# [SOLVED] BSOD cdd.dll



## Searinox (Nov 21, 2008)

I seem to have trouble debugging this one, help much appreciated. I am getting a wrong symbols error even though the download path is right. The crash occured just as I exited Portal, right when the final black screen flash is supposed to occur before the desktop is visible. I mention that both game and desktop have the same resolution.

OS: Windows 7 Ultimate x64
*Please change dump extension from txt to dmp, was used for upload convenience.*


----------



## jcgriff2 (Sep 30, 2007)

*Re: BSOD cdd.dll*

Hi - 

Unfortunately, the Microsoft MSLD SYM site used to obtain symbol files to identify Microsoft OS drivers is unable to ID the NT Kernel in your Windows 7 x64 system.

Run the System File Checker/ Repair utility -
START | type *cmd.exe* into the start search box | right-click on cmd.exe | select run as Administrator | the black cmd/DOS screen will appear | type the following:

```
[font=lucida console]sfc /scannow[/font]
```
Upon completion re-boot to allow files in use to be repaired.

SFC general info - http://support.microsoft.com/kb/936212
SFC & the CBS log - http://support.microsoft.com/kb/928228

Validate your Vista SP2 installation at the Microsoft Genuine Advantage site.

WGA --> www.microsoft.com/genuine


Regards. . .

jcgriff2

.


Windows 7 x64 - - bugcheck = 0x50 

```
[font=lucida console]
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PalmDesert7\_jcgriff2_\dbug\__Kernel__\!!_\030410-78953-01.txt_.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

WARNING: Whitespace at end of path element
Symbol search path is: SRV*C:\symbols*http://msdl.microsoft.com/download/symbols


Executable search path is: 
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff800`02854000 PsLoadedModuleList = 0xfffff800`02a91e50
Debug session time: Thu Mar  4 03:50:36.202 2010 (GMT-5)
System Uptime: 0 days 17:37:23.858
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.......
Loading User Symbols
Loading unloaded module list
....................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff900c2a8f7a0, 0, fffff960006edc51, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : cdd.dll ( cdd!CddBitmapHw::Release+31 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff900c2a8f7a0, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff960006edc51, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************

ADDITIONAL_DEBUG_TEXT:  
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: cdd

FAULTING_MODULE: fffff80002854000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bde94

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
 fffff900c2a8f7a0 

FAULTING_IP: 
cdd!CddBitmapHw::Release+31
fffff960`006edc51 483b9080070000  cmp     rdx,qword ptr [rax+780h]

MM_INTERNAL_CODE:  0

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800029451e4 to fffff800028c5f00

STACK_TEXT:  
fffff880`099814f8 fffff800`029451e4 : 00000000`00000050 fffff900`c2a8f7a0 00000000`00000000 fffff880`09981660 : nt+0x71f00
fffff880`09981500 00000000`00000050 : fffff900`c2a8f7a0 00000000`00000000 fffff880`09981660 00000000`00000000 : nt+0xf11e4
fffff880`09981508 fffff900`c2a8f7a0 : 00000000`00000000 fffff880`09981660 00000000`00000000 fffffa80`0a42e898 : 0x50
fffff880`09981510 00000000`00000000 : fffff880`09981660 00000000`00000000 fffffa80`0a42e898 fffff880`09981680 : 0xfffff900`c2a8f7a0


STACK_COMMAND:  .bugcheck ; kb

FOLLOWUP_IP: 
cdd!CddBitmapHw::Release+31
fffff960`006edc51 483b9080070000  cmp     rdx,qword ptr [rax+780h]

SYMBOL_NAME:  cdd!CddBitmapHw::Release+31

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  cdd.dll

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------

windbg> .cmdtree C:\jcgriff2_cmdtree.txt
0: kd> lmo D sm
start             end                 module name
fffff880`01182000 fffff880`011d9000   ACPI       (deferred)             
fffff880`0a50e000 fffff880`0a526000   adfs       (deferred)             
fffff880`02cfe000 fffff880`02d88000   afd        (deferred)             
fffff880`03fde000 fffff880`03ff4000   AgileVpn   (deferred)             
fffff880`00e5d000 fffff880`00e68000   amdxata    (deferred)             
fffff880`03f8e000 fffff880`03fb0000   AnyDVD     (deferred)             
fffff880`03200000 fffff880`03242000   asa2cm3v   (deferred)             
fffff880`043c8000 fffff880`043d0000   ASACPI     (deferred)             
fffff880`00e2a000 fffff880`00e33000   atapi      (deferred)             
fffff880`00e33000 fffff880`00e5d000   ataport    (deferred)             
fffff880`04214000 fffff880`04391000   athrx      (deferred)             
fffff960`00860000 fffff960`008c1000   ATMFD      (deferred)             
fffff880`0296c000 fffff880`02973000   Beep       (deferred)             
fffff880`030a1000 fffff880`030b2000   blbdrive   (deferred)             
fffff880`09ed3000 fffff880`09ef1000   bowser     (deferred)             
fffff880`05000000 fffff880`05010000   BthEnum    (deferred)             
fffff880`04400000 fffff880`04420000   bthpan     (deferred)             
fffff880`05340000 fffff880`053cc000   bthport    (deferred)             
fffff880`05328000 fffff880`05340000   BTHUSB     (deferred)             
fffff960`006e0000 fffff960`00707000   cdd        (pdb symbols)          c:\symbols\cdd.pdb\9453D09218BC4F218E8A13374D5DD2A41\cdd.pdb
fffff880`02884000 fffff880`028ae000   cdrom      (deferred)             
fffff880`00c00000 fffff880`00cc0000   CI         (deferred)             
fffff880`01200000 fffff880`01230000   CLASSPNP   (deferred)             
fffff880`00d1e000 fffff880`00d7c000   CLFS       (deferred)             
fffff880`028ae000 fffff880`028cf000   cmdguard   (deferred)             
fffff880`0283c000 fffff880`02847000   cmdhlp     (deferred)             
fffff880`014d3000 fffff880`01546000   cng        (deferred)             
fffff880`03242000 fffff880`03252000   CompositeBus   (deferred)             
fffff880`052a7000 fffff880`052b5000   crashdmp   (deferred)             
fffff880`03000000 fffff880`03083000   csc        (deferred)             
fffff880`03083000 fffff880`030a1000   dfsc       (deferred)             
fffff880`031ea000 fffff880`031f9000   discache   (deferred)             
fffff880`0143a000 fffff880`01450000   disk       (deferred)             
fffff880`0527f000 fffff880`052a1000   drmk       (deferred)             
fffff880`052c1000 fffff880`052ca000   dump_atapi   (deferred)             
fffff880`052b5000 fffff880`052c1000   dump_ataport   (deferred)             
fffff880`052ca000 fffff880`052dd000   dump_dumpfve   (deferred)             
fffff880`04420000 fffff880`0442c000   Dxapi      (deferred)             
fffff880`0407c000 fffff880`04170000   dxgkrnl    (deferred)             
fffff880`04170000 fffff880`041b6000   dxgmms1    (deferred)             
fffff880`0886a000 fffff880`0893c000   eamon      (deferred)             
fffff880`0314f000 fffff880`031c5000   eeCtrl64   (deferred)             
fffff880`02973000 fffff880`02996000   ehdrv      (deferred)             
fffff880`03fb0000 fffff880`03fbe000   ElbyCDFL   (deferred)             
fffff880`03144000 fffff880`0314f000   ElbyCDIO   (deferred)             
fffff880`0b6df000 fffff880`0b6ff000   ENG64      (deferred)             
fffff880`0a526000 fffff880`0a546000   epfwwfpr   (deferred)             
fffff880`031c5000 fffff880`031ea000   EraserUtilRebootDrv   (deferred)             
fffff880`02a00000 fffff880`02bad000   EX64       (deferred)             
fffff880`0942f000 fffff880`09465000   fastfat    (deferred)             
fffff880`0439e000 fffff880`043ab000   fdc        (deferred)             
fffff880`00e68000 fffff880`00e7c000   fileinfo   (deferred)             
fffff880`045ce000 fffff880`045d9000   flpydisk   (deferred)             
fffff880`00d7c000 fffff880`00dc8000   fltmgr     (deferred)             
fffff880`01557000 fffff880`01561000   Fs_Rec     (deferred)             
fffff880`01400000 fffff880`0143a000   fvevol     (deferred)             
fffff880`01561000 fffff880`015ab000   fwpkclnt   (deferred)             
fffff880`03fbe000 fffff880`03fcb000   GEARAspiWDM   (deferred)             
fffff880`03fcb000 fffff880`03fde000   GenericMount   (deferred)             
fffff800`0280b000 fffff800`02854000   hal        (deferred)             
fffff880`044f5000 fffff880`04500000   hamachi    (deferred)             
fffff880`09fa6000 fffff880`09fb2000   hcmon      (deferred)             
fffff880`041c3000 fffff880`041e7000   HDAudBus   (deferred)             
fffff880`09e0b000 fffff880`09ed3000   HTTP       (deferred)             
fffff880`016bc000 fffff880`016c5000   hwpolicy   (deferred)             
fffff880`043d0000 fffff880`043ee000   i8042prt   (deferred)             
fffff880`02de1000 fffff880`02df8000   inspect    (deferred)             
fffff880`011f0000 fffff880`011f8000   intelide   (deferred)             
fffff880`02cca000 fffff880`02ce0000   intelppm   (deferred)             
fffff880`043ee000 fffff880`043fd000   kbdclass   (deferred)             
fffff800`02617000 fffff800`02621000   kdcom      (deferred)             
fffff880`0450d000 fffff880`04550000   ks         (deferred)             
fffff880`014b9000 fffff880`014d3000   ksecdd     (deferred)             
fffff880`01660000 fffff880`0168b000   ksecpkg    (deferred)             
fffff880`052a1000 fffff880`052a6200   ksthunk    (deferred)             
fffff880`041e7000 fffff880`041fb000   l160x64    (deferred)             
fffff880`0896d000 fffff880`08982000   lltdio     (deferred)             
fffff880`0443a000 fffff880`0445d000   luafv      (deferred)             
fffff880`00cc6000 fffff880`00d0a000   mcupdate   (deferred)             
fffff880`0a546000 fffff880`0a54a280   mdmxsdk    (deferred)             
fffff880`0442c000 fffff880`0443a000   monitor    (deferred)             
fffff880`04067000 fffff880`04076000   mouclass   (deferred)             
fffff880`00e10000 fffff880`00e2a000   mountmgr   (deferred)             
fffff880`09ef1000 fffff880`09f09000   mpsdrv     (deferred)             
fffff880`09f09000 fffff880`09f36000   mrxsmb     (deferred)             
fffff880`09f36000 fffff880`09f83000   mrxsmb10   (deferred)             
fffff880`09f83000 fffff880`09fa6000   mrxsmb20   (deferred)             
fffff880`029f4000 fffff880`029ff000   Msfs       (deferred)             
fffff880`011d9000 fffff880`011e3000   msisadrv   (deferred)             
fffff880`0145b000 fffff880`014b9000   msrpc      (deferred)             
fffff880`03139000 fffff880`03144000   mssmbios   (deferred)             
fffff880`016aa000 fffff880`016bc000   mup        (deferred)             
fffff880`016c9000 fffff880`017bb000   ndis       (deferred)             
fffff880`03ff4000 fffff880`04000000   ndistapi   (deferred)             
fffff880`089d5000 fffff880`089e8000   ndisuio    (deferred)             
fffff880`04463000 fffff880`04492000   ndiswan    (deferred)             
fffff880`045d9000 fffff880`045ee000   NDProxy    (deferred)             
fffff880`02c16000 fffff880`02c25000   netbios    (deferred)             
fffff880`02d88000 fffff880`02dcd000   netbt      (deferred)             
fffff880`01600000 fffff880`01660000   NETIO      (deferred)             
fffff880`02800000 fffff880`02811000   Npfs       (deferred)             
fffff880`0312d000 fffff880`03139000   nsiproxy   (deferred)             
fffff800`02854000 fffff800`02e31000   nt       T (no symbols)           
fffff880`01258000 fffff880`013fb000   Ntfs       (deferred)             
fffff880`02963000 fffff880`0296c000   Null       (deferred)             
fffff880`03f80000 fffff880`03f81180   nvBridge   (deferred)             
fffff880`03259000 fffff880`03f7f700   nvlddmkm   (deferred)             
fffff880`08982000 fffff880`089d5000   nwifi      (deferred)             
fffff880`043ab000 fffff880`043c8000   parport    (deferred)             
fffff880`01000000 fffff880`01015000   partmgr    (deferred)             
fffff880`00f53000 fffff880`00f86000   pci        (deferred)             
fffff880`011f8000 fffff880`011ff000   pciide     (deferred)             
fffff880`00e00000 fffff880`00e10000   PCIIDEX    (deferred)             
fffff880`01546000 fffff880`01557000   pcw        (deferred)             
fffff880`0a54b000 fffff880`0a5f1000   peauth     (deferred)             
fffff880`05242000 fffff880`0527f000   portcls    (deferred)             
fffff880`00d0a000 fffff880`00d1e000   PSHED      (deferred)             
fffff880`02847000 fffff880`0286b000   rasl2tp    (deferred)             
fffff880`04492000 fffff880`044ad000   raspppoe   (deferred)             
fffff880`044ad000 fffff880`044ce000   raspptp    (deferred)             
fffff880`044ce000 fffff880`044e8000   rassstp    (deferred)             
fffff880`030dc000 fffff880`0312d000   rdbss      (deferred)             
fffff880`04500000 fffff880`0450b000   rdpbus     (deferred)             
fffff880`029d9000 fffff880`029e2000   RDPCDD     (deferred)             
fffff880`0b7b8000 fffff880`0b7e6000   rdpdr      (deferred)             
fffff880`029e2000 fffff880`029eb000   rdpencdd   (deferred)             
fffff880`029eb000 fffff880`029f4000   rdprefmp   (deferred)             
fffff880`0880a000 fffff880`08842000   RDPWD      (deferred)             
fffff880`017bb000 fffff880`017f5000   rdyboost   (deferred)             
fffff880`053cc000 fffff880`053f8000   rfcomm     (deferred)             
fffff880`089e8000 fffff880`08a00000   rspndr     (deferred)             
fffff880`0501a000 fffff880`05241f80   RTKVHD64   (deferred)             
fffff880`02cb1000 fffff880`02cca000   SCDEmu     (deferred)             
fffff880`01153000 fffff880`01182000   SCSIPORT   (deferred)             
fffff880`0a5f1000 fffff880`0a5fc000   secdrv     (deferred)             
fffff880`03f82000 fffff880`03f8e000   serenum    (deferred)             
fffff880`02c25000 fffff880`02c42000   serial     (deferred)             
fffff880`016a3000 fffff880`016aa000   speedfan   (deferred)             
fffff880`0169b000 fffff880`016a3000   spldr      (deferred)             
fffff880`01016000 fffff880`0114a000   splm       (deferred)             
fffff880`028cf000 fffff880`02943000   SRTSP64    (deferred)             
fffff880`02be9000 fffff880`02bfd000   SRTSPX64   (deferred)             
fffff880`0b600000 fffff880`0b698000   srv        (deferred)             
fffff880`0b74f000 fffff880`0b7b8000   srv2       (deferred)             
fffff880`0a400000 fffff880`0a42d000   srvnet     (deferred)             
fffff880`052fc000 fffff880`0530cd00   STREAM     (deferred)             
fffff880`0450b000 fffff880`0450c480   swenum     (deferred)             
fffff880`02bb3000 fffff880`02be9000   SYMEVENT64x86   (deferred)             
fffff880`00dc8000 fffff880`00df6000   symsnap    (deferred)             
fffff880`044e8000 fffff880`044f5000   tap0901    (deferred)             
fffff880`01802000 fffff880`019ff000   tcpip      (deferred)             
fffff880`09fd2000 fffff880`09fe4000   tcpipreg   (deferred)             
fffff880`0282f000 fffff880`0283c000   TDI        (deferred)             
fffff880`0b7e6000 fffff880`0b7f1000   tdtcp      (deferred)             
fffff880`02811000 fffff880`0282f000   tdx        (deferred)             
fffff880`02c9d000 fffff880`02cb1000   termdd     (deferred)             
fffff880`02c5d000 fffff880`02c9d000   truecrypt   (deferred)             
fffff960`004a0000 fffff960`004aa000   TSDDD      (deferred)             
fffff880`0b7f1000 fffff880`0b800000   tssecsrv   (deferred)             
fffff880`030b2000 fffff880`030d8000   tunnel     (deferred)             
fffff880`04550000 fffff880`04562000   umbus      (deferred)             
fffff880`0530d000 fffff880`05327c00   usbaudio   (deferred)             
fffff880`052dd000 fffff880`052fa000   usbccgp    (deferred)             
fffff880`052fa000 fffff880`052fbf00   USBD       (deferred)             
fffff880`04056000 fffff880`04067000   usbehci    (deferred)             
fffff880`04574000 fffff880`045ce000   usbhub     (deferred)             
fffff880`04000000 fffff880`04056000   USBPORT    (deferred)             
fffff880`041b6000 fffff880`041c3000   usbuhci    (deferred)             
fffff880`0b72a000 fffff880`0b739000   v2imount   (deferred)             
fffff880`011e3000 fffff880`011f0000   vdrvroot   (deferred)             
fffff880`02996000 fffff880`029a4000   vga        (deferred)             
fffff880`029a4000 fffff880`029c9000   VIDEOPRT   (deferred)             
fffff880`09fb2000 fffff880`09fca000   vmci       (deferred)             
fffff880`04200000 fffff880`0420b000   VMkbd      (deferred)             
fffff880`0456a000 fffff880`04574000   VMNET      (deferred)             
fffff880`04562000 fffff880`0456a000   vmnetadapter   (deferred)             
fffff880`0895d000 fffff880`0896d000   vmnetbridge   (deferred)             
fffff880`0b739000 fffff880`0b743000   vmnetuserif   (deferred)             
fffff880`09fca000 fffff880`09fd2000   VMparport   (deferred)             
fffff880`0168b000 fffff880`0169b000   vmstorfl   (deferred)             
fffff880`0a438000 fffff880`0a50e000   vmx86      (deferred)             
fffff880`00f86000 fffff880`00f9b000   volmgr     (deferred)             
fffff880`00f9b000 fffff880`00ff7000   volmgrx    (deferred)             
fffff880`015ab000 fffff880`015f7000   volsnap    (deferred)             
fffff880`0b743000 fffff880`0b74f000   vstor2_ws60   (deferred)             
fffff880`04391000 fffff880`0439e000   vwifibus   (deferred)             
fffff880`02c00000 fffff880`02c16000   vwififlt   (deferred)             
fffff880`08800000 fffff880`0880a000   vwifimp    (deferred)             
fffff880`05605000 fffff880`057ff000   VX1000     (deferred)             
fffff880`02c42000 fffff880`02c5d000   wanarp     (deferred)             
fffff880`029c9000 fffff880`029d9000   watchdog   (deferred)             
fffff880`00ea0000 fffff880`00f44000   Wdf01000   (deferred)             
fffff880`00f44000 fffff880`00f53000   WDFLDR     (deferred)             
fffff880`02dd8000 fffff880`02de1000   wfplwf     (deferred)             
fffff960`000d0000 fffff960`003df000   win32k     (deferred)             
fffff880`0114a000 fffff880`01153000   WMILIB     (deferred)             
fffff880`02dcd000 fffff880`02dd8000   ws2ifsl    (deferred)             
fffff880`0893c000 fffff880`0895d000   WudfPf     (deferred)             
fffff880`0b698000 fffff880`0b6c9000   WUDFRd     (deferred)             
0: kd> lme D sm
start             end                 module name
fffff800`02854000 fffff800`02e31000   nt       T (no symbols)           
0: kd> !for_each_module .echo @#ModuleIndex : @#Base @#End @#ModuleName @#ImageName  @#LoadedImageName
00 : fffff80002617000 fffff80002621000 kdcom kdcom.dll
01 : fffff8000280b000 fffff80002854000 hal hal.dll
02 : fffff80002854000 fffff80002e31000 nt ntoskrnl.exe  ntoskrnl.exe
03 : fffff88000c00000 fffff88000cc0000 CI CI.dll
04 : fffff88000cc6000 fffff88000d0a000 mcupdate mcupdate.dll
05 : fffff88000d0a000 fffff88000d1e000 PSHED PSHED.dll
06 : fffff88000d1e000 fffff88000d7c000 CLFS CLFS.SYS
07 : fffff88000d7c000 fffff88000dc8000 fltmgr fltmgr.sys
08 : fffff88000dc8000 fffff88000df6000 symsnap symsnap.sys
09 : fffff88000e00000 fffff88000e10000 PCIIDEX PCIIDEX.SYS
0a : fffff88000e10000 fffff88000e2a000 mountmgr mountmgr.sys
0b : fffff88000e2a000 fffff88000e33000 atapi atapi.sys
0c : fffff88000e33000 fffff88000e5d000 ataport ataport.SYS
0d : fffff88000e5d000 fffff88000e68000 amdxata amdxata.sys
0e : fffff88000e68000 fffff88000e7c000 fileinfo fileinfo.sys
0f : fffff88000ea0000 fffff88000f44000 Wdf01000 Wdf01000.sys
10 : fffff88000f44000 fffff88000f53000 WDFLDR WDFLDR.SYS
11 : fffff88000f53000 fffff88000f86000 pci pci.sys
12 : fffff88000f86000 fffff88000f9b000 volmgr volmgr.sys
13 : fffff88000f9b000 fffff88000ff7000 volmgrx volmgrx.sys
14 : fffff88001000000 fffff88001015000 partmgr partmgr.sys
15 : fffff88001016000 fffff8800114a000 splm splm.sys
16 : fffff8800114a000 fffff88001153000 WMILIB WMILIB.SYS
17 : fffff88001153000 fffff88001182000 SCSIPORT SCSIPORT.SYS
18 : fffff88001182000 fffff880011d9000 ACPI ACPI.sys
19 : fffff880011d9000 fffff880011e3000 msisadrv msisadrv.sys
1a : fffff880011e3000 fffff880011f0000 vdrvroot vdrvroot.sys
1b : fffff880011f0000 fffff880011f8000 intelide intelide.sys
1c : fffff880011f8000 fffff880011ff000 pciide pciide.sys
1d : fffff88001200000 fffff88001230000 CLASSPNP CLASSPNP.SYS
1e : fffff88001258000 fffff880013fb000 Ntfs Ntfs.sys
1f : fffff88001400000 fffff8800143a000 fvevol fvevol.sys
20 : fffff8800143a000 fffff88001450000 disk disk.sys
21 : fffff8800145b000 fffff880014b9000 msrpc msrpc.sys
22 : fffff880014b9000 fffff880014d3000 ksecdd ksecdd.sys
23 : fffff880014d3000 fffff88001546000 cng cng.sys
24 : fffff88001546000 fffff88001557000 pcw pcw.sys
25 : fffff88001557000 fffff88001561000 Fs_Rec Fs_Rec.sys
26 : fffff88001561000 fffff880015ab000 fwpkclnt fwpkclnt.sys
27 : fffff880015ab000 fffff880015f7000 volsnap volsnap.sys
28 : fffff88001600000 fffff88001660000 NETIO NETIO.SYS
29 : fffff88001660000 fffff8800168b000 ksecpkg ksecpkg.sys
2a : fffff8800168b000 fffff8800169b000 vmstorfl vmstorfl.sys
2b : fffff8800169b000 fffff880016a3000 spldr spldr.sys
2c : fffff880016a3000 fffff880016aa000 speedfan speedfan.sys
2d : fffff880016aa000 fffff880016bc000 mup mup.sys
2e : fffff880016bc000 fffff880016c5000 hwpolicy hwpolicy.sys
2f : fffff880016c9000 fffff880017bb000 ndis ndis.sys
30 : fffff880017bb000 fffff880017f5000 rdyboost rdyboost.sys
31 : fffff88001802000 fffff880019ff000 tcpip tcpip.sys
32 : fffff88002800000 fffff88002811000 Npfs Npfs.SYS
33 : fffff88002811000 fffff8800282f000 tdx tdx.sys
34 : fffff8800282f000 fffff8800283c000 TDI TDI.SYS
35 : fffff8800283c000 fffff88002847000 cmdhlp cmdhlp.sys
36 : fffff88002847000 fffff8800286b000 rasl2tp rasl2tp.sys
37 : fffff88002884000 fffff880028ae000 cdrom cdrom.sys
38 : fffff880028ae000 fffff880028cf000 cmdguard cmdguard.sys
39 : fffff880028cf000 fffff88002943000 SRTSP64 SRTSP64.SYS
3a : fffff88002963000 fffff8800296c000 Null Null.SYS
3b : fffff8800296c000 fffff88002973000 Beep Beep.SYS
3c : fffff88002973000 fffff88002996000 ehdrv ehdrv.sys
3d : fffff88002996000 fffff880029a4000 vga vga.sys
3e : fffff880029a4000 fffff880029c9000 VIDEOPRT VIDEOPRT.SYS
3f : fffff880029c9000 fffff880029d9000 watchdog watchdog.sys
40 : fffff880029d9000 fffff880029e2000 RDPCDD RDPCDD.sys
41 : fffff880029e2000 fffff880029eb000 rdpencdd rdpencdd.sys
42 : fffff880029eb000 fffff880029f4000 rdprefmp rdprefmp.sys
43 : fffff880029f4000 fffff880029ff000 Msfs Msfs.SYS
44 : fffff88002a00000 fffff88002bad000 EX64 EX64.SYS
45 : fffff88002bb3000 fffff88002be9000 SYMEVENT64x86 SYMEVENT64x86.SYS
46 : fffff88002be9000 fffff88002bfd000 SRTSPX64 SRTSPX64.SYS
47 : fffff88002c00000 fffff88002c16000 vwififlt vwififlt.sys
48 : fffff88002c16000 fffff88002c25000 netbios netbios.sys
49 : fffff88002c25000 fffff88002c42000 serial serial.sys
4a : fffff88002c42000 fffff88002c5d000 wanarp wanarp.sys
4b : fffff88002c5d000 fffff88002c9d000 truecrypt truecrypt.sys
4c : fffff88002c9d000 fffff88002cb1000 termdd termdd.sys
4d : fffff88002cb1000 fffff88002cca000 SCDEmu SCDEmu.SYS
4e : fffff88002cca000 fffff88002ce0000 intelppm intelppm.sys
4f : fffff88002cfe000 fffff88002d88000 afd afd.sys
50 : fffff88002d88000 fffff88002dcd000 netbt netbt.sys
51 : fffff88002dcd000 fffff88002dd8000 ws2ifsl ws2ifsl.sys
52 : fffff88002dd8000 fffff88002de1000 wfplwf wfplwf.sys
53 : fffff88002de1000 fffff88002df8000 inspect inspect.sys
54 : fffff88003000000 fffff88003083000 csc csc.sys
55 : fffff88003083000 fffff880030a1000 dfsc dfsc.sys
56 : fffff880030a1000 fffff880030b2000 blbdrive blbdrive.sys
57 : fffff880030b2000 fffff880030d8000 tunnel tunnel.sys
58 : fffff880030dc000 fffff8800312d000 rdbss rdbss.sys
59 : fffff8800312d000 fffff88003139000 nsiproxy nsiproxy.sys
5a : fffff88003139000 fffff88003144000 mssmbios mssmbios.sys
5b : fffff88003144000 fffff8800314f000 ElbyCDIO ElbyCDIO.sys
5c : fffff8800314f000 fffff880031c5000 eeCtrl64 eeCtrl64.sys
5d : fffff880031c5000 fffff880031ea000 EraserUtilRebootDrv EraserUtilRebootDrv.sys
5e : fffff880031ea000 fffff880031f9000 discache discache.sys
5f : fffff88003200000 fffff88003242000 asa2cm3v asa2cm3v.SYS
60 : fffff88003242000 fffff88003252000 CompositeBus CompositeBus.sys
61 : fffff88003259000 fffff88003f7f700 nvlddmkm nvlddmkm.sys
62 : fffff88003f80000 fffff88003f81180 nvBridge nvBridge.kmd
63 : fffff88003f82000 fffff88003f8e000 serenum serenum.sys
64 : fffff88003f8e000 fffff88003fb0000 AnyDVD AnyDVD.sys
65 : fffff88003fb0000 fffff88003fbe000 ElbyCDFL ElbyCDFL.sys
66 : fffff88003fbe000 fffff88003fcb000 GEARAspiWDM GEARAspiWDM.sys
67 : fffff88003fcb000 fffff88003fde000 GenericMount GenericMount.sys
68 : fffff88003fde000 fffff88003ff4000 AgileVpn AgileVpn.sys
69 : fffff88003ff4000 fffff88004000000 ndistapi ndistapi.sys
6a : fffff88004000000 fffff88004056000 USBPORT USBPORT.SYS
6b : fffff88004056000 fffff88004067000 usbehci usbehci.sys
6c : fffff88004067000 fffff88004076000 mouclass mouclass.sys
6d : fffff8800407c000 fffff88004170000 dxgkrnl dxgkrnl.sys
6e : fffff88004170000 fffff880041b6000 dxgmms1 dxgmms1.sys
6f : fffff880041b6000 fffff880041c3000 usbuhci usbuhci.sys
70 : fffff880041c3000 fffff880041e7000 HDAudBus HDAudBus.sys
71 : fffff880041e7000 fffff880041fb000 l160x64 l160x64.sys
72 : fffff88004200000 fffff8800420b000 VMkbd VMkbd.sys
73 : fffff88004214000 fffff88004391000 athrx athrx.sys
74 : fffff88004391000 fffff8800439e000 vwifibus vwifibus.sys
75 : fffff8800439e000 fffff880043ab000 fdc fdc.sys
76 : fffff880043ab000 fffff880043c8000 parport parport.sys
77 : fffff880043c8000 fffff880043d0000 ASACPI ASACPI.sys
78 : fffff880043d0000 fffff880043ee000 i8042prt i8042prt.sys
79 : fffff880043ee000 fffff880043fd000 kbdclass kbdclass.sys
7a : fffff88004400000 fffff88004420000 bthpan bthpan.sys
7b : fffff88004420000 fffff8800442c000 Dxapi Dxapi.sys
7c : fffff8800442c000 fffff8800443a000 monitor monitor.sys
7d : fffff8800443a000 fffff8800445d000 luafv luafv.sys
7e : fffff88004463000 fffff88004492000 ndiswan ndiswan.sys
7f : fffff88004492000 fffff880044ad000 raspppoe raspppoe.sys
80 : fffff880044ad000 fffff880044ce000 raspptp raspptp.sys
81 : fffff880044ce000 fffff880044e8000 rassstp rassstp.sys
82 : fffff880044e8000 fffff880044f5000 tap0901 tap0901.sys
83 : fffff880044f5000 fffff88004500000 hamachi hamachi.sys
84 : fffff88004500000 fffff8800450b000 rdpbus rdpbus.sys
85 : fffff8800450b000 fffff8800450c480 swenum swenum.sys
86 : fffff8800450d000 fffff88004550000 ks ks.sys
87 : fffff88004550000 fffff88004562000 umbus umbus.sys
88 : fffff88004562000 fffff8800456a000 vmnetadapter vmnetadapter.sys
89 : fffff8800456a000 fffff88004574000 VMNET VMNET.SYS
8a : fffff88004574000 fffff880045ce000 usbhub usbhub.sys
8b : fffff880045ce000 fffff880045d9000 flpydisk flpydisk.sys
8c : fffff880045d9000 fffff880045ee000 NDProxy NDProxy.SYS
8d : fffff88005000000 fffff88005010000 BthEnum BthEnum.sys
8e : fffff8800501a000 fffff88005241f80 RTKVHD64 RTKVHD64.sys
8f : fffff88005242000 fffff8800527f000 portcls portcls.sys
90 : fffff8800527f000 fffff880052a1000 drmk drmk.sys
91 : fffff880052a1000 fffff880052a6200 ksthunk ksthunk.sys
92 : fffff880052a7000 fffff880052b5000 crashdmp crashdmp.sys
93 : fffff880052b5000 fffff880052c1000 dump_ataport dump_ataport.sys
94 : fffff880052c1000 fffff880052ca000 dump_atapi dump_atapi.sys
95 : fffff880052ca000 fffff880052dd000 dump_dumpfve dump_dumpfve.sys
96 : fffff880052dd000 fffff880052fa000 usbccgp usbccgp.sys
97 : fffff880052fa000 fffff880052fbf00 USBD USBD.SYS
98 : fffff880052fc000 fffff8800530cd00 STREAM STREAM.SYS
99 : fffff8800530d000 fffff88005327c00 usbaudio usbaudio.sys
9a : fffff88005328000 fffff88005340000 BTHUSB BTHUSB.sys
9b : fffff88005340000 fffff880053cc000 bthport bthport.sys
9c : fffff880053cc000 fffff880053f8000 rfcomm rfcomm.sys
9d : fffff88005605000 fffff880057ff000 VX1000 VX1000.sys
9e : fffff88008800000 fffff8800880a000 vwifimp vwifimp.sys
9f : fffff8800880a000 fffff88008842000 RDPWD RDPWD.SYS
a0 : fffff8800886a000 fffff8800893c000 eamon eamon.sys
a1 : fffff8800893c000 fffff8800895d000 WudfPf WudfPf.sys
a2 : fffff8800895d000 fffff8800896d000 vmnetbridge vmnetbridge.sys
a3 : fffff8800896d000 fffff88008982000 lltdio lltdio.sys
a4 : fffff88008982000 fffff880089d5000 nwifi nwifi.sys
a5 : fffff880089d5000 fffff880089e8000 ndisuio ndisuio.sys
a6 : fffff880089e8000 fffff88008a00000 rspndr rspndr.sys
a7 : fffff8800942f000 fffff88009465000 fastfat fastfat.SYS
a8 : fffff88009e0b000 fffff88009ed3000 HTTP HTTP.sys
a9 : fffff88009ed3000 fffff88009ef1000 bowser bowser.sys
aa : fffff88009ef1000 fffff88009f09000 mpsdrv mpsdrv.sys
ab : fffff88009f09000 fffff88009f36000 mrxsmb mrxsmb.sys
ac : fffff88009f36000 fffff88009f83000 mrxsmb10 mrxsmb10.sys
ad : fffff88009f83000 fffff88009fa6000 mrxsmb20 mrxsmb20.sys
ae : fffff88009fa6000 fffff88009fb2000 hcmon hcmon.sys
af : fffff88009fb2000 fffff88009fca000 vmci vmci.sys
b0 : fffff88009fca000 fffff88009fd2000 VMparport VMparport.sys
b1 : fffff88009fd2000 fffff88009fe4000 tcpipreg tcpipreg.sys
b2 : fffff8800a400000 fffff8800a42d000 srvnet srvnet.sys
b3 : fffff8800a438000 fffff8800a50e000 vmx86 vmx86.sys
b4 : fffff8800a50e000 fffff8800a526000 adfs adfs.SYS
b5 : fffff8800a526000 fffff8800a546000 epfwwfpr epfwwfpr.sys
b6 : fffff8800a546000 fffff8800a54a280 mdmxsdk mdmxsdk.sys
b7 : fffff8800a54b000 fffff8800a5f1000 peauth peauth.sys
b8 : fffff8800a5f1000 fffff8800a5fc000 secdrv secdrv.SYS
b9 : fffff8800b600000 fffff8800b698000 srv srv.sys
ba : fffff8800b698000 fffff8800b6c9000 WUDFRd WUDFRd.sys
bb : fffff8800b6df000 fffff8800b6ff000 ENG64 ENG64.SYS
bc : fffff8800b72a000 fffff8800b739000 v2imount v2imount.sys
bd : fffff8800b739000 fffff8800b743000 vmnetuserif vmnetuserif.sys
be : fffff8800b743000 fffff8800b74f000 vstor2_ws60 vstor2-ws60.sys
bf : fffff8800b74f000 fffff8800b7b8000 srv2 srv2.sys
c0 : fffff8800b7b8000 fffff8800b7e6000 rdpdr rdpdr.sys
c1 : fffff8800b7e6000 fffff8800b7f1000 tdtcp tdtcp.sys
c2 : fffff8800b7f1000 fffff8800b800000 tssecsrv tssecsrv.sys
c3 : fffff960000d0000 fffff960003df000 win32k win32k.sys
c4 : fffff960004a0000 fffff960004aa000 TSDDD TSDDD.dll
c5 : fffff960006e0000 fffff96000707000 cdd cdd.dll  cdd.dll
c6 : fffff96000860000 fffff960008c1000 ATMFD ATMFD.DLL
0: kd> !for_each_module .echo @#ModuleName fver = @#FileVersion pver = @#ProductVersion
kdcom fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
hal fver =  pver =
nt fver =  pver =
CI fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
mcupdate fver =  pver =
PSHED fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
CLFS fver =  pver =
fltmgr fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
symsnap fver =  pver =
PCIIDEX fver =  pver =
mountmgr fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
atapi fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ataport fver =  pver =
amdxata fver =  pver =
fileinfo fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Wdf01000 fver = 1.9.7600.16385 (win7_rtm.090713-1255) pver = 1.9.7600.16385
WDFLDR fver =  pver =
pci fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
volmgr fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
volmgrx fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
partmgr fver =  pver =
splm fver =  pver =
WMILIB fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
SCSIPORT fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ACPI fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
msisadrv fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
vdrvroot fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
intelide fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
pciide fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
CLASSPNP fver =  pver =
Ntfs fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
fvevol fver =  pver =
disk fver =  pver =
msrpc fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ksecdd fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
cng fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
pcw fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Fs_Rec fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
fwpkclnt fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
volsnap fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
NETIO fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ksecpkg fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
vmstorfl fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
spldr fver =  pver =
speedfan fver =  pver =
mup fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
hwpolicy fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ndis fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rdyboost fver =  pver =
tcpip fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Npfs fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
tdx fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
TDI fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
cmdhlp fver =  pver =
rasl2tp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
cdrom fver =  pver =
cmdguard fver =  pver =
SRTSP64 fver =  pver =
Null fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Beep fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ehdrv fver =  pver =
vga fver =  pver =
VIDEOPRT fver =  pver =
watchdog fver =  pver =
RDPCDD fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rdpencdd fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rdprefmp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Msfs fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
EX64 fver =  pver =
SYMEVENT64x86 fver =  pver =
SRTSPX64 fver =  pver =
vwififlt fver =  pver =
netbios fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
serial fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
wanarp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
truecrypt fver =  pver =
termdd fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
SCDEmu fver =  pver =
intelppm fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
afd fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
netbt fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ws2ifsl fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
wfplwf fver =  pver =
inspect fver =  pver =
csc fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
dfsc fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
blbdrive fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
tunnel fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rdbss fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
nsiproxy fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
mssmbios fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ElbyCDIO fver =  pver =
eeCtrl64 fver =  pver =
EraserUtilRebootDrv fver =  pver =
discache fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
asa2cm3v fver =  pver =
CompositeBus fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
nvlddmkm fver =  pver =
nvBridge fver =  pver =
serenum fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
AnyDVD fver =  pver =
ElbyCDFL fver =  pver =
GEARAspiWDM fver =  pver =
GenericMount fver =  pver =
AgileVpn fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ndistapi fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
USBPORT fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
usbehci fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
mouclass fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
dxgkrnl fver =  pver =
dxgmms1 fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
usbuhci fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
HDAudBus fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
l160x64 fver =  pver =
VMkbd fver =  pver =
athrx fver =  pver =
vwifibus fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
fdc fver =  pver =
parport fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ASACPI fver =  pver =
i8042prt fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
kbdclass fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
bthpan fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Dxapi fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
monitor fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
luafv fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ndiswan fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
raspppoe fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
raspptp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rassstp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
tap0901 fver =  pver =
hamachi fver =  pver =
rdpbus fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
swenum fver =  pver =
ks fver =  pver =
umbus fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
vmnetadapter fver =  pver =
VMNET fver =  pver =
usbhub fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
flpydisk fver =  pver =
NDProxy fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
BthEnum fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
RTKVHD64 fver =  pver =
portcls fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
drmk fver =  pver =
ksthunk fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
crashdmp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
dump_ataport fver =  pver =
dump_atapi fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
dump_dumpfve fver =  pver =
usbccgp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
USBD fver =  pver =
STREAM fver =  pver =
usbaudio fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
BTHUSB fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
bthport fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rfcomm fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
VX1000 fver =  pver =
vwifimp fver =  pver =
RDPWD fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
eamon fver =  pver =
WudfPf fver =  pver =
vmnetbridge fver =  pver =
lltdio fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
nwifi fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ndisuio fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rspndr fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
fastfat fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
HTTP fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
bowser fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
mpsdrv fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
mrxsmb fver =  pver =
mrxsmb10 fver =  pver =
mrxsmb20 fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
hcmon fver =  pver =
vmci fver =  pver =
VMparport fver =  pver =
tcpipreg fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
srvnet fver =  pver =
vmx86 fver =  pver =
adfs fver =  pver =
epfwwfpr fver =  pver =
mdmxsdk fver =  pver =
peauth fver =  pver =
secdrv fver =  pver =
srv fver =  pver =
WUDFRd fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ENG64 fver =  pver =
v2imount fver =  pver =
vmnetuserif fver =  pver =
vstor2_ws60 fver =  pver =
srv2 fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rdpdr fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
tdtcp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
tssecsrv fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
win32k fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
TSDDD fver =  pver =
cdd fver =  pver =
ATMFD fver =  pver =
0: kd> lmntsm
start             end                 module name
fffff880`01182000 fffff880`011d9000   ACPI     ACPI.sys     Mon Jul 13 19:19:34 2009 (4A5BC106)
fffff880`0a50e000 fffff880`0a526000   adfs     adfs.SYS     Thu Jun 26 16:52:37 2008 (48640195)
fffff880`02cfe000 fffff880`02d88000   afd      afd.sys      Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`03fde000 fffff880`03ff4000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`00e5d000 fffff880`00e68000   amdxata  amdxata.sys  Tue May 19 13:56:59 2009 (4A12F2EB)
fffff880`03f8e000 fffff880`03fb0000   AnyDVD   AnyDVD.sys   Sat Oct 17 10:28:35 2009 (4AD9D493)
fffff880`03200000 fffff880`03242000   asa2cm3v asa2cm3v.SYS Tue Apr 07 12:07:00 2009 (49DB7A24)
fffff880`043c8000 fffff880`043d0000   ASACPI   ASACPI.sys   Sun Mar 27 22:30:36 2005 (42476C4C)
fffff880`00e2a000 fffff880`00e33000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`00e33000 fffff880`00e5d000   ataport  ataport.SYS  Mon Jul 13 19:19:52 2009 (4A5BC118)
fffff880`04214000 fffff880`04391000   athrx    athrx.sys    Mon Oct 05 12:33:57 2009 (4ACA1FF5)
fffff960`00860000 fffff960`008c1000   ATMFD    ATMFD.DLL    Thu Jul 30 01:07:22 2009 (4A712A8A)
fffff880`0296c000 fffff880`02973000   Beep     Beep.SYS     Mon Jul 13 20:00:13 2009 (4A5BCA8D)
fffff880`030a1000 fffff880`030b2000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`09ed3000 fffff880`09ef1000   bowser   bowser.sys   Mon Jul 13 19:23:50 2009 (4A5BC206)
fffff880`05000000 fffff880`05010000   BthEnum  BthEnum.sys  Mon Jul 13 20:06:52 2009 (4A5BCC1C)
fffff880`04400000 fffff880`04420000   bthpan   bthpan.sys   Mon Jul 13 20:07:00 2009 (4A5BCC24)
fffff880`05340000 fffff880`053cc000   bthport  bthport.sys  Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`05328000 fffff880`05340000   BTHUSB   BTHUSB.sys   Mon Jul 13 20:06:52 2009 (4A5BCC1C)
fffff960`006e0000 fffff960`00707000   cdd      cdd.dll      Mon Jul 13 21:25:40 2009 (4A5BDE94)
fffff880`02884000 fffff880`028ae000   cdrom    cdrom.sys    Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`00c00000 fffff880`00cc0000   CI       CI.dll       Mon Jul 13 21:32:13 2009 (4A5BE01D)
fffff880`01200000 fffff880`01230000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00d1e000 fffff880`00d7c000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`028ae000 fffff880`028cf000   cmdguard cmdguard.sys Thu Jan 28 16:22:16 2010 (4B620008)
fffff880`0283c000 fffff880`02847000   cmdhlp   cmdhlp.sys   Mon Jan 25 11:27:10 2010 (4B5DC65E)
fffff880`014d3000 fffff880`01546000   cng      cng.sys      Mon Jul 13 19:49:40 2009 (4A5BC814)
fffff880`03242000 fffff880`03252000   CompositeBus CompositeBus.sys Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`052a7000 fffff880`052b5000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`03000000 fffff880`03083000   csc      csc.sys      Mon Jul 13 19:24:26 2009 (4A5BC22A)
fffff880`03083000 fffff880`030a1000   dfsc     dfsc.sys     Mon Jul 13 19:23:44 2009 (4A5BC200)
fffff880`031ea000 fffff880`031f9000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`0143a000 fffff880`01450000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`0527f000 fffff880`052a1000   drmk     drmk.sys     Mon Jul 13 21:01:25 2009 (4A5BD8E5)
fffff880`052c1000 fffff880`052ca000   dump_atapi dump_atapi.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`052b5000 fffff880`052c1000   dump_ataport dump_ataport.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`052ca000 fffff880`052dd000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
fffff880`04420000 fffff880`0442c000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`0407c000 fffff880`04170000   dxgkrnl  dxgkrnl.sys  Thu Oct 01 21:00:14 2009 (4AC5509E)
fffff880`04170000 fffff880`041b6000   dxgmms1  dxgmms1.sys  Mon Jul 13 19:38:32 2009 (4A5BC578)
fffff880`0886a000 fffff880`0893c000   eamon    eamon.sys    Mon Nov 16 02:51:14 2009 (4B010472)
fffff880`0314f000 fffff880`031c5000   eeCtrl64 eeCtrl64.sys Mon Aug 17 19:05:31 2009 (4A89E23B)
fffff880`02973000 fffff880`02996000   ehdrv    ehdrv.sys    Mon Nov 16 02:51:48 2009 (4B010494)
fffff880`03fb0000 fffff880`03fbe000   ElbyCDFL ElbyCDFL.sys Thu Dec 14 16:22:27 2006 (4581C093)
fffff880`03144000 fffff880`0314f000   ElbyCDIO ElbyCDIO.sys Sat Sep 26 13:57:36 2009 (4ABE5610)
fffff880`0b6df000 fffff880`0b6ff000   ENG64    ENG64.SYS    Wed Jan 06 17:14:39 2010 (4B450B4F)
fffff880`0a526000 fffff880`0a546000   epfwwfpr epfwwfpr.sys Mon Nov 16 02:46:31 2009 (4B010357)
fffff880`031c5000 fffff880`031ea000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Mon Aug 17 19:05:31 2009 (4A89E23B)
fffff880`02a00000 fffff880`02bad000   EX64     EX64.SYS     Wed Jan 06 17:23:25 2010 (4B450D5D)
fffff880`0942f000 fffff880`09465000   fastfat  fastfat.SYS  Mon Jul 13 19:23:28 2009 (4A5BC1F0)
fffff880`0439e000 fffff880`043ab000   fdc      fdc.sys      Mon Jul 13 20:00:54 2009 (4A5BCAB6)
fffff880`00e68000 fffff880`00e7c000   fileinfo fileinfo.sys Mon Jul 13 19:34:25 2009 (4A5BC481)
fffff880`045ce000 fffff880`045d9000   flpydisk flpydisk.sys Mon Jul 13 20:00:54 2009 (4A5BCAB6)
fffff880`00d7c000 fffff880`00dc8000   fltmgr   fltmgr.sys   Mon Jul 13 19:19:59 2009 (4A5BC11F)
fffff880`01557000 fffff880`01561000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:19:45 2009 (4A5BC111)
fffff880`01400000 fffff880`0143a000   fvevol   fvevol.sys   Mon Jul 13 19:22:15 2009 (4A5BC1A7)
fffff880`01561000 fffff880`015ab000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:21:08 2009 (4A5BC164)
fffff880`03fbe000 fffff880`03fcb000   GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:17:04 2009 (4A1151C0)
fffff880`03fcb000 fffff880`03fde000   GenericMount GenericMount.sys Fri Aug 28 18:59:50 2009 (4A986166)
fffff800`0280b000 fffff800`02854000   hal      hal.dll      Thu Jul 23 06:06:09 2009 (4A683611)
fffff880`044f5000 fffff880`04500000   hamachi  hamachi.sys  Thu Feb 19 05:36:41 2009 (499D3639)
fffff880`09fa6000 fffff880`09fb2000   hcmon    hcmon.sys    Thu Oct 22 06:00:49 2009 (4AE02D51)
fffff880`041c3000 fffff880`041e7000   HDAudBus HDAudBus.sys Mon Jul 13 20:06:13 2009 (4A5BCBF5)
fffff880`09e0b000 fffff880`09ed3000   HTTP     HTTP.sys     Mon Jul 13 19:22:16 2009 (4A5BC1A8)
fffff880`016bc000 fffff880`016c5000   hwpolicy hwpolicy.sys Mon Jul 13 19:19:22 2009 (4A5BC0FA)
fffff880`043d0000 fffff880`043ee000   i8042prt i8042prt.sys Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`02de1000 fffff880`02df8000   inspect  inspect.sys  Mon Jan 25 11:27:51 2010 (4B5DC687)
fffff880`011f0000 fffff880`011f8000   intelide intelide.sys Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`02cca000 fffff880`02ce0000   intelppm intelppm.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`043ee000 fffff880`043fd000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff800`02617000 fffff800`02621000   kdcom    kdcom.dll    Mon Jul 13 21:31:07 2009 (4A5BDFDB)
fffff880`0450d000 fffff880`04550000   ks       ks.sys       Mon Jul 13 20:00:31 2009 (4A5BCA9F)
fffff880`014b9000 fffff880`014d3000   ksecdd   ksecdd.sys   Mon Jul 13 19:20:54 2009 (4A5BC156)
fffff880`01660000 fffff880`0168b000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:50:34 2009 (4A5BC84A)
fffff880`052a1000 fffff880`052a6200   ksthunk  ksthunk.sys  Mon Jul 13 20:00:19 2009 (4A5BCA93)
fffff880`041e7000 fffff880`041fb000   l160x64  l160x64.sys  Mon Oct 12 22:08:28 2009 (4AD3E11C)
fffff880`0896d000 fffff880`08982000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`0443a000 fffff880`0445d000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`00cc6000 fffff880`00d0a000   mcupdate mcupdate.dll Mon Jul 13 21:29:10 2009 (4A5BDF66)
fffff880`0a546000 fffff880`0a54a280   mdmxsdk  mdmxsdk.sys  Mon Jun 19 17:27:26 2006 (449716BE)
fffff880`0442c000 fffff880`0443a000   monitor  monitor.sys  Mon Jul 13 19:38:52 2009 (4A5BC58C)
fffff880`04067000 fffff880`04076000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`00e10000 fffff880`00e2a000   mountmgr mountmgr.sys Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`09ef1000 fffff880`09f09000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`09f09000 fffff880`09f36000   mrxsmb   mrxsmb.sys   Thu Jan 07 22:38:26 2010 (4B46A8B2)
fffff880`09f36000 fffff880`09f83000   mrxsmb10 mrxsmb10.sys Thu Jan 07 22:38:32 2010 (4B46A8B8)
fffff880`09f83000 fffff880`09fa6000   mrxsmb20 mrxsmb20.sys Mon Jul 13 19:24:05 2009 (4A5BC215)
fffff880`029f4000 fffff880`029ff000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`011d9000 fffff880`011e3000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`0145b000 fffff880`014b9000   msrpc    msrpc.sys    Mon Jul 13 19:21:32 2009 (4A5BC17C)
fffff880`03139000 fffff880`03144000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`016aa000 fffff880`016bc000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`016c9000 fffff880`017bb000   ndis     ndis.sys     Mon Jul 13 19:21:40 2009 (4A5BC184)
fffff880`03ff4000 fffff880`04000000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`089d5000 fffff880`089e8000   ndisuio  ndisuio.sys  Mon Jul 13 20:09:25 2009 (4A5BCCB5)
fffff880`04463000 fffff880`04492000   ndiswan  ndiswan.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`045d9000 fffff880`045ee000   NDProxy  NDProxy.SYS  Mon Jul 13 20:10:05 2009 (4A5BCCDD)
fffff880`02c16000 fffff880`02c25000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`02d88000 fffff880`02dcd000   netbt    netbt.sys    Mon Jul 13 19:21:28 2009 (4A5BC178)
fffff880`01600000 fffff880`01660000   NETIO    NETIO.SYS    Mon Jul 13 19:21:46 2009 (4A5BC18A)
fffff880`02800000 fffff880`02811000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`0312d000 fffff880`03139000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff800`02854000 fffff800`02e31000   nt       ntoskrnl.exe Thu Jul 23 02:45:06 2009 (4A6806F2)
fffff880`01258000 fffff880`013fb000   Ntfs     Ntfs.sys     Mon Jul 13 19:20:47 2009 (4A5BC14F)
fffff880`02963000 fffff880`0296c000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`03f80000 fffff880`03f81180   nvBridge nvBridge.kmd Mon Jan 11 23:58:35 2010 (4B4C017B)
fffff880`03259000 fffff880`03f7f700   nvlddmkm nvlddmkm.sys Tue Jan 12 00:26:35 2010 (4B4C080B)
fffff880`08982000 fffff880`089d5000   nwifi    nwifi.sys    Mon Jul 13 20:07:23 2009 (4A5BCC3B)
fffff880`043ab000 fffff880`043c8000   parport  parport.sys  Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`01000000 fffff880`01015000   partmgr  partmgr.sys  Mon Jul 13 19:19:58 2009 (4A5BC11E)
fffff880`00f53000 fffff880`00f86000   pci      pci.sys      Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`011f8000 fffff880`011ff000   pciide   pciide.sys   Mon Jul 13 19:19:49 2009 (4A5BC115)
fffff880`00e00000 fffff880`00e10000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`01546000 fffff880`01557000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`0a54b000 fffff880`0a5f1000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`05242000 fffff880`0527f000   portcls  portcls.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
fffff880`00d0a000 fffff880`00d1e000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`02847000 fffff880`0286b000   rasl2tp  rasl2tp.sys  Mon Jul 13 20:10:11 2009 (4A5BCCE3)
fffff880`04492000 fffff880`044ad000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`044ad000 fffff880`044ce000   raspptp  raspptp.sys  Mon Jul 13 20:10:18 2009 (4A5BCCEA)
fffff880`044ce000 fffff880`044e8000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`030dc000 fffff880`0312d000   rdbss    rdbss.sys    Mon Jul 13 19:24:09 2009 (4A5BC219)
fffff880`04500000 fffff880`0450b000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
fffff880`029d9000 fffff880`029e2000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`0b7b8000 fffff880`0b7e6000   rdpdr    rdpdr.sys    Mon Jul 13 20:18:02 2009 (4A5BCEBA)
fffff880`029e2000 fffff880`029eb000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`029eb000 fffff880`029f4000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`0880a000 fffff880`08842000   RDPWD    RDPWD.SYS    Mon Jul 13 20:16:47 2009 (4A5BCE6F)
fffff880`017bb000 fffff880`017f5000   rdyboost rdyboost.sys Mon Jul 13 19:34:34 2009 (4A5BC48A)
fffff880`053cc000 fffff880`053f8000   rfcomm   rfcomm.sys   Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`089e8000 fffff880`08a00000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`0501a000 fffff880`05241f80   RTKVHD64 RTKVHD64.sys Mon Feb 08 05:24:50 2010 (4B6FE672)
fffff880`02cb1000 fffff880`02cca000   SCDEmu   SCDEmu.SYS   Fri Oct 31 02:56:21 2008 (490AAC15)
fffff880`01153000 fffff880`01182000   SCSIPORT SCSIPORT.SYS Mon Jul 13 20:01:04 2009 (4A5BCAC0)
fffff880`0a5f1000 fffff880`0a5fc000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`03f82000 fffff880`03f8e000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`02c25000 fffff880`02c42000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`016a3000 fffff880`016aa000   speedfan speedfan.sys Sun Sep 24 09:26:48 2006 (45168798)
fffff880`0169b000 fffff880`016a3000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`01016000 fffff880`0114a000   splm     splm.sys     Sun Mar 22 08:35:35 2009 (49C63097)
fffff880`028cf000 fffff880`02943000   SRTSP64  SRTSP64.SYS  Mon Aug 10 23:30:48 2009 (4A80E5E8)
fffff880`02be9000 fffff880`02bfd000   SRTSPX64 SRTSPX64.SYS Mon Aug 10 23:31:44 2009 (4A80E620)
fffff880`0b600000 fffff880`0b698000   srv      srv.sys      Tue Dec 08 03:32:55 2009 (4B1E0F37)
fffff880`0b74f000 fffff880`0b7b8000   srv2     srv2.sys     Mon Jul 13 19:25:02 2009 (4A5BC24E)
fffff880`0a400000 fffff880`0a42d000   srvnet   srvnet.sys   Tue Dec 08 03:32:26 2009 (4B1E0F1A)
fffff880`052fc000 fffff880`0530cd00   STREAM   STREAM.SYS   Mon Jul 13 20:06:18 2009 (4A5BCBFA)
fffff880`0450b000 fffff880`0450c480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`02bb3000 fffff880`02be9000   SYMEVENT64x86 SYMEVENT64x86.SYS Wed Jun 24 16:19:12 2009 (4A428A40)
fffff880`00dc8000 fffff880`00df6000   symsnap  symsnap.sys  Tue Sep 15 17:02:11 2009 (4AB000D3)
fffff880`044e8000 fffff880`044f5000   tap0901  tap0901.sys  Thu Jul 16 05:20:25 2009 (4A5EF0D9)
fffff880`01802000 fffff880`019ff000   tcpip    tcpip.sys    Mon Jul 13 19:25:34 2009 (4A5BC26E)
fffff880`09fd2000 fffff880`09fe4000   tcpipreg tcpipreg.sys Mon Jul 13 20:09:49 2009 (4A5BCCCD)
fffff880`0282f000 fffff880`0283c000   TDI      TDI.SYS      Mon Jul 13 19:21:18 2009 (4A5BC16E)
fffff880`0b7e6000 fffff880`0b7f1000   tdtcp    tdtcp.sys    Mon Jul 13 20:16:32 2009 (4A5BCE60)
fffff880`02811000 fffff880`0282f000   tdx      tdx.sys      Mon Jul 13 19:21:15 2009 (4A5BC16B)
fffff880`02c9d000 fffff880`02cb1000   termdd   termdd.sys   Mon Jul 13 20:16:36 2009 (4A5BCE64)
fffff880`02c5d000 fffff880`02c9d000   truecrypt truecrypt.sys Mon Nov 23 12:22:57 2009 (4B0AC4F1)
fffff960`004a0000 fffff960`004aa000   TSDDD    TSDDD.dll    Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`0b7f1000 fffff880`0b800000   tssecsrv tssecsrv.sys Mon Jul 13 20:16:41 2009 (4A5BCE69)
fffff880`030b2000 fffff880`030d8000   tunnel   tunnel.sys   Mon Jul 13 20:09:37 2009 (4A5BCCC1)
fffff880`04550000 fffff880`04562000   umbus    umbus.sys    Mon Jul 13 20:06:56 2009 (4A5BCC20)
fffff880`0530d000 fffff880`05327c00   usbaudio usbaudio.sys Mon Jul 13 20:06:31 2009 (4A5BCC07)
fffff880`052dd000 fffff880`052fa000   usbccgp  usbccgp.sys  Mon Jul 13 20:06:45 2009 (4A5BCC15)
fffff880`052fa000 fffff880`052fbf00   USBD     USBD.SYS     Mon Jul 13 20:06:23 2009 (4A5BCBFF)
fffff880`04056000 fffff880`04067000   usbehci  usbehci.sys  Mon Jul 13 20:06:30 2009 (4A5BCC06)
fffff880`04574000 fffff880`045ce000   usbhub   usbhub.sys   Mon Jul 13 20:07:09 2009 (4A5BCC2D)
fffff880`04000000 fffff880`04056000   USBPORT  USBPORT.SYS  Mon Jul 13 20:06:31 2009 (4A5BCC07)
fffff880`041b6000 fffff880`041c3000   usbuhci  usbuhci.sys  Mon Jul 13 20:06:27 2009 (4A5BCC03)
fffff880`0b72a000 fffff880`0b739000   v2imount v2imount.sys Wed Dec 12 14:08:40 2007 (476031B8)
fffff880`011e3000 fffff880`011f0000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`02996000 fffff880`029a4000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`029a4000 fffff880`029c9000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`09fb2000 fffff880`09fca000   vmci     vmci.sys     Thu Oct 22 05:26:48 2009 (4AE02558)
fffff880`04200000 fffff880`0420b000   VMkbd    VMkbd.sys    Thu Oct 22 06:51:05 2009 (4AE03919)
fffff880`0456a000 fffff880`04574000   VMNET    VMNET.SYS    Mon Aug 10 08:04:50 2009 (4A800CE2)
fffff880`04562000 fffff880`0456a000   vmnetadapter vmnetadapter.sys Mon Aug 10 08:04:53 2009 (4A800CE5)
fffff880`0895d000 fffff880`0896d000   vmnetbridge vmnetbridge.sys Mon Aug 10 08:05:58 2009 (4A800D26)
fffff880`0b739000 fffff880`0b743000   vmnetuserif vmnetuserif.sys Thu Oct 22 06:17:07 2009 (4AE03123)
fffff880`09fca000 fffff880`09fd2000   VMparport VMparport.sys Thu Oct 22 05:24:21 2009 (4AE024C5)
fffff880`0168b000 fffff880`0169b000   vmstorfl vmstorfl.sys Mon Jul 13 19:42:54 2009 (4A5BC67E)
fffff880`0a438000 fffff880`0a50e000   vmx86    vmx86.sys    Thu Oct 22 07:36:57 2009 (4AE043D9)
fffff880`00f86000 fffff880`00f9b000   volmgr   volmgr.sys   Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`00f9b000 fffff880`00ff7000   volmgrx  volmgrx.sys  Mon Jul 13 19:20:33 2009 (4A5BC141)
fffff880`015ab000 fffff880`015f7000   volsnap  volsnap.sys  Mon Jul 13 19:20:08 2009 (4A5BC128)
fffff880`0b743000 fffff880`0b74f000   vstor2_ws60 vstor2-ws60.sys Mon Oct 12 17:06:26 2009 (4AD39A52)
fffff880`04391000 fffff880`0439e000   vwifibus vwifibus.sys Mon Jul 13 20:07:21 2009 (4A5BCC39)
fffff880`02c00000 fffff880`02c16000   vwififlt vwififlt.sys Mon Jul 13 20:07:22 2009 (4A5BCC3A)
fffff880`08800000 fffff880`0880a000   vwifimp  vwifimp.sys  Mon Jul 13 20:07:28 2009 (4A5BCC40)
fffff880`05605000 fffff880`057ff000   VX1000   VX1000.sys   Mon Apr 27 21:55:28 2009 (49F66210)
fffff880`02c42000 fffff880`02c5d000   wanarp   wanarp.sys   Mon Jul 13 20:10:21 2009 (4A5BCCED)
fffff880`029c9000 fffff880`029d9000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`00ea0000 fffff880`00f44000   Wdf01000 Wdf01000.sys Mon Jul 13 19:22:07 2009 (4A5BC19F)
fffff880`00f44000 fffff880`00f53000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:19:54 2009 (4A5BC11A)
fffff880`02dd8000 fffff880`02de1000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff960`000d0000 fffff960`003df000   win32k   win32k.sys   Mon Jul 13 19:40:16 2009 (4A5BC5E0)
fffff880`0114a000 fffff880`01153000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`02dcd000 fffff880`02dd8000   ws2ifsl  ws2ifsl.sys  Mon Jul 13 20:10:33 2009 (4A5BCCF9)
fffff880`0893c000 fffff880`0895d000   WudfPf   WudfPf.sys   Mon Jul 13 20:05:37 2009 (4A5BCBD1)
fffff880`0b698000 fffff880`0b6c9000   WUDFRd   WUDFRd.sys   Mon Jul 13 20:06:06 2009 (4A5BCBEE)

Unloaded modules:
fffff880`09499000 fffff880`094a6000   GPU-Z.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0948c000 fffff880`09499000   GPU-Z.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0947f000 fffff880`0948c000   GPU-Z.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`09472000 fffff880`0947f000   GPU-Z.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`09465000 fffff880`09472000   GPU-Z.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0b70c000 fffff880`0b727000   USBSTOR.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`094fc000 fffff880`0956d000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`094be000 fffff880`0952f000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0b6ff000 fffff880`0b70c000   GPU-Z.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`094c2000 fffff880`09533000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`02943000 fffff880`02963000   ENG64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`02a06000 fffff880`02bb3000   EX64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0b6d6000 fffff880`0b6df000   psi_mf.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0922b000 fffff880`0929c000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0b6c9000 fffff880`0b6d6000   GPU-Z.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0b6b9000 fffff880`0b72a000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`01230000 fffff880`0123e000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`0123e000 fffff880`0124a000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`017f5000 fffff880`017fe000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
fffff880`00e7c000 fffff880`00e8f000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000


[/font]
```


----------



## Searinox (Nov 21, 2008)

*Re: BSOD cdd.dll*

Apologies... I forgot to update my profile. I am using Windows 7 now not Vista. I was looking over the internet and a lot of threads complaining about this error specified that it happens when exiting a game or alt-tabbing out of one, an action which changes the screen mode. Only ONE of the threads ended up with a result. The person like me was an NVIDIA user.

I was using the drivers released last month. Just between my first post and this one I did a clean uninstall, deleting anything nvidia from system32, drivers, program files and x86 aswell as programdata and even hklm/system/ccs/services. There were a lot of leftovers aswell as the driver uninstall folder having corrupt permissions.

I then did a clean install of the latest drivers and re-checked with Portal, alt+tabbing heavily in and out of the game, changing display settings to force it to reproduce some scenarios, and I didn't have a crash.

The reason why I am so interested about this specific issue is because 110 days ago I got a bluescreen after playing resident evil 5. About 4 days ago I had another while being away and now I had this one today. NONE of the previous ones specified any file nor made a minidump or even an event in the system log. THIS is the first BSOD I have actual documentation on so I appreciate if you could squeeze as much as you can out of that minidump!

Also Windows came out genuine, but sfc /scannow said it found and fixed some files. Log included in post.

*EDIT: The corrupt files are files I REMOVED myself from the system after uninstalling nvidia. That's probably what caused it.*

Why on earth would my kernel files have symbols on MS' server?! Have you run bugchecks on win7 x64 before and they had correct symbols on the site? Should I be checking any core file's hash or version for you?


----------



## jcgriff2 (Sep 30, 2007)

*Re: BSOD cdd.dll*



Searinox said:


> *EDIT: The corrupt files are files I REMOVED myself from the system after uninstalling nvidia. That's probably what caused it.*
> 
> Why on earth would my kernel files have symbols on MS' server?! Have you run bugchecks on win7 x64 before and they had correct symbols on the site? Should I be checking any core file's hash or version for you?


Have I run Windows 7 dumps before and found correct symbols?

Yes - a conservative estimate = 25,000 kernel dump files to date.

The symbol files come directly from Microsoft and are for Microsoft modules only. They have nothing to to with NVIDIA or any other 3rd party drivers. I use the MSDL SYM site - meaning that whatever dump file that I am running, if the symbol files are not found on my system in the location that I enter into the debugger, it reaches out to Microsoft MSDL SYM site and downloads whatever symbol files it needs. 

I work on mostly Windows 7 & Vista, but in the last 24 hours have processed dumps for XP, XP x64, Server 2003, Vista and Windows 7. So, it does not matter what OS you are running at the time the debugger kicks off, nor do I need to know the OS before hand.

If you'll take note of my last post, "Windows 7 x64" is mentioned; not Vista, except a typo re: Validation. I wrote - 


jcgriff2 said:


> Validate your Vista SP2 installation at the Microsoft Genuine Advantage site.
> 
> WGA --> www.microsoft.com/genuine


If you go to the WGA site, it will validate Windows 7 along with Vista, XP and Microsoft Office.

I do not have an explanation for you as to why the NT Kernel is not recognized. Per Windbg, a match for * ntoskrnl.exe* cannot be found -

```
[FONT=Lucida Console]Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
[/FONT]
```
`

Without symbol files, the results derived from processing the dumps is not reliable.

Regards. . .

jcgriff2

.


----------



## Searinox (Nov 21, 2008)

*Re: BSOD cdd.dll*

What is ntoskrnl.exe's version supposed to be, and is it the only file the symbol server can't identify? I have all Windows Updates installed and considering that, what should the versions be?

IMPORTANT!

I believe I know what went wrong here with ntoskrnl. A short while after Win7's final release "unconfirmed updates" to the kernel were circulating among various techie forums. One of them updates changes ntoskrnl to 7600.16399. I believed I had removed all of them but I seem to be wrong. So ntoskrnl timestamped 16399 compared to 16481 on my VM(which also has latest updates except never had those packs installed).

Would obtaining an up to date version and simply replacing the current one be enough? This system has 2 ntoskrnls, one in syswow64 and one in system32, most likely one is 64 the other 32.

In the meantime I also updated DirectX.


----------



## jcgriff2 (Sep 30, 2007)

*Re: BSOD cdd.dll*



Searinox said:


> What is ntoskrnl.exe's version supposed to be, and is it the only file the symbol server can't identify? I have all Windows Updates installed and considering that, what should the versions be?


This is NT in your system - 

```
[FONT=Lucida Console]
  nt       ntoskrnl.exe Thu [COLOR=Red]Jul 23[/COLOR] 02:45:06 [color=red]2009[/color] (4A6806F2)
[/FONT]
```

The Windows 7 x64 system that I am on right now - 


```
[font=lucida console]  
   4692448    3/2/2009      21:02:30  "c:\symbols\ntoskrnl.exe\49AC93E1518000\ntoskrnl.exe"
   4698168    8/4/2009      05:47:30  "c:\symbols\ntoskrnl.exe\4A7801EB518000\ntoskrnl.exe"
[color=red]   5511248   7/13/2009      20:48:28  "c:\Windows\System32\ntoskrnl.exe"[/color]
   3899472   7/13/2009      20:20:44  "c:\Windows\SysWOW64\ntoskrnl.exe"
   5511248   7/13/2009      20:48:28  "c:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe"
   3899472   7/13/2009      20:20:44  "c:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe"

[/font]
```
`

Run the command to obtain the output as I did above - 
START | type *cmd.exe * | RIGHT-click on cmd.exe | "Run as Administrator" | type/ paste the following - 

```
[font=lucida console]  
where /r c:\ /f /t ntoskrnl.* > 0 & start notepad 0[/font]
```
A Notepad will open with the results.

For info, I am running Windows 7 Ultimate RTM x64, full retail version.

Regards. . .

jcgriff2

.


----------



## jcgriff2 (Sep 30, 2007)

*Re: BSOD cdd.dll*



Searinox said:


> What is ntoskrnl.exe's version supposed to be, and is it the only file the symbol server can't identify? I have all Windows Updates installed and considering that, what should the versions be?
> 
> IMPORTANT!
> 
> ...


`

I just saw your edit after submitting my last post.

The only place you should be obtaining updates to Windows OS components is from Windows Updates - 

www.update.microsoft.com

Furthermore, there are NO Service Packs for Windows 7 - yet.

There is little choice for you at this time as you have a patched NT Kernel.

Re-install Windows 7.

\system32 = x64
\syswow64 = x86

Regards. . .

jcgriff2

.


----------



## Searinox (Nov 21, 2008)

*Re: BSOD cdd.dll*

It was the only time I ever did something like this instead of obtaining official updates. I am still hoping of identifying the patch that did this and uninstalling it in order to revert to an official kernel. In the event that I cannot, please do tell me if simply overwriting my ntoskrnl.exe files with the official ones would solve the issue.

5511240 23/07/2009 12:18:36 "c:\Windows\System32\ntoskrnl.exe"
3899464 23/07/2009 11:28:56 "c:\Windows\SysWOW64\ntoskrnl.exe"
5511248 14/07/2009 03:48:28 "c:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe"
5511240 23/07/2009 12:18:36 "c:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16399_none_c81e8483cdd89a5c\ntoskrnl.exe"
5511240 23/07/2009 12:18:41 "c:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20495_none_c8a42026e6f9d4ca\ntoskrnl.exe"
3899472 14/07/2009 03:20:44 "c:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe"
3899464 23/07/2009 11:28:56 "c:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16399_none_6bffe900157b2926\ntoskrnl.exe"
3899480 23/07/2009 11:53:17 "c:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20495_none_6c8584a32e9c6394\ntoskrnl.exe"

*EDIT: I have a friend who has windows 7 ultimate 64 also and checked his ntoskrnl files, both of them are 16385. He claims to have made every update that was released. Can you confirm this number to me? *


----------



## DT Roberts (Jun 22, 2009)

*Re: BSOD cdd.dll*



Searinox said:


> It was the only time I ever did something like this instead of obtaining official updates. I am still hoping of identifying the patch that did this and uninstalling it in order to revert to an official kernel. In the event that I cannot, please do tell me if simply overwriting my ntoskrnl.exe files with the official ones would solve the issue.
> 
> 5511240 23/07/2009 12:18:36 "c:\Windows\System32\ntoskrnl.exe"
> 3899464 23/07/2009 11:28:56 "c:\Windows\SysWOW64\ntoskrnl.exe"
> ...


*7600.13865* is in fact the current version. I'm not sure it's as easy as overwriting the file; you'll need to reinstall Windows.


----------



## Searinox (Nov 21, 2008)

*Re: BSOD cdd.dll*

I actually managed to copy the old files on the DVD over the current ones after shutting down windows and it seems to have worked with no problems! I found 3 files affected by the update, notepad, hal.dll and ntoskrn. I made sure I replace them in windows' root, sys32 and 64, aswell as keeping their permissions intact and owner set to TrustedInstaller. It seems to have worked and I should be able to produce valid dumps in the future!

I am currently doing a registry search to see any values such as BuildLabEx that may have remained set to 16399 but once ntoskrnl was replaced they seem to have toggled themselves back to 16385 on their own!

Please tell me what that list of files represents anyway, and which I should delete in order to prevent sfc /scannow in the future from replacing my current kernel back with the new one.

Already by scanning the new, official ntoskrnl I can tell that CBS detects the modification. How do I trick it into not seeing it anymore? Log attached.

*CSI 0000000b Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16399_none_c81e8483cdd89a5c\ntoskrnl.exe do not match actual file [l:24{12}]"ntoskrnl.exe"*

If I delete that one file from winsxs will it stay quiet?

Apparently bootmgr from System Reserved and a few other files also got touched by these updates. I will proceed in downgrading them shortly.


----------



## Searinox (Nov 21, 2008)

*Re: BSOD cdd.dll*

Based on this post http://www.mydigitallife.info/2009/...ild-version-to-7600-16399-at-win7_gdr-branch/ I was able to identify the unofficial updates I downloaded and installed on that day. The offending build numbers are: 16399-16401 and 20495-20498.

Of these build numbers 16399 modified 7 components in windows and 20498 modified 4. I have finished restoring the components modified by 16399 I will now proceed with those in 20498. 16399 modified the kernel and bootloader, 20498 appears to have modified the GDI.

I will edit this post once I have finished the restoration. Please tell me if deleting these build backups from WinSxS stops Windows from flagging them with SFC.


----------



## Searinox (Nov 21, 2008)

*Re: BSOD cdd.dll*

I have completed restoring all the files those updates threw out of sync. Furthermore I moved their backup copies out of winsxs, preventing any further restoration by SFC. But I have a problem before I go on. Scanning the folder with SFC brings about this error:

2010-03-04 21:25:33, Info CSI 00000015 [SR] Verifying 1 components
2010-03-04 21:25:33, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2010-03-04 21:25:33, Error CSI 00000017 (F) STATUS_OBJECT_NAME_NOT_FOUND #1423# from Windows::Rtl::SystemImplementation:irectFileSystemProvider::SysCreateFile(flags = (AllowSharingViolation), handle = {provider=NULL, handle=0}, da = (SYNCHRONIZE|FILE_READ_ATTRIBUTES), oa = @0xedc830->OBJECT_ATTRIBUTES {s:48; rd:NULL; on:[110]"\??\C:\Windows\WinSxS\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7600.16399_none_9eb7efc214c295bd"; aOBJ_CASE_INSENSITIVE)}, iosb = @0xedc810, as = (null), fa = 0, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), cd = FILE_OPEN, co = (FILE_SYNCHRONOUS_IO_NONALERT|0x00004000), eab = NULL, eal = 0, disp = Invalid)
[gle=0xd0000034]
2010-03-04 21:25:33, Error CSI [email protected]/3/4:19:25:33.100 (F) d:\w7rtm\base\wcp\sil\merged\ntu\ntsystem.cpp(2057): Error STATUS_OBJECT_NAME_NOT_FOUND originated in function Windows::Rtl::SystemImplementation:irectFileSystemProvider::SysCreateFile expression: (null)
[gle=0x80004005]
2010-03-04 21:25:36, Error CSI 00000019 (F) STATUS_OBJECT_NAME_NOT_FOUND #1422# from Windows::Rtl::SystemImplementation::CDirectory::OpenExistingDirectory(...)[gle=0xd0000034]
2010-03-04 21:25:36, Error CSI 0000001a (F) STATUS_OBJECT_NAME_NOT_FOUND #1421# from Windows::Rtl::SystemImplementation::CDirectory_IRtlDirectoryTearoff::OpenExistingDirectory(flags = 0, da = (SYNCHRONIZE), oa = @0xedd128->SIL_OBJECT_ATTRIBUTES {s:40; on:"amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7600.16399_none_9eb7efc214c295bd"; aOBJ_CASE_INSENSITIVE)}, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), oo = (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT), dir = NULL, disp = Invalid)
[gle=0xd0000034]

Now with everything back in place, the only step remaining would be to "bind" Windows' files back to its original winsxs folders. Only have to do this for a handful of them, the 16399 ones, since the other ones apparently got overwritten by subsequent updates.

How does one bind a system file to sync with a specific winsxs folder? Should I ask about this in a different section of the forum?


----------



## jcgriff2 (Sep 30, 2007)

*Re: BSOD cdd.dll*



jcgriff2 said:


> Re-install Windows 7.



I do believe that is the best choice of all.


jcgriff2

.


----------



## Searinox (Nov 21, 2008)

*Re: BSOD cdd.dll*

No one to help me if I believe otherwise? I've come such a long way, got so much fixed, all I need now is to tie in the files back with their old winsxs counterparts.

*EDIT: This will no longer be needed. I found an explanation of the way winsxs works and how it's a hard link to the actual files. I should be able to finalize this step on my own. I believe I've solved this.*


----------



## jcgriff2 (Sep 30, 2007)

*Re: BSOD cdd.dll*

A 'hard' link to files in \winsxs..? You are Windows 7 x64 which is full of virtualization. What you see is not necessarily what is there. 

You've been here trying to fix this for > 11 hours now; not sure how much time invested prior to your arrival. A re-install would take less than 1 hour. 

I do wish you the best of luck in your endeavors, but urge you to re-install.

The final step --> www.microsoft.com/genuine

As you have declared your issue solved, this thread shall be marked as such and closed.

Regards. . .

jcgriff2

.


----------

