# random BSOD's with win32k.sys and SYSTEM_SERVICE_EXCPETION, win7 x64 dumps included



## valouris (Dec 17, 2008)

Hello, I have been having BSODs on my PC forever, and I decided to get to the bottom of it. It seems to be totally random (happens even when the PC is idle, when I am watching youtube or a movie, or even playing a game, even if it isnt tasking at all). Sometimes it cant even boot to Windows, but then without using repair/restore, it boots normally right after.
Also, I get a BSOD sometimes when I play a tasking video game (like dead space), involving a DRIVER_IRQL_NOT_LESS_OR_EQUAL and ndis.sys.
I am including the latest 4 dumps I've had created with bluescreenview, one of them is the IRQL thing. I also have windows debug, tell if you need anything from that.
Config:
Windows 7 Pro x64
AMD Phenom II x4 955 @ 3.2ghz
Gigabyte MA770T-UD3P
Palit Dual Bios Edition 4870 1gb ram
2x2 gb of DDR3 ram @1600, dont really remember model, will get it tho if needed.
I hope you guys can help me, tell me if you need more info from my part. Thanks a lot in advance.
What is also important to note is that all this kept happening after a fresh format and install of the OS and everything...
Dump 1 (latest)
==================================================
Dump File : 012911-34757-01.dmp
Crash Time : 29/1/2011 7:02:04 μμ
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff960`0018f659
Parameter 3 : fffff880`02132fa0
Parameter 4 : 00000000`00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+ff659
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\MiniDump\012911-34757-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 276.080
==================================================
Dump 2
==================================================
Dump File : 012611-24991-01.dmp
Crash Time : 26/1/2011 12:30:43 μμ
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff960`001af659
Parameter 3 : fffff880`02145fa0
Parameter 4 : 00000000`00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+ff659
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\MiniDump\012611-24991-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 276.080
==================================================

Dump 3
==================================================
Dump File : 012311-20373-01.dmp
Crash Time : 23/1/2011 1:24:53 μμ
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff960`0010f659
Parameter 3 : fffff880`03c72fa0
Parameter 4 : 00000000`00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+ff659
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\MiniDump\012311-20373-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 276.024
==================================================

Dump 4 (oldest, is the IRQL thing while playing Dead Space, hasnt happened since but I bet it will happen again in the future if I play it again)
==================================================
Dump File : 011411-19812-01.dmp
Crash Time : 14/1/2011 1:44:47 μμ
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : fffff880`30f46130
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff880`016485e8
Caused By Driver : ndis.sys
Caused By Address : ndis.sys+a5e8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\MiniDump\011411-19812-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 276.024
==================================================


----------



## usasma (Apr 11, 2009)

Please provide this information so we can help you out: http://www.techsupportforum.com/for...f-death-bsod-posting-instructions-452654.html

Dumps 1-3 are STOP 0x3B errors (system service) in win32k.sys (a critical Windows component). As such, it's unlikely that win32k.sys is actually to blame. If it was to blame, it's likely that you'd have a lot of other problems. I'd suspect that it's more likely that a 3rd party service did something "bad" that caused win32k.sys to crash.

Dump 4 blames networking stuff - so the place to start is there. Uninstall your networking software (both wired and wireless if so equipped) and then install the latest version available for your OS from the manufacturer's website.

Meanwhile we'll be waiting on the information I requested to see if there's more details that'll help sort this out for you.


----------



## valouris (Dec 17, 2008)

Thanks a lot for the super fast reply and really sorry, I should have read the rules, here is the info you requested...(random question, why download the autoruns file, is it used automatically when running the system and file collection thingy?)

Info you requested that I dont have on OP:
· Age of system (hardware)
1.5 year aprox
· Power Supply - brand & wattage
Xilence 580W Redwing Edition

A thing you'll see on the perfmon file. I have my wireless adapter disabled most of the time, because the pc is wired to the router, I enable it only when for some reason my internet is down, to look for wireless connection. I found that if both are enabled I ran into trouble connecting to the router. Also, I never use the usb camera so I havent installed the drivers yet after the fresh install but its still connected to the pc.

Thanks for helping me again.


----------



## valouris (Dec 17, 2008)

while waiting I did the verifier thing, and it did result in a bsod after rebooting (it never got into windows, im guessing this is when the verifier actually does its job?) with the driver irql not less or equal, without stating what was responsible on the bsod. now i restored successfully. however, i cant find the so called verifier enabled minidump...where is it?


----------



## usasma (Apr 11, 2009)

You're correct, Autoruns is used by the file collection tool. I don't use it myself, but I recall there being an .arn file in the collection previously. The tool may have been modified to use the info in another way - but that's outside of my area of expertise

The verifier enabled minidump should be in the same location as the other minidumps. It'll be dated the day that it happened (today), but won't say that it's a verifier enabled dump until it's opened in the Debugging Tools.

If it occurred early in the boot process or if the dump file was corrupted - then there won't be a dump file available. In those cases you'll have to look at the actual Blue Screen to see what info you can get. To do that, be sure the the system is set to NOT automatically restart (see this webpage for detailed instructions: Set MiniDump )

On to the diagnostics - but first a word about what we see so far:
- you have issues with the wired and wireless both being enabled
- you have a crash that blames networking
- we often see BSOD issues with wireless USB devices using Vista or earlier drivers (and sometimes with Win7 drivers)

Two things about these USB devices:
- if the software is installed, the drivers will still load. So even though it's disabled it can still cause problems.
- An inside the case wireless card is, IMO, much more powerful, reliable, and stable than a USB device. I suggest using them instead of the USB device.

FWIW - I found at least one of the drivers for the wireless USB and it is NOT started - so that's a good thing. Still, I'd suggest removing the device and uninstalling it's software/drivers until after we're finished troubleshooting.

If you cannot disconnect the webcam from the system, then I'd suggest installing the drivers and then disabling it. There's no telling what problems a piece of hardware without drivers could cause - so you're better off (IMO) putting it in a known state (disabled).

Running the dump files shows a small difference. Dumps 1-3 blame the same thing that you first posted. But dump 4 blames Epfwndis.sys rather than ndis.sys
Link to info on Epfwndis.sys: "http://www.carrona.org/dvrref.html#Epfwndis.sys"

This is a component of your ESET Firewall Filter. As such I'd suggest the following:


> *Anti-Virus Removal:*
> Please do the following:
> - download a free antivirus for testing purposes: Free AntiVirus
> - uninstall the ESET Smart Security from your system (you can reinstall it, if so desired, when we're done troubleshooting)
> ...


BSOD BUGCHECK SUMMARY 

```
[font=lucida console]
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Sat Jan 29 11:59:56.797 2011 (UTC - 5:00)
System Uptime: 0 days 6:55:53.093
Probably caused by : memory_corruption
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
BUGCHECK_STR:  0x3B
PROCESS_NAME:  csrss.exe
FAILURE_BUCKET_ID:  X64_MEMORY_CORRUPTION_ONE_BIT
Bugcheck code 0000003B
Arguments 00000000`c0000005 fffff960`0018f659 fffff880`02132fa0 00000000`00000000
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Wed Jan 26 05:28:37.378 2011 (UTC - 5:00)
System Uptime: 0 days 2:01:12.048
Probably caused by : win32k.sys ( win32k!IdleTimerProc+ad )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x3B
PROCESS_NAME:  csrss.exe
FAILURE_BUCKET_ID:  X64_0x3B_win32k!IdleTimerProc+ad
Bugcheck code 0000003B
Arguments 00000000`c0000005 fffff960`001af659 fffff880`02145fa0 00000000`00000000
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Sun Jan 23 06:22:57.005 2011 (UTC - 5:00)
System Uptime: 0 days 1:54:29.301
Probably caused by : win32k.sys ( win32k!IdleTimerProc+ad )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0x3B
PROCESS_NAME:  csrss.exe
FAILURE_BUCKET_ID:  X64_0x3B_win32k!IdleTimerProc+ad
Bugcheck code 0000003B
Arguments 00000000`c0000005 fffff960`0010f659 fffff880`03c72fa0 00000000`00000000
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Fri Jan 14 06:43:43.420 2011 (UTC - 5:00)
System Uptime: 0 days 2:23:10.090
BugCheck D1, {fffff88030f46130, 2, 0, fffff880016485e8}
*** WARNING: Unable to verify timestamp for Epfwndis.sys
*** ERROR: Module load completed but symbols could not be loaded for Epfwndis.sys
Probably caused by : Epfwndis.sys ( Epfwndis+367b )
DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
BUGCHECK_STR:  0xD1
PROCESS_NAME:  System
FAILURE_BUCKET_ID:  X64_0xD1_Epfwndis+367b
Bugcheck code 000000D1
Arguments fffff880`30f46130 00000000`00000002 00000000`00000000 fffff880`016485e8
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
  
  [/font]
```


----------



## valouris (Dec 17, 2008)

Thanks a lot for the reply and help.

The wireless internet card i have is indeed inside the case (and disabled), i don't have a wireless usb network card and i never used one (so didnt even install drivers or anything) after the fresh format+install. I do use a wireless mouse+keyboard kit though, could this be it? 

I disconnected the webcam, the win32k.sys happened again randomly. I will leave it disconnected.

I will uninstall eset and try a free antivirus to see if this will ever happen again, but can i really trust the free ones? i kinda trust eset, its a really good one (well,except the f**king bsods lol)

Also, the verifier never had the time to write a dump, and I did see the BSOD that happened. It was the IRQL not less or equal, but it didnt state a responsible driver (as the other one stated the ndis.sys, although from what you tell me this wasnt even true, why would this happen btw?)


----------



## reventon (Oct 16, 2009)

valouris said:


> I will uninstall eset and try a free antivirus to see if this will ever happen again, but can i really trust the free ones? i kinda trust eset, its a really good one (well,except the f**king bsods lol)


I haven't personally seen any problems with the latest (2010) version of ESET.

My suggestion is to first try the free AV, and if that fixes it try the 2010 version of ESET from here - Best Free Antivirus Software Trial: Free Home, Business and Gaming Download from ESET


----------



## valouris (Dec 17, 2008)

Hi, I uninstalled ESET and i installed a free antivirus, I havent seen the irql bsod again, but i saw the system service exception one two more times!

the weird thing is that although in the bsod i can see that it says that its making the dump, but there are no dumps to be seen anywhere! and whats more, i dont get the "windows encountered from a serious error" messsage when windows restart after the bsod, which is extremely strange...


----------



## usasma (Apr 11, 2009)

Is there a memory dump named MEMORY.DMP in the C:\Windows directory?
What's the latest date on the dumps in the C:\Windows\Minidump directory?
What does the Blue Screen say when you run Driver Verifier?


----------



## valouris (Dec 17, 2008)

wow this is weird.

there was a .memdump in the windows dir., and i dont remember changing the dump creation to kernel memory dump (from small memory dump). anyway, I changed it back.

also, the.memdump in the windows dir is dated 29/1, as well as the latest minidump, when I have had at least 3 bsods since then, wth?

I'll do the verifier later and get back to you


----------



## valouris (Dec 17, 2008)

um, doing the verifier thing resulted in a proper rebooting sequence, no bsods whatsoever, so can we safely say the one bsod was in fault of the eset antivirus? 

i also made one possibly useful observation. im not really sure if this is the case with every bsod, but i think every time it has happened, there was a usb device connected on the front of the case, like a usb gamepad or a usb card reader. again, im not sure if it was every time, it could easily not. 

what else can i do? it seems to me that we are quickly approaching a dead end concerning this investigation


----------



## reventon (Oct 16, 2009)

valouris said:


> um, doing the verifier thing resulted in a proper rebooting sequence, no bsods whatsoever, so can we safely say the one bsod was in fault of the eset antivirus?


You need to wait up to 48 hours to let the Driver Verifier do it's thing. It doesn't cause guaranteed BSODs on boot.


----------



## usasma (Apr 11, 2009)

BSOD's (and dump file creation) are complicated events - and not all blue screen events will generate memory dump files.

This depends on hardware, when (during the boot process) the crash occurs, corruption of any structures/files involved in the dump file capture and recording (2 separate events) - and even another step in generating a minidump from the full kernel dump file (if setup that way).

In addition, you have to be using the proper tests in Driver Verifier.
And then, if the problem was solely due to ESET, you may not even get a crash.


----------



## valouris (Dec 17, 2008)

i ran the verifier exactly as you state in the guide. anyway, will post if another bsod comes my way and i manage to get any dumps. so far i think it happen randomly as long as sth is connected to the front usb ports, which is kind of lame and annoying, seeing things get connected there a lot


----------



## usasma (Apr 11, 2009)

If you don't get a BSOD after 36 hours, then try it with the USB device plugged into the front ports in order to see if you can force a BSOD


----------



## valouris (Dec 17, 2008)

wait a second. what exactly is supposed to happen with the verifier? I do as the guide says, select the correct options and drivers and then I reboot, but nothing extraordinary happens, it just reboots. is it running in the background or what?


----------



## usasma (Apr 11, 2009)

It's running in the background. What it does is it places stress on drivers - and in doing so it should cause a BSOD with any driver that's having problems. 

My settings stress most of the 3rd party drivers with all of the driver tests that are available. That way we're sure that we didn't miss any tests that may be critical to isolating the cause of this BSOD. We only check 3rd party drivers (at first) because they're most often the cause of BSOD issues.

Here's a DRAFT of my explanation about Driver Verifier:


> *DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT*
> THEORY behind this method:
> 
> Driver Verifier marks drivers to be verified early in the Boot Process.
> ...


----------



## valouris (Dec 17, 2008)

cool, thx for the information. so i guess since i enabled and set the verifier up it keeps working after every reboot, right? is there any way i can check if it is enabled right now to make sure I did everything right?

also, after i confirm that i have it enabled, i could try triggering a bsod by plugging things into the front usb ports as i would normally when i would be using my pc. if this triggers a bsod sometime in the future, we would see if it is verifier enabled and pinpoint the driver that caused it (3rd party or MS). what i dont get is why the hell would a bsod dump be NOT verifier enabled, since we have it running...anyway, this is a theoretical matter, only continue this conversation if you want, otherwise only waste your time on helping me solve my problem


----------



## usasma (Apr 11, 2009)

You can select the "Display existing settings" option on the first verifier screen in order to see if it's working or not.

It's to your benefit to cause a BSOD - as that will be the situation that we are trying to fix.

It's my opinion that you should only use Driver Verifier to troubleshoot existing BSOD's. Using it all the time may cause issues with your system that may not even show up in normal operation. For example, if there's a problem with a driver doing something that you never do (such as using certain obscure settings on your video card) - then that won't show up under normal use, but may show up with Driver Verifier enabled.

Another example, say there's a physical problem with your USB ports that causes BSOD's. Driver Verifier may not catch this - since the drivers are OK. But it still causes BSOD's because of the physical problem with the ports. So the BSOD won't show up as a 3rd party error - although it may show up as an OS driver or a hardware error. 

In general, if the BSOD points to a Windows driver (regardless of Verifier), then we suspect 3rd party drivers first (this includes malware), then we suspect hardware/compatibility issues, then we suspect Windows driver/OS issues - in that order.

Now, let's discuss what 3rd party drivers are. The intent is that 3rd party drivers are those drivers that aren't a part of the Operating System. So, what are drivers for the Microsoft Virtual Machine, Microsoft Security Essentials, and Microsoft Keyboards/Mice? They are, IMO, 3rd party drivers - simply because they are not a part of the OS.

But, we ask you to select all non-Microsoft drivers. Why? Because if we were to take the time to weed out the Microsoft drivers that fit the 3rd party criteria - then we'd greatly increase the amount of time that we spend attempting to fix a problem. So we take the shortcut of leaving them in - and deal with any Microsoft drivers that may pop up at a later time (usually there'll be clues about them in the dump files).

Notice that I say "may" and "should" a lot. That's because we make compromises in diagnosing these things - and there's always exceptions to the rules.

Good luck!


----------



## valouris (Dec 17, 2008)

ok! lucky me, i just got a system_service_exception bsod while i was watching a flash video with NO usb devices plugged in the front ports! the minidump does not state it was verifier enabled.

when i got the bsod it stated the win32k.sys as responsible, but using bluescreenviewer i saw that it was ntoskrnl.exe, which doesnt really sound like good news to me!

here is the report and the output folder


----------



## usasma (Apr 11, 2009)

win32k.sys and ntoskrnl.exe are critical core components of Windows. I would expect that problems with them would result in many more problems other than the occasional BSOD - so we presume that they aren't the cause (for starters - remember that there's exceptions to every rule)

Now, having a BSOD that isn't Driver Verifier enabled is not unusual. There's more possibilities that we didn't discuss earlier. The first being that there's more than one problem (so we still have to wait on a Driver Verifier enabled memory dump). Now that isn't as likely as there not being a problem with the drivers - but we don't want to wander off all happy when we fix one problem - only to discover that there's another.

So, let's have a look at the memory dump...

```
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\FUBAR\_jcgriff2_\dbug\__Kernel__\020611-19312-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02c63000 PsLoadedModuleList = 0xfffff800`02ea0e50
Debug session time: Sun Feb  6 05:42:28.742 2011 (UTC - 5:00)
System Uptime: 0 days 1:22:58.429
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff9600014f659, fffff8800287dfa0, 0}

Probably caused by : win32k.sys ( win32k!IdleTimerProc+ad )

Followup: MachineOwner
---------

1: kd> !analyze -v;r;kv;lmtn;lmtsmn;.bugcheck;.logclose;q
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600014f659, Address of the instruction which caused the bugcheck
Arg3: fffff8800287dfa0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
win32k!IdleTimerProc+ad
fffff960`0014f659 488b0c252003fe7f mov     rcx,qword ptr [SharedUserData+0x320 (00000000`7ffe0320)]

CONTEXT:  fffff8800287dfa0 -- (.cxr 0xfffff8800287dfa0)
.cxr 0xfffff8800287dfa0
rax=0000000000000000 rbx=fffff900c0105730 rcx=0000000000000000
rdx=0000000000000118 rsi=0000000000001c02 rdi=fffff900c0105748
rip=fffff9600014f659 rsp=fffff8800287e970 rbp=000000000000000f
 r8=0000000000007ffe  r9=fffff900c0105730 r10=fffffffffffffffd
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=2000000000008000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
win32k!IdleTimerProc+0xad:
fffff960`0014f659 488b0c252003fe7f mov     rcx,qword ptr [SharedUserData+0x320 (00000000`7ffe0320)] ds:002b:00000000`7ffe0320=????????????????
.cxr
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  csrss.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff960001b5a2b to fffff9600014f659

STACK_TEXT:  
fffff880`0287e970 fffff960`001b5a2b : fffff960`003302c0 00000000`00000001 fffff900`c0105730 00000000`0000000f : win32k!IdleTimerProc+0xad
fffff880`0287ea40 fffff960`00112e0d : 00000000`00000000 00000000`00000001 00000000`00000004 fffff800`02cdf1e3 : win32k!xxxHungAppDemon+0xb
fffff880`0287eaa0 fffff960`00113894 : 00000000`00000000 fffff960`00330a90 00000000`00000004 00000000`00000001 : win32k!TimersProc+0xf1
fffff880`0287eaf0 fffff960`000a4528 : fffffa80`0000007b 00000000`0000000f fffff880`00000001 ffffffff`800003d0 : win32k!RawInputThread+0x9b4
fffff880`0287ebc0 fffff960`0012409a : fffffa80`00000002 fffff880`0281ff40 00000000`00000020 00000000`00000000 : win32k!xxxCreateSystemThreads+0x58
fffff880`0287ebf0 fffff800`02cd2993 : fffffa80`06184510 00000000`00000004 000007ff`fffd3000 00000000`00000000 : win32k!NtUserCallNoParam+0x36
fffff880`0287ec20 000007fe`fd883d3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01e7fd38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fd883d3a


FOLLOWUP_IP: 
win32k!IdleTimerProc+ad
fffff960`0014f659 488b0c252003fe7f mov     rcx,qword ptr [SharedUserData+0x320 (00000000`7ffe0320)]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  win32k!IdleTimerProc+ad

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4cbe5d3e

STACK_COMMAND:  .cxr 0xfffff8800287dfa0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_win32k!IdleTimerProc+ad

BUCKET_ID:  X64_0x3B_win32k!IdleTimerProc+ad

Followup: MachineOwner
---------

rax=fffff8800287d7e0 rbx=fffff80002e231a0 rcx=000000000000003b
rdx=00000000c0000005 rsi=fffff80002c63000 rdi=0000000000000000
rip=fffff80002cd3740 rsp=fffff8800287d6d8 rbp=0000000000000000
 r8=fffff9600014f659  r9=fffff8800287dfa0 r10=0000000000000000
r11=fffff8800287d8d8 r12=fffff80002cd2993 r13=fffff80002ee12b8
r14=fffff80002cd2580 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000282
nt!KeBugCheckEx:
fffff800`02cd3740 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff880`0287d6e0=000000000000003b
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`0287d6d8 fffff800`02cd2ca9 : 00000000`0000003b 00000000`c0000005 fffff960`0014f659 fffff880`0287dfa0 : nt!KeBugCheckEx
fffff880`0287d6e0 fffff800`02cd25fc : 00000001`00000000 00000002`6763b7c3 00000000`000001f0 00000000`00000001 : nt!KiBugCheckDispatch+0x69
fffff880`0287d820 fffff800`02cf940d : fffff960`00336320 fffff960`003014b0 fffff960`00050000 fffff880`0287e738 : nt!KiSystemServiceHandler+0x7c
fffff880`0287d860 fffff800`02d00a90 : fffff800`02e231a0 fffff880`0287d8d8 fffff880`0287e738 fffff800`02c63000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`0287d890 fffff800`02d0d9ef : fffff880`0287e738 fffff880`0287dfa0 fffff880`00000000 fffff900`c0105748 : nt!RtlDispatchException+0x410
fffff880`0287df70 fffff800`02cd2d82 : fffff880`0287e738 fffff900`c0105730 fffff880`0287e7e0 00000000`00001c02 : nt!KiDispatchException+0x16f
fffff880`0287e600 fffff800`02cd18fa : 00000000`00000000 fffff900`c0105730 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`0287e7e0 fffff960`0014f659 : fffff880`009e8180 fffffa80`04981780 fffff880`02fd5180 fffffa80`04981780 : nt!KiPageFault+0x23a (TrapFrame @ fffff880`0287e7e0)
fffff880`0287e970 fffff960`001b5a2b : fffff960`003302c0 00000000`00000001 fffff900`c0105730 00000000`0000000f : win32k!IdleTimerProc+0xad
fffff880`0287ea40 fffff960`00112e0d : 00000000`00000000 00000000`00000001 00000000`00000004 fffff800`02cdf1e3 : win32k!xxxHungAppDemon+0xb
fffff880`0287eaa0 fffff960`00113894 : 00000000`00000000 fffff960`00330a90 00000000`00000004 00000000`00000001 : win32k!TimersProc+0xf1
fffff880`0287eaf0 fffff960`000a4528 : fffffa80`0000007b 00000000`0000000f fffff880`00000001 ffffffff`800003d0 : win32k!RawInputThread+0x9b4
fffff880`0287ebc0 fffff960`0012409a : fffffa80`00000002 fffff880`0281ff40 00000000`00000020 00000000`00000000 : win32k!xxxCreateSystemThreads+0x58
fffff880`0287ebf0 fffff800`02cd2993 : fffffa80`06184510 00000000`00000004 000007ff`fffd3000 00000000`00000000 : win32k!NtUserCallNoParam+0x36
fffff880`0287ec20 000007fe`fd883d3a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0287ec20)
00000000`01e7fd38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fd883d3a
start             end                 module name
fffff800`00b9a000 fffff800`00ba4000   kdcom    kdcom.dll    Mon Jul 13 21:31:07 2009 (4A5BDFDB)
fffff800`02c1a000 fffff800`02c63000   hal      hal.dll      Mon Jul 13 21:27:36 2009 (4A5BDF08)
fffff800`02c63000 fffff800`0323f000   nt       ntkrnlmp.exe Sat Jun 19 00:16:41 2010 (4C1C44A9)
fffff880`00c00000 fffff880`00c5e000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
fffff880`00c5e000 fffff880`00c6d000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`00c77000 fffff880`00c84000   mcupdate mcupdate.dll Mon Jul 13 21:29:09 2009 (4A5BDF65)
fffff880`00c84000 fffff880`00c98000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`00c98000 fffff880`00cf6000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`00cf6000 fffff880`00db6000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
fffff880`00db6000 fffff880`00dca000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
fffff880`00dca000 fffff880`00dd5e00   PxHlpa64 PxHlpa64.sys Tue Jun 23 19:16:35 2009 (4A416253)
fffff880`00dd6000 fffff880`00df0000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`00df0000 fffff880`00dfb000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
fffff880`00e00000 fffff880`00e5c000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
fffff880`00e5c000 fffff880`00e6c000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`00e6c000 fffff880`00e86000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`00e86000 fffff880`00e8f000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`00e8f000 fffff880`00eb9000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
fffff880`00ec1000 fffff880`00f65000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
fffff880`00f65000 fffff880`00f74000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`00f74000 fffff880`00fa7000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`00fa7000 fffff880`00fb2000   amdxata  amdxata.sys  Tue May 19 13:56:59 2009 (4A12F2EB)
fffff880`00fb2000 fffff880`00ffe000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
fffff880`01000000 fffff880`01007000   pciide   pciide.sys   Mon Jul 13 19:19:49 2009 (4A5BC115)
fffff880`01007000 fffff880`0102c000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`0102c000 fffff880`01035000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`01035000 fffff880`01040000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`01040000 fffff880`01051000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`01051000 fffff880`0106f000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
fffff880`0106f000 fffff880`0107c000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
fffff880`0107c000 fffff880`01106000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`01106000 fffff880`01127000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
fffff880`0112e000 fffff880`01137000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`01137000 fffff880`01166000   SCSIPORT SCSIPORT.SYS Mon Jul 13 20:01:04 2009 (4A5BCAC0)
fffff880`01166000 fffff880`011bd000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
fffff880`011bd000 fffff880`011c7000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`011c7000 fffff880`011d4000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`011d4000 fffff880`011e9000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`011e9000 fffff880`011fe000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`01202000 fffff880`013a5000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
fffff880`013a5000 fffff880`013bf000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
fffff880`013bf000 fffff880`013ea000   ksecpkg  ksecpkg.sys  Fri Dec 11 01:03:32 2009 (4B21E0B4)
fffff880`013ea000 fffff880`013fa000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`01400000 fffff880`01460000   NETIO    NETIO.SYS    Mon Jul 13 19:21:46 2009 (4A5BC18A)
fffff880`01460000 fffff880`01469000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`0146b000 fffff880`014de000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
fffff880`014de000 fffff880`014ef000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`014ef000 fffff880`014f9000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
fffff880`014f9000 fffff880`015eb000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`015eb000 fffff880`015f9000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`01601000 fffff880`017fe000   tcpip    tcpip.sys    Sun Jun 13 23:39:04 2010 (4C15A458)
fffff880`01800000 fffff880`0181d000   usbccgp  usbccgp.sys  Mon Jul 13 20:06:45 2009 (4A5BCC15)
fffff880`0181d000 fffff880`01836000   HIDCLASS HIDCLASS.SYS Mon Jul 13 20:06:21 2009 (4A5BCBFD)
fffff880`01836000 fffff880`01860000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`01860000 fffff880`01869000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`01869000 fffff880`01870000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
fffff880`01870000 fffff880`01879000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`01879000 fffff880`018c3000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
fffff880`018c3000 fffff880`018d3000   vmstorfl vmstorfl.sys Mon Jul 13 19:42:54 2009 (4A5BC67E)
fffff880`018d3000 fffff880`0191f000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
fffff880`0191f000 fffff880`01927000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`01927000 fffff880`01961000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
fffff880`01961000 fffff880`01973000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`01973000 fffff880`0197c000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
fffff880`0197c000 fffff880`019b6000   fvevol   fvevol.sys   Fri Sep 25 22:34:26 2009 (4ABD7DB2)
fffff880`019b6000 fffff880`019cc000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`019cc000 fffff880`019fc000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`0261d000 fffff880`0262b000   kbdhid   kbdhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff880`0262b000 fffff880`02638000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff880`02638000 fffff880`02646000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`02646000 fffff880`02652000   dump_ataport dump_ataport.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`02652000 fffff880`0265b000   dump_atapi dump_atapi.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`0265b000 fffff880`0266e000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
fffff880`0266e000 fffff880`0267c000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
fffff880`0267c000 fffff880`0269f000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`0269f000 fffff880`026c0000   WudfPf   WudfPf.sys   Mon Jul 13 20:05:37 2009 (4A5BCBD1)
fffff880`026c0000 fffff880`026d5000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`026d5000 fffff880`02728000   nwifi    nwifi.sys    Mon Jul 13 20:07:23 2009 (4A5BCC3B)
fffff880`02728000 fffff880`0273b000   ndisuio  ndisuio.sys  Mon Jul 13 20:09:25 2009 (4A5BCCB5)
fffff880`0273b000 fffff880`02753000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`02753000 fffff880`027f9000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`02c00000 fffff880`02c24000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`02c24000 fffff880`02c53000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`02c53000 fffff880`02c60000   tap0901t tap0901t.sys Wed Sep 16 02:02:43 2009 (4AB07F83)
fffff880`02c64000 fffff880`02ca9000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
fffff880`02ca9000 fffff880`02cb2000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`02cb2000 fffff880`02cd8000   pacer    pacer.sys    Mon Jul 13 20:09:41 2009 (4A5BCCC5)
fffff880`02cd8000 fffff880`02cee000   vwififlt vwififlt.sys Mon Jul 13 20:07:22 2009 (4A5BCC3A)
fffff880`02cee000 fffff880`02cfd000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`02cfd000 fffff880`02d1a000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`02d1a000 fffff880`02d35000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
fffff880`02d35000 fffff880`02d49000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
fffff880`02d49000 fffff880`02d9a000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
fffff880`02d9a000 fffff880`02da6000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff880`02da6000 fffff880`02db1000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`02db1000 fffff880`02dbc000   ElbyCDIO ElbyCDIO.sys Thu Dec 17 17:25:16 2009 (4B2AAFCC)
fffff880`02dbc000 fffff880`02dcb000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`02dcb000 fffff880`02de1000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`02de1000 fffff880`02dfc000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`03a00000 fffff880`03a4e000   mrxsmb10 mrxsmb10.sys Sat Feb 27 02:52:28 2010 (4B88CF3C)
fffff880`03a4e000 fffff880`03a71000   mrxsmb20 mrxsmb20.sys Sat Feb 27 02:52:26 2010 (4B88CF3A)
fffff880`03a71000 fffff880`03a7a000   cpuz135_x64 cpuz135_x64.sys Tue Nov 09 08:33:36 2010 (4CD94DB0)
fffff880`03a7a000 fffff880`03a85000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`03a85000 fffff880`03ab2000   srvnet   srvnet.sys   Thu Aug 26 23:37:24 2010 (4C7732F4)
fffff880`03ab9000 fffff880`03b81000   HTTP     HTTP.sys     Mon Jul 13 19:22:16 2009 (4A5BC1A8)
fffff880`03b81000 fffff880`03b9f000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
fffff880`03b9f000 fffff880`03bb7000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`03bb7000 fffff880`03be4000   mrxsmb   mrxsmb.sys   Sat Feb 27 02:52:19 2010 (4B88CF33)
fffff880`03be4000 fffff880`03bf6000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
fffff880`03e00000 fffff880`03e56000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
fffff880`03e56000 fffff880`03e94000   1394ohci 1394ohci.sys Mon Jul 13 20:07:12 2009 (4A5BCC30)
fffff880`03e98000 fffff880`03f1b000   csc      csc.sys      Mon Jul 13 19:24:26 2009 (4A5BC22A)
fffff880`03f1b000 fffff880`03f39000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
fffff880`03f39000 fffff880`03f4a000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`03f4a000 fffff880`03f70000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
fffff880`03f70000 fffff880`03f85000   amdppm   amdppm.sys   Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`03f85000 fffff880`03f8e000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:31:02 2009 (4A5BC3B6)
fffff880`03f8e000 fffff880`03fda000   atikmpag atikmpag.sys Thu Nov 25 21:16:47 2010 (4CEF188F)
fffff880`03fda000 fffff880`03ff7000   parport  parport.sys  Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`04200000 fffff880`0423d000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
fffff880`0423d000 fffff880`0425f000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
fffff880`0425f000 fffff880`04264200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
fffff880`04265000 fffff880`04271000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`04271000 fffff880`04279080   HIDPARSE HIDPARSE.SYS Mon Jul 13 20:06:17 2009 (4A5BCBF9)
fffff880`04286000 fffff880`04295000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`04295000 fffff880`042a4000   VClone   VClone.sys   Sun Aug 09 17:25:45 2009 (4A7F3ED9)
fffff880`042a4000 fffff880`042a5480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`042a6000 fffff880`042e9000   ks       ks.sys       Wed Mar 03 23:32:25 2010 (4B8F37D9)
fffff880`042e9000 fffff880`042fb000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`042fb000 fffff880`04355000   usbhub   usbhub.sys   Mon Jul 13 20:07:09 2009 (4A5BCC2D)
fffff880`04355000 fffff880`04360000   flpydisk flpydisk.sys Mon Jul 13 20:00:54 2009 (4A5BCAB6)
fffff880`04360000 fffff880`04375000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
fffff880`04375000 fffff880`043d1000   HdAudio  HdAudio.sys  Mon Jul 13 20:06:59 2009 (4A5BCC23)
fffff880`043d1000 fffff880`043ee000   cdfs     cdfs.sys     Mon Jul 13 19:19:46 2009 (4A5BC112)
fffff880`043ee000 fffff880`043eff00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
fffff880`043f0000 fffff880`043fe000   hidusb   hidusb.sys   Mon Jul 13 20:06:22 2009 (4A5BCBFE)
fffff880`04800000 fffff880`04824000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
fffff880`04824000 fffff880`04856000   Rt64win7 Rt64win7.sys Thu Feb 26 04:04:13 2009 (49A65B0D)
fffff880`04856000 fffff880`04861000   usbohci  usbohci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`04861000 fffff880`04872000   usbehci  usbehci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`04872000 fffff880`0487f000   fdc      fdc.sys      Mon Jul 13 20:00:54 2009 (4A5BCAB6)
fffff880`0487f000 fffff880`0488b000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`0488b000 fffff880`04897000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`0489a000 fffff880`050ab000   atikmdag atikmdag.sys Thu Nov 25 21:46:44 2010 (4CEF1F94)
fffff880`050ab000 fffff880`0519f000   dxgkrnl  dxgkrnl.sys  Mon Nov 01 22:51:31 2010 (4CCF7CB3)
fffff880`0519f000 fffff880`051e5000   dxgmms1  dxgmms1.sys  Mon Nov 01 22:50:56 2010 (4CCF7C90)
fffff880`051e5000 fffff880`051f5000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`051f5000 fffff880`05200000   hamachi  hamachi.sys  Thu Feb 19 05:36:41 2009 (499D3639)
fffff880`0645d000 fffff880`064c4000   srv2     srv2.sys     Thu Aug 26 23:37:46 2010 (4C77330A)
fffff880`064c4000 fffff880`0655a000   srv      srv.sys      Thu Aug 26 23:38:00 2010 (4C773318)
fffff880`0655a000 fffff880`06590000   fastfat  fastfat.SYS  Mon Jul 13 19:23:28 2009 (4A5BC1F0)
fffff880`08967000 fffff880`08972000   asyncmac asyncmac.sys Mon Jul 13 20:10:13 2009 (4A5BCCE5)
fffff960`00050000 fffff960`00360000   win32k   win32k.sys   Tue Oct 19 23:08:46 2010 (4CBE5D3E)
fffff960`005f0000 fffff960`005fa000   TSDDD    TSDDD.dll    Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff960`006c0000 fffff960`006e7000   cdd      cdd.dll      Tue Nov 02 00:59:22 2010 (4CCF9AAA)
fffff960`00830000 fffff960`00891000   ATMFD    ATMFD.DLL    Tue Oct 19 23:05:45 2010 (4CBE5C89)

Unloaded modules:
fffff880`088f6000 fffff880`08967000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00071000
fffff880`01800000 fffff880`0180e000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`0180e000 fffff880`0181a000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff880`0181a000 fffff880`01823000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00009000
fffff880`01823000 fffff880`01836000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
fffff880`01009000 fffff880`0112e000   sptd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00125000
start             end                 module name
fffff880`03e56000 fffff880`03e94000   1394ohci 1394ohci.sys Mon Jul 13 20:07:12 2009 (4A5BCC30)
fffff880`01166000 fffff880`011bd000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
fffff880`0107c000 fffff880`01106000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`02dcb000 fffff880`02de1000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`03f70000 fffff880`03f85000   amdppm   amdppm.sys   Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`00fa7000 fffff880`00fb2000   amdxata  amdxata.sys  Tue May 19 13:56:59 2009 (4A12F2EB)
fffff880`08967000 fffff880`08972000   asyncmac asyncmac.sys Mon Jul 13 20:10:13 2009 (4A5BCCE5)
fffff880`00e86000 fffff880`00e8f000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`00e8f000 fffff880`00eb9000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
fffff880`0489a000 fffff880`050ab000   atikmdag atikmdag.sys Thu Nov 25 21:46:44 2010 (4CEF1F94)
fffff880`03f8e000 fffff880`03fda000   atikmpag atikmpag.sys Thu Nov 25 21:16:47 2010 (4CEF188F)
fffff960`00830000 fffff960`00891000   ATMFD    ATMFD.DLL    Tue Oct 19 23:05:45 2010 (4CBE5C89)
fffff880`01869000 fffff880`01870000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
fffff880`03f39000 fffff880`03f4a000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`03b81000 fffff880`03b9f000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
fffff960`006c0000 fffff960`006e7000   cdd      cdd.dll      Tue Nov 02 00:59:22 2010 (4CCF9AAA)
fffff880`043d1000 fffff880`043ee000   cdfs     cdfs.sys     Mon Jul 13 19:19:46 2009 (4A5BC112)
fffff880`01836000 fffff880`01860000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`00cf6000 fffff880`00db6000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
fffff880`019cc000 fffff880`019fc000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00c98000 fffff880`00cf6000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`0146b000 fffff880`014de000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
fffff880`051e5000 fffff880`051f5000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`03a71000 fffff880`03a7a000   cpuz135_x64 cpuz135_x64.sys Tue Nov 09 08:33:36 2010 (4CD94DB0)
fffff880`02638000 fffff880`02646000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`03e98000 fffff880`03f1b000   csc      csc.sys      Mon Jul 13 19:24:26 2009 (4A5BC22A)
fffff880`03f1b000 fffff880`03f39000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
fffff880`02dbc000 fffff880`02dcb000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`019b6000 fffff880`019cc000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`0423d000 fffff880`0425f000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
fffff880`02652000 fffff880`0265b000   dump_atapi dump_atapi.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`02646000 fffff880`02652000   dump_ataport dump_ataport.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`0265b000 fffff880`0266e000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
fffff880`04265000 fffff880`04271000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`050ab000 fffff880`0519f000   dxgkrnl  dxgkrnl.sys  Mon Nov 01 22:51:31 2010 (4CCF7CB3)
fffff880`0519f000 fffff880`051e5000   dxgmms1  dxgmms1.sys  Mon Nov 01 22:50:56 2010 (4CCF7C90)
fffff880`02db1000 fffff880`02dbc000   ElbyCDIO ElbyCDIO.sys Thu Dec 17 17:25:16 2009 (4B2AAFCC)
fffff880`0655a000 fffff880`06590000   fastfat  fastfat.SYS  Mon Jul 13 19:23:28 2009 (4A5BC1F0)
fffff880`04872000 fffff880`0487f000   fdc      fdc.sys      Mon Jul 13 20:00:54 2009 (4A5BCAB6)
fffff880`00db6000 fffff880`00dca000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
fffff880`04355000 fffff880`04360000   flpydisk flpydisk.sys Mon Jul 13 20:00:54 2009 (4A5BCAB6)
fffff880`00fb2000 fffff880`00ffe000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
fffff880`014ef000 fffff880`014f9000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
fffff880`0197c000 fffff880`019b6000   fvevol   fvevol.sys   Fri Sep 25 22:34:26 2009 (4ABD7DB2)
fffff880`01879000 fffff880`018c3000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
fffff800`02c1a000 fffff800`02c63000   hal      hal.dll      Mon Jul 13 21:27:36 2009 (4A5BDF08)
fffff880`051f5000 fffff880`05200000   hamachi  hamachi.sys  Thu Feb 19 05:36:41 2009 (499D3639)
fffff880`04800000 fffff880`04824000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
fffff880`04375000 fffff880`043d1000   HdAudio  HdAudio.sys  Mon Jul 13 20:06:59 2009 (4A5BCC23)
fffff880`0181d000 fffff880`01836000   HIDCLASS HIDCLASS.SYS Mon Jul 13 20:06:21 2009 (4A5BCBFD)
fffff880`04271000 fffff880`04279080   HIDPARSE HIDPARSE.SYS Mon Jul 13 20:06:17 2009 (4A5BCBF9)
fffff880`043f0000 fffff880`043fe000   hidusb   hidusb.sys   Mon Jul 13 20:06:22 2009 (4A5BCBFE)
fffff880`03ab9000 fffff880`03b81000   HTTP     HTTP.sys     Mon Jul 13 19:22:16 2009 (4A5BC1A8)
fffff880`01973000 fffff880`0197c000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
fffff880`00c5e000 fffff880`00c6d000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`0261d000 fffff880`0262b000   kbdhid   kbdhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff800`00b9a000 fffff800`00ba4000   kdcom    kdcom.dll    Mon Jul 13 21:31:07 2009 (4A5BDFDB)
fffff880`042a6000 fffff880`042e9000   ks       ks.sys       Wed Mar 03 23:32:25 2010 (4B8F37D9)
fffff880`013a5000 fffff880`013bf000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
fffff880`013bf000 fffff880`013ea000   ksecpkg  ksecpkg.sys  Fri Dec 11 01:03:32 2009 (4B21E0B4)
fffff880`0425f000 fffff880`04264200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
fffff880`026c0000 fffff880`026d5000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`0267c000 fffff880`0269f000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`00c77000 fffff880`00c84000   mcupdate mcupdate.dll Mon Jul 13 21:29:09 2009 (4A5BDF65)
fffff880`0266e000 fffff880`0267c000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
fffff880`04286000 fffff880`04295000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`0262b000 fffff880`02638000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff880`00e6c000 fffff880`00e86000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`03b9f000 fffff880`03bb7000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`03bb7000 fffff880`03be4000   mrxsmb   mrxsmb.sys   Sat Feb 27 02:52:19 2010 (4B88CF33)
fffff880`03a00000 fffff880`03a4e000   mrxsmb10 mrxsmb10.sys Sat Feb 27 02:52:28 2010 (4B88CF3C)
fffff880`03a4e000 fffff880`03a71000   mrxsmb20 mrxsmb20.sys Sat Feb 27 02:52:26 2010 (4B88CF3A)
fffff880`01035000 fffff880`01040000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`011bd000 fffff880`011c7000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`00c00000 fffff880`00c5e000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
fffff880`02da6000 fffff880`02db1000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`01961000 fffff880`01973000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`014f9000 fffff880`015eb000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`0488b000 fffff880`04897000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`02728000 fffff880`0273b000   ndisuio  ndisuio.sys  Mon Jul 13 20:09:25 2009 (4A5BCCB5)
fffff880`02c24000 fffff880`02c53000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`04360000 fffff880`04375000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
fffff880`02cee000 fffff880`02cfd000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`02c64000 fffff880`02ca9000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
fffff880`01400000 fffff880`01460000   NETIO    NETIO.SYS    Mon Jul 13 19:21:46 2009 (4A5BC18A)
fffff880`01040000 fffff880`01051000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`02d9a000 fffff880`02da6000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff800`02c63000 fffff800`0323f000   nt       ntkrnlmp.exe Sat Jun 19 00:16:41 2010 (4C1C44A9)
fffff880`01202000 fffff880`013a5000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
fffff880`01860000 fffff880`01869000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`026d5000 fffff880`02728000   nwifi    nwifi.sys    Mon Jul 13 20:07:23 2009 (4A5BCC3B)
fffff880`02cb2000 fffff880`02cd8000   pacer    pacer.sys    Mon Jul 13 20:09:41 2009 (4A5BCCC5)
fffff880`03fda000 fffff880`03ff7000   parport  parport.sys  Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`011d4000 fffff880`011e9000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00f74000 fffff880`00fa7000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`01000000 fffff880`01007000   pciide   pciide.sys   Mon Jul 13 19:19:49 2009 (4A5BC115)
fffff880`00e5c000 fffff880`00e6c000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`014de000 fffff880`014ef000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`02753000 fffff880`027f9000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`04200000 fffff880`0423d000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
fffff880`00c84000 fffff880`00c98000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`00dca000 fffff880`00dd5e00   PxHlpa64 PxHlpa64.sys Tue Jun 23 19:16:35 2009 (4A416253)
fffff880`02c00000 fffff880`02c24000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`02de1000 fffff880`02dfc000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`01106000 fffff880`01127000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
fffff880`00dd6000 fffff880`00df0000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`02d49000 fffff880`02d9a000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
fffff880`00df0000 fffff880`00dfb000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
fffff880`01870000 fffff880`01879000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`01460000 fffff880`01469000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`0102c000 fffff880`01035000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`01927000 fffff880`01961000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
fffff880`0273b000 fffff880`02753000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`04824000 fffff880`04856000   Rt64win7 Rt64win7.sys Thu Feb 26 04:04:13 2009 (49A65B0D)
fffff880`01137000 fffff880`01166000   SCSIPORT SCSIPORT.SYS Mon Jul 13 20:01:04 2009 (4A5BCAC0)
fffff880`03a7a000 fffff880`03a85000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`0487f000 fffff880`0488b000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`02cfd000 fffff880`02d1a000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`0191f000 fffff880`01927000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`064c4000 fffff880`0655a000   srv      srv.sys      Thu Aug 26 23:38:00 2010 (4C773318)
fffff880`0645d000 fffff880`064c4000   srv2     srv2.sys     Thu Aug 26 23:37:46 2010 (4C77330A)
fffff880`03a85000 fffff880`03ab2000   srvnet   srvnet.sys   Thu Aug 26 23:37:24 2010 (4C7732F4)
fffff880`042a4000 fffff880`042a5480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`02c53000 fffff880`02c60000   tap0901t tap0901t.sys Wed Sep 16 02:02:43 2009 (4AB07F83)
fffff880`01601000 fffff880`017fe000   tcpip    tcpip.sys    Sun Jun 13 23:39:04 2010 (4C15A458)
fffff880`03be4000 fffff880`03bf6000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
fffff880`0106f000 fffff880`0107c000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
fffff880`01051000 fffff880`0106f000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
fffff880`02d35000 fffff880`02d49000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
fffff960`005f0000 fffff960`005fa000   TSDDD    TSDDD.dll    Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`03f4a000 fffff880`03f70000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
fffff880`042e9000 fffff880`042fb000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`01800000 fffff880`0181d000   usbccgp  usbccgp.sys  Mon Jul 13 20:06:45 2009 (4A5BCC15)
fffff880`043ee000 fffff880`043eff00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
fffff880`04861000 fffff880`04872000   usbehci  usbehci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`042fb000 fffff880`04355000   usbhub   usbhub.sys   Mon Jul 13 20:07:09 2009 (4A5BCC2D)
fffff880`04856000 fffff880`04861000   usbohci  usbohci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`03e00000 fffff880`03e56000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
fffff880`04295000 fffff880`042a4000   VClone   VClone.sys   Sun Aug 09 17:25:45 2009 (4A7F3ED9)
fffff880`011c7000 fffff880`011d4000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`015eb000 fffff880`015f9000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`01007000 fffff880`0102c000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`018c3000 fffff880`018d3000   vmstorfl vmstorfl.sys Mon Jul 13 19:42:54 2009 (4A5BC67E)
fffff880`011e9000 fffff880`011fe000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`00e00000 fffff880`00e5c000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
fffff880`018d3000 fffff880`0191f000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
fffff880`02cd8000 fffff880`02cee000   vwififlt vwififlt.sys Mon Jul 13 20:07:22 2009 (4A5BCC3A)
fffff880`02d1a000 fffff880`02d35000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
fffff880`013ea000 fffff880`013fa000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`00ec1000 fffff880`00f65000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
fffff880`00f65000 fffff880`00f74000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`02ca9000 fffff880`02cb2000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff960`00050000 fffff960`00360000   win32k   win32k.sys   Tue Oct 19 23:08:46 2010 (4CBE5D3E)
fffff880`03f85000 fffff880`03f8e000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:31:02 2009 (4A5BC3B6)
fffff880`0112e000 fffff880`01137000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`0269f000 fffff880`026c0000   WudfPf   WudfPf.sys   Mon Jul 13 20:05:37 2009 (4A5BCBD1)

Unloaded modules:
fffff880`088f6000 fffff880`08967000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00071000
fffff880`01800000 fffff880`0180e000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`0180e000 fffff880`0181a000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff880`0181a000 fffff880`01823000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00009000
fffff880`01823000 fffff880`01836000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
fffff880`01009000 fffff880`0112e000   sptd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00125000
Bugcheck code 0000003B
Arguments 00000000`c0000005 fffff960`0014f659 fffff880`0287dfa0 00000000`00000000
```
First thing of note is at the bottom - the unloaded module named sptd.sys This is a component of Daemon Tools/Alcohol 120%. Please uninstall it (if you haven't already), then use this free tool to remove the offending sptd.sys driver: DuplexSecure - FAQ

Here's the STACK TEXT (I stripped off the address' to make it easier to explain):


> STACK_TEXT:
> win32k!IdleTimerProc+0xad
> win32k!xxxHungAppDemon+0xb
> win32k!TimersProc+0xf1
> ...


The stack text is read from the bottom up - so the 0x7fe`fd883d3a happened first. It sent ntoskrnl.exe (the nt! thing) to end copying of some sort. Because we're using minidumps (they only hold info about the kernel mode), there's no information on what's located at the user mode addresses in memory. So, the 0x7fe`fd883d3a stuff is either an invalid/incorrect address, or it's an address of a user mode module.

That's not much help - except if it's a user mode address. In that case, we've run Driver Verifier for 3rd party drivers and haven't had a Driver Verifier enabled memory dump.

So, I wonder if the key to this lies in the exceptions to the rules we discussed earlier. Could it be that there's a Microsoft driver that's causing this? Or, is it that the testing settings you used in Driver Verifier weren't strict enough?

So, let's try 2 things:
1 - run Driver Verifier with stricter settings: Driver Verifier Settings This will rule out any unusual circumstances and will run all tests (except for Low Resource Simulation) on all non-Microsoft drivers.
2 - run Driver Verifier with settings for Microsoft drivers only (all those that weren't selected in the previous step). The point here is that you will have run all Driver Verifier tests on all drivers in the system in 2 separate steps - non-Microsoft drivers and then Microsoft drivers (makes it easier to sort out where the problem lies than if we did them all together).


----------



## usasma (Apr 11, 2009)

This is just a hunch. I'd suggest running these free tests as you have time (overnight is a good time if you're not using the system then).



> I suggest starting all troubleshooting with the following diagnostic tests. They'll save you a lot of time and heartache if there is a hardware failure, and you'll have the disks on hand in case you need them in the future:
> 
> 
> > *H/W Diagnostics:*
> ...


----------



## valouris (Dec 17, 2008)

weird, i never installed daemon tools or alcohol here, and the removal tool you told me to download didnt find anything to uninstall either. 

just wanted to say this, will proceed sometime to do the other stuff as well


----------



## usasma (Apr 11, 2009)

Not a problem. It's odd that sptd.sys is listed as unloaded also. It's located in C:\Windows\System32\drivers (according to your MSINFO32 report)


> sptd	sptd	c:\windows\system32\drivers\sptd.sys	Kernel Driver	No	Boot	Stopped	OK	Normal	No	No


Please go there and rename it to sptd.*BAK* That'll stop the bugger from loading! :0)


----------



## valouris (Dec 17, 2008)

i found it and renamed it. just wanted to say thanks again for all your trouble.

ill run the verifier and the diagnostics when i buy some blank cds, its sunday today and i cant  
I am hoping they dont find anything disturbing, especially as far as RAM is concerned, but I fear that they will find a faulty hard drive, i've been dreading this for a long time now cuz its quite old


----------



## usasma (Apr 11, 2009)

Good luck, we'll be notified when you next reply.


----------



## valouris (Dec 17, 2008)

still havent got a bsod, but something to note. these past few days ive been experiencing some weird hiccups while i use my pc, especially noticeable when i am listening to music or watching a video file, the sound gets a bit stuck and "trains" for a little while (sort of like what you hear if something is playing and you get a bsod) but then the pc continues working as if everything is okay.

is this another symptom or is it because the veriier is putting a strain on the drivers?


----------



## usasma (Apr 11, 2009)

Yes...
Maybe...
No...
Could be...

Seriously, I don't have a clue about that. That's usually symptomatic of something hanging or slowing down - and that can be almost anything from the hard drive to the sound device, to any number of OS/driver functions. If it's spitting errors into eventvwr.msc we might get a clue by looking at the entries at the time it occurs.


----------



## valouris (Dec 17, 2008)

Hi!

It's been such a long time and I actually havent had any BSODs for a while... although I didnt change anything since the last one. I didnt even change the verifier settings. Im starting to thing that the verifier is actually preventing my system from crashing...is there any possible mechanism that could explain this? The system is constantly having some slight weird hiccups that I explained, particularly when playing audio and video (videogames run top notch). This is going to sound stupid, but I feel that these hiccups is where the system would crash before, but now doesnt for some reason...

still havent done the memory and hdd diagnostics, will do them in the next few days


----------



## usasma (Apr 11, 2009)

No, it's not possible that Verifier is stopping the BSOD's.
But, this isn't the first time that this has happened.

I would be very interested to know what's causing it, but that's gonna take a lot of testing. You can do this by removing the setting for a couple of the tests - and then see what happens.

By process of elimination you'd be able to see what test was causing the BSOD's to stop. Then maybe we could track that to a piece of hardware (or something else).

I'd think that this makes the hard drive and memory diagnostics more important to us also. Make sure to run the memory diagnostic overnight (in case 3 passes isn't enough to see anything wrong).


----------

