Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1463
  • Last Modified:

BSOD: Need assistance to analyse dump file

Hi

Need assistance to analyse dump file. I have seen WpsHelper.sys is a virus. Anybody made this experience?

Thanks
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\euco\Downloads\BMini121709-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*c:\cache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Thu Dec 17 16:07:10.115 2009 (GMT+1)
System Uptime: 0 days 16:32:25.796
Loading Kernel Symbols
...............................................................
................................................................
..
Loading User Symbols
Loading unloaded module list
......................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {7, cd4, 87eafff4, 87eafffc}

Unable to load image WpsHelper.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for WpsHelper.sys
*** ERROR: Module load completed but symbols could not be loaded for WpsHelper.sys
*** WARNING: Unable to verify timestamp for wpsdrvnt.sys
*** ERROR: Module load completed but symbols could not be loaded for wpsdrvnt.sys
*** WARNING: Unable to verify timestamp for SYMTDI.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMTDI.SYS
Unable to load image teefer2.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for teefer2.sys
*** ERROR: Module load completed but symbols could not be loaded for teefer2.sys
Probably caused by : WpsHelper.sys ( WpsHelper+9c1 )

Followup: MachineOwner
---------

0: kd> !analyze -v; kv; r; lmnt; lmntsm; !locks; !vm; .bugcheck
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 87eafff4, Memory contents of the pool block
Arg4: 87eafffc, Address of the block of pool being deallocated

Debugging Details:
------------------


BUGCHECK_STR:  0xc2_7

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  System

LAST_CONTROL_TRANSFER:  from 8054b583 to 804f9f43

STACK_TEXT:  
a82e86c0 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
a82e8710 a81799c1 87eafffc 4d43444e 87441754 nt!ExFreePoolWithTag+0x2a3
WARNING: Stack unwind information not available. Following frames may be wrong.
a82e8728 a817beb1 87eb0002 a817bd4b 8796d97c WpsHelper+0x9c1
a82e873c a817bd7f 00000001 8796d97c a817be92 WpsHelper+0x2eb1
a82e875c a817bbf5 00000001 00000160 874413c0 WpsHelper+0x2d7f
a82e8778 a817bcfc 87441348 a817ab5c 87441348 WpsHelper+0x2bf5
a82e8794 a8179f68 00000001 a82e87ac a8179679 WpsHelper+0x2cfc
a82e87a0 a8179679 87441348 00000160 b96d1897 WpsHelper+0xf68
a82e87ac b96d1897 87441348 b96d8000 a82e8810 WpsHelper+0x679
a82e87ec 804ef19f 89ce0950 88ff74b8 88ff75b8 wpsdrvnt+0x2897
a82e8898 804ef19f 89c4f8a0 88ff74b8 89c4f8a0 nt!IopfCallDriver+0x31
a82e88a8 a8861c9e 806e6830 878a1a40 876c7ee0 nt!IopfCallDriver+0x31
a82e88c0 a8859e71 88ff74b8 00000000 00000004 netbt!TdiDisconnect+0x10a
a82e88f0 a8861cd9 89c67a60 00000000 00000004 netbt!TcpDisconnect+0x40
a82e890c a88622f3 876c7ee0 a8859f6d 88f86300 netbt!SendTcpDisconnect+0x2c
a82e8950 a8859f8c 895b0888 026c7ee0 00000000 netbt!DisconnectHndlrNotOs+0x2df
a82e8974 a8880811 895b0888 876c7ee0 00000000 netbt!TdiDisconnectHandler+0x1f
a82e89ac a88897d2 8786b2c0 88f86300 8786b2c0 SYMTDI+0x2811
a82e89c8 a8880f22 8786b2c0 00000000 00000000 SYMTDI+0xb7d2
a82e89e4 b96d2593 87903da8 876c7ee0 00000000 SYMTDI+0x2f22
a82e8a48 a89081a1 0000005e a82e8c0c c0000237 wpsdrvnt+0x3593
a82e8ad0 a88fbef5 89bd09b0 851e0a0a fa01a8c0 tcpip!TCPRcv+0x182a
a82e8b30 a88fbb19 00000020 89bd09b0 a88fe0b6 tcpip!DeliverToUser+0x18e
a82e8bac a88fb836 a893b8f0 89bd09b0 89b3d00e tcpip!DeliverToUserEx+0x95e
a82e8c64 a88fa928 89bd09b0 89b3d022 0000001a tcpip!IPRcvPacket+0x6cb
a82e8ca4 a88ff6ef 00000000 a82e8d6c 89b3d000 tcpip!ARPRcvIndicationNew+0x149
a82e8cd4 b9e18ad6 89c85008 a82e8d6c 89b3d000 tcpip!ARPRcv+0x42
a82e8d08 b95d25df 8934d8d8 a82e8d6c 89b3d000 NDIS!EthFilterDprIndicateReceive+0xe0
a82e8dac 805cff72 89b4d000 00000000 00000000 teefer2+0x25df
a82e8ddc 805460ee b95d4c70 89b4d000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
WpsHelper+9c1
a81799c1 ??              ???

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  WpsHelper+9c1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: WpsHelper

IMAGE_NAME:  WpsHelper.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49b5dbee

FAILURE_BUCKET_ID:  0xc2_7_WpsHelper+9c1

BUCKET_ID:  0xc2_7_WpsHelper+9c1

Followup: MachineOwner
---------

ChildEBP RetAddr  Args to Child              
a82e86c0 8054b583 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b (FPO: [5,0,0])
a82e8710 a81799c1 87eafffc 4d43444e 87441754 nt!ExFreePoolWithTag+0x2a3 (FPO: [2,10,4])
WARNING: Stack unwind information not available. Following frames may be wrong.
a82e8728 a817beb1 87eb0002 a817bd4b 8796d97c WpsHelper+0x9c1
a82e873c a817bd7f 00000001 8796d97c a817be92 WpsHelper+0x2eb1
a82e875c a817bbf5 00000001 00000160 874413c0 WpsHelper+0x2d7f
a82e8778 a817bcfc 87441348 a817ab5c 87441348 WpsHelper+0x2bf5
a82e8794 a8179f68 00000001 a82e87ac a8179679 WpsHelper+0x2cfc
a82e87a0 a8179679 87441348 00000160 b96d1897 WpsHelper+0xf68
a82e87ac b96d1897 87441348 b96d8000 a82e8810 WpsHelper+0x679
a82e87ec 804ef19f 89ce0950 88ff74b8 88ff75b8 wpsdrvnt+0x2897
a82e8898 804ef19f 89c4f8a0 88ff74b8 89c4f8a0 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
a82e88a8 a8861c9e 806e6830 878a1a40 876c7ee0 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
a82e88c0 a8859e71 88ff74b8 00000000 00000004 netbt!TdiDisconnect+0x10a (FPO: [6,1,0])
a82e88f0 a8861cd9 89c67a60 00000000 00000004 netbt!TcpDisconnect+0x40 (FPO: [4,4,0])
a82e890c a88622f3 876c7ee0 a8859f6d 88f86300 netbt!SendTcpDisconnect+0x2c (FPO: [1,1,0])
a82e8950 a8859f8c 895b0888 026c7ee0 00000000 netbt!DisconnectHndlrNotOs+0x2df (FPO: [7,11,4])
a82e8974 a8880811 895b0888 876c7ee0 00000000 netbt!TdiDisconnectHandler+0x1f (FPO: [7,0,0])
a82e89ac a88897d2 8786b2c0 88f86300 8786b2c0 SYMTDI+0x2811
a82e89c8 a8880f22 8786b2c0 00000000 00000000 SYMTDI+0xb7d2
a82e89e4 b96d2593 87903da8 876c7ee0 00000000 SYMTDI+0x2f22
eax=ffdff13c ebx=00000cd4 ecx=00000000 edx=00000002 esi=87eafff4 edi=87eafffc
eip=804f9f43 esp=a82e86a8 ebp=a82e86c0 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286
nt!KeBugCheckEx+0x1b:
804f9f43 5d              pop     ebp
start    end        module name
804d7000 806e4000   nt       ntkrpamp.exe Tue Aug 04 16:20:04 2009 (4A784394)
806e4000 80704d00   hal      halmacpi.dll Sun Apr 13 20:31:27 2008 (4802517F)
a7057000 a7081180   kmixer   kmixer.sys   Sun Apr 13 20:45:07 2008 (480254B3)
a72af000 a72d2180   Fastfat  Fastfat.SYS  Sun Apr 13 21:14:28 2008 (48025B94)
a74ee000 a74f1800   asyncmac asyncmac.sys Sun Apr 13 20:57:27 2008 (48025797)
a757b000 a75bbe00   HTTP     HTTP.sys     Tue Oct 20 18:20:15 2009 (4ADDE33F)
a78dc000 a78f0480   wdmaud   wdmaud.sys   Sun Apr 13 21:17:18 2008 (48025C3E)
a78f1000 a7904180   NAVENG   NAVENG.SYS   Sat Aug 22 07:31:12 2009 (4A8F82A0)
a7905000 a7a46800   NAVEX15  NAVEX15.SYS  Sat Aug 22 07:37:19 2009 (4A8F840F)
a7c77000 a7c99100   RDPWD    RDPWD.SYS    Sun Apr 13 20:38:40 2008 (48025330)
a800a000 a805b880   srv      srv.sys      Thu Dec 11 11:57:07 2008 (4940F203)
a814c000 a8178180   mrxdav   mrxdav.sys   Sun Apr 13 20:32:42 2008 (480251CA)
a8179000 a819c380   WpsHelper WpsHelper.sys Tue Mar 10 04:18:06 2009 (49B5DBEE)
a84ed000 a84fbd80   sysaudio sysaudio.sys Sun Apr 13 21:15:55 2008 (48025BEB)
a854d000 a8550900   ndisuio  ndisuio.sys  Sun Apr 13 20:55:57 2008 (4802573D)
a869d000 a86b4900   dump_atapi dump_atapi.sys Sun Apr 13 20:40:29 2008 (4802539D)
a86b5000 a86d2000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Tue Aug 18 01:05:39 2009 (4A89E243)
a86d2000 a8730000   eeCtrl   eeCtrl.sys   Tue Aug 18 01:05:39 2009 (4A89E243)
a8730000 a879f280   mrxsmb   mrxsmb.sys   Fri Oct 24 13:21:07 2008 (4901AFA3)
a87a0000 a87cae80   rdbss    rdbss.sys    Sun Apr 13 21:28:38 2008 (48025EE6)
a87cb000 a8834000   SPBBCDrv SPBBCDrv.sys Thu May 15 04:14:28 2008 (482B9C84)
a8834000 a8855d00   afd      afd.sys      Thu Aug 14 12:04:35 2008 (48A40333)
a8856000 a887dc00   netbt    netbt.sys    Sun Apr 13 21:20:59 2008 (48025D1B)
a887e000 a88ab200   SYMTDI   SYMTDI.SYS   Tue Aug 19 22:17:48 2008 (48AB2A6C)
a88d4000 a88f9500   ipnat    ipnat.sys    Sun Apr 13 20:57:10 2008 (48025786)
a88fa000 a8952480   tcpip    tcpip.sys    Fri Jun 20 13:51:09 2008 (485B99AD)
a8953000 a8965600   ipsec    ipsec.sys    Sun Apr 13 21:19:42 2008 (48025CCE)
a899a000 a89bf000   SYMEVENT SYMEVENT.SYS Tue Jan 15 00:29:24 2008 (478BF054)
a8b81000 a8bcb000   SRTSP    SRTSP.SYS    Thu Aug 14 06:51:36 2008 (48A3B9D8)
a8bef000 a8bf1900   Dxapi    Dxapi.sys    Fri Aug 17 22:53:19 2001 (3B7D843F)
a8f93000 a8fa2900   Cdfs     Cdfs.SYS     Sun Apr 13 21:14:21 2008 (48025B8D)
a8ffb000 a901ea80   portcls  portcls.sys  Sun Apr 13 21:19:40 2008 (48025CCC)
a901f000 a94b2000   RtkHDAud RtkHDAud.sys Thu Nov 01 07:38:50 2007 (4729747A)
b9572000 b95cff00   update   update.sys   Sun Apr 13 20:39:46 2008 (48025372)
b95d0000 b9606000   teefer2  teefer2.sys  Thu Jul 10 12:57:41 2008 (4875EB25)
b961e000 b9620280   rasacd   rasacd.sys   Fri Aug 17 22:55:39 2001 (3B7D84CB)
b962a000 b962cf80   mouhid   mouhid.sys   Fri Aug 17 22:47:57 2001 (3B7D82FD)
b962e000 b965de80   rdpdr    rdpdr.sys    Sun Apr 13 20:32:50 2008 (480251D2)
b96bf000 b96c7700   wanarp   wanarp.sys   Sun Apr 13 20:57:20 2008 (48025790)
b96cf000 b96dd000   wpsdrvnt wpsdrvnt.sys Fri Sep 05 00:08:24 2008 (48C05C58)
b970f000 b9718080   SRTSPX   SRTSPX.SYS   Thu Aug 14 06:53:49 2008 (48A3BA5D)
b972f000 b9738000   HIDCLASS HIDCLASS.SYS Sun Apr 13 20:45:25 2008 (480254C5)
b973f000 b974fe00   psched   psched.sys   Sun Apr 13 20:56:36 2008 (48025764)
b9750000 b9766580   ndiswan  ndiswan.sys  Sun Apr 13 21:20:41 2008 (48025D09)
b9767000 b9789700   ks       ks.sys       Sun Apr 13 21:16:34 2008 (48025C12)
b978a000 b979d900   parport  parport.sys  Sun Apr 13 20:40:09 2008 (48025389)
b979e000 b97c1200   USBPORT  USBPORT.SYS  Sun Apr 13 20:45:34 2008 (480254CE)
b97c2000 b97ea000   HDAudBus HDAudBus.sys Thu May 26 17:46:29 2005 (4295EF55)
b97ea000 b97fdf00   VIDEOPRT VIDEOPRT.SYS Sun Apr 13 20:44:39 2008 (48025497)
b97fe000 b9d92960   igxpmp32 igxpmp32.sys Tue Oct 30 17:00:34 2007 (47275522)
b9ddb000 b9df4b80   Mup      Mup.sys      Sun Apr 13 21:17:05 2008 (48025C31)
b9df5000 b9e21980   NDIS     NDIS.sys     Sun Apr 13 21:20:35 2008 (48025D03)
b9e22000 b9eae600   Ntfs     Ntfs.sys     Sun Apr 13 21:15:49 2008 (48025BE5)
b9eaf000 b9ec1f00   WudfPf   WudfPf.sys   Fri Sep 29 03:55:43 2006 (451C7D1F)
b9ec2000 b9ed8b00   KSecDD   KSecDD.sys   Wed Jun 24 13:18:40 2009 (4A420B90)
b9ed9000 b9eeaf00   sr       sr.sys       Sun Apr 13 20:36:50 2008 (480252C2)
b9eeb000 b9f0ab00   fltMgr   fltMgr.sys   Sun Apr 13 20:32:58 2008 (480251DA)
b9f0b000 b9f22900   atapi    atapi.sys    Sun Apr 13 20:40:29 2008 (4802539D)
b9f23000 b9f48700   dmio     dmio.sys     Sun Apr 13 20:44:45 2008 (4802549D)
b9f49000 b9f67880   ftdisk   ftdisk.sys   Fri Aug 17 22:52:41 2001 (3B7D8419)
b9f68000 b9f78a80   pci      pci.sys      Sun Apr 13 20:36:43 2008 (480252BB)
b9f79000 b9fa6d80   ACPI     ACPI.sys     Sun Apr 13 20:36:33 2008 (480252B1)
ba0a8000 ba0b1180   isapnp   isapnp.sys   Sun Apr 13 20:36:40 2008 (480252B8)
ba0b8000 ba0c2580   MountMgr MountMgr.sys Sun Apr 13 20:39:45 2008 (48025371)
ba0c8000 ba0d4c80   VolSnap  VolSnap.sys  Sun Apr 13 20:41:00 2008 (480253BC)
ba0d8000 ba0e0e00   disk     disk.sys     Sun Apr 13 20:40:46 2008 (480253AE)
ba0e8000 ba0f4180   CLASSPNP CLASSPNP.SYS Sun Apr 13 21:16:21 2008 (48025C05)
ba158000 ba166b00   drmk     drmk.sys     Sun Apr 13 20:45:12 2008 (480254B8)
ba1e8000 ba1f6880   usbhub   usbhub.sys   Sun Apr 13 20:45:36 2008 (480254D0)
ba228000 ba230e00   intelppm intelppm.sys Sun Apr 13 20:31:31 2008 (48025183)
ba238000 ba245000   l251x86  l251x86.sys  Fri Oct 17 08:14:52 2008 (48F82D5C)
ba248000 ba254d00   i8042prt i8042prt.sys Sun Apr 13 21:17:59 2008 (48025C67)
ba258000 ba267c00   serial   serial.sys   Sun Apr 13 21:15:44 2008 (48025BE0)
ba268000 ba272480   imapi    imapi.sys    Sun Apr 13 20:40:57 2008 (480253B9)
ba278000 ba287600   cdrom    cdrom.sys    Sun Apr 13 20:40:45 2008 (480253AD)
ba288000 ba296100   redbook  redbook.sys  Sun Apr 13 20:40:27 2008 (4802539B)
ba298000 ba2a4880   rasl2tp  rasl2tp.sys  Sun Apr 13 21:19:43 2008 (48025CCF)
ba2a8000 ba2b2200   raspppoe raspppoe.sys Sun Apr 13 20:57:31 2008 (4802579B)
ba2b8000 ba2c3d00   raspptp  raspptp.sys  Sun Apr 13 21:19:47 2008 (48025CD3)
ba2c8000 ba2d0900   msgpc    msgpc.sys    Sun Apr 13 20:56:32 2008 (48025760)
ba2d8000 ba2e1f00   termdd   termdd.sys   Sun Apr 13 20:38:36 2008 (4802532C)
ba2f8000 ba301e80   NDProxy  NDProxy.SYS  Sun Apr 13 20:57:28 2008 (48025798)
ba308000 ba310780   netbios  netbios.sys  Sun Apr 13 20:56:01 2008 (48025741)
ba318000 ba322e00   Fips     Fips.SYS     Sun Apr 13 20:33:27 2008 (480251F7)
ba328000 ba32e180   PCIIDEX  PCIIDEX.SYS  Sun Apr 13 20:40:29 2008 (4802539D)
ba330000 ba334d00   PartMgr  PartMgr.sys  Sun Apr 13 20:40:48 2008 (480253B0)
ba3a0000 ba3a5080   usbuhci  usbuhci.sys  Sun Apr 13 20:45:34 2008 (480254CE)
ba3a8000 ba3af600   usbehci  usbehci.sys  Sun Apr 13 20:45:34 2008 (480254CE)
ba3b0000 ba3b1000   fdc      fdc.sys      unavailable (00000000)
ba3b8000 ba3be000   kbdclass kbdclass.sys Sun Apr 13 20:39:46 2008 (48025372)
ba3c0000 ba3c4a80   TDI      TDI.SYS      Sun Apr 13 21:00:04 2008 (48025834)
ba3c8000 ba3cc580   ptilink  ptilink.sys  Fri Aug 17 22:49:53 2001 (3B7D8371)
ba3d0000 ba3d4080   raspti   raspti.sys   Fri Aug 17 22:55:32 2001 (3B7D84C4)
ba3d8000 ba3dda00   mouclass mouclass.sys Sun Apr 13 20:39:47 2008 (48025373)
ba3e8000 ba3ed000   flpydisk flpydisk.sys Sun Apr 13 20:40:24 2008 (48025398)
ba3f0000 ba3f6180   HIDPARSE HIDPARSE.SYS Sun Apr 13 20:45:22 2008 (480254C2)
ba3f8000 ba3fd200   SYMREDRV SYMREDRV.SYS Tue Aug 19 22:18:20 2008 (48AB2A8C)
ba400000 ba405200   vga      vga.sys      Sun Apr 13 20:44:40 2008 (48025498)
ba408000 ba40ca80   Msfs     Msfs.SYS     Sun Apr 13 20:32:38 2008 (480251C6)
ba410000 ba417880   Npfs     Npfs.SYS     Sun Apr 13 20:32:38 2008 (480251C6)
ba428000 ba42c500   watchdog watchdog.sys Sun Apr 13 20:44:59 2008 (480254AB)
ba430000 ba435500   TDTCP    TDTCP.SYS    Sun Apr 13 20:38:35 2008 (4802532B)
ba4b8000 ba4bb000   BOOTVID  BOOTVID.dll  Fri Aug 17 22:49:09 2001 (3B7D8345)
ba570000 ba572880   hidusb   hidusb.sys   Sun Apr 13 20:45:27 2008 (480254C7)
ba574000 ba577d80   serenum  serenum.sys  Sun Apr 13 20:40:12 2008 (4802538C)
ba57c000 ba57e780   ndistapi ndistapi.sys Sun Apr 13 20:57:27 2008 (48025797)
ba5a0000 ba5a3c80   mssmbios mssmbios.sys Sun Apr 13 20:36:45 2008 (480252BD)
ba5a8000 ba5a9b80   kdcom    kdcom.dll    Fri Aug 17 22:49:10 2001 (3B7D8346)
ba5aa000 ba5ab100   WMILIB   WMILIB.SYS   Fri Aug 17 23:07:23 2001 (3B7D878B)
ba5ac000 ba5ad700   dmload   dmload.sys   Fri Aug 17 22:58:15 2001 (3B7D8567)
ba5d0000 ba5d1420   ASACPI   ASACPI.sys   Fri Aug 13 04:52:52 2004 (411C2D04)
ba5d2000 ba5d3100   swenum   swenum.sys   Sun Apr 13 20:39:52 2008 (48025378)
ba5d8000 ba5d9280   USBD     USBD.SYS     Fri Aug 17 23:02:58 2001 (3B7D8682)
ba5e0000 ba5e1f00   Fs_Rec   Fs_Rec.SYS   Fri Aug 17 22:49:37 2001 (3B7D8361)
ba5e2000 ba5e3080   Beep     Beep.SYS     Fri Aug 17 22:47:33 2001 (3B7D82E5)
ba5e4000 ba5e5080   mnmdd    mnmdd.SYS    Fri Aug 17 22:57:28 2001 (3B7D8538)
ba5e6000 ba5e7080   RDPCDD   RDPCDD.sys   Fri Aug 17 22:46:56 2001 (3B7D82C0)
ba5ea000 ba5eb100   dump_WMILIB dump_WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)
ba660000 ba661a80   ParVdm   ParVdm.SYS   Fri Aug 17 22:49:49 2001 (3B7D836D)
ba670000 ba670d00   pciide   pciide.sys   Fri Aug 17 22:51:49 2001 (3B7D83E5)
ba754000 ba754d00   dxgthk   dxgthk.sys   Fri Aug 17 22:53:12 2001 (3B7D8438)
ba771000 ba771c00   audstub  audstub.sys  Fri Aug 17 22:59:40 2001 (3B7D85BC)
ba786000 ba786b80   Null     Null.SYS     Fri Aug 17 22:47:39 2001 (3B7D82EB)
bf000000 bf011600   dxg      dxg.sys      Sun Apr 13 20:38:27 2008 (48025323)
bf012000 bf024000   igxprd32 igxprd32.dll Tue Oct 30 17:00:33 2007 (47275521)
bf024000 bf04f000   igxpgd32 igxpgd32.dll Tue Oct 30 17:00:33 2007 (47275521)
bf04f000 bf1e6760   igxpdv32 igxpdv32.DLL Tue Oct 30 17:00:42 2007 (4727552A)
bf1e7000 bf47a000   igxpdx32 igxpdx32.DLL Tue Oct 30 17:00:37 2007 (47275525)
bf800000 bf9c3d00   win32k   win32k.sys   Fri Aug 14 15:21:11 2009 (4A8564C7)
bffa0000 bffe5c00   ATMFD    ATMFD.DLL    Mon Apr 14 02:09:55 2008 (4802A0D3)

Unloaded modules:
a7057000 a7082000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7057000 a7082000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7194000 a719d000   COH_Mon.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7057000 a7082000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7144000 a714d000   COH_Mon.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7057000 a7082000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7284000 a72af000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a72d3000 a72fe000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a8215000 a821e000   COH_Mon.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7550000 a757b000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a788e000 a78b9000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba6e8000 ba6e9000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a78b9000 a78dc000   aec.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7b0f000 a7b1c000   DMusic.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7ab7000 a7ac5000   swmidi.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba66e000 ba670000   splitter.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a78f1000 a7905000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7905000 a7a47000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a8986000 a899a000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a89bf000 a8b01000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba3f8000 ba3fd000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba568000 ba56b000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
start    end        module name
b9f79000 b9fa6d80   ACPI     ACPI.sys     Sun Apr 13 20:36:33 2008 (480252B1)
a8834000 a8855d00   afd      afd.sys      Thu Aug 14 12:04:35 2008 (48A40333)
ba5d0000 ba5d1420   ASACPI   ASACPI.sys   Fri Aug 13 04:52:52 2004 (411C2D04)
a74ee000 a74f1800   asyncmac asyncmac.sys Sun Apr 13 20:57:27 2008 (48025797)
b9f0b000 b9f22900   atapi    atapi.sys    Sun Apr 13 20:40:29 2008 (4802539D)
bffa0000 bffe5c00   ATMFD    ATMFD.DLL    Mon Apr 14 02:09:55 2008 (4802A0D3)
ba771000 ba771c00   audstub  audstub.sys  Fri Aug 17 22:59:40 2001 (3B7D85BC)
ba5e2000 ba5e3080   Beep     Beep.SYS     Fri Aug 17 22:47:33 2001 (3B7D82E5)
ba4b8000 ba4bb000   BOOTVID  BOOTVID.dll  Fri Aug 17 22:49:09 2001 (3B7D8345)
a8f93000 a8fa2900   Cdfs     Cdfs.SYS     Sun Apr 13 21:14:21 2008 (48025B8D)
ba278000 ba287600   cdrom    cdrom.sys    Sun Apr 13 20:40:45 2008 (480253AD)
ba0e8000 ba0f4180   CLASSPNP CLASSPNP.SYS Sun Apr 13 21:16:21 2008 (48025C05)
ba0d8000 ba0e0e00   disk     disk.sys     Sun Apr 13 20:40:46 2008 (480253AE)
b9f23000 b9f48700   dmio     dmio.sys     Sun Apr 13 20:44:45 2008 (4802549D)
ba5ac000 ba5ad700   dmload   dmload.sys   Fri Aug 17 22:58:15 2001 (3B7D8567)
ba158000 ba166b00   drmk     drmk.sys     Sun Apr 13 20:45:12 2008 (480254B8)
a869d000 a86b4900   dump_atapi dump_atapi.sys Sun Apr 13 20:40:29 2008 (4802539D)
ba5ea000 ba5eb100   dump_WMILIB dump_WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)
a8bef000 a8bf1900   Dxapi    Dxapi.sys    Fri Aug 17 22:53:19 2001 (3B7D843F)
bf000000 bf011600   dxg      dxg.sys      Sun Apr 13 20:38:27 2008 (48025323)
ba754000 ba754d00   dxgthk   dxgthk.sys   Fri Aug 17 22:53:12 2001 (3B7D8438)
a86d2000 a8730000   eeCtrl   eeCtrl.sys   Tue Aug 18 01:05:39 2009 (4A89E243)
a86b5000 a86d2000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Tue Aug 18 01:05:39 2009 (4A89E243)
a72af000 a72d2180   Fastfat  Fastfat.SYS  Sun Apr 13 21:14:28 2008 (48025B94)
ba3b0000 ba3b1000   fdc      fdc.sys      unavailable (00000000)
ba318000 ba322e00   Fips     Fips.SYS     Sun Apr 13 20:33:27 2008 (480251F7)
ba3e8000 ba3ed000   flpydisk flpydisk.sys Sun Apr 13 20:40:24 2008 (48025398)
b9eeb000 b9f0ab00   fltMgr   fltMgr.sys   Sun Apr 13 20:32:58 2008 (480251DA)
ba5e0000 ba5e1f00   Fs_Rec   Fs_Rec.SYS   Fri Aug 17 22:49:37 2001 (3B7D8361)
b9f49000 b9f67880   ftdisk   ftdisk.sys   Fri Aug 17 22:52:41 2001 (3B7D8419)
806e4000 80704d00   hal      halmacpi.dll Sun Apr 13 20:31:27 2008 (4802517F)
b97c2000 b97ea000   HDAudBus HDAudBus.sys Thu May 26 17:46:29 2005 (4295EF55)
b972f000 b9738000   HIDCLASS HIDCLASS.SYS Sun Apr 13 20:45:25 2008 (480254C5)
ba3f0000 ba3f6180   HIDPARSE HIDPARSE.SYS Sun Apr 13 20:45:22 2008 (480254C2)
ba570000 ba572880   hidusb   hidusb.sys   Sun Apr 13 20:45:27 2008 (480254C7)
a757b000 a75bbe00   HTTP     HTTP.sys     Tue Oct 20 18:20:15 2009 (4ADDE33F)
ba248000 ba254d00   i8042prt i8042prt.sys Sun Apr 13 21:17:59 2008 (48025C67)
bf04f000 bf1e6760   igxpdv32 igxpdv32.DLL Tue Oct 30 17:00:42 2007 (4727552A)
bf1e7000 bf47a000   igxpdx32 igxpdx32.DLL Tue Oct 30 17:00:37 2007 (47275525)
bf024000 bf04f000   igxpgd32 igxpgd32.dll Tue Oct 30 17:00:33 2007 (47275521)
b97fe000 b9d92960   igxpmp32 igxpmp32.sys Tue Oct 30 17:00:34 2007 (47275522)
bf012000 bf024000   igxprd32 igxprd32.dll Tue Oct 30 17:00:33 2007 (47275521)
ba268000 ba272480   imapi    imapi.sys    Sun Apr 13 20:40:57 2008 (480253B9)
ba228000 ba230e00   intelppm intelppm.sys Sun Apr 13 20:31:31 2008 (48025183)
a88d4000 a88f9500   ipnat    ipnat.sys    Sun Apr 13 20:57:10 2008 (48025786)
a8953000 a8965600   ipsec    ipsec.sys    Sun Apr 13 21:19:42 2008 (48025CCE)
ba0a8000 ba0b1180   isapnp   isapnp.sys   Sun Apr 13 20:36:40 2008 (480252B8)
ba3b8000 ba3be000   kbdclass kbdclass.sys Sun Apr 13 20:39:46 2008 (48025372)
ba5a8000 ba5a9b80   kdcom    kdcom.dll    Fri Aug 17 22:49:10 2001 (3B7D8346)
a7057000 a7081180   kmixer   kmixer.sys   Sun Apr 13 20:45:07 2008 (480254B3)
b9767000 b9789700   ks       ks.sys       Sun Apr 13 21:16:34 2008 (48025C12)
b9ec2000 b9ed8b00   KSecDD   KSecDD.sys   Wed Jun 24 13:18:40 2009 (4A420B90)
ba238000 ba245000   l251x86  l251x86.sys  Fri Oct 17 08:14:52 2008 (48F82D5C)
ba5e4000 ba5e5080   mnmdd    mnmdd.SYS    Fri Aug 17 22:57:28 2001 (3B7D8538)
ba3d8000 ba3dda00   mouclass mouclass.sys Sun Apr 13 20:39:47 2008 (48025373)
b962a000 b962cf80   mouhid   mouhid.sys   Fri Aug 17 22:47:57 2001 (3B7D82FD)
ba0b8000 ba0c2580   MountMgr MountMgr.sys Sun Apr 13 20:39:45 2008 (48025371)
a814c000 a8178180   mrxdav   mrxdav.sys   Sun Apr 13 20:32:42 2008 (480251CA)
a8730000 a879f280   mrxsmb   mrxsmb.sys   Fri Oct 24 13:21:07 2008 (4901AFA3)
ba408000 ba40ca80   Msfs     Msfs.SYS     Sun Apr 13 20:32:38 2008 (480251C6)
ba2c8000 ba2d0900   msgpc    msgpc.sys    Sun Apr 13 20:56:32 2008 (48025760)
ba5a0000 ba5a3c80   mssmbios mssmbios.sys Sun Apr 13 20:36:45 2008 (480252BD)
b9ddb000 b9df4b80   Mup      Mup.sys      Sun Apr 13 21:17:05 2008 (48025C31)
a78f1000 a7904180   NAVENG   NAVENG.SYS   Sat Aug 22 07:31:12 2009 (4A8F82A0)
a7905000 a7a46800   NAVEX15  NAVEX15.SYS  Sat Aug 22 07:37:19 2009 (4A8F840F)
b9df5000 b9e21980   NDIS     NDIS.sys     Sun Apr 13 21:20:35 2008 (48025D03)
ba57c000 ba57e780   ndistapi ndistapi.sys Sun Apr 13 20:57:27 2008 (48025797)
a854d000 a8550900   ndisuio  ndisuio.sys  Sun Apr 13 20:55:57 2008 (4802573D)
b9750000 b9766580   ndiswan  ndiswan.sys  Sun Apr 13 21:20:41 2008 (48025D09)
ba2f8000 ba301e80   NDProxy  NDProxy.SYS  Sun Apr 13 20:57:28 2008 (48025798)
ba308000 ba310780   netbios  netbios.sys  Sun Apr 13 20:56:01 2008 (48025741)
a8856000 a887dc00   netbt    netbt.sys    Sun Apr 13 21:20:59 2008 (48025D1B)
ba410000 ba417880   Npfs     Npfs.SYS     Sun Apr 13 20:32:38 2008 (480251C6)
804d7000 806e4000   nt       ntkrpamp.exe Tue Aug 04 16:20:04 2009 (4A784394)
b9e22000 b9eae600   Ntfs     Ntfs.sys     Sun Apr 13 21:15:49 2008 (48025BE5)
ba786000 ba786b80   Null     Null.SYS     Fri Aug 17 22:47:39 2001 (3B7D82EB)
b978a000 b979d900   parport  parport.sys  Sun Apr 13 20:40:09 2008 (48025389)
ba330000 ba334d00   PartMgr  PartMgr.sys  Sun Apr 13 20:40:48 2008 (480253B0)
ba660000 ba661a80   ParVdm   ParVdm.SYS   Fri Aug 17 22:49:49 2001 (3B7D836D)
b9f68000 b9f78a80   pci      pci.sys      Sun Apr 13 20:36:43 2008 (480252BB)
ba670000 ba670d00   pciide   pciide.sys   Fri Aug 17 22:51:49 2001 (3B7D83E5)
ba328000 ba32e180   PCIIDEX  PCIIDEX.SYS  Sun Apr 13 20:40:29 2008 (4802539D)
a8ffb000 a901ea80   portcls  portcls.sys  Sun Apr 13 21:19:40 2008 (48025CCC)
b973f000 b974fe00   psched   psched.sys   Sun Apr 13 20:56:36 2008 (48025764)
ba3c8000 ba3cc580   ptilink  ptilink.sys  Fri Aug 17 22:49:53 2001 (3B7D8371)
b961e000 b9620280   rasacd   rasacd.sys   Fri Aug 17 22:55:39 2001 (3B7D84CB)
ba298000 ba2a4880   rasl2tp  rasl2tp.sys  Sun Apr 13 21:19:43 2008 (48025CCF)
ba2a8000 ba2b2200   raspppoe raspppoe.sys Sun Apr 13 20:57:31 2008 (4802579B)
ba2b8000 ba2c3d00   raspptp  raspptp.sys  Sun Apr 13 21:19:47 2008 (48025CD3)
ba3d0000 ba3d4080   raspti   raspti.sys   Fri Aug 17 22:55:32 2001 (3B7D84C4)
a87a0000 a87cae80   rdbss    rdbss.sys    Sun Apr 13 21:28:38 2008 (48025EE6)
ba5e6000 ba5e7080   RDPCDD   RDPCDD.sys   Fri Aug 17 22:46:56 2001 (3B7D82C0)
b962e000 b965de80   rdpdr    rdpdr.sys    Sun Apr 13 20:32:50 2008 (480251D2)
a7c77000 a7c99100   RDPWD    RDPWD.SYS    Sun Apr 13 20:38:40 2008 (48025330)
ba288000 ba296100   redbook  redbook.sys  Sun Apr 13 20:40:27 2008 (4802539B)
a901f000 a94b2000   RtkHDAud RtkHDAud.sys Thu Nov 01 07:38:50 2007 (4729747A)
ba574000 ba577d80   serenum  serenum.sys  Sun Apr 13 20:40:12 2008 (4802538C)
ba258000 ba267c00   serial   serial.sys   Sun Apr 13 21:15:44 2008 (48025BE0)
a87cb000 a8834000   SPBBCDrv SPBBCDrv.sys Thu May 15 04:14:28 2008 (482B9C84)
b9ed9000 b9eeaf00   sr       sr.sys       Sun Apr 13 20:36:50 2008 (480252C2)
a8b81000 a8bcb000   SRTSP    SRTSP.SYS    Thu Aug 14 06:51:36 2008 (48A3B9D8)
b970f000 b9718080   SRTSPX   SRTSPX.SYS   Thu Aug 14 06:53:49 2008 (48A3BA5D)
a800a000 a805b880   srv      srv.sys      Thu Dec 11 11:57:07 2008 (4940F203)
ba5d2000 ba5d3100   swenum   swenum.sys   Sun Apr 13 20:39:52 2008 (48025378)
a899a000 a89bf000   SYMEVENT SYMEVENT.SYS Tue Jan 15 00:29:24 2008 (478BF054)
ba3f8000 ba3fd200   SYMREDRV SYMREDRV.SYS Tue Aug 19 22:18:20 2008 (48AB2A8C)
a887e000 a88ab200   SYMTDI   SYMTDI.SYS   Tue Aug 19 22:17:48 2008 (48AB2A6C)
a84ed000 a84fbd80   sysaudio sysaudio.sys Sun Apr 13 21:15:55 2008 (48025BEB)
a88fa000 a8952480   tcpip    tcpip.sys    Fri Jun 20 13:51:09 2008 (485B99AD)
ba3c0000 ba3c4a80   TDI      TDI.SYS      Sun Apr 13 21:00:04 2008 (48025834)
ba430000 ba435500   TDTCP    TDTCP.SYS    Sun Apr 13 20:38:35 2008 (4802532B)
b95d0000 b9606000   teefer2  teefer2.sys  Thu Jul 10 12:57:41 2008 (4875EB25)
ba2d8000 ba2e1f00   termdd   termdd.sys   Sun Apr 13 20:38:36 2008 (4802532C)
b9572000 b95cff00   update   update.sys   Sun Apr 13 20:39:46 2008 (48025372)
ba5d8000 ba5d9280   USBD     USBD.SYS     Fri Aug 17 23:02:58 2001 (3B7D8682)
ba3a8000 ba3af600   usbehci  usbehci.sys  Sun Apr 13 20:45:34 2008 (480254CE)
ba1e8000 ba1f6880   usbhub   usbhub.sys   Sun Apr 13 20:45:36 2008 (480254D0)
b979e000 b97c1200   USBPORT  USBPORT.SYS  Sun Apr 13 20:45:34 2008 (480254CE)
ba3a0000 ba3a5080   usbuhci  usbuhci.sys  Sun Apr 13 20:45:34 2008 (480254CE)
ba400000 ba405200   vga      vga.sys      Sun Apr 13 20:44:40 2008 (48025498)
b97ea000 b97fdf00   VIDEOPRT VIDEOPRT.SYS Sun Apr 13 20:44:39 2008 (48025497)
ba0c8000 ba0d4c80   VolSnap  VolSnap.sys  Sun Apr 13 20:41:00 2008 (480253BC)
b96bf000 b96c7700   wanarp   wanarp.sys   Sun Apr 13 20:57:20 2008 (48025790)
ba428000 ba42c500   watchdog watchdog.sys Sun Apr 13 20:44:59 2008 (480254AB)
a78dc000 a78f0480   wdmaud   wdmaud.sys   Sun Apr 13 21:17:18 2008 (48025C3E)
bf800000 bf9c3d00   win32k   win32k.sys   Fri Aug 14 15:21:11 2009 (4A8564C7)
ba5aa000 ba5ab100   WMILIB   WMILIB.SYS   Fri Aug 17 23:07:23 2001 (3B7D878B)
b96cf000 b96dd000   wpsdrvnt wpsdrvnt.sys Fri Sep 05 00:08:24 2008 (48C05C58)
a8179000 a819c380   WpsHelper WpsHelper.sys Tue Mar 10 04:18:06 2009 (49B5DBEE)
b9eaf000 b9ec1f00   WudfPf   WudfPf.sys   Fri Sep 29 03:55:43 2006 (451C7D1F)

Unloaded modules:
a7057000 a7082000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7057000 a7082000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7194000 a719d000   COH_Mon.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7057000 a7082000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7144000 a714d000   COH_Mon.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7057000 a7082000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7284000 a72af000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a72d3000 a72fe000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a8215000 a821e000   COH_Mon.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7550000 a757b000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a788e000 a78b9000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba6e8000 ba6e9000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a78b9000 a78dc000   aec.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7b0f000 a7b1c000   DMusic.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7ab7000 a7ac5000   swmidi.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba66e000 ba670000   splitter.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a78f1000 a7905000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7905000 a7a47000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a8986000 a899a000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a89bf000 a8b01000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba3f8000 ba3fd000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba568000 ba56b000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
**** DUMP OF ALL RESOURCE OBJECTS ****
80565d70: Unable to get value of ExpSystemResourcesList

*** Virtual Memory Usage ***
GetUlongFromAddress: unable to read from 80562128
	Physical Memory:           0 (         0 Kb)
GetUlongFromAddress: unable to read from 80561c60

************ NO PAGING FILE *********************

80561b80: Unable to get paged pool info
GetUlongPtrFromAddress: unable to read from 80551990
GetUlongPtrFromAddress: unable to read from 80561f4c
GetPointerFromAddress: unable to read from 80561c24
GetPointerFromAddress: unable to read from 80555c48
GetUlongFromAddress: unable to read from 8055d7a0
GetPointerFromAddress: unable to read from 8055d714
GetUlongFromAddress: unable to read from 8055d4f4
GetUlongFromAddress: unable to read from 80551918
GetUlongFromAddress: unable to read from 80551928
GetUlongFromAddress: unable to read from 8056211c
GetUlongFromAddress: unable to read from 805620dc
GetUlongFromAddress: unable to read from 8055d350
GetUlongFromAddress: unable to read from 8055d1a0
GetUlongFromAddress: unable to read from 8055d19c
GetUlongFromAddress: unable to read from 8055d1a4
GetUlongFromAddress: unable to read from 8055d1a0
GetUlongFromAddress: unable to read from 8055d19c
GetUlongFromAddress: unable to read from 8055d3fc
GetUlongPtrFromAddress: unable to read from 80554280
GetUlongPtrFromAddress: unable to read from 80555cc0
GetUlongFromAddress: unable to read from 8055d3b8
GetUlongFromAddress: unable to read from 8055d3a0
	Error reading free nonpaged PTEs 8055d354
GetUlongFromAddress: unable to read from 8055d3b0
	Available Pages:           0 (         0 Kb)
	ResAvail Pages:            0 (         0 Kb)

	********** Running out of physical memory **********

	Locked IO Pages:           0 (         0 Kb)
	Free System PTEs:          0 (         0 Kb)

	********** Running out of system PTEs **************

GetUlongFromAddress: unable to read from 8055d338
GetUlongFromAddress: unable to read from 8055d550
	Free NP PTEs:              0 (         0 Kb)
	Free Special NP:           0 (         0 Kb)
	Modified Pages:            0 (         0 Kb)
	Modified PF Pages:         0 (         0 Kb)
80564d20: Unable to get pool descriptor
GetUlongFromAddress: unable to read from 805522b8
	NonPagedPool Usage:        0 (         0 Kb)
	NonPagedPool Max:          0 (         0 Kb)
GetUlongFromAddress: unable to read from 805522b4
	PagedPool Usage:           0 (         0 Kb)
	PagedPool Maximum:         0 (         0 Kb)
GetUlongFromAddress: unable to read from 80565d48
Unable to read _LIST_ENTRY @ 80561b58
	Session Commit:            0 (         0 Kb)
	Shared Commit:             0 (         0 Kb)
	Special Pool:              0 (         0 Kb)
	Shared Process:            0 (         0 Kb)
	PagedPool Commit:          0 (         0 Kb)
	Driver Commit:             0 (         0 Kb)
	Committed pages:      132497 (    529988 Kb)
	Commit limit:              0 (         0 Kb)

	********** Number of committed pages is near limit ********
GetUlongFromAddress: unable to read from 8055d418
GetUlongFromAddress: unable to read from 8055d41c

Unable to read/NULL value _LIST_ENTRY @ 805638b8

ProcessCommitUsage could not be calculated
Bugcheck code 000000C2
Arguments 00000007 00000cd4 87eafff4 87eafffc

Open in new window

0
*** Hopeleonie ***
Asked:
*** Hopeleonie ***
  • 5
  • 2
  • 2
  • +2
4 Solutions
 
*** Hopeleonie ***IT ManagerAuthor Commented:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\euco\Downloads\CMini121609-05.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*c:\cache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Wed Dec 16 23:34:03.098 2009 (GMT+1)
System Uptime: 0 days 0:04:59.296
Loading Kernel Symbols
...............................................................
................................................................
.
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {20, 87edfff4, 87ee08fc, e921e7f8}

Unable to load image WpsHelper.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for WpsHelper.sys
*** ERROR: Module load completed but symbols could not be loaded for WpsHelper.sys
*** WARNING: Unable to verify timestamp for wpsdrvnt.sys
*** ERROR: Module load completed but symbols could not be loaded for wpsdrvnt.sys
Probably caused by : WpsHelper.sys ( WpsHelper+9c1 )

Followup: MachineOwner
---------

1: kd> !analyze -v; kv; r; lmnt; lmntsm; !locks; !vm; .bugcheck
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 87edfff4, The pool entry we were looking for within the page.
Arg3: 87ee08fc, The next pool entry.
Arg4: e921e7f8, (reserved)

Debugging Details:
------------------


BUGCHECK_STR:  0x19_20

POOL_ADDRESS:  87edfff4 

CUSTOMER_CRASH_COUNT:  5

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

PROCESS_NAME:  System

LAST_CONTROL_TRANSFER:  from 8054b583 to 804f9f43

STACK_TEXT:  
a7a45874 8054b583 00000019 00000020 87edfff4 nt!KeBugCheckEx+0x1b
a7a458c4 a7d599c1 87edfffc 4d43444e 88fe57cc nt!ExFreePoolWithTag+0x2a3
WARNING: Stack unwind information not available. Following frames may be wrong.
a7a458dc a7d5beb1 87ee0002 a7d5bd4b 8903da74 WpsHelper+0x9c1
a7a458f0 a7d5bd7f 00000001 8903da74 a7d5be92 WpsHelper+0x2eb1
a7a45910 a7d5bbf5 00000001 0000023b 88fe5438 WpsHelper+0x2d7f
a7a4592c a7d5bcfc 88fe53c0 a7d5ab5c 88fe53c0 WpsHelper+0x2bf5
a7a45948 a7d59f68 00000001 a7a45960 a7d59679 WpsHelper+0x2cfc
a7a45954 a7d59679 88fe53c0 0000023b b96c1897 WpsHelper+0xf68
a7a45960 b96c1897 88fe53c0 b96c8000 a7a459c4 WpsHelper+0x679
a7a459a0 804ef19f 89c58e78 88069008 88069108 wpsdrvnt+0x2897
a7a45a4c 804ef19f 89c53020 88069008 88069008 nt!IopfCallDriver+0x31
a7a45a5c a84f2215 89bd5028 89c53020 00040000 nt!IopfCallDriver+0x31
a7a45a7c a84d9f26 89bd5028 88069008 a84f198c netbt!SubmitTdiRequest+0x45
a7a45a9c a84d9e71 88069008 a84f1780 00000004 netbt!TdiDisconnect+0xc5
a7a45acc a84d9a0e 88078c80 a84f1780 00000004 netbt!TcpDisconnect+0x40
a7a45aec a84d996d 88dc63c8 88078c80 00000004 netbt!DisconnectLower+0x42
a7a45b2c a84d99a5 00a45b54 a84f1780 00000004 netbt!NbtDisconnect+0x339
a7a45b7c a84f23fd a7a45b88 89d3d6e8 89cc4878 netbt!NbtDisassociateAddress+0x71
a7a45b98 a84d8887 89cc4878 891c6b98 00000000 netbt!NTDisAssociateAddress+0x3c
a7a45bb4 804ef19f e0cc4878 891c6c74 a7a45bd8 netbt!NbtDispatchInternalCtrl+0x96
a7a45bc4 a842186b 89d4355c 891c6b98 00000000 nt!IopfCallDriver+0x31
a7a45bec a84234d7 89cc4878 891c6b98 00000000 rdbss!RxCeSubmitTdiRequest+0x4b
a7a45c0c a8433dad 89d4355c 89d43584 89004e7c rdbss!RxTdiDisconnect+0x61
a7a45c60 a83dfe2a 89004eb0 00000000 89e32a00 rdbss!RxCeTearDownVC+0xac
a7a45c78 a83dfeae 89004e60 89e32a00 89004e60 mrxsmb!VctUninitialize+0x1b
a7a45c8c a83b51eb 89004e60 87f6c9f8 87f6c980 mrxsmb!VctTearDownServerTransport+0x13
a7a45ca4 a83b518a 87f6c9f8 00000000 89e32a00 mrxsmb!SmbCepDereferenceServerTransport+0x78
a7a45cc0 a83b50bf 87f6c980 00000000 89e32a00 mrxsmb!SmbCepTearDownServerTransport+0xcb
a7a45ce8 a83dfcb7 87f6c980 00000000 00000000 mrxsmb!SmbCeUninitializeServerTransport+0xf6
a7a45d00 a83b5080 87f6c980 0000035d 87f6c980 mrxsmb!SmbCeTearDownServerEntry+0x7e
a7a45d18 a83dcaf6 01000000 00000000 88fe3008 mrxsmb!SmbCepDereferenceServerEntry+0x102
a7a45d34 a83dcbfe 89046538 89bbc360 88fe3008 mrxsmb!SmbCeDiscardAdminExchange+0x152
a7a45d4c a83b5487 88fe3008 a8429fc0 a7a45d6c mrxsmb!SmbCeCompleteAdminExchange+0xfc
a7a45d5c a83dd279 88fe3008 a7a45d77 a7a45d9c mrxsmb!SmbAdminExchangeFinalize+0x3e
a7a45d6c a84204b1 00fe3008 00000000 88d7d978 mrxsmb!SmbCeFinalizeExchangeWorkerThreadRoutine+0x13
a7a45d9c a842a957 00429fc0 a842a240 a7a45ddc rdbss!RxpWorkerThreadDispatcher+0x93
a7a45dac 805cff72 a8429fc0 00000000 00000000 rdbss!RxWorkerThreadDispatcher+0x1a
a7a45ddc 805460ee a842a93d a8429fc0 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
WpsHelper+9c1
a7d599c1 ??              ???

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  WpsHelper+9c1

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: WpsHelper

IMAGE_NAME:  WpsHelper.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49b5dbee

FAILURE_BUCKET_ID:  0x19_20_WpsHelper+9c1

BUCKET_ID:  0x19_20_WpsHelper+9c1

Followup: MachineOwner
---------

ChildEBP RetAddr  Args to Child              
a7a45874 8054b583 00000019 00000020 87edfff4 nt!KeBugCheckEx+0x1b (FPO: [5,0,0])
a7a458c4 a7d599c1 87edfffc 4d43444e 88fe57cc nt!ExFreePoolWithTag+0x2a3 (FPO: [2,10,4])
WARNING: Stack unwind information not available. Following frames may be wrong.
a7a458dc a7d5beb1 87ee0002 a7d5bd4b 8903da74 WpsHelper+0x9c1
a7a458f0 a7d5bd7f 00000001 8903da74 a7d5be92 WpsHelper+0x2eb1
a7a45910 a7d5bbf5 00000001 0000023b 88fe5438 WpsHelper+0x2d7f
a7a4592c a7d5bcfc 88fe53c0 a7d5ab5c 88fe53c0 WpsHelper+0x2bf5
a7a45948 a7d59f68 00000001 a7a45960 a7d59679 WpsHelper+0x2cfc
a7a45954 a7d59679 88fe53c0 0000023b b96c1897 WpsHelper+0xf68
a7a45960 b96c1897 88fe53c0 b96c8000 a7a459c4 WpsHelper+0x679
a7a459a0 804ef19f 89c58e78 88069008 88069108 wpsdrvnt+0x2897
a7a45a4c 804ef19f 89c53020 88069008 88069008 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
a7a45a5c a84f2215 89bd5028 89c53020 00040000 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
a7a45a7c a84d9f26 89bd5028 88069008 a84f198c netbt!SubmitTdiRequest+0x45 (FPO: [2,4,0])
a7a45a9c a84d9e71 88069008 a84f1780 00000004 netbt!TdiDisconnect+0xc5 (FPO: [6,1,0])
a7a45acc a84d9a0e 88078c80 a84f1780 00000004 netbt!TcpDisconnect+0x40 (FPO: [4,4,0])
a7a45aec a84d996d 88dc63c8 88078c80 00000004 netbt!DisconnectLower+0x42 (FPO: [5,0,0])
a7a45b2c a84d99a5 00a45b54 a84f1780 00000004 netbt!NbtDisconnect+0x339 (FPO: [6,6,4])
a7a45b7c a84f23fd a7a45b88 89d3d6e8 89cc4878 netbt!NbtDisassociateAddress+0x71 (FPO: [1,10,0])
a7a45b98 a84d8887 89cc4878 891c6b98 00000000 netbt!NTDisAssociateAddress+0x3c (FPO: [2,4,0])
a7a45bb4 804ef19f e0cc4878 891c6c74 a7a45bd8 netbt!NbtDispatchInternalCtrl+0x96 (FPO: [2,0,0])
eax=ba33813c ebx=87edfff4 ecx=00000000 edx=00000000 esi=87edfff4 edi=87edfffc
eip=804f9f43 esp=a7a4585c ebp=a7a45874 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286
nt!KeBugCheckEx+0x1b:
804f9f43 5d              pop     ebp
start    end        module name
804d7000 806e4000   nt       ntkrpamp.exe Tue Aug 04 16:20:04 2009 (4A784394)
806e4000 80704d00   hal      halmacpi.dll Sun Apr 13 20:31:27 2008 (4802517F)
a7191000 a7194800   asyncmac asyncmac.sys Sun Apr 13 20:57:27 2008 (48025797)
a7355000 a7395e00   HTTP     HTTP.sys     Tue Oct 20 18:20:15 2009 (4ADDE33F)
a75c6000 a75e8100   RDPWD    RDPWD.SYS    Sun Apr 13 20:38:40 2008 (48025330)
a75e9000 a760c180   Fastfat  Fastfat.SYS  Sun Apr 13 21:14:28 2008 (48025B94)
a788d000 a78a1480   wdmaud   wdmaud.sys   Sun Apr 13 21:17:18 2008 (48025C3E)
a7a82000 a7a90d80   sysaudio sysaudio.sys Sun Apr 13 21:15:55 2008 (48025BEB)
a7c8a000 a7cdb880   srv      srv.sys      Thu Dec 11 11:57:07 2008 (4940F203)
a7d2c000 a7d58180   mrxdav   mrxdav.sys   Sun Apr 13 20:32:42 2008 (480251CA)
a7d59000 a7d7c380   WpsHelper WpsHelper.sys Tue Mar 10 04:18:06 2009 (49B5DBEE)
a81e9000 a81ec900   ndisuio  ndisuio.sys  Sun Apr 13 20:55:57 2008 (4802573D)
a831d000 a8334900   dump_atapi dump_atapi.sys Sun Apr 13 20:40:29 2008 (4802539D)
a8335000 a8352000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Tue Aug 18 01:05:39 2009 (4A89E243)
a8352000 a83b0000   eeCtrl   eeCtrl.sys   Tue Aug 18 01:05:39 2009 (4A89E243)
a83b0000 a841f280   mrxsmb   mrxsmb.sys   Fri Oct 24 13:21:07 2008 (4901AFA3)
a8420000 a844ae80   rdbss    rdbss.sys    Sun Apr 13 21:28:38 2008 (48025EE6)
a844b000 a84b4000   SPBBCDrv SPBBCDrv.sys Thu May 15 04:14:28 2008 (482B9C84)
a84b4000 a84d5d00   afd      afd.sys      Thu Aug 14 12:04:35 2008 (48A40333)
a84d6000 a84fdc00   netbt    netbt.sys    Sun Apr 13 21:20:59 2008 (48025D1B)
a84fe000 a852b200   SYMTDI   SYMTDI.SYS   Tue Aug 19 22:17:48 2008 (48AB2A6C)
a8554000 a8579500   ipnat    ipnat.sys    Sun Apr 13 20:57:10 2008 (48025786)
a857a000 a85d2480   tcpip    tcpip.sys    Fri Jun 20 13:51:09 2008 (485B99AD)
a85d3000 a85e5600   ipsec    ipsec.sys    Sun Apr 13 21:19:42 2008 (48025CCE)
a8606000 a8619180   NAVENG   NAVENG.SYS   Sat Aug 22 07:31:12 2009 (4A8F82A0)
a861a000 a863f000   SYMEVENT SYMEVENT.SYS Tue Jan 15 00:29:24 2008 (478BF054)
a863f000 a8780800   NAVEX15  NAVEX15.SYS  Sat Aug 22 07:37:19 2009 (4A8F840F)
a8781000 a87cb000   SRTSP    SRTSP.SYS    Thu Aug 14 06:51:36 2008 (48A3B9D8)
a8f73000 a8f82900   Cdfs     Cdfs.SYS     Sun Apr 13 21:14:21 2008 (48025B8D)
a8fc3000 a8fcde00   Fips     Fips.SYS     Sun Apr 13 20:33:27 2008 (480251F7)
a8fd3000 a8fd5900   Dxapi    Dxapi.sys    Fri Aug 17 22:53:19 2001 (3B7D843F)
a8ffb000 a901ea80   portcls  portcls.sys  Sun Apr 13 21:19:40 2008 (48025CCC)
a901f000 a94b2000   RtkHDAud RtkHDAud.sys Thu Nov 01 07:38:50 2007 (4729747A)
b9572000 b95cff00   update   update.sys   Sun Apr 13 20:39:46 2008 (48025372)
b95d0000 b9606000   teefer2  teefer2.sys  Thu Jul 10 12:57:41 2008 (4875EB25)
b9657000 b9659280   rasacd   rasacd.sys   Fri Aug 17 22:55:39 2001 (3B7D84CB)
b965f000 b9661f80   mouhid   mouhid.sys   Fri Aug 17 22:47:57 2001 (3B7D82FD)
b9663000 b9665880   hidusb   hidusb.sys   Sun Apr 13 20:45:27 2008 (480254C7)
b966f000 b969ee80   rdpdr    rdpdr.sys    Sun Apr 13 20:32:50 2008 (480251D2)
b96af000 b96b7700   wanarp   wanarp.sys   Sun Apr 13 20:57:20 2008 (48025790)
b96bf000 b96cd000   wpsdrvnt wpsdrvnt.sys Fri Sep 05 00:08:24 2008 (48C05C58)
b970f000 b9718080   SRTSPX   SRTSPX.SYS   Thu Aug 14 06:53:49 2008 (48A3BA5D)
b972f000 b9738000   HIDCLASS HIDCLASS.SYS Sun Apr 13 20:45:25 2008 (480254C5)
b973f000 b974fe00   psched   psched.sys   Sun Apr 13 20:56:36 2008 (48025764)
b9750000 b9766580   ndiswan  ndiswan.sys  Sun Apr 13 21:20:41 2008 (48025D09)
b9767000 b9789700   ks       ks.sys       Sun Apr 13 21:16:34 2008 (48025C12)
b978a000 b979d900   parport  parport.sys  Sun Apr 13 20:40:09 2008 (48025389)
b979e000 b97c1200   USBPORT  USBPORT.SYS  Sun Apr 13 20:45:34 2008 (480254CE)
b97c2000 b97ea000   HDAudBus HDAudBus.sys Thu May 26 17:46:29 2005 (4295EF55)
b97ea000 b97fdf00   VIDEOPRT VIDEOPRT.SYS Sun Apr 13 20:44:39 2008 (48025497)
b97fe000 b9d92960   igxpmp32 igxpmp32.sys Tue Oct 30 17:00:34 2007 (47275522)
b9ddb000 b9df4b80   Mup      Mup.sys      Sun Apr 13 21:17:05 2008 (48025C31)
b9df5000 b9e21980   NDIS     NDIS.sys     Sun Apr 13 21:20:35 2008 (48025D03)
b9e22000 b9eae600   Ntfs     Ntfs.sys     Sun Apr 13 21:15:49 2008 (48025BE5)
b9eaf000 b9ec1f00   WudfPf   WudfPf.sys   Fri Sep 29 03:55:43 2006 (451C7D1F)
b9ec2000 b9ed8b00   KSecDD   KSecDD.sys   Wed Jun 24 13:18:40 2009 (4A420B90)
b9ed9000 b9eeaf00   sr       sr.sys       Sun Apr 13 20:36:50 2008 (480252C2)
b9eeb000 b9f0ab00   fltMgr   fltMgr.sys   Sun Apr 13 20:32:58 2008 (480251DA)
b9f0b000 b9f22900   atapi    atapi.sys    Sun Apr 13 20:40:29 2008 (4802539D)
b9f23000 b9f48700   dmio     dmio.sys     Sun Apr 13 20:44:45 2008 (4802549D)
b9f49000 b9f67880   ftdisk   ftdisk.sys   Fri Aug 17 22:52:41 2001 (3B7D8419)
b9f68000 b9f78a80   pci      pci.sys      Sun Apr 13 20:36:43 2008 (480252BB)
b9f79000 b9fa6d80   ACPI     ACPI.sys     Sun Apr 13 20:36:33 2008 (480252B1)
ba0a8000 ba0b1180   isapnp   isapnp.sys   Sun Apr 13 20:36:40 2008 (480252B8)
ba0b8000 ba0c2580   MountMgr MountMgr.sys Sun Apr 13 20:39:45 2008 (48025371)
ba0c8000 ba0d4c80   VolSnap  VolSnap.sys  Sun Apr 13 20:41:00 2008 (480253BC)
ba0d8000 ba0e0e00   disk     disk.sys     Sun Apr 13 20:40:46 2008 (480253AE)
ba0e8000 ba0f4180   CLASSPNP CLASSPNP.SYS Sun Apr 13 21:16:21 2008 (48025C05)
ba148000 ba151f00   termdd   termdd.sys   Sun Apr 13 20:38:36 2008 (4802532C)
ba168000 ba171e80   NDProxy  NDProxy.SYS  Sun Apr 13 20:57:28 2008 (48025798)
ba188000 ba190780   netbios  netbios.sys  Sun Apr 13 20:56:01 2008 (48025741)
ba1a8000 ba1b6b00   drmk     drmk.sys     Sun Apr 13 20:45:12 2008 (480254B8)
ba238000 ba246880   usbhub   usbhub.sys   Sun Apr 13 20:45:36 2008 (480254D0)
ba278000 ba280e00   intelppm intelppm.sys Sun Apr 13 20:31:31 2008 (48025183)
ba288000 ba295000   l251x86  l251x86.sys  Fri Oct 17 08:14:52 2008 (48F82D5C)
ba298000 ba2a4d00   i8042prt i8042prt.sys Sun Apr 13 21:17:59 2008 (48025C67)
ba2a8000 ba2b7c00   serial   serial.sys   Sun Apr 13 21:15:44 2008 (48025BE0)
ba2b8000 ba2c2480   imapi    imapi.sys    Sun Apr 13 20:40:57 2008 (480253B9)
ba2c8000 ba2d7600   cdrom    cdrom.sys    Sun Apr 13 20:40:45 2008 (480253AD)
ba2d8000 ba2e6100   redbook  redbook.sys  Sun Apr 13 20:40:27 2008 (4802539B)
ba2e8000 ba2f4880   rasl2tp  rasl2tp.sys  Sun Apr 13 21:19:43 2008 (48025CCF)
ba2f8000 ba302200   raspppoe raspppoe.sys Sun Apr 13 20:57:31 2008 (4802579B)
ba308000 ba313d00   raspptp  raspptp.sys  Sun Apr 13 21:19:47 2008 (48025CD3)
ba318000 ba320900   msgpc    msgpc.sys    Sun Apr 13 20:56:32 2008 (48025760)
ba328000 ba32e180   PCIIDEX  PCIIDEX.SYS  Sun Apr 13 20:40:29 2008 (4802539D)
ba330000 ba334d00   PartMgr  PartMgr.sys  Sun Apr 13 20:40:48 2008 (480253B0)
ba398000 ba39d080   usbuhci  usbuhci.sys  Sun Apr 13 20:45:34 2008 (480254CE)
ba3a0000 ba3a7600   usbehci  usbehci.sys  Sun Apr 13 20:45:34 2008 (480254CE)
ba3a8000 ba3aeb00   fdc      fdc.sys      Sun Apr 13 20:40:25 2008 (48025399)
ba3b0000 ba3b6000   kbdclass kbdclass.sys Sun Apr 13 20:39:46 2008 (48025372)
ba3b8000 ba3bca80   TDI      TDI.SYS      Sun Apr 13 21:00:04 2008 (48025834)
ba3c0000 ba3c4580   ptilink  ptilink.sys  Fri Aug 17 22:49:53 2001 (3B7D8371)
ba3c8000 ba3cc080   raspti   raspti.sys   Fri Aug 17 22:55:32 2001 (3B7D84C4)
ba3d0000 ba3d5a00   mouclass mouclass.sys Sun Apr 13 20:39:47 2008 (48025373)
ba3d8000 ba3dd000   flpydisk flpydisk.sys Sun Apr 13 20:40:24 2008 (48025398)
ba3e0000 ba3e6180   HIDPARSE HIDPARSE.SYS Sun Apr 13 20:45:22 2008 (480254C2)
ba3e8000 ba3ed200   SYMREDRV SYMREDRV.SYS Tue Aug 19 22:18:20 2008 (48AB2A8C)
ba3f0000 ba3f5200   vga      vga.sys      Sun Apr 13 20:44:40 2008 (48025498)
ba3f8000 ba3fca80   Msfs     Msfs.SYS     Sun Apr 13 20:32:38 2008 (480251C6)
ba400000 ba407880   Npfs     Npfs.SYS     Sun Apr 13 20:32:38 2008 (480251C6)
ba418000 ba41c500   watchdog watchdog.sys Sun Apr 13 20:44:59 2008 (480254AB)
ba4a0000 ba4a5500   TDTCP    TDTCP.SYS    Sun Apr 13 20:38:35 2008 (4802532B)
ba4b8000 ba4bb000   BOOTVID  BOOTVID.dll  Fri Aug 17 22:49:09 2001 (3B7D8345)
ba570000 ba573d80   serenum  serenum.sys  Sun Apr 13 20:40:12 2008 (4802538C)
ba578000 ba57a780   ndistapi ndistapi.sys Sun Apr 13 20:57:27 2008 (48025797)
ba59c000 ba59fc80   mssmbios mssmbios.sys Sun Apr 13 20:36:45 2008 (480252BD)
ba5a8000 ba5a9b80   kdcom    kdcom.dll    Fri Aug 17 22:49:10 2001 (3B7D8346)
ba5aa000 ba5ab100   WMILIB   WMILIB.SYS   Fri Aug 17 23:07:23 2001 (3B7D878B)
ba5ac000 ba5ad700   dmload   dmload.sys   Fri Aug 17 22:58:15 2001 (3B7D8567)
ba5c4000 ba5c5420   ASACPI   ASACPI.sys   Fri Aug 13 04:52:52 2004 (411C2D04)
ba5c6000 ba5c7100   swenum   swenum.sys   Sun Apr 13 20:39:52 2008 (48025378)
ba5cc000 ba5cd280   USBD     USBD.SYS     Fri Aug 17 23:02:58 2001 (3B7D8682)
ba5d0000 ba5d1f00   Fs_Rec   Fs_Rec.SYS   Fri Aug 17 22:49:37 2001 (3B7D8361)
ba5d2000 ba5d3080   Beep     Beep.SYS     Fri Aug 17 22:47:33 2001 (3B7D82E5)
ba5d4000 ba5d5080   mnmdd    mnmdd.SYS    Fri Aug 17 22:57:28 2001 (3B7D8538)
ba5d6000 ba5d7080   RDPCDD   RDPCDD.sys   Fri Aug 17 22:46:56 2001 (3B7D82C0)
ba5d8000 ba5d9100   dump_WMILIB dump_WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)
ba634000 ba635a80   ParVdm   ParVdm.SYS   Fri Aug 17 22:49:49 2001 (3B7D836D)
ba670000 ba670d00   pciide   pciide.sys   Fri Aug 17 22:51:49 2001 (3B7D83E5)
ba69e000 ba69ed00   dxgthk   dxgthk.sys   Fri Aug 17 22:53:12 2001 (3B7D8438)
ba6d6000 ba6d6c00   audstub  audstub.sys  Fri Aug 17 22:59:40 2001 (3B7D85BC)
ba6dd000 ba6ddb80   Null     Null.SYS     Fri Aug 17 22:47:39 2001 (3B7D82EB)
bf000000 bf011600   dxg      dxg.sys      Sun Apr 13 20:38:27 2008 (48025323)
bf012000 bf024000   igxprd32 igxprd32.dll Tue Oct 30 17:00:33 2007 (47275521)
bf024000 bf04f000   igxpgd32 igxpgd32.dll Tue Oct 30 17:00:33 2007 (47275521)
bf04f000 bf1e6760   igxpdv32 igxpdv32.DLL Tue Oct 30 17:00:42 2007 (4727552A)
bf1e7000 bf47a000   igxpdx32 igxpdx32.DLL Tue Oct 30 17:00:37 2007 (47275525)
bf800000 bf9c3d00   win32k   win32k.sys   Fri Aug 14 15:21:11 2009 (4A8564C7)
bffa0000 bffe5c00   ATMFD    ATMFD.DLL    Mon Apr 14 02:09:55 2008 (4802A0D3)

Unloaded modules:
a783f000 a786a000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba6c7000 ba6c8000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7992000 a799f000   DMusic.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a786a000 a788d000   aec.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a795a000 a7968000   swmidi.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba5ae000 ba5b0000   splitter.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba3e8000 ba3ed000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b966b000 b966e000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
start    end        module name
b9f79000 b9fa6d80   ACPI     ACPI.sys     Sun Apr 13 20:36:33 2008 (480252B1)
a84b4000 a84d5d00   afd      afd.sys      Thu Aug 14 12:04:35 2008 (48A40333)
ba5c4000 ba5c5420   ASACPI   ASACPI.sys   Fri Aug 13 04:52:52 2004 (411C2D04)
a7191000 a7194800   asyncmac asyncmac.sys Sun Apr 13 20:57:27 2008 (48025797)
b9f0b000 b9f22900   atapi    atapi.sys    Sun Apr 13 20:40:29 2008 (4802539D)
bffa0000 bffe5c00   ATMFD    ATMFD.DLL    Mon Apr 14 02:09:55 2008 (4802A0D3)
ba6d6000 ba6d6c00   audstub  audstub.sys  Fri Aug 17 22:59:40 2001 (3B7D85BC)
ba5d2000 ba5d3080   Beep     Beep.SYS     Fri Aug 17 22:47:33 2001 (3B7D82E5)
ba4b8000 ba4bb000   BOOTVID  BOOTVID.dll  Fri Aug 17 22:49:09 2001 (3B7D8345)
a8f73000 a8f82900   Cdfs     Cdfs.SYS     Sun Apr 13 21:14:21 2008 (48025B8D)
ba2c8000 ba2d7600   cdrom    cdrom.sys    Sun Apr 13 20:40:45 2008 (480253AD)
ba0e8000 ba0f4180   CLASSPNP CLASSPNP.SYS Sun Apr 13 21:16:21 2008 (48025C05)
ba0d8000 ba0e0e00   disk     disk.sys     Sun Apr 13 20:40:46 2008 (480253AE)
b9f23000 b9f48700   dmio     dmio.sys     Sun Apr 13 20:44:45 2008 (4802549D)
ba5ac000 ba5ad700   dmload   dmload.sys   Fri Aug 17 22:58:15 2001 (3B7D8567)
ba1a8000 ba1b6b00   drmk     drmk.sys     Sun Apr 13 20:45:12 2008 (480254B8)
a831d000 a8334900   dump_atapi dump_atapi.sys Sun Apr 13 20:40:29 2008 (4802539D)
ba5d8000 ba5d9100   dump_WMILIB dump_WMILIB.SYS Fri Aug 17 23:07:23 2001 (3B7D878B)
a8fd3000 a8fd5900   Dxapi    Dxapi.sys    Fri Aug 17 22:53:19 2001 (3B7D843F)
bf000000 bf011600   dxg      dxg.sys      Sun Apr 13 20:38:27 2008 (48025323)
ba69e000 ba69ed00   dxgthk   dxgthk.sys   Fri Aug 17 22:53:12 2001 (3B7D8438)
a8352000 a83b0000   eeCtrl   eeCtrl.sys   Tue Aug 18 01:05:39 2009 (4A89E243)
a8335000 a8352000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Tue Aug 18 01:05:39 2009 (4A89E243)
a75e9000 a760c180   Fastfat  Fastfat.SYS  Sun Apr 13 21:14:28 2008 (48025B94)
ba3a8000 ba3aeb00   fdc      fdc.sys      Sun Apr 13 20:40:25 2008 (48025399)
a8fc3000 a8fcde00   Fips     Fips.SYS     Sun Apr 13 20:33:27 2008 (480251F7)
ba3d8000 ba3dd000   flpydisk flpydisk.sys Sun Apr 13 20:40:24 2008 (48025398)
b9eeb000 b9f0ab00   fltMgr   fltMgr.sys   Sun Apr 13 20:32:58 2008 (480251DA)
ba5d0000 ba5d1f00   Fs_Rec   Fs_Rec.SYS   Fri Aug 17 22:49:37 2001 (3B7D8361)
b9f49000 b9f67880   ftdisk   ftdisk.sys   Fri Aug 17 22:52:41 2001 (3B7D8419)
806e4000 80704d00   hal      halmacpi.dll Sun Apr 13 20:31:27 2008 (4802517F)
b97c2000 b97ea000   HDAudBus HDAudBus.sys Thu May 26 17:46:29 2005 (4295EF55)
b972f000 b9738000   HIDCLASS HIDCLASS.SYS Sun Apr 13 20:45:25 2008 (480254C5)
ba3e0000 ba3e6180   HIDPARSE HIDPARSE.SYS Sun Apr 13 20:45:22 2008 (480254C2)
b9663000 b9665880   hidusb   hidusb.sys   Sun Apr 13 20:45:27 2008 (480254C7)
a7355000 a7395e00   HTTP     HTTP.sys     Tue Oct 20 18:20:15 2009 (4ADDE33F)
ba298000 ba2a4d00   i8042prt i8042prt.sys Sun Apr 13 21:17:59 2008 (48025C67)
bf04f000 bf1e6760   igxpdv32 igxpdv32.DLL Tue Oct 30 17:00:42 2007 (4727552A)
bf1e7000 bf47a000   igxpdx32 igxpdx32.DLL Tue Oct 30 17:00:37 2007 (47275525)
bf024000 bf04f000   igxpgd32 igxpgd32.dll Tue Oct 30 17:00:33 2007 (47275521)
b97fe000 b9d92960   igxpmp32 igxpmp32.sys Tue Oct 30 17:00:34 2007 (47275522)
bf012000 bf024000   igxprd32 igxprd32.dll Tue Oct 30 17:00:33 2007 (47275521)
ba2b8000 ba2c2480   imapi    imapi.sys    Sun Apr 13 20:40:57 2008 (480253B9)
ba278000 ba280e00   intelppm intelppm.sys Sun Apr 13 20:31:31 2008 (48025183)
a8554000 a8579500   ipnat    ipnat.sys    Sun Apr 13 20:57:10 2008 (48025786)
a85d3000 a85e5600   ipsec    ipsec.sys    Sun Apr 13 21:19:42 2008 (48025CCE)
ba0a8000 ba0b1180   isapnp   isapnp.sys   Sun Apr 13 20:36:40 2008 (480252B8)
ba3b0000 ba3b6000   kbdclass kbdclass.sys Sun Apr 13 20:39:46 2008 (48025372)
ba5a8000 ba5a9b80   kdcom    kdcom.dll    Fri Aug 17 22:49:10 2001 (3B7D8346)
b9767000 b9789700   ks       ks.sys       Sun Apr 13 21:16:34 2008 (48025C12)
b9ec2000 b9ed8b00   KSecDD   KSecDD.sys   Wed Jun 24 13:18:40 2009 (4A420B90)
ba288000 ba295000   l251x86  l251x86.sys  Fri Oct 17 08:14:52 2008 (48F82D5C)
ba5d4000 ba5d5080   mnmdd    mnmdd.SYS    Fri Aug 17 22:57:28 2001 (3B7D8538)
ba3d0000 ba3d5a00   mouclass mouclass.sys Sun Apr 13 20:39:47 2008 (48025373)
b965f000 b9661f80   mouhid   mouhid.sys   Fri Aug 17 22:47:57 2001 (3B7D82FD)
ba0b8000 ba0c2580   MountMgr MountMgr.sys Sun Apr 13 20:39:45 2008 (48025371)
a7d2c000 a7d58180   mrxdav   mrxdav.sys   Sun Apr 13 20:32:42 2008 (480251CA)
a83b0000 a841f280   mrxsmb   mrxsmb.sys   Fri Oct 24 13:21:07 2008 (4901AFA3)
ba3f8000 ba3fca80   Msfs     Msfs.SYS     Sun Apr 13 20:32:38 2008 (480251C6)
ba318000 ba320900   msgpc    msgpc.sys    Sun Apr 13 20:56:32 2008 (48025760)
ba59c000 ba59fc80   mssmbios mssmbios.sys Sun Apr 13 20:36:45 2008 (480252BD)
b9ddb000 b9df4b80   Mup      Mup.sys      Sun Apr 13 21:17:05 2008 (48025C31)
a8606000 a8619180   NAVENG   NAVENG.SYS   Sat Aug 22 07:31:12 2009 (4A8F82A0)
a863f000 a8780800   NAVEX15  NAVEX15.SYS  Sat Aug 22 07:37:19 2009 (4A8F840F)
b9df5000 b9e21980   NDIS     NDIS.sys     Sun Apr 13 21:20:35 2008 (48025D03)
ba578000 ba57a780   ndistapi ndistapi.sys Sun Apr 13 20:57:27 2008 (48025797)
a81e9000 a81ec900   ndisuio  ndisuio.sys  Sun Apr 13 20:55:57 2008 (4802573D)
b9750000 b9766580   ndiswan  ndiswan.sys  Sun Apr 13 21:20:41 2008 (48025D09)
ba168000 ba171e80   NDProxy  NDProxy.SYS  Sun Apr 13 20:57:28 2008 (48025798)
ba188000 ba190780   netbios  netbios.sys  Sun Apr 13 20:56:01 2008 (48025741)
a84d6000 a84fdc00   netbt    netbt.sys    Sun Apr 13 21:20:59 2008 (48025D1B)
ba400000 ba407880   Npfs     Npfs.SYS     Sun Apr 13 20:32:38 2008 (480251C6)
804d7000 806e4000   nt       ntkrpamp.exe Tue Aug 04 16:20:04 2009 (4A784394)
b9e22000 b9eae600   Ntfs     Ntfs.sys     Sun Apr 13 21:15:49 2008 (48025BE5)
ba6dd000 ba6ddb80   Null     Null.SYS     Fri Aug 17 22:47:39 2001 (3B7D82EB)
b978a000 b979d900   parport  parport.sys  Sun Apr 13 20:40:09 2008 (48025389)
ba330000 ba334d00   PartMgr  PartMgr.sys  Sun Apr 13 20:40:48 2008 (480253B0)
ba634000 ba635a80   ParVdm   ParVdm.SYS   Fri Aug 17 22:49:49 2001 (3B7D836D)
b9f68000 b9f78a80   pci      pci.sys      Sun Apr 13 20:36:43 2008 (480252BB)
ba670000 ba670d00   pciide   pciide.sys   Fri Aug 17 22:51:49 2001 (3B7D83E5)
ba328000 ba32e180   PCIIDEX  PCIIDEX.SYS  Sun Apr 13 20:40:29 2008 (4802539D)
a8ffb000 a901ea80   portcls  portcls.sys  Sun Apr 13 21:19:40 2008 (48025CCC)
b973f000 b974fe00   psched   psched.sys   Sun Apr 13 20:56:36 2008 (48025764)
ba3c0000 ba3c4580   ptilink  ptilink.sys  Fri Aug 17 22:49:53 2001 (3B7D8371)
b9657000 b9659280   rasacd   rasacd.sys   Fri Aug 17 22:55:39 2001 (3B7D84CB)
ba2e8000 ba2f4880   rasl2tp  rasl2tp.sys  Sun Apr 13 21:19:43 2008 (48025CCF)
ba2f8000 ba302200   raspppoe raspppoe.sys Sun Apr 13 20:57:31 2008 (4802579B)
ba308000 ba313d00   raspptp  raspptp.sys  Sun Apr 13 21:19:47 2008 (48025CD3)
ba3c8000 ba3cc080   raspti   raspti.sys   Fri Aug 17 22:55:32 2001 (3B7D84C4)
a8420000 a844ae80   rdbss    rdbss.sys    Sun Apr 13 21:28:38 2008 (48025EE6)
ba5d6000 ba5d7080   RDPCDD   RDPCDD.sys   Fri Aug 17 22:46:56 2001 (3B7D82C0)
b966f000 b969ee80   rdpdr    rdpdr.sys    Sun Apr 13 20:32:50 2008 (480251D2)
a75c6000 a75e8100   RDPWD    RDPWD.SYS    Sun Apr 13 20:38:40 2008 (48025330)
ba2d8000 ba2e6100   redbook  redbook.sys  Sun Apr 13 20:40:27 2008 (4802539B)
a901f000 a94b2000   RtkHDAud RtkHDAud.sys Thu Nov 01 07:38:50 2007 (4729747A)
ba570000 ba573d80   serenum  serenum.sys  Sun Apr 13 20:40:12 2008 (4802538C)
ba2a8000 ba2b7c00   serial   serial.sys   Sun Apr 13 21:15:44 2008 (48025BE0)
a844b000 a84b4000   SPBBCDrv SPBBCDrv.sys Thu May 15 04:14:28 2008 (482B9C84)
b9ed9000 b9eeaf00   sr       sr.sys       Sun Apr 13 20:36:50 2008 (480252C2)
a8781000 a87cb000   SRTSP    SRTSP.SYS    Thu Aug 14 06:51:36 2008 (48A3B9D8)
b970f000 b9718080   SRTSPX   SRTSPX.SYS   Thu Aug 14 06:53:49 2008 (48A3BA5D)
a7c8a000 a7cdb880   srv      srv.sys      Thu Dec 11 11:57:07 2008 (4940F203)
ba5c6000 ba5c7100   swenum   swenum.sys   Sun Apr 13 20:39:52 2008 (48025378)
a861a000 a863f000   SYMEVENT SYMEVENT.SYS Tue Jan 15 00:29:24 2008 (478BF054)
ba3e8000 ba3ed200   SYMREDRV SYMREDRV.SYS Tue Aug 19 22:18:20 2008 (48AB2A8C)
a84fe000 a852b200   SYMTDI   SYMTDI.SYS   Tue Aug 19 22:17:48 2008 (48AB2A6C)
a7a82000 a7a90d80   sysaudio sysaudio.sys Sun Apr 13 21:15:55 2008 (48025BEB)
a857a000 a85d2480   tcpip    tcpip.sys    Fri Jun 20 13:51:09 2008 (485B99AD)
ba3b8000 ba3bca80   TDI      TDI.SYS      Sun Apr 13 21:00:04 2008 (48025834)
ba4a0000 ba4a5500   TDTCP    TDTCP.SYS    Sun Apr 13 20:38:35 2008 (4802532B)
b95d0000 b9606000   teefer2  teefer2.sys  Thu Jul 10 12:57:41 2008 (4875EB25)
ba148000 ba151f00   termdd   termdd.sys   Sun Apr 13 20:38:36 2008 (4802532C)
b9572000 b95cff00   update   update.sys   Sun Apr 13 20:39:46 2008 (48025372)
ba5cc000 ba5cd280   USBD     USBD.SYS     Fri Aug 17 23:02:58 2001 (3B7D8682)
ba3a0000 ba3a7600   usbehci  usbehci.sys  Sun Apr 13 20:45:34 2008 (480254CE)
ba238000 ba246880   usbhub   usbhub.sys   Sun Apr 13 20:45:36 2008 (480254D0)
b979e000 b97c1200   USBPORT  USBPORT.SYS  Sun Apr 13 20:45:34 2008 (480254CE)
ba398000 ba39d080   usbuhci  usbuhci.sys  Sun Apr 13 20:45:34 2008 (480254CE)
ba3f0000 ba3f5200   vga      vga.sys      Sun Apr 13 20:44:40 2008 (48025498)
b97ea000 b97fdf00   VIDEOPRT VIDEOPRT.SYS Sun Apr 13 20:44:39 2008 (48025497)
ba0c8000 ba0d4c80   VolSnap  VolSnap.sys  Sun Apr 13 20:41:00 2008 (480253BC)
b96af000 b96b7700   wanarp   wanarp.sys   Sun Apr 13 20:57:20 2008 (48025790)
ba418000 ba41c500   watchdog watchdog.sys Sun Apr 13 20:44:59 2008 (480254AB)
a788d000 a78a1480   wdmaud   wdmaud.sys   Sun Apr 13 21:17:18 2008 (48025C3E)
bf800000 bf9c3d00   win32k   win32k.sys   Fri Aug 14 15:21:11 2009 (4A8564C7)
ba5aa000 ba5ab100   WMILIB   WMILIB.SYS   Fri Aug 17 23:07:23 2001 (3B7D878B)
b96bf000 b96cd000   wpsdrvnt wpsdrvnt.sys Fri Sep 05 00:08:24 2008 (48C05C58)
a7d59000 a7d7c380   WpsHelper WpsHelper.sys Tue Mar 10 04:18:06 2009 (49B5DBEE)
b9eaf000 b9ec1f00   WudfPf   WudfPf.sys   Fri Sep 29 03:55:43 2006 (451C7D1F)

Unloaded modules:
a783f000 a786a000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba6c7000 ba6c8000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a7992000 a799f000   DMusic.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a786a000 a788d000   aec.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
a795a000 a7968000   swmidi.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba5ae000 ba5b0000   splitter.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
ba3e8000 ba3ed000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
b966b000 b966e000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
**** DUMP OF ALL RESOURCE OBJECTS ****
80565d70: Unable to get value of ExpSystemResourcesList

*** Virtual Memory Usage ***
GetUlongFromAddress: unable to read from 80562128
	Physical Memory:           0 (         0 Kb)
GetUlongFromAddress: unable to read from 80561c60

************ NO PAGING FILE *********************

80561b80: Unable to get paged pool info
GetUlongPtrFromAddress: unable to read from 80551990
GetUlongPtrFromAddress: unable to read from 80561f4c
GetPointerFromAddress: unable to read from 80561c24
GetPointerFromAddress: unable to read from 80555c48
GetUlongFromAddress: unable to read from 8055d7a0
GetPointerFromAddress: unable to read from 8055d714
GetUlongFromAddress: unable to read from 8055d4f4
GetUlongFromAddress: unable to read from 80551918
GetUlongFromAddress: unable to read from 80551928
GetUlongFromAddress: unable to read from 8056211c
GetUlongFromAddress: unable to read from 805620dc
GetUlongFromAddress: unable to read from 8055d350
GetUlongFromAddress: unable to read from 8055d1a0
GetUlongFromAddress: unable to read from 8055d19c
GetUlongFromAddress: unable to read from 8055d1a4
GetUlongFromAddress: unable to read from 8055d1a0
GetUlongFromAddress: unable to read from 8055d19c
GetUlongFromAddress: unable to read from 8055d3fc
GetUlongPtrFromAddress: unable to read from 80554280
GetUlongPtrFromAddress: unable to read from 80555cc0
GetUlongFromAddress: unable to read from 8055d3b8
GetUlongFromAddress: unable to read from 8055d3a0
	Error reading free nonpaged PTEs 8055d354
GetUlongFromAddress: unable to read from 8055d3b0
	Available Pages:           0 (         0 Kb)
	ResAvail Pages:            0 (         0 Kb)

	********** Running out of physical memory **********

	Locked IO Pages:           0 (         0 Kb)
	Free System PTEs:          0 (         0 Kb)

	********** Running out of system PTEs **************

GetUlongFromAddress: unable to read from 8055d338
GetUlongFromAddress: unable to read from 8055d550
	Free NP PTEs:              0 (         0 Kb)
	Free Special NP:           0 (         0 Kb)
	Modified Pages:            0 (         0 Kb)
	Modified PF Pages:         0 (         0 Kb)
80564d20: Unable to get pool descriptor
GetUlongFromAddress: unable to read from 805522b8
	NonPagedPool Usage:        0 (         0 Kb)
	NonPagedPool Max:          0 (         0 Kb)
GetUlongFromAddress: unable to read from 805522b4
	PagedPool Usage:           0 (         0 Kb)
	PagedPool Maximum:         0 (         0 Kb)
GetUlongFromAddress: unable to read from 80565d48
Unable to read _LIST_ENTRY @ 80561b58
	Session Commit:            0 (         0 Kb)
	Shared Commit:             0 (         0 Kb)
	Special Pool:              0 (         0 Kb)
	Shared Process:            0 (         0 Kb)
	PagedPool Commit:          0 (         0 Kb)
	Driver Commit:             0 (         0 Kb)
	Committed pages:      100900 (    403600 Kb)
	Commit limit:              0 (         0 Kb)

	********** Number of committed pages is near limit ********
GetUlongFromAddress: unable to read from 8055d418
GetUlongFromAddress: unable to read from 8055d41c

Unable to read/NULL value _LIST_ENTRY @ 805638b8

ProcessCommitUsage could not be calculated
Bugcheck code 00000019
Arguments 00000020 87edfff4 87ee08fc e921e7f8

Open in new window

0
 
optomaCommented:
Could you attach three recent .dmp files from c:\windows\minidump
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
*** Hopeleonie ***IT ManagerAuthor Commented:
0
 
willcompCommented:
wpshelper.sys is part of Symantec/Norton Anti-Virus software. Do you have a Symantec/Norton product installed?
0
 
cantorisCommented:
You've posted two threads with BSoDs caused by different files.  This file, like the other (teefer2) is part of Symantec Endpoint Protection.  Are they the same PC?  I'd be completely uninstalling that app and then reinstalling it and checking for any updates for it.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007073018014248
0
 
optomaCommented:
Hi,
As mentioned the minidumps point to symantec so it would be best to uninstall and reinstall symantec.
Has there been any other issues with machine prior to this?
0
 
John GriffithConsultantCommented:
While I agree that all 4 dumps point to Symantec as the probable cause, I am not convinced that Symantec is the actual cause here at all - at least not 100%.
The bugchecks -
(2) 0xc2 (0x7,,,) = a driver tried to free memory that was already freed
(1) 0x19 (0x20,,,) = pool already corrupted at the time of request
(1) 0x50 = invalid memory referenced
The dumps show the Microsoft driver http.sys  as the most recently updated XP driver -
HTTP.sys     Tue Oct 20 12:20:15 2009 (4ADDE33F)
Symantec, along with the XP NT Kernel and the XP win32k.sys GUI drivers w/ August 2009 timestamps.  
Look at the dates of the BSODs and system uptime -
 
Debug session time: Fri Dec 11 07:48:52.379 2009 (GMT-5)
System Uptime: 0 days 0:10:46.250

Debug session time: Wed Dec 16 17:25:13.812 2009 (GMT-5)
System Uptime: 0 days 0:02:57.046

Debug session time: Wed Dec 16 17:34:03.098 2009 (GMT-5)
System Uptime: 0 days 0:04:59.296

Debug session time: Thu Dec 17 10:07:10.115 2009 (GMT-5)
System Uptime: 0 days 16:32:25.796
It is possible, but unlikely that Symantec, which "phones home" often, would give you 16.5 hours of system uptime " peace" as the 12/17 dump shows, yet just under 3 minutes as the 12-16 (#2 above) dump shows. If Symantec were the true and only culprit, I would expect the bugchecks and system up-time to be more static.
I believe the BSODs have more in common with your outdated Atheros Ethernet driver -
l251x86.sys  Fri Oct 17 02:14:52 2008 (48F82D5C)
Assuming that Endpoint has been running fine until the rash of BSODs began on 12-11-09, it is likely that the updated http.sys clashed with the 2008 Atheros driver.
I would suggest that you update your Atheros ethernet driver, as I believe it to be the leading cause of your BSODs.
Regards. . .
jcgriff2
 

 
0
 
*** Hopeleonie ***IT ManagerAuthor Commented:
hi all & thanx everyone!

@ willcomp yes symantec endpoint protection 11.0.3001.2224  
@ cantoris same pc
@ optoma no this is new!
@ jcgriff2 we are searching you for consulting. but your email address ([removed]) is not valide! can you send me an email to [removed] ?
0
 
*** Hopeleonie ***IT ManagerAuthor Commented:
ok thanks Modalot
0
 
John GriffithConsultantCommented:
@ hopeleonie - email address changed; I sent email to you using email address in your profile
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 5
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now