Hi, here is analysis:
All of the dumps are refering to the same problem:
BugCheck 139, {3, ffffd00023a50310, ffffd00023a50268, 0}
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
BugCheck 139 being KERNEL_SECURITY_CHECK_FAILURE
And code
3 which is corrupted LIST_ENTRY (for example, a double remove)
What this means is for example a faulty driver ( bad driver) removes an item from the list
but it's not caught immediately since removing an item is nothing wrong,
but at some point later it turns out removed item belonged to some another system
process or whatever tries to access the item which now no longer exist or refferes to invalid
space which is illegal, thus blaming someone who isn't guilty, and in this case it's NETIO.sys in every single case.
How to track this down?
I went to debuggin' help and it sez following:
"Most causes of this bug check tend to be self explanatory and easy to diagnose.
One exception is code
3, LIST_ENTRY corruption. This type of bug check can be difficult to track down"
Oh great!, because the bad guy plays the "hit and run cowboy" game
So I went to continue reading help and there are 5 possible causes:
1. A driver has corrupted a kernel synchronization object ...
2. A driver has corrupted a periodic KTIMER ...
3. A driver has mismanaged an internal LIST_ENTRY-style linked list ...
4. A driver has freed a data structure that contains a LIST_ENTRY ...
5. A driver has used a LIST_ENTRY-style list in a concurrent fashion without proper synchronization ...
So far nothing useful. so I went on and look at call stack:
Code:
6: kd> k
Child-SP RetAddr Call Site
ffffd000`23a4ffe8 fffff802`8cf6a7e9 nt!KeBugCheckEx
ffffd000`23a4fff0 fffff802`8cf6ab10 nt!KiBugCheckDispatch+0x69
ffffd000`23a50130 fffff802`8cf69d34 nt!KiFastFailDispatch+0xd0
ffffd000`23a50310 fffff800`af111acd nt!KiRaiseSecurityCheckFailure+0xf4 [COLOR=#008000]// fail bcoz[/COLOR]
ffffd000`23a504a0 fffff800`aee0e572 [COLOR=#ff0000]ndis[/COLOR]!ndisNsiGetInterfaceInformation+0x21b8d [COLOR=#008000]// INTERFACE NO LONGER EXIST in the list!![/COLOR]
ffffd000`23a50550 fffff800`affada25 [COLOR=#ff0000]NETIO[/COLOR]!NsiGetParameterEx+0x222
ffffd000`23a506b0 fffff800`affadbe3 [COLOR=#ff0000]nsiproxy[/COLOR]!NsippGetParameter+0x195
ffffd000`23a50840 fffff802`8d23377f nsiproxy!NsippDispatch+0x53
ffffd000`23a50880 fffff802`8d232d22 nt!IopXxxControlFile+0xa4f
ffffd000`23a50a20 fffff802`8cf6a4b3 nt!NtDeviceIoControlFile+0x56
ffffd000`23a50a90 00007ff9`5fb7123a nt!KiSystemServiceCopyEnd+0x13
[COLOR=#ff0000]00000066`0d4df4e8 00000000`00000000 0x00007ff9`5fb7123a [/COLOR][COLOR=#008000]// This is what we need but ....[/COLOR]
Call stack begins with user process '?' in every dump file examined,
I'm assuming that cos address
00000066`0d4df4e8 00000000`00000000 0x00007ff9`5fb7123a
belongs to user space memory, and then continues on to kernel space up until BugCheck
I'm also guessing it does not bellong to Microsoft cos otherwise I would have symbols for it
and it would display
function name called which it doesn't.
I asked my self why the heck does it say "probably caused by NETIO.sys" every single time?
Code:
1: kd> !analyze
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, ffffd00180fb2310, ffffd00180fb2268, 0}
[COLOR=#ff0000]Probably caused by : NETIO.SYS[/COLOR] ( NETIO!NsiGetParameterEx+222 )
Followup: MachineOwner
Because it get caught, and it does so because NETIO.SYS is the last one that accesses the list, but the bad guy has corrupted ( removed stuff ) out of the list before this kernel driver even tries to retrieve it's lost stuff out from the list, so
nt!KiRaiseSecurityCheckFailure+0xf4 and blame the one who was last seen, which usually turns out to be false positive.
Next trying to associate process with these errors yields (again!) the same result for every single dump file:
Code:
6: kd> !process
GetPointerFromAddress: unable to read from fffff8028d171000
PROCESS ffffe0017afdc8c0
SessionId: none Cid: 04a0 Peb: 7ff6ce7c8000 ParentCid: 02b8
DirBase: 1383d6000 ObjectTable: ffffc000fd3ffd80 HandleCount: <Data Not Accessible>
Image: [COLOR=#ff0000]svchost.exe [/COLOR][COLOR=#008000]// always svchost.exe[/COLOR]
VadRoot ffffe0017afe3ae0 Vads 252 Clone 0 Private 1731. Modified 46. Locked 30.
DeviceMap ffffc000fd1005c0
Token ffffc000fce62890
ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
ElapsedTime 00:00:00.000
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 219976
QuotaPoolUsage[NonPagedPool] 40208
Working Set Sizes (now,min,max) (4533, 50, 345) (18132KB, 200KB, 1380KB)
PeakWorkingSetSize 4798
VirtualSize 2098410 Mb
PeakVirtualSize 2098415 Mb
PageFaultCount 7119
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 2270
*** Error in reading nt!_ETHREAD @ ffffe0017afbb080
OK,
svchost.exe, so far by using some plain logic, it turns out it's probably networking service/driver that does
not belong to Microsoft.
And Since call stack stucks at
NETIO.sys and procesess is allways svchost.exe which hosts services.
So in this guess game I went to look at 3rd party networking services running on the system,
and here is a golden list:
1. SCP DS3 Service ( Local System -> can access network )
2. NVIDIA Network Service ( Local System -> can access network )
3. Intel(R) PROSet/Wireless Zero Configuration Service ( Local System )
4. PnkBstrA ( Punk buster - not sure about this one )
5. ATKGFNEX Service ( not sure, local system and driver iz 6 yrs. old )
3 out of 5 are associated with kernel driver so that makes sense
According to this and few other observations not mentioned so far here, here is what I would recommend:
1. Remove manufactures bloatware from you PC
2. Try not to use joystick ( SCP DS3 ) next days, temporary play games with keyboard and mouse.
3. Remove punk buster from your PC
4. Download and update network drivers from following website: ( and possibly others too such as ATK)
ASUSTeK Computer Inc. -Support- Drivers and Download G550JK Skip BIOS update.
In addition to above run:
1. sfc /scannow in an elvated command prompt and wait for completion.
2. Update Windows, but disable windows from auto updating your drivers.
3. perform a full scan by using some good antivirus and anti sypware. (ex. Malwerbytes, Kaspersky)
4. Set up data execution prevention in Control Panel\System and Security\System > advanced system settings
> Advanced tab > performance > Data execution prevention > Turn on DEP for all program and services ...
Additional possible steps:
5. Steps on bellow link show how to use driver verifier, however according to msdn.microsoft.com following:
Caution
- Running Driver Verifier could cause the computer to crash.
- You should only run Driver Verifier on computers you are using for testing and debugging.
- You must be in the Administrators group on the computer to use Driver Verifier.
Where can I download Driver Verifier?
When you perform all this we can only hope it will work, if you encounter new BSOD, again share results
by following same procedure and then we'll se what could possibly be done next.
Hopefully somebody can help me on how to traverse and dig trough corrupted list in order to identify faulting driver/application, cos I got lost in digging process. :shock:
Here is a verbose output:
Code:
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd00023a50310, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd00023a50268, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: ffffd00023a50310 -- (.trap 0xffffd00023a50310)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe0017875c960 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe00177d354e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800af111acd rsp=ffffd00023a504a0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000002 r10=ffffe00177bb6800
r11=ffffe0017be1a970 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
ndis!ndisNsiGetInterfaceInformation+0x21b8d:
fffff800`af111acd cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd00023a50268 -- (.exr 0xffffd00023a50268)
ExceptionAddress: fffff800af111acd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
LAST_CONTROL_TRANSFER: from fffff8028cf6a7e9 to fffff8028cf5eca0
STACK_TEXT:
ffffd000`23a4ffe8 fffff802`8cf6a7e9 : 00000000`00000139 00000000`00000003 ffffd000`23a50310 ffffd000`23a50268 : nt!KeBugCheckEx
ffffd000`23a4fff0 fffff802`8cf6ab10 : 00000000`00000000 00000000`00000001 ffffd000`23a501d8 ffffd000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd000`23a50130 fffff802`8cf69d34 : ffffc000`fce62890 00000002`0000000c 00000000`00000000 ffffc000`fce62d00 : nt!KiFastFailDispatch+0xd0
ffffd000`23a50310 fffff800`af111acd : 00000000`ffffe001 00000000`00000000 ffffd000`23a50610 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`23a504a0 fffff800`aee0e572 : ffffd000`23a50610 ffffe001`7be1a902 ffffe001`7be1a900 00000000`00000000 : ndis!ndisNsiGetInterfaceInformation+0x21b8d
ffffd000`23a50550 fffff800`affada25 : 00000000`00000050 00000000`00000050 ffffe001`77d45390 00000000`00000000 : NETIO!NsiGetParameterEx+0x222
ffffd000`23a506b0 fffff800`affadbe3 : 00000000`00000000 ffffe001`7a046fb0 ffffe001`7a046ee0 00000000`00000000 : nsiproxy!NsippGetParameter+0x195
ffffd000`23a50840 fffff802`8d23377f : 00000000`00000000 ffffe001`7a046ee0 ffffe001`7a046ee0 00000000`00000001 : nsiproxy!NsippDispatch+0x53
ffffd000`23a50880 fffff802`8d232d22 : ffffd000`23a50a38 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa4f
ffffd000`23a50a20 fffff802`8cf6a4b3 : ffffe001`7b06b080 00000000`001f0003 00000066`0d4df468 00000000`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd000`23a50a90 00007ff9`5fb7123a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000066`0d4df4e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`5fb7123a
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!NsiGetParameterEx+222
fffff800`aee0e572 8bd8 mov ebx,eax
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: NETIO!NsiGetParameterEx+222
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 546029c5
IMAGE_VERSION: 6.3.9600.17485
BUCKET_ID_FUNC_OFFSET: 222
FAILURE_BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx
BUCKET_ID: 0x139_3_NETIO!NsiGetParameterEx
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_netio!nsigetparameterex
FAILURE_ID_HASH: {863902cf-27d7-671f-3d7f-44a47e15711d}
Followup: MachineOwner
---------
6: kd> .exr 0xffffd00023a50268
ExceptionAddress: fffff800af111acd (ndis!ndisNsiGetInterfaceInformation+0x0000000000021b8d)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
6: kd> lmnt
start end module name
fffff800`ae41c000 fffff800`ae499000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Fri Jul 04 14:59:36 2014 (53B6A538)
fffff800`ae499000 fffff800`ae4a7000 werkernel werkernel.sys Thu Aug 22 13:40:24 2013 (5215F8A8)
fffff800`ae4a7000 fffff800`ae509000 CLFS CLFS.SYS Wed Mar 04 01:51:05 2015 (54F656F9)
fffff800`ae509000 fffff800`ae52b000 tm tm.sys Thu Aug 22 13:39:33 2013 (5215F875)
fffff800`ae52b000 fffff800`ae540000 PSHED PSHED.dll Sat Sep 14 15:57:19 2013 (52346B3F)
fffff800`ae540000 fffff800`ae54a000 BOOTVID BOOTVID.dll Thu Aug 22 13:40:26 2013 (5215F8AA)
fffff800`ae54a000 fffff800`ae5d2000 CI CI.dll Sat Dec 06 04:23:28 2014 (548276B0)
fffff800`ae61c000 fffff800`ae679000 msrpc msrpc.sys Thu Aug 22 13:39:22 2013 (5215F86A)
fffff800`ae679000 fffff800`ae748000 Wdf01000 Wdf01000.sys Thu Aug 22 13:38:56 2013 (5215F850)
fffff800`ae748000 fffff800`ae759000 WDFLDR WDFLDR.SYS Thu Aug 22 13:39:03 2013 (5215F857)
fffff800`ae759000 fffff800`ae771000 acpiex acpiex.sys Thu Aug 22 13:37:47 2013 (5215F80B)
fffff800`ae771000 fffff800`ae77c000 WppRecorder WppRecorder.sys Thu Aug 22 13:39:40 2013 (5215F87C)
fffff800`ae77c000 fffff800`ae7e5000 spaceport spaceport.sys Wed Oct 29 03:47:03 2014 (54505527)
fffff800`ae800000 fffff800`ae81c000 pdc pdc.sys Wed Oct 15 06:34:24 2014 (543DF950)
fffff800`ae81c000 fffff800`ae834000 partmgr partmgr.sys Wed Oct 08 09:34:42 2014 (5434E912)
fffff800`ae834000 fffff800`ae849000 volmgr volmgr.sys Thu Aug 22 13:39:53 2013 (5215F889)
fffff800`ae86f000 fffff800`ae8f7000 ACPI ACPI.sys Tue Oct 07 05:29:50 2014 (54335E2E)
fffff800`ae8f7000 fffff800`ae901000 WMILIB WMILIB.SYS Thu Aug 22 13:40:23 2013 (5215F8A7)
fffff800`ae901000 fffff800`ae98d000 cng cng.sys Wed Jan 14 03:29:05 2015 (54B5D471)
fffff800`ae99b000 fffff800`ae9a5000 msisadrv msisadrv.sys Thu Aug 22 13:39:03 2013 (5215F857)
fffff800`ae9a5000 fffff800`ae9ed000 pci pci.sys Thu Jul 24 13:45:24 2014 (53D0F1D4)
fffff800`ae9ed000 fffff800`ae9fa000 vdrvroot vdrvroot.sys Thu Aug 22 13:38:49 2013 (5215F849)
fffff800`aea00000 fffff800`aea5c000 fltmgr fltmgr.sys Tue Aug 26 04:25:16 2014 (53FBF00C)
fffff800`aea5c000 fffff800`aea72000 fileinfo fileinfo.sys Sat Feb 22 13:13:10 2014 (53089456)
fffff800`aea7f000 fffff800`aeade000 volmgrx volmgrx.sys Thu Aug 22 13:40:23 2013 (5215F8A7)
fffff800`aeade000 fffff800`aeaf9000 mountmgr mountmgr.sys Tue Oct 07 03:18:16 2014 (54333F58)
fffff800`aeaf9000 fffff800`aeb16000 storahci storahci.sys Thu Aug 22 13:40:39 2013 (5215F8B7)
fffff800`aeb16000 fffff800`aeb74000 storport storport.sys Thu Sep 25 04:47:07 2014 (5423822B)
fffff800`aeb74000 fffff800`aeb94000 EhStorTcgDrv EhStorTcgDrv.sys Thu Aug 22 13:37:30 2013 (5215F7FA)
fffff800`aeb94000 fffff800`aebae000 EhStorClass EhStorClass.sys Thu Aug 22 13:38:15 2013 (5215F827)
fffff800`aebae000 fffff800`aebd9000 Wof Wof.sys Thu Mar 13 09:27:29 2014 (53216BF1)
fffff800`aec00000 fffff800`aec0e000 BasicRender BasicRender.sys Sat Feb 22 13:14:02 2014 (5308948A)
fffff800`aec5e000 fffff800`aeca1000 WdFilter WdFilter.sys Fri Jan 30 11:20:58 2015 (54CB5B0A)
fffff800`aeca1000 fffff800`aed36000 fvevol fvevol.sys Tue Apr 08 00:25:31 2014 (534325DB)
fffff800`aed36000 fffff800`aed8c000 CLASSPNP CLASSPNP.SYS Wed Oct 08 07:22:07 2014 (5434C9FF)
fffff800`aedbf000 fffff800`aeded000 cdrom cdrom.sys Thu Aug 22 10:46:35 2013 (5215CFEB)
fffff800`aeded000 fffff800`aedf5000 Beep Beep.SYS Thu Aug 22 13:40:24 2013 (5215F8A8)
fffff800`aee00000 fffff800`aee78000 NETIO NETIO.SYS Mon Nov 10 03:58:13 2014 (546029C5)
fffff800`aee78000 fffff800`aeea9000 ksecpkg ksecpkg.sys Mon Jan 12 04:01:17 2015 (54B338FD)
fffff800`aeea9000 fffff800`aeeb2000 Null Null.SYS Thu Aug 22 13:40:24 2013 (5215F8A8)
fffff800`aeeb2000 fffff800`af0ac000 Ntfs Ntfs.sys Sat Oct 11 02:35:55 2014 (54387B6B)
fffff800`af0ac000 fffff800`af0c8000 ksecdd ksecdd.sys Wed Oct 29 03:47:36 2014 (54505548)
fffff800`af0c8000 fffff800`af0d8000 pcw pcw.sys Thu Aug 22 10:46:34 2013 (5215CFEA)
fffff800`af0d8000 fffff800`af0e3000 Fs_Rec Fs_Rec.sys Thu Aug 22 10:46:33 2013 (5215CFE9)
fffff800`af0e3000 fffff800`af1fa000 ndis ndis.sys Tue Feb 03 01:03:15 2015 (54D01043)
fffff800`af200000 fffff800`af246000 rdyboost rdyboost.sys Sat Feb 22 13:13:40 2014 (53089474)
fffff800`af246000 fffff800`af25d000 mup mup.sys Thu Aug 22 13:40:28 2013 (5215F8AC)
fffff800`af25d000 fffff800`af26c000 intelpep intelpep.sys Wed Oct 15 08:29:44 2014 (543E1458)
fffff800`af26c000 fffff800`af281000 crashdmp crashdmp.sys Thu Aug 22 13:40:03 2013 (5215F893)
fffff800`af292000 fffff800`af4fe000 tcpip tcpip.sys Mon Nov 10 03:59:03 2014 (546029F7)
fffff800`af4fe000 fffff800`af56a000 fwpkclnt fwpkclnt.sys Mon Nov 10 03:57:40 2014 (546029A4)
fffff800`af56a000 fffff800`af58f000 wfplwfs wfplwfs.sys Mon Nov 10 03:57:28 2014 (54602998)
fffff800`af58f000 fffff800`af5de000 volsnap volsnap.sys Thu Jun 19 00:41:28 2014 (53A21598)
fffff800`af5de000 fffff800`af5fa000 disk disk.sys Thu Aug 22 13:39:47 2013 (5215F883)
fffff800`af814000 fffff800`af994000 dxgkrnl dxgkrnl.sys Wed Oct 29 03:46:45 2014 (54505515)
fffff800`af994000 fffff800`af9a6000 watchdog watchdog.sys Sat Feb 22 13:14:39 2014 (530894AF)
fffff800`afa00000 fffff800`afa18000 vwififlt vwififlt.sys Wed Apr 30 08:43:46 2014 (53609BA2)
fffff800`afa1e000 fffff800`afa81000 dxgmms1 dxgmms1.sys Wed Oct 29 03:46:30 2014 (54505506)
fffff800`afa81000 fffff800`afa93000 BasicDisplay BasicDisplay.sys Thu Aug 22 13:39:31 2013 (5215F873)
fffff800`afa93000 fffff800`afaa7000 Npfs Npfs.SYS Thu Aug 22 13:40:25 2013 (5215F8A9)
fffff800`afaa7000 fffff800`afab3000 Msfs Msfs.SYS Thu Aug 22 13:40:24 2013 (5215F8A8)
fffff800`afab3000 fffff800`afad3000 tdx tdx.sys Thu Aug 22 13:36:34 2013 (5215F7C2)
fffff800`afad3000 fffff800`afae1000 TDI TDI.SYS Thu Aug 22 13:39:01 2013 (5215F855)
fffff800`afae1000 fffff800`afb2d000 netbt netbt.sys Thu Aug 22 13:37:01 2013 (5215F7DD)
fffff800`afb2d000 fffff800`afbbf000 afd afd.sys Fri May 30 05:03:01 2014 (5387F4E5)
fffff800`afbbf000 fffff800`afbe9000 pacer pacer.sys Wed Oct 29 03:45:30 2014 (545054CA)
fffff800`afbe9000 fffff800`afbfa000 netbios netbios.sys Wed Oct 29 03:47:23 2014 (5450553B)
fffff800`afc00000 fffff800`afc6a000 usbhub usbhub.sys Thu Jul 24 13:45:29 2014 (53D0F1D9)
fffff800`afc8b000 fffff800`afcfb000 rdbss rdbss.sys Tue Dec 17 08:21:22 2013 (52AFFB72)
fffff800`afcfb000 fffff800`afd89000 csc csc.sys Wed Oct 29 03:46:49 2014 (54505519)
fffff800`afd89000 fffff800`afdaf000 VBoxUSBMon VBoxUSBMon.sys Mon Mar 02 15:18:55 2015 (54F4714F)
fffff800`afdaf000 fffff800`afde3000 rdpdr rdpdr.sys Thu Aug 22 13:36:46 2013 (5215F7CE)
fffff800`afe00000 fffff800`afe26000 dfsc dfsc.sys Thu Mar 06 10:22:50 2014 (53183E6A)
fffff800`afe37000 fffff800`afe40000 atkwmiacpi64 atkwmiacpi64.sys Tue Jul 02 10:35:32 2013 (51D290D4)
fffff800`afe40000 fffff800`afe57000 ahcache ahcache.sys Fri Dec 12 01:51:20 2014 (548A3C08)
fffff800`afe57000 fffff800`afe7f000 VBoxNetAdp VBoxNetAdp.sys Mon Mar 02 15:18:55 2015 (54F4714F)
fffff800`afe7f000 fffff800`afe8e000 CompositeBus CompositeBus.sys Thu Aug 22 13:38:48 2013 (5215F848)
fffff800`afe8e000 fffff800`afe99000 kdnic kdnic.sys Thu Aug 22 13:38:26 2013 (5215F832)
fffff800`afe99000 fffff800`afec4000 VBoxNetFlt VBoxNetFlt.sys Mon Mar 02 15:18:54 2015 (54F4714E)
fffff800`afec7000 fffff800`affac000 VBoxDrv VBoxDrv.sys Mon Mar 02 15:20:04 2015 (54F47194)
fffff800`affac000 fffff800`affba000 nsiproxy nsiproxy.sys Wed Oct 29 03:46:03 2014 (545054EB)
fffff800`affba000 fffff800`affc6000 npsvctrig npsvctrig.sys Thu Aug 22 13:38:22 2013 (5215F82E)
fffff800`affc6000 fffff800`affd2000 mssmbios mssmbios.sys Thu Aug 22 13:39:41 2013 (5215F87D)
fffff800`affd2000 fffff800`affdc000 HWiNFO64A HWiNFO64A.SYS Thu Oct 02 20:24:39 2014 (542D9867)
fffff800`affdc000 fffff800`affed000 umbus umbus.sys Thu Aug 22 13:38:59 2013 (5215F853)
fffff800`b0000000 fffff800`b006f000 USBPORT USBPORT.SYS Sat May 31 08:30:25 2014 (53897701)
fffff800`b006f000 fffff800`b00bd000 ks ks.sys Fri Jul 04 14:58:59 2014 (53B6A513)
fffff800`b00bd000 fffff800`b00c9000 USBD USBD.SYS Sat May 31 08:31:17 2014 (53897735)
fffff800`b00e5000 fffff800`b0b1d000 nvlddmkm nvlddmkm.sys Wed Apr 08 22:32:37 2015 (55259065)
fffff800`b0b1d000 fffff800`b0b72000 USBXHCI USBXHCI.SYS Tue Oct 07 07:00:56 2014 (54337388)
fffff800`b0b72000 fffff800`b0ba4000 ucx01000 ucx01000.sys Tue Oct 07 07:00:55 2014 (54337387)
fffff800`b0ba4000 fffff800`b0be1000 WUDFRd WUDFRd.sys Wed Oct 29 03:46:13 2014 (545054F5)
fffff800`b0be1000 fffff800`b0bef000 ScpVBus ScpVBus.sys Sun May 05 23:31:26 2013 (5186CFAE)
fffff800`b0bef000 fffff800`b0bfa000 rdpbus rdpbus.sys Thu Aug 22 13:38:52 2013 (5215F84C)
fffff800`b0c00000 fffff800`b0fb8000 igdkmd64 igdkmd64.sys Wed Apr 23 22:26:24 2014 (535821F0)
fffff800`b0fb8000 fffff800`b0fd1000 HDAudBus HDAudBus.sys Thu Jul 24 13:45:39 2014 (53D0F1E3)
fffff800`b0fd1000 fffff800`b0fd3880 AiCharger AiCharger.sys Fri Sep 23 04:04:40 2011 (4E7BE938)
fffff800`b0fd4000 fffff800`b0fec000 usbehci usbehci.sys Sat May 31 08:29:54 2014 (538976E2)
fffff800`b0fec000 fffff800`b0ffd480 WmXlCore WmXlCore.sys Tue Apr 27 22:09:26 2010 (4BD74476)
fffff800`b1000000 fffff800`b101e000 intelppm intelppm.sys Thu Aug 22 10:46:35 2013 (5215CFEB)
fffff800`b101e000 fffff800`b1026000 AsHIDSwitch64 AsHIDSwitch64.sys Tue Oct 08 03:45:17 2013 (525363AD)
fffff800`b1026000 fffff800`b1045000 HIDCLASS HIDCLASS.SYS Thu Mar 06 10:24:40 2014 (53183ED8)
fffff800`b1045000 fffff800`b104cf00 HIDPARSE HIDPARSE.SYS Thu Aug 22 13:40:26 2013 (5215F8AA)
fffff800`b104d000 fffff800`b105a000 nvvad64v nvvad64v.sys Thu Nov 20 16:33:54 2014 (546E09E2)
fffff800`b105a000 fffff800`b10a1000 portcls portcls.sys Wed Oct 29 03:46:35 2014 (5450550B)
fffff800`b10a1000 fffff800`b10bd000 drmk drmk.sys Wed Oct 29 03:47:38 2014 (5450554A)
fffff800`b10bd000 fffff800`b10c2300 ksthunk ksthunk.sys Thu Aug 22 13:39:31 2013 (5215F873)
fffff800`b10c3000 fffff800`b10c7d00 WmBEnum WmBEnum.sys Tue Apr 27 22:10:19 2010 (4BD744AB)
fffff800`b10cc000 fffff800`b144b000 NETwbw02 NETwbw02.sys Tue Jul 22 12:29:40 2014 (53CE3D14)
fffff800`b144b000 fffff800`b1458000 vwifibus vwifibus.sys Thu Aug 22 13:39:00 2013 (5215F854)
fffff800`b1458000 fffff800`b1527000 Rt630x64 Rt630x64.sys Tue Nov 26 08:32:54 2013 (52944EA6)
fffff800`b1527000 fffff800`b1546000 i8042prt i8042prt.sys Tue Nov 04 07:54:54 2014 (5458783E)
fffff800`b1546000 fffff800`b159e000 AsusTP AsusTP.sys Tue Jan 07 02:47:17 2014 (52CB5CA5)
fffff800`b159e000 fffff800`b15ae000 mouclass mouclass.sys Tue Nov 04 07:54:47 2014 (54587837)
fffff800`b15ae000 fffff800`b15c0000 kbdclass kbdclass.sys Tue Nov 04 07:54:54 2014 (5458783E)
fffff800`b15c0000 fffff800`b15ca000 kbldfltr kbldfltr.sys Thu Aug 22 13:38:37 2013 (5215F83D)
fffff800`b15ca000 fffff800`b15d0380 CmBatt CmBatt.sys Thu Aug 22 13:39:43 2013 (5215F87F)
fffff800`b15d1000 fffff800`b15dd000 BATTC BATTC.SYS Thu Aug 22 13:40:04 2013 (5215F894)
fffff800`b15dd000 fffff800`b15e7000 wmiacpi wmiacpi.sys Thu Aug 22 13:40:04 2013 (5215F894)
fffff800`b15e7000 fffff800`b15f2000 NdisVirtualBus NdisVirtualBus.sys Thu Aug 22 13:36:25 2013 (5215F7B9)
fffff800`b15f2000 fffff800`b15f3600 swenum swenum.sys Wed Oct 29 03:47:41 2014 (5450554D)
fffff800`b15f4000 fffff800`b1600000 iwdbus iwdbus.sys Thu Mar 13 22:59:14 2014 (53222A32)
fffff800`b1600000 fffff800`b16a9000 peauth peauth.sys Sat Feb 22 13:09:37 2014 (53089381)
fffff800`b16ae000 fffff800`b1721000 IntcDAud IntcDAud.sys Fri Feb 21 14:50:26 2014 (530759A2)
fffff800`b1721000 fffff800`b1799000 UsbHub3 UsbHub3.sys Wed Oct 08 09:32:50 2014 (5434E8A2)
fffff800`b1799000 fffff800`b17b6000 Ndu Ndu.sys Wed Oct 29 03:45:16 2014 (545054BC)
fffff800`b17b6000 fffff800`b17f9000 srvnet srvnet.sys Fri Jun 27 08:22:21 2014 (53AD0D9D)
fffff800`b1806000 fffff800`b1c2a900 RTKVHD64 RTKVHD64.sys Wed Dec 10 08:53:17 2014 (5487FBED)
fffff800`b1c2b000 fffff800`b1c52000 usbccgp usbccgp.sys Thu Jul 24 13:44:51 2014 (53D0F1B3)
fffff800`b1c52000 fffff800`b1c85f00 usbvideo usbvideo.sys Sat Jun 21 09:33:39 2014 (53A53553)
fffff800`b1c86000 fffff800`b1cd9000 RtsUVStor RtsUVStor.sys Tue Jul 09 08:33:53 2013 (51DBAED1)
fffff800`b1cd9000 fffff800`b1cf2000 BTHUSB BTHUSB.sys Wed Oct 29 03:46:16 2014 (545054F8)
fffff800`b1cf2000 fffff800`b1dec000 HTTP HTTP.sys Tue Feb 24 01:40:28 2015 (54EBC87C)
fffff800`b1e00000 fffff800`b1e6d000 mrxsmb mrxsmb.sys Wed Oct 08 09:32:08 2014 (5434E878)
fffff800`b1e6d000 fffff800`b1ea5000 mrxsmb20 mrxsmb20.sys Sat Sep 27 06:59:28 2014 (54264430)
fffff800`b1ea5000 fffff800`b1eb5000 condrv condrv.sys Thu Aug 22 13:40:17 2013 (5215F8A1)
fffff800`b1eb5000 fffff800`b1ece000 IntelHaxm IntelHaxm.sys Tue Nov 18 08:02:14 2014 (546AEEF6)
fffff800`b1ece000 fffff800`b1ee0000 tcpipreg tcpipreg.sys Thu Mar 06 10:19:59 2014 (53183DBF)
fffff800`b1ee2000 fffff800`b200d000 bthport bthport.sys Wed Oct 29 03:45:37 2014 (545054D1)
fffff800`b200d000 fffff800`b2019000 dump_diskdump dump_diskdump.sys Thu Aug 22 13:40:18 2013 (5215F8A2)
fffff800`b2019000 fffff800`b2036000 dump_storahci dump_storahci.sys Thu Aug 22 13:40:39 2013 (5215F8B7)
fffff800`b2036000 fffff800`b204c000 dump_dumpfve dump_dumpfve.sys Sat Feb 22 13:14:48 2014 (530894B8)
fffff800`b204c000 fffff800`b205a000 hidusb hidusb.sys Thu Mar 06 10:24:14 2014 (53183EBE)
fffff800`b205a000 fffff800`b2067000 mouhid mouhid.sys Tue Nov 04 07:54:47 2014 (54587837)
fffff800`b2067000 fffff800`b2075000 kbdhid kbdhid.sys Tue Nov 04 07:54:47 2014 (54587837)
fffff800`b2075000 fffff800`b2083000 monitor monitor.sys Thu Aug 22 13:36:37 2013 (5215F7C5)
fffff800`b2083000 fffff800`b20a7000 luafv luafv.sys Sat Feb 22 13:14:25 2014 (530894A1)
fffff800`b20a7000 fffff800`b20bb000 lltdio lltdio.sys Thu Aug 22 13:36:18 2013 (5215F7B2)
fffff800`b20bb000 fffff800`b212f000 nwifi nwifi.sys Wed Oct 29 03:45:41 2014 (545054D5)
fffff800`b212f000 fffff800`b2143000 ndisuio ndisuio.sys Thu Aug 22 13:37:34 2013 (5215F7FE)
fffff800`b2143000 fffff800`b215b000 rspndr rspndr.sys Thu Aug 22 13:36:34 2013 (5215F7C2)
fffff800`b215b000 fffff800`b2163000 ASMMAP64 ASMMAP64.sys Thu Jul 02 11:13:26 2009 (4A4C7A36)
fffff800`b2163000 fffff800`b2183000 bowser bowser.sys Thu Aug 22 13:38:38 2013 (5215F83E)
fffff800`b2183000 fffff800`b219a000 mpsdrv mpsdrv.sys Wed Oct 29 03:45:31 2014 (545054CB)
fffff800`b219a000 fffff800`b21e5000 mrxsmb10 mrxsmb10.sys Thu Mar 06 10:19:36 2014 (53183DA8)
fffff800`b21e5000 fffff800`b21f1000 npf npf.sys Fri Mar 01 02:31:24 2013 (513004EC)
fffff800`b21f1000 fffff800`b21fc000 secdrv secdrv.SYS Wed Sep 13 15:18:38 2006 (4508052E)
fffff800`b2400000 fffff800`b2416000 mslldp mslldp.sys Wed Oct 29 03:45:39 2014 (545054D3)
fffff800`b2416000 fffff800`b2437000 WudfPf WudfPf.sys Wed Oct 29 03:46:27 2014 (54505503)
fffff800`b2437000 fffff800`b2442000 rdpvideominiport rdpvideominiport.sys Wed Oct 29 03:47:25 2014 (5450553D)
fffff800`b2442000 fffff800`b244d000 WSDScan WSDScan.sys Wed Oct 29 03:47:48 2014 (54505554)
fffff800`b244d000 fffff800`b2458000 WSDPrint WSDPrint.sys Thu Aug 22 13:39:58 2013 (5215F88E)
fffff800`b2458000 fffff800`b2462000 NvStreamKms NvStreamKms.sys Tue Mar 17 07:19:52 2015 (5507C788)
fffff800`b2463000 fffff800`b2510000 srv2 srv2.sys Wed Oct 08 09:33:30 2014 (5434E8CA)
fffff800`b2510000 fffff800`b259e000 srv srv.sys Thu Jul 24 13:43:27 2014 (53D0F15F)
fffff800`b259e000 fffff800`b25cb000 tunnel tunnel.sys Thu Aug 22 13:35:45 2013 (5215F791)
fffff800`b25cb000 fffff800`b25da000 vwifimp vwifimp.sys Wed Apr 30 08:41:59 2014 (53609B37)
fffff800`b25da000 fffff800`b25f9000 WdNisDrv WdNisDrv.sys Fri Jan 30 11:21:48 2015 (54CB5B3C)
fffff802`8c152000 fffff802`8c15b000 kd kd.dll Thu Aug 22 13:40:43 2013 (5215F8BB)
fffff802`8ce0e000 fffff802`8d5a2000 nt ntkrnlmp.exe Sun Mar 22 23:26:46 2015 (550F41A6)
fffff802`8d5a2000 fffff802`8d612000 hal hal.dll Mon Jun 02 00:49:12 2014 (538BADE8)
fffff960`0001d000 fffff960`00433000 win32k win32k.sys Thu Feb 26 00:26:26 2015 (54EE5A22)
fffff960`00727000 fffff960`00730000 TSDDD TSDDD.dll unavailable (00000000)
fffff960`0088b000 fffff960`008c5000 cdd cdd.dll unavailable (00000000)
Unloaded modules:
fffff800`af281000 fffff800`af28d000 dump_storpor
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
fffff800`aed8c000 fffff800`aeda9000 dump_storahc
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0001D000
fffff800`aeda9000 fffff800`aedbf000 dump_dumpfve
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00016000
fffff800`b0ba4000 fffff800`b0be1000 WUDFRd.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0003D000
fffff800`afe26000 fffff800`afe37000 dam.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00011000
fffff800`ae98d000 fffff800`ae99b000 WdBoot.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff800`af26c000 fffff800`af278000 hwpolicy.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000