cb esp=9ea4bbe8 ebp=9ea4bc20 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
nt!ObpCloseHandleTableEntry+0x20:
820222cb 83787400        cmp     dword ptr [eax+74h],0 ds:0023:00000079=????????
ChildEBP RetAddr  Args to Child              
9ea4bc20 81fe88fb 94a73d78 b0c37520 87c7d678 nt!ObpCloseHandleTableEntry+0x20
9ea4bc50 81fe887f 94a73d78 9ea4bc64 87c7d678 nt!ExSweepHandleTable+0x5f
9ea4bc70 82013fe3 2de7cbe5 879eb8d0 879eb670 nt!ObKillProcess+0x54
9ea4bcd4 820143fb 00000000 00000000 879eb670 nt!PspExitThread+0x5b6
9ea4bcf4 81fe8160 879eb670 00000000 00000001 nt!PspTerminateThreadByPointer+0x5b
9ea4bd24 8f882533 ffffffff 00000000 ffffffff nt!NtTerminateProcess+0x1e0
WARNING: Stack unwind information not available. Following frames may be wrong.
9ea4bd54 81e5ca1a 00000000 00000000 0012ff20 avipbb+0x6533
9ea4bd54 77b99a94 00000000 00000000 0012ff20 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9ea4bd64)
0012ff20 00000000 00000000 00000000 00000000 0x77b99a94
start    end        module name
80400000 8040f000   volmgr   volmgr.sys   Sat Jan 19 00:49:51 2008 (47918F7F)
8040f000 80417000   kdcom    kdcom.dll    Sat Jan 19 02:31:53 2008 (4791A769)
80417000 80477000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Jan 19 02:29:43 2008 (4791A6E7)
80477000 80488000   PSHED    PSHED.dll    Sat Jan 19 02:31:21 2008 (4791A749)
80488000 80490000   BOOTVID  BOOTVID.dll  Sat Jan 19 02:27:15 2008 (4791A653)
80490000 804d1000   CLFS     CLFS.SYS     Sat Jan 19 00:28:01 2008 (47918A61)
804d1000 805b1000   CI       CI.dll       Fri Feb 22 00:00:56 2008 (47BE5708)
805b1000 805f7000   acpi     acpi.sys     Sat Jan 19 00:32:48 2008 (47918B80)
80606000 80682000   Wdf01000 Wdf01000.sys Sat Jan 19 00:52:21 2008 (47919015)
80682000 8068f000   WDFLDR   WDFLDR.SYS   Sat Jan 19 00:52:19 2008 (47919013)
8068f000 8078f000   sptd     sptd.sys     Wed Mar 05 19:32:57 2008 (47CF3BB9)
8078f000 80798000   WMILIB   WMILIB.SYS   Sat Jan 19 00:53:08 2008 (47919044)
80798000 807be000   SCSIPORT SCSIPORT.SYS Sat Jan 19 00:49:44 2008 (47918F78)
807be000 807c6000   msisadrv msisadrv.sys Sat Jan 19 00:32:51 2008 (47918B83)
807c6000 807ed000   pci      pci.sys      Sat Jan 19 00:32:57 2008 (47918B89)
807ed000 807fc000   partmgr  partmgr.sys  Sat Jan 19 00:49:54 2008 (47918F82)
80c09000 80c74000   HTTP     HTTP.sys     Sat Jan 19 00:55:21 2008 (479190C9)
80c74000 80c91000   srvnet   srvnet.sys   Sat Jan 19 00:29:11 2008 (47918AA7)
80c91000 80caa000   bowser   bowser.sys   Sat Jan 19 00:28:26 2008 (47918A7A)
80caa000 80cbf000   mpsdrv   mpsdrv.sys   Sat Jan 19 00:54:45 2008 (479190A5)
80cbf000 80cdf000   mrxdav   mrxdav.sys   Sat Jan 19 00:28:44 2008 (47918A8C)
80cdf000 80cfe000   mrxsmb   mrxsmb.sys   Sat Jan 19 00:28:33 2008 (47918A81)
80cfe000 80d37000   mrxsmb10 mrxsmb10.sys Thu May 08 15:21:54 2008 (482352D2)
80d37000 80d4f000   mrxsmb20 mrxsmb20.sys Sat Jan 19 00:28:35 2008 (47918A83)
80d4f000 80d76000   srv2     srv2.sys     Sat Jan 19 00:29:14 2008 (47918AAA)
80dc2000 80dc9000   parvdm   parvdm.sys   unavailable (00000000)
81e05000 821be000   nt       ntkrpamp.exe Wed Sep 17 22:07:54 2008 (48D1B7FA)
821be000 821f1000   hal      halmacpi.dll Sat Jan 19 00:27:20 2008 (47918A38)
8a80e000 8a858000   volmgrx  volmgrx.sys  Sat Jan 19 00:50:00 2008 (47918F88)
8a858000 8a85f000   pciide   pciide.sys   Sat Jan 19 00:49:42 2008 (47918F76)
8a85f000 8a86d000   PCIIDEX  PCIIDEX.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
8a86d000 8a87d000   mountmgr mountmgr.sys Sat Jan 19 00:49:13 2008 (47918F59)
8a87d000 8a885000   atapi    atapi.sys    Sat Jan 19 00:49:40 2008 (47918F74)
8a885000 8a8a3000   ataport  ataport.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
8a8a3000 8a8d5000   fltmgr   fltmgr.sys   Sat Jan 19 00:28:10 2008 (47918A6A)
8a8d5000 8a8e5000   fileinfo fileinfo.sys Sat Jan 19 00:34:27 2008 (47918BE3)
8a8e5000 8a956000   ksecdd   ksecdd.sys   Sat Jan 19 00:41:20 2008 (47918D80)
8a956000 8a997000   storport storport.sys Sat Jan 19 00:49:49 2008 (47918F7D)
8a997000 8a9a2000   TDI      TDI.SYS      Sat Jan 19 00:57:10 2008 (47919136)
8a9a2000 8a9b9000   rasl2tp  rasl2tp.sys  Sat Jan 19 00:56:33 2008 (47919111)
8a9b9000 8a9c4000   ndistapi ndistapi.sys Sat Jan 19 00:56:24 2008 (47919108)
8a9c4000 8a9e7000   ndiswan  ndiswan.sys  Sat Jan 19 00:56:32 2008 (47919110)
8a9e7000 8a9f6000   raspppoe raspppoe.sys Sat Jan 19 00:56:33 2008 (47919111)
8aa0a000 8ab15000   ndis     ndis.sys     Sat Jan 19 00:55:51 2008 (479190E7)
8ab15000 8ab40000   msrpc    msrpc.sys    unavailable (00000000)
8ab40000 8ab7a000   NETIO    NETIO.SYS    Sat Jan 19 00:56:19 2008 (47919103)
8ab7a000 8ab92000   parport  parport.sys  Sat Jan 19 00:49:32 2008 (47918F6C)
8ab92000 8abc9000   axov79cz axov79cz.SYS Sun Jul 20 20:16:38 2008 (4883D566)
8abc9000 8abf7000   msiscsi  msiscsi.sys  Sat Jan 19 00:50:44 2008 (47918FB4)
8ac0a000 8acf1000   tcpip    tcpip.sys    Sat Apr 26 02:00:17 2008 (4812C4F1)
8acf1000 8ad0c000   fwpkclnt fwpkclnt.sys Sat Jan 19 00:55:44 2008 (479190E0)
8ad48000 8ad51000   tunmp    tunmp.sys    Sat Jan 19 00:55:40 2008 (479190DC)
8ad51000 8ad60000   intelppm intelppm.sys Sat Jan 19 00:27:20 2008 (47918A38)
8ad60000 8ad6f000   usbehci  usbehci.sys  Sat Jan 19 00:53:21 2008 (47919051)
8ad6f000 8ad81000   HDAudBus HDAudBus.sys Tue Nov 27 18:18:41 2007 (474CA5D1)
8ad81000 8ad99000   cdrom    cdrom.sys    Sat Jan 19 00:49:50 2008 (47918F7E)
8ad99000 8adb1000   Rtlh86   Rtlh86.sys   Mon Jun 25 01:37:23 2007 (467F5493)
8adb1000 8adc0200   ohci1394 ohci1394.sys Sat Jan 19 00:53:33 2008 (4791905D)
8adc1000 8adce080   1394BUS  1394BUS.SYS  Sat Jan 19 00:53:27 2008 (47919057)
8adcf000 8adda000   fdc      fdc.sys      Sat Jan 19 00:49:37 2008 (47918F71)
8adda000 8adf4000   serial   serial.sys   Sat Jan 19 00:49:34 2008 (47918F6E)
8adf4000 8adfe000   serenum  serenum.sys  Sat Jan 19 00:49:29 2008 (47918F69)
8ae00000 8ae09000   crcdisk  crcdisk.sys  Sat Jan 19 00:50:29 2008 (47918FA5)
8ae09000 8af18000   Ntfs     Ntfs.sys     Sat Jan 19 00:28:54 2008 (47918A96)
8af18000 8af51000   volsnap  volsnap.sys  Sat Jan 19 00:50:10 2008 (47918F92)
8af51000 8af59000   spldr    spldr.sys    Thu Jun 21 20:29:17 2007 (467B17DD)
8af59000 8af6f000   sbp2port sbp2port.sys Sat Jan 19 00:49:51 2008 (47918F7F)
8af6f000 8af7e000   mup      mup.sys      Sat Jan 19 00:28:20 2008 (47918A74)
8af7e000 8afa5000   ecache   ecache.sys   Sat Jan 19 00:50:47 2008 (47918FB7)
8afa5000 8afc9000   fvevol   fvevol.sys   Sat Jan 19 00:27:09 2008 (47918A2D)
8afc9000 8afda000   disk     disk.sys     Sat Jan 19 00:49:47 2008 (47918F7B)
8afda000 8affb000   CLASSPNP CLASSPNP.SYS Sat Jan 19 00:49:36 2008 (47918F70)
8affb000 8affd700   GEARAspiWDM GEARAspiWDM.sys Tue Apr 08 15:15:38 2008 (47FBC45A)
8e800000 8ef09fa0   nvlddmkm nvlddmkm.sys Tue Oct 07 17:31:27 2008 (48EBD52F)
8ef0a000 8efa9000   dxgkrnl  dxgkrnl.sys  Fri Aug 01 21:01:19 2008 (4893B1DF)
8efa9000 8efb6000   watchdog watchdog.sys Sat Jan 19 00:35:29 2008 (47918C21)
8efb6000 8efc1000   usbuhci  usbuhci.sys  Sat Jan 19 00:53:20 2008 (47919050)
8efc1000 8efff000   USBPORT  USBPORT.SYS  Sat Jan 19 00:53:23 2008 (47919053)
8f20f000 8f223000   raspptp  raspptp.sys  Sat Jan 19 00:56:34 2008 (47919112)
8f223000 8f238000   rassstp  rassstp.sys  Sat Jan 19 00:56:43 2008 (4791911B)
8f238000 8f2c1000   rdpdr    rdpdr.sys    Sat Jan 19 01:02:27 2008 (47919273)
8f2c1000 8f2d1000   termdd   termdd.sys   Sat Jan 19 01:01:06 2008 (47919222)
8f2d1000 8f2dc000   kbdclass kbdclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
8f2dc000 8f2e7000   mouclass mouclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
8f2e7000 8f2e8380   swenum   swenum.sys   Sat Jan 19 00:49:20 2008 (47918F60)
8f2e9000 8f313000   ks       ks.sys       Sat Jan 19 00:49:21 2008 (47918F61)
8f313000 8f31d000   mssmbios mssmbios.sys Sat Jan 19 00:32:55 2008 (47918B87)
8f31d000 8f32a000   umbus    umbus.sys    Sat Jan 19 00:53:40 2008 (47919064)
8f32a000 8f35e000   usbhub   usbhub.sys   Sat Jan 19 00:53:40 2008 (47919064)
8f35e000 8f368000   flpydisk flpydisk.sys Sat Jan 19 00:49:37 2008 (47918F71)
8f368000 8f379000   NDProxy  NDProxy.SYS  Sat Jan 19 00:56:28 2008 (4791910C)
8f379000 8f3b5000   rdbss    rdbss.sys    Sat Jan 19 00:28:34 2008 (47918A82)
8f40e000 8f615c80   RTKVHDA  RTKVHDA.sys  Wed May 07 07:22:33 2008 (482190F9)
8f616000 8f643000   portcls  portcls.sys  Sat Jan 19 00:53:17 2008 (4791904D)
8f643000 8f668000   drmk     drmk.sys     Sat Jan 19 01:53:02 2008 (47919E4E)
8f668000 8f671000   Fs_Rec   Fs_Rec.SYS   unavailable (00000000)
8f671000 8f678000   Null     Null.SYS     unavailable (00000000)
8f678000 8f67f000   Beep     Beep.SYS     Sat Jan 19 00:49:10 2008 (47918F56)
8f688000 8f68e380   HIDPARSE HIDPARSE.SYS Sat Jan 19 00:53:16 2008 (4791904C)
8f68f000 8f69b000   vga      vga.sys      Sat Jan 19 00:52:06 2008 (47919006)
8f69b000 8f6bc000   VIDEOPRT VIDEOPRT.SYS Sat Jan 19 00:52:10 2008 (4791900A)
8f6bc000 8f6c4000   RDPCDD   RDPCDD.sys   Sat Jan 19 01:01:08 2008 (47919224)
8f6c4000 8f6cc000   rdpencdd rdpencdd.sys Sat Jan 19 01:01:09 2008 (47919225)
8f6cc000 8f6d7000   Msfs     Msfs.SYS     unavailable (00000000)
8f6d7000 8f6e5000   Npfs     Npfs.SYS     Sat Jan 19 00:28:09 2008 (47918A69)
8f6e5000 8f6ee000   rasacd   rasacd.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8f6ee000 8f704000   tdx      tdx.sys      Sat Jan 19 00:55:58 2008 (479190EE)
8f704000 8f718000   smb      smb.sys      Sat Jan 19 00:55:27 2008 (479190CF)
8f718000 8f760000   afd      afd.sys      Sat Jan 19 00:57:00 2008 (4791912C)
8f760000 8f792000   netbt    netbt.sys    Sat Jan 19 00:55:33 2008 (479190D5)
8f792000 8f7a8000   pacer    pacer.sys    Fri Apr 04 21:21:42 2008 (47F6D426)
8f7a8000 8f7b6000   netbios  netbios.sys  Sat Jan 19 00:55:45 2008 (479190E1)
8f7b6000 8f7c9000   wanarp   wanarp.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8f7c9000 8f7ce880   ssmdrv   ssmdrv.sys   Wed Feb 28 10:43:23 2007 (45E5A31B)
8f7cf000 8f7d9000   nsiproxy nsiproxy.sys Sat Jan 19 00:55:50 2008 (479190E6)
8f7d9000 8f7ec000   rspndr   rspndr.sys   Sat Jan 19 00:55:03 2008 (479190B7)
8f80b000 8f865000   csc      csc.sys      Sat Jan 19 00:28:54 2008 (47918A96)
8f865000 8f87c000   dfsc     dfsc.sys     Sat Jan 19 00:28:20 2008 (47918A74)
8f87c000 8f88e100   avipbb   avipbb.sys   Thu Feb 28 09:57:54 2008 (47C6CBF2)
8f88f000 8f890800   avgio    avgio.sys    Thu Feb 22 09:57:32 2007 (45DDAF5C)
8f891000 8f89e000   crashdmp crashdmp.sys Sat Jan 19 00:49:43 2008 (47918F77)
8f89e000 8f8a9000   dump_dumpata dump_dumpata.sys Sat Jan 19 00:49:40 2008 (47918F74)
8f8a9000 8f8b1000   dump_atapi dump_atapi.sys Sat Jan 19 00:49:40 2008 (47918F74)
8f8b1000 8f8c2000   dump_dumpfve dump_dumpfve.sys Sat Jan 19 00:27:05 2008 (47918A29)
8f8c2000 8f8d9000   usbccgp  usbccgp.sys  Sat Jan 19 00:53:29 2008 (47919059)
8f8d9000 8f8da700   USBD     USBD.SYS     Sat Jan 19 00:53:17 2008 (4791904D)
8f8db000 8f8e5000   Dxapi    Dxapi.sys    Sat Jan 19 00:36:12 2008 (47918C4C)
8f8e5000 8f8ee000   hidusb   hidusb.sys   Sat Jan 19 00:53:17 2008 (4791904D)
8f8ee000 8f8fe000   HIDCLASS HIDCLASS.SYS Sat Jan 19 00:53:16 2008 (4791904C)
8f8fe000 8f907000   kbdhid   kbdhid.sys   Sat Jan 19 00:49:17 2008 (47918F5D)
8f907000 8f90c900   dadder   dadder.sys   Thu Aug 02 05:32:24 2007 (46B1A4A8)
8f90d000 8f915000   mouhid   mouhid.sys   Sat Jan 19 00:49:16 2008 (47918F5C)
8f915000 8f924000   monitor  monitor.sys  Sat Jan 19 00:52:19 2008 (47919013)
8f924000 8f93f000   luafv    luafv.sys    Sat Jan 19 00:30:35 2008 (47918AFB)
8f93f000 8f9ee000   spsys    spsys.sys    Thu Jun 21 20:33:02 2007 (467B18BE)
8f9ee000 8f9fe000   lltdio   lltdio.sys   Sat Jan 19 00:55:03 2008 (479190B7)
95490000 95692000   win32k   win32k.sys   unavailable (00000000)
956b0000 956b9000   TSDDD    TSDDD.dll    unavailable (00000000)
956d0000 956de000   cdd      cdd.dll      unavailable (00000000)
9f404000 9f4e2000   peauth   peauth.sys   Mon Oct 23 04:55:32 2006 (453C8384)
9f4e2000 9f4ec000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
9f4ec000 9f4f8000   tcpipreg tcpipreg.sys Sat Jan 19 00:56:07 2008 (479190F7)
9f4f8000 9f50b000   avgntflt avgntflt.sys Mon Feb 18 08:14:41 2008 (47B984C1)
9f50b000 9f50d3e0   gdrv     gdrv.sys     Fri Dec 07 01:21:04 2007 (4758E650)
9f50e000 9f524000   cdfs     cdfs.sys     Sat Jan 19 00:28:02 2008 (47918A62)
9f563000 9f56e000   tunnel   tunnel.sys   Sat Jan 19 00:55:50 2008 (479190E6)
9f576000 9f57f000   asyncmac asyncmac.sys Sat Jan 19 00:56:29 2008 (4791910D)

Unloaded modules:
80d76000 80dc2000   srv.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9f56e000 9f576000   usbaapl.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9f558000 9f563000   tunnel.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ad3d000 8ad48000   tunnel.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9f534000 9f53f000   hiber_atapor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9f53f000 9f547000   hiber_atapi.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9f547000 9f558000   hiber_dumpfv
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9f52c000 9f534000   usbaapl.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9f524000 9f52c000   usbaapl.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ad0c000 8ad19000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ad19000 8ad24000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ad24000 8ad2c000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ad2c000 8ad3d000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8f67f000 8f688000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
0: kd> lmvm avipbb
start    end        module name
8f87c000 8f88e100   avipbb   T (no symbols)           
    Loaded symbol image file: avipbb.sys
    Image path: \SystemRoot\system32\DRIVERS\avipbb.sys
    Image name: avipbb.sys
    Timestamp:        Thu Feb 28 09:57:54 2008 (47C6CBF2)
    CheckSum:         0001D310
    ImageSize:        00012100
    Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0
```


----------



## Onitheris (Oct 23, 2008)

Alright, the software is AntiVir, a Anti Virus program but I can easily switch to another one recomended by a friend. Just to be positive though, you mentioned the one the bugcheck found was 0x1...8e and the blue screen I got said 0x0...8E, is it still the same thing? And will uninstalling the program do the job or will I need to hunt for some file and delete it too?


----------



## jcgriff2 (Sep 30, 2007)

Good point - and a damn good observation. I usually elaborate on such, but for some reason did not do so this time.

A bugcheck of 0x1000008e is the same as 0x0000008e (0x8e). The former is the one that showed up in the dump.

Per Microsoft - 


> Bug check 0x1000008E ( KERNEL_MODE_EXCEPTION_NOT_HANDLED_M) has the same meaning and parameters as bug check 0x8E (KERNEL_MODE_EXCEPTION_NOT_HANDLED).


Please let me know how things turn out.

Regards. . .

jcgriff2


----------



## Onitheris (Oct 23, 2008)

Well your suggestion fixed the problem, yet seemed to have created a new one. For about a day or so it was all fine but then I got a new blue screen that I've never seen before.

bad_pool_caller

0x000000c2

All I did after the old error was remove AntiVira Virus Guard and replaced it with AVG, however its hard to just remove that since its an Anti Virus program, I want to be sure thats the problem first. Here's the dump from the error, here

Any more help would really be appreciated, as its very frustrating to finally get a problem fixed butget another one.


----------



## Onitheris (Oct 23, 2008)

bah, wrong url to the mini dump it's here


----------



## jcgriff2 (Sep 30, 2007)

Hi. . .

The bugcheck on that last dump was 0x000000c2 (0x00000007, 0x0000110b, 0x0, 0xb20850b0), listing the probable cause as the Vista NT Kernel - ntkrpamp.exe.

0xc2 bugcheck = BAD_POOL_CALLER and indicates that the current thread is making a bad pool request. Looking at the first parm - 0x7 - it tells us that the thread in question attempted to free memory which was already freed.

I would suggest that you run chkdsk /r & re-run memtest86. Also, run the Vista Driver Verifier -
*START | type cmd.exe | right-click on cmd.exe uptop under programs | Run as Administrator | type verifier & hit enter - the Verifier screen will appear | do the following:*

```
[b]
1. Select 2nd option - Create custom settings (for code developers)
2. Select 2nd option - Select individual settings from a full list.
3. Check the boxes
[indent]• Special Pool 
• Pool Tracking 
• Force IRQL checking[/indent]
4. Select last option - Select driver names from a list 
5. Click on the Provider heading - sorts list by Provider
6. Check ALL boxes where Microsoft is not the Provider
7. Click on Finish 
8. Re-boot
[/b]
```
If the Driver Verifier (DV) finds a violation, it will result in a BSOD. If so, get the dump and a fresh msinfo32 NFO file, zip them up and attach to next post. To check the status of the verifier, go back into the 1st screen and select the last option.

Any ? - please let me know.

Regards. . .

jcgriff2

*dbug log*

```
Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [A:\D\#Dumps\Onitheris_Vista_10-26-08\Mini102908-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*a:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Kernel base = 0x81e0d000 PsLoadedModuleList = 0x81f24c70
Debug session time: Wed Oct 29 16:54:03.282 2008 (GMT-4)
System Uptime: 0 days 19:24:27.604
Loading Kernel Symbols
................................................................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, 110b, 0, b20850b0}

GetPointerFromAddress: unable to read from 81f44868
Unable to read MiSystemVaType memory at 81f24420
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
*** WARNING: Unable to verify timestamp for secdrv.SYS
*** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
*** WARNING: Unable to verify timestamp for ax02dk9e.SYS
*** ERROR: Module load completed but symbols could not be loaded for ax02dk9e.SYS
*** WARNING: Unable to verify timestamp for Rtlh86.sys
*** ERROR: Module load completed but symbols could not be loaded for Rtlh86.sys
*** WARNING: Unable to verify timestamp for dadder.sys
*** ERROR: Module load completed but symbols could not be loaded for dadder.sys
*** ERROR: Module load completed but symbols could not be loaded for spldr.sys
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
*** WARNING: Unable to verify timestamp for GEARAspiWDM.sys
*** ERROR: Module load completed but symbols could not be loaded for GEARAspiWDM.sys
*** WARNING: Unable to verify timestamp for avgldx86.sys
*** ERROR: Module load completed but symbols could not be loaded for avgldx86.sys
*** WARNING: Unable to verify timestamp for RTKVHDA.sys
*** ERROR: Module load completed but symbols could not be loaded for RTKVHDA.sys
*** WARNING: Unable to verify timestamp for drmk.sys
*** ERROR: Module load completed but symbols could not be loaded for drmk.sys
*** WARNING: Unable to verify timestamp for avgmfx86.sys
*** ERROR: Module load completed but symbols could not be loaded for avgmfx86.sys
*** WARNING: Unable to verify timestamp for gdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for gdrv.sys
*** WARNING: Unable to verify timestamp for spsys.sys
*** ERROR: Module load completed but symbols could not be loaded for spsys.sys
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*** WARNING: Unable to verify timestamp for TSDDD.dll
*** ERROR: Module load completed but symbols could not be loaded for TSDDD.dll
*** WARNING: Unable to verify timestamp for cdd.dll
*** ERROR: Module load completed but symbols could not be loaded for cdd.dll
GetPointerFromAddress: unable to read from 81f44868
Unable to read MiSystemVaType memory at 81f24420
Probably caused by : ntkrpamp.exe ( nt!ExFreePoolWithTag+17f )

Followup: MachineOwner
---------

0: kd> !analyze -v;r;kv;lmtn
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 0000110b, (reserved)
Arg3: 00000000, Memory contents of the pool block
Arg4: b20850b0, Address of the block of pool being deallocated

Debugging Details:
------------------

GetPointerFromAddress: unable to read from 81f44868
Unable to read MiSystemVaType memory at 81f24420
GetPointerFromAddress: unable to read from 81f44868
Unable to read MiSystemVaType memory at 81f24420

POOL_ADDRESS: GetPointerFromAddress: unable to read from 81f44868
Unable to read MiSystemVaType memory at 81f24420
 b20850b0 

BUGCHECK_STR:  0xc2_7

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 81efb00c to 81eda0e3

STACK_TEXT:  
9dd03a9c 81efb00c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
9dd03b14 81efa3ae b20850b0 00000000 9dd03b30 nt!ExFreePoolWithTag+0x17f
9dd03b24 8a8a4ab8 b20850b0 9dd03b40 8a8ab323 nt!ExFreePool+0xf
9dd03b30 8a8ab323 8a8b2b80 b20850b0 9dd03b54 fltmgr!ExFreeToPagedLookasideList+0x1e
9dd03b40 8a8c23bc b20850b0 b0a410f8 00000000 fltmgr!FltpReleaseStreamListCtrl+0x1f
9dd03b54 82033d08 b20850b4 7bddf08d 00000000 fltmgr!DeleteStreamListCtrlCallback+0x60
9dd03b94 8aea7d9b b0a410f8 b0a41008 b0a410f8 nt!FsRtlTeardownPerStreamContexts+0x135
9dd03bb0 8ae92e6c 00000705 b0a41030 b0a41008 Ntfs!NtfsDeleteScb+0x1f4
9dd03bc8 8ae1915a 84b8ccf0 b0a410f8 00000000 Ntfs!NtfsRemoveScb+0xc0
9dd03be4 8ae92c55 84b8ccf0 b0a41008 00000000 Ntfs!NtfsPrepareFcbForRemoval+0x59
9dd03c28 8ae1abde 84b8ccf0 b0a410f8 b0a41298 Ntfs!NtfsTeardownStructures+0x62
9dd03c50 8ae98b66 84b8ccf0 b0a410f8 b0a41298 Ntfs!NtfsDecrementCloseCounts+0xad
9dd03cb0 8aea71d4 84b8ccf0 b0a410f8 b0a41008 Ntfs!NtfsCommonClose+0x4da
9dd03d44 81e45445 00000000 00000000 85ecb5f0 Ntfs!NtfsFspClose+0x117
9dd03d7c 81fe2b18 00000000 7bddf6d9 00000000 nt!ExpWorkerThread+0xfd
9dd03dc0 81e3ba2e 81e45348 80000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExFreePoolWithTag+17f
81efb00c cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExFreePoolWithTag+17f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  48d1b7fa

FAILURE_BUCKET_ID:  0xc2_7_nt!ExFreePoolWithTag+17f

BUCKET_ID:  0xc2_7_nt!ExFreePoolWithTag+17f

Followup: MachineOwner
---------

eax=81f05920 ebx=0000110b ecx=81f0d1f8 edx=000000e8 esi=81f0593c edi=9dd03710
eip=81eda0e3 esp=9dd03a80 ebp=9dd03a9c iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000202
nt!KeBugCheckEx+0x1e:
81eda0e3 8be5            mov     esp,ebp
ChildEBP RetAddr  Args to Child              
9dd03a9c 81efb00c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
9dd03b14 81efa3ae b20850b0 00000000 9dd03b30 nt!ExFreePoolWithTag+0x17f
9dd03b24 8a8a4ab8 b20850b0 9dd03b40 8a8ab323 nt!ExFreePool+0xf
9dd03b30 8a8ab323 8a8b2b80 b20850b0 9dd03b54 fltmgr!ExFreeToPagedLookasideList+0x1e (FPO: [Non-Fpo])
9dd03b40 8a8c23bc b20850b0 b0a410f8 00000000 fltmgr!FltpReleaseStreamListCtrl+0x1f (FPO: [Non-Fpo])
9dd03b54 82033d08 b20850b4 7bddf08d 00000000 fltmgr!DeleteStreamListCtrlCallback+0x60 (FPO: [Non-Fpo])
9dd03b94 8aea7d9b b0a410f8 b0a41008 b0a410f8 nt!FsRtlTeardownPerStreamContexts+0x135
9dd03bb0 8ae92e6c 00000705 b0a41030 b0a41008 Ntfs!NtfsDeleteScb+0x1f4 (FPO: [Non-Fpo])
9dd03bc8 8ae1915a 84b8ccf0 b0a410f8 00000000 Ntfs!NtfsRemoveScb+0xc0 (FPO: [Non-Fpo])
9dd03be4 8ae92c55 84b8ccf0 b0a41008 00000000 Ntfs!NtfsPrepareFcbForRemoval+0x59 (FPO: [Non-Fpo])
9dd03c28 8ae1abde 84b8ccf0 b0a410f8 b0a41298 Ntfs!NtfsTeardownStructures+0x62 (FPO: [Non-Fpo])
9dd03c50 8ae98b66 84b8ccf0 b0a410f8 b0a41298 Ntfs!NtfsDecrementCloseCounts+0xad (FPO: [Non-Fpo])
9dd03cb0 8aea71d4 84b8ccf0 b0a410f8 b0a41008 Ntfs!NtfsCommonClose+0x4da (FPO: [Non-Fpo])
9dd03d44 81e45445 00000000 00000000 85ecb5f0 Ntfs!NtfsFspClose+0x117 (FPO: [Non-Fpo])
9dd03d7c 81fe2b18 00000000 7bddf6d9 00000000 nt!ExpWorkerThread+0xfd
9dd03dc0 81e3ba2e 81e45348 80000000 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
start    end        module name
80406000 8040e000   kdcom    kdcom.dll    Sat Jan 19 02:31:53 2008 (4791A769)
8040e000 8046e000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Jan 19 02:29:43 2008 (4791A6E7)
8046e000 8047f000   PSHED    PSHED.dll    Sat Jan 19 02:31:21 2008 (4791A749)
8047f000 80487000   BOOTVID  BOOTVID.dll  Sat Jan 19 02:27:15 2008 (4791A653)
80487000 804c8000   CLFS     CLFS.SYS     Sat Jan 19 00:28:01 2008 (47918A61)
804c8000 805a8000   CI       CI.dll       Fri Feb 22 00:00:56 2008 (47BE5708)
805a8000 805ee000   acpi     acpi.sys     Sat Jan 19 00:32:48 2008 (47918B80)
805ee000 805fd000   volmgr   volmgr.sys   Sat Jan 19 00:49:51 2008 (47918F7F)
8060a000 80686000   Wdf01000 Wdf01000.sys Sat Jan 19 00:52:21 2008 (47919015)
80686000 80693000   WDFLDR   WDFLDR.SYS   Sat Jan 19 00:52:19 2008 (47919013)
80693000 80793000   sptd     sptd.sys     Wed Mar 05 19:32:57 2008 (47CF3BB9)
80793000 8079c000   WMILIB   WMILIB.SYS   Sat Jan 19 00:53:08 2008 (47919044)
8079c000 807c2000   SCSIPORT SCSIPORT.SYS Sat Jan 19 00:49:44 2008 (47918F78)
807c2000 807ca000   msisadrv msisadrv.sys Sat Jan 19 00:32:51 2008 (47918B83)
807ca000 807f1000   pci      pci.sys      Sat Jan 19 00:32:57 2008 (47918B89)
807f1000 80800000   partmgr  partmgr.sys  Sat Jan 19 00:49:54 2008 (47918F82)
81000000 8100c000   tcpipreg tcpipreg.sys Sat Jan 19 00:56:07 2008 (479190F7)
8100d000 8102d000   mrxdav   mrxdav.sys   Sat Jan 19 00:28:44 2008 (47918A8C)
8102d000 8104c000   mrxsmb   mrxsmb.sys   Sat Jan 19 00:28:33 2008 (47918A81)
8104c000 81085000   mrxsmb10 mrxsmb10.sys Thu May 08 15:21:54 2008 (482352D2)
81085000 8109d000   mrxsmb20 mrxsmb20.sys Sat Jan 19 00:28:35 2008 (47918A83)
8109d000 810c4000   srv2     srv2.sys     Sat Jan 19 00:29:14 2008 (47918AAA)
810c4000 81110000   srv      srv.sys      Tue Aug 26 21:06:23 2008 (48B4A88F)
81110000 81117000   parvdm   parvdm.sys   Sat Jan 19 00:49:28 2008 (47918F68)
81117000 811f5000   peauth   peauth.sys   Mon Oct 23 04:55:32 2006 (453C8384)
811f5000 811ff000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
81e0d000 821c6000   nt       ntkrpamp.exe Wed Sep 17 22:07:54 2008 (48D1B7FA)
821c6000 821f9000   hal      halmacpi.dll Sat Jan 19 00:27:20 2008 (47918A38)
8a800000 8a809000   hidusb   hidusb.sys   Sat Jan 19 00:53:17 2008 (4791904D)
8a80d000 8a857000   volmgrx  volmgrx.sys  Sat Jan 19 00:50:00 2008 (47918F88)
8a857000 8a85e000   pciide   pciide.sys   Sat Jan 19 00:49:42 2008 (47918F76)
8a85e000 8a86c000   PCIIDEX  PCIIDEX.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
8a86c000 8a87c000   mountmgr mountmgr.sys Sat Jan 19 00:49:13 2008 (47918F59)
8a87c000 8a884000   atapi    atapi.sys    Sat Jan 19 00:49:40 2008 (47918F74)
8a884000 8a8a2000   ataport  ataport.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
8a8a2000 8a8d4000   fltmgr   fltmgr.sys   Sat Jan 19 00:28:10 2008 (47918A6A)
8a8d4000 8a8e4000   fileinfo fileinfo.sys Sat Jan 19 00:34:27 2008 (47918BE3)
8a8e4000 8a955000   ksecdd   ksecdd.sys   Sat Jan 19 00:41:20 2008 (47918D80)
8a955000 8a996000   storport storport.sys Sat Jan 19 00:49:49 2008 (47918F7D)
8a996000 8a9ad000   rasl2tp  rasl2tp.sys  Sat Jan 19 00:56:33 2008 (47919111)
8a9ad000 8a9b8000   ndistapi ndistapi.sys Sat Jan 19 00:56:24 2008 (47919108)
8a9b8000 8a9db000   ndiswan  ndiswan.sys  Sat Jan 19 00:56:32 2008 (47919110)
8a9db000 8a9ea000   raspppoe raspppoe.sys Sat Jan 19 00:56:33 2008 (47919111)
8a9ea000 8a9fe000   raspptp  raspptp.sys  Sat Jan 19 00:56:34 2008 (47919112)
8aa00000 8aa0b000   TDI      TDI.SYS      Sat Jan 19 00:57:10 2008 (47919136)
8aa0d000 8ab18000   ndis     ndis.sys     Sat Jan 19 00:55:51 2008 (479190E7)
8ab18000 8ab43000   msrpc    msrpc.sys    Sat Jan 19 00:48:15 2008 (47918F1F)
8ab43000 8ab7d000   NETIO    NETIO.SYS    Sat Jan 19 00:56:19 2008 (47919103)
8ab7d000 8ab95000   parport  parport.sys  Sat Jan 19 00:49:32 2008 (47918F6C)
8ab95000 8abcc000   ax02dk9e ax02dk9e.SYS Sun Jul 20 20:16:38 2008 (4883D566)
8abcc000 8abfa000   msiscsi  msiscsi.sys  Sat Jan 19 00:50:44 2008 (47918FB4)
8ac00000 8ac0a000   serenum  serenum.sys  Sat Jan 19 00:49:29 2008 (47918F69)
8ac0c000 8acf3000   tcpip    tcpip.sys    Sat Apr 26 02:00:17 2008 (4812C4F1)
8acf3000 8ad0e000   fwpkclnt fwpkclnt.sys Sat Jan 19 00:55:44 2008 (479190E0)
8ad0e000 8ad27000   bowser   bowser.sys   Sat Jan 19 00:28:26 2008 (47918A7A)
8ad27000 8ad3d000   cdfs     cdfs.sys     Sat Jan 19 00:28:02 2008 (47918A62)
8ad3f000 8ad4a000   tunnel   tunnel.sys   Sat Jan 19 00:55:50 2008 (479190E6)
8ad4a000 8ad53000   tunmp    tunmp.sys    Sat Jan 19 00:55:40 2008 (479190DC)
8ad53000 8ad62000   intelppm intelppm.sys Sat Jan 19 00:27:20 2008 (47918A38)
8ad62000 8ada0000   USBPORT  USBPORT.SYS  Sat Jan 19 00:53:23 2008 (47919053)
8ada0000 8adb8000   cdrom    cdrom.sys    Sat Jan 19 00:49:50 2008 (47918F7E)
8adb8000 8add0000   Rtlh86   Rtlh86.sys   Mon Jun 25 01:37:23 2007 (467F5493)
8add0000 8addf200   ohci1394 ohci1394.sys Sat Jan 19 00:53:33 2008 (4791905D)
8ade0000 8adfa000   serial   serial.sys   Sat Jan 19 00:49:34 2008 (47918F6E)
8adfa000 8adff900   dadder   dadder.sys   Thu Aug 02 05:32:24 2007 (46B1A4A8)
8ae04000 8af13000   Ntfs     Ntfs.sys     Sat Jan 19 00:28:54 2008 (47918A96)
8af13000 8af4c000   volsnap  volsnap.sys  Sat Jan 19 00:50:10 2008 (47918F92)
8af4c000 8af54000   spldr    spldr.sys    Thu Jun 21 20:29:17 2007 (467B17DD)
8af54000 8af6a000   sbp2port sbp2port.sys Sat Jan 19 00:49:51 2008 (47918F7F)
8af6a000 8af79000   mup      mup.sys      Sat Jan 19 00:28:20 2008 (47918A74)
8af79000 8afa0000   ecache   ecache.sys   Sat Jan 19 00:50:47 2008 (47918FB7)
8afa0000 8afc4000   fvevol   fvevol.sys   Sat Jan 19 00:27:09 2008 (47918A2D)
8afc4000 8afd5000   disk     disk.sys     Sat Jan 19 00:49:47 2008 (47918F7B)
8afd5000 8aff6000   CLASSPNP CLASSPNP.SYS Sat Jan 19 00:49:36 2008 (47918F70)
8aff6000 8afff000   crcdisk  crcdisk.sys  Sat Jan 19 00:50:29 2008 (47918FA5)
8e200000 8e20d080   1394BUS  1394BUS.SYS  Sat Jan 19 00:53:27 2008 (47919057)
8e20f000 8e918fa0   nvlddmkm nvlddmkm.sys Tue Oct 07 17:31:27 2008 (48EBD52F)
8e919000 8e9b8000   dxgkrnl  dxgkrnl.sys  Fri Aug 01 21:01:19 2008 (4893B1DF)
8e9b8000 8e9c5000   watchdog watchdog.sys Sat Jan 19 00:35:29 2008 (47918C21)
8e9c5000 8e9d0000   usbuhci  usbuhci.sys  Sat Jan 19 00:53:20 2008 (47919050)
8e9d0000 8e9df000   usbehci  usbehci.sys  Sat Jan 19 00:53:21 2008 (47919051)
8e9df000 8e9f1000   HDAudBus HDAudBus.sys Tue Nov 27 18:18:41 2007 (474CA5D1)
8e9f1000 8e9f3700   GEARAspiWDM GEARAspiWDM.sys Tue Apr 08 15:15:38 2008 (47FBC45A)
8e9f4000 8e9ff000   fdc      fdc.sys      Sat Jan 19 00:49:37 2008 (47918F71)
8ea00000 8ea15000   rassstp  rassstp.sys  Sat Jan 19 00:56:43 2008 (4791911B)
8ea15000 8ea9e000   rdpdr    rdpdr.sys    Sat Jan 19 01:02:27 2008 (47919273)
8ea9e000 8eaae000   termdd   termdd.sys   Sat Jan 19 01:01:06 2008 (47919222)
8eaae000 8eab9000   kbdclass kbdclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
8eab9000 8eac4000   mouclass mouclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
8eac4000 8eac5380   swenum   swenum.sys   Sat Jan 19 00:49:20 2008 (47918F60)
8eac6000 8eaf0000   ks       ks.sys       Sat Jan 19 00:49:21 2008 (47918F61)
8eaf0000 8eafa000   mssmbios mssmbios.sys Sat Jan 19 00:32:55 2008 (47918B87)
8eafa000 8eb07000   umbus    umbus.sys    Sat Jan 19 00:53:40 2008 (47919064)
8eb07000 8eb3b000   usbhub   usbhub.sys   Sat Jan 19 00:53:40 2008 (47919064)
8eb3b000 8eb45000   flpydisk flpydisk.sys Sat Jan 19 00:49:37 2008 (47918F71)
8eb45000 8eb56000   NDProxy  NDProxy.SYS  Sat Jan 19 00:56:28 2008 (4791910C)
8eb56000 8eb60000   nsiproxy nsiproxy.sys Sat Jan 19 00:55:50 2008 (479190E6)
8eb60000 8ebba000   csc      csc.sys      Sat Jan 19 00:28:54 2008 (47918A96)
8ebba000 8ebd1000   dfsc     dfsc.sys     Sat Jan 19 00:28:20 2008 (47918A74)
8ebd1000 8ebe7480   avgldx86 avgldx86.sys Mon Jul 14 14:46:33 2008 (487B9F09)
8ebe8000 8ebff000   usbccgp  usbccgp.sys  Sat Jan 19 00:53:29 2008 (47919059)
8ec00000 8ee07c80   RTKVHDA  RTKVHDA.sys  Wed May 07 07:22:33 2008 (482190F9)
8ee08000 8ee35000   portcls  portcls.sys  Sat Jan 19 00:53:17 2008 (4791904D)
8ee35000 8ee5a000   drmk     drmk.sys     Sat Jan 19 01:53:02 2008 (47919E4E)
8ee5a000 8ee63000   Fs_Rec   Fs_Rec.SYS   Sat Jan 19 00:27:57 2008 (47918A5D)
8ee63000 8ee6a000   Null     Null.SYS     Sat Jan 19 00:49:12 2008 (47918F58)
8ee6a000 8ee71000   Beep     Beep.SYS     Sat Jan 19 00:49:10 2008 (47918F56)
8ee7a000 8ee80380   HIDPARSE HIDPARSE.SYS Sat Jan 19 00:53:16 2008 (4791904C)
8ee81000 8ee8d000   vga      vga.sys      Sat Jan 19 00:52:06 2008 (47919006)
8ee8d000 8eeae000   VIDEOPRT VIDEOPRT.SYS Sat Jan 19 00:52:10 2008 (4791900A)
8eeae000 8eeb6000   RDPCDD   RDPCDD.sys   Sat Jan 19 01:01:08 2008 (47919224)
8eeb6000 8eebe000   rdpencdd rdpencdd.sys Sat Jan 19 01:01:09 2008 (47919225)
8eebe000 8eec9000   Msfs     Msfs.SYS     Sat Jan 19 00:28:08 2008 (47918A68)
8eec9000 8eed7000   Npfs     Npfs.SYS     Sat Jan 19 00:28:09 2008 (47918A69)
8eed7000 8eee0000   rasacd   rasacd.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8eee0000 8eef6000   tdx      tdx.sys      Sat Jan 19 00:55:58 2008 (479190EE)
8eef6000 8ef0a000   smb      smb.sys      Sat Jan 19 00:55:27 2008 (479190CF)
8ef0a000 8ef52000   afd      afd.sys      Sat Jan 19 00:57:00 2008 (4791912C)
8ef52000 8ef84000   netbt    netbt.sys    Sat Jan 19 00:55:33 2008 (479190D5)
8ef84000 8ef9a000   pacer    pacer.sys    Fri Apr 04 21:21:42 2008 (47F6D426)
8ef9a000 8efa8000   netbios  netbios.sys  Sat Jan 19 00:55:45 2008 (479190E1)
8efa8000 8efbb000   wanarp   wanarp.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8efbb000 8eff7000   rdbss    rdbss.sys    Sat Jan 19 00:28:34 2008 (47918A82)
8eff7000 8effbec0   avgmfx86 avgmfx86.sys Thu Jun 26 11:19:13 2008 (4863B371)
8effc000 8effd700   USBD     USBD.SYS     Sat Jan 19 00:53:17 2008 (4791904D)
90000000 900023e0   gdrv     gdrv.sys     Fri Dec 07 01:21:04 2007 (4758E650)
9000a000 9001a000   HIDCLASS HIDCLASS.SYS Sat Jan 19 00:53:16 2008 (4791904C)
9001a000 90022000   mouhid   mouhid.sys   Sat Jan 19 00:49:16 2008 (47918F5C)
90022000 9002b000   kbdhid   kbdhid.sys   Sat Jan 19 00:49:17 2008 (47918F5D)
9002b000 90038000   crashdmp crashdmp.sys Sat Jan 19 00:49:43 2008 (47918F77)
90038000 90043000   dump_dumpata dump_dumpata.sys Sat Jan 19 00:49:40 2008 (47918F74)
90043000 9004b000   dump_atapi dump_atapi.sys Sat Jan 19 00:49:40 2008 (47918F74)
9004b000 9005c000   dump_dumpfve dump_dumpfve.sys Sat Jan 19 00:27:05 2008 (47918A29)
9005c000 90066000   Dxapi    Dxapi.sys    Sat Jan 19 00:36:12 2008 (47918C4C)
90066000 90075000   monitor  monitor.sys  Sat Jan 19 00:52:19 2008 (47919013)
90075000 90090000   luafv    luafv.sys    Sat Jan 19 00:30:35 2008 (47918AFB)
90090000 9013f000   spsys    spsys.sys    Thu Jun 21 20:33:02 2007 (467B18BE)
9013f000 9014f000   lltdio   lltdio.sys   Sat Jan 19 00:55:03 2008 (479190B7)
9014f000 90162000   rspndr   rspndr.sys   Sat Jan 19 00:55:03 2008 (479190B7)
90162000 901cd000   HTTP     HTTP.sys     Sat Jan 19 00:55:21 2008 (479190C9)
901cd000 901ea000   srvnet   srvnet.sys   Sat Jan 19 00:29:11 2008 (47918AA7)
901ea000 901ff000   mpsdrv   mpsdrv.sys   Sat Jan 19 00:54:45 2008 (479190A5)
95aa0000 95ca2000   win32k   win32k.sys   unavailable (00000000)
95cc0000 95cc9000   TSDDD    TSDDD.dll    unavailable (00000000)
95ce0000 95cee000   cdd      cdd.dll      unavailable (00000000)

Unloaded modules:
8ee71000 8ee79000   usbaapl.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b540e000 b5419000   hiber_atapor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b5419000 b5421000   hiber_atapi.
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b5421000 b5432000   hiber_dumpfv
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ee71000 8ee79000   usbaapl.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ee71000 8ee79000   usbaapl.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ad0e000 8ad1b000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ad1b000 8ad26000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ad26000 8ad2e000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ad2e000 8ad3f000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8ee71000 8ee7a000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
0: kd> .bugcheck
Bugcheck code 000000C2
Arguments 00000007 0000110b 00000000 b20850b0
```

.


----------



## Onitheris (Oct 23, 2008)

Well, chkdsk didn't find anything wrong, memtest again didn't find anything wrong, and the verifier didn't give me a bluescreen and when I checked on the progress by going back to first screen it had a value of 0 for "Executions synchronized, faults injected, pool allocations failed, and pool allocations not tracked"

So, unfortunately it seems like there is nothing wrong - which either means that its a good thing and that error was a weird fluke, or this problem is good at hiding...

I did remember that this error happened when I was waking the computer up from sleep mode - I've of course since restarted and placed it in sleep mode again to see if that was the problem, but it hasn't happened since. Still, could that have anything to do with it? I have two computers and this may be a a stupid theory but if the computer in question was asleep and I tried to log in on a different computer to say an instant messenger or program with an online registration that only let you be on one computer at a time, and that program was running on the sleeping computer, could that have contributed to anything?


----------



## jcgriff2 (Sep 30, 2007)

How long dif the verifier run for? Are you sure it got all of the intended drivers?

No doubt in my mind that the kernel (ntoskrnl) is not the responsible party. Assuming software to be the cause, the offending driver was able to keep hidden under the memory address range of NT - the reason it got the blame. 

I went back through your loaded driver list and found some suspect drivers - they need updates:


```
Rtlh86.sys   Mon Jun 25 01:37:23 2007  Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)

aadder.sys   Thu Aug 02 05:32:24 2007   DeathAdder mouse
```
*Any ideas what this is - I could not locate any info on it:*

```
ax02dk9e.SYS Sun Jul 20 20:16:38 2008   ** No inmformation  **
```
.

These 2 - NVIDIA and AVG are among the newest non-MS in your system:

```
avgldx86.sys Mon Jul 14 14:46:33 2008   AVG

nvlddmkm.sys Tue Oct 07 17:31:27 2008   NVIDIA
```
I would check out that Realtek driver 1st - it may have caused both.

RE: Sleep - if you tried to access a sleeping system, you should have maybe rec'd an access denied error - but not a BSOD.

Please let me know who you make out - greatly appreciated.

Regards. . .

jcgriff2

.


----------

