Tech Support Forum banner
Status
Not open for further replies.

Terminal Server BSOD crashed.

6K views 6 replies 4 participants last post by  Bernard Phiffe 
#1 ·
Hello all,

Hope someone can help me out with this. We have a Terminal Server 2008 R2 running inside of Hyper-V. Once a week or so we are getting Bluescreens and the server reboots. I ran the SF Diagnostic Tool and upload to this post Appreciate if someone can help me out here.
 

Attachments

#2 ·
Hi. . .

The bugcheck on the 3 dumps was the same -

0xf4 (0x3,,,) = a process critical to Windows suddenly & unexpectedly terminated

I usually see 0xf4 associated with corrupted Windows installations or problems with HDD; less often with RAM. Unfortunately, there is no definitive cause listed or even a hint of a direction to point us to.

A corrupted OS installation could be caused by many things. Was Windows actually installed or was an image used? There's a possibility that the image was bad; or if the image was good, the DVD drive was bad or if USB used, there was a problem with/during copying.

Run hardware diags -
- RAM - memtest86+ - http://www.sysnative.com/forums/hardware-tutorials/3909-test-ram-with-memtest86.html
- HDD - if SATA HDD - SeaTools for DOS, LONG test - http://www.sysnative.com/forums/hardware-tutorials/4072-hard-drive-hdd-diagnostics.html
- HDD - if SSD - make sure firmware is updated

I found these entries in the Event Viewer logs. Not sure what Kaspersky is trying to tell you exactly -
Code:
[font=lucida console]
Event[38]:
  Log Name: Application
  Source: Kaspersky Endpoint Security 10 for Windows
  Date: 2014-09-25T12:53:21.000
  Level: Error
  Computer: office2
  Description: 
Event type:	[color=red]License Agreement violated[/color]
Application\Name:	Kaspersky Endpoint Security 10 for Windows
Component:	Protection
Result\Description:	Application is not activated
[/font]
Were there any hardware changes?
Code:
[font=lucida console]Event[79]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2014-09-25T12:46:24.000
  Event ID: 1040
  Description: 
[color=red]Hardware has changed from previous boot.[/color][/font]
Seveal hundred (perhaps thousands) of these error messages re: redirection:
Code:
[font=lucida console]Event[124]:
  Log Name: Application
  Source: Microsoft-Windows-Folder Redirection
  Date: 2014-09-25T10:31:17.795
  Level: Error
  Description: 
Failed to apply policy and redirect folder "Pictures" to "\\REYNOLDS-PDC\UsersHome\My Pictures".
 Redirection options=0x9210.
 The following error occurred: "Can not create folder "\\REYNOLDS-PDC\UsersHome\My Pictures"".
 Error details: "Access is denied.[/font]
Code:
[font=lucida console]Description: 
Failed to apply policy and redirect folder "Videos" to "\\REYNOLDS-PDC\UsersHome\My Videos".
 Redirection options=0x9210.
 The following error occurred: "Can not create folder "\\REYNOLDS-PDC\UsersHome\My Videos"".
 Error details: "Access is denied.[/font]
Code:
[font=lucida console]Description: 
Failed to apply policy and redirect folder "Documents" to "\\REYNOLDS-PDC\UsersHome".
 Redirection options=0x9210.
 The following error occurred: "Can not create folder "\\REYNOLDS-PDC\UsersHome"".
 Error details: "This security ID may not be assigned as the owner of this object.[/font]
Code:
[font=lucida console]Description: 
Failed to apply policy and redirect folder "Music" to "\\REYNOLDS-PDC\UsersHome\My Music".
 Redirection options=0x9210.
 The following error occurred: "Can not create folder "\\REYNOLDS-PDC\UsersHome\My Music"".
 Error details: "Access is denied.[/font]
I have also seen Internet Security Suites (like Kaspersky) cause 0xf4 BSODs. You may want to uninstall Kaspersky and see if the BSODs continue.

Lastly, the OS was installed late May 2014. Did the BSODs suddenly begin with the earliest dump file on 10 July 2014?

Regards. . .

jcgriff2

`

Code:
[font=lucida console]

Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PalmDesert\AppData\Local\Temp\Temp1_SysnativeFileCollectionApp.zip\SysnativeFileCollectionApp\092514-23515-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`01816000 PsLoadedModuleList = 0xfffff800`01a59890
Debug session time: Thu Sep 25 03:46:31.429 2014 (UTC - 4:00)
System Uptime: 9 days 8:04:51.427
Loading Kernel Symbols
...............................................................
................................................................
............
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, fffffa8010fa0060, fffffa8010fa0340, fffff80001b91270}

----- ETW minidump data unavailable-----
Processing initial command '!analyze -v;r;kv;lmtn;lmtsmn;.bugcheck'
Probably caused by : csrss.exe

Followup: MachineOwner
---------

1: kd> !analyze -v;r;kv;lmtn;lmtsmn;.bugcheck
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa8010fa0060, Terminating object
Arg3: fffffa8010fa0340, Process image file name
Arg4: fffff80001b91270, Explanatory message (ascii)

Debugging Details:
------------------

----- ETW minidump data unavailable-----

PROCESS_OBJECT: fffffa8010fa0060

IMAGE_NAME:  csrss.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: csrss

FAULTING_MODULE: 0000000000000000 

PROCESS_NAME:  csrss.exe

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

BUGCHECK_STR:  0xF4_c0000005

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

STACK_TEXT:  
fffff880`0b1bf9c8 fffff800`01c19ab2 : 00000000`000000f4 00000000`00000003 fffffa80`10fa0060 fffffa80`10fa0340 : nt!KeBugCheckEx
fffff880`0b1bf9d0 fffff800`01bc4abb : ffffffff`ffffffff fffffa80`10247b00 fffffa80`10fa0060 fffffa80`10fa0060 : nt!PspCatchCriticalBreak+0x92
fffff880`0b1bfa10 fffff800`01b43f04 : ffffffff`ffffffff 00000000`00000001 fffffa80`10fa0060 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17486
fffff880`0b1bfa60 fffff800`0188ae53 : fffffa80`10fa0060 fffff880`c0000005 fffffa80`10247b00 fffffa80`0a176b00 : nt!NtTerminateProcess+0xf4
fffff880`0b1bfae0 00000000`770f157a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`025ad8f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770f157a


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

IMAGE_VERSION:  

FAILURE_BUCKET_ID:  X64_0xF4_c0000005_IMAGE_csrss.exe

BUCKET_ID:  X64_0xF4_c0000005_IMAGE_csrss.exe

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0xf4_c0000005_image_csrss.exe

FAILURE_ID_HASH:  {92bd9bcd-069a-8a82-1b78-cb81a61ff626}

Followup: MachineOwner
---------

rax=fffff8800b1bfa58 rbx=ffffffffffffff00 rcx=00000000000000f4
rdx=0000000000000003 rsi=fffffa8010fa0340 rdi=fffffa8010fa0060
rip=fffff8000188bbc0 rsp=fffff8800b1bf9c8 rbp=fffff80001b91270
 r8=fffffa8010fa0060  r9=fffffa8010fa0340 r10=fffff80001b43e10
r11=fffff8800b1bfad8 r12=00000000c0000005 r13=00000000c0000005
r14=0000000000000008 r15=ffffffffffffffff
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000206
nt!KeBugCheckEx:
fffff800`0188bbc0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff880`0b1bf9d0=00000000000000f4
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`0b1bf9c8 fffff800`01c19ab2 : 00000000`000000f4 00000000`00000003 fffffa80`10fa0060 fffffa80`10fa0340 : nt!KeBugCheckEx
fffff880`0b1bf9d0 fffff800`01bc4abb : ffffffff`ffffffff fffffa80`10247b00 fffffa80`10fa0060 fffffa80`10fa0060 : nt!PspCatchCriticalBreak+0x92
fffff880`0b1bfa10 fffff800`01b43f04 : ffffffff`ffffffff 00000000`00000001 fffffa80`10fa0060 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17486
fffff880`0b1bfa60 fffff800`0188ae53 : fffffa80`10fa0060 fffff880`c0000005 fffffa80`10247b00 fffffa80`0a176b00 : nt!NtTerminateProcess+0xf4
fffff880`0b1bfae0 00000000`770f157a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0b1bfae0)
00000000`025ad8f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770f157a
start             end                 module name
fffff800`015fa000 fffff800`01604000   kdcom    kdcom.dll    Sat Feb 05 11:52:49 2011 (4D4D8061)
fffff800`01816000 fffff800`01dfb000   nt       ntkrnlmp.exe Tue Mar 04 03:38:19 2014 (531590FB)
fffff800`01dfb000 fffff800`01e44000   hal      hal.dll      Sat Nov 20 08:00:25 2010 (4CE7C669)
fffff880`00c1b000 fffff880`00c67000   fltmgr   fltmgr.sys   Sat Nov 20 04:19:24 2010 (4CE7929C)
fffff880`00c79000 fffff880`00cc8000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 08:03:51 2010 (4CE7C737)
fffff880`00cc8000 fffff880`00cdc000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`00cdc000 fffff880`00d3a000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`00d3a000 fffff880`00dfa000   CI       CI.dll       Sat Nov 20 08:12:36 2010 (4CE7C944)
fffff880`00e00000 fffff880`00e5e000   msrpc    msrpc.sys    Sat Nov 20 04:21:56 2010 (4CE79334)
fffff880`00e5e000 fffff880`00ebe000   NETIO    NETIO.SYS    Tue Nov 26 05:21:01 2013 (5294760D)
fffff880`00ed3000 fffff880`00fc5000   NDIS     NDIS.SYS     Wed Aug 22 11:11:46 2012 (5034F6B2)
fffff880`00fc5000 fffff880`00fef000   ataport  ataport.SYS  Sun Aug 04 21:02:45 2013 (51FEF9B5)
fffff880`0100b000 fffff880`010cd000   Wdf01000 Wdf01000.sys Fri Jun 21 23:13:05 2013 (51C51641)
fffff880`010cd000 fffff880`010dd000   WDFLDR   WDFLDR.SYS   Wed Jul 25 22:29:04 2012 (5010AB70)
fffff880`010dd000 fffff880`010ea000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`010ea000 fffff880`010ff000   partmgr  partmgr.sys  Sat Mar 17 01:06:09 2012 (4F641BC1)
fffff880`010ff000 fffff880`01114000   volmgr   volmgr.sys   Sat Nov 20 04:19:28 2010 (4CE792A0)
fffff880`01114000 fffff880`01170000   volmgrx  volmgrx.sys  Sat Nov 20 04:20:43 2010 (4CE792EB)
fffff880`01170000 fffff880`01178000   intelide intelide.sys Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`01178000 fffff880`01188000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`01188000 fffff880`011a5000   vmbus    vmbus.sys    Thu Aug 22 07:36:39 2013 (5215F7C7)
fffff880`011a5000 fffff880`011bc000   vmbkmcl  vmbkmcl.sys  Thu Aug 22 07:38:58 2013 (5215F852)
fffff880`011bc000 fffff880`011d1000   winhv    winhv.sys    Thu Aug 22 07:40:00 2013 (5215F890)
fffff880`011d1000 fffff880`011eb000   mountmgr mountmgr.sys Sat Nov 20 04:19:21 2010 (4CE79299)
fffff880`011eb000 fffff880`011f4000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`011f4000 fffff880`011ff000   amdxata  amdxata.sys  Fri Mar 19 12:18:18 2010 (4BA3A3CA)
fffff880`01200000 fffff880`01233000   pci      pci.sys      Sat Nov 20 04:19:11 2010 (4CE7928F)
fffff880`01236000 fffff880`01994000   kl1      kl1.sys      Thu Sep 05 02:38:10 2013 (522826D2)
fffff880`01994000 fffff880`019eb000   ACPI     ACPI.sys     Sat Nov 20 04:19:16 2010 (4CE79294)
fffff880`019eb000 fffff880`019f4000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)
fffff880`019f4000 fffff880`019fe000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`01a00000 fffff880`01a1b000   ksecdd   ksecdd.sys   Fri Apr 11 21:08:30 2014 (5348920E)
fffff880`01a1b000 fffff880`01a31000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`01a31000 fffff880`01a3e000   TDI      TDI.SYS      Sat Nov 20 04:22:06 2010 (4CE7933E)
fffff880`01a46000 fffff880`01bef000   Ntfs     Ntfs.sys     Thu Jan 23 20:14:50 2014 (52E1BE8A)
fffff880`01bef000 fffff880`01bff000   kltdi    kltdi.sys    Thu Nov 22 03:48:04 2012 (50ADE6C4)
fffff880`01c00000 fffff880`01c4c000   volsnap  volsnap.sys  Sat Nov 20 04:20:08 2010 (4CE792C8)
fffff880`01c53000 fffff880`01cc5000   cng      cng.sys      Wed Aug 01 11:48:07 2012 (50194FB7)
fffff880`01cc5000 fffff880`01cd1000   storvsc  storvsc.sys  Thu Aug 22 07:37:34 2013 (5215F7FE)
fffff880`01cd1000 fffff880`01d35000   storport storport.sys Mon Feb 03 20:36:50 2014 (52F04432)
fffff880`01d35000 fffff880`01d46000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`01d46000 fffff880`01d50000   Fs_Rec   Fs_Rec.sys   Wed Feb 29 22:41:06 2012 (4F4EEFD2)
fffff880`01d50000 fffff880`01d7c000   ksecpkg  ksecpkg.sys  Fri Apr 11 21:24:10 2014 (534895BA)
fffff880`01d7c000 fffff880`01dc5000   fwpkclnt fwpkclnt.sys Fri Apr 04 21:23:21 2014 (533F5B09)
fffff880`01dc5000 fffff880`01dd4000   vmstorfl vmstorfl.sys Thu Aug 22 07:37:06 2013 (5215F7E2)
fffff880`01dd4000 fffff880`01ddc000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`01ddc000 fffff880`01dee000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`01dee000 fffff880`01df7000   hwpolicy hwpolicy.sys Sat Nov 20 04:18:54 2010 (4CE7927E)
fffff880`01e01000 fffff880`02000000   tcpip    tcpip.sys    Fri Apr 04 21:26:44 2014 (533F5BD4)
fffff880`02000000 fffff880`02011000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`02011000 fffff880`02033000   tdx      tdx.sys      Sat Nov 20 04:21:54 2010 (4CE79332)
fffff880`02037000 fffff880`02067000   CLASSPNP CLASSPNP.SYS Sat Nov 20 04:19:23 2010 (4CE7929B)
fffff880`0208a000 fffff880`020b4000   cdrom    cdrom.sys    Sat Nov 20 04:19:20 2010 (4CE79298)
fffff880`020b4000 fffff880`02161000   klif     klif.sys     Wed Nov 06 09:49:45 2013 (527A5709)
fffff880`02161000 fffff880`02185000   klflt    klflt.sys    Wed Sep 18 08:24:54 2013 (52399B96)
fffff880`02185000 fffff880`0218e000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`0218e000 fffff880`0219c000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`0219c000 fffff880`021c1000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`021c1000 fffff880`021d1000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`021d1000 fffff880`021da000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`021da000 fffff880`021e3000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`021e3000 fffff880`021ec000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`021ec000 fffff880`021f7000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`03200000 fffff880`0321d000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`0321d000 fffff880`03238000   wanarp   wanarp.sys   Sat Nov 20 05:52:36 2010 (4CE7A874)
fffff880`03238000 fffff880`0324c000   termdd   termdd.sys   Sat Nov 20 06:03:40 2010 (4CE7AB0C)
fffff880`0324c000 fffff880`0329d000   rdbss    rdbss.sys    Sat Nov 20 04:27:51 2010 (4CE79497)
fffff880`0329d000 fffff880`032a9000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff880`032a9000 fffff880`032b4000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`032b4000 fffff880`032cf000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`032dd000 fffff880`03366000   afd      afd.sys      Fri May 30 02:45:48 2014 (5388291C)
fffff880`03366000 fffff880`033ab000   netbt    netbt.sys    Sat Nov 20 04:23:18 2010 (4CE79386)
fffff880`033ab000 fffff880`033b4000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`033b4000 fffff880`033da000   pacer    pacer.sys    Sat Nov 20 05:52:18 2010 (4CE7A862)
fffff880`033da000 fffff880`033e4000   klim6    klim6.sys    Thu Jul 11 03:54:08 2013 (51DE64A0)
fffff880`033e4000 fffff880`033f3000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`03600000 fffff880`03623000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`03623000 fffff880`03638000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`03638000 fffff880`03650000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`03650000 fffff880`0366e000   bowser   bowser.sys   Tue Feb 22 23:55:04 2011 (4D649328)
fffff880`0366e000 fffff880`03686000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`03686000 fffff880`036b3000   mrxsmb   mrxsmb.sys   Tue Apr 26 22:40:38 2011 (4DB78226)
fffff880`036b3000 fffff880`036e4000   srvnet   srvnet.sys   Thu Apr 28 23:05:35 2011 (4DBA2AFF)
fffff880`036ef000 fffff880`03710000   raspptp  raspptp.sys  Sat Nov 20 05:52:31 2010 (4CE7A86F)
fffff880`03710000 fffff880`0372a000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`0372a000 fffff880`03735000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
fffff880`03735000 fffff880`03736480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`03737000 fffff880`0377a000   ks       ks.sys       Sat Nov 20 05:33:23 2010 (4CE7A3F3)
fffff880`0377a000 fffff880`0378c000   umbus    umbus.sys    Sat Nov 20 05:44:37 2010 (4CE7A695)
fffff880`0378c000 fffff880`03797000   flpydisk flpydisk.sys Mon Jul 13 20:00:54 2009 (4A5BCAB6)
fffff880`03797000 fffff880`037a4000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff880`037a4000 fffff880`037b9000   NDProxy  NDProxy.SYS  Sat Nov 20 05:52:20 2010 (4CE7A864)
fffff880`037b9000 fffff880`037c7000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`037c7000 fffff880`037d3000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`037d3000 fffff880`037dc000   dump_atapi dump_atapi.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`037dc000 fffff880`037e8000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`037e8000 fffff880`037fa000   tcpipreg tcpipreg.sys Wed Oct 03 12:07:26 2012 (506C62BE)
fffff880`03800000 fffff880`03810000   CompositeBus CompositeBus.sys Sat Nov 20 05:33:17 2010 (4CE7A3ED)
fffff880`03810000 fffff880`03826000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`03826000 fffff880`0384a000   rasl2tp  rasl2tp.sys  Sat Nov 20 05:52:34 2010 (4CE7A872)
fffff880`0384a000 fffff880`03856000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`03856000 fffff880`03885000   ndiswan  ndiswan.sys  Sat Nov 20 05:52:32 2010 (4CE7A870)
fffff880`03895000 fffff880`038c2000   kneps    kneps.sys    Mon Jul 01 09:17:01 2013 (51D1814D)
fffff880`038c2000 fffff880`038d1000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`038d1000 fffff880`038ef000   dfsc     dfsc.sys     Sat Nov 20 04:26:31 2010 (4CE79447)
fffff880`038ef000 fffff880`03900000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`03900000 fffff880`03926000   tunnel   tunnel.sys   Sat Nov 20 05:51:50 2010 (4CE7A846)
fffff880`03926000 fffff880`03944000   i8042prt i8042prt.sys Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`03944000 fffff880`03953000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`03953000 fffff880`03962000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`03962000 fffff880`0396e000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`0396e000 fffff880`0397b000   fdc      fdc.sys      Mon Jul 13 20:00:54 2009 (4A5BCAB6)
fffff880`0397b000 fffff880`03980500   VMBusHID VMBusHID.sys Thu Aug 22 07:37:50 2013 (5215F80E)
fffff880`03981000 fffff880`0399a000   HIDCLASS HIDCLASS.SYS Wed Jul 03 00:05:05 2013 (51D3A2F1)
fffff880`0399a000 fffff880`039a2080   HIDPARSE HIDPARSE.SYS Wed Jul 03 00:05:04 2013 (51D3A2F0)
fffff880`039a3000 fffff880`039ad000   hyperkbd hyperkbd.sys Thu Aug 22 07:37:49 2013 (5215F80D)
fffff880`039ad000 fffff880`039b8000   VMBusVideoM VMBusVideoM.sys Thu Aug 22 07:39:29 2013 (5215F871)
fffff880`039b8000 fffff880`039cd000   netvsc60 netvsc60.sys Thu Aug 22 07:36:42 2013 (5215F7CA)
fffff880`039cd000 fffff880`039d6000   vms3cap  vms3cap.sys  Thu Aug 22 07:38:37 2013 (5215F83D)
fffff880`039d6000 fffff880`039ec000   intelppm intelppm.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`039ec000 fffff880`039f6000   vmgencounter vmgencounter.sys Thu Aug 22 07:38:23 2013 (5215F82F)
fffff880`05000000 fffff880`050a6000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`050aa000 fffff880`050f8000   mrxsmb10 mrxsmb10.sys Fri Jul 08 22:46:28 2011 (4E17C104)
fffff880`050f8000 fffff880`0511c000   mrxsmb20 mrxsmb20.sys Tue Apr 26 22:39:37 2011 (4DB781E9)
fffff880`0511c000 fffff880`051e5000   HTTP     HTTP.sys     Sat Nov 20 04:24:30 2010 (4CE793CE)
fffff880`051e5000 fffff880`051f0000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`05850000 fffff880`058b9000   srv2     srv2.sys     Thu Apr 28 23:05:46 2011 (4DBA2B0A)
fffff880`058b9000 fffff880`05951000   srv      srv.sys      Thu Apr 28 23:06:06 2011 (4DBA2B1E)
fffff880`05951000 fffff880`0597f000   rdpdr    rdpdr.sys    Sat Nov 20 06:06:41 2010 (4CE7ABC1)
fffff880`0597f000 fffff880`0598a000   tdtcp    tdtcp.sys    Thu Feb 16 23:57:32 2012 (4F3DDE3C)
fffff880`0598a000 fffff880`05999000   tssecsrv tssecsrv.sys Sat Jun 15 00:32:15 2013 (51BBEE4F)
fffff880`05999000 fffff880`059d2000   RDPWD    RDPWD.SYS    Fri Apr 27 23:55:20 2012 (4F9B6A28)
fffff880`06938000 fffff880`06943000   asyncmac asyncmac.sys Mon Jul 13 20:10:13 2009 (4A5BCCE5)
fffff880`06943000 fffff880`0696b000   mrxdav   mrxdav.sys   Thu Jul 04 06:11:34 2013 (51D54A56)
fffff960`00080000 fffff960`00398000   win32k   win32k.sys   Tue Jun 17 21:07:22 2014 (53A0E64A)
fffff960`004d0000 fffff960`004ee000   dxg      dxg.sys      Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff960`00630000 fffff960`0063a000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff960`00820000 fffff960`0082c000   VMBusVideoD VMBusVideoD.dll unavailable (00000000)
fffff960`00ad0000 fffff960`00b19000   RDPDD    RDPDD.dll    Thu Jul 19 12:13:49 2012 (5008323D)
fffff960`00c10000 fffff960`00c71000   ATMFD    ATMFD.DLL    unavailable (00000000)

Unloaded modules:
fffff880`0696b000 fffff880`069dc000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00071000
fffff880`068c7000 fffff880`06938000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00071000
fffff880`02067000 fffff880`02075000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`02075000 fffff880`02081000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff880`02081000 fffff880`0208a000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00009000
fffff880`00c00000 fffff880`00c1b000   sacdrv.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001B000
start             end                 module name
fffff880`01994000 fffff880`019eb000   ACPI     ACPI.sys     Sat Nov 20 04:19:16 2010 (4CE79294)
fffff880`032dd000 fffff880`03366000   afd      afd.sys      Fri May 30 02:45:48 2014 (5388291C)
fffff880`03810000 fffff880`03826000   AgileVpn AgileVpn.sys Mon Jul 13 20:10:24 2009 (4A5BCCF0)
fffff880`011f4000 fffff880`011ff000   amdxata  amdxata.sys  Fri Mar 19 12:18:18 2010 (4BA3A3CA)
fffff880`06938000 fffff880`06943000   asyncmac asyncmac.sys Mon Jul 13 20:10:13 2009 (4A5BCCE5)
fffff880`011eb000 fffff880`011f4000   atapi    atapi.sys    Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`00fc5000 fffff880`00fef000   ataport  ataport.SYS  Sun Aug 04 21:02:45 2013 (51FEF9B5)
fffff960`00c10000 fffff960`00c71000   ATMFD    ATMFD.DLL    unavailable (00000000)
fffff880`038ef000 fffff880`03900000   blbdrive blbdrive.sys Mon Jul 13 19:35:59 2009 (4A5BC4DF)
fffff880`03650000 fffff880`0366e000   bowser   bowser.sys   Tue Feb 22 23:55:04 2011 (4D649328)
fffff880`0208a000 fffff880`020b4000   cdrom    cdrom.sys    Sat Nov 20 04:19:20 2010 (4CE79298)
fffff880`00d3a000 fffff880`00dfa000   CI       CI.dll       Sat Nov 20 08:12:36 2010 (4CE7C944)
fffff880`02037000 fffff880`02067000   CLASSPNP CLASSPNP.SYS Sat Nov 20 04:19:23 2010 (4CE7929B)
fffff880`00cdc000 fffff880`00d3a000   CLFS     CLFS.SYS     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`01c53000 fffff880`01cc5000   cng      cng.sys      Wed Aug 01 11:48:07 2012 (50194FB7)
fffff880`03800000 fffff880`03810000   CompositeBus CompositeBus.sys Sat Nov 20 05:33:17 2010 (4CE7A3ED)
fffff880`037b9000 fffff880`037c7000   crashdmp crashdmp.sys Mon Jul 13 20:01:01 2009 (4A5BCABD)
fffff880`038d1000 fffff880`038ef000   dfsc     dfsc.sys     Sat Nov 20 04:26:31 2010 (4CE79447)
fffff880`038c2000 fffff880`038d1000   discache discache.sys Mon Jul 13 19:37:18 2009 (4A5BC52E)
fffff880`01a1b000 fffff880`01a31000   disk     disk.sys     Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`037d3000 fffff880`037dc000   dump_atapi dump_atapi.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`037c7000 fffff880`037d3000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`037dc000 fffff880`037e8000   Dxapi    Dxapi.sys    Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff960`004d0000 fffff960`004ee000   dxg      dxg.sys      Mon Jul 13 19:38:28 2009 (4A5BC574)
fffff880`0396e000 fffff880`0397b000   fdc      fdc.sys      Mon Jul 13 20:00:54 2009 (4A5BCAB6)
fffff880`0378c000 fffff880`03797000   flpydisk flpydisk.sys Mon Jul 13 20:00:54 2009 (4A5BCAB6)
fffff880`00c1b000 fffff880`00c67000   fltmgr   fltmgr.sys   Sat Nov 20 04:19:24 2010 (4CE7929C)
fffff880`01d46000 fffff880`01d50000   Fs_Rec   Fs_Rec.sys   Wed Feb 29 22:41:06 2012 (4F4EEFD2)
fffff880`01d7c000 fffff880`01dc5000   fwpkclnt fwpkclnt.sys Fri Apr 04 21:23:21 2014 (533F5B09)
fffff800`01dfb000 fffff800`01e44000   hal      hal.dll      Sat Nov 20 08:00:25 2010 (4CE7C669)
fffff880`03981000 fffff880`0399a000   HIDCLASS HIDCLASS.SYS Wed Jul 03 00:05:05 2013 (51D3A2F1)
fffff880`0399a000 fffff880`039a2080   HIDPARSE HIDPARSE.SYS Wed Jul 03 00:05:04 2013 (51D3A2F0)
fffff880`0511c000 fffff880`051e5000   HTTP     HTTP.sys     Sat Nov 20 04:24:30 2010 (4CE793CE)
fffff880`01dee000 fffff880`01df7000   hwpolicy hwpolicy.sys Sat Nov 20 04:18:54 2010 (4CE7927E)
fffff880`039a3000 fffff880`039ad000   hyperkbd hyperkbd.sys Thu Aug 22 07:37:49 2013 (5215F80D)
fffff880`03926000 fffff880`03944000   i8042prt i8042prt.sys Mon Jul 13 19:19:57 2009 (4A5BC11D)
fffff880`01170000 fffff880`01178000   intelide intelide.sys Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`039d6000 fffff880`039ec000   intelppm intelppm.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
fffff880`03944000 fffff880`03953000   kbdclass kbdclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff800`015fa000 fffff800`01604000   kdcom    kdcom.dll    Sat Feb 05 11:52:49 2011 (4D4D8061)
fffff880`01236000 fffff880`01994000   kl1      kl1.sys      Thu Sep 05 02:38:10 2013 (522826D2)
fffff880`02161000 fffff880`02185000   klflt    klflt.sys    Wed Sep 18 08:24:54 2013 (52399B96)
fffff880`020b4000 fffff880`02161000   klif     klif.sys     Wed Nov 06 09:49:45 2013 (527A5709)
fffff880`033da000 fffff880`033e4000   klim6    klim6.sys    Thu Jul 11 03:54:08 2013 (51DE64A0)
fffff880`01bef000 fffff880`01bff000   kltdi    kltdi.sys    Thu Nov 22 03:48:04 2012 (50ADE6C4)
fffff880`03895000 fffff880`038c2000   kneps    kneps.sys    Mon Jul 01 09:17:01 2013 (51D1814D)
fffff880`03737000 fffff880`0377a000   ks       ks.sys       Sat Nov 20 05:33:23 2010 (4CE7A3F3)
fffff880`01a00000 fffff880`01a1b000   ksecdd   ksecdd.sys   Fri Apr 11 21:08:30 2014 (5348920E)
fffff880`01d50000 fffff880`01d7c000   ksecpkg  ksecpkg.sys  Fri Apr 11 21:24:10 2014 (534895BA)
fffff880`03623000 fffff880`03638000   lltdio   lltdio.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`03600000 fffff880`03623000   luafv    luafv.sys    Mon Jul 13 19:26:13 2009 (4A5BC295)
fffff880`00c79000 fffff880`00cc8000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 08:03:51 2010 (4CE7C737)
fffff880`03953000 fffff880`03962000   mouclass mouclass.sys Mon Jul 13 19:19:50 2009 (4A5BC116)
fffff880`03797000 fffff880`037a4000   mouhid   mouhid.sys   Mon Jul 13 20:00:20 2009 (4A5BCA94)
fffff880`011d1000 fffff880`011eb000   mountmgr mountmgr.sys Sat Nov 20 04:19:21 2010 (4CE79299)
fffff880`0366e000 fffff880`03686000   mpsdrv   mpsdrv.sys   Mon Jul 13 20:08:25 2009 (4A5BCC79)
fffff880`06943000 fffff880`0696b000   mrxdav   mrxdav.sys   Thu Jul 04 06:11:34 2013 (51D54A56)
fffff880`03686000 fffff880`036b3000   mrxsmb   mrxsmb.sys   Tue Apr 26 22:40:38 2011 (4DB78226)
fffff880`050aa000 fffff880`050f8000   mrxsmb10 mrxsmb10.sys Fri Jul 08 22:46:28 2011 (4E17C104)
fffff880`050f8000 fffff880`0511c000   mrxsmb20 mrxsmb20.sys Tue Apr 26 22:39:37 2011 (4DB781E9)
fffff880`021ec000 fffff880`021f7000   Msfs     Msfs.SYS     Mon Jul 13 19:19:47 2009 (4A5BC113)
fffff880`019f4000 fffff880`019fe000   msisadrv msisadrv.sys Mon Jul 13 19:19:26 2009 (4A5BC0FE)
fffff880`00e00000 fffff880`00e5e000   msrpc    msrpc.sys    Sat Nov 20 04:21:56 2010 (4CE79334)
fffff880`032a9000 fffff880`032b4000   mssmbios mssmbios.sys Mon Jul 13 19:31:10 2009 (4A5BC3BE)
fffff880`01ddc000 fffff880`01dee000   mup      mup.sys      Mon Jul 13 19:23:45 2009 (4A5BC201)
fffff880`00ed3000 fffff880`00fc5000   NDIS     NDIS.SYS     Wed Aug 22 11:11:46 2012 (5034F6B2)
fffff880`0384a000 fffff880`03856000   ndistapi ndistapi.sys Mon Jul 13 20:10:00 2009 (4A5BCCD8)
fffff880`03856000 fffff880`03885000   ndiswan  ndiswan.sys  Sat Nov 20 05:52:32 2010 (4CE7A870)
fffff880`037a4000 fffff880`037b9000   NDProxy  NDProxy.SYS  Sat Nov 20 05:52:20 2010 (4CE7A864)
fffff880`033e4000 fffff880`033f3000   netbios  netbios.sys  Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff880`03366000 fffff880`033ab000   netbt    netbt.sys    Sat Nov 20 04:23:18 2010 (4CE79386)
fffff880`00e5e000 fffff880`00ebe000   NETIO    NETIO.SYS    Tue Nov 26 05:21:01 2013 (5294760D)
fffff880`039b8000 fffff880`039cd000   netvsc60 netvsc60.sys Thu Aug 22 07:36:42 2013 (5215F7CA)
fffff880`02000000 fffff880`02011000   Npfs     Npfs.SYS     Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`0329d000 fffff880`032a9000   nsiproxy nsiproxy.sys Mon Jul 13 19:21:02 2009 (4A5BC15E)
fffff800`01816000 fffff800`01dfb000   nt       ntkrnlmp.exe Tue Mar 04 03:38:19 2014 (531590FB)
fffff880`01a46000 fffff880`01bef000   Ntfs     Ntfs.sys     Thu Jan 23 20:14:50 2014 (52E1BE8A)
fffff880`02185000 fffff880`0218e000   Null     Null.SYS     Mon Jul 13 19:19:37 2009 (4A5BC109)
fffff880`033b4000 fffff880`033da000   pacer    pacer.sys    Sat Nov 20 05:52:18 2010 (4CE7A862)
fffff880`010ea000 fffff880`010ff000   partmgr  partmgr.sys  Sat Mar 17 01:06:09 2012 (4F641BC1)
fffff880`01200000 fffff880`01233000   pci      pci.sys      Sat Nov 20 04:19:11 2010 (4CE7928F)
fffff880`01178000 fffff880`01188000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:19:48 2009 (4A5BC114)
fffff880`01d35000 fffff880`01d46000   pcw      pcw.sys      Mon Jul 13 19:19:27 2009 (4A5BC0FF)
fffff880`05000000 fffff880`050a6000   peauth   peauth.sys   Mon Jul 13 21:01:19 2009 (4A5BD8DF)
fffff880`00cc8000 fffff880`00cdc000   PSHED    PSHED.dll    Mon Jul 13 21:32:23 2009 (4A5BE027)
fffff880`03826000 fffff880`0384a000   rasl2tp  rasl2tp.sys  Sat Nov 20 05:52:34 2010 (4CE7A872)
fffff880`032b4000 fffff880`032cf000   raspppoe raspppoe.sys Mon Jul 13 20:10:17 2009 (4A5BCCE9)
fffff880`036ef000 fffff880`03710000   raspptp  raspptp.sys  Sat Nov 20 05:52:31 2010 (4CE7A86F)
fffff880`03710000 fffff880`0372a000   rassstp  rassstp.sys  Mon Jul 13 20:10:25 2009 (4A5BCCF1)
fffff880`0324c000 fffff880`0329d000   rdbss    rdbss.sys    Sat Nov 20 04:27:51 2010 (4CE79497)
fffff880`0372a000 fffff880`03735000   rdpbus   rdpbus.sys   Mon Jul 13 20:17:46 2009 (4A5BCEAA)
fffff880`021d1000 fffff880`021da000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff960`00ad0000 fffff960`00b19000   RDPDD    RDPDD.dll    Thu Jul 19 12:13:49 2012 (5008323D)
fffff880`05951000 fffff880`0597f000   rdpdr    rdpdr.sys    Sat Nov 20 06:06:41 2010 (4CE7ABC1)
fffff880`021da000 fffff880`021e3000   rdpencdd rdpencdd.sys Mon Jul 13 20:16:34 2009 (4A5BCE62)
fffff880`021e3000 fffff880`021ec000   rdprefmp rdprefmp.sys Mon Jul 13 20:16:35 2009 (4A5BCE63)
fffff880`05999000 fffff880`059d2000   RDPWD    RDPWD.SYS    Fri Apr 27 23:55:20 2012 (4F9B6A28)
fffff880`03638000 fffff880`03650000   rspndr   rspndr.sys   Mon Jul 13 20:08:50 2009 (4A5BCC92)
fffff880`051e5000 fffff880`051f0000   secdrv   secdrv.SYS   Wed Sep 13 09:18:38 2006 (4508052E)
fffff880`03962000 fffff880`0396e000   serenum  serenum.sys  Mon Jul 13 20:00:33 2009 (4A5BCAA1)
fffff880`03200000 fffff880`0321d000   serial   serial.sys   Mon Jul 13 20:00:40 2009 (4A5BCAA8)
fffff880`01dd4000 fffff880`01ddc000   spldr    spldr.sys    Mon May 11 12:56:27 2009 (4A0858BB)
fffff880`058b9000 fffff880`05951000   srv      srv.sys      Thu Apr 28 23:06:06 2011 (4DBA2B1E)
fffff880`05850000 fffff880`058b9000   srv2     srv2.sys     Thu Apr 28 23:05:46 2011 (4DBA2B0A)
fffff880`036b3000 fffff880`036e4000   srvnet   srvnet.sys   Thu Apr 28 23:05:35 2011 (4DBA2AFF)
fffff880`01cd1000 fffff880`01d35000   storport storport.sys Mon Feb 03 20:36:50 2014 (52F04432)
fffff880`01cc5000 fffff880`01cd1000   storvsc  storvsc.sys  Thu Aug 22 07:37:34 2013 (5215F7FE)
fffff880`03735000 fffff880`03736480   swenum   swenum.sys   Mon Jul 13 20:00:18 2009 (4A5BCA92)
fffff880`01e01000 fffff880`02000000   tcpip    tcpip.sys    Fri Apr 04 21:26:44 2014 (533F5BD4)
fffff880`037e8000 fffff880`037fa000   tcpipreg tcpipreg.sys Wed Oct 03 12:07:26 2012 (506C62BE)
fffff880`01a31000 fffff880`01a3e000   TDI      TDI.SYS      Sat Nov 20 04:22:06 2010 (4CE7933E)
fffff880`0597f000 fffff880`0598a000   tdtcp    tdtcp.sys    Thu Feb 16 23:57:32 2012 (4F3DDE3C)
fffff880`02011000 fffff880`02033000   tdx      tdx.sys      Sat Nov 20 04:21:54 2010 (4CE79332)
fffff880`03238000 fffff880`0324c000   termdd   termdd.sys   Sat Nov 20 06:03:40 2010 (4CE7AB0C)
fffff960`00630000 fffff960`0063a000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff880`0598a000 fffff880`05999000   tssecsrv tssecsrv.sys Sat Jun 15 00:32:15 2013 (51BBEE4F)
fffff880`03900000 fffff880`03926000   tunnel   tunnel.sys   Sat Nov 20 05:51:50 2010 (4CE7A846)
fffff880`0377a000 fffff880`0378c000   umbus    umbus.sys    Sat Nov 20 05:44:37 2010 (4CE7A695)
fffff880`010dd000 fffff880`010ea000   vdrvroot vdrvroot.sys Mon Jul 13 20:01:31 2009 (4A5BCADB)
fffff880`0218e000 fffff880`0219c000   vga      vga.sys      Mon Jul 13 19:38:47 2009 (4A5BC587)
fffff880`0219c000 fffff880`021c1000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:38:51 2009 (4A5BC58B)
fffff880`011a5000 fffff880`011bc000   vmbkmcl  vmbkmcl.sys  Thu Aug 22 07:38:58 2013 (5215F852)
fffff880`01188000 fffff880`011a5000   vmbus    vmbus.sys    Thu Aug 22 07:36:39 2013 (5215F7C7)
fffff880`0397b000 fffff880`03980500   VMBusHID VMBusHID.sys Thu Aug 22 07:37:50 2013 (5215F80E)
fffff960`00820000 fffff960`0082c000   VMBusVideoD VMBusVideoD.dll unavailable (00000000)
fffff880`039ad000 fffff880`039b8000   VMBusVideoM VMBusVideoM.sys Thu Aug 22 07:39:29 2013 (5215F871)
fffff880`039ec000 fffff880`039f6000   vmgencounter vmgencounter.sys Thu Aug 22 07:38:23 2013 (5215F82F)
fffff880`039cd000 fffff880`039d6000   vms3cap  vms3cap.sys  Thu Aug 22 07:38:37 2013 (5215F83D)
fffff880`01dc5000 fffff880`01dd4000   vmstorfl vmstorfl.sys Thu Aug 22 07:37:06 2013 (5215F7E2)
fffff880`010ff000 fffff880`01114000   volmgr   volmgr.sys   Sat Nov 20 04:19:28 2010 (4CE792A0)
fffff880`01114000 fffff880`01170000   volmgrx  volmgrx.sys  Sat Nov 20 04:20:43 2010 (4CE792EB)
fffff880`01c00000 fffff880`01c4c000   volsnap  volsnap.sys  Sat Nov 20 04:20:08 2010 (4CE792C8)
fffff880`0321d000 fffff880`03238000   wanarp   wanarp.sys   Sat Nov 20 05:52:36 2010 (4CE7A874)
fffff880`021c1000 fffff880`021d1000   watchdog watchdog.sys Mon Jul 13 19:37:35 2009 (4A5BC53F)
fffff880`0100b000 fffff880`010cd000   Wdf01000 Wdf01000.sys Fri Jun 21 23:13:05 2013 (51C51641)
fffff880`010cd000 fffff880`010dd000   WDFLDR   WDFLDR.SYS   Wed Jul 25 22:29:04 2012 (5010AB70)
fffff880`033ab000 fffff880`033b4000   wfplwf   wfplwf.sys   Mon Jul 13 20:09:26 2009 (4A5BCCB6)
fffff960`00080000 fffff960`00398000   win32k   win32k.sys   Tue Jun 17 21:07:22 2014 (53A0E64A)
fffff880`011bc000 fffff880`011d1000   winhv    winhv.sys    Thu Aug 22 07:40:00 2013 (5215F890)
fffff880`019eb000 fffff880`019f4000   WMILIB   WMILIB.SYS   Mon Jul 13 19:19:51 2009 (4A5BC117)

Unloaded modules:
fffff880`0696b000 fffff880`069dc000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00071000
fffff880`068c7000 fffff880`06938000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00071000
fffff880`02067000 fffff880`02075000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff880`02075000 fffff880`02081000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
fffff880`02081000 fffff880`0208a000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00009000
fffff880`00c00000 fffff880`00c1b000   sacdrv.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001B000
Bugcheck code 000000F4
Arguments 00000000`00000003 fffffa80`10fa0060 fffffa80`10fa0340 fffff800`01b91270
1: kd> !process fffffa8010fa0060 3
GetPointerFromAddress: unable to read from fffff80001ac3000
PROCESS fffffa8010fa0060
    SessionId: none  Cid: 20a4    Peb: 7fffffdb000  ParentCid: 7bc8
    DirBase: 1d0dfd000  ObjectTable: fffff8a00ea0ae80  HandleCount: <Data Not Accessible>
    Image: csrss.exe
    VadRoot fffffa80109b80a0 Vads 95 Clone 0 Private 451. Modified 431. Locked 0.
    DeviceMap fffff8a000006110
    Token                             fffff8a015f74060
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
    ElapsedTime                       00:00:00.000
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         134640
    QuotaPoolUsage[NonPagedPool]      11664
    Working Set Sizes (now,min,max)  (2198, 50, 345) (8792KB, 200KB, 1380KB)
    PeakWorkingSetSize                3612
    VirtualSize                       51 Mb
    PeakVirtualSize                   254 Mb
    PageFaultCount                    33077
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      616

        *** Error in reading nt!_ETHREAD @ fffffa800f34db00

[/font]
 
#3 ·
Nice post John, you've probably cracked it but I'd like to make a suggestion.

Code:
EXCEPTION_CODE: (NTSTATUS) [COLOR=Red]0xc0000005[/COLOR] - [COLOR=Red]The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.[/COLOR]
It's very unusual for a 0xF4 to be caused by an access violation which to be terminates csrss.exe.
With only minidumps it can be very hard to say what caused the crash which is why John looked in the event log for clues.

A Kernel memory dump should help a lot, not only that but this seems interesting.

Go the Start
Right click My Computer
Select Properties
Click Advanced system settings
Click on the Advanced tab
Select Settings under Startup and Recovery
Then under Write debugging information select Kernel memory dump.

Once a dump is created go to:

Code:
C:\Windows\memory.dmp
Copy the file to the desktop, zip it up and upload it to a file sharing site like Onedrive. After the upload is done post the download link in your next reply.
 
#5 ·
Thanks guys for the feedback. Sorry I didn't respond earlier. I disabled Kaspersky.

The hardware change was right after the system crashed I copied the VHD file and created a new VM. I didn't realize that the scan was from the cloned VM. Nothing else changed though. They are both the same type of hardware. The weird thing is none of my other VM's are blue screening. So that tells me the memory should be fine.

The crashes started happening around Sep 5th if that helps.

The memory dump is from the production server this time.

https://www.dropbox.com/s/pk63vgek2vdty7p/MEMORY.7z?dl=0

Thanks,

John
 
#7 ·
This is an older thread, but on the chance there is still a problem, the 1st suspect is the Power Supply. The 2nd would be heat. Both cause system file corruption and intermittent, buggy behavior.

Can you post the voltages as reported in BIOS? Does the O/S constantly want to run chkdsk? Can you post the make/model & rated power output of the PSU?
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top